diff --git a/README.md b/README.md
index 0e178f7c..3bcf1254 100644
--- a/README.md
+++ b/README.md
@@ -114,6 +114,12 @@ Forwarding https://5ed36d69a2e7.ngrok.io -> http://localhost:
```
The final URL displayed is the one you should use to run the application, in this case https://5ed36d69a2e7.ngrok.io.
+You will need to add the host that `ngrok` gives you to the `ALLOWED_HOST_DOMAINS` environment variable.
+This is because of a change in rails 7 which, for security reasons, requires us to allow list our application hosts.
+Using this example the following environment variable would be added to the `.env.local` file:
+```
+ALLOWED_HOST_DOMAINS=5ed36d69a2e7.ngrok.io
+```
### Setting up Keycloak
Now that the application is running on a HTTPS connection you can set up the Keycloak environment. if you go to `http://localhost:8080/` you should be presented with the ‘Welcome to Keycloak’ page. Navigate to the ‘Administration console’ and log in using the username ‘admin’ and password ‘admin’.
@@ -129,12 +135,11 @@ The first thing you need to do is create a new ‘realm’ which can be done by
Once you have saved this you will need to add mappers. These are the three mappers you need to create:
-| Name | First Name | Last Name | Organisation |
-|:-------------------------:|:------------------:|:------------------:|:------------------------:|
-| **Sync Mode Override** | inherit | inherit | import |
-| **Mapper Type** | Attribute Importer | Attribute Importer | Attribute Importer |
-| **Claim** | name | family_name | custom:organisation_name |
-| **User Attribute Name** | firstName | lastName | organisation_name |
+| Name | Sync Mode Override | Mapper Type | Claim | User Attribute Name |
+|:-------------:|:-------------------:|:-------------------:|:-------------------------:|:-------------------:|
+| First Name | inherit | Attribute Importer | name | firstName |
+| Last Name | inherit | Attribute Importer | family_name | lastName |
+| Organisation | import | Attribute Importer | custom:organisation_name | organisation_name |
Once you have done this your Keycloak setup should be complete.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 5cb511bd..1058eebf 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -64,4 +64,8 @@
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
+
+ ENV.fetch('ALLOWED_HOST_DOMAINS', '').split(',').each do |application_domain|
+ config.hosts << application_domain
+ end
end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index bf8e2d63..907894da 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -83,7 +83,7 @@
'X-Content-Type-Options' => 'nosniff'
}
- ENV.fetch('ALLOWED_HOST_DOMAINS', []).split(',').each do |application_domain|
+ ENV.fetch('ALLOWED_HOST_DOMAINS', '').split(',').each do |application_domain|
config.hosts << application_domain
end
end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4afd91a0..01d2921e 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -165,7 +165,7 @@ en:
heading: You must use a public sector email address
lead_html: You must be employed by, or represent, a public sector organisation to create a CCS account.
line_01: The email you used doesn't belong to a recognised public sector domain.
- line_02_html: Create an account using a different email address or email info@crowncommercial.gov.uk if
+ line_02_html: Create an account using a different email address or email info@crowncommercial.gov.uk if
list_01: you think your domain should be recognised
list_02: you still can't create an account
new:
diff --git a/db/schema.rb b/db/schema.rb
index 3cafe155..bb665b4e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,8 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[6.1].define(version: 2022_05_03_113745) do
-
+ActiveRecord::Schema[7.0].define(version: 2022_05_03_113745) do
# These are extensions that must be enabled in order to support this database
enable_extension "pgcrypto"
enable_extension "plpgsql"
@@ -20,18 +19,18 @@
create_table "allowed_email_domains", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
t.string "url"
t.boolean "active", default: false
- t.datetime "created_at", precision: 6, null: false
- t.datetime "updated_at", precision: 6, null: false
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
end
create_table "arask_jobs", force: :cascade do |t|
t.string "job"
- t.datetime "execute_at"
+ t.datetime "execute_at", precision: nil
t.string "interval"
t.index ["execute_at"], name: "index_arask_jobs_on_execute_at"
end
- create_table "client_calls", id: :uuid, default: nil, force: :cascade do |t|
+ create_table "client_calls", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
t.string "access_token"
t.string "refresh_token"
t.string "id_token"
@@ -40,15 +39,15 @@
t.string "sub"
t.string "client_id"
t.text "nonce"
- t.datetime "created_at", precision: 6, null: false
- t.datetime "updated_at", precision: 6, null: false
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
end
create_table "organisations", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
t.string "organisation_name"
t.boolean "active", default: false
- t.datetime "created_at", precision: 6, null: false
- t.datetime "updated_at", precision: 6, null: false
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
t.integer "urn"
t.text "summary_line"
t.index ["summary_line"], name: "index_organisations_on_summary_line"