HER-31: fix devise JWT

.gitignore

@@ -31,6 +31,9 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+/config/master.key.bak
+/config/credentials.yml.enc.bak
+
 
 # Ignore node modules
 node_modules

README.md

@@ -50,39 +50,29 @@ This app provides teachers with resources to support social-emotional learning f
        npm install
        ```
 
-7. In the project files, delete the `config/credentials.yml.enc` file. Then, in the `rails server` terminal, run the following:
-
-    ```sh
-    EDITOR="code --wait" bin/rails credentials:edit
-    ```
-
-   This will open a file in VSCode. Close this file without changes. This will re-create the credential files for your local environment.
-
-   You should see both the `credentials.yml.enc` and `master.key` files in the `config` folder.
-
-8. In `rails server`, create and seed the database:
+7. In `rails server`, create and seed the database:
 
     ```sh
     rails db:prepare
     ```
 
-9. Start `rails server`
+8. Start `rails server`
 
    ```sh
    rails s
    ```
 
     > The backend server runs on `localhost:3000`
 
-10. Start `frontend`
+9. Start `frontend`
 
     ```sh
     npm run dev
     ```
 
     > The frontend server runs on `localhost:5173`
 
-11. Open `http://localhost:5173/` and get coding!
+10. Open `http://localhost:5173/` and get coding!
 
 ## Features
 

config/application.rb

@@ -27,6 +27,9 @@ class Application < Rails::Application
     # Only loads a smaller set of middleware suitable for API only apps.
     # Middleware like session, flash, cookies can be added back manually.
     # Skip views, helpers and assets when generating a new resource.
+    config.middleware.use ActionDispatch::Cookies
+    config.middleware.use ActionDispatch::Session::CookieStore
+
     config.api_only = true
   end
 end

config/initializers/devise.rb

@@ -308,8 +308,7 @@
 
   # ==> Configuration for :registerable
 
-  jwt_secret = ENV["DEVISE_JWT_SECRET_KEY"] || SecureRandom.hex(20) unless Rails.env.production?
-  jwt_secret ||= Rails.application.credentials.fetch(:secret_key_base)
+  jwt_secret = ENV.fetch("DEVISE_JWT_SECRET_KEY") { "713135daf69a905f3b1e3758ac144401c78a5c66553c845871998f1386c5b48869b043c3e50e45b63acba54daf1005004f9a38b7bdd6d6aa5e11181940b2564d" }
 
   # When set to false, does not sign a user in automatically after their password is
   # changed. Defaults to true, so a user is signed in automatically after changing a password.