From 76128494aa36ffe8806c506225c353f9d3599edb Mon Sep 17 00:00:00 2001
From: taitus <sebastia.roig@gmail.com>
Date: Wed, 22 Nov 2023 16:36:27 +0100
Subject: [PATCH] Move authentication_logs secret out of security section

As this secret is currently not programmed to be customisable for each Tenant,
we take it out of the security section. The reason is that so far everything inside this security section can be overwritten per tenant. With this change we are trying
to prevent anyone from trying to overwrite it on a per Tenant basis, as it would have
no effect.
---
 config/application.rb      | 2 +-
 config/secrets.yml.example | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/application.rb b/config/application.rb
index b041b7a0b..20d2a27e8 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -139,7 +139,7 @@ module Consul
     config.paths["app/views"].unshift(Rails.root.join("app", "views", "custom"))
 
     # Set to true to enable user authentication log
-    config.authentication_logs = Rails.application.secrets.dig(:security, :authentication_logs) || false
+    config.authentication_logs = Rails.application.secrets.authentication_logs || false
 
     # Set to true to enable devise user lockable feature
     config.devise_lockable = Rails.application.secrets.devise_lockable
diff --git a/config/secrets.yml.example b/config/secrets.yml.example
index 8b132be01..ed41e3835 100644
--- a/config/secrets.yml.example
+++ b/config/secrets.yml.example
@@ -18,10 +18,10 @@ http_basic_auth: &http_basic_auth
 development:
   http_basic_username: "dev"
   http_basic_password: "pass"
+  authentication_logs: false
   devise_lockable: false
   multitenancy: false
   security:
-    authentication_logs: false
     last_sign_in: false
     password_complexity: false
     # lockable:
@@ -55,12 +55,12 @@ staging:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  authentication_logs: false
   devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false
   security:
-    authentication_logs: false
     last_sign_in: false
     password_complexity: false
     # lockable:
@@ -99,12 +99,12 @@ preproduction:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  authentication_logs: false
   devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false
   security:
-    authentication_logs: false
     last_sign_in: false
     password_complexity: false
     # lockable:
@@ -148,12 +148,12 @@ production:
   errbit_self_hosted_ssl: false
   http_basic_username: ""
   http_basic_password: ""
+  authentication_logs: false
   devise_lockable: false
   managers_url: ""
   managers_application_key: ""
   multitenancy: false
   security:
-    authentication_logs: false
     last_sign_in: false
     password_complexity: false
     # lockable: