Add Devise User #73
Add Devise User #73
Conversation
| @@ -1,5 +1,7 @@ | |||
| common: &common | |||
| secret_key_base: 'f0b774b4d06f7ea3357dec260cd6231367009d35525b3c437b27e299d52599bebd4eb1cd83fc3f69ff0d46a0510e5e4ba3bffd26b503b7713100f6083fc4baba' | |||
| auth_secret_key: '89e115653bae4fafda3fc4c45b64aa07e20ad4d75ab4c1637e85e44b50e4a5cd24ea4dc065e047642d2ed17bebae7e856a292ab1f46ff7d04fc473df1a9ac577' | |||
There was a problem hiding this comment.
are these secrets supposed to be stored in the repo? I thought the idea was that individual installations would have their own
There was a problem hiding this comment.
Yes, secrets are required for running in test and development. If you read this file you'll notice that in the production section we use values from ENV exclusively. This means that production WILL NOT fall back to these values (I included a comment DO NOT use value in common as fallback to make this clear in the code).
If these secrets are not set in the ENV and rails is running in production then (at least for secret_key_base) rails will raise an error and refuse to run. (I think it will run if auth_secret_key is missing since devise will fallback to using the value for secret_key_base. I also think it will run if password_pepper is missing since that is optional.)
There was a problem hiding this comment.
oh I misread your comment as an instruction to the reader, telling them not to use the value as a fallback (I usually word things like: "This ensures that we don't fall back to common..."). OK I thought the idea was people had to make their own secrets for dev and test as well. I may litter some more comments around.
There was a problem hiding this comment.
I usually don't require everyone to make their own secrets for test/dev. If they are binding to localhost it should never matter. If they aren't binding to localhost then someone who sees their dev/test server and knows about this repo could do various things depending on the secret in question (with secret_key_base they could fake sessions) but that seems really low risk.
When including values where there is no test/dev version (such as AWS credentials) usually I mock it out in test so that tests still run and provide instructions in the readme.
There was a problem hiding this comment.
It is a command to the reader.
Often the pattern in secrets/config.yml is value: <%= ENV['NAME'] || 'default' %> but with these secrets using that pattern is unsafe as rails would happily work but would use a publicly known value for secret_key_base.
There was a problem hiding this comment.
If you want to bikeshed on the comment I am not attached to any wording, feel free to contribute a change directly to this PR.
|
We should have a conversation about The Future of FFAGC before you do too much major work, just so you have a sense of the roadmap I have in mind. There are assumptions that the current framework makes that I would like to upend at some point. We will need the concept of user roles, which should be ORable (someone can be a voter and an admin, for instance). I assume that's something that can be added later? |
|
I'm definitely interested in the future plans too. My current plan is to get this project in a better spot by adding reasonable validations, writing specs, and removing duplicate code. |
|
This PR is probably easier to read commit by commit. Most of the lines come from the commit adding the devise views. |
|
I've been thinking about this PR and the general design plan to unify the user types, and unfortunately I think this addition of the new user type is the wrong place to start. If we do this first, then we have two user models at the same time and conflicting frontend choices, which means we need to maintain both versions (keep the deprecated one working while still improving the new one) until the new one is feature complete. I think a better plan would be to start by writing a shim for the current three-table model so that various bits of the frontend can be rewritten so they can inquire about user permissions in a similar way to how the eventual backend model will work. So instead of "if admin_logged_in || voter_logged_in", there would be some sort of API like [totally pseudocode] "if user.permission_contains ['admin', 'voter']". The various calls can be replaced piecemeal and don't need to be done in one fell swoop. Once all the logic has been rewritten to use the shim API, then the backend model can be replaced with a simple swap -- replace the old model with the new and remove the shim. Doing the migration that way will keep the codebase cleaner by avoiding having conflicting coexisting models, and will ensure that the master branch stays runnable and deployable. Redoing the user model is a really heavy lift for this codebase because this transition will be hard to manage. But frankly it's low on my list of priorities compared with fixing some of the UX issues. I've tweaked some of the priority labels in the Issues list to give an idea of where I'd prefer to focus development effort right now. |
This creates a new model
userwhich will be used to unifyAdmin,ArtistandVoter. Users can register using devise at http://localhost:3000/users/sign_up (currently these pages are unstyled, that will happen in a future PR.)I also added the letter_opener gem, in development emails will open up in the browser when they are "sent". To see this in action try running
FactoryGirl.create(:user)in the rails console.Gotchas:
config/secrets.ymlwhich will require new values on the production serversconfirmation_token,reset_password_token, etc directly in the database (passwords are salted/peppered and hashed). The previous tokens were created withBCrypt::Password.create(SecureRandom.urlsafe_base64)). I'm not sure if that behaviour is still required / what threat model pushed for that design choice.Future PRs:
Related issues:
Artist,Admin, andVotermodels #63