Openssl added for https (publiclab#2745)

* Openssl added for https

* Changed Installation guidelines

* localhost.key added

* Openssl moved to development and test group

* Updated readme

* changed config settings

* Updated readme

* patches

* CodeClimate Error Fixed

.gitignore

@@ -36,6 +36,7 @@ todo.txt
 *.pfx
 *.pem
 *.key
+!config/localhost.key
 passenger.*
 passenger-standalone.json.bkp
 public/pdf.js/

Gemfile

@@ -62,6 +62,7 @@ group :test, :development do
   gem 'jasmine-jquery-rails'
   gem 'coveralls', require: false
   gem 'ci_reporter_test_unit'
+  gem 'openssl', '~> 2.0.0.beta.1'
 end
 
 # run with `bundle install --without production` to exclude these

README.md

@@ -56,10 +56,19 @@ Please read and abide by our [Code of Conduct](https://publiclab.org/conduct); o
 5. Make a copy of `config/database.yml.sqlite.example` and place it at `config/database.yml`
 6. Run `rake db:setup` to set up the database
 7. Install static assets (like external javascript libraries, fonts) with `bower install`
-8. Start rails with `passenger start` from the Rails root and open http://localhost:3000 in a web browser.
+8. By default, start rails with `passenger start` from the Rails root and open http://localhost:3000 in a web browser.
+(for local SSL work, see [SSL](#ssl+in+development) below)
 9. Wheeeee! You're up and running! Log in with test usernames "user", "moderator", or "admin", and password "password".
 10. Run `rake test` to confirm that your install is working properly.
 
+## SSL in Development
+We at public labs use [openssl](https://github.com/ruby/openssl) gem to provide SSL for the secure connection in the development mode. You can run the https connection on the localhost by following following steps:
+1. Use 'passenger start --ssl --ssl-certificate config/localhost.crt --ssl-certificate-key config/localhost.key --ssl-port 3001'.
+2. Open up https://localhost:3001.
+3. Add security exceptions from the advance settings of the browser.
+You can also use http (unsecure connection) on the port number 3000 by going to 'http://localhost:3000'. We use port number 3001 for 'https' and port number 3000 for 'http' connection.
+Secure connection is needed for OAuth authentication etc.
+
 ## How to start and modify cron jobs
 
 1. We are using whenever gem to schedule cron jobs [Whenever](https://github.com/javan/whenever)

config/environments/development.rb

@@ -35,9 +35,11 @@
 
   config.action_mailer.delivery_method = :file
 
-  # force SSL
-  #config.force_ssl = true
+  #force SSL
 
+  if config.ssl_port = 3001
+    config.use_ssl = true
+  end
   config.action_mailer.delivery_method = :letter_opener
 
   config.action_mailer.default_url_options = {

config/localhost.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAJLUW2Gnlo1KMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTgwNTI1MTExNjM3WhcNMTkwNTI1MTExNjM3WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA1yL6V582/EZk+S8dalESgnTPNHKddkE8ERNURT0WrX6trkAwe5qcBWEb
+w43d2Kz/NCYixSPl6RyhaIU0RSzuCqbkedvuFhmgx1C05OWiR3IZR83SWVuvv8sT
+RptMkzhhUZUVysnutF/6blK//zqIfD3Y7YG/ZzvWT4Jp3ZMvQ9YZ74rQNrhED82M
+ctKFiA+A4AzrvX05D4VtcRoSZXklMDJECQONetK/+9PQTku1QUSAbmp2dD3FMi72
+4NWPWCtnpBY0reqQ8L9vR7QlMuNeNdKxeTsDq/fY+0J+4snEaqhGmXWanKAi1NT6
+eBprYChlx7g+2JGJ8TEx2+YRs4TyywIDAQABo1AwTjAdBgNVHQ4EFgQUPMAVtJaN
+zC6LVWj2aYay2u+TZX8wHwYDVR0jBBgwFoAUPMAVtJaNzC6LVWj2aYay2u+TZX8w
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOkA+ct42ZxDvoe6huFm0
+Cht9V0uQsWXynQEur9FPKYiAgVi+XcwO4r4wNr6KlIhFTK/8zoDR3e8q9ZHxoJEi
+oTYrgh+6RG2+WU4BHDRxUVBTgthnzxn0xE7YZr+0RE40NMpkCJxhsRMuiHU2tTom
+MEo4Fjav3DOX+y8S+GPpflWCifA7jhYw2GFjukeYNxJG1fatlZo4LE8I067xjn47
+03S7z0GqCGRag9uEDL3kaHu3RAoEHfcMbOn0CJsVe9VQAlhgM+MfErOUVlkT27rv
+eJCqwH3lFxFDI9EKvUowf2btPW4zWWfyEwwyXmxi6/g0bpoCQR4FY/oykTHiTf1J
+kg==
+-----END CERTIFICATE-----

config/localhost.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDXIvpXnzb8RmT5
+Lx1qURKCdM80cp12QTwRE1RFPRatfq2uQDB7mpwFYRvDjd3YrP80JiLFI+XpHKFo
+hTRFLO4KpuR52+4WGaDHULTk5aJHchlHzdJZW6+/yxNGm0yTOGFRlRXKye60X/pu
+Ur//Ooh8Pdjtgb9nO9ZPgmndky9D1hnvitA2uEQPzYxy0oWID4DgDOu9fTkPhW1x
+GhJleSUwMkQJA4160r/709BOS7VBRIBuanZ0PcUyLvbg1Y9YK2ekFjSt6pDwv29H
+tCUy41410rF5OwOr99j7Qn7iycRqqEaZdZqcoCLU1Pp4GmtgKGXHuD7YkYnxMTHb
+5hGzhPLLAgMBAAECggEBAJ1IZC+1JfTv3hhTOrUkily321ijxrzS2oA9Wmm4TKEQ
+sRdotElZcmF4alzgleU4LOfKTbdFFGwF03dfkyRTwcAl3Xm9sWWU3Pd66JVD0Q1c
+vGDDd9p+bpHQfMos9aHYIUYMsb7tPMfAN416kAWfnHMAoFybc/ycQYUlehJU7cQw
+JlcI8NNrZmHi14tzJGjqtFo1goUWehABrd1SbRZNFh0Q22ObjccBUkSu2nZqgY0T
+f/gNTSgvK0ncWZXzWKFzT1TyrWoS/+coGVFhtAG5pH7jo+eU9EgXpGztsP4KDmP9
+c+Kx+Dqw81MnE+wdFpn2G3yIM3wbRe3AsMYKypWr2kkCgYEA+HhqW/Fs2vjSY7bc
+IuYQEbiX0ALEXa0NjbmiWR7t7ffqErtPzW9bAHoyMZnMwnJdd/UzJYa+gcok+Hqc
+KlrQvaT2lRJWP43lM+XYrmkA1aUkwZ7oLCCr8DjN7o72cU7peR2bbK3e+rmxt0JI
+mLM/9WAr69MGzvHa/BLNH4IH6HcCgYEA3af3PoX51venXhwCnGE8BceT5s24zYA6
+8Vv7pAGnxZxG1/4Ur72B3GbBW0/ojarIjQqf9p4Q6rI1F+6WzErrR4HiFgQDA8Gw
+5rQbim6+3h1dny1rQUQjfIy8asc1K0VFp9+eLCJD/bVnj9rT9jCwkJOj8LrXrNEg
+hUklKuQU8U0CgYEAlNHiumEW1uyTbt/2Z/yuAT8zxoXxwT3GUW2vPHvW/GIx07hX
+Ku+YbOfDqou45XoEW7YERWS4NBq0HBOr935fakck3dKW0AgYEQaIyqXftxbrtgCM
+hOmosgAD7++20dT25/EAx444cKnKNL5BpxwtobVReTTy7f5UMAi+zTFftS8CgYEA
+ujN1oZJOlOUqNgZ1swSDtZ84gbTjv84utb69n8K8O2bSpHOO0SrzQkEXwStZglir
+bMA2LKgQMfhOXbJR/4AYMdPMJw5rseYuQz+duybZNCGbGjK/XO5umRxo05JQ+e6R
+Wzqg1xZZ43FWdCQx1yiDypAcMgfjUgvDs/QEQwmjBikCgYA5P3PaEqMBHmDElXNo
+sa/3QTeyGGXqaBiwXTANxKFewq2cpU1wWJaIApdlj558WVXndvSKFnSV0r314a4m
+nuxg4Fm/J0NS47OqptMs2t4S5xzOVYp4nnTrRWmE7N7TfPdFiTV0b7iXtZYcbroI
+jErw8+3EKBtKxlb+/26VFmkk3Q==
+-----END PRIVATE KEY-----