Password protect the staging site

Description

Hide the staging site behind a basic password.

We can add the Lockup gem only for the staging environment, and place the password into secrets.yml + config.yml.

How to test:

  • Visit any staging links and enter the password, expect to be redirected to where you were heading.

  • Check that the password is not case-sensitive.

  • Visit any staging links with ?lockup_codeword=secret, expect to bypass the password prompt.

Activity

Show:
Lady Oscar
December 20, 2019, 4:15 AM

Tried https://test.archiveofourown.org/works/9?lockup_codeword=secret with FF 71 / Mac and was sent properly to the work page

(Also worked properly with Chrome and Safari on Mac)

Sarken
January 9, 2020, 12:35 AM

Reverting and will give it another go when we get our real staging site back up.

redsummernight 00:31
I think this form itself is getting cached https://test.archiveofourown.org/lockup/unlock

redsummernight 00:32
we probably need to exclude it from caching, same way we exclude /login and /token_dispenser.json

james_ 02:04
Done and cache flushed

james_02:04
it redirected me to unicorn_write of course

redsummernight 17 days ago
this needs an nginx fix, because https://test.archiveofourown.org/works/9?lockup_codeword=secret will redirect you to http://unicorn_story/lockup/unlock?lockup_codeword=secret&return_to=%2Fworks%2F9

james_ 17 days ago
I can't easily fix that
Also sent to the channel

sarken 15 days ago
Even on URLs without Lockup parameters, it's redirecting to unicorn_story. Like I clicked on link on testy's works page and it took me to http://unicorn_story/works/112/chapters/178

Sarken
January 11, 2020, 10:07 PM
Edited

We don’t think Lockup caused the unicorn_write/unicorn_story issues after all – they’re continuing to happen – but we’re still going to wait to give it another try until we have real staging back.

Sarken
January 13, 2020, 2:28 AM

james_ figured out the unicorn_write/unicorn_story issue after all, so this is back on staging!

james_ 06:19

I have not got it to play up in a couple of minutes

mumble 13:50

i just logged into staging without getting a unicorn page

i also just edited a work, created a bookmark, and created a new tag, all without a unicorn

i'm gonna put in the minutes that this is fixed <.<

redsummernight
January 16, 2020, 2:29 AM

Retested on Firefox 71 / Windows. Mostly works. I no longer run into invalid unicorn_write/unicorn_story URLs when browsing/posting. The GET parameter ?lockup_codeword=secret still doesn't work for me, but it's not a big deal as long as the form works and remembers me (which it does).

Looks good enough.

DeployedToBeta

Assignee

Sarken

Reporter

redsummernight

Roadmap

Misc

Priority

Medium

Affects versions

Fix versions

Components

BackEnd

Difficulty

Medium

Milestone

Internal 0.9
Configure