From 0ec3da7bf64141b5db47e0ad05cf7b189e83380b Mon Sep 17 00:00:00 2001
From: Ari Timonen <arit@fastmail.com>
Date: Mon, 6 Apr 2020 05:19:39 +0300
Subject: [PATCH] Add .env to repo Add template handling for password failure

---
 .env                  | 72 +++++++++++++++++++++++++++++++++++++++++++
 .gitignore            |  2 +-
 app/models/user.rb    | 47 ++++++++++++++++------------
 config/locales/en.yml |  1 +
 4 files changed, 101 insertions(+), 21 deletions(-)
 create mode 100644 .env

diff --git a/.env b/.env
new file mode 100644
index 0000000..dec7243
--- /dev/null
+++ b/.env
@@ -0,0 +1,72 @@
+# Read https://github.com/bkeepers/dotenv
+# This is the base file
+
+# Change this depending where you are
+RACK_ENV=production
+RAILS_ENV=production
+
+# App domain, used mostly bt just postfix
+# The app is designed as domain-indepdendent
+APP_DOMAIN=ensl.org
+
+# App secret for cookie encryption, blank is random
+APP_SECRET=
+
+# Public ports
+APP_PORT=80
+APP_PORT_SSL=443
+
+# FIXME: doesn't work yet
+# Options for: SCrypt::Engine.calibrate!(max_mem: 16 * 1024 * 1024)
+SCRYPT_SALT_OPTS=
+SCRYPT_MAX_TIME=1
+
+# App path inside docker
+DEPLOY_PATH=/var/www
+ASSETS_PATH=/home/web/assets
+ASSETS_PRECOMPILE=0
+
+# Puma fails in cluster mode, so use 0 workers
+PUMA_WORKERS=0
+
+# Threads and port
+PUMA_MIN_THREADS=1
+PUMA_MAX_THREADS=16
+PUMA_PORT=4000
+
+# Use higher timeout if debug fails
+PUMA_TIMEOUT=30
+
+# Path to files
+FILES_PATH=/var/www/public/files
+
+# Docker adds mysql to hosts
+MYSQL_HOST=db
+
+# This is used by both rails + mysql
+MYSQL_DATABASE=ensl
+
+# These are for ENSL, edit at least password
+MYSQL_USER=ensl
+MYSQL_PASSWORD=ensl
+
+# Root MySQL password
+MYSQL_ROOT_PASSWORD=ensl
+MYSQL_ROOT_HOST=%
+
+# More MySQL vars
+MYSQL_CONNECTION_POOL=32
+
+# Test
+SELENIUM_HOST=selenium
+TEST_APP_HOST=localhost
+TEST_APP_PORT=3005
+
+# New relic
+NEW_RELIC_APP_NAME=ENSL
+NEW_RELIC_LICENSE_KEY=
+
+# Google calendar
+GOOGLE_API_KEY=
+GOOGLE_CALENDAR_ID=
+GOOGLE_CALENDAR=enabled
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 5224155..221dc54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,7 @@
 /spec/tmp/*
 .ruby-version
 .ruby-gemset
-.env
+# .env
 .env*.local
 .tmp*
 .rspec
diff --git a/app/models/user.rb b/app/models/user.rb
index cf801af..9144fd4 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -369,27 +369,34 @@ class User < ActiveRecord::Base
 
   def self.authenticate(login)
     if (user = where("LOWER(username) = LOWER(?)", login[:username]).first)
-      case user.password_hash
-      when User::PASSWORD_SCRYPT
-        pass = SCrypt::Password.new(user.password)
-        return user if pass == login[:password]
-      when User::PASSWORD_MD5_SCRYPT
-        pass = SCrypt::Password.new(user.password)
-        # Match to Scrypt(Md5(password))
-        if pass == Digest::MD5.hexdigest(login[:password])
-          user.raw_password = login[:password]
-          user.update_password
-          user.save!
-          return user
-        end
-      # when User::PASSWORD_MD5
-      else
-        if user.password == Digest::MD5.hexdigest(login[:password])
-          user.raw_password = login[:password]
-          user.update_password
-          user.save!
-          return user
+      begin
+        case user.password_hash
+        when User::PASSWORD_SCRYPT
+          # FIXME: If exception occurs here, user cannot log in
+          pass = SCrypt::Password.new(user.password)
+          return user if pass == login[:password]
+        when User::PASSWORD_MD5_SCRYPT
+          pass = SCrypt::Password.new(user.password)
+          # Match to Scrypt(Md5(password))
+          if pass == Digest::MD5.hexdigest(login[:password])
+            user.raw_password = login[:password]
+            user.update_password
+            user.save!
+            return user
+          end
+        # when User::PASSWORD_MD5
+        else
+          if user.password == Digest::MD5.hexdigest(login[:password])
+            user.raw_password = login[:password]
+            user.update_password
+            user.save!
+            return user
+          end
         end
+      # TODO: controller needs to handle this
+      #rescue Exception => ex
+      #  user.errors.add(:password, "%s (%s)" % [I18n.t(:password_corrupt), ex.class.to_s])
+      #  return nil
       end
     end
     return nil
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 81b34e2..667ab05 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -85,6 +85,7 @@ en:
   login_status: "Logged in as"
   passwords_sent: "Password has been sent."
   password_md5_scrypt: "Password has been upgraded to higher security level (MD5->SCRYPT)."
+  password_corrupt: "Your password has become corrupt, please reset via forget password or contact admin."
   incorrect_information: "Incorrect Information."
   weeks_create: "Week was successfully created."
   weeks_update: "Week was successfully updated."