🥔🛠️🔐✨ `Spaces`: Enforce `ssl` connection

[zspencer]

• https://github.com/zinc-collective/convene/issues/1154

We're in a bit of a pickle here because we're using Cloudflare's free tier for DNS and WAF for convene.zinc.coop; which requires us to disable force_ssl for that Space to prevent a redirect loop.

However, for spaces that are not using a Web Application Firewall or other intermediary; we do want to force ssl.

Use Cases

• [x] Operator may force every space to use SSL by setting the FORCE_SSL environment variable to true
• [x] Visitors are redirected to https if they visit a space that Enforces SSL using HTTP
• [x] Member may force all requests to a Space to use ssl

[zspencer]

@KellyAH - This may be a bit less of a stretch than you wanted; but it will give you experience digging into the Rails Routing and Controller layers. If you want to tackle it, just leave your face on and roll and tag me on PRs. If you don't just tell me "eh, no" and I'll pick it up :soon:

[zspencer]

@KellyAH - When I tested this via the UI in production, the checkbox did not persist in between page-loads. I was able to confirm that when I updated the enforce_ssl flag on the Piikup space it does do the redirection tho!

[KellyAH]

@KellyAH - When I tested this via the UI in production, the checkbox did not persist in between page-loads. I was able to confirm that when I updated the enforce_ssl flag on the Piikup space it does do the redirection tho!

1. Odd. the checkbox's checked/unchecked state persisted when testing on local. So is the Enforce SSL checkbox broken on prod right now? And is it a break on the frontend or backend?
2. We made the unit tests together. So the unit tests failed to provide adequate coverage?

[zspencer]

I didn't have time to do much data collection; but I'm going to set up a production space and get a repro for ya.

[zspencer]

OK never mind; clearly I must have not been paying enough attention because it was during the onboarding for Cafe Gabriela.

I have created a new space (https://sandbox.zinc.coop/spaces/sandbox/) that we can use for testing stuff in production with lower stakes tho!

[KellyAH]

crud! I just spun up local off latest master and it's getting SSL errors! It looks like /spaces pages are auto redirecting to https. Is your local throwing SSL errors too when loading any web pages.

Did the merge of https://github.com/zinc-collective/convene/pull/1504 break our local environments and prod?

[zspencer]

My local is still fine; but I have not turned on enforce_ssl for local spaces; because my local environment doesn't have SSL. You may need to go into the Rails console, find your "test" Space, and flip the enforce_ssl to false:

Space.find_by(slug:  "test").update(enforce_ssl: false)

Alternatively, you could update all your local spaces to not enforce ssl:

Space.where(enforce_ssl: true).each { |space| space.update(enforce_ssl: false) } 

[zspencer]

Alright, well I think this is Done For Now; so I am going to mark it as a Potato and close it!