Fix support for special characters in various environment variables (#35314)

Co-authored-by: Matt Jankowski <matt@jankowski.online>

config/cache_buster.yml

@@ -1,5 +1,5 @@
 shared:
   enabled: <%= ENV.fetch('CACHE_BUSTER_ENABLED', 'false') == 'true' %>
-  secret_header: <%= ENV.fetch('CACHE_BUSTER_SECRET_HEADER', nil) %>
-  secret: <%= ENV.fetch('CACHE_BUSTER_SECRET', nil) %>
+  secret_header: <%= ENV.fetch('CACHE_BUSTER_SECRET_HEADER', nil)&.to_json %>
+  secret: <%= ENV.fetch('CACHE_BUSTER_SECRET', nil)&.to_json %>
   http_method: <%= ENV.fetch('CACHE_BUSTER_HTTP_METHOD', 'GET') %>

config/email.yml

@@ -2,14 +2,14 @@
 # keys are added here.
 production:
   delivery_method: <%= ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp') %>
-  from_address: <%= ENV.fetch('SMTP_FROM_ADDRESS', 'notifications@localhost') %>
-  reply_to: <%= ENV.fetch('SMTP_REPLY_TO', nil) %>
-  return_path: <%= ENV.fetch('SMTP_RETURN_PATH', nil) %>
+  from_address: <%= ENV.fetch('SMTP_FROM_ADDRESS', 'notifications@localhost')&.to_json %>
+  reply_to: <%= ENV.fetch('SMTP_REPLY_TO', nil)&.to_json %>
+  return_path: <%= ENV.fetch('SMTP_RETURN_PATH', nil)&.to_json %>
   smtp_settings:
     port: <%= ENV.fetch('SMTP_PORT', nil) %>
-    address: <%= ENV.fetch('SMTP_SERVER', nil) %>
-    user_name: <%= ENV.fetch('SMTP_LOGIN', nil) %>
-    password: <%= ENV.fetch('SMTP_PASSWORD', nil) %>
+    address: <%= ENV.fetch('SMTP_SERVER', nil)&.to_json %>
+    user_name: <%= ENV.fetch('SMTP_LOGIN', nil)&.to_json %>
+    password: <%= ENV.fetch('SMTP_PASSWORD', nil)&.to_json %>
     domain: <%= ENV.fetch('SMTP_DOMAIN', ENV.fetch('LOCAL_DOMAIN', nil)) %>
     authentication: <%= ENV.fetch('SMTP_AUTH_METHOD', 'plain') %>
     ca_file: <%= ENV.fetch('SMTP_CA_FILE', '/etc/ssl/certs/ca-certificates.crt') %>
@@ -22,9 +22,9 @@ production:
   bulk_mail:
     smtp_settings:
       port: <%= ENV.fetch('BULK_SMTP_PORT', nil) %>
-      address: <%= ENV.fetch('BULK_SMTP_SERVER', nil) %>
-      user_name: <%= ENV.fetch('BULK_SMTP_LOGIN', nil) %>
-      password: <%= ENV.fetch('BULK_SMTP_PASSWORD', nil) %>
+      address: <%= ENV.fetch('BULK_SMTP_SERVER', nil)&.to_json %>
+      user_name: <%= ENV.fetch('BULK_SMTP_LOGIN', nil)&.to_json %>
+      password: <%= ENV.fetch('BULK_SMTP_PASSWORD', nil)&.to_json %>
       domain: <%= ENV.fetch('BULK_SMTP_DOMAIN', ENV.fetch('LOCAL_DOMAIN', nil)) %>
       authentication: <%= ENV.fetch('BULK_SMTP_AUTH_METHOD', 'plain') %>
       ca_file: <%= ENV.fetch('BULK_SMTP_CA_FILE', '/etc/ssl/certs/ca-certificates.crt') %>

config/mastodon.yml

@@ -2,14 +2,14 @@
 shared:
   experimental_features: <%= ENV.fetch('EXPERIMENTAL_FEATURES', nil) %>
   limited_federation_mode: <%= (ENV.fetch('LIMITED_FEDERATION_MODE', nil) || ENV.fetch('WHITELIST_MODE', nil)) == 'true' %>
-  self_destruct_value: <%= ENV.fetch('SELF_DESTRUCT', nil) %>
-  software_update_url: <%= ENV.fetch('UPDATE_CHECK_URL', 'https://api.joinmastodon.org/update-check') %>
+  self_destruct_value: <%= ENV.fetch('SELF_DESTRUCT', nil)&.to_json %>
+  software_update_url: <%= ENV.fetch('UPDATE_CHECK_URL', 'https://api.joinmastodon.org/update-check')&.to_json %>
   source:
-    base_url: <%= ENV.fetch('SOURCE_BASE_URL', nil) %>
+    base_url: <%= ENV.fetch('SOURCE_BASE_URL', nil)&.to_json %>
     repository: <%= ENV.fetch('GITHUB_REPOSITORY', 'mastodon/mastodon') %>
     tag: <%= ENV.fetch('SOURCE_TAG', nil) %>
   version:
-    metadata: <%= ENV.fetch('MASTODON_VERSION_METADATA', nil) %>
-    prerelease: <%= ENV.fetch('MASTODON_VERSION_PRERELEASE', nil) %>
+    metadata: <%= ENV.fetch('MASTODON_VERSION_METADATA', nil)&.to_json %>
+    prerelease: <%= ENV.fetch('MASTODON_VERSION_PRERELEASE', nil)&.to_json %>
 test:
   experimental_features: <%= [ENV.fetch('EXPERIMENTAL_FEATURES', nil), 'testing_only'].compact.join(',') %>

config/translation.yml

@@ -1,7 +1,7 @@
 shared:
   deepl:
-    api_key: <%= ENV.fetch('DEEPL_API_KEY', nil) %>
+    api_key: <%= ENV.fetch('DEEPL_API_KEY', nil)&.to_json %>
     plan: <%= ENV.fetch('DEEPL_PLAN', 'free') %>
   libre_translate:
-    api_key: <%= ENV.fetch('LIBRE_TRANSLATE_API_KEY', nil) %>
-    endpoint: <%= ENV.fetch('LIBRE_TRANSLATE_ENDPOINT', nil) %>
+    api_key: <%= ENV.fetch('LIBRE_TRANSLATE_API_KEY', nil)&.to_json %>
+    endpoint: <%= ENV.fetch('LIBRE_TRANSLATE_ENDPOINT', nil)&.to_json %>

config/vapid.yml

@@ -13,5 +13,5 @@
 # https://rossta.net/blog/using-the-web-push-api-with-vapid.html
 #
 shared:
-  private_key: <%= ENV.fetch('VAPID_PRIVATE_KEY', nil) %>
-  public_key: <%= ENV.fetch('VAPID_PUBLIC_KEY', nil) %>
+  private_key: <%= ENV.fetch('VAPID_PRIVATE_KEY', nil)&.to_json %>
+  public_key: <%= ENV.fetch('VAPID_PUBLIC_KEY', nil)&.to_json %>

spec/configuration/email_spec.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Configuration for email', type: :feature do
+  context 'with special characters in SMTP_PASSWORD env variable' do
+    let(:password) { ']]123456789[["!:@<>/\\=' }
+
+    around do |example|
+      ClimateControl.modify SMTP_PASSWORD: password do
+        example.run
+      end
+    end
+
+    it 'parses value correctly' do
+      expect(Rails.application.config_for(:email, env: :production))
+        .to include(
+          smtp_settings: include(password: password)
+        )
+    end
+  end
+end