From ee6959bb8e5462dd300c80958a0709aa3e2be11a Mon Sep 17 00:00:00 2001 From: Duncan Date: Tue, 30 Jul 2024 06:44:05 +0200 Subject: [PATCH 01/21] basic auto-login and redirect --- app/controllers/sessions_controller.rb | 10 ++++++++++ config/routes.rb | 3 +++ 2 files changed, 13 insertions(+) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 967a6c9e1e..fe58f13f1e 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -8,6 +8,16 @@ class SessionsController < Devise::SessionsController # Make sure this happens always before any before_action protect_from_forgery with: :exception, prepend: true + def auto_login + user = Person.order("RAND()").first.user + if user && !EnvConfig.WCA_LIVE_SITE? + sign_in(user) + redirect_to competition_register_path('SpeedySouthport2024'), notice: "Logged in automatically as #{user.wca_id}" + else + redirect_to auto_login_path, alert: "That didn't work - retrying with a different account" + end + end + def new super # Remove any lingering user data from previous login attempt diff --git a/config/routes.rb b/config/routes.rb index 7f7c05a5b0..a732af266d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -27,6 +27,7 @@ # https://github.com/plataformatec/devise/wiki/How-To:-Disable-user-from-destroying-their-account devise_for :users, skip: :registrations, controllers: { sessions: "sessions" } devise_scope :user do + get 'auto_login', to: 'sessions#auto_login' unless EnvConfig.WCA_LIVE_SITE? resource :registration, only: [:new, :create], path: 'users', @@ -39,6 +40,8 @@ post 'users/authenticate-sensitive' => 'users#authenticate_user_for_sensitive_edit' delete 'users/sign-out-other' => 'sessions#destroy_other', as: :destroy_other_user_sessions end + + # TODO: This can be removed after deployment, this is so we don't have any users error out if they click on pay # while the deployment happens get 'registration/:id/payment-completion' => 'registrations#payment_completion_legacy', as: :registration_payment_completion_legacy From 6cae4c0afc06203121ea994a9eab0b03fc38468f Mon Sep 17 00:00:00 2001 From: Duncan Date: Tue, 30 Jul 2024 06:49:09 +0200 Subject: [PATCH 02/21] return if live site --- app/controllers/sessions_controller.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index fe58f13f1e..e4d9527b21 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -9,6 +9,7 @@ class SessionsController < Devise::SessionsController protect_from_forgery with: :exception, prepend: true def auto_login + return if EnvConfig.WCA_LIVE_SITE? user = Person.order("RAND()").first.user if user && !EnvConfig.WCA_LIVE_SITE? sign_in(user) From 10cba5e308850b26f8a6f43badce0d24cea539ef Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 11:21:48 +0200 Subject: [PATCH 03/21] working oauth login --- app/controllers/sessions_controller.rb | 39 ++++++++++++++++++++++++-- config/routes.rb | 2 +- 2 files changed, 37 insertions(+), 4 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index e4d9527b21..23ac80d862 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -8,10 +8,43 @@ class SessionsController < Devise::SessionsController # Make sure this happens always before any before_action protect_from_forgery with: :exception, prepend: true - def auto_login + def staging_oauth_login return if EnvConfig.WCA_LIVE_SITE? - user = Person.order("RAND()").first.user - if user && !EnvConfig.WCA_LIVE_SITE? + + client = OAuth2::Client.new("example-application-id", "example-secret", + :site => "https://staging.worldcubeassociation.org") + redirect_uri = "http://localhost:3000/staging_login" + + return redirect_to client.auth_code.authorize_url( + :redirect_uri => redirect_uri), allow_other_host: true unless params[:code].present? + + access_token = client.auth_code.get_token( + params[:code], :redirect_uri => redirect_uri).token + + # Get /me to figure out which user we are + connection = Faraday.new( + url: "https://staging.worldcubeassociation.org", + headers: { + 'Authorization' => "Bearer #{access_token}", + 'Content-Type' => 'application/json', + }, + ) do |builder| + # Sets headers and parses jsons automatically + builder.request :json + builder.response :json + + # Raises an error on 4xx and 5xx responses. + builder.response :raise_error + + # Logs requests and responses. + # By default, it only logs the request method and URL, and the request/response headers. + builder.response :logger, ::Logger.new($stdout), bodies: true if Rails.env.development? + end + + results = connection.get("/api/v0/me").body + + user = User.find(results["me"]["id"]) + if user sign_in(user) redirect_to competition_register_path('SpeedySouthport2024'), notice: "Logged in automatically as #{user.wca_id}" else diff --git a/config/routes.rb b/config/routes.rb index a732af266d..1db76192d2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -27,7 +27,7 @@ # https://github.com/plataformatec/devise/wiki/How-To:-Disable-user-from-destroying-their-account devise_for :users, skip: :registrations, controllers: { sessions: "sessions" } devise_scope :user do - get 'auto_login', to: 'sessions#auto_login' unless EnvConfig.WCA_LIVE_SITE? + get 'staging_login', to: 'sessions#staging_oauth_login' unless EnvConfig.WCA_LIVE_SITE? resource :registration, only: [:new, :create], path: 'users', From 007bc67d9fc442ac0d6ad6de5d3d0062752be431 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 11:57:06 +0200 Subject: [PATCH 04/21] save in EnvConfig --- .env.development | 3 +++ .env.test | 3 +++ app/controllers/sessions_controller.rb | 10 +++++----- app_secrets.rb | 8 ++++++++ env_config.rb | 5 +++++ 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/.env.development b/.env.development index 85e81807e2..910785e85c 100644 --- a/.env.development +++ b/.env.development @@ -30,3 +30,6 @@ OIDC_SECRET_KEY=oidc-development-secret PAYPAL_BASE_URL=https://api-m.sandbox.paypal.com WCA_REGISTRATIONS_URL=http://localhost:8000 WCA_REGISTRATIONS_BACKEND_URL=http://wca_registration_handler:3000 +STAGING_OAUTH_URL=https://staging.worldcubeassociation.org +STAGING_OAUTH_CLIENT=example-application-id +STAGING_OAUTH_SECRET=example-secret diff --git a/.env.test b/.env.test index dd3ee973cf..1fa573efcf 100644 --- a/.env.test +++ b/.env.test @@ -29,3 +29,6 @@ PAYPAL_CLIENT_SECRET=EIknLp919Gbuj2CYmEWECyKH5HwJTWQNuqFuCr1qFMrGNzwkF8dD0VkwzwI PAYPAL_ATTRIBUTION_CODE=FLAVORsb-noyt529176316_MP PAYPAL_BASE_URL=https://api-m.sandbox.paypal.com WCA_REGISTRATIONS_BACKEND_URL=http://wca_registration_handler:3000 +STAGING_OAUTH_URL=https://staging.worldcubeassociation.org +STAGING_OAUTH_CLIENT=example-application-id +STAGING_OAUTH_SECRET=example-secret diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 23ac80d862..ba944b74a3 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -11,9 +11,9 @@ class SessionsController < Devise::SessionsController def staging_oauth_login return if EnvConfig.WCA_LIVE_SITE? - client = OAuth2::Client.new("example-application-id", "example-secret", - :site => "https://staging.worldcubeassociation.org") - redirect_uri = "http://localhost:3000/staging_login" + client = OAuth2::Client.new(AppSecrets.STAGING_OAUTH_CLIENT, AppSecrets.STAGING_OAUTH_SECRET, + :site => EnvConfig.STAGING_OAUTH_URL) + redirect_uri = "#{root_url}/staging_login" return redirect_to client.auth_code.authorize_url( :redirect_uri => redirect_uri), allow_other_host: true unless params[:code].present? @@ -23,7 +23,7 @@ def staging_oauth_login # Get /me to figure out which user we are connection = Faraday.new( - url: "https://staging.worldcubeassociation.org", + url: EnvConfig.STAGING_OAUTH_URL, headers: { 'Authorization' => "Bearer #{access_token}", 'Content-Type' => 'application/json', @@ -48,7 +48,7 @@ def staging_oauth_login sign_in(user) redirect_to competition_register_path('SpeedySouthport2024'), notice: "Logged in automatically as #{user.wca_id}" else - redirect_to auto_login_path, alert: "That didn't work - retrying with a different account" + redirect_to root_url, alert: "Couldn't find your user" end end diff --git a/app_secrets.rb b/app_secrets.rb index 269a243ffa..906c68b57e 100644 --- a/app_secrets.rb +++ b/app_secrets.rb @@ -80,6 +80,12 @@ def vault_file(secret_name, file_path, refresh: true) vault :OIDC_SECRET_KEY vault :SLACK_WST_BOT_TOKEN vault :TNOODLE_PUBLIC_KEY + + # To allow logging in to staging with your prod account + unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("WCA_LIVE_SITE", false)) + vault :STAGING_OAUTH_CLIENT, :string + vault :STAGING_OAUTH_SECRET, :string + end else mandatory :DATABASE_PASSWORD, :string mandatory :GOOGLE_MAPS_API_KEY, :string @@ -96,6 +102,8 @@ def vault_file(secret_name, file_path, refresh: true) mandatory :STRIPE_PUBLISHABLE_KEY, :string mandatory :JWT_KEY, :string mandatory :OIDC_SECRET_KEY, :string + mandatory :STAGING_OAUTH_CLIENT, :string + mandatory :STAGING_OAUTH_SECRET, :string optional :AWS_ACCESS_KEY_ID, :string, '' optional :AWS_SECRET_ACCESS_KEY, :string, '' diff --git a/env_config.rb b/env_config.rb index 920dbcab13..17a90d0d3a 100644 --- a/env_config.rb +++ b/env_config.rb @@ -78,4 +78,9 @@ # For server status optional :BUILD_TAG, :string, "local" + + # To allow logging in to staging with your prod account + unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("WCA_LIVE_SITE", false)) + mandatory :STAGING_OAUTH_URL, :string + end end From 0c2448678b55ae37047ff18787f7a4b28f00e1eb Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 13:45:16 +0200 Subject: [PATCH 05/21] add STAGING_OAUTH_URL to Staging ENV --- infra/wca_on_rails/staging/main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infra/wca_on_rails/staging/main.tf b/infra/wca_on_rails/staging/main.tf index bf4a6d8d5d..940637930c 100644 --- a/infra/wca_on_rails/staging/main.tf +++ b/infra/wca_on_rails/staging/main.tf @@ -32,6 +32,10 @@ locals { name = "SIDEKIQ_REDIS_URL" value = "redis://redis-main-staging-001.iebvzt.0001.usw2.cache.amazonaws.com:6379" }, + { + name = "STAGING_OAUTH_URL" + value = "https://www.worldcubeassociation.org" + }, { name = "STORAGE_AWS_BUCKET" value = aws_s3_bucket.storage-bucket.id From 06fc38f21571fba4860e3ee611779ffaa216b659 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 15:10:58 +0200 Subject: [PATCH 06/21] run rubocop --- app/controllers/sessions_controller.rb | 12 ++++++++---- config/routes.rb | 1 - 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index ba944b74a3..4731afb838 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,14 +12,18 @@ def staging_oauth_login return if EnvConfig.WCA_LIVE_SITE? client = OAuth2::Client.new(AppSecrets.STAGING_OAUTH_CLIENT, AppSecrets.STAGING_OAUTH_SECRET, - :site => EnvConfig.STAGING_OAUTH_URL) + site: EnvConfig.STAGING_OAUTH_URL) redirect_uri = "#{root_url}/staging_login" - return redirect_to client.auth_code.authorize_url( - :redirect_uri => redirect_uri), allow_other_host: true unless params[:code].present? + unless params[:code].present? + return redirect_to client.auth_code.authorize_url( + redirect_uri: redirect_uri, + ), allow_other_host: true + end access_token = client.auth_code.get_token( - params[:code], :redirect_uri => redirect_uri).token + params[:code], redirect_uri: redirect_uri + ).token # Get /me to figure out which user we are connection = Faraday.new( diff --git a/config/routes.rb b/config/routes.rb index 1db76192d2..4b96ca5437 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -41,7 +41,6 @@ delete 'users/sign-out-other' => 'sessions#destroy_other', as: :destroy_other_user_sessions end - # TODO: This can be removed after deployment, this is so we don't have any users error out if they click on pay # while the deployment happens get 'registration/:id/payment-completion' => 'registrations#payment_completion_legacy', as: :registration_payment_completion_legacy From fd84af817621862169e1d6d744b76bc9dcba01eb Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 15:44:56 +0200 Subject: [PATCH 07/21] add button to login page --- app/controllers/sessions_controller.rb | 4 ++-- app/views/devise/sessions/new.html.erb | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 4731afb838..a05e02b92c 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -13,7 +13,7 @@ def staging_oauth_login client = OAuth2::Client.new(AppSecrets.STAGING_OAUTH_CLIENT, AppSecrets.STAGING_OAUTH_SECRET, site: EnvConfig.STAGING_OAUTH_URL) - redirect_uri = "#{root_url}/staging_login" + redirect_uri = staging_login_url unless params[:code].present? return redirect_to client.auth_code.authorize_url( @@ -50,7 +50,7 @@ def staging_oauth_login user = User.find(results["me"]["id"]) if user sign_in(user) - redirect_to competition_register_path('SpeedySouthport2024'), notice: "Logged in automatically as #{user.wca_id}" + redirect_to root_url, notice: "Successfully logged in as #{user.wca_id}" else redirect_to root_url, alert: "Couldn't find your user" end diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 7ef06c6106..7f793f63a2 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -40,6 +40,12 @@ <%= f.submit t('devise.sessions.new.sign_in'), class: "btn btn-primary", tabindex: "3" %> <%= t 'wca.devise.no_account' %> <%= link_to t('devise.shared.links.sign_up'), new_user_registration_path %>! <% end %> + <% unless EnvConfig.WCA_LIVE_SITE? %> +
+ or
+ +
+ <% end %> <% end %> From 2c13cb9eeb9506769d65cd3512275efe65c56962 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Tue, 30 Jul 2024 18:05:03 +0200 Subject: [PATCH 08/21] correctly set vault secrets --- app_secrets.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app_secrets.rb b/app_secrets.rb index 906c68b57e..9a9b51390a 100644 --- a/app_secrets.rb +++ b/app_secrets.rb @@ -83,8 +83,8 @@ def vault_file(secret_name, file_path, refresh: true) # To allow logging in to staging with your prod account unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("WCA_LIVE_SITE", false)) - vault :STAGING_OAUTH_CLIENT, :string - vault :STAGING_OAUTH_SECRET, :string + vault :STAGING_OAUTH_CLIENT + vault :STAGING_OAUTH_SECRET end else mandatory :DATABASE_PASSWORD, :string From 8a2ada649a84dea03a6e63becd71316dee0bb216 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Wed, 31 Jul 2024 21:32:25 +0200 Subject: [PATCH 09/21] env config review fixes --- app_secrets.rb | 2 +- env_config.rb | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/app_secrets.rb b/app_secrets.rb index 9a9b51390a..23abce1c50 100644 --- a/app_secrets.rb +++ b/app_secrets.rb @@ -82,7 +82,7 @@ def vault_file(secret_name, file_path, refresh: true) vault :TNOODLE_PUBLIC_KEY # To allow logging in to staging with your prod account - unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("WCA_LIVE_SITE", false)) + unless EnvConfig.WCA_LIVE_SITE? vault :STAGING_OAUTH_CLIENT vault :STAGING_OAUTH_SECRET end diff --git a/env_config.rb b/env_config.rb index 17a90d0d3a..a7a096da65 100644 --- a/env_config.rb +++ b/env_config.rb @@ -80,7 +80,5 @@ optional :BUILD_TAG, :string, "local" # To allow logging in to staging with your prod account - unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("WCA_LIVE_SITE", false)) - mandatory :STAGING_OAUTH_URL, :string - end + optional :STAGING_OAUTH_URL, :string, "" end From 17dafc573cc7a88ae611109db6e85e156a349146 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Wed, 31 Jul 2024 21:37:49 +0200 Subject: [PATCH 10/21] align two buttons --- app/views/devise/sessions/new.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 7f793f63a2..f7f339fbcb 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -43,7 +43,7 @@ <% unless EnvConfig.WCA_LIVE_SITE? %>
or
- +
<% end %> From 3fec45ee7cb7f433c8d5ce2257f0a523793bfe30 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Wed, 31 Jul 2024 21:52:06 +0200 Subject: [PATCH 11/21] introduce FaradayHelper --- app/controllers/sessions_controller.rb | 11 +---------- lib/faraday_helper.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 lib/faraday_helper.rb diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a05e02b92c..c7ee3a1271 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -33,16 +33,7 @@ def staging_oauth_login 'Content-Type' => 'application/json', }, ) do |builder| - # Sets headers and parses jsons automatically - builder.request :json - builder.response :json - - # Raises an error on 4xx and 5xx responses. - builder.response :raise_error - - # Logs requests and responses. - # By default, it only logs the request method and URL, and the request/response headers. - builder.response :logger, ::Logger.new($stdout), bodies: true if Rails.env.development? + FaradayHelper.default_connection(builder) end results = connection.get("/api/v0/me").body diff --git a/lib/faraday_helper.rb b/lib/faraday_helper.rb new file mode 100644 index 0000000000..d0004b3bf0 --- /dev/null +++ b/lib/faraday_helper.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module FaradayHelper + def self.default_connection(builder) + # Sets headers and parses jsons automatically + builder.request :json + builder.response :json + + # Raises an error on 4xx and 5xx responses. + builder.response :raise_error + + # Logs requests and responses. + # By default, it only logs the request method and URL, and the request/response headers. + builder.response :logger, ::Logger.new($stdout), bodies: true if Rails.env.development? + end +end From cdc530cc6dc8e491e90d13a2af5b39eef22d501a Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Thu, 1 Aug 2024 13:28:30 +0200 Subject: [PATCH 12/21] move up --- app/views/devise/sessions/new.html.erb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f7f339fbcb..336b27f266 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -8,6 +8,13 @@

<%= t('devise.sessions.new.sign_in') %>

+ <% unless EnvConfig.WCA_LIVE_SITE? %> +
+ +
+ or +
+ <% end %> <%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %>
<%= f.label :login %> @@ -40,12 +47,6 @@ <%= f.submit t('devise.sessions.new.sign_in'), class: "btn btn-primary", tabindex: "3" %> <%= t 'wca.devise.no_account' %> <%= link_to t('devise.shared.links.sign_up'), new_user_registration_path %>! <% end %> - <% unless EnvConfig.WCA_LIVE_SITE? %> -
- or
- -
- <% end %>
<% end %> From 0cfb926d5535373b7adce70ccec6f52bfd91241a Mon Sep 17 00:00:00 2001 From: Duncan Date: Fri, 2 Aug 2024 10:42:54 +0200 Subject: [PATCH 13/21] changed sign in page to use aria collapse --- .../devise/sessions/_login_form.html.erb | 33 +++++++++ app/views/devise/sessions/new.html.erb | 73 ++++++++----------- 2 files changed, 63 insertions(+), 43 deletions(-) create mode 100644 app/views/devise/sessions/_login_form.html.erb diff --git a/app/views/devise/sessions/_login_form.html.erb b/app/views/devise/sessions/_login_form.html.erb new file mode 100644 index 0000000000..6fcf2dd409 --- /dev/null +++ b/app/views/devise/sessions/_login_form.html.erb @@ -0,0 +1,33 @@ +<%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %> +
+ <%= f.label :login %> + <%= f.text_field :login, autofocus: false, class: "form-control", tabindex: "1" %> +
+
+ <%= f.label :password %> + <%= link_to t("devise.passwords.new.forgot_your_password"), new_user_password_path %>
+ <%= f.password_field :password, autocomplete: "off", class: "form-control", tabindex: "2" %> + <% if ServerSetting.exists?(DatabaseDumper::DEV_TIMESTAMP_NAME) %> +

+ Hint! It looks like you are using the + developer export + <% unless DbDumpHelper.use_staging_password? %> + , every user's password is "wca" + <% end %> + . You can find email addresses to log in with over on + <%= link_to "the delegates page", delegates_path %>. +

+ <% end %> +
+ <% if devise_mapping.rememberable? %> +
+ +
+ <% end %> + <%= f.submit t('devise.sessions.new.sign_in'), class: "btn btn-primary", tabindex: "3" %> + <%= t 'wca.devise.no_account' %> <%= link_to t('devise.shared.links.sign_up'), new_user_registration_path %>! +<% end %> + diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 336b27f266..60ebd90f33 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,53 +1,40 @@
- <% # i18n-tasks-use t('devise.failure.invalid') %> - <% # i18n-tasks-use t('devise.failure.not_found_in_database') %> - <% # i18n-tasks-use t('devise.failure.unconfirmed') %> <%= render layout: "devise/conversion_message", locals: { user: resource } do %> -
-
-

<%= t('devise.sessions.new.sign_in') %>

+ <% if EnvConfig.WCA_LIVE_SITE? %> +
+
+

<%= t('devise.sessions.new.sign_in') %>

+
+ +
+ <%= render 'login_form' %> +
-
- <% unless EnvConfig.WCA_LIVE_SITE? %> + <% else %> +
+
+

<%= t('RECOMMENDED: Automatic Sign In') %>

+
+
-
- or
- <% end %> - <%= form_for(resource, as: resource_name, url: session_path(resource_name), html: { role: "form" }) do |f| %> -
- <%= f.label :login %> - <%= f.text_field :login, autofocus: true, class: "form-control", tabindex: "1" %> -
-
- <%= f.label :password %> - <%= link_to t("devise.passwords.new.forgot_your_password"), new_user_password_path %>
- <%= f.password_field :password, autocomplete: "off", class: "form-control", tabindex: "2" %> - <% if ServerSetting.exists?(DatabaseDumper::DEV_TIMESTAMP_NAME) %> -

- Hint! It looks like you are using the - developer export - <% unless DbDumpHelper.use_staging_password? %> - , every user's password is "wca" - <% end %> - . You can find email addresses to log in with over on - <%= link_to "the delegates page", delegates_path %>. -

- <% end %> +
+
+ +
+ + +
+
+ <%= render 'login_form' %>
- <% if devise_mapping.rememberable? %> -
- -
- <% end %> - <%= f.submit t('devise.sessions.new.sign_in'), class: "btn btn-primary", tabindex: "3" %> - <%= t 'wca.devise.no_account' %> <%= link_to t('devise.shared.links.sign_up'), new_user_registration_path %>! - <% end %> +
-
+ <% end %> <% end %>
From c80c199aafa7f41eb2106214db4f9407f98de3ec Mon Sep 17 00:00:00 2001 From: Duncan Date: Fri, 2 Aug 2024 11:00:40 +0200 Subject: [PATCH 14/21] made live and staging into fragments --- .../devise/sessions/_live_template.html.erb | 9 +++++ .../sessions/_staging_template.html.erb | 25 +++++++++++++ app/views/devise/sessions/new.html.erb | 35 ++----------------- 3 files changed, 36 insertions(+), 33 deletions(-) create mode 100644 app/views/devise/sessions/_live_template.html.erb create mode 100644 app/views/devise/sessions/_staging_template.html.erb diff --git a/app/views/devise/sessions/_live_template.html.erb b/app/views/devise/sessions/_live_template.html.erb new file mode 100644 index 0000000000..9470b25dd5 --- /dev/null +++ b/app/views/devise/sessions/_live_template.html.erb @@ -0,0 +1,9 @@ +
+
+

<%= t('devise.sessions.new.sign_in') %>

+
+ +
+ <%= render 'login_form' %> +
+
diff --git a/app/views/devise/sessions/_staging_template.html.erb b/app/views/devise/sessions/_staging_template.html.erb new file mode 100644 index 0000000000..63390c717a --- /dev/null +++ b/app/views/devise/sessions/_staging_template.html.erb @@ -0,0 +1,25 @@ +
+
+

<%= t('RECOMMENDED: Automatic Sign In') %>

+
+
+
+ +
+
+
+ +
+ + +
+
+ <%= render 'login_form' %> +
+
+
+ diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 60ebd90f33..f9e188df32 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,40 +1,9 @@
<%= render layout: "devise/conversion_message", locals: { user: resource } do %> <% if EnvConfig.WCA_LIVE_SITE? %> -
-
-

<%= t('devise.sessions.new.sign_in') %>

-
- -
- <%= render 'login_form' %> -
-
+ <%= render 'live_template' %> <% else %> -
-
-

<%= t('RECOMMENDED: Automatic Sign In') %>

-
-
-
- -
-
-
- -
- - -
-
- <%= render 'login_form' %> -
-
-
+ <%= render 'staging_template' %> <% end %> <% end %>
From 72143fac44aff08dfde8125965587cdd4addfed4 Mon Sep 17 00:00:00 2001 From: Duncan Date: Fri, 2 Aug 2024 11:39:41 +0200 Subject: [PATCH 15/21] only render alternate login in staging --- app/views/devise/sessions/new.html.erb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index f9e188df32..78edf31d08 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,9 +1,9 @@
<%= render layout: "devise/conversion_message", locals: { user: resource } do %> - <% if EnvConfig.WCA_LIVE_SITE? %> - <%= render 'live_template' %> - <% else %> + <% if Rails.env.production? && !EnvConfig.WCA_LIVE_SITE? %> <%= render 'staging_template' %> + <% else %> + <%= render 'live_template' %> <% end %> <% end %>
From 637bb7e9f33411d7c4a0110859ceb9db43e42e32 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Fri, 2 Aug 2024 12:18:14 +0200 Subject: [PATCH 16/21] add watermark for staging --- app/assets/stylesheets/wca.scss | 4 ++++ app/views/layouts/application.html.erb | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/app/assets/stylesheets/wca.scss b/app/assets/stylesheets/wca.scss index 39b885a534..3055c308ce 100644 --- a/app/assets/stylesheets/wca.scss +++ b/app/assets/stylesheets/wca.scss @@ -2,6 +2,10 @@ font-family: monospace; } +.watermark { + background-image: url("data:image/svg+xml;utf8,WCA Testing Site"); +} + table.table { // From http://stackoverflow.com/a/10688485 &.table-nonfluid { diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index f81da3b26d..24e41ddea4 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -90,7 +90,7 @@ <% end %> - +"> <% hide_wca_navbars = yield(:hide_wca_navbars).present? %> <% if !hide_wca_navbars %> From efbe21a84d93d3b1719a4cbbc1a3f06dd9adc292 Mon Sep 17 00:00:00 2001 From: Duncan Date: Fri, 2 Aug 2024 13:09:49 +0200 Subject: [PATCH 17/21] fixed i18n key issues --- .../sessions/_staging_template.html.erb | 42 +++++++++---------- app/views/devise/sessions/new.html.erb | 3 ++ 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/app/views/devise/sessions/_staging_template.html.erb b/app/views/devise/sessions/_staging_template.html.erb index 63390c717a..502f86b7ef 100644 --- a/app/views/devise/sessions/_staging_template.html.erb +++ b/app/views/devise/sessions/_staging_template.html.erb @@ -1,25 +1,25 @@
-
-

<%= t('RECOMMENDED: Automatic Sign In') %>

-
-
-
- -
-
-
+
+

Recommended: Automatic Sign In

+
+
+
+ +
+
+
-
- +
+ -
-
- <%= render 'login_form' %> -
-
-
+
+
+ <%= render 'login_form' %> +
+
+
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 78edf31d08..3615197901 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -1,4 +1,7 @@
+ <% # i18n-tasks-use t('devise.failure.invalid') %> + <% # i18n-tasks-use t('devise.failure.not_found_in_database') %> + <% # i18n-tasks-use t('devise.failure.unconfirmed') %> <%= render layout: "devise/conversion_message", locals: { user: resource } do %> <% if Rails.env.production? && !EnvConfig.WCA_LIVE_SITE? %> <%= render 'staging_template' %> From 6adc2d9a8983c3ed694f45b14f83a9f40a64c84c Mon Sep 17 00:00:00 2001 From: Duncan Date: Fri, 2 Aug 2024 15:33:10 +0200 Subject: [PATCH 18/21] updated names of partials --- .../{_live_template.html.erb => _live_login.html.erb} | 2 +- .../{_login_form.html.erb => _password_form.html.erb} | 0 .../{_staging_template.html.erb => _staging_login.html.erb} | 2 +- app/views/devise/sessions/new.html.erb | 4 ++-- 4 files changed, 4 insertions(+), 4 deletions(-) rename app/views/devise/sessions/{_live_template.html.erb => _live_login.html.erb} (82%) rename app/views/devise/sessions/{_login_form.html.erb => _password_form.html.erb} (100%) rename app/views/devise/sessions/{_staging_template.html.erb => _staging_login.html.erb} (95%) diff --git a/app/views/devise/sessions/_live_template.html.erb b/app/views/devise/sessions/_live_login.html.erb similarity index 82% rename from app/views/devise/sessions/_live_template.html.erb rename to app/views/devise/sessions/_live_login.html.erb index 9470b25dd5..df3def63a1 100644 --- a/app/views/devise/sessions/_live_template.html.erb +++ b/app/views/devise/sessions/_live_login.html.erb @@ -4,6 +4,6 @@
- <%= render 'login_form' %> + <%= render 'password_form' %>
diff --git a/app/views/devise/sessions/_login_form.html.erb b/app/views/devise/sessions/_password_form.html.erb similarity index 100% rename from app/views/devise/sessions/_login_form.html.erb rename to app/views/devise/sessions/_password_form.html.erb diff --git a/app/views/devise/sessions/_staging_template.html.erb b/app/views/devise/sessions/_staging_login.html.erb similarity index 95% rename from app/views/devise/sessions/_staging_template.html.erb rename to app/views/devise/sessions/_staging_login.html.erb index 502f86b7ef..1fb4b3710d 100644 --- a/app/views/devise/sessions/_staging_template.html.erb +++ b/app/views/devise/sessions/_staging_login.html.erb @@ -18,7 +18,7 @@
- <%= render 'login_form' %> + <%= render 'password_form' %>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb index 3615197901..d7e8274354 100644 --- a/app/views/devise/sessions/new.html.erb +++ b/app/views/devise/sessions/new.html.erb @@ -4,9 +4,9 @@ <% # i18n-tasks-use t('devise.failure.unconfirmed') %> <%= render layout: "devise/conversion_message", locals: { user: resource } do %> <% if Rails.env.production? && !EnvConfig.WCA_LIVE_SITE? %> - <%= render 'staging_template' %> + <%= render 'staging_login' %> <% else %> - <%= render 'live_template' %> + <%= render 'live_login' %> <% end %> <% end %> From 153f3cd9545de895ab1eaf6a44c862bd35bcbf27 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Fri, 2 Aug 2024 17:55:15 +0200 Subject: [PATCH 19/21] review changes --- app/controllers/sessions_controller.rb | 6 ++---- .../initializers/faraday_default_options.rb | 20 +++++++++++++++++++ lib/faraday_helper.rb | 16 --------------- 3 files changed, 22 insertions(+), 20 deletions(-) create mode 100644 config/initializers/faraday_default_options.rb delete mode 100644 lib/faraday_helper.rb diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index c7ee3a1271..e5b6f9c162 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -32,9 +32,7 @@ def staging_oauth_login 'Authorization' => "Bearer #{access_token}", 'Content-Type' => 'application/json', }, - ) do |builder| - FaradayHelper.default_connection(builder) - end + ) results = connection.get("/api/v0/me").body @@ -43,7 +41,7 @@ def staging_oauth_login sign_in(user) redirect_to root_url, notice: "Successfully logged in as #{user.wca_id}" else - redirect_to root_url, alert: "Couldn't find your user" + redirect_to root_url, alert: "Your user is not yet imported into our Staging Website, please try again later" end end diff --git a/config/initializers/faraday_default_options.rb b/config/initializers/faraday_default_options.rb new file mode 100644 index 0000000000..bdaf703834 --- /dev/null +++ b/config/initializers/faraday_default_options.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module FaradayDefaultOptions + def new_builder(block) + super.tap do | builder | + # Sets headers and parses jsons automatically + builder.request :json + builder.response :json + + # Raises an error on 4xx and 5xx responses. + builder.response :raise_error + + # Logs requests and responses. + # By default, it only logs the request method and URL, and the request/response headers. + builder.response :logger, ::Logger.new($stdout), bodies: true if Rails.env.development? + end + end +end + +Faraday::ConnectionOptions.prepend(FaradayDefaultOptions) diff --git a/lib/faraday_helper.rb b/lib/faraday_helper.rb deleted file mode 100644 index d0004b3bf0..0000000000 --- a/lib/faraday_helper.rb +++ /dev/null @@ -1,16 +0,0 @@ -# frozen_string_literal: true - -module FaradayHelper - def self.default_connection(builder) - # Sets headers and parses jsons automatically - builder.request :json - builder.response :json - - # Raises an error on 4xx and 5xx responses. - builder.response :raise_error - - # Logs requests and responses. - # By default, it only logs the request method and URL, and the request/response headers. - builder.response :logger, ::Logger.new($stdout), bodies: true if Rails.env.development? - end -end From ea96fdd6176f6090b97713eaa31378ba3e0b79f9 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Sat, 3 Aug 2024 10:15:05 +0200 Subject: [PATCH 20/21] rub rubocop --- config/initializers/faraday_default_options.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/faraday_default_options.rb b/config/initializers/faraday_default_options.rb index bdaf703834..979dff3397 100644 --- a/config/initializers/faraday_default_options.rb +++ b/config/initializers/faraday_default_options.rb @@ -2,7 +2,7 @@ module FaradayDefaultOptions def new_builder(block) - super.tap do | builder | + super.tap do |builder| # Sets headers and parses jsons automatically builder.request :json builder.response :json From 6eebf4b26abb32abd47ac1d6d604327fc7a5e314 Mon Sep 17 00:00:00 2001 From: FinnIckler Date: Wed, 7 Aug 2024 10:47:50 -0400 Subject: [PATCH 21/21] run rubocop --- env_config.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/env_config.rb b/env_config.rb index 1dbfc44071..a22b5ce931 100644 --- a/env_config.rb +++ b/env_config.rb @@ -83,7 +83,7 @@ # To allow logging in to staging with your prod account optional :STAGING_OAUTH_URL, :string, "" - + # For Asset Compilation optional :ASSETS_COMPILATION, :bool, false end