From 9697e09dd9d6cbdc1f47ab5d720ed2053e75cd38 Mon Sep 17 00:00:00 2001
From: Felix Eckhofer <felix@eckhofer.com>
Date: Thu, 13 Mar 2025 16:33:16 +0100
Subject: [PATCH] Make invitation token a credential

Now that the code is public, having a hardcoded string seems even less
prudent...
---
 README.md                            | 1 +
 app/models/user.rb                   | 2 +-
 app/views/admin/users/_form.html.erb | 2 +-
 config/credentials.yml.enc           | 2 +-
 db/seeds.rb                          | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index fe4a03e..479fdc9 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ Run `bin/dev` in the integrated terminal to start the dev webserver and the tail
 
 The application requires some secrets, as of writing these include:
 
+- `invitation_token`
 - `filedrop_user`
 - `filedrop_password`
 - `heartbeat_deen`
diff --git a/app/models/user.rb b/app/models/user.rb
index d32f397..7bc8c52 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -114,7 +114,7 @@ class User < ApplicationRecord
   private
 
   def valid_invitation_token
-    valid_tokens = [ "gargamel" ]
+    valid_tokens = [ fetch_credential("invitation_token") ]
     errors.add(:invitation_token, "is invalid") unless valid_tokens.include?(invitation_token)
   end
 
diff --git a/app/views/admin/users/_form.html.erb b/app/views/admin/users/_form.html.erb
index 893924e..1d8a0fc 100644
--- a/app/views/admin/users/_form.html.erb
+++ b/app/views/admin/users/_form.html.erb
@@ -43,7 +43,7 @@
       <% if user.new_record? %>
         <div>
           <%= form.label :invitation_token, class: "block text-sm font-medium text-gray-700 dark:text-gray-300" %>
-          <%= form.text_field :invitation_token, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-indigo-500 focus:ring-indigo-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white", value: "gargamel" %>
+          <%= form.text_field :invitation_token, class: "mt-1 block w-full rounded-md border-gray-300 shadow-sm focus:border-indigo-500 focus:ring-indigo-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white", value: fetch_credential("invitation_token") %>
           <p class="text-xs text-gray-500 dark:text-gray-400 mt-1">Default invitation token</p>
         </div>
       <% end %>
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
index 7f8fd2a..55a7e6a 100644
--- a/config/credentials.yml.enc
+++ b/config/credentials.yml.enc
@@ -1 +1 @@
-cedAIG6rZwVaMfjDf/fzqjqjJLtPKR4RnfixBSIi1PLaEBAg8bvSfJPUVq7BFQbTanlz4rrOQ9nXQWljcpjmTY8DxXqYVd0G7Ifqp0z3lyjnxuI7xTFPOlLOQHpJ+DiQuX4S9Ldczg7InxWTkJK+JNqRO5aMA/usMR/hiWeLNBFYVHyjNm7JGQ9GuV3qhUJAT/7beb6cT4fcyzw+bcvBMsXvmQyqCUGHjrq+8pXdJp2a4WNsQNoUIwpVpcUnO7c6Ia2zU4DieJtbgK3uyO//yQU2WaQrilrglll8BnxkPoXuAtnTaJ4sxeJvNri4CNrcH7xDac907JYXSG/fItC1AuseMeZIlPFZTf8XXHHprlURabqkhRjhH3WuloHBXxXzsK8SGGn4neCuxodPaztIEOnd+FJ48aqTly67g5HbLhZt1eNWcJzsaXrbxAk2kyy4tqtJL7h8A8QehR1SZOFZoRQtSiSMDJ8nIgHIwZ1fd3ONUaKqePkXMNAp2XQctOQWk9NNWFNqL82wlEh08DuxQTvqdL007HZmH6kO3llOfLHJ44WmXHpUzoQbFR27sd7irVKpm5TfgnB1UHzLTGcJDA4GJv29FkUQkiHxG//wm5NRDllE3hRsaM2B3P+dZRu4xcSsZ1sYYfHmdCdXmmIRUIx1vv+YyUFSSYDP6fqZostRFNtYF7KxUxZBW2SZyz453U2FETKkmVBIGAfd7K1qGrLPpz2EVPzZU1nwIM/1Qy1FHiA9uHQEm/ufxGV90FQXL9N5r76C3pE5A5t7BhPp3+i0Je++dMAH/c388dKZYle9xlPWjMWeH93T4xarVGKefYA8pia9BoM+8DA7yh3DDRE8WCZCfA86IraxKlw/TsQQtqy2RjmTK7wMIDEBCYIS7zlS7yPdG6slx2mtoI0lenVEaAPCNzEPREyGUSMeq/v8EW9QSrmnTQixViLD9KJVyXDlUN+2syR94MfiV4/ocAWFuQ==--i2jfYUHs7mOaeKp5--LwBBPAnWTJGcZg7BMU+aXg==
\ No newline at end of file
+9gqI59pLB/EQaWXF5ywgyRNyCrVdNceWTXcedZMZn5Q03XK/6Q/qzmfQd53JVmMK/BkPpX85cgxRHvGYCzInvAOeJaZoTgBRfCcm2owz+GdcyXKVbM8IX2K8ic9OkeQQ+aaYTtN/cRfoDqU3CoIuxq8o8B7AuutAn2K5S7JC/WNSqw/kRkD23yo9TZ3oMitIJuTK3peM24fPb5mhZ9qvqqsblWNsCAkIZbHq0oGZqNvrqLtp1gG3N+2aZUhnXfOazHpcYppFHauovKEmRA3OrEuI5PzP/0VYCvSIteEtP8Xt2qloSNqQRhBLS/UOG+sDVoHeYmxnnYdDhmzCb6wlnSWWOTQbUq8dRETzRyWakp4I4D4VWEiwr8zhw2yJcZBTtH39HS2hKkqMRd30YufuH8NjqLCVQguSnZntVVBKpYZuOSO25ppZ+jtAbxh3ch2zSAu3D+U2T80331BksQI+ZdjCn0Arcy6z0jZfDfAWA1Dse/aZiak4bQLLFy0pKYjCo3JkJcWrPj4/5NmZA0nOSr1+ta0f8cILCmK/UA6+d1MRXDaqwEaE+nDPkR3fJiQjsRnO5GqSSGk+nxDjw82nXsfBD29j2eT36tlb6ji4AycOeIHijmdbAU/H4ymnpPDfioxWOQB2EVLNrYtc3xEh7TYstIC4fOl7YpsVVw2PcXqbvQrOFLMhqUUvmFMWTX6mus6dBORBEeU5O2NNAnsMIbAD41yUVB5ync6zBb9xLQrzgUbCNENLOLKyBZqo6UWQnILZp8xNRXAIIY4i3VaJDH8sS/r+43+MzA+8BbuGYqrualS/+3lSwPathqLWW9imzv4zQsdfphAGDFoh4QIObyiJpqxO1kUVySLiovlohi5bBDBhSX9SCtYYQ0Oz3IyYj3Zyv6RUUdV+pQ3cv8a/Jt/6F+FkGrcQ0yLNEH0xwLMGay8w3SPC+F/UH35mrwko1r1SSxhsINyEqrNUd7VOHCieMk0bWD6zxn1NAELLpsTbGgT+iVkqnrySA+q2UA==--QwhsveBIYJFf7bdw--0onIOoaCnmbbTRtoFgLCCg==
\ No newline at end of file
diff --git a/db/seeds.rb b/db/seeds.rb
index 1e1ae76..f647d05 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -402,7 +402,7 @@
 #   %w[coverage fog comedy adjust forge fail vigorous promise chemistry conception meat storage certain warm develop civilian cousin injection hammer health appetite conventional good snake grant suspect atmosphere linen wrong deal calf sea management silence watch nuance loan quit convert failure bracket slice sweat treaty plot still chimpanzee assume functional marsh dream mail state dorm kid formation secular agile beach guide salesperson merit goalkeeper incongruous cart pig joystick regulation apparatus myth patent glue behead flu departure spectrum parking indication delay hesitate viable lay treat cooperative sensation auction sphere stain tap pass].each do |username|
 #     User.find_or_create_by(name: username) do |u|
 #       u.email = "c3lingo+#{username}@x.moeffju.net"
-#       u.invitation_token = "gargamel"
+#       u.invitation_token = fetch_credential("invitation_token")
 #       u.save!
 #     end
 #   end
-- 
GitLab