From a49920931b62738223ccfc72a2451d3cc32892a0 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Wed, 31 Jan 2024 16:28:57 -0500 Subject: [PATCH 1/6] Added secure flag to cookies and enabled HSTS --- config/environments/production.rb | 3 +++ config/initializers/session_store.rb | 12 +++++++++--- ...3_add_default_recording_visibility_to_settings.rb | 3 +++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 9f91ad5db7..49b7048fd3 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -159,4 +159,7 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Enable HSTS in production mode + config.ssl_options = { hsts: { preload: true, expires: 1.year, subdomains: true } } end diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 02e5f6e023..aa0e8f3e2a 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -17,8 +17,14 @@ # frozen_string_literal: true if ENV['LOADBALANCER_ENDPOINT'].present? - Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session', domain: ENV.fetch('SESSION_DOMAIN_NAME', nil), - path: ENV.fetch('RELATIVE_URL_ROOT', '/') + Rails.application.config.session_store :cookie_store, + key: '_greenlight-3_0_session', + domain: ENV.fetch('SESSION_DOMAIN_NAME', nil), + secure: Rails.env.production?, + path: ENV.fetch('RELATIVE_URL_ROOT', '/') else - Rails.application.config.session_store :cookie_store, key: '_greenlight-3_0_session', path: ENV.fetch('RELATIVE_URL_ROOT', '/') + Rails.application.config.session_store :cookie_store, + key: '_greenlight-3_0_session', + secure: Rails.env.production?, + path: ENV.fetch('RELATIVE_URL_ROOT', '/') end diff --git a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb index 1968e4cf44..0ff135c4b8 100644 --- a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb +++ b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb @@ -4,6 +4,9 @@ class AddDefaultRecordingVisibilityToSettings < ActiveRecord::Migration[7.1] def up setting = Setting.create!(name: 'DefaultRecordingVisibility') SiteSetting.create!(setting:, value: 'Published', provider: 'greenlight') + Tenant.each do |tenant| + SiteSetting.create!(setting:, value: 'Published', provider: tenant.name) + end end def down From 411782cf5fb8c38f4987f6eeac740228ffa195b9 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Wed, 31 Jan 2024 16:54:36 -0500 Subject: [PATCH 2/6] Fixed small typo --- ...231213203353_add_default_recording_visibility_to_settings.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb index 0ff135c4b8..2e82584a2c 100644 --- a/db/data/20231213203353_add_default_recording_visibility_to_settings.rb +++ b/db/data/20231213203353_add_default_recording_visibility_to_settings.rb @@ -4,7 +4,7 @@ class AddDefaultRecordingVisibilityToSettings < ActiveRecord::Migration[7.1] def up setting = Setting.create!(name: 'DefaultRecordingVisibility') SiteSetting.create!(setting:, value: 'Published', provider: 'greenlight') - Tenant.each do |tenant| + Tenant.all.each do |tenant| SiteSetting.create!(setting:, value: 'Published', provider: tenant.name) end end From 7a6ee670c5fd6e0a04b2b21f7198e93f89a9c6e2 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Thu, 1 Feb 2024 10:24:39 -0500 Subject: [PATCH 3/6] more fixes --- config/environments/production.rb | 1 + .../20240125154727_add_help_center_setting.rb | 27 +++++++++++++++++++ db/data_schema.rb | 2 +- .../20231218154727_add_help_center_setting.rb | 20 -------------- 4 files changed, 29 insertions(+), 21 deletions(-) create mode 100644 db/data/20240125154727_add_help_center_setting.rb delete mode 100644 db/migrate/20231218154727_add_help_center_setting.rb diff --git a/config/environments/production.rb b/config/environments/production.rb index 49b7048fd3..2bcd29e7d9 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -161,5 +161,6 @@ config.active_record.dump_schema_after_migration = false # Enable HSTS in production mode + config.force_ssl = true config.ssl_options = { hsts: { preload: true, expires: 1.year, subdomains: true } } end diff --git a/db/data/20240125154727_add_help_center_setting.rb b/db/data/20240125154727_add_help_center_setting.rb new file mode 100644 index 0000000000..e57e227cde --- /dev/null +++ b/db/data/20240125154727_add_help_center_setting.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +class AddHelpCenterSetting < ActiveRecord::Migration[7.1] + def up + setting = Setting.find_or_create_by(name: 'HelpCenter') + SiteSetting.find_or_create_by(setting:, value: 'Published', provider: 'greenlight') + + SiteSetting.find_or_create_by( + setting:, + value: '', + provider: 'greenlight' + ) + + Tenant.all.each do |tenant| + SiteSetting.find_or_create_by( + setting:, + value: '', + provider: tenant.name + ) + end + end + + def down + Setting.find_by(name: 'HelpCenter')&.destroy + SiteSetting.find_by(setting: Setting.find_by(name: 'HelpCenter')).destroy + end +end diff --git a/db/data_schema.rb b/db/data_schema.rb index e50c1ff1f4..5170c4ab41 100644 --- a/db/data_schema.rb +++ b/db/data_schema.rb @@ -1 +1 @@ -DataMigrate::Data.define(version: 20231213203353) +DataMigrate::Data.define(version: 20240125154727) diff --git a/db/migrate/20231218154727_add_help_center_setting.rb b/db/migrate/20231218154727_add_help_center_setting.rb deleted file mode 100644 index 49c26ecef9..0000000000 --- a/db/migrate/20231218154727_add_help_center_setting.rb +++ /dev/null @@ -1,20 +0,0 @@ -# frozen_string_literal: true - -class AddHelpCenterSetting < ActiveRecord::Migration[7.1] - def up - Setting.create!(name: 'HelpCenter') unless Setting.exists?(name: 'HelpCenter') - - return if SiteSetting.exists?(setting: Setting.find_by(name: 'HelpCenter')) - - SiteSetting.create!( - setting: Setting.find_by(name: 'HelpCenter'), - value: '', - provider: 'greenlight' - ) - end - - def down - Setting.find_by(name: 'HelpCenter')&.destroy - SiteSetting.find_by(setting: Setting.find_by(name: 'HelpCenter')).destroy - end -end From 19d30b73b1795f37dd9ce9e516c63aa574079bf2 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Thu, 1 Feb 2024 11:04:47 -0500 Subject: [PATCH 4/6] Final work for hsts --- .rubocop.yml | 1 + config/environments/production.rb | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.rubocop.yml b/.rubocop.yml index 0d83aabd6f..62be3f68e9 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -64,6 +64,7 @@ Metrics/BlockLength: AllowedMethods: [ 'describe', 'context', 'xdescribe', 'xcontext', 'FactoryBot.define' ] Exclude: - 'config/routes.rb' + - 'config/environments/production.rb' Max: 70 Metrics/ClassLength: diff --git a/config/environments/production.rb b/config/environments/production.rb index 2bcd29e7d9..ac6eaad8c3 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -162,5 +162,8 @@ # Enable HSTS in production mode config.force_ssl = true - config.ssl_options = { hsts: { preload: true, expires: 1.year, subdomains: true } } + config.ssl_options = { + redirect: { exclude: ->(request) { request.path.include?('health_check') } }, + hsts: { expires: 1.year, subdomains: true } + } end From 08b5816dd7b5b6398f2ebc6e9b78e513da90f150 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Thu, 1 Feb 2024 14:01:21 -0500 Subject: [PATCH 5/6] Final hotfix --- db/data/20240125154727_add_help_center_setting.rb | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/db/data/20240125154727_add_help_center_setting.rb b/db/data/20240125154727_add_help_center_setting.rb index e57e227cde..e4496af16d 100644 --- a/db/data/20240125154727_add_help_center_setting.rb +++ b/db/data/20240125154727_add_help_center_setting.rb @@ -3,20 +3,11 @@ class AddHelpCenterSetting < ActiveRecord::Migration[7.1] def up setting = Setting.find_or_create_by(name: 'HelpCenter') - SiteSetting.find_or_create_by(setting:, value: 'Published', provider: 'greenlight') - SiteSetting.find_or_create_by( - setting:, - value: '', - provider: 'greenlight' - ) + SiteSetting.find_or_create_by(setting:, value: '', provider: 'greenlight') Tenant.all.each do |tenant| - SiteSetting.find_or_create_by( - setting:, - value: '', - provider: tenant.name - ) + SiteSetting.find_or_create_by(setting:, value: '', provider: tenant.name) end end From 167c7dc58acc154b15ac53678f022c29463fdd72 Mon Sep 17 00:00:00 2001 From: farhatahmad Date: Fri, 9 Feb 2024 13:47:03 -0500 Subject: [PATCH 6/6] Fix error caused if Help Center is already set --- db/data/20240125154727_add_help_center_setting.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/db/data/20240125154727_add_help_center_setting.rb b/db/data/20240125154727_add_help_center_setting.rb index e4496af16d..1ebf985185 100644 --- a/db/data/20240125154727_add_help_center_setting.rb +++ b/db/data/20240125154727_add_help_center_setting.rb @@ -2,9 +2,9 @@ class AddHelpCenterSetting < ActiveRecord::Migration[7.1] def up - setting = Setting.find_or_create_by(name: 'HelpCenter') + setting = Setting.create(name: 'HelpCenter') unless Setting.exists?(name: 'HelpCenter') - SiteSetting.find_or_create_by(setting:, value: '', provider: 'greenlight') + SiteSetting.create(setting:, value: '', provider: 'greenlight') unless SiteSetting.exists?(setting:, value: '', provider: 'greenlight') Tenant.all.each do |tenant| SiteSetting.find_or_create_by(setting:, value: '', provider: tenant.name)