Emi Matchu
7f4c34ff6a
Ah right, I went and checked the Devise source code, and the default implementation for `password_required?` is a bit trickier than I expected: ```ruby def password_required? !persisted? || !password.nil? || !password_confirmation.nil? end ``` Looks like `super` does a good enough job here, though! (I'm actually kinda surprised, I wasn't sure how Ruby's `super` rules worked, and this isn't a subclass thing—or maybe it is, maybe the `devise` method adds a mixin? Idk! But it does what I expect, so, great!) So now, we require the password if 1) Devise doesn't see a UI reason not to, *and* 2) the user isn't using OmniAuth (i.e. NeoPass). This had caused a bug where it was impossible to use the Settings page *without* changing your password! (The form says it's okay to leave it blank, which stopped being true! But now it's fixed!)
148 lines
6.2 KiB
Ruby
148 lines
6.2 KiB
Ruby
require "active_support/core_ext/integer/time"
|
|
|
|
Rails.application.configure do
|
|
# Settings specified here will take precedence over those in config/application.rb.
|
|
|
|
# Code is not reloaded between requests.
|
|
config.enable_reloading = false
|
|
|
|
# Eager load code on boot. This eager loads most of Rails and
|
|
# your application in memory, allowing both threaded web servers
|
|
# and those relying on copy on write to perform better.
|
|
# Rake tasks automatically ignore this option for performance.
|
|
config.eager_load = true
|
|
|
|
# Full error reports are disabled and caching is turned on.
|
|
config.consider_all_requests_local = false
|
|
config.action_controller.perform_caching = true
|
|
|
|
# Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment
|
|
# key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files).
|
|
# config.require_master_key = true
|
|
|
|
# Enable static file serving from the `/public` folder (turn off if using NGINX/Apache for it).
|
|
config.public_file_server.enabled = false
|
|
|
|
# Compress CSS using a preprocessor.
|
|
# config.assets.css_compressor = :sass
|
|
|
|
# Compress JS using a preprocessor.
|
|
config.assets.js_compressor = :terser
|
|
|
|
# Do not fallback to assets pipeline if a precompiled asset is missed.
|
|
config.assets.compile = false
|
|
|
|
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
|
|
# config.asset_host = "http://assets.example.com"
|
|
|
|
# Specifies the header that your server uses for sending files.
|
|
# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache
|
|
# config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
|
|
|
|
# Store uploaded files on the local file system (see config/storage.yml for options).
|
|
# config.active_storage.service = :local
|
|
|
|
# Mount Action Cable outside main process or domain.
|
|
# config.action_cable.mount_path = nil
|
|
# config.action_cable.url = "wss://example.com/cable"
|
|
# config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
|
|
|
|
# Assume all access to the app is happening through a SSL-terminating reverse proxy.
|
|
# Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
|
|
config.assume_ssl = true
|
|
|
|
# Disable serving static files from the `/public` folder by default since
|
|
# Apache or NGINX already handles this.
|
|
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
|
|
|
|
# Don't fallback to assets pipeline if a precompiled asset is missed
|
|
config.assets.compile = false
|
|
|
|
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
|
config.force_ssl = true
|
|
|
|
# Log to STDOUT by default
|
|
config.logger = ActiveSupport::Logger.new(STDOUT)
|
|
.tap { |logger| logger.formatter = ::Logger::Formatter.new }
|
|
.then { |logger| ActiveSupport::TaggedLogging.new(logger) }
|
|
|
|
# Prepend all log lines with the following tags.
|
|
config.log_tags = [ :request_id ]
|
|
|
|
config.react.variant = :production
|
|
|
|
# Info include generic and useful information about system operation, but avoids logging too much
|
|
# information to avoid inadvertent exposure of personally identifiable information (PII). If you
|
|
# want to log everything, set the level to "debug".
|
|
config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info")
|
|
|
|
# Use a different cache store in production.
|
|
# config.cache_store = :mem_cache_store
|
|
|
|
config.action_mailer.default_url_options = {host: "impress.openneo.net"}
|
|
|
|
config.action_mailer.delivery_method = :smtp
|
|
config.action_mailer.smtp_settings = {
|
|
:address => "smtp.fastmail.com",
|
|
:port => 465,
|
|
:tls => true,
|
|
:domain => "openneo.net",
|
|
:authentication => :login,
|
|
:user_name => "matchu@openneo.net",
|
|
:password => Rails.application.credentials.matchu_email_password,
|
|
:enable_starttls_auto => false
|
|
}
|
|
config.action_mailer.raise_delivery_errors = true
|
|
config.action_mailer.perform_deliveries = true
|
|
config.action_mailer.perform_caching = false
|
|
|
|
# Use a real queuing backend for Active Job (and separate queues per environment).
|
|
# config.active_job.queue_adapter = :resque
|
|
# config.active_job.queue_name_prefix = "openneo_impress_items_production"
|
|
|
|
# Ignore bad email addresses and do not raise email delivery errors.
|
|
# Set this to true and configure the email server for immediate delivery to raise delivery errors.
|
|
# config.action_mailer.raise_delivery_errors = false
|
|
|
|
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
|
# the I18n.default_locale when a translation cannot be found).
|
|
config.i18n.fallbacks = true
|
|
|
|
# Don't log any deprecations.
|
|
config.active_support.report_deprecations = false
|
|
|
|
# Do not dump schema after migrations.
|
|
config.active_record.dump_schema_after_migration = false
|
|
|
|
# Enable DNS rebinding protection and other `Host` header attacks.
|
|
# config.hosts = [
|
|
# "example.com", # Allow requests from example.com
|
|
# /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
|
|
# ]
|
|
# Skip DNS rebinding protection for the default health check endpoint.
|
|
# config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
|
|
|
|
# Use the live copy of Impress 2020. (Can override this with the
|
|
# IMPRESS_2020_ORIGIN environment variable!)
|
|
config.impress_2020_origin = ENV.fetch("IMPRESS_2020_ORIGIN",
|
|
"https://impress-2020.openneo.net")
|
|
|
|
# Save the Neopets Media Archive in `/var/lib/neopets-media-archive`, a
|
|
# long-term storage location.
|
|
config.neopets_media_archive_root = "/var/lib/neopets-media-archive"
|
|
|
|
# Save our public data exports in `public/public-data`. (This should be
|
|
# symlinked to a shared folder persisted across all versions.)
|
|
config.public_data_root = Rails.root / "public" / "public-data"
|
|
|
|
# To see NeoPass features, add ?neopass=<SECRET> to relevant pages.
|
|
config.neopass_access_secret =
|
|
Rails.application.credentials.neopass.access_secret
|
|
|
|
# Use the live NeoPass production server.
|
|
config.neopass_origin = "https://oidc.neopets.com"
|
|
|
|
# Set the NeoPass redirect callback URL.
|
|
config.neopass_redirect_uri =
|
|
"https://impress.openneo.net/auth_users/auth/neopass/callback"
|
|
end
|