From 5a01eba5f3a8cf3ea77d82c22a9c27565b21d027 Mon Sep 17 00:00:00 2001 From: Ryan Wold Date: Wed, 26 Mar 2025 09:23:34 -0700 Subject: [PATCH 1/3] set path to a specific domain * in the case when multiple domains may be used * add auth option * update gems --- Gemfile.lock | 53 ++++++++++++++++-------------- app/models/website.rb | 1 + config/environments/development.rb | 2 ++ config/environments/staging.rb | 2 ++ 4 files changed, 33 insertions(+), 25 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7c279504c..cdae3c6f3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -101,17 +101,18 @@ GEM addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) aes_key_wrap (1.1.0) - ast (2.4.2) + ast (2.4.3) aws-eventstream (1.3.2) - aws-partitions (1.1065.0) + aws-partitions (1.1074.0) aws-record (2.13.2) aws-sdk-dynamodb (~> 1, >= 1.85.0) - aws-sdk-core (3.220.1) + aws-sdk-core (3.221.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.992.0) aws-sigv4 (~> 1.9) base64 jmespath (~> 1, >= 1.6.1) + logger aws-sdk-dynamodb (1.129.0) aws-sdk-core (~> 3, >= 3.210.0) aws-sigv4 (~> 1.5) @@ -206,7 +207,7 @@ GEM concurrent-ruby (1.3.5) connection_pool (2.5.0) crass (1.0.6) - csv (3.3.2) + csv (3.3.3) database_cleaner (2.1.0) database_cleaner-active_record (>= 2, < 3) database_cleaner-active_record (2.2.0) @@ -222,7 +223,7 @@ GEM railties (>= 4.1.0) responders warden (~> 1.2.3) - diff-lcs (1.6.0) + diff-lcs (1.6.1) docile (1.4.1) dotenv (3.1.7) drb (2.2.1) @@ -342,16 +343,16 @@ GEM marcel (1.0.4) matrix (0.4.2) method_source (1.1.0) - mime-types (3.6.0) + mime-types (3.6.2) logger mime-types-data (~> 3.2015) - mime-types-data (3.2025.0304) + mime-types-data (3.2025.0325) mini_magick (5.2.0) benchmark logger mini_mime (1.1.5) mini_portile2 (2.8.8) - minitest (5.25.4) + minitest (5.25.5) msgpack (1.8.0) multi_json (1.15.0) multi_xml (0.7.1) @@ -369,24 +370,24 @@ GEM net-protocol newrelic_rpm (9.17.0) nio4r (2.7.4) - nokogiri (1.18.3) + nokogiri (1.18.6) mini_portile2 (~> 2.8.2) racc (~> 1.4) - nokogiri (1.18.3-aarch64-linux-gnu) + nokogiri (1.18.6-aarch64-linux-gnu) racc (~> 1.4) - nokogiri (1.18.3-aarch64-linux-musl) + nokogiri (1.18.6-aarch64-linux-musl) racc (~> 1.4) - nokogiri (1.18.3-arm-linux-gnu) + nokogiri (1.18.6-arm-linux-gnu) racc (~> 1.4) - nokogiri (1.18.3-arm-linux-musl) + nokogiri (1.18.6-arm-linux-musl) racc (~> 1.4) - nokogiri (1.18.3-arm64-darwin) + nokogiri (1.18.6-arm64-darwin) racc (~> 1.4) - nokogiri (1.18.3-x86_64-darwin) + nokogiri (1.18.6-x86_64-darwin) racc (~> 1.4) - nokogiri (1.18.3-x86_64-linux-gnu) + nokogiri (1.18.6-x86_64-linux-gnu) racc (~> 1.4) - nokogiri (1.18.3-x86_64-linux-musl) + nokogiri (1.18.6-x86_64-linux-musl) racc (~> 1.4) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) @@ -414,13 +415,14 @@ GEM activerecord (>= 6.1) request_store (~> 1.4) parallel (1.26.3) - parser (3.3.7.1) + parser (3.3.7.3) ast (~> 2.4.1) racc pg (1.5.9) pp (0.6.2) prettyprint prettyprint (0.2.0) + prism (1.4.0) pry (0.15.2) coderay (~> 1.1) method_source (~> 1.0) @@ -490,7 +492,7 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.11.1) ffi (~> 1.0) - rdoc (6.12.0) + rdoc (6.13.0) psych (>= 4.0.0) redis (5.4.0) redis-client (>= 0.22.0) @@ -527,7 +529,7 @@ GEM rspec-support (3.13.2) rspec_junit_formatter (0.6.0) rspec-core (>= 2, < 4, != 2.12.0) - rubocop (1.73.2) + rubocop (1.75.0) json (~> 2.3) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.1.0) @@ -535,11 +537,12 @@ GEM parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.9.3, < 3.0) - rubocop-ast (>= 1.38.0, < 2.0) + rubocop-ast (>= 1.43.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 4.0) - rubocop-ast (1.38.1) - parser (>= 3.3.1.0) + rubocop-ast (1.43.0) + parser (>= 3.3.7.2) + prism (~> 1.4) rubocop-rails (2.30.3) activesupport (>= 4.2.0) lint_roller (~> 1.1) @@ -565,7 +568,7 @@ GEM sprockets-rails tilt securerandom (0.4.1) - selenium-webdriver (4.29.1) + selenium-webdriver (4.30.1) base64 (~> 0.2) logger (~> 1.4) rexml (~> 3.2, >= 3.2.5) @@ -596,7 +599,7 @@ GEM ssrf_filter (1.2.0) stimulus-rails (1.3.4) railties (>= 6.0.0) - stringio (3.1.5) + stringio (3.1.6) thor (1.3.2) thread_safe (0.3.6) tilt (2.6.0) diff --git a/app/models/website.rb b/app/models/website.rb index 24b89cbc3..fd36a430c 100644 --- a/app/models/website.rb +++ b/app/models/website.rb @@ -61,6 +61,7 @@ class Website < ApplicationRecord AUTHENTICATION_TOOLS = { 'Drupal' => 'Drupal', 'Google oAuth' => 'Google oAuth', + 'GSA Auth' => 'GSA Auth', 'GSA Secure Auth' => 'GSA Secure Auth', 'Jira' => 'Jira', 'Login.gov' => 'Login.gov', diff --git a/config/environments/development.rb b/config/environments/development.rb index d78d60285..e079179ec 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -58,6 +58,8 @@ # Set localhost to be used by links generated in mailer templates. config.action_mailer.default_url_options = { host: "localhost", port: 3000 } + # TODO: For temporary redirect (March 2025) + config.action_controller.default_url_options = { host: "localhost", port: 3000 } # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log diff --git a/config/environments/staging.rb b/config/environments/staging.rb index ae0706f5f..5a07a9037 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -102,6 +102,8 @@ # For Devise config.action_mailer.default_url_options = { host: ENV.fetch('TOUCHPOINTS_WEB_DOMAIN'), port: 443 } + # TODO: For temporary redirect (March 2025) + config.action_controller.default_url_options = { host: ENV.fetch('TOUCHPOINTS_WEB_DOMAIN'), port: 443 } # Prevent host header injection # Reference: https://github.com/ankane/secure_rails From b70461be0d24b18dbe802dd9c3a6e4826f03a593 Mon Sep 17 00:00:00 2001 From: Ryan Wold Date: Wed, 26 Mar 2025 10:05:34 -0700 Subject: [PATCH 2/3] set path * specify one host, in case of multiple hosts --- config/environments/production.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/environments/production.rb b/config/environments/production.rb index 99aea2601..28520e55e 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -76,6 +76,8 @@ # Set host to be used by links generated in mailer templates. config.action_mailer.default_url_options = { host: ENV.fetch('TOUCHPOINTS_WEB_DOMAIN'), port: 443 } + # TODO: For temporary redirect (March 2025) + config.action_controller.default_url_options = { host: ENV.fetch('TOUCHPOINTS_WEB_DOMAIN'), port: 443 } # Specify outgoing SMTP server. Remember to add smtp/* credentials via rails credentials:edit. # config.action_mailer.smtp_settings = { From fb8cac75ffd8f3e39a05487b228b50d7c4c1b1c0 Mon Sep 17 00:00:00 2001 From: Ryan Wold <64987852+ryanwoldatwork@users.noreply.github.com> Date: Thu, 27 Mar 2025 12:30:34 -0700 Subject: [PATCH 3/3] support a second host --- config/environments/development.rb | 2 -- config/environments/production.rb | 3 +++ config/environments/staging.rb | 7 +++++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index e079179ec..d78d60285 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -58,8 +58,6 @@ # Set localhost to be used by links generated in mailer templates. config.action_mailer.default_url_options = { host: "localhost", port: 3000 } - # TODO: For temporary redirect (March 2025) - config.action_controller.default_url_options = { host: "localhost", port: 3000 } # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log diff --git a/config/environments/production.rb b/config/environments/production.rb index 28520e55e..7878928ea 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -113,6 +113,9 @@ config.hosts = [ ENV.fetch("TOUCHPOINTS_WEB_DOMAIN") ] + if ENV["TOUCHPOINTS_WEB_DOMAIN2"].present? + config.hosts << ENV.fetch("TOUCHPOINTS_WEB_DOMAIN2") + end # Skip DNS rebinding protection for the default health check endpoint. # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 5a07a9037..1c1ca0422 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -116,4 +116,11 @@ config.active_record.encryption.deterministic_key = ENV.fetch("RAILS_ACTIVE_RECORD_DETERMINISTIC_KEY") config.active_record.encryption.key_derivation_salt = ENV.fetch("RAILS_ACTIVE_RECORD_KEY_DERIVATION_SALT") config.active_record.encryption.support_unencrypted_data = true + + config.hosts = [ + ENV.fetch("TOUCHPOINTS_WEB_DOMAIN") + ] + if ENV["TOUCHPOINTS_WEB_DOMAIN2"].present? + config.hosts << ENV.fetch("TOUCHPOINTS_WEB_DOMAIN2") + end end