Merge torrust#713: Make secrets in config options mandatory

cb0e375 fix: [torrust#653] rename auth.secret_key config option (Jose Celano) 7b3cc13 fix: [710] make secrets in config options mandatory (Jose Celano) Pull request description: Make secrets in config options mandatory: - `tracker.token` - `auth.user_claim_token_pepper` It keeps the SMPT server credentials default because they are not always needed: - `mail.smpt.credentials.password` For example, for the mailcatcher. ACKs for top commit: josecelano: ACK cb0e375 Tree-SHA512: e5ab0e297143ba57513ed370c7e1227200ae454d7232c6302bf0fe6e0194e790e3f241bdeea256ceddd0ae1b808d67c4b45a8e9de2bf2d035f35bca1c31e964b
josecelano · Aug 12, 2024 · 8156fd8 · 8156fd8
2 parents 4d85120 + cb0e375
commit 8156fd8
Show file tree

Hide file tree

Showing 12 changed files with 66 additions and 8 deletions.
diff --git a/compose.yaml b/compose.yaml
@@ -13,7 +13,7 @@ services:
       - TORRUST_INDEX_DATABASE=${TORRUST_INDEX_DATABASE:-e2e_testing_sqlite3}
       - TORRUST_INDEX_DATABASE_DRIVER=${TORRUST_INDEX_DATABASE_DRIVER:-sqlite3}
       - TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN=${TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN:-MyAccessToken}
-      - TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__SECRET_KEY=${TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__SECRET_KEY:-MaxVerstappenWC2021}
+      - TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__USER_CLAIM_TOKEN_PEPPER=${TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__USER_CLAIM_TOKEN_PEPPER:-MaxVerstappenWC2021}
     networks:
       - server_side
     ports:

diff --git a/contrib/dev-tools/container/e2e/sqlite/mode/private/e2e-env-up.sh b/contrib/dev-tools/container/e2e/sqlite/mode/private/e2e-env-up.sh
@@ -8,7 +8,7 @@ USER_ID=${USER_ID:-1000} \
     TORRUST_INDEX_DATABASE="e2e_testing_sqlite3" \
     TORRUST_INDEX_DATABASE_DRIVER="sqlite3" \
     TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
-    TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__SECRET_KEY="MaxVerstappenWC2021" \
+    TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__USER_CLAIM_TOKEN_PEPPER="MaxVerstappenWC2021" \
     TORRUST_TRACKER_CONFIG_TOML=$(cat ./share/default/config/tracker.private.e2e.container.sqlite3.toml) \
     TORRUST_TRACKER_DATABASE="e2e_testing_sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER="sqlite3" \

diff --git a/contrib/dev-tools/container/e2e/sqlite/mode/public/e2e-env-up.sh b/contrib/dev-tools/container/e2e/sqlite/mode/public/e2e-env-up.sh
@@ -8,7 +8,7 @@ USER_ID=${USER_ID:-1000} \
     TORRUST_INDEX_DATABASE="e2e_testing_sqlite3" \
     TORRUST_INDEX_DATABASE_DRIVER="sqlite3" \
     TORRUST_INDEX_CONFIG_OVERRIDE_TRACKER__TOKEN="MyAccessToken" \
-    TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__SECRET_KEY="MaxVerstappenWC2021" \
+    TORRUST_INDEX_CONFIG_OVERRIDE_AUTH__USER_CLAIM_TOKEN_PEPPER="MaxVerstappenWC2021" \
     TORRUST_TRACKER_CONFIG_TOML=$(cat ./share/default/config/tracker.public.e2e.container.sqlite3.toml) \
     TORRUST_TRACKER_DATABASE="e2e_testing_sqlite3" \
     TORRUST_TRACKER_CONFIG_OVERRIDE_CORE__DATABASE__DRIVER="sqlite3" \

diff --git a/share/default/config/index.container.mysql.toml b/share/default/config/index.container.mysql.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "mysql://root:root_secret_password@mysql:3306/torrust_index"
 

diff --git a/share/default/config/index.container.sqlite3.toml b/share/default/config/index.container.sqlite3.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc"
 

diff --git a/share/default/config/index.development.sqlite3.toml b/share/default/config/index.development.sqlite3.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 # Uncomment if you want to enable TSL for development
 #[net.tsl]
 #ssl_cert_path = "./storage/index/lib/tls/localhost.crt"

diff --git a/share/default/config/index.private.e2e.container.sqlite3.toml b/share/default/config/index.private.e2e.container.sqlite3.toml
@@ -15,8 +15,12 @@ threshold = "info"
 api_url = "http://tracker:1212"
 listed = false
 private = true
+token = "MyAccessToken"
 url = "http://tracker:7070"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/e2e_testing_sqlite3.db?mode=rwc"
 
@@ -25,4 +29,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/index.public.e2e.container.mysql.toml b/share/default/config/index.public.e2e.container.mysql.toml
@@ -13,8 +13,12 @@ threshold = "info"
 
 [tracker]
 api_url = "http://tracker:1212"
+token = "MyAccessToken"
 url = "udp://tracker:6969"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "mysql://root:root_secret_password@mysql:3306/torrust_index_e2e_testing"
 
@@ -23,4 +27,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/index.public.e2e.container.sqlite3.toml b/share/default/config/index.public.e2e.container.sqlite3.toml
@@ -13,8 +13,12 @@ threshold = "info"
 
 [tracker]
 api_url = "http://tracker:1212"
+token = "MyAccessToken"
 url = "udp://tracker:6969"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/e2e_testing_sqlite3.db?mode=rwc"
 
@@ -23,4 +27,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/tracker.private.e2e.container.sqlite3.toml b/share/default/config/tracker.private.e2e.container.sqlite3.toml
@@ -4,6 +4,12 @@ schema_version = "2.0.0"
 [logging]
 threshold = "info"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [core]
 listed = false
 private = true
@@ -17,4 +23,3 @@ bind_address = "0.0.0.0:6969"
 
 [http_api]
 bind_address = "0.0.0.0:1212"
-
diff --git a/share/default/config/tracker.public.e2e.container.sqlite3.toml b/share/default/config/tracker.public.e2e.container.sqlite3.toml
@@ -4,6 +4,12 @@ schema_version = "2.0.0"
 [logging]
 threshold = "info"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [core]
 listed = false
 private = false

diff --git a/src/config/mod.rs b/src/config/mod.rs
@@ -340,7 +340,12 @@ impl Configuration {
     /// Will return an error if a mandatory configuration option is only
     /// obtained by default value (code), meaning the user hasn't overridden it.
     fn check_mandatory_options(figment: &Figment) -> Result<(), Error> {
-        let mandatory_options = ["metadata.schema_version", "logging.threshold"];
+        let mandatory_options = [
+            "auth.user_claim_token_pepper",
+            "logging.threshold",
+            "metadata.schema_version",
+            "tracker.token",
+        ];
 
         for mandatory_option in mandatory_options {
             figment
@@ -512,6 +517,12 @@ mod tests {
 
                 [logging]
                 threshold = "info"
+
+                [tracker]
+                token = "MyAccessToken"
+
+                [auth]
+                user_claim_token_pepper = "MaxVerstappenWC2021"
             "#,
             )?;
 
@@ -537,6 +548,12 @@ mod tests {
 
                 [logging]
                 threshold = "info"
+
+                [tracker]
+                token = "MyAccessToken"
+
+                [auth]
+                user_claim_token_pepper = "MaxVerstappenWC2021"
             "#
             .to_string();