Merge pull request #9 from schilbach/development

Update to Rails 5.2 including encrypted secrets

Author: naraesk

evaluationserver/.gitignore

@@ -33,3 +33,6 @@ coverage
 # Ignore encrypted secrets key file.
 config/secrets.yml.key
 config/initializers/01_env.rb
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key

evaluationserver/Gemfile

@@ -75,7 +75,7 @@ gem "therubyracer"
 gem "less-rails" #Sprockets (what Rails 3.1 uses for its asset pipeline) supports LESS
 gem 'bootstrap-sass', '~> 3.2.0'
 gem "paperclip", "~> 4.1"
-gem "nokogiri"
+gem "nokogiri", '1.8.1'
 gem "rubyzip"
 gem "actionmailer"
 #gem "jquery-sortable-rails"

evaluationserver/Gemfile.lock

@@ -1,63 +1,67 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.1.4)
-      actionpack (= 5.1.4)
+    actioncable (5.2.0)
+      actionpack (= 5.2.0)
       nio4r (~> 2.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.1.4)
-      actionpack (= 5.1.4)
-      actionview (= 5.1.4)
-      activejob (= 5.1.4)
+      websocket-driver (>= 0.6.1)
+    actionmailer (5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.1.4)
-      actionview (= 5.1.4)
-      activesupport (= 5.1.4)
+    actionpack (5.2.0)
+      actionview (= 5.2.0)
+      activesupport (= 5.2.0)
       rack (~> 2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.1.4)
-      activesupport (= 5.1.4)
+    actionview (5.2.0)
+      activesupport (= 5.2.0)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.1.4)
-      activesupport (= 5.1.4)
+    activejob (5.2.0)
+      activesupport (= 5.2.0)
       globalid (>= 0.3.6)
-    activemodel (5.1.4)
-      activesupport (= 5.1.4)
-    activerecord (5.1.4)
-      activemodel (= 5.1.4)
-      activesupport (= 5.1.4)
-      arel (~> 8.0)
-    activesupport (5.1.4)
+    activemodel (5.2.0)
+      activesupport (= 5.2.0)
+    activerecord (5.2.0)
+      activemodel (= 5.2.0)
+      activesupport (= 5.2.0)
+      arel (>= 9.0)
+    activestorage (5.2.0)
+      actionpack (= 5.2.0)
+      activerecord (= 5.2.0)
+      marcel (~> 0.3.1)
+    activesupport (5.2.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    acts_as_list (0.9.10)
+    acts_as_list (0.9.12)
       activerecord (>= 3.0)
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
-    arel (8.0.0)
+    arel (9.0.0)
     ast (2.4.0)
     bootstrap-multiselect-rails4 (0.0.1)
       rails (>= 4.0.0)
     bootstrap-sass (3.2.0.2)
       sass (~> 3.2)
-    brakeman (4.1.1)
+    brakeman (4.3.0)
     builder (3.2.3)
-    capybara (2.18.0)
+    capybara (3.1.1)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
-    capybara-screenshot (1.0.19)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      xpath (~> 3.0)
+    capybara-screenshot (1.0.21)
       capybara (>= 1.0, < 4)
       launchy
     climate_control (0.2.0)
@@ -66,30 +70,30 @@ GEM
     cocoon (1.2.11)
     commonjs (0.2.7)
     concurrent-ruby (1.0.5)
-    crass (1.0.3)
-    database_cleaner (1.6.2)
+    crass (1.0.4)
+    database_cleaner (1.7.0)
     diff-lcs (1.3)
-    docile (1.1.5)
+    docile (1.3.1)
     easy_translate (0.5.1)
       thread
       thread_safe
-    erubi (1.7.0)
+    erubi (1.7.1)
     execjs (2.7.0)
-    factory_bot (4.8.2)
+    factory_bot (4.10.0)
       activesupport (>= 3.0.0)
-    factory_bot_rails (4.8.2)
-      factory_bot (~> 4.8.2)
+    factory_bot_rails (4.10.0)
+      factory_bot (~> 4.10.0)
       railties (>= 3.0.0)
     faker (1.8.7)
       i18n (>= 0.7)
-    ffi (1.9.18)
-    font-awesome-rails (4.7.0.2)
-      railties (>= 3.2, < 5.2)
+    ffi (1.9.23)
+    font-awesome-rails (4.7.0.4)
+      railties (>= 3.2, < 6.0)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
     grease (0.3.1)
     highline (1.7.10)
-    i18n (0.9.1)
+    i18n (1.0.1)
       concurrent-ruby (~> 1.0)
     i18n-tasks (0.9.21)
       activesupport (>= 4.0.2)
@@ -104,11 +108,11 @@ GEM
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
       multi_json (>= 1.2)
-    jquery-rails (4.3.1)
+    jquery-rails (4.3.3)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    json (1.8.6)
+    json (2.1.0)
     launchy (2.4.3)
       addressable (~> 2.3)
     less (2.6.0)
@@ -124,71 +128,73 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.1.1)
+    loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
       mini_mime (>= 0.1.1)
+    marcel (0.3.2)
+      mimemagic (~> 0.3.2)
     method_source (0.9.0)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
-    mimemagic (0.3.0)
+    mimemagic (0.3.2)
     mini_mime (1.0.0)
     mini_portile2 (2.3.0)
-    minitest (5.10.3)
+    minitest (5.11.3)
     multi-select-rails (0.9.12)
       railties (>= 3.0)
-    multi_json (1.12.2)
-    mysql2 (0.4.10)
-    nio4r (2.2.0)
+    multi_json (1.13.1)
+    mysql2 (0.5.1)
+    nio4r (2.3.1)
     nokogiri (1.8.1)
       mini_portile2 (~> 2.3.0)
-    paperclip (4.3.7)
+    paperclip (4.2.4)
       activemodel (>= 3.2.0)
       activesupport (>= 3.2.0)
       cocaine (~> 0.5.5)
       mime-types
-      mimemagic (= 0.3.0)
-    parser (2.5.0.5)
+    parser (2.5.1.0)
       ast (~> 2.4.0)
     public_suffix (3.0.2)
-    puma (3.11.0)
-    rack (2.0.3)
-    rack-test (0.8.2)
+    puma (3.11.4)
+    rack (2.0.5)
+    rack-test (1.0.0)
       rack (>= 1.0, < 3)
-    rails (5.1.4)
-      actioncable (= 5.1.4)
-      actionmailer (= 5.1.4)
-      actionpack (= 5.1.4)
-      actionview (= 5.1.4)
-      activejob (= 5.1.4)
-      activemodel (= 5.1.4)
-      activerecord (= 5.1.4)
-      activesupport (= 5.1.4)
+    rails (5.2.0)
+      actioncable (= 5.2.0)
+      actionmailer (= 5.2.0)
+      actionpack (= 5.2.0)
+      actionview (= 5.2.0)
+      activejob (= 5.2.0)
+      activemodel (= 5.2.0)
+      activerecord (= 5.2.0)
+      activestorage (= 5.2.0)
+      activesupport (= 5.2.0)
       bundler (>= 1.3.0)
-      railties (= 5.1.4)
+      railties (= 5.2.0)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.3)
-      loofah (~> 2.0)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
     rails_serve_static_assets (0.0.5)
-    railties (5.1.4)
-      actionpack (= 5.1.4)
-      activesupport (= 5.1.4)
+    railties (5.2.0)
+      actionpack (= 5.2.0)
+      activesupport (= 5.2.0)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
-    rake (12.3.0)
+    rake (12.3.1)
     ranked-model (0.4.0)
       activerecord (>= 3.1.12)
-    rb-fsevent (0.10.2)
+    rb-fsevent (0.10.3)
     rb-inotify (0.9.10)
       ffi (>= 0.5.0, < 2)
-    rdoc (4.3.0)
+    rdoc (6.0.4)
     ref (2.0.0)
     rspec-core (3.7.1)
       rspec-support (~> 3.7.0)
@@ -209,7 +215,7 @@ GEM
     rspec-support (3.7.1)
     ruby_dep (1.5.0)
     rubyzip (1.2.1)
-    sass (3.5.4)
+    sass (3.5.6)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
@@ -220,11 +226,10 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
-    sdoc (0.4.2)
-      json (~> 1.7, >= 1.7.7)
-      rdoc (~> 4.0)
-    simplecov (0.15.1)
-      docile (~> 1.1.0)
+    sdoc (1.0.0)
+      rdoc (>= 5.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
@@ -244,20 +249,20 @@ GEM
     thread (0.2.2)
     thread_safe (0.3.6)
     tilt (2.0.8)
-    tinymce-rails (4.7.4)
+    tinymce-rails (4.7.13)
       railties (>= 3.1.1)
-    turbolinks (5.0.1)
-      turbolinks-source (~> 5)
-    turbolinks-source (5.0.3)
-    tzinfo (1.2.4)
+    turbolinks (5.1.1)
+      turbolinks-source (~> 5.1)
+    turbolinks-source (5.1.0)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    uglifier (4.1.2)
+    uglifier (4.1.10)
       execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.3.0)
-    websocket-driver (0.6.5)
+    unicode-display_width (1.3.3)
+    websocket-driver (0.7.0)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.3)
-    xpath (3.0.0)
+    xpath (3.1.0)
       nokogiri (~> 1.8)
 
 PLATFORMS
@@ -284,7 +289,7 @@ DEPENDENCIES
   listen
   multi-select-rails
   mysql2
-  nokogiri
+  nokogiri (= 1.8.1)
   paperclip (~> 4.1)
   puma
   rails

evaluationserver/app/controllers/application_controller.rb

@@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
 
   CREDENTIALS = {
     :name => 'admin',
-    :password => ENV['ADMIN_PASSWORD']
+    :password => Rails.application.credentials.admin_password
 
   }
 

evaluationserver/config/credentials.yml.enc

@@ -0,0 +1 @@
+FTUFXD2ZlOTrgBhIsiyWNSI0+jynWKt2HgZ/QOcoU8CDvwBpTMUnuInLJhT4zWeGkAjoAQDBCdSVm2UN9bMDNXNx1pUh2MEjNiMPrLR4khCwyjBeEQU4HLWsMTwEygq4ityywwyxoFvivq1mMoOXI7nNJlj7fSPTBunZWFxIa8XnO6DdD88KlpYEsWztZ29MiX4VnAz4SQSYQ/Dn7zvQnLa2iXO3LdI+cjfKnn/SD6Vy+RHHSXsX5EiyTjnXY8iPAvgh5Ka4h7WooL/VYfSks3BEHogNqApiS0kEFc1a4KpMvCaw1RrZf5acE5cXNat6fsg0igWh4L4v178/yTHPkuRbqxxCIonEZubSO1nZU3wvbvfwkTtw+y7Ye6ajTEc7QmUQKtwn81qxHcbw5rWnWEpO0i3SG5Xab4JxvHSAoWPEmLiQ+eqQcQY=--h4+AiwgXsnjapqn1--NWJpV3kvUw/PH3HfNdipXw==

evaluationserver/config/environments/production.rb

@@ -88,4 +88,6 @@
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
+  config.require_master_key = true
+
 end

evaluationserver/config/initializers/example_credential.rb

@@ -9,4 +9,4 @@
 
 # Make sure your secret_key_base is kept private
 # if you're sharing your code publicly.
-EvalServer::Application.config.secret_key_base = '715eb86cac15abfacc1dc995e7cb88f562e0b8030608347d03d750bcefded2b6ad1e1b59076c53e7955452f2b7be6ceb84b9c5c6b579200459d88f4bb3784333'
+EvalServer::Application.config.secret_key_base = Rails.application.credentials.secret_key_base

evaluationserver/config/initializers/secret_token.rb

@@ -29,4 +29,4 @@ test:
 # and move the `production:` environment over there.
 
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  secret_key_base: <%= Rails.application.credentials.secret_key_base %>

evaluationserver/config/secrets.yml

@@ -1,6 +1,6 @@
 module BasicAuthHelper
   def login_as_admin
     user = 'admin'
-    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,ENV['ADMIN_PASSWORD'])
+    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(user,Rails.application.credentials.admin_password)
   end  
 end