From 6e304958be1c42974c55993c3359dc052603319d Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Tue, 18 Nov 2025 14:32:54 +0100 Subject: [PATCH] No need to protect local dev/test --- app/controllers/sessions_controller.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1c5fa524c..36d30d6fe 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,8 +1,12 @@ class SessionsController < ApplicationController # FIXME: Remove this before launch! - SIGNUP_USERNAME = Rails.env.local? ? "testname" : Rails.application.credentials.account_signup_http_basic_auth.name - SIGNUP_PASSWORD = Rails.env.local? ? "testpassword" : Rails.application.credentials.account_signup_http_basic_auth.password - http_basic_authenticate_with name: SIGNUP_USERNAME, password: SIGNUP_PASSWORD, realm: "Fizzy Signup", only: :create, unless: -> { Identity.exists?(email_address: email_address) } + if Rails.env.remote? + http_basic_authenticate_with \ + name: Rails.application.credentials.account_signup_http_basic_auth.name, + password: Rails.application.credentials.account_signup_http_basic_auth.password, + realm: "Fizzy Signup", + only: :create, unless: -> { Identity.exists?(email_address: email_address) } + end disallow_account_scope require_unauthenticated_access except: :destroy