rubygems · martinemde · Jul 19, 2024 · Aug 31, 2024 · Aug 31, 2024 · Aug 31, 2024
diff --git a/app/assets/stylesheets/tailwind.deprecated.css b/app/assets/stylesheets/tailwind.deprecated.css
diff --git a/app/helpers/rubygems_helper.rb b/app/helpers/rubygems_helper.rb
@@ -139,6 +139,13 @@ def links_to_owners_without_mfa(rubygem)
     rubygem.owners.without_mfa.sort_by(&:id).inject("") { |link, owner| link << link_to_user(owner) }.html_safe
   end
 
+  def link_to_owner(owner, show_mfa_status: false)
+    link_text = avatar(32, "gravatar-#{owner.id}", owner, class: "tw-rounded-full tw-mr-1")
+    link_text << " #{owner.display_handle}"
+    link_text << " *" if show_mfa_status && owner.mfa_disabled?
+    link_to(link_text.html_safe, profile_path(owner.display_id), class: "t-link tw-flex tw-items-center")
+  end
+
   def link_to_user(user)
     link_to avatar(48, "gravatar-#{user.id}", user), profile_path(user.display_id),
       alt: user.display_handle, title: user.display_handle

diff --git a/app/javascript/src/pages.js b/app/javascript/src/pages.js
@@ -6,13 +6,3 @@ $(function() {
     $(this).animate({ width: $(this).data("bar-width") + '%' }, 700).removeClass('t-item--hidden').css("display", "block");
   });
 });
-
-//gem page
-$(function() {
-  $('.gem__users__mfa-text.mfa-warn').on('click', function() {
-    $('.gem__users__mfa-text.mfa-warn').toggleClass('t-item--hidden');
-
-    $owners = $('.gem__users__mfa-disabled');
-    $owners.toggleClass('t-item--hidden');
-  });
-});
diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb
@@ -61,4 +61,8 @@ def show_events?
   def show_unconfirmed_ownerships?
     rubygem_owned_by?(user)
   end
+
+  def show_owner_mfa_status?
+    rubygem_owned_by?(user)
+  end
 end
diff --git a/app/views/rubygems/_gem_members.html.erb b/app/views/rubygems/_gem_members.html.erb
@@ -1,28 +1,21 @@
 <div class="gem__members">
   <% if rubygem.owners.present? %>
+    <% show_mfa_status = policy(rubygem).show_owner_mfa_status? %>
+
     <h3 class="t-list__heading"><%= t '.owners_header' %>:</h3>
-    <div class="gem__users">
-      <%= links_to_owners(rubygem) %>
-    </div>
+    <ul class="tw-my-3">
+      <% rubygem.owners.sort_by(&:id).each do |owner| %>
+        <li><%= link_to_owner(owner, show_mfa_status:) %></li>
+      <% end %>
+    </ul>
 
-    <% if  rubygem.owned_by?(current_user) %>
+    <% if show_mfa_status %>
       <% if rubygem.owners.without_mfa.present? %>
-        <% if current_user.mfa_disabled? %>
-          <span class="gem__users__mfa-text mfa-warn">
-            <%= t '.self_no_mfa_warning_html' %>
-          </span>
-        <% else %>
-          <span class="gem__users__mfa-text mfa-warn"><%= t '.not_using_mfa_warning_show' %></span>
-        <% end %>
-
-        <div class="gem__users__mfa-disabled t-item--hidden">
-          <span class="gem__users__mfa-text mfa-warn t-item--hidden"><%= t '.not_using_mfa_warning_hide' %></span>
-          <div class="gem__users">
-            <%= links_to_owners_without_mfa(rubygem) %>
-          </div>
-        </div>
+        <span class="tw-my-2 gem__users__mfa-text mfa-warn">
+          <%= current_user.mfa_disabled? ? t(".self_no_mfa_warning_html") : t(".not_using_mfa_warning") %>
+        </span>
       <% else %>
-          <span class="gem__users__mfa-text mfa-info"><%= t '.using_mfa_info' %></span>
+        <span class="gem__users__mfa-text mfa-info"><%= t '.using_mfa_info' %></span>
       <% end %>
     <% end %>
   <% end %>

diff --git a/config/locales/de.yml b/config/locales/de.yml
@@ -760,8 +760,7 @@ de:
     gem_members:
       authors_header: Autoren
       self_no_mfa_warning_html:
-      not_using_mfa_warning_show:
-      not_using_mfa_warning_hide:
+      not_using_mfa_warning:
       owners_header: Besitzer
       pushed_by:
       using_mfa_info:

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -673,11 +673,10 @@ en:
     gem_members:
       authors_header: Authors
       self_no_mfa_warning_html: Please consider <a href="/settings/edit">enabling multi-factor authentication (MFA)</a> to keep your account secure.
-      not_using_mfa_warning_show: "* Some owners are not using multi-factor authentication (MFA). Click for the complete list."
-      not_using_mfa_warning_hide: "* The following owners are not using multi-factor authentication (MFA). Click to hide."
+      not_using_mfa_warning: "* Some owners are not using multi-factor authentication (MFA)."
       owners_header: Owners
       pushed_by: Pushed by
-      using_mfa_info: "* All owners are using multi-factor authentication (MFA)."
+      using_mfa_info: "All owners are using multi-factor authentication (MFA)."
       yanked_by: Yanked by
       sha_256_checksum: SHA 256 checksum
       signature_period: Signature validity period

diff --git a/config/locales/es.yml b/config/locales/es.yml
@@ -772,10 +772,7 @@ es:
       authors_header: Autores
       self_no_mfa_warning_html: Considera por favor <a href="/settings/edit">activar
         la autenticación de múltiples factores (AMF)</a> para mantener tu cuenta segura.
-      not_using_mfa_warning_show: "* Algunos propietarios no están usando AMF. Haga
-        click para ver la lista completa."
-      not_using_mfa_warning_hide: "* Los siguientes propietarios no están usando AMF.
-        Haga click para ocultar."
+      not_using_mfa_warning: "* Algunos propietarios no están usando AMF."
       owners_header: Propietarios
       pushed_by: Subida por
       using_mfa_info: "* Todos los propietarios están usando AMF."

diff --git a/config/locales/fr.yml b/config/locales/fr.yml
@@ -697,8 +697,7 @@ fr:
     gem_members:
       authors_header: Auteurs
       self_no_mfa_warning_html:
-      not_using_mfa_warning_show:
-      not_using_mfa_warning_hide:
+      not_using_mfa_warning:
       owners_header: Propriétaires
       pushed_by:
       using_mfa_info:

diff --git a/config/locales/ja.yml b/config/locales/ja.yml
@@ -667,8 +667,7 @@ ja:
       authors_header: 作者
       self_no_mfa_warning_html: アカウントをセキュアに保つため、<a href="/settings/edit">多要素認証 (MFA)
         の有効化</a>をご検討ください。
-      not_using_mfa_warning_show: 多要素認証 (MFA) を使っていない所有者がいます。完全な一覧を見るにはクリックしてください。
-      not_using_mfa_warning_hide: "* 以下の所有者は多要素認証 (MFA) を使っていません。クリックして隠します。"
+      not_using_mfa_warning: 多要素認証 (MFA) を使っていない所有者がいます。
       owners_header: 所有者
       pushed_by: プッシュ者
       using_mfa_info: "* 全ての所有者が多要素認証 (MFA) を使っています。"

diff --git a/config/locales/nl.yml b/config/locales/nl.yml
@@ -665,8 +665,7 @@ nl:
     gem_members:
       authors_header:
       self_no_mfa_warning_html:
-      not_using_mfa_warning_show:
-      not_using_mfa_warning_hide:
+      not_using_mfa_warning:
       owners_header: Eigenaren
       pushed_by:
       using_mfa_info:

diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml
@@ -676,10 +676,7 @@ pt-BR:
     gem_members:
       authors_header: Autores
       self_no_mfa_warning_html:
-      not_using_mfa_warning_show: "* Alguns donos não estão usando MFA. Clique para
-        a lista completa."
-      not_using_mfa_warning_hide: "* Os seguintes donos não estão usando MFA. Clique
-        para esconder."
+      not_using_mfa_warning: "* Alguns donos não estão usando MFA."
       owners_header: Donos
       pushed_by:
       using_mfa_info: "* Todos os donos estão usando MFA."

diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
@@ -673,8 +673,7 @@ zh-CN:
     gem_members:
       authors_header: 作者
       self_no_mfa_warning_html: 请考虑 <a href="/settings/edit">启用多因素身份验证（MFA）</a> 来保障您的帐户安全。
-      not_using_mfa_warning_show: "* 一些业主当前还没有使用多因素验证（MFA）。请点击查看完整列表。"
-      not_using_mfa_warning_hide: "* 以下业主还未使用多因素验证（MFA）。点击隐藏。"
+      not_using_mfa_warning: "* 一些业主当前还没有使用多因素验证（MFA）。"
       owners_header: 业主
       pushed_by: 推送
       using_mfa_info: "* 所有业主都已使用多因素验证（MFA）。"

diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml
@@ -667,8 +667,7 @@ zh-TW:
     gem_members:
       authors_header: 作者
       self_no_mfa_warning_html:
-      not_using_mfa_warning_show: "* 某些擁有者未使用多重要素驗證 (MFA)。點擊此處以顯示完整名單。"
-      not_using_mfa_warning_hide: "* 下列擁有者未使用多重要素驗證 (MFA)。點擊此處以隱藏。"
+      not_using_mfa_warning: "* 某些擁有者未使用多重要素驗證 (MFA)。"
       owners_header: 擁有者
       pushed_by: 推送者
       using_mfa_info: "* 擁有者皆使用多重要素驗證 (MFA)。"

diff --git a/test/integration/api/v1/owner_test.rb b/test/integration/api/v1/owner_test.rb
@@ -29,8 +29,8 @@ class Api::V1::OwnerTest < ActionDispatch::IntegrationTest
 
     get rubygem_path(@rubygem.slug)
 
-    assert page.has_selector?("a[alt='#{@user.handle}']")
-    assert page.has_selector?("a[alt='#{@other_user.handle}']")
+    page.assert_selector("div.gem__members a", text: @user.handle)
+    page.assert_selector("div.gem__members a", text: @other_user.handle)
   end
 
   test "removing an owner" do
@@ -41,8 +41,8 @@ class Api::V1::OwnerTest < ActionDispatch::IntegrationTest
 
     get rubygem_path(@rubygem.slug)
 
-    assert page.has_selector?("a[alt='#{@user.handle}']")
-    refute page.has_selector?("a[alt='#{@other_user.handle}']")
+    page.assert_selector("div.gem__members a", text: @user.handle)
+    page.assert_no_selector("div.gem__members a", text: @other_user.handle)
   end
 
   test "transferring ownership" do
@@ -54,8 +54,8 @@ class Api::V1::OwnerTest < ActionDispatch::IntegrationTest
 
     get rubygem_path(@rubygem.slug)
 
-    refute page.has_selector?("a[alt='#{@user.handle}']")
-    assert page.has_selector?("a[alt='#{@other_user.handle}']")
+    page.assert_no_selector("div.gem__members a", text: @user.handle)
+    page.assert_selector("div.gem__members a", text: @other_user.handle)
   end
 
   test "adding ownership without permission" do

diff --git a/test/integration/gems_test.rb b/test/integration/gems_test.rb
@@ -114,7 +114,6 @@ class GemsSystemTest < SystemTest
 
     visit rubygem_path(@rubygem.slug, as: @user.id)
 
-    assert page.has_selector?(".gem__users__mfa-disabled .gem__users a")
     assert page.has_content? "Please consider enabling multi-factor"
   end
 
@@ -127,7 +126,6 @@ class GemsSystemTest < SystemTest
 
     visit rubygem_path(@rubygem.slug, as: @user.id)
 
-    assert page.has_selector?(".gem__users__mfa-disabled .gem__users a")
     assert page.has_selector?(".gem__users__mfa-text.mfa-warn")
   end
 

diff --git a/test/integration/push_test.rb b/test/integration/push_test.rb
@@ -24,9 +24,7 @@ class PushTest < ActionDispatch::IntegrationTest
     assert page.has_content?("1.0.0")
     assert page.has_content?("Pushed by")
 
-    css = %(div.gem__users a[alt=#{@user.handle}])
-
-    assert page.has_css?(css, count: 2)
+    assert_selector("div.gem__members a", text: @user.handle)
 
     assert_equal Digest::MD5.hexdigest(<<~INFO), Rubygem.find_by!(name: "sandworm").versions.sole.info_checksum
       ---

diff --git a/test/integration/yank_test.rb b/test/integration/yank_test.rb
@@ -42,9 +42,7 @@ class YankTest < SystemTest
 
     assert page.has_content?("Yanked by")
 
-    css = %(div.gem__users a[alt=#{@user.handle}])
-
-    assert page.has_css?(css, count: 3)
+    assert_selector("div.gem__members a", text: @user.handle)
 
     assert_event Events::RubygemEvent::VERSION_YANKED, {
       number: "2.2.2",

diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb
@@ -95,4 +95,12 @@ def policy!(user)
       refute_authorized nil, :show_unconfirmed_ownerships?
     end
   end
+
+  context "#show_owner_mfa_status?" do
+    should "only allow the owner" do
+      assert_authorized @owner, :show_owner_mfa_status?
+      refute_authorized @user, :show_owner_mfa_status?
+      refute_authorized nil, :show_owner_mfa_status?
+    end
+  end
 end