Dependency upgrades

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: elixir:1.11-alpine
+      image: elixir:1.12-alpine
 
     services:
       redis: redis:alpine
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: elixir:1.10-alpine
+      image: elixir:1.12-alpine
 
     steps:
       - name: Checkout
@@ -97,7 +97,7 @@ jobs:
     runs-on: ubuntu-latest
 
     container:
-      image: elixir:1.11-alpine
+      image: elixir:1.12-alpine
 
     steps:
       - name: Checkout
@@ -131,4 +131,4 @@ jobs:
         run: mix deps.get
 
       - name: Credo
-        run: mix credo
+        run: mix credo --strict

.tool-versions

@@ -0,0 +1,2 @@
+elixir 1.12.3-otp-23
+nodejs 12.9.1

Dockerfile

@@ -1,4 +1,4 @@
-FROM elixir:1.11-alpine as build
+FROM elixir:1.12-alpine as build
 
 # Install deps
 RUN set -xe; \

config/config.exs

@@ -8,7 +8,6 @@ config :recognizer,
 
 config :recognizer, RecognizerWeb.Endpoint,
   url: [host: "localhost"],
-  secret_key_base: "vbOPS+hzz+UAQRtWxIdqiKrcOuWpbLTfocvgvRVDR9P4JRfxtmWZa45H25iKKYoI",
   render_errors: [
     view: RecognizerWeb.ErrorView,
     accepts: ~w(html json),
@@ -23,6 +22,8 @@ config :recognizer, RecognizerWeb.Endpoint,
   live_view: [signing_salt: "YzwhzV25"],
   gzip: false
 
+config :recognizer, Recognizer.Notifications.Account, bullhorn_enabled: false
+
 config :logger, :console,
   format: "$time $metadata[$level] $message\n",
   metadata: [:request_id, :user_id, :trace_id, :span_id]
@@ -37,10 +38,6 @@ config :phoenix, :json_library, Jason
 
 config :recognizer, :message_queues, []
 
-config :ex_aws,
-  enabled: false,
-  json_codec: Jason
-
 config :recognizer, ExOauth2Provider,
   repo: Recognizer.Repo,
   resource_owner: Recognizer.Accounts.User,

config/dev.exs

@@ -12,7 +12,10 @@ config :recognizer, Recognizer.Repo,
   pool_size: 10
 
 config :recognizer, RecognizerWeb.Endpoint,
-  http: [port: 4000],
+  # Binding to loopback ipv4 address prevents access from other machines.
+  # Change to `ip: {0, 0, 0, 0}` to allow access from other machines.
+  http: [ip: {127, 0, 0, 1}, port: 4000],
+  secret_key_base: "vbOPS+hzz+UAQRtWxIdqiKrcOuWpbLTfocvgvRVDR9P4JRfxtmWZa45H25iKKYoI",
   debug_errors: true,
   code_reloader: true,
   check_origin: false,

config/prod.exs

@@ -13,6 +13,6 @@ config :logger,
 
 config :recognizer, Recognizer.Repo, log: false
 
-config :phoenix, :logger, false
+config :recognizer, Recognizer.Notifications.Account, bullhorn_enabled: true
 
-config :ex_aws, enabled: true
+config :phoenix, :logger, false

config/releases.exs

@@ -11,6 +11,14 @@ config :recognizer,
 
 config :recognizer, RecognizerWeb.Endpoint,
   url: [host: System.get_env("DOMAIN")],
+  http: [
+    # Enable IPv6 and bind on all interfaces.
+    # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
+    # See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
+    # for details about using IPv6 vs IPv4 and loopback vs public addresses.
+    ip: {0, 0, 0, 0, 0, 0, 0, 0},
+    port: String.to_integer(System.get_env("PORT") || "4000")
+  ],
   secret_key_base: recognizer_config["SECRET_KEY_BASE"]
 
 config :recognizer, Recognizer.Repo,

config/test.exs

@@ -16,7 +16,11 @@ config :recognizer, Recognizer.Repo,
   pool: Ecto.Adapters.SQL.Sandbox
 
 config :recognizer, RecognizerWeb.Endpoint,
-  http: [port: 4002],
+  http: [ip: {127, 0, 0, 1}, port: 4002],
+  secret_key_base: "vbOPS+hzz+UAQRtWxIdqiKrcOuWpbLTfocvgvRVDR9P4JRfxtmWZa45H25iKKYoI",
   server: false
 
 config :logger, level: :warn
+
+# Initialize plugs at runtime for faster test compilation
+config :phoenix, :plug_init_mode, :runtime

lib/recognizer/accounts.ex

@@ -7,9 +7,13 @@ defmodule Recognizer.Accounts do
 
   import Ecto.Query, warn: false
 
-  alias Recognizer.Accounts.{User, OAuth, RecoveryCode}
+  alias Ecto.Multi
+  alias Recognizer.Accounts.OAuth
+  alias Recognizer.Accounts.RecoveryCode
+  alias Recognizer.Accounts.User
+  alias Recognizer.Guardian
   alias Recognizer.Notifications.Account, as: Notification
-  alias Recognizer.{Guardian, Repo}
+  alias Recognizer.Repo
   alias RecognizerWeb.Authentication
 
   ## Database getters
@@ -284,10 +288,10 @@ defmodule Recognizer.Accounts do
       |> User.password_changeset(attrs)
       |> User.validate_current_password(password)
 
-    Ecto.Multi.new()
-    |> Ecto.Multi.update(:user, changeset)
-    |> Ecto.Multi.delete_all(:oauth, user_and_oauth_access_query(user))
-    |> Ecto.Multi.delete_all(:tokens, user_and_contexts_query(user, :all))
+    Multi.new()
+    |> Multi.update(:user, changeset)
+    |> Multi.delete_all(:oauth, user_and_oauth_access_query(user))
+    |> Multi.delete_all(:tokens, user_and_contexts_query(user, :all))
     |> Repo.transaction()
     |> case do
       {:ok, %{user: user}} ->
@@ -445,10 +449,10 @@ defmodule Recognizer.Accounts do
 
   """
   def reset_user_password(user, attrs) do
-    Ecto.Multi.new()
-    |> Ecto.Multi.update(:user, User.password_changeset(user, attrs))
-    |> Ecto.Multi.delete_all(:oauth, user_and_oauth_access_query(user))
-    |> Ecto.Multi.delete_all(:tokens, user_and_contexts_query(user, :all))
+    Multi.new()
+    |> Multi.update(:user, User.password_changeset(user, attrs))
+    |> Multi.delete_all(:oauth, user_and_oauth_access_query(user))
+    |> Multi.delete_all(:tokens, user_and_contexts_query(user, :all))
     |> Repo.transaction()
     |> case do
       {:ok, %{user: user}} -> {:ok, user}
@@ -503,8 +507,8 @@ defmodule Recognizer.Accounts do
   def update_user_two_factor(user, attrs) do
     user_changeset = change_user_two_factor(user, attrs)
 
-    Ecto.Multi.new()
-    |> Ecto.Multi.update(:user, user_changeset)
+    Multi.new()
+    |> Multi.update(:user, user_changeset)
     |> Repo.transaction()
     |> case do
       {:ok, %{user: user}} ->

lib/recognizer/accounts/role.ex

@@ -28,7 +28,7 @@ defmodule Recognizer.Accounts.Role do
     |> validate_required([:user_id, :role_id])
   end
 
-  def default_role_changeset() do
+  def default_role_changeset do
     [
       %{role_id: @login_role_id}
     ]

lib/recognizer/guardian.ex

@@ -5,6 +5,7 @@ defmodule Recognizer.Guardian do
 
   use Guardian, otp_app: :recognizer
 
+  alias Guardian.DB
   alias Recognizer.Accounts
 
   def subject_for_token(%Recognizer.Accounts.User{id: id}, _claims) do
@@ -39,25 +40,25 @@ defmodule Recognizer.Guardian do
   end
 
   def after_encode_and_sign(resource, claims, token, _options) do
-    with {:ok, _} <- Guardian.DB.after_encode_and_sign(resource, claims["typ"], claims, token) do
+    with {:ok, _} <- DB.after_encode_and_sign(resource, claims["typ"], claims, token) do
       {:ok, token}
     end
   end
 
   def on_verify(claims, token, _options) do
-    with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
+    with {:ok, _} <- DB.on_verify(claims, token) do
       {:ok, claims}
     end
   end
 
   def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
-    with {:ok, _, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
+    with {:ok, _, _} <- DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
       {:ok, {old_token, old_claims}, {new_token, new_claims}}
     end
   end
 
   def on_revoke(claims, token, _options) do
-    with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
+    with {:ok, _} <- DB.on_revoke(claims, token) do
       {:ok, claims}
     end
   end

lib/recognizer/notifications/account.ex

@@ -84,11 +84,11 @@ defmodule Recognizer.Notifications.Account do
     |> send_message()
   end
 
-  defp create_message(user, type, args \\ []) do
-    apply(type, :new, [Keyword.merge([user: user], args)])
+  defp create_message(user, notification_module, args \\ []) do
+    notification_module.new(Keyword.merge([user: user], args))
   end
 
-  if Application.compile_env(:ex_aws, :enabled) do
+  if Application.compile_env(:recognizer, [__MODULE__, :bullhorn_enabled]) do
     use Spandex.Decorators
 
     @decorate span(service: :bullhorn, type: :function)

lib/recognizer_web/authentication.ex

@@ -7,8 +7,9 @@ defmodule RecognizerWeb.Authentication do
   import Phoenix.Controller
 
   alias Guardian.DB, as: GuardianDB
-  alias RecognizerWeb.Router.Helpers, as: Routes
   alias Recognizer.Guardian
+  alias Recognizer.Guardian.Plug, as: GuardianPlug
+  alias RecognizerWeb.Router.Helpers, as: Routes
 
   @doc """
   Logs the user in.
@@ -30,7 +31,7 @@ defmodule RecognizerWeb.Authentication do
 
         conn
         |> clear_session()
-        |> Guardian.Plug.sign_in(user, params)
+        |> GuardianPlug.sign_in(user, params)
         |> redirect(redirect_opts)
     end
   end
@@ -51,7 +52,7 @@ defmodule RecognizerWeb.Authentication do
     redirect_opts = logout_redirect(conn)
 
     conn
-    |> Guardian.Plug.sign_out()
+    |> GuardianPlug.sign_out()
     |> clear_session()
     |> redirect(redirect_opts)
   end
@@ -70,7 +71,7 @@ defmodule RecognizerWeb.Authentication do
   and remember me token.
   """
   def fetch_current_user(conn) do
-    Guardian.Plug.current_resource(conn)
+    GuardianPlug.current_resource(conn)
   end
 
   @doc """

lib/recognizer_web/controllers/accounts/api/user_registration_controller.ex

@@ -1,8 +1,8 @@
 defmodule RecognizerWeb.Accounts.Api.UserRegistrationController do
   use RecognizerWeb, :controller
 
-  alias Recognizer.Accounts.Role
   alias Recognizer.Accounts
+  alias Recognizer.Accounts.Role
   alias RecognizerWeb.FallbackController
 
   def create(conn, %{"user" => user_params}) do

lib/recognizer_web/endpoint.ex

@@ -7,6 +7,8 @@ defmodule RecognizerWeb.Endpoint do
     signing_salt: "juvsYHmf"
   ]
 
+  socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]
+
   plug RecognizerWeb.HealthcheckPlug
 
   plug Plug.Static,
@@ -15,15 +17,19 @@ defmodule RecognizerWeb.Endpoint do
     gzip: Application.get_env(:recognizer, __MODULE__)[:gzip],
     only: ~w(styles fonts images scripts favicon.ico robots.txt)
 
+  # Code reloading can be explicitly enabled under the
+  # :code_reloader configuration of your endpoint.
   # Code reloading can be explicitly enabled under the
   # :code_reloader configuration of your endpoint.
   if code_reloading? do
-    socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
-    plug Phoenix.LiveReloader
     plug Phoenix.CodeReloader
     plug Phoenix.Ecto.CheckRepoStatus, otp_app: :recognizer
   end
 
+  plug Phoenix.LiveDashboard.RequestLogger,
+    param_key: "request_logger",
+    cookie_key: "request_logger"
+
   plug CORSPlug
   plug Bottle.RequestIdPlug
   plug Plug.Telemetry, event_prefix: [:phoenix, :endpoint]

lib/recognizer_web/router.ex

@@ -103,4 +103,24 @@ defmodule RecognizerWeb.Router do
     get "/settings/two-factor", UserSettingsController, :two_factor
     post "/settings/two-factor", UserSettingsController, :two_factor_confirm
   end
+
+  # Enables LiveDashboard only for development
+  #
+  # If you want to use the LiveDashboard in production, you should put
+  # it behind authentication and allow only admins to access it.
+  # If your application does not have an admins-only section yet,
+  # you can use Plug.BasicAuth to set up some basic authentication
+  # as long as you are also using SSL (which you should anyway).
+  if Mix.env() in [:dev, :test] do
+    import Phoenix.LiveDashboard.Router
+
+    scope "/" do
+      pipe_through [:fetch_session, :protect_from_forgery]
+
+      live_dashboard "/dashboard",
+        metrics: RecognizerWeb.Telemetry,
+        ecto_repos: [Recognizer.Repo],
+        ecto_mysql_extras_options: [long_running_queries: [threshold: 200]]
+    end
+  end
 end

lib/recognizer_web/telemetry.ex

@@ -50,11 +50,26 @@ defmodule RecognizerWeb.Telemetry do
       ),
 
       # Database Metrics
-      summary("recognizer.repo.query.total_time", unit: {:native, :millisecond}),
-      summary("recognizer.repo.query.decode_time", unit: {:native, :millisecond}),
-      summary("recognizer.repo.query.query_time", unit: {:native, :millisecond}),
-      summary("recognizer.repo.query.queue_time", unit: {:native, :millisecond}),
-      summary("recognizer.repo.query.idle_time", unit: {:native, :millisecond}),
+      summary("app.repo.query.total_time",
+        unit: {:native, :millisecond},
+        description: "The sum of the other measurements"
+      ),
+      summary("app.repo.query.decode_time",
+        unit: {:native, :millisecond},
+        description: "The time spent decoding the data received from the database"
+      ),
+      summary("app.repo.query.query_time",
+        unit: {:native, :millisecond},
+        description: "The time spent executing the query"
+      ),
+      summary("app.repo.query.queue_time",
+        unit: {:native, :millisecond},
+        description: "The time spent waiting for a database connection"
+      ),
+      summary("app.repo.query.idle_time",
+        unit: {:native, :millisecond},
+        description: "The time the connection spent waiting before being checked out for the query"
+      ),
 
       # VM Metrics
       summary("vm.memory.total", unit: {:byte, :kilobyte}),

lib/recognizer_web/templates/oauth_provider/authorize/new.html.eex

@@ -6,7 +6,7 @@
     System76 account?
   </p>
 
-  <% if @scopes do %>
+  <%= if @scopes do %>
     <p>
       This will allow <strong><%= @client.name %> to do:
     </p>