Allow an easy local-productionish setup

This uses the development environment, but starts up rails in production
mode. It allows us to test features which we expect to work differently
in production mode, such as the profiling tools.

Author: dutow

Makefile

@@ -8,6 +8,9 @@ dev: ## Start dev stack (foreground)
 dev-detach: ## Start dev stack in background
 	$(COMPOSE) up -d --build
 
+dev-prod-detach: ## Start dev stack but run Rails in production mode (uses dev compose & env)
+	RAILS_ENV=production NODE_ENV=production RAILS_SERVE_STATIC_FILES=1 RAILS_LOG_TO_STDOUT=1 FORCE_SSL=false $(COMPOSE) up -d --build
+
 down: ## Stop dev stack
 	$(COMPOSE) down
 

app/controllers/sessions_controller.rb

@@ -3,16 +3,25 @@ def new
   end
 
   def create
-    email = EmailNormalizer.normalize(params[:email])
-    user = Alias.by_email(email).includes(:user).first&.user
+    email = params[:email].to_s
+    normalized_email = begin
+      EmailNormalizer.normalize(email)
+    rescue StandardError
+      nil
+    end
+    user = normalized_email && Alias.by_email(normalized_email).includes(:user).first&.user
+    verified_alias = user&.aliases&.where&.not(verified_at: nil)&.exists?
 
-    if user&.authenticate(params[:password]) && user.aliases.where.not(verified_at: nil).exists?
+    if user.nil? || !user.authenticate(params[:password])
+      flash.now[:alert] = 'Invalid email or password'
+      render :new, status: :unauthorized
+    elsif !verified_alias
+      flash.now[:alert] = 'Please verify your email before signing in.'
+      render :new, status: :forbidden
+    else
       reset_session
       session[:user_id] = user.id
       redirect_to root_path, notice: 'Signed in successfully'
-    else
-      flash.now[:alert] = 'Invalid email or password'
-      render :new, status: :unauthorized
     end
   end
 
@@ -21,4 +30,3 @@ def destroy
     redirect_to root_path, notice: 'Signed out'
   end
 end
-

app/views/sessions/new.html.slim

@@ -1,6 +1,6 @@
 h1 Sign in
 
-= form_with url: session_path, method: :post do |f|
+= form_with url: session_path, method: :post, local: true do |f|
   .field
     = label_tag :email
     = email_field_tag :email

config/environments/production.rb

@@ -24,11 +24,13 @@
   # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
 
+  force_ssl_enabled = ActiveModel::Type::Boolean.new.cast(ENV.fetch("FORCE_SSL", "true"))
+
   # Assume all access to the app is happening through a SSL-terminating reverse proxy.
-  config.assume_ssl = true
+  config.assume_ssl = force_ssl_enabled
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = true
+  config.force_ssl = force_ssl_enabled
 
   # Skip http-to-https redirect for the default health check endpoint.
   # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } }

docker-compose.dev.yml

@@ -28,14 +28,15 @@ services:
     env_file:
       - .env.development
     environment:
-      RAILS_ENV: development
-      NODE_ENV: development
+      RAILS_ENV: ${RAILS_ENV:-development}
+      NODE_ENV: ${NODE_ENV:-development}
       DATABASE_URL: ${DATABASE_URL:-postgresql://${POSTGRES_USER:-hackorum}:${POSTGRES_PASSWORD:-hackorum}@db:5432/${POSTGRES_DB:-hackorum_development}}
       PGHOST: db
       PGPORT: 5432
       PGUSER: ${POSTGRES_USER:-hackorum}
       PGPASSWORD: ${POSTGRES_PASSWORD:-hackorum}
       PGDATABASE: ${POSTGRES_DB:-hackorum_development}
+      FORCE_SSL: ${FORCE_SSL:-false}
     volumes:
       - .:/app
       - bundle:/usr/local/bundle
@@ -56,7 +57,7 @@ services:
       - .env.development
     command: ["bundle", "exec", "ruby", "script/imap_idle.rb"]
     environment:
-      RAILS_ENV: development
+      RAILS_ENV: ${RAILS_ENV:-development}
       DATABASE_URL: ${DATABASE_URL:-postgresql://${POSTGRES_USER:-hackorum}:${POSTGRES_PASSWORD:-hackorum}@db:5432/${POSTGRES_DB:-hackorum_development}}
       PGHOST: db
       PGPORT: 5432