interdiscipline / lockup Goto Github PK

Could you please make this gem compatible with rails 5? When I try to install it I get:

conflicting dependencies rails (< 5, >= 3) and rails (~> 5.0.0, ~> 5.0.0) (Gem::DependencyResolutionError) Activated rails-5.0.0 which does not match conflicting dependency (< 5, >= 3)

Followup on an issue that surfaced in #38.

@gblakeman I confirm that neither of the skip_before_action :check_for_lockup nor the skip_before_filter :check_for_lockup work right after the server has been restarted.

But they do work if I make a change to the application_controller.rb and the ApplicationController code gets re executed. (in development mode)

It looks like a bug.

I would like to also protect some static files that I'm serving from public/, such as documentation and a static blog site. It would be great if lockup could also intercept those requests.

I face a very common issue when using skip_before_action callback in Rails 5.
thoughtbot/clearance#621

It is suggested to add option raise: false in the way we want to use lockup in some specific controllers...

Long story short, in ApplicationController, change

skip_before_action :check_for_lockup

to

skip_before_action :check_for_lockup, raise: false

Should us update README.md?

Should probably take a look at the design and refresh it (it's 8 years old).

Have you baked in using the rails >= 4.0 secrets configuration? Just curious. Seems like figaro is dead for new rails apps.

First of all, thanks for the awesome gem! This is really useful, and very easy to set up.

I'm trying to get it to work with the health_check gem. I'm seeing the following error from HealthCheck::HealthCheckController:

In order to use #url_for, you must include routing helpers explicitly. For instance, `include Rails.application.routes.url_helpers`.

This might be because I'm setting default url_options in my enviroment, like this:

  Rails.application.routes.default_url_options =
  config.action_controller.default_url_options = {
    host: ENV['APP_DOMAIN_NAME'],
    protocol: 'https'
  }

I'm not sure about the best way to handle this. There's a few options:

• Turn off the health_check basic authentication for staging, and just redirect to the lockup page if the lockup_codeword param is incorrect.
• Make lockup ignore the /health/all route, and keep using basic authentication.
• Use both basic authentication PLUS the lockup_codeword param. I don't think that's necessary, but it would be good to support this case anyway.

Hi - Is it possible to store the password/codeword in the database?

Is there a way to change the lifetime of the cookie in my application?

Hi all!

This gem looks spiffy and I was really excited to try it. I plugged it into the site that I was working on and found that it broke a bunch of links to user-uploaded content. I use ActiveStorage with S3 and images were showing up as broken links.

After poking around, I figured out that Active Storage was generating some redirect URLS under the hood to display the blobs and Lockup was hijacking those redirects with the Code page.

I ended up copying the ActiveStorage controller and modifying it slightly to include the skip_before_action that was not being inherited from the ApplicationController.

app/controllers/active_storage/blobs/redirect_controller.rb

class ActiveStorage::Blobs::RedirectController < ActiveStorage::BaseController
  skip_before_action :check_for_lockup, raise: false
  include ActiveStorage::SetBlob

  def show
    expires_in ActiveStorage.service_urls_expire_in
    redirect_to @blob.url(disposition: params[:disposition]), allow_other_host: true
  end
end

You can see the original source of the ActiveStorage controller here.

Not sure there's anything to do here, but I felt like I may as well document my findings and maybe save someone a few hours. Feel free to close this issue if there's no action items. Thanks!

Edit: Actually, this didn't fix things much either. Making the changes above fixed uploading images but broke the displaying of images hosted through ActiveRecord's S3 integration. I guess extending the ActiveStorage controllers is not quite as easy as other controllers are. This gentleman has a proposal where he mentions that you either have to copy the routes from ActiveStorage into your routes.rb file, or use custom route helpers and lose the fancy helpers that ActiveStorage provides. I tried a few different combinations of that and couldn't get things to work. Going to have to put Lockup on the shelf until I can spend more time trying to get things working together.

I have integrated lockup into an existing rails 4.1.0 Rails application. I set an environment variable in my staging environment (Heroku) for lockup and I've mounted lockup at the top of my routes.rb file. When I visit my staging environment, I hit the lockup screen and it works perfectly. I'm struggling to recreate this error on my own.

My bug tracker is reporting the following error:

ActionView::MissingTemplate: Missing template lockup/lockup/unlock, lockup/application/unlock with {:locale=>[:en], :formats=>["image/*"], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :jbuilder, :coffee]}. Searched in: * "/app/app/views" * "/app/vendor/bundle/ruby/1.9.1/gems/lockup-1.3.1/app/views" *

Can anyone shed some light on how I can debug this issue further?
Thank you!

I've been trying to integrate Lockup with an existing Trestle admin. I believe I would need to add Lockup to the existing trestle initializer:

  # Register callbacks to run before, after or around all Trestle actions.
  #
  config.before_action do |controller|
    # Rails.logger.debug("Before action")
    # I'd like to call check_for_lockup here
  end

Has anyone tried this?

Thank you!

hello,

i just have one question: is there a way i can change the text and styling of the unlocking page?

thank you.

It would be good to change the typefaces to system-level defaults.

• Ruby versions
• Rails versions

Rails 6.0 is out now, but the this gem is still locked at rails < 6.

Hello !

Many thanks for your gem, it works perfectly! Except it only work locally for me. When I deploy to Heroku, nothing is locked... I have a full access!
Could you tell me what I made wrong?

• Rails version: 4.2.0
• routes.rb:

Rails.application.routes.draw do

  # Beta Test
  mount Lockup::Engine, at: '/lockup'
...
end

• application.yml
  LOCKUP_CODEWORD: ''

Thanks!

Céline

Implement WCAG recommendations for the form.

I am currently using lockup to lock a website that is also accessed as API. I have tried using the "?lockup_codeword=love" in the the API call URL but is looks like it is not working as the json payload gets lost on the redirect.

Is there a way to whitelist a server/ip address so that there is no need to use the lockup_codeword redirect?

Thanks

Hi,

When I go to my rails 4 app at domain.com, I get the lockup screen. I enter the secret password and get sent to the lockup screen. When I enter a wrong password it says it the wrong password.

If I go right to my app on heroku @ whatever.herokuapp.com then it's okay.

How should I look into this?

Thanks,
Justin

Ps - I really appreciate the gem

I wanted to make sure that I wasn't using this on production, so I wrote the following code:

Rails.application.routes.draw do
  if ENV['STAGING']
    mount Lockup::Engine, at: '/lockup'
  end

However, I'm using a library called rswag for API documentation, which also mounts an engine in my routes. When I call that route, I get:

NameError - undefined local variable or method `lockup' for #<Rswag::Ui::HomeController:0x00007fa5ae4d6998>:
  lockup (1.4) lib/lockup.rb:25:in `check_for_lockup'

I've fixed this in my fork by checking that lockup is defined: ndbroadbent@3079e44

(Also some refactoring.)