[DEV] WIP: explore sso login alternative

8 files changed, 147 insertions, 6 deletions

diff --git a/config/application.rb b/config/application.rb
index 8752f57..c11c5ff 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -31,5 +31,6 @@ module IncommonMap
     #
     # config.time_zone = "Central Time (US & Canada)"
     # config.eager_load_paths << Rails.root.join("extras")
+    config.sso = config_for(:sso)
   end
 end
diff --git a/config/database.yml b/config/database.yml
index 16ba3d2..9c7344e 100644
--- a/config/database.yml
+++ b/config/database.yml
@@ -68,6 +68,12 @@ test:
   <<: *default
   database: incommon_map_test
 
+staging:
+  <<: *default
+  database: incommon_map_staging
+  username: incommon
+  password: <%= ENV['INCOMMON_MAP_DATABASE_PASSWORD'] %>
+
 # As with config/credentials.yml, you never want to store sensitive information,
 # like your database password, in your source code. If your source code is
 # ever seen by anyone, they now have access to your database.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 7a9f6c3..03f888f 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -1,5 +1,8 @@
 require "active_support/core_ext/integer/time"
 
+# During development, use localhost (careful with the port!)
+Rails.application.default_url_options[:host] = "localhost:3000"
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
diff --git a/config/environments/staging.rb b/config/environments/staging.rb
new file mode 100644
index 0000000..8602e0b
--- /dev/null
+++ b/config/environments/staging.rb
@@ -0,0 +1,115 @@
+require "active_support/core_ext/integer/time"
+
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
+  # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
+  # config.require_master_key = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  # Compress CSS using a preprocessor.
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.asset_host = 'http://assets.example.com'
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+
+  # Store uploaded files on the local file system (see config/storage.yml for options).
+  config.active_storage.service = :local
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Include generic and useful information about system operation, but avoid logging too much
+  # information to avoid inadvertent exposure of personally identifiable information (PII).
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  config.log_tags = [ :request_id ]
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Use a real queuing backend for Active Job (and separate queues per environment).
+  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_name_prefix = "incommon_map_production"
+
+  config.action_mailer.perform_caching = false
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Log disallowed deprecations.
+  config.active_support.disallowed_deprecation = :log
+
+  # Tell Active Support which deprecation messages to disallow.
+  config.active_support.disallowed_deprecation_warnings = []
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Use a different logger for distributed setups.
+  # require "syslog/logger"
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+
+  if ENV["RAILS_LOG_TO_STDOUT"].present?
+    logger           = ActiveSupport::Logger.new(STDOUT)
+    logger.formatter = config.log_formatter
+    config.logger    = ActiveSupport::TaggedLogging.new(logger)
+  end
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+
+  # Inserts middleware to perform automatic connection switching.
+  # The `database_selector` hash is used to pass options to the DatabaseSelector
+  # middleware. The `delay` is used to determine how long to wait after a write
+  # to send a subsequent read to the primary.
+  #
+  # The `database_resolver` class is used by the middleware to determine which
+  # database is appropriate to use based on the time delay.
+  #
+  # The `database_resolver_context` class is used by the middleware to set
+  # timestamps for the last write to the primary. The resolver uses the context
+  # class timestamps to determine how long to wait before reading from the
+  # replica.
+  #
+  # By default Rails will store a last write timestamp in the session. The
+  # DatabaseSelector middleware is designed as such you can define your own
+  # strategy for connection switching and pass that into the middleware through
+  # these configuration options.
+  # config.active_record.database_selector = { delay: 2.seconds }
+  # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
+  # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
+end
diff --git a/config/initializers/sso_config.rb b/config/initializers/sso_config.rb
index cf3bf3f..bf32648 100644
--- a/config/initializers/sso_config.rb
+++ b/config/initializers/sso_config.rb
@@ -15,8 +15,5 @@
 
 require 'sso/from_discourse'
 
-SSO::FromDiscourse.config = {
-  sso_url: 'https://talk.incommon.cc/session/sso_provider',
-  return_url: Rails.env.production? ? "https://ateliers-carto.incommon.cc/authenticate" : "http://localhost:3000/authenticate",
-  sso_secret: Rails.application.credentials.sso_secret,
-}
+
+
diff --git a/config/routes.rb b/config/routes.rb
index 54f383e..07c7616 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -34,6 +34,6 @@ Rails.application.routes.draw do
   get '/by-uuid/:uuid', to: 'uuid_resolver#new', as: 'uuid_resolver'
 
   # Discourse SSO
-  get 'authenticate(/:token)', to: 'welcome#authenticate'
+  get 'authenticate(/:token)', to: 'welcome#authenticate', as: 'authenticate'
   get 'logout', to: 'welcome#logout'
 end
diff --git a/config/sso.yml b/config/sso.yml
new file mode 100644
index 0000000..2a64738
--- /dev/null
+++ b/config/sso.yml
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2018-2021 IN COMMON Collective <collective@incommon.cc>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+# frozen_string_literal: true
+
+shared:
+  sso_url: 'https://talk.incommon.cc/session/sso_provider'
+
+production:
+  return_url: 'https://ateliers-carto.incommon.cc/authenticate'
+
+staging:
+  return_url: 'https://ateliers-carto-staging.incommon.cc/authenticate'
+
+development:
+  return_url: 'http://localhost:3000/authenticate'
diff --git a/config/webpacker.yml b/config/webpacker.yml
index a4b9a7a..5f6dbfd 100644
--- a/config/webpacker.yml
+++ b/config/webpacker.yml
@@ -83,6 +83,8 @@ test:
   # Compile test packs to a separate directory
   public_output_path: packs-test
 
+staging: &production
+
 production:
   <<: *default