Security update

mateusflorez · Jul 25, 2022 · c775b89 · c775b89
1 parent e23252a
commit c775b89
Show file tree

Hide file tree

Showing 262 changed files with 1,015 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 ### Website created using CRUD and MVC pattern along with a Ruby course
-> Status: Incomplete ⚠️
+> Status: Complete :heavy_check_mark:
 
 ## Development rules:
 + MVC pattern (Model, View, Controller).

diff --git a/app/assets/stylesheets/articles.scss b/app/assets/stylesheets/articles.scss
diff --git a/app/assets/stylesheets/categories.scss b/app/assets/stylesheets/categories.scss
diff --git a/app/assets/stylesheets/comments.scss b/app/assets/stylesheets/comments.scss
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -1,5 +1,13 @@
 module ApplicationHelper
+  def month_day_comma_year(datetime)
+    datetime.strftime('%B %e, %Y')
+  end
+
   def render_if(condition, template, record)
     render template, record if condition
   end
+
+  def sub_masked_email(email)
+    email.gsub(/(?<=.{2}).*@.*(?=\S{2})/, '****@****')
+  end
 end
diff --git a/app/helpers/articles_helper.rb b/app/helpers/articles_helper.rb
diff --git a/app/helpers/categories_helper.rb b/app/helpers/categories_helper.rb
diff --git a/app/helpers/comments_helper.rb b/app/helpers/comments_helper.rb
diff --git a/app/views/articles/_article_detail.html.erb b/app/views/articles/_article_detail.html.erb
@@ -1,3 +1,3 @@
 <%= month_day_comma_year(article.created_at) %> by
-<%= article.user.email %> in
+<%= sub_masked_email(article.user.email) %> in
 <%= article.category.name %>
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
@@ -1,7 +1,7 @@
 <div class="card mb-3">
   <div class="card-body">
     <h5 class="card-title"><%= month_day_comma_year(comment.created_at) %></h5>
-    <h6 class="card-subtitle mb-2 text-muted">Commenter: <%= comment.user.email %></h6>
+    <h6 class="card-subtitle mb-2 text-muted">Commenter: <%= sub_masked_email(comment.user.email) %></h6>
     <p class="card-text"><%= comment.body %></p>
     <%= link_to 'Delete', article_comment_path(@article, comment),
     method: :delete,

diff --git a/app/views/layouts/_account_links.html.erb b/app/views/layouts/_account_links.html.erb
@@ -1,7 +1,7 @@
 <% if user_signed_in? %>
   <div class="dropdown">
     <button class="btn btn-secondary dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false">
-      <%= current_user.email %>
+      <%= sub_masked_email(current_user.email) %>
     </button>
     <ul class="dropdown-menu">
       <li><%= link_to 'Edit user', edit_user_registration_path, class: 'dropdown-item' %></li>

diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
@@ -1 +1 @@
-u4TfmztP4+1N6xwTzoOqQ6LqGkBeHCxmX33B/kxhqAqq2RX5mjBDn9vKUC4ReclvrXsJUY1TEsykwnvdMw/ePFm9z8GNO/GbWZ7DL0T9/lx3pZlsQMo/tkBz0qCmWNNA6giGpQuYPVZ9eAZ/lLBlztwWXQwcB1AO+sbs5NtlebsEpXShvRpULmuPB9dPe/57mEtJ4oHGz4HV0hznJRws4O+MfOmfXwPrtlU61ERg3jpU97tOPNie9+FgqqukS54GOReeaQAvza5ImJYW7QjC4XG8f7KGtT3IBDBPG6hnBbIay1iK5KoP2gQZhnhH5PbPVaWHsSImZ5N0+VBzoMkmnYl+WVI6pI3WTneCygZNMyf5IiTzerQBvyQlRylVD4mRmecd75DaK9YZzUZBsLHXY5bp6TdCV4fWIqjua9Anrj2Ey40oS39WHWP4uf3SLHErekBx6RNlI21TkQ6cp0kKbHNTVghMlWk/PPBVW/6jcPcDElaSObMJXpe+uUfF0O6cl3bq5I/m--9+FQVnwcMZBpURnH--ucWxiYvqeQPo9EQSXAwH3w==
+XZPCdIOIGCpcZ3zeudWLGfOcl/ij4uNp5W3sRMcm/okunEJlcQCj4HzBcJ6wWHU38PFCIif92TXEF5oIr3dJsLHA0mZ91DReh5WT4to9msAffVeMpnodSpwZAS/OMBXvCC4R/VvU+Xx8yZjG7GvW6WIj3uYyIob/REfQdwv9U/xpZxFunfkHecct2lBCcecl7w5rqaTuzvy1n4SwRKGSdcVUmetvCmk/TAl+ic8kxwuH+6BC3z5IgnhJ9eADvWZExylco0rNHu2CbeHn7zuZ3uPKm8u7KWbQ8U6sHus/DJEqO7R8W9Cy9E/57qNRy28Su7MO3XTgN9iPqT5Ji+om4zOa/otXEo3l/l1ENQ1PlfDPfJydClNyIfXsro3xgZ5rh63UKRx1/K+2iUEJh8UqNLjr4ol9E+xlvmUfDgSju1Ag0+O2vqo7HZx2uK0yQmnaEsiDj8obAsEtn1ErfVeO/F/GBxLtSRwyHUsQwEwrdcbatJj1Xx6+6Q+LLhuuan3KrKABF6xaaCEjV0J9RbNMjihfKZaJfYLuwZFFpT4jdF5EUKOnKL8l7oFAPSU0e8mQ1+++DWsok9zk/VGKsvhAU6ibQgw0Hw==--oSbFYOFDtPWry1of--toO0G+wCd/hYSdbGXjcoEw==
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -46,7 +46,7 @@
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
 
   # Include generic and useful information about system operation, but avoid logging too much
   # information to avoid inadvertent exposure of personally identifiable information (PII).
@@ -125,7 +125,7 @@
     address: 'smtp.gmail.com',
     port: 587,
     domain: 'gmail.com',
-    user_name: Rails.application.credentials.gmail[:user_name].to_s,
+    user_name: Rails.application.credentials.gmail[:user_name],
     password: Rails.application.credentials.gmail[:password],
     authentication: 'plain',
     enable_starttls_auto: true

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -25,7 +25,7 @@
   # note that it will be overwritten if you use your own mailer class
   # with default "from" parameter.
   config.mailer_sender = if Rails.env.production?
-                           Rails.application.credentials.gmail[:user_name].to_s
+                           Rails.application.credentials.gmail[:mailer_sender]
                          else
                            '[email protected]'
                          end

diff --git a/db/development.sqlite3 b/db/development.sqlite3
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		u4TfmztP4+1N6xwTzoOqQ6LqGkBeHCxmX33B/kxhqAqq2RX5mjBDn9vKUC4ReclvrXsJUY1TEsykwnvdMw/ePFm9z8GNO/GbWZ7DL0T9/lx3pZlsQMo/tkBz0qCmWNNA6giGpQuYPVZ9eAZ/lLBlztwWXQwcB1AO+sbs5NtlebsEpXShvRpULmuPB9dPe/57mEtJ4oHGz4HV0hznJRws4O+MfOmfXwPrtlU61ERg3jpU97tOPNie9+FgqqukS54GOReeaQAvza5ImJYW7QjC4XG8f7KGtT3IBDBPG6hnBbIay1iK5KoP2gQZhnhH5PbPVaWHsSImZ5N0+VBzoMkmnYl+WVI6pI3WTneCygZNMyf5IiTzerQBvyQlRylVD4mRmecd75DaK9YZzUZBsLHXY5bp6TdCV4fWIqjua9Anrj2Ey40oS39WHWP4uf3SLHErekBx6RNlI21TkQ6cp0kKbHNTVghMlWk/PPBVW/6jcPcDElaSObMJXpe+uUfF0O6cl3bq5I/m--9+FQVnwcMZBpURnH--ucWxiYvqeQPo9EQSXAwH3w==
		XZPCdIOIGCpcZ3zeudWLGfOcl/ij4uNp5W3sRMcm/okunEJlcQCj4HzBcJ6wWHU38PFCIif92TXEF5oIr3dJsLHA0mZ91DReh5WT4to9msAffVeMpnodSpwZAS/OMBXvCC4R/VvU+Xx8yZjG7GvW6WIj3uYyIob/REfQdwv9U/xpZxFunfkHecct2lBCcecl7w5rqaTuzvy1n4SwRKGSdcVUmetvCmk/TAl+ic8kxwuH+6BC3z5IgnhJ9eADvWZExylco0rNHu2CbeHn7zuZ3uPKm8u7KWbQ8U6sHus/DJEqO7R8W9Cy9E/57qNRy28Su7MO3XTgN9iPqT5Ji+om4zOa/otXEo3l/l1ENQ1PlfDPfJydClNyIfXsro3xgZ5rh63UKRx1/K+2iUEJh8UqNLjr4ol9E+xlvmUfDgSju1Ag0+O2vqo7HZx2uK0yQmnaEsiDj8obAsEtn1ErfVeO/F/GBxLtSRwyHUsQwEwrdcbatJj1Xx6+6Q+LLhuuan3KrKABF6xaaCEjV0J9RbNMjihfKZaJfYLuwZFFpT4jdF5EUKOnKL8l7oFAPSU0e8mQ1+++DWsok9zk/VGKsvhAU6ibQgw0Hw==--oSbFYOFDtPWry1of--toO0G+wCd/hYSdbGXjcoEw==