From 498a34171783f6e86bd3f4eb888b6576880e8825 Mon Sep 17 00:00:00 2001
From: tim-s-ccs <timothy.south@crowncommercial.gov.uk>
Date: Mon, 16 Oct 2023 11:48:51 +0100
Subject: [PATCH] Make an update to allow us to continue to use ngrok with
 keycloak

Update the schema to be accurate
---
 README.md                          | 17 +++++++++++------
 config/environments/development.rb |  4 ++++
 config/environments/production.rb  |  2 +-
 config/locales/en.yml              |  2 +-
 db/schema.rb                       | 19 +++++++++----------
 5 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index 0e178f7c..3bcf1254 100644
--- a/README.md
+++ b/README.md
@@ -114,6 +114,12 @@ Forwarding                    https://5ed36d69a2e7.ngrok.io -> http://localhost:
 ```
 The final URL displayed is the one you should use to run the application, in this case https://5ed36d69a2e7.ngrok.io.
 
+You will need to add the host that `ngrok` gives you to the `ALLOWED_HOST_DOMAINS` environment variable.
+This is because of a change in rails 7 which, for security reasons, requires us to allow list our application hosts.
+Using this example the following environment variable would be added to the `.env.local` file:
+```
+ALLOWED_HOST_DOMAINS=5ed36d69a2e7.ngrok.io
+```
 
 ### Setting up Keycloak
 Now that the application is running on a HTTPS connection you can set up the Keycloak environment. if you go to `http://localhost:8080/` you should be presented with the ‘Welcome to Keycloak’ page. Navigate to the ‘Administration console’ and log in using the username ‘admin’ and password ‘admin’.
@@ -129,12 +135,11 @@ The first thing you need to do is create a new ‘realm’ which can be done by
 
 
 Once you have saved this you will need to add mappers. These are the three mappers you need to create:
-| Name                      |     First Name     |      Last Name     |       Organisation       |
-|:-------------------------:|:------------------:|:------------------:|:------------------------:|
-| **Sync Mode Override**    | inherit            | inherit            | import                   |
-| **Mapper Type**           | Attribute Importer | Attribute Importer | Attribute Importer       |
-| **Claim**                 | name               | family_name        | custom:organisation_name |
-| **User Attribute Name**   | firstName          | lastName           | organisation_name        |
+| Name          | Sync Mode Override  | Mapper Type         | Claim                     | User Attribute Name |
+|:-------------:|:-------------------:|:-------------------:|:-------------------------:|:-------------------:|
+| First Name    | inherit             | Attribute Importer  | name                      | firstName           |
+| Last Name     | inherit             | Attribute Importer  | family_name               | lastName            |
+| Organisation  | import              | Attribute Importer  | custom:organisation_name  | organisation_name   |
 
 Once you have done this your Keycloak setup should be complete.
 
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 5cb511bd..1058eebf 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -64,4 +64,8 @@
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
+
+  ENV.fetch('ALLOWED_HOST_DOMAINS', '').split(',').each do |application_domain|
+    config.hosts << application_domain
+  end
 end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index bf8e2d63..907894da 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -83,7 +83,7 @@
     'X-Content-Type-Options' => 'nosniff'
   }
 
-  ENV.fetch('ALLOWED_HOST_DOMAINS', []).split(',').each do |application_domain|
+  ENV.fetch('ALLOWED_HOST_DOMAINS', '').split(',').each do |application_domain|
     config.hosts << application_domain
   end
 end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 4afd91a0..01d2921e 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -165,7 +165,7 @@ en:
         heading: You must use a public sector email address
         lead_html: You must be employed by, or represent, a public sector organisation to create a <abbr title="Crown Commercial Service">CCS</abbr> account.
         line_01: The email you used doesn't belong to a recognised public sector domain.
-        line_02_html: Create an account using a different email address or email <a href="mailto:info@crowncommercial.gov.uk">info@crowncommercial.gov.uk</a> if
+        line_02_html: Create an account using a different email address or email <a href="mailto:info@crowncommercial.gov.uk" class="govuk-link">info@crowncommercial.gov.uk</a> if
         list_01: you think your domain should be recognised
         list_02: you still can't create an account
       new:
diff --git a/db/schema.rb b/db/schema.rb
index 3cafe155..bb665b4e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,8 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[6.1].define(version: 2022_05_03_113745) do
-
+ActiveRecord::Schema[7.0].define(version: 2022_05_03_113745) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "pgcrypto"
   enable_extension "plpgsql"
@@ -20,18 +19,18 @@
   create_table "allowed_email_domains", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "url"
     t.boolean "active", default: false
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
   end
 
   create_table "arask_jobs", force: :cascade do |t|
     t.string "job"
-    t.datetime "execute_at"
+    t.datetime "execute_at", precision: nil
     t.string "interval"
     t.index ["execute_at"], name: "index_arask_jobs_on_execute_at"
   end
 
-  create_table "client_calls", id: :uuid, default: nil, force: :cascade do |t|
+  create_table "client_calls", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "access_token"
     t.string "refresh_token"
     t.string "id_token"
@@ -40,15 +39,15 @@
     t.string "sub"
     t.string "client_id"
     t.text "nonce"
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
   end
 
   create_table "organisations", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t|
     t.string "organisation_name"
     t.boolean "active", default: false
-    t.datetime "created_at", precision: 6, null: false
-    t.datetime "updated_at", precision: 6, null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.integer "urn"
     t.text "summary_line"
     t.index ["summary_line"], name: "index_organisations_on_summary_line"