From 4c6ca11f3d7a91d5e18598993407c8e9d335c068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20de=20Arriba?= Date: Sat, 11 Oct 2014 10:59:03 +0200 Subject: [PATCH] Added more complex SMTP configuration and a fix for Devise. ADD: More complex SMTP configuration Allowing to set if the connection with the SMTP server is using a plain, SSL/TLS or STARTTLS security mode. MODIFY: Comments in default configuration file Added more detailed comments to provide the available values in every configuration flag. FIX: Bug with Devise and Rails 4.1 There is a bug in session cookie encoding that causes a fail retrieving the user session from MongoDB. It was solved using the indications readed here: https://github.com/plataformatec/devise/issues/2949#issuecomment-58162176 --- app/models/user.rb | 6 ++++ config/application.rb | 4 ++- config/watchr.default.yml | 64 +++++++++++++++++++++++++-------------- 3 files changed, 50 insertions(+), 24 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 328fde3..47bfb55 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -34,4 +34,10 @@ class User # field :failed_attempts, type: Integer, default: 0 # Only if lock strategy is :failed_attempts # field :unlock_token, type: String # Only if unlock strategy is :email or :both # field :locked_at, type: Time + + # Funcrion to avoid the compatibility issues between Devise and Rails 4.1 + def self.serialize_from_session(key, salt) + record = to_adapter.get(key[0]["$oid"]) + record if record && record.authenticatable_salt == salt + end end diff --git a/config/application.rb b/config/application.rb index 9ee76c9..5df1fc2 100644 --- a/config/application.rb +++ b/config/application.rb @@ -20,6 +20,7 @@ class Application < Rails::Application # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. config.time_zone = CONFIG["app"]["time_zone"] + # E-mail sending configuration config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { address: CONFIG["email"]["smtp"]["host"], @@ -28,7 +29,8 @@ class Application < Rails::Application user_name: CONFIG["email"]["smtp"]["username"], password: CONFIG["email"]["smtp"]["password"], authentication: CONFIG["email"]["smtp"]["authentication"], - enable_starttls_auto: CONFIG["email"]["smtp"]["enable_tls"] + ssl: CONFIG["email"]["smtp"]["enable_ssl"], + enable_starttls_auto: CONFIG["email"]["smtp"]["enable_starttls"] } # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. diff --git a/config/watchr.default.yml b/config/watchr.default.yml index 6194888..2598622 100644 --- a/config/watchr.default.yml +++ b/config/watchr.default.yml @@ -1,34 +1,52 @@ development: - security: # Change this values using rendom values or the output executing 'rake secret'. + # Change this values using random values or the output executing 'rake secret'. + security: secret_key_base: "CHANGEME" secret_key_devise: "CHANGEME" + # A change in Devise's pepper can invalidate all your user's passwords pepper_devise: "CHANGEME" app: - domain: "localhost:3000" # Your domain, without protocol (only host:port) - use_ssl: false # Use SSL? (connections and cookies) - time_zone: "Madrid" # Time zone (run 'rake time:zones:all' to view all available) - default_language: "en" # Default language for users + # Your domain, without protocol (only host:port) + domain: "localhost:3000" + # Use SSL? (connections and cookies) + use_ssl: false + # Time zone (run 'rake time:zones:all' to view all available) + time_zone: "Madrid" + # Default language for users + default_language: "en" email: - default_sender: "no-reply@your-company.tld" # Default sender for e-mails + # Default sender for e-mails + default_sender: "no-reply@your-company.tld" smtp: # SMTP configuration + # SMTP host host: "smtp.your-company.tld" + # SMTP port (default 25 for plain connections and 465 for secure connections) port: 465 - domain: "your-company.tld" # in case a special HELO message is needed. + # Domain in case a special HELO message is needed (Google for Apps for example). + domain: "your-company.tld" + # Username and password in the mail service username: "no-reply@your-company.tld" password: "CHANGEME" - authentication: "plain" # Can be 'plain', 'login' or 'cram_md5' - enable_tls: true # True or false to use encryption + # Authentication method. It can be 'plain', 'login' or 'cram_md5' + authentication: "plain" + # Use encryption in the connection with SMTP (using SSL/TLS)? + enable_ssl: false + # Use encryption in the connection with SMTP (using STARTTLS)? + enable_starttls: false -# Variables for test environment. -test: - security: +# Variables for production environment. +# IMPORTANT: Set this carefully (specially the security keys) because it's a basic +# security need in production environment. +# The privacy of this keys is the base of the application security. +production: + security: secret_key_base: "CHANGEME" secret_key_devise: "CHANGEME" pepper_devise: "CHANGEME" app: domain: "your-company.tld" - use_ssl: false - time_zone: "Madrid" + use_ssl: false + time_zone: "Madrid" default_language: "en" email: default_sender: "no-reply@your-company.tld" @@ -39,20 +57,19 @@ test: username: "no-reply@your-company.tld" password: "CHANGEME" authentication: "plain" - enable_tls: true + enable_ssl: false + enable_starttls: false -# Variables for production environment. -# Set this carefully (specially the security keys) because it's a basic -# security need in production environment. -production: - security: +# Variables for test environment. +test: + security: secret_key_base: "CHANGEME" secret_key_devise: "CHANGEME" pepper_devise: "CHANGEME" app: domain: "your-company.tld" - use_ssl: false - time_zone: "Madrid" + use_ssl: false + time_zone: "Madrid" default_language: "en" email: default_sender: "no-reply@your-company.tld" @@ -63,4 +80,5 @@ production: username: "no-reply@your-company.tld" password: "CHANGEME" authentication: "plain" - enable_tls: true \ No newline at end of file + enable_ssl: false + enable_starttls: false \ No newline at end of file