fix: [710] make secrets in config options mandatory

- `tracker.token` - `auth.user_claim_token_pepper` It keeps the default for the SMPT server credential ebcuase they are not always needed. - `mail.smpt.credentials.password`
torrust · Aug 12, 2024 · 7b3cc13 · 7b3cc13
1 parent 4d85120
commit 7b3cc13
Show file tree

Hide file tree

Showing 9 changed files with 63 additions and 5 deletions.
diff --git a/share/default/config/index.container.mysql.toml b/share/default/config/index.container.mysql.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "mysql://root:root_secret_password@mysql:3306/torrust_index"
 

diff --git a/share/default/config/index.container.sqlite3.toml b/share/default/config/index.container.sqlite3.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/sqlite3.db?mode=rwc"
 

diff --git a/share/default/config/index.development.sqlite3.toml b/share/default/config/index.development.sqlite3.toml
@@ -11,6 +11,12 @@ threshold = "info"
 #threshold = "debug"
 #threshold = "trace"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 # Uncomment if you want to enable TSL for development
 #[net.tsl]
 #ssl_cert_path = "./storage/index/lib/tls/localhost.crt"

diff --git a/share/default/config/index.private.e2e.container.sqlite3.toml b/share/default/config/index.private.e2e.container.sqlite3.toml
@@ -15,8 +15,12 @@ threshold = "info"
 api_url = "http://tracker:1212"
 listed = false
 private = true
+token = "MyAccessToken"
 url = "http://tracker:7070"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/e2e_testing_sqlite3.db?mode=rwc"
 
@@ -25,4 +29,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/index.public.e2e.container.mysql.toml b/share/default/config/index.public.e2e.container.mysql.toml
@@ -13,8 +13,12 @@ threshold = "info"
 
 [tracker]
 api_url = "http://tracker:1212"
+token = "MyAccessToken"
 url = "udp://tracker:6969"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "mysql://root:root_secret_password@mysql:3306/torrust_index_e2e_testing"
 
@@ -23,4 +27,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/index.public.e2e.container.sqlite3.toml b/share/default/config/index.public.e2e.container.sqlite3.toml
@@ -13,8 +13,12 @@ threshold = "info"
 
 [tracker]
 api_url = "http://tracker:1212"
+token = "MyAccessToken"
 url = "udp://tracker:6969"
 
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [database]
 connect_url = "sqlite:///var/lib/torrust/index/database/e2e_testing_sqlite3.db?mode=rwc"
 
@@ -23,4 +27,4 @@ port = 1025
 server = "mailcatcher"
 
 [registration]
-[registration.email]
+[registration.email]
diff --git a/share/default/config/tracker.private.e2e.container.sqlite3.toml b/share/default/config/tracker.private.e2e.container.sqlite3.toml
@@ -4,6 +4,12 @@ schema_version = "2.0.0"
 [logging]
 threshold = "info"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [core]
 listed = false
 private = true
@@ -17,4 +23,3 @@ bind_address = "0.0.0.0:6969"
 
 [http_api]
 bind_address = "0.0.0.0:1212"
-
diff --git a/share/default/config/tracker.public.e2e.container.sqlite3.toml b/share/default/config/tracker.public.e2e.container.sqlite3.toml
@@ -4,6 +4,12 @@ schema_version = "2.0.0"
 [logging]
 threshold = "info"
 
+[tracker]
+token = "MyAccessToken"
+
+[auth]
+user_claim_token_pepper = "MaxVerstappenWC2021"
+
 [core]
 listed = false
 private = false

diff --git a/src/config/mod.rs b/src/config/mod.rs
@@ -340,7 +340,12 @@ impl Configuration {
     /// Will return an error if a mandatory configuration option is only
     /// obtained by default value (code), meaning the user hasn't overridden it.
     fn check_mandatory_options(figment: &Figment) -> Result<(), Error> {
-        let mandatory_options = ["metadata.schema_version", "logging.threshold"];
+        let mandatory_options = [
+            "auth.user_claim_token_pepper",
+            "logging.threshold",
+            "metadata.schema_version",
+            "tracker.token",
+        ];
 
         for mandatory_option in mandatory_options {
             figment
@@ -512,6 +517,12 @@ mod tests {
 
                 [logging]
                 threshold = "info"
+
+                [tracker]
+                token = "MyAccessToken"
+
+                [auth]
+                user_claim_token_pepper = "MaxVerstappenWC2021"
             "#,
             )?;
 
@@ -537,6 +548,12 @@ mod tests {
 
                 [logging]
                 threshold = "info"
+
+                [tracker]
+                token = "MyAccessToken"
+
+                [auth]
+                user_claim_token_pepper = "MaxVerstappenWC2021"
             "#
             .to_string();