Add additional cookie method to view hidden NeoPass features

This is gonna help me in development, to stop having to add stuff to the URL all the time!! I also considered just always making it available in development, but I wanted to match production behavior to help us ensure the hiding behavior is working, to avoid leaking NeoPass without realizing.
2024-04-09 06:36:44 -07:00 · 2024-04-09 06:36:44 -07:00 · 9384fd2aa7
commit 9384fd2aa7
parent 95c1a4f391
1 changed files with 10 additions and 1 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -69,8 +69,17 @@ module ApplicationHelper
    end
  end

+  # Add ?neopass=1 to the URL, or set the `neopass_access_secret=1` cookie, to
+  # view NeoPass features. (NOTE: In production, this is a secret value
+  # instead!)
+  #
+  # NOTE: We intentionally don't e.g. set the cookie just because you went to
+  #       the secret URL once, to avoid demo users getting confused about
+  #       whether NeoPass is publicly available: if they go to the public page,
+  #       they should NOT see NeoPass anymore, rather than think it's live!
  def can_use_neopass
-    params[:neopass] == Rails.configuration.neopass_access_secret
+    params[:neopass] == Rails.configuration.neopass_access_secret ||
+      cookies[:neopass_access_secret] == Rails.configuration.neopass_access_secret
  end

  def contact_email