diff --git a/.envrc b/.envrc
new file mode 100644
index 00000000..3ea56295
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,29 @@
+# vim: et:ts=2:sw=2:tw=0:wm=0:fdm=marker:ft=bash
+
+strict_env
+
+PATH_add "./bin"
+PATH_add "./scripts"
+
+[[ ! -f .dev.env ]] && echo -e "\nIt seems you don't have a dev.env file locally. We need this to run.\n"
+
+case "${STLU_ENV:-dev}" in
+ dev*)
+ echo "Loading .dev.env"
+ dotenv_if_exists "./.dev.env"
+ ;;
+ int*)
+ echo "Loading .int.env"
+ dotenv_if_exists "./.int.env"
+ ;;
+ prod*)
+ echo "Loading .prod.env"
+ dotenv_if_exists "./.prod.env"
+ ;;
+esac
+
+# Add your local changes into the .envrc.local, which is a full blown .envrc file
+# You can find the available commands here: https://direnv.net/man/direnv-stdlib.1.html
+echo "Loading .envrc.local"
+dotenv_if_exists "./.envrc.local"
+
diff --git a/.envrc.txt b/.envrc.txt
new file mode 100644
index 00000000..d271c7bc
--- /dev/null
+++ b/.envrc.txt
@@ -0,0 +1,5 @@
+# vim: et:ts=2:sw=2:tw=0:wm=0:fdm=marker:ft=bash
+
+export RAILS_ALLOWED_HOSTS="test.dialogluzern.local,dialogluzern.local,test.deinklima.local,deinklima.local,test.impulskoeniz.local,impulskoeniz.local"
+export CUSTOMIZATION_OUTPUT=false
+export RAILS_ENV=development
diff --git a/.gitignore b/.gitignore
index 864691c2..6ddd19b7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -48,11 +48,13 @@ public/uploads
# Ignore local gems
/vendor/bundle/
-# Ignore .envrc
-.envrc
+# Ignore .envrc.local
+.envrc.local
# Ignore local environment variables file
/.env.local
+/*.env
+!/dev.env
# Ignore editor specific files
*.code-workspace
@@ -67,4 +69,4 @@ yarn-debug.log*
.bash_history
.viminfo
.local
-.npm
\ No newline at end of file
+.npm
diff --git a/config/initializers/decidim.rb b/config/initializers/decidim.rb
index 4ae58ba1..37068c63 100644
--- a/config/initializers/decidim.rb
+++ b/config/initializers/decidim.rb
@@ -5,13 +5,115 @@
Decidim.register_assets_path File.expand_path('app/packs', Rails.application.root)
end
-Decidim.configure do |config| # rubocop:disable Metric/BlockLength
- config.application_name = 'DecidimZuerich'
+Decidim.configure do |config|
+ # The name of the application
+ config.application_name = Rails.application.secrets.decidim[:application_name]
- # Change these lines to set your preferred locales
- config.default_locale = :de
- config.available_locales = %i[en de fr it]
+ # The email that will be used as sender in all emails from Decidim
+ config.mailer_sender = Rails.application.secrets.decidim[:mailer_sender]
+ # Sets the list of available locales for the whole application.
+ #
+ # When an organization is created through the System area, system admins will
+ # be able to choose the available languages for that organization. That list
+ # of languages will be equal or a subset of the list in this file.
+ config.available_locales = Rails.application.secrets.decidim[:available_locales].presence || [:en]
+ # Or block set it up manually and prevent ENV manipulation:
+ # config.available_locales = %w(en ca es)
+
+ # Sets the default locale for new organizations. When creating a new
+ # organization from the System area, system admins will be able to overwrite
+ # this value for that specific organization.
+ config.default_locale = Rails.application.secrets.decidim[:default_locale].presence || :en
+
+ # Restrict access to the system part with an authorized ip list.
+ # You can use a single ip like ("1.2.3.4"), or an ip subnet like ("1.2.3.4/24")
+ # You may specify multiple ip in an array ["1.2.3.4", "1.2.3.4/24"]
+ config.system_accesslist_ips = Rails.application.secrets.decidim[:system_accesslist_ips] if Rails.application.secrets.decidim[:system_accesslist_ips].present?
+
+ # Defines a list of custom content processors. They are used to parse and
+ # render specific tags inside some user-provided content. Check the docs for
+ # more info.
+ # config.content_processors = []
+
+ # Whether SSL should be enabled or not.
+ # if this var is not defined, it is decided automatically per-rails-environment
+ config.force_ssl = Rails.application.secrets.decidim[:force_ssl].present? unless Rails.application.secrets.decidim[:force_ssl] == "auto"
+ # or set it up manually and prevent any ENV manipulation:
+ # config.force_ssl = true
+
+ # Enable the service worker. By default is disabled in development and enabled in the rest of environments
+ config.service_worker_enabled = Rails.application.secrets.decidim[:service_worker_enabled].present?
+
+ # Map and Geocoder configuration
+ #
+ # See Decidim docs at https://docs.decidim.org/en/develop/services/maps.html
+ # for more information about how it works and how to set it up.
+ #
+ # == HERE Maps ==
+ # config.maps = {
+ # provider: :here,
+ # api_key: Rails.application.secrets.maps[:api_key],
+ # static: { url: "https://image.maps.ls.hereapi.com/mia/1.6/mapview" }
+ # }
+ #
+ # == OpenStreetMap (OSM) services ==
+ # To use the OSM map service providers, you will need a service provider for
+ # the following map servers or host all of them yourself:
+ # - A tile server for the dynamic maps
+ # (https://wiki.openstreetmap.org/wiki/Tile_servers)
+ # - A Nominatim geocoding server for the geocoding functionality
+ # (https://wiki.openstreetmap.org/wiki/Nominatim)
+ # - A static map server for static map images
+ # (https://github.com/jperelli/osm-static-maps)
+ #
+ # When used, please read carefully the terms of service for your service
+ # provider.
+ #
+ # config.maps = {
+ # provider: :osm,
+ # api_key: Rails.application.secrets.maps[:api_key],
+ # dynamic: {
+ # tile_layer: {
+ # url: "https://tiles.example.org/{z}/{x}/{y}.png?key={apiKey}&{foo}",
+ # api_key: true,
+ # foo: "bar=baz",
+ # attribution: %(
+ # © OpenStreetMap contributors
+ # ).strip
+ # # Translatable attribution:
+ # # attribution: -> { I18n.t("tile_layer_attribution") }
+ # }
+ # },
+ # static: { url: "https://staticmap.example.org/" },
+ # geocoding: { host: "nominatim.example.org", use_https: true }
+ # }
+ #
+ # == Combination (OpenStreetMap default + HERE Maps dynamic map tiles) ==
+ # config.maps = {
+ # provider: :osm,
+ # api_key: Rails.application.secrets.maps[:api_key],
+ # dynamic: {
+ # provider: :here,
+ # api_key: Rails.application.secrets.maps[:here_api_key]
+ # },
+ # static: { url: "https://staticmap.example.org/" },
+ # geocoding: { host: "nominatim.example.org", use_https: true }
+ # }
+
+ # Geocoder configurations if you want to customize the default geocoding
+ # settings. The maps configuration will manage which geocoding service to use,
+ # so that does not need any additional configuration here. Use this only for
+ # the global geocoder preferences.
+ # config.geocoder = {
+ # # geocoding service request timeout, in seconds (default 3):
+ # timeout: 5,
+ # # set default units to kilometers:
+ # units: :km,
+ # # caching (see https://github.com/alexreisner/geocoder#caching for details):
+ # cache: Redis.new,
+ # cache_prefix: "..."
+ # }
config.maps = {
provider: :osm,
api_key: false, # Rails.application.secrets.maps[:api_key],
@@ -33,25 +135,66 @@
}
}
- # Geocoder configuration
config.geocoder = {
static_map_url: 'https://image.maps.cit.api.here.com/mia/1.6/mapview'
}
- # Custom resource reference generator method
+ if Rails.application.secrets.maps.present? && Rails.application.secrets.maps[:static_provider].present?
+ static_provider = Rails.application.secrets.maps[:static_provider]
+ dynamic_provider = Rails.application.secrets.maps[:dynamic_provider]
+ dynamic_url = Rails.application.secrets.maps[:dynamic_url]
+ static_url = Rails.application.secrets.maps[:static_url]
+ static_url = "https://image.maps.ls.hereapi.com/mia/1.6/mapview" if static_provider == "here" && static_url.blank?
+ config.maps = {
+ provider: static_provider,
+ api_key: Rails.application.secrets.maps[:static_api_key],
+ static: { url: static_url },
+ dynamic: {
+ provider: dynamic_provider,
+ api_key: Rails.application.secrets.maps[:dynamic_api_key]
+ }
+ }
+ config.maps[:geocoding] = { host: Rails.application.secrets.maps[:geocoding_host], use_https: true } if Rails.application.secrets.maps[:geocoding_host]
+ config.maps[:dynamic][:tile_layer] = {}
+ config.maps[:dynamic][:tile_layer][:url] = dynamic_url if dynamic_url
+ config.maps[:dynamic][:tile_layer][:attribution] = Rails.application.secrets.maps[:attribution] if Rails.application.secrets.maps[:attribution]
+ if Rails.application.secrets.maps[:extra_vars].present?
+ vars = URI.decode_www_form(Rails.application.secrets.maps[:extra_vars])
+ vars.each do |key, value|
+ # perform a naive type conversion
+ config.maps[:dynamic][:tile_layer][key] = case value
+ when /^true$|^false$/i
+ value.downcase == "true"
+ when /\A[-+]?\d+\z/
+ value.to_i
+ else
+ value
+ end
+ end
+ end
+ end
+
+ # Custom resource reference generator method. Check the docs for more info.
# config.reference_generator = lambda do |resource, component|
# # Implement your custom method to generate resources references
# "1234-#{resource.id}"
# end
# Currency unit
- config.currency_unit = 'CHF'
+ config.currency_unit = Rails.application.secrets.decidim[:currency_unit] if Rails.application.secrets.decidim[:currency_unit].present?
+
+ # Workaround to enable SVG assets cors
+ config.cors_enabled = Rails.application.secrets.decidim[:cors_enabled].present?
- # Disable the default redirect to https, since we use nginx for ssl termination
- # config.force_ssl = false
+ # Defines the quality of image uploads after processing. Image uploads are
+ # processed by Decidim, this value helps reduce the size of the files.
+ config.image_uploader_quality = Rails.application.secrets.decidim[:image_uploader_quality].to_i
- # The number of reports which an object can receive before hiding it
- # config.max_reports_before_hiding = 3
+ config.maximum_attachment_size = Rails.application.secrets.decidim[:maximum_attachment_size].to_i.megabytes
+ config.maximum_avatar_size = Rails.application.secrets.decidim[:maximum_avatar_size].to_i.megabytes
+
+ # The number of reports which a resource can receive before hiding it
+ config.max_reports_before_hiding = Rails.application.secrets.decidim[:max_reports_before_hiding].to_i
# Custom HTML Header snippets
#
@@ -66,7 +209,30 @@
# that an organization's administrator injects malicious scripts to spy on or
# take over user accounts.
#
- config.enable_html_header_snippets = true
+ config.enable_html_header_snippets = Rails.application.secrets.decidim[:enable_html_header_snippets].present?
+
+ # Allow organizations admins to track newsletter links.
+ config.track_newsletter_links = Rails.application.secrets.decidim[:track_newsletter_links].present? unless Rails.application.secrets.decidim[:track_newsletter_links] == "auto"
+
+ # Amount of time that the download your data files will be available in the server.
+ config.download_your_data_expiry_time = Rails.application.secrets.decidim[:download_your_data_expiry_time].to_i.days
+
+ # Max requests in a time period to prevent DoS attacks. Only applied on production.
+ config.throttling_max_requests = Rails.application.secrets.decidim[:throttling_max_requests].to_i
+
+ # Time window in which the throttling is applied.
+ config.throttling_period = Rails.application.secrets.decidim[:throttling_period].to_i.minutes
+
+ # Time window were users can access the website even if their email is not confirmed.
+ config.unconfirmed_access_for = Rails.application.secrets.decidim[:unconfirmed_access_for].to_i.days
+
+ # A base path for the uploads. If set, make sure it ends in a slash.
+ # Uploads will be set to `/uploads/`. This can be useful if you
+ # want to use the same uploads place for both staging and production
+ # environments, but in different folders.
+ #
+ # If not set, it will be ignored.
+ config.base_uploads_path = Rails.application.secrets.decidim[:base_uploads_path] if Rails.application.secrets.decidim[:base_uploads_path].present?
# SMS gateway configuration
#
@@ -89,6 +255,7 @@
# end
# end
#
+ # config.sms_gateway_service = "MySMSGatewayService"
config.sms_gateway_service = 'DecidimZuerich::Verifications::Sms::AspsmsGateway'
# Timestamp service configuration
@@ -113,6 +280,7 @@
# end
# end
#
+ #
# config.timestamp_service = "MyTimestampService"
# PDF signature service configuration
@@ -141,26 +309,215 @@
# Etherpad configuration
#
# Only needed if you want to have Etherpad integration with Decidim. See
- # Decidim docs at docs/services/etherpad.md in order to set it up.
+ # Decidim docs at https://docs.decidim.org/en/services/etherpad/ in order to set it up.
#
- # config.etherpad = {
- # server: Rails.application.secrets.etherpad[:server],
- # api_key: Rails.application.secrets.etherpad[:api_key],
- # api_version: Rails.application.secrets.etherpad[:api_version]
- # }
+ if Rails.application.secrets.etherpad.present? && Rails.application.secrets.etherpad[:server].present?
+ config.etherpad = {
+ server: Rails.application.secrets.etherpad[:server],
+ api_key: Rails.application.secrets.etherpad[:api_key],
+ api_version: Rails.application.secrets.etherpad[:api_version]
+ }
+ end
+
+ # Sets Decidim::Exporters::CSV's default column separator
+ config.default_csv_col_sep = Rails.application.secrets.decidim[:default_csv_col_sep] if Rails.application.secrets.decidim[:default_csv_col_sep].present?
+
+ # The list of roles a user can have, not considering the space-specific roles.
+ # config.user_roles = %w(admin user_manager)
+
+ # The list of visibility options for amendments. An Array of Strings that
+ # serve both as locale keys and values to construct the input collection in
+ # Decidim::Amendment::VisibilityStepSetting::options.
+ #
+ # This collection is used in Decidim::Admin::SettingsHelper to generate a
+ # radio buttons collection input field form for a Decidim::Component
+ # step setting :amendments_visibility.
+ # config.amendments_visibility_options = %w(all participants)
# Machine Translation Configuration
#
+ # See Decidim docs at https://docs.decidim.org/en/develop/machine_translations/
+ # for more information about how it works and how to set it up.
+ #
# Enable machine translations
config.enable_machine_translations = true
- config.machine_translation_service = 'DecidimZuerich::MicrosoftTranslator'
+
config.machine_translation_delay = 0.seconds
- config.after_initialize do
- Decidim::Api::Schema.max_complexity = 5000
- Decidim::Api::Schema.max_depth = 50
+ #
+ # If you want to enable machine translation you can create your own service
+ # to interact with third party service to translate the user content.
+ #
+ # If you still want to use "Decidim::Dev::DummyTranslator" as translator placeholder,
+ # add the follwing line at the beginning of this file:
+ # require "decidim/dev/dummy_translator"
+ #
+ # An example class would be something like:
+ #
+ # class MyTranslationService
+ # attr_reader :text, :original_locale, :target_locale
+ #
+ # def initialize(text, original_locale, target_locale)
+ # @text = text
+ # @original_locale = original_locale
+ # @target_locale = target_locale
+ # end
+ #
+ # def translate
+ # # Actual code to translate the text
+ # end
+ # end
+ #
+ # config.machine_translation_service = "MyTranslationService"
+ config.machine_translation_service = 'DecidimZuerich::MicrosoftTranslator'
+
+ # Defines the name of the cookie used to check if the user allows Decidim to
+ # set cookies.
+ config.consent_cookie_name = Rails.application.secrets.decidim[:consent_cookie_name] if Rails.application.secrets.decidim[:consent_cookie_name].present?
+
+ # Defines data consent categories and the data stored in each category.
+ # config.consent_categories = [
+ # {
+ # slug: "essential",
+ # mandatory: true,
+ # items: [
+ # {
+ # type: "cookie",
+ # name: "_session_id"
+ # },
+ # {
+ # type: "cookie",
+ # name: Decidim.consent_cookie_name
+ # }
+ # ]
+ # },
+ # {
+ # slug: "preferences",
+ # mandatory: false
+ # },
+ # {
+ # slug: "analytics",
+ # mandatory: false
+ # },
+ # {
+ # slug: "marketing",
+ # mandatory: false
+ # }
+ # ]
+
+ # Admin admin password configurations
+ Rails.application.secrets.dig(:decidim, :admin_password, :strong).tap do |strong_pw|
+ # When the strong password is not configured, default to true
+ config.admin_password_strong = strong_pw.nil? ? true : strong_pw.present?
+ end
+ config.admin_password_expiration_days = Rails.application.secrets.dig(:decidim, :admin_password, :expiration_days).presence || 90
+ config.admin_password_min_length = Rails.application.secrets.dig(:decidim, :admin_password, :min_length).presence || 15
+ config.admin_password_repetition_times = Rails.application.secrets.dig(:decidim, :admin_password, :repetition_times).presence || 5
+
+ # Additional optional configurations (see decidim-core/lib/decidim/core.rb)
+ config.cache_key_separator = Rails.application.secrets.decidim[:cache_key_separator] if Rails.application.secrets.decidim[:cache_key_separator].present?
+ config.expire_session_after = Rails.application.secrets.decidim[:expire_session_after].to_i.minutes if Rails.application.secrets.decidim[:expire_session_after].present?
+ config.enable_remember_me = Rails.application.secrets.decidim[:enable_remember_me].present? unless Rails.application.secrets.decidim[:enable_remember_me] == "auto"
+ if Rails.application.secrets.decidim[:session_timeout_interval].present?
+ config.session_timeout_interval = Rails.application.secrets.decidim[:session_timeout_interval].to_i.seconds
+ end
+ config.follow_http_x_forwarded_host = Rails.application.secrets.decidim[:follow_http_x_forwarded_host].present?
+ config.maximum_conversation_message_length = Rails.application.secrets.decidim[:maximum_conversation_message_length].to_i
+ config.password_blacklist = Rails.application.secrets.decidim[:password_blacklist] if Rails.application.secrets.decidim[:password_blacklist].present?
+ config.allow_open_redirects = Rails.application.secrets.decidim[:allow_open_redirects] if Rails.application.secrets.decidim[:allow_open_redirects].present?
+end
+
+if Decidim.module_installed? :api
+ Decidim::Api.configure do |config|
+ config.schema_max_per_page = Rails.application.secrets.dig(:decidim, :api, :schema_max_per_page).presence || 50
+ config.schema_max_complexity = Rails.application.secrets.dig(:decidim, :api, :schema_max_complexity).presence || 5000
+ config.schema_max_depth = Rails.application.secrets.dig(:decidim, :api, :schema_max_depth).presence || 15
+ end
+end
+
+if Decidim.module_installed? :proposals
+ Decidim::Proposals.configure do |config|
+ config.similarity_threshold = Rails.application.secrets.dig(:decidim, :proposals, :similarity_threshold).presence || 0.25
+ config.similarity_limit = Rails.application.secrets.dig(:decidim, :proposals, :similarity_limit).presence || 10
+ config.participatory_space_highlighted_proposals_limit = Rails.application.secrets.dig(:decidim, :proposals, :participatory_space_highlighted_proposals_limit).presence || 4
+ config.process_group_highlighted_proposals_limit = Rails.application.secrets.dig(:decidim, :proposals, :process_group_highlighted_proposals_limit).presence || 3
+ end
+end
+
+if Decidim.module_installed? :meetings
+ Decidim::Meetings.configure do |config|
+ config.upcoming_meeting_notification = Rails.application.secrets.dig(:decidim, :meetings, :upcoming_meeting_notification).to_i.days
+ if Rails.application.secrets.dig(:decidim, :meetings, :embeddable_services).present?
+ config.embeddable_services = Rails.application.secrets.dig(:decidim, :meetings, :embeddable_services)
+ end
+ unless Rails.application.secrets.dig(:decidim, :meetings, :enable_proposal_linking) == "auto"
+ config.enable_proposal_linking = Rails.application.secrets.dig(:decidim, :meetings, :enable_proposal_linking).present?
+ end
+ end
+end
+
+if Decidim.module_installed? :budgets
+ Decidim::Budgets.configure do |config|
+ unless Rails.application.secrets.dig(:decidim, :budgets, :enable_proposal_linking) == "auto"
+ config.enable_proposal_linking = Rails.application.secrets.dig(:decidim, :budgets, :enable_proposal_linking).present?
+ end
+ end
+end
+
+if Decidim.module_installed? :accountability
+ Decidim::Accountability.configure do |config|
+ unless Rails.application.secrets.dig(:decidim, :accountability, :enable_proposal_linking) == "auto"
+ config.enable_proposal_linking = Rails.application.secrets.dig(:decidim, :accountability, :enable_proposal_linking).present?
+ end
+ end
+end
+
+if Decidim.module_installed? :consultations
+ Decidim::Consultations.configure do |config|
+ config.stats_cache_expiration_time = Rails.application.secrets.dig(:decidim, :consultations, :stats_cache_expiration_time).to_i.minutes
+ end
+end
+
+if Decidim.module_installed? :initiatives
+ Decidim::Initiatives.configure do |config|
+ unless Rails.application.secrets.dig(:decidim, :initiatives, :creation_enabled) == "auto"
+ config.creation_enabled = Rails.application.secrets.dig(:decidim, :initiatives, :creation_enabled).present?
+ end
+ config.similarity_threshold = Rails.application.secrets.dig(:decidim, :initiatives, :similarity_threshold).presence || 0.25
+ config.similarity_limit = Rails.application.secrets.dig(:decidim, :initiatives, :similarity_limit).presence || 5
+ config.minimum_committee_members = Rails.application.secrets.dig(:decidim, :initiatives, :minimum_committee_members).presence || 2
+ config.default_signature_time_period_length = Rails.application.secrets.dig(:decidim, :initiatives, :default_signature_time_period_length).presence || 120
+ config.default_components = Rails.application.secrets.dig(:decidim, :initiatives, :default_components)
+ config.first_notification_percentage = Rails.application.secrets.dig(:decidim, :initiatives, :first_notification_percentage).presence || 33
+ config.second_notification_percentage = Rails.application.secrets.dig(:decidim, :initiatives, :second_notification_percentage).presence || 66
+ config.stats_cache_expiration_time = Rails.application.secrets.dig(:decidim, :initiatives, :stats_cache_expiration_time).to_i.minutes
+ config.max_time_in_validating_state = Rails.application.secrets.dig(:decidim, :initiatives, :max_time_in_validating_state).to_i.days
+ unless Rails.application.secrets.dig(:decidim, :initiatives, :print_enabled) == "auto"
+ config.print_enabled = Rails.application.secrets.dig(:decidim, :initiatives, :print_enabled).present?
+ end
+ config.do_not_require_authorization = Rails.application.secrets.dig(:decidim, :initiatives, :do_not_require_authorization).present?
+ end
+end
+
+if Decidim.module_installed? :elections
+ Decidim::Elections.configure do |config|
+ config.setup_minimum_hours_before_start = Rails.application.secrets.dig(:elections, :setup_minimum_hours_before_start).presence || 3
+ config.start_vote_maximum_hours_before_start = Rails.application.secrets.dig(:elections, :start_vote_maximum_hours_before_start).presence || 6
+ config.voter_token_expiration_minutes = Rails.application.secrets.dig(:elections, :voter_token_expiration_minutes).presence || 120
+ end
+
+ Decidim::Votings.configure do |config|
+ config.check_census_max_requests = Rails.application.secrets.dig(:elections, :votings, :check_census_max_requests).presence || 5
+ config.throttling_period = Rails.application.secrets.dig(:elections, :votings, :throttling_period).to_i.minutes
+ end
+
+ Decidim::Votings::Census.configure do |config|
+ config.census_access_codes_export_expiry_time = Rails.application.secrets.dig(:elections, :votings, :census, :access_codes_export_expiry_time).to_i.days
end
end
Rails.application.config.i18n.available_locales = Decidim.available_locales
Rails.application.config.i18n.default_locale = Decidim.default_locale
+
+# Inform Decidim about the assets folder
+Decidim.register_assets_path File.expand_path("app/packs", Rails.application.root)
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index e361b48c..502179ab 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -13,8 +13,6 @@
same_site: :lax
)
-Decidim.config.expire_session_after = 4.hours
-
def cache_reachable?
Rails.cache.stats.values.any?
end
diff --git a/config/secrets.old.yml b/config/secrets.old.yml
new file mode 100644
index 00000000..f1f5f827
--- /dev/null
+++ b/config/secrets.old.yml
@@ -0,0 +1,70 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rails secret` to generate a secure secret key.
+
+# Make sure the secrets in this file are kept private
+# if you're sharing your code publicly.
+
+default: &default
+ omniauth:
+ facebook:
+ # It must be a boolean. Remember ENV variables doesn't support booleans.
+ enabled: false
+ app_id: <%= ENV["OMNIAUTH_FACEBOOK_APP_ID"] %>
+ app_secret: <%= ENV["OMNIAUTH_FACEBOOK_APP_SECRET"] %>
+ twitter:
+ enabled: false
+ api_key: <%= ENV["OMNIAUTH_TWITTER_API_KEY"] %>
+ api_secret: <%= ENV["OMNIAUTH_TWITTER_API_SECRET"] %>
+ google_oauth2:
+ enabled: false
+ client_id: <%= ENV["OMNIAUTH_GOOGLE_CLIENT_ID"] %>
+ client_secret: <%= ENV["OMNIAUTH_GOOGLE_CLIENT_SECRET"] %>
+ oidc:
+ enabled: false
+ issuer: <%= ENV["MEIN_KONTO_ISSUER"] %>
+ client_id: <%= ENV["MEIN_KONTO_CLIENT_ID"] %>
+ client_secret: <%= ENV["MEIN_KONTO_CLIENT_SECRET"] %>
+ redirect_url: <%= ENV["MEIN_KONTO_REDIRECT_URL"] %>
+ translator:
+ endpoint_url: <%= ENV['TRANSLATOR_ENDPOINT_URL'] %>
+ secret_key: <%= ENV['TRANSLATOR_SECRET_KEY'] %>
+ etherpad:
+ server: <%= ENV["ETHERPAD_SERVER"] %>
+ api_key: <%= ENV["ETHERPAD_API_KEY"] %>
+ api_version: "1.2.1"
+ vapid:
+ enabled: false
+
+development:
+ <<: *default
+ secret_key_base: "a079b45f956a865554a9b320583d7dc7ceb61da285259731ad60ba4139cec8d57411b04dbdbe6003e10ac85d385e343c26d780e814feb4139eaee6953e9ea614"
+
+test:
+ <<: *default
+ secret_key_base: "a079b45f956a865554a9b320583d7dc7ceb61da285259731ad60ba4139cec8d57411b04dbdbe6003e10ac85d385e343c26d780e814feb4139eaee6953e9ea614"
+ omniauth:
+ facebook:
+ enabled: true
+ twitter:
+ enabled: true
+ google_oauth2:
+ enabled: true
+
+# Do not keep production secrets in the repository,
+# instead read values from the environment.
+production:
+ <<: *default
+ secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+ smtp_username: <%= ENV["SMTP_USERNAME"] %>
+ smtp_password: <%= ENV["SMTP_PASSWORD"] %>
+ smtp_address: <%= ENV["SMTP_ADDRESS"] %>
+ smtp_domain: <%= ENV["SMTP_DOMAIN"] %>
+ smtp_port: "587"
+ smtp_starttls_auto: true
+ smtp_authentication: "plain"
diff --git a/config/secrets.yml b/config/secrets.yml
index f1f5f827..3ed0bfb9 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -10,51 +10,185 @@
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
+decidim_default: &decidim_default
+ application_name: <%= Decidim::Env.new("DECIDIM_APPLICATION_NAME", "My Application Name").to_json %>
+ mailer_sender: <%= Decidim::Env.new("DECIDIM_MAILER_SENDER", "change-me@example.org").to_s %>
+ available_locales: <%= Decidim::Env.new("DECIDIM_AVAILABLE_LOCALES", "ca,cs,de,en,es,eu,fi,fr,it,ja,nl,pl,pt,ro").to_array.to_json %>
+ default_locale: <%= Decidim::Env.new("DECIDIM_DEFAULT_LOCALE", "en").to_s %>
+ force_ssl: <%= Decidim::Env.new("DECIDIM_FORCE_SSL", "auto").default_or_present_if_exists.to_s %>
+ enable_html_header_snippets: <%= Decidim::Env.new("DECIDIM_ENABLE_HTML_HEADER_SNIPPETS").to_boolean_string %>
+ currency_unit: <%= Decidim::Env.new("DECIDIM_CURRENCY_UNIT", "€").to_s %>
+ cors_enabled: <%= Decidim::Env.new("DECIDIM_CORS_ENABLED").to_boolean_string %>
+ image_uploader_quality: <%= Decidim::Env.new("DECIDIM_IMAGE_UPLOADER_QUALITY", "80").to_i %>
+ maximum_attachment_size: <%= Decidim::Env.new("DECIDIM_MAXIMUM_ATTACHMENT_SIZE", "10").to_i %>
+ maximum_avatar_size: <%= Decidim::Env.new("DECIDIM_MAXIMUM_AVATAR_SIZE", "5").to_i %>
+ max_reports_before_hiding: <%= Decidim::Env.new("DECIDIM_MAX_REPORTS_BEFORE_HIDING", "3").to_i %>
+ track_newsletter_links: <%= Decidim::Env.new("DECIDIM_TRACK_NEWSLETTER_LINKS", "auto").default_or_present_if_exists.to_s %>
+ download_your_data_expiry_time: <%= Decidim::Env.new("DECIDIM_DOWNLOAD_YOUR_DATA_EXPIRY_TIME", "7").to_i %>
+ throttling_max_requests: <%= Decidim::Env.new("DECIDIM_THROTTLING_MAX_REQUESTS", "100").to_i %>
+ throttling_period: <%= Decidim::Env.new("DECIDIM_THROTTLING_PERIOD", "1").to_i %>
+ unconfirmed_access_for: <%= Decidim::Env.new("DECIDIM_UNCONFIRMED_ACCESS_FOR", "0").to_i %>
+ system_accesslist_ips: <%= Decidim::Env.new("DECIDIM_SYSTEM_ACCESSLIST_IPS").to_array.to_json %>
+ base_uploads_path: <%= Decidim::Env.new("DECIDIM_BASE_UPLOADS_PATH").to_json %>
+ default_csv_col_sep: <%= Decidim::Env.new("DECIDIM_DEFAULT_CSV_COL_SEP", ";").to_json %>
+ consent_cookie_name: <%= Decidim::Env.new("DECIDIM_CONSENT_COOKIE_NAME", "decidim-consent").to_json %>
+ cache_key_separator: <%= Decidim::Env.new("DECIDIM_CACHE_KEY_SEPARATOR", "/").to_json %>
+ expire_session_after: <%= Decidim::Env.new("DECIDIM_EXPIRE_SESSION_AFTER", "30").to_i %>
+ session_timeout_interval: <%= Decidim::Env.new("DECIDIM_SESSION_TIMEOUT_INTERVAL", "10").to_i %>
+ enable_remember_me: <%= Decidim::Env.new("DECIDIM_ENABLE_REMEMBER_ME", "auto").default_or_present_if_exists.to_s %>
+ follow_http_x_forwarded_host: <%= Decidim::Env.new("DECIDIM_FOLLOW_HTTP_X_FORWARDED_HOST").to_boolean_string %>
+ maximum_conversation_message_length: <%= Decidim::Env.new("DECIDIM_MAXIMUM_CONVERSATION_MESSAGE_LENGTH", "1000").to_i %>
+ password_blacklist: <%= Decidim::Env.new("DECIDIM_PASSWORD_BLACKLIST").to_array(separator: ", ").to_json %>
+ allow_open_redirects: <%= Decidim::Env.new("DECIDIM_ALLOW_OPEN_REDIRECTS").to_boolean_string %>
+ service_worker_enabled: <%= Decidim::Env.new("DECIDIM_SERVICE_WORKER_ENABLED", Rails.env.exclude?("development")).to_boolean_string %>
+ admin_password:
+ expiration_days: <%= Decidim::Env.new("DECIDIM_ADMIN_PASSWORD_EXPIRATION_DAYS", 90).to_i %>
+ min_length: <%= Decidim::Env.new("DECIDIM_ADMIN_PASSWORD_MIN_LENGTH", 15).to_i %>
+ repetition_times: <%= Decidim::Env.new("DECIDIM_ADMIN_PASSWORD_REPETITION_TIMES", 5).to_i %>
+ strong: <%= Decidim::Env.new("DECIDIM_ADMIN_PASSWORD_STRONG", true).to_boolean_string %>
+ api:
+ schema_max_per_page: <%= Decidim::Env.new("API_SCHEMA_MAX_PER_PAGE", 50).to_i %>
+ schema_max_complexity: <%= Decidim::Env.new("API_SCHEMA_MAX_COMPLEXITY", 5000).to_i %>
+ schema_max_depth: <%= Decidim::Env.new("API_SCHEMA_MAX_DEPTH", 15).to_i %>
+ proposals:
+ similarity_threshold: <%= Decidim::Env.new("PROPOSALS_SIMILARITY_THRESHOLD", 0.25).to_f %>
+ similarity_limit: <%= Decidim::Env.new("PROPOSALS_SIMILARITY_LIMIT", 10).to_i %>
+ participatory_space_highlighted_proposals_limit: <%= Decidim::Env.new("PROPOSALS_PARTICIPATORY_SPACE_HIGHLIGHTED_PROPOSALS_LIMIT", 4).to_i %>
+ process_group_highlighted_proposals_limit: <%= Decidim::Env.new("PROPOSALS_PROCESS_GROUP_HIGHLIGHTED_PROPOSALS_LIMIT", 3).to_i %>
+ meetings:
+ upcoming_meeting_notification: <%= Decidim::Env.new("MEETINGS_UPCOMING_MEETING_NOTIFICATION", 2).to_i %>
+ enable_proposal_linking: <%= Decidim::Env.new("MEETINGS_ENABLE_PROPOSAL_LINKING", "auto").default_or_present_if_exists.to_s %>
+ embeddable_services: <%= Decidim::Env.new("MEETINGS_EMBEDDABLE_SERVICES").to_array(separator: " ").to_json %>
+ budgets:
+ enable_proposal_linking: <%= Decidim::Env.new("BUDGETS_ENABLE_PROPOSAL_LINKING", "auto").default_or_present_if_exists.to_s %>
+ accountability:
+ enable_proposal_linking: <%= Decidim::Env.new("ACCOUNTABILITY_ENABLE_PROPOSAL_LINKING", "auto").default_or_present_if_exists.to_s %>
+ consultations:
+ stats_cache_expiration_time: <%= Decidim::Env.new("CONSULTATIONS_STATS_CACHE_EXPIRATION_TIME", 5).to_i %>
+ initiatives:
+ creation_enabled: <%= Decidim::Env.new("INITIATIVES_CREATION_ENABLED", "auto").default_or_present_if_exists.to_s %>
+ similarity_threshold: <%= Decidim::Env.new("INITIATIVES_SIMILARITY_THRESHOLD", 0.25).to_f %>
+ similarity_limit: <%= Decidim::Env.new("INITIATIVES_SIMILARITY_LIMIT", 5).to_i %>
+ minimum_committee_members: <%= Decidim::Env.new("INITIATIVES_MINIMUM_COMMITTEE_MEMBERS", 2).to_i %>
+ default_signature_time_period_length: <%= Decidim::Env.new("INITIATIVES_DEFAULT_SIGNATURE_TIME_PERIOD_LENGTH", 120).to_i %>
+ default_components: <%= Decidim::Env.new("INITIATIVES_DEFAULT_COMPONENTS", "pages, meetings").to_array.to_json %>
+ first_notification_percentage: <%= Decidim::Env.new("INITIATIVES_FIRST_NOTIFICATION_PERCENTAGE", 33).to_i %>
+ second_notification_percentage: <%= Decidim::Env.new("INITIATIVES_SECOND_NOTIFICATION_PERCENTAGE", 66).to_i %>
+ stats_cache_expiration_time: <%= Decidim::Env.new("INITIATIVES_STATS_CACHE_EXPIRATION_TIME", 5).to_i %>
+ max_time_in_validating_state: <%= Decidim::Env.new("INITIATIVES_MAX_TIME_IN_VALIDATING_STATE", 60).to_i %>
+ print_enabled: <%= Decidim::Env.new("INITIATIVES_PRINT_ENABLED", "auto").default_or_present_if_exists.to_s %>
+ do_not_require_authorization: <%= Decidim::Env.new("INITIATIVES_DO_NOT_REQUIRE_AUTHORIZATION").to_boolean_string %>
+ verifications:
+ document_types: <%= Decidim::Env.new("VERIFICATIONS_DOCUMENT_TYPES", "identification_number,passport").to_array %>
+
+elections_default: &elections_default
+ bulletin_board_server: <%= Decidim::Env.new("ELECTIONS_BULLETIN_BOARD_SERVER", 'http://bulletin-board.lvh.me:8000/api').to_s %>
+ bulletin_board_public_key: {"kty":"RSA","n":"zMXsZpYPKkDlSmezX898y7zNOaJ7ENIN4kj4UhQ95Vm4HlgTpIs2VMMsO0eqynMaOR_G1mXdqbpbaJtXijBe4V8323QwGm6WVAa71E7pDXa5g6-uo5f8GePitN0YER9y2yNQN4uTaNzJiWV2uLBUYfMdj3SIif31YwLULHAOj3B_oleFK8coE_Qr3NzATcYBmsqE8AR4NljxTO6KDmP1SLdf5GBOBhOAIFbnL_Kpj2xkm7MS3hjMVKpiRhqA1UgX5oKZ8ixBv46fNJF0pBsHi3fHNjK9oZzgdx_AI-YFpdE_40-8bh_g9sWzxacqOM2-MdQLHbvRPEVltO3E8tr6I5YWrylcP7l9VD8OJeqjq2qFYHnGYdmLoD2XuXmI9EuBvSb9H4-qcartxZSIQCimKib_fxZvgrG1FSRRhK6YpvIdGv4-G2zfCCRsC4XD80TYI2bf-oYCoy7eU3_eVHFMV2yg4p1Wnuw2Vgq0edPL_bKaV9JvGx7F-U5juxNN0WZR9LzbPl4ReejzN95lyHgbj0nTH_u3bSpZmgJrQF-PwdnPcG46deVjJgUeosrlC4lQxVrRz0GL58BuFunnz2uYDBDrcJCiG60EbdkAFHjOcXU4wrUWATin7je_aqdBXhSnkTafcJAMvL7Y2Ld7vDge8nLqjAVlAi5am3rN0kqKT6M","e":"AQAB","kid":"a8e86f02ca27e1861bfc49e2a9a4614ca9068f8efdb6d42d19d3aab0eb2a31be"}
+ authority_private_key: {"kty":"RSA","n":"pNgMt8lnPDD3TlWYGhRiV1oZkPQmnLdiUzwyb_-35qKD9k-HU86xo0uSgoOUWkBtnvFscq8zNDPAGAlZVokaN_z9ksZblSce0LEl8lJa3ICgghg7e8vg_7Lz5dyHSQ3PCLgenyFGcL401aglDde1Xo4ujdz33Lklc4U9zoyoLUI2_viYmNOU6n5Mn0sJd30FeICMrLD2gX46pGe3MGug6groT9EvpKcdOoJHKoO5yGSVaeY5-Bo3gngvlgjlS2mfwjCtF4NYwIQSd2al-p4BKnuYAVKRSgr8rYnnjhWfJ4GsCaqiyXNi5NPYRV6gl_cx_1jUcA1rRJqQR32I8c8QbAXm5qNO4URcdaKys9tNcVgXBL1FsSdbrLVVFWen1tfWNfHm-8BjiWCWD79-uk5gI0SjC9tWvTzVvswWXI5weNqqVXqpDydr46AsHE2sG40HRCR3UF3LupT-HwXTcYcOZr5dJClJIsU3Hrvy4wLssub69YSNR1Jxn-KX2vUc06xY8CNIuSMpfufEq5cZopL6O2l1pRsW1FQnF3s078_Y9MaQ1gPyBo0IipLBVUj5IjEIfPuiEk4jxkiUYDeqzf7bAvSFckp94yLkRWTs_pEZs7b_ogwRG6WMHjtcaNYe4CufhIm9ekkKDeAWOPRTHfKNmohRBh09XuvSjqrx5Z7rqb8","e":"AQAB","kid":"b8dba1459df956d60107690c34fa490db681eac4f73ffaf6e4055728c02ddc8e","d":"Uh3KIBe1VJez6pLbBUrYPlmE2N-3CGSWF46qNX62lq6ofB_b8xTJCuaPonJ3iYoE0aPEeVDrefq5m3-0wFXl-LQPgXlMj_1_7UgB9jeuSZ_N1WDK6P2EJPx5YS09O1gkpVxK7Mx_sZQe77wmUUH-eI7tg__qfUrB7E0Yn_cTpBATI2qlYaQsz6-A7e1MVvixq_ilmzVAZvuBrPp5mCZVb6FlXrV_PU9-UPIrD3O1La1lfO6SPBSbSGQkmGHwD2QbkHn9D_R_Vs-z_0TkM_dX71jIPQhrle3pN222KuJ8eQqwr9QP6biQMBuT5eKgr3MVtfUDRpp4sCEq9GIFwSd8LvbmGPrOoz8ueOEQ05nisIBQuOTYiWpYs2CEV062HR1bLFRLDUcSlflGNr0bgiXTUFx4wxRG06OaI-rQ6nG3M8TE0I0phMNCG3c7YyV28z_k2I65oQF9aKtiwFwc0YsUSGPTOFZGWHuCCPLm0lFeebpI_JIYqIv70NJxbSZEBY8DAIqZPqP6y_CRo2_C7piCgsjg9pnF8cp45vz4L6DWZ0Tumc_5aRuqIBkYXXwP9TjqhzxL-2SQHIqUAjj6Y6S35tZT6ekZSbnPIKX_e42y6bDT_Ztf01QfKiTkcx3_I8RwOuh6CzJzr72AykQpU3XKOKF1x1GBtYyrno4jG5LgaGE","p":"1UARZ-rRnpKG5NHKlXTys3irCy-d91edHL3fEIzDKvhMRQCIWh7dt8l0_sIpcBF-EbVilbFKj7yfgZBTr8EkAXHgweayK8rnlMqi2jte1_u-5DBtrGVVUTSQltSLDOZHK5QfUxVK6Bbk8K5ROLvef91oNgnSNWNOeoCZdlS55nMZcAgY_6mxSuuMq54Tgy8o4Ip890-ZEYY6OSFXhU-ieoGO4Jw--c6QzmCa3gGo2oVClidMNaM1jquK4Pj6xaoxR2NWeIX9Ix7k1P2B24pegyHXjSIpQ6JYdn352VViXi2tx7TTJh6ClNVjgoRmL4Gfy_IJNx0GhF5OB3yughUc7w","q":"xePJGBt466qM9F0BPxWFjyWbIs_GNXr-lBGASui0Z94cfgFbsZwqRsWQEf7jDVQsDNVnPSWZ_Wd6UqoQaIxc0tE8gaokPG6A4EUDyoLaZ231ZydDVoWof8FnPDaJwrcPwZ4R6ZLKGmkfytCZuU9I_9B4uuV0dyjEzKfS-Os3UcLumKPlgJ71OZAb49GTqUHuTePcSJjyYOYXx6eE7i_1m8TjU9Ut18BJNQhLqWmerA6X1ijbR2_syY6GXhGSfciSBH8xVkiUnqXb2jt1bE8nwWw-Sam5ikjzNbXqqs978IcCE5HTddQmy99bwuArA8PLqIFj3OOO1CSo8oyn2XDgMQ","dp":"Diky_rOZN-6DBq7nxQT_GOvqb9O5qbMnu8DgDzlJvJDAf9SJOXLTRmEaY9CA7_A5bvOcmFQtn13nObNb20_4FCB7zGSFcGMI_dh2-Ab5RV5yTrTok4onID1dXKbAlRq1ny825U2Eq-TZTyJEQoA3RkZtpSkBzInLrFbd2f3GWodKKSZggpnCLDd4H-1fXlbDYCXSJpoikAdZ1nFgXnnrUDdKRaAajnwpIYtIvXVewSQYR-BULzunUtIRZt8hx_6FRzhRha9gH_TtPTeYZ_vISuz0Y2rhUpx1Q2kaLlR9M8PUxm47l0xvX3LMKN6h6oWxFtn7wq0qwZ-Bjv24mOrOAQ","dq":"nXGD10hURrwk9W7hxP0sjB2Rdnr06iv3THs4JWFL16_h32bZO1BSWoho_chbgYlMmtFXGFFIWVLxAcAI2gWC_MA4cbmapvIMW2LNh1vgxJW5v95_NuGUlECeEEwcAu1-_b7z5XBCmAy3nLem9sbb_5wv0hMpPH0VRvbnZeBO3SBIkO0lddYCqU-8wN9HqkyoexQleSUnAm1O0iy4GIHT2aEmdNaRaKy2EhmNiTZdZeseZueOvyGPtTVONp2ofacMdcN0z39jr22qo9DWtdusd7nVPOpqkllEF6GrGUeHBnGD92n4YjDuxRnqefu8fXxUFrcLav0p8CNSv9ek291woQ","qi":"w6hfKEBLLHRWPkjajgxZyyetj-UFfVkILRT0plOllJ2JV8whcOXRXbiXH2r8zqMeyMFrrMwmuvv4TVQaruKB0ZQOG7Tz5Lw0RZEREOLnBwc3vSi_iLd-jBz01LdExTpqsAHMkaMQR9x62J8DE1ZNxVdn3ELYKik0f1L2r_WErzhvT1uq69HAybUp6WHcFYH0PSqHg4LOneXAdU1_g-ji2Zn9dlA_2oYGQ5S6JXPV7v2IVbEFpxyVD1lPbFT0iKhyZZevictjgD_JGHveIVqsq5w0Csyz08h0oEW9hYEq-4bquMxSf18gjldoS5uQPD7FUECgL8bxsCdc4hP6UEKYGw"}
+ authority_name: "Decidim Test Authority"
+ authority_api_key: "89Ht70GZNcicu8WEyagz_rRae6brbqZAGuBEICYBCii-PTV3MAstAtx1aRVe5H5YfODi-JgYPvyf9ZMH7tOeZ15e3mf9B2Ymgw7eknvBFMRP213YFGo1SPn_C4uLK90G"
+ scheme_name: "dummy"
+ quorum: 2
+ number_of_trustees: 3
+
+storage_default: &storage_default
+ provider: <%= Decidim::Env.new("STORAGE_PROVIDER", "local").to_s %>
+ cdn_host: <%= ENV["STORAGE_CDN_HOST"] %>
+ s3:
+ access_key_id: <%= ENV["AWS_ACCESS_KEY_ID"] %>
+ secret_access_key: <%= ENV["AWS_SECRET_ACCESS_KEY"] %>
+ region: <%= ENV["AWS_REGION"] %>
+ bucket: <%= ENV["AWS_BUCKET"] %>
+ endpoint: <%= ENV["AWS_ENDPOINT"] %>
+ azure:
+ storage_access_key: <%= ENV["AZURE_STORAGE_ACCESS_KEY"] %>
+ storage_account_name: <%= ENV["AZURE_STORAGE_ACCOUNT_NAME"] %>
+ container: <%= ENV["AZURE_CONTAINER"] %>
+ gcs:
+ project: <%= ENV["GCS_PROJECT"] %>
+ bucket: <%= ENV["GCS_BUCKET"] %>
+ type: <%= Decidim::Env.new("GCS_TYPE", "service_account").to_s %>
+ project_id: <%= Decidim::Env.new("GCS_PROJECT_ID").to_s %>
+ private_key_id: <%= Decidim::Env.new("GCS_PRIVATE_KEY_ID").to_s %>
+ private_key: <%= Decidim::Env.new("GCS_PRIVATE_KEY").to_s %>
+ client_email: <%= Decidim::Env.new("GCS_CLIENT_EMAIL").to_s %>
+ client_id: <%= Decidim::Env.new("GCS_CLIENT_ID").to_s %>
+ auth_uri: <%= Decidim::Env.new("GCS_AUTH_URI", "https://accounts.google.com/o/oauth2/auth").to_s %>
+ token_uri: <%= Decidim::Env.new("GCS_TOKEN_URI", "https://accounts.google.com/o/oauth2/token").to_s %>
+ auth_provider_x509_cert_url: <%= Decidim::Env.new("GCS_AUTH_PROVIDER_X509_CERT_URL", "https://www.googleapis.com/oauth2/v1/certs").to_s %>
+ client_x509_cert_url: <%= Decidim::Env.new("GCS_CLIENT_X509_CERT_URL").to_s %>
+
default: &default
+ decidim:
+ <<: *decidim_default
omniauth:
facebook:
- # It must be a boolean. Remember ENV variables doesn't support booleans.
- enabled: false
+ enabled: <%= Decidim::Env.new("OMNIAUTH_FACEBOOK_APP_ID").to_boolean_string %>
app_id: <%= ENV["OMNIAUTH_FACEBOOK_APP_ID"] %>
app_secret: <%= ENV["OMNIAUTH_FACEBOOK_APP_SECRET"] %>
twitter:
- enabled: false
+ enabled: <%= Decidim::Env.new("OMNIAUTH_TWITTER_API_KEY").to_boolean_string %>
api_key: <%= ENV["OMNIAUTH_TWITTER_API_KEY"] %>
api_secret: <%= ENV["OMNIAUTH_TWITTER_API_SECRET"] %>
google_oauth2:
- enabled: false
+ enabled: <%= Decidim::Env.new("OMNIAUTH_GOOGLE_CLIENT_ID").to_boolean_string %>
+ icon_path: decidim/brands/google.svg
client_id: <%= ENV["OMNIAUTH_GOOGLE_CLIENT_ID"] %>
client_secret: <%= ENV["OMNIAUTH_GOOGLE_CLIENT_SECRET"] %>
- oidc:
- enabled: false
- issuer: <%= ENV["MEIN_KONTO_ISSUER"] %>
- client_id: <%= ENV["MEIN_KONTO_CLIENT_ID"] %>
- client_secret: <%= ENV["MEIN_KONTO_CLIENT_SECRET"] %>
- redirect_url: <%= ENV["MEIN_KONTO_REDIRECT_URL"] %>
- translator:
- endpoint_url: <%= ENV['TRANSLATOR_ENDPOINT_URL'] %>
- secret_key: <%= ENV['TRANSLATOR_SECRET_KEY'] %>
+ maps:
+ dynamic_provider: <%= Decidim::Env.new("MAPS_DYNAMIC_PROVIDER", ENV["MAPS_PROVIDER"]).to_s %>
+ static_provider: <%= Decidim::Env.new("MAPS_STATIC_PROVIDER", ENV["MAPS_PROVIDER"]).to_s %>
+ static_api_key: <%= Decidim::Env.new("MAPS_STATIC_API_KEY", ENV["MAPS_API_KEY"]).to_s %>
+ dynamic_api_key: <%= Decidim::Env.new("MAPS_DYNAMIC_API_KEY", ENV["MAPS_API_KEY"]).to_s %>
+ dynamic_url: <%= ENV["MAPS_DYNAMIC_URL"] %>
+ static_url: <%= ENV["MAPS_STATIC_URL"] %>
+ attribution: <%= ENV["MAPS_ATTRIBUTION"].to_json %>
+ extra_vars: <%= ENV["MAPS_EXTRA_VARS"].to_json %>
+ geocoding_host: <%= ENV["MAPS_GEOCODING_HOST"] %>
etherpad:
server: <%= ENV["ETHERPAD_SERVER"] %>
api_key: <%= ENV["ETHERPAD_API_KEY"] %>
- api_version: "1.2.1"
+ api_version: <%= Decidim::Env.new("ETHERPAD_API_VERSION", "1.2.1") %>
+ elections:
+ <<: *elections_default
+ storage:
+ <<: *storage_default
+ translator:
+ endpoint_url: <%= ENV['TRANSLATOR_ENDPOINT_URL'] %>
+ secret_key: <%= ENV['TRANSLATOR_SECRET_KEY'] %>
vapid:
- enabled: false
+ enabled: <%= Decidim::Env.new("VAPID_PUBLIC_KEY").to_boolean_string %>
+ public_key: <%= ENV["VAPID_PUBLIC_KEY"] %>
+ private_key: <%= ENV["VAPID_PRIVATE_KEY"] %>
development:
<<: *default
secret_key_base: "a079b45f956a865554a9b320583d7dc7ceb61da285259731ad60ba4139cec8d57411b04dbdbe6003e10ac85d385e343c26d780e814feb4139eaee6953e9ea614"
+ omniauth:
+ developer:
+ enabled: true
+ icon: phone
test:
<<: *default
- secret_key_base: "a079b45f956a865554a9b320583d7dc7ceb61da285259731ad60ba4139cec8d57411b04dbdbe6003e10ac85d385e343c26d780e814feb4139eaee6953e9ea614"
+ secret_key_base: "2150118fc8aa7843d2ecfe98638dbb1dd76d2a2a584d5dd6a90b27271d496f9a05dd2696b217e56673a7316f7e59595338fdc08a792cedfda9fe10c96919daf0"
omniauth:
facebook:
enabled: true
+ app_id: fake-facebook-app-id
+ app_secret: fake-facebook-app-secret
twitter:
enabled: true
+ api_key: fake-twitter-api-key
+ api_secret: fake-twitter-api-secret
google_oauth2:
enabled: true
+ client_id:
+ client_secret:
+ elections:
+ <<: *elections_default
+ bulletin_board_server: <%= Decidim::Env.new("ELECTIONS_BULLETIN_BOARD_SERVER", 'http://bulletin-board.lvh.me:5017/api').to_s %>
+
# Do not keep production secrets in the repository,
# instead read values from the environment.
@@ -65,6 +199,23 @@ production:
smtp_password: <%= ENV["SMTP_PASSWORD"] %>
smtp_address: <%= ENV["SMTP_ADDRESS"] %>
smtp_domain: <%= ENV["SMTP_DOMAIN"] %>
- smtp_port: "587"
- smtp_starttls_auto: true
- smtp_authentication: "plain"
+ smtp_port: <%= Decidim::Env.new("SMTP_PORT", 587).to_i %>
+ smtp_starttls_auto: <%= Decidim::Env.new("SMTP_STARTTLS_AUTO").to_boolean_string %>
+ smtp_authentication: <%= Decidim::Env.new("SMTP_AUTHENTICATION", "plain").to_s %>
+ elections:
+ bulletin_board_server: <%= ENV["BULLETIN_BOARD_SERVER"] %>
+ bulletin_board_public_key: <%= ENV["BULLETIN_BOARD_PUBLIC_KEY"] %>
+ authority_api_key: <%= ENV["BULLETIN_BOARD_API_KEY"] %>
+ authority_name: <%= ENV["AUTHORITY_NAME"] %>
+ authority_private_key: <%= ENV["AUTHORITY_PRIVATE_KEY"] %>
+ scheme_name: <%= Decidim::Env.new("ELECTIONS_SCHEME_NAME", "electionguard").to_s %>
+ number_of_trustees: <%= Decidim::Env.new("ELECTIONS_NUMBER_OF_TRUSTEES").to_i %>
+ quorum: <%= Decidim::Env.new("ELECTIONS_QUORUM").to_i %>
+ setup_minimum_hours_before_start: <%= Decidim::Env.new("ELECTIONS_SETUP_MINIMUM_HOURS_BEFORE_START", 3).to_i %>
+ start_vote_maximum_hours_before_start: <%= Decidim::Env.new("ELECTIONS_START_VOTE_MAXIMUM_HOURS_BEFORE_START", 6).to_i %>
+ voter_token_expiration_minutes: <%= Decidim::Env.new("ELECTIONS_VOTER_TOKEN_EXPIRATION_MINUTES", 120).to_i %>
+ votings:
+ check_census_max_requests: <%= Decidim::Env.new("VOTINGS_CHECK_CENSUS_MAX_REQUESTS", 5).to_i %>
+ throttling_period: <%= Decidim::Env.new("VOTINGS_THROTTLING_PERIOD", 1).to_i %>
+ census:
+ access_codes_export_expiry_time: <%= Decidim::Env.new("VOTINGS_CENSUS_ACCESS_CODES_EXPORT_EXPIRY_TIME", 2).to_i %>