feat: replace ENV variable checks with Rails configuration for authentication

app/controllers/application_controller.rb

@@ -3,13 +3,13 @@ class ApplicationController < ActionController::API
     render text: exception, status: :internal_server_error
   end
 
-  include Pundit::Authorization if ENV['ENABLE_AUTHENTICATION'].present?
-  before_action :doorkeeper_authorize!, except: %i[info]
+  include Pundit::Authorization if Rails.application.config.enable_authentication
+  before_action :doorkeeper_authorize!, except: %i[info] if Rails.application.config.enable_authentication
   before_action :active_storage_url_options
 
   def info
     client_app = Doorkeeper::Application.find_by(uid: params["client_id"], secret: params["client_secret"])
-    render json: { valid: client_app.present?, auth: ENV['ENABLE_AUTHENTICATION'].present? }
+    render json: { valid: client_app.present?, auth: Rails.application.config.enable_authentication }
   end
 
   protected

app/controllers/comments_controller.rb

@@ -25,7 +25,7 @@ def show
   # POST /comments
   def create
     @comment = Comment.new(comment_params)
-    @comment.user = current_user if ENV['ENABLE_AUTHENTICATION'].present?
+    @comment.user = current_user if Rails.application.config.enable_authentication
 
     if @comment.save
       render json: serialize(@comment.reload), status: :created

app/controllers/pias_controller.rb

@@ -1,6 +1,6 @@
 class PiasController < ApplicationController
   before_action :set_pia, only: %i[show update destroy duplicate]
-  before_action :authorize_pia if ENV['ENABLE_AUTHENTICATION'].present?
+  before_action :authorize_pia if Rails.application.config.enable_authentication
 
   rescue_from ActiveRecord::StaleObjectError do |e|
     render json: {
@@ -17,7 +17,7 @@ class PiasController < ApplicationController
   def index
     res = []
     # check if user is technical else his pias
-    pias = if ENV['ENABLE_AUTHENTICATION'].blank? || current_user.is_technical_admin
+    pias = if !Rails.application.config.enable_authentication || current_user.is_technical_admin
              Pia.all
            else
              policy_scope(Pia)
@@ -55,7 +55,7 @@ def create
 
     @pia = Pia.new(pia_parameters)
     if @pia.save
-      if ENV['ENABLE_AUTHENTICATION'].present?
+      if Rails.application.config.enable_authentication
         # Update pia user fields and UserPia relations
         check_pia_user_field(:authors, pia_params["authors"], "author_name", 1) if pia_params.key?("authors")
         check_pia_user_field(:evaluators, pia_params["evaluators"], "evaluator_name", 2) if pia_params.key?("evaluators")
@@ -83,7 +83,7 @@ def update
     pia_parameters.delete(:structure_data)
 
     if @pia.update(pia_parameters)
-      if ENV['ENABLE_AUTHENTICATION'].present?
+      if Rails.application.config.enable_authentication
         # Update pia user fields and UserPia relations
         check_pia_user_field(:authors, pia_params["authors"], "author_name", 1) if pia_params.key?("authors")
         check_pia_user_field(:evaluators, pia_params["evaluators"], "evaluator_name", 2) if pia_params.key?("evaluators")

app/models/evaluation.rb

@@ -4,8 +4,8 @@ class Evaluation < ApplicationRecord
   validates :reference_to, presence: true
   attr_accessor :evaluation_infos
 
-  after_create :email_for_evaluation! if ENV['ENABLE_AUTHENTICATION'].present?
-  after_update :email_for_validation! if ENV['ENABLE_AUTHENTICATION'].present?
+  after_create :email_for_evaluation! if Rails.application.config.enable_authentication
+  after_update :email_for_validation! if Rails.application.config.enable_authentication
 
   after_initialize :overwrite_to_safety_values
 

app/models/user.rb

@@ -50,7 +50,7 @@ def self.create_with_ldap(login)
     user = User.new
     user.login = login
 
-    password = [*'0'..'9', *'a'..'z', *'A'..'Z', *'!'..'?'].sample(16).join
+    password = User.random_password
     user.password = password
     user.password_confirmation = password
     user.check_ldap_email
@@ -80,4 +80,19 @@ def update_user_pias_infos
       pia.save
     end
   end
+
+  def self.random_password
+    digits  = ('0'..'9').to_a
+    lower   = ('a'..'z').to_a
+    upper   = ('A'..'Z').to_a
+    special = ('!'..'?').to_a
+
+    [
+      digits.sample,
+      lower.sample,
+      upper.sample,
+      special.sample,
+      (digits + lower + upper + special).sample(12)
+    ].flatten.shuffle.join
+  end
 end

config/application.rb

@@ -52,5 +52,6 @@ class Application < Rails::Application
 
     config.action_view.sanitized_allowed_tags = ENV.fetch('SANITIZED_ALLOWED_TAGS', 'strong b em i ul ol li br p a div span img h1 h2 h3 h4 h5 h6 p').split(' ')
     config.action_view.sanitized_allowed_attributes = ENV.fetch('SANITIZED_ALLOWED_ATTRIBUTES', 'href title').split(' ')
+    config.enable_authentication = ActiveModel::Type::Boolean.new.cast(ENV['ENABLE_AUTHENTICATION'])
   end
 end

config/routes.rb

@@ -1,5 +1,5 @@
 Rails.application.routes.draw do
-  use_doorkeeper
+  use_doorkeeper if Rails.application.config.enable_authentication
   post '/info', to: 'application#info'
 
   resources :users do