No need to protect local dev/test

This commit is contained in:
David Heinemeier Hansson
2025-11-18 14:32:54 +01:00
parent 2661c7ba63
commit 6e304958be
+7 -3
View File
@@ -1,8 +1,12 @@
class SessionsController < ApplicationController
# FIXME: Remove this before launch!
SIGNUP_USERNAME = Rails.env.local? ? "testname" : Rails.application.credentials.account_signup_http_basic_auth.name
SIGNUP_PASSWORD = Rails.env.local? ? "testpassword" : Rails.application.credentials.account_signup_http_basic_auth.password
http_basic_authenticate_with name: SIGNUP_USERNAME, password: SIGNUP_PASSWORD, realm: "Fizzy Signup", only: :create, unless: -> { Identity.exists?(email_address: email_address) }
if Rails.env.remote?
http_basic_authenticate_with \
name: Rails.application.credentials.account_signup_http_basic_auth.name,
password: Rails.application.credentials.account_signup_http_basic_auth.password,
realm: "Fizzy Signup",
only: :create, unless: -> { Identity.exists?(email_address: email_address) }
end
disallow_account_scope
require_unauthenticated_access except: :destroy