diff --git a/.env.example b/.env.example index 1b94b6601..b523c604c 100644 --- a/.env.example +++ b/.env.example @@ -6,6 +6,7 @@ AWS_S3_REGION=changeme AWS_SECRET_ACCESS_KEY=changeme GITHUB_WEBHOOK_SECRET=test_token +GITHUB_WEBHOOK_REF=ref POSTGRES_DB=development POSTGRES_HOST=db diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb index c6efc85b5..5e4cb3038 100644 --- a/app/controllers/auth_controller.rb +++ b/app/controllers/auth_controller.rb @@ -22,12 +22,12 @@ def destroy reset_session # Prevent redirect loops etc. - if ENV['BYPASS_OAUTH'].present? + if Rails.configuration.bypass_oauth redirect_to root_path return end - redirect_to "#{ENV.fetch('IDENTITY_URL', nil)}/logout?returnTo=#{ENV.fetch('HOST_URL', nil)}", + redirect_to "#{Rails.configuration.identity_url}/logout?returnTo=#{ENV.fetch('HOST_URL', nil)}", allow_other_host: true end diff --git a/app/controllers/github_webhooks_controller.rb b/app/controllers/github_webhooks_controller.rb index e072b1d2e..796c3d60c 100644 --- a/app/controllers/github_webhooks_controller.rb +++ b/app/controllers/github_webhooks_controller.rb @@ -4,13 +4,17 @@ class GithubWebhooksController < ActionController::API include GithubWebhook::Processor def github_push(payload) - UploadJob.perform_later(payload) if payload[:ref] == ENV.fetch('GITHUB_WEBHOOK_REF') && edited_code?(payload) + UploadJob.perform_later(payload) if payload[:ref] == webhook_ref && edited_code?(payload) end private def webhook_secret(_payload) - ENV.fetch('GITHUB_WEBHOOK_SECRET') + Rails.configuration.x.github_webhook.secret + end + + def webhook_ref + Rails.configuration.x.github_webhook.ref end def edited_code?(payload) diff --git a/app/jobs/upload_job.rb b/app/jobs/upload_job.rb index 7e80bb690..0d598ab7b 100644 --- a/app/jobs/upload_job.rb +++ b/app/jobs/upload_job.rb @@ -55,7 +55,7 @@ def modified_locales(payload) def load_projects_data(locale, repository, owner) GithubApi::Client.query( ProjectContentQuery, - variables: { repository:, owner:, expression: "#{ENV.fetch('GITHUB_WEBHOOK_REF')}:#{locale}/code" } + variables: { repository:, owner:, expression: "#{Rails.configuration.x.github_webhook.ref}:#{locale}/code" } ) end @@ -85,7 +85,7 @@ def component(file) def image(file, project_dir, locale, repository, owner) filename = file.name directory = project_dir.name - url = "https://github.com/#{owner}/#{repository}/raw/#{ENV.fetch('GITHUB_WEBHOOK_REF')}/#{locale}/code/#{directory}/#{filename}" + url = "https://github.com/#{owner}/#{repository}/raw/#{Rails.configuration.x.github_webhook.ref}/#{locale}/code/#{directory}/#{filename}" { filename:, io: URI.parse(url).open } end diff --git a/app/views/invitation_mailer/invite_teacher.text.erb b/app/views/invitation_mailer/invite_teacher.text.erb index 98b88bfc1..d9a8b92d0 100644 --- a/app/views/invitation_mailer/invite_teacher.text.erb +++ b/app/views/invitation_mailer/invite_teacher.text.erb @@ -6,7 +6,7 @@ Being part of this school account will allow you to access the school dashboard Join school: -<%= "#{ENV.fetch('EDITOR_PUBLIC_URL')}/en/invitations/#{@token}" %> +<%= "#{Rails.configuration.editor_public_url}/en/invitations/#{@token}" %> -- Raspberry Pi Foundation diff --git a/config/application.rb b/config/application.rb index 43a8c9b7d..89a39d34d 100644 --- a/config/application.rb +++ b/config/application.rb @@ -57,5 +57,12 @@ class Application < Rails::Application config.middleware.insert_before 0, CorpMiddleware config.generators.system_tests = nil + + config.bypass_oauth = ENV.fetch('BYPASS_OAUTH', nil) == 'true' + config.identity_url = ENV.fetch('IDENTITY_URL') + config.editor_public_url = ENV.fetch('EDITOR_PUBLIC_URL') + + config.x.github_webhook.secret = ENV.fetch('GITHUB_WEBHOOK_SECRET') + config.x.github_webhook.ref = ENV.fetch('GITHUB_WEBHOOK_REF') end end diff --git a/config/initializers/editor_api_config b/config/initializers/editor_api_config new file mode 100644 index 000000000..e69de29bb diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 87d82bb2d..bf7322aae 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -2,7 +2,7 @@ OmniAuth.config.logger = Rails.logger -if ENV['BYPASS_OAUTH'].present? +if Rails.configuration.bypass_oauth using RpiAuthBypass extra = RpiAuthBypass::DEFAULT_EXTRA.deep_merge(raw_info: { roles: 'editor-admin' }) diff --git a/lib/hydra_public_api_client.rb b/lib/hydra_public_api_client.rb index 3daea3f92..6ec86fe82 100644 --- a/lib/hydra_public_api_client.rb +++ b/lib/hydra_public_api_client.rb @@ -24,7 +24,7 @@ def fetch_oauth_user(token:) private def bypass_oauth? - ENV.fetch('BYPASS_OAUTH', nil) == 'true' + Rails.configuration.bypass_oauth end def stubbed_user diff --git a/lib/user_info_api_client.rb b/lib/user_info_api_client.rb index 25a84c826..6dec726ad 100644 --- a/lib/user_info_api_client.rb +++ b/lib/user_info_api_client.rb @@ -21,7 +21,7 @@ def fetch_by_ids(user_ids) private def bypass_oauth? - ENV.fetch('BYPASS_OAUTH', nil) == 'true' + Rails.configuration.bypass_oauth end def transform_result(result) diff --git a/spec/jobs/upload_job_spec.rb b/spec/jobs/upload_job_spec.rb index 468df4e24..43d000fbf 100644 --- a/spec/jobs/upload_job_spec.rb +++ b/spec/jobs/upload_job_spec.rb @@ -4,12 +4,13 @@ RSpec.describe UploadJob do around do |example| - ClimateControl.modify GITHUB_AUTH_TOKEN: 'secret', GITHUB_WEBHOOK_REF: 'branches/whatever' do + ClimateControl.modify GITHUB_AUTH_TOKEN: 'secret' do example.run end end ActiveJob::Base.queue_adapter = :test + let(:github_webhook_ref) { 'branches/whatever' } let(:graphql_response) do GraphQL::Client::Response.new(raw_response, data: UploadJob::ProjectContentQuery.new(raw_response['data'], GraphQL::Client::Errors.new)) end @@ -17,7 +18,7 @@ { repository: { name: 'my-amazing-repo', owner: { name: 'me' } }, commits: [{ added: ['ja-JP/code/dont-collide-starter/main.py'], modified: [], removed: [] }] } end let(:variables) do - { repository: 'my-amazing-repo', owner: 'me', expression: "#{ENV.fetch('GITHUB_WEBHOOK_REF')}:ja-JP/code" } + { repository: 'my-amazing-repo', owner: 'me', expression: "#{github_webhook_ref}:ja-JP/code" } end let(:raw_response) do @@ -93,6 +94,7 @@ end before do + allow(Rails.configuration.x.github_webhook).to receive(:ref).and_return(github_webhook_ref) allow(GithubApi::Client).to receive(:query).and_return(graphql_response) stub_request(:get, 'https://github.com/me/my-amazing-repo/raw/branches/whatever/ja-JP/code/dont-collide-starter/astronaut1.png').to_return(status: 200, body: '', headers: {}) allow(ProjectImporter).to receive(:new).and_call_original diff --git a/spec/mailers/invitation_mailer_spec.rb b/spec/mailers/invitation_mailer_spec.rb index 7a377732b..8dbfa1cda 100644 --- a/spec/mailers/invitation_mailer_spec.rb +++ b/spec/mailers/invitation_mailer_spec.rb @@ -9,7 +9,7 @@ let(:invitation) { create(:teacher_invitation) } before do - allow(ENV).to receive(:fetch).with('EDITOR_PUBLIC_URL').and_return('http://example.com') + allow(Rails.configuration).to receive(:editor_public_url).and_return('http://example.com') end it 'includes the school name in the body' do diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index b3c8c78f2..f29603ac7 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -85,11 +85,9 @@ end end - context 'when BYPASS_OAUTH is true' do - around do |example| - ClimateControl.modify(BYPASS_OAUTH: 'true') do - example.run - end + context 'when the app is configured to bypass oauth' do + before do + allow(Rails.configuration).to receive(:bypass_oauth).and_return(true) end it 'does not call the API' do @@ -297,15 +295,13 @@ expect(user.email).to eq 'school-owner@example.com' end - context 'when BYPASS_OAUTH is true' do - around do |example| - ClimateControl.modify(BYPASS_OAUTH: 'true') do - example.run - end - end - + context 'when the app is configured to bypass oauth' do let(:owner) { create(:owner, school:, id: '00000000-0000-0000-0000-000000000000') } + before do + allow(Rails.configuration).to receive(:bypass_oauth).and_return(true) + end + it 'does not call the API' do user expect(WebMock).not_to have_requested(:get, /.*/) diff --git a/spec/requests/github_webhooks/github_webhooks_controller_push_spec.rb b/spec/requests/github_webhooks/github_webhooks_controller_push_spec.rb index fc41fd7a0..6167df570 100644 --- a/spec/requests/github_webhooks/github_webhooks_controller_push_spec.rb +++ b/spec/requests/github_webhooks/github_webhooks_controller_push_spec.rb @@ -3,12 +3,7 @@ require 'rails_helper' RSpec.describe GithubWebhooksController do - around do |example| - ClimateControl.modify GITHUB_WEBHOOK_SECRET: 'secret', GITHUB_WEBHOOK_REF: 'branches/whatever' do - example.run - end - end - + let(:github_webhook_secret) { 'secret' } let(:params) do { ref:, @@ -18,13 +13,15 @@ let(:headers) do { - 'X-Hub-Signature-256': "sha256=#{OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), ENV.fetch('GITHUB_WEBHOOK_SECRET'), params.to_json)}", + 'X-Hub-Signature-256': "sha256=#{OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), github_webhook_secret, params.to_json)}", 'X-GitHub-Event': 'push', 'Content-Type': 'application/json' } end before do + allow(Rails.configuration.x.github_webhook).to receive(:secret).and_return(github_webhook_secret) + allow(Rails.configuration.x.github_webhook).to receive(:ref).and_return('branches/whatever') allow(UploadJob).to receive(:perform_later) post '/github_webhooks', env: { RAW_POST_DATA: params.to_json }, headers: end