Remove blacklist and whitelist references

berkmancenter · Jul 10, 2020 · 7ed748d · 7ed748d
1 parent 6677b34
commit 7ed748d
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 15 deletions.
diff --git a/.gitignore b/.gitignore
@@ -41,7 +41,7 @@ config/database.yml
 .rubocop.yml
 rspec_examples.txt
 .reek.yml
-whitelisted_ips.rb
+allowed_ips.rb
 safelisted_ips.rb
 public/usercron/
 .ssh/*

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -112,7 +112,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 * Compresses http responses
 * `get_approximate_count` method on `Notice` and `InfringingUrl` (uses postgres reltuples)
-* Whitelists logged-in users using the web interface (if they would not be throttled using the API)
+* Allows logged-in users using the web interface (if they would not be throttled using the API)
 
 ### Changed
 * Updates numerous dependencies
@@ -158,7 +158,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 * Asset-pipeline-related gems no longer loaded in prod to save on memory
 * Prevent deep pagination on search results, since Elasticsearch doesn't support it
-* Much lower throttling limits in rack-attack, coupled with mechanism for whitelisting IPs
+* Much lower throttling limits in rack-attack, coupled with mechanism for allowing IPs
 * Increased cache time-to-live
 
 ## [2.1.6.2](https://github.com/berkmancenter/lumendatabase/releases/tag/2.1.6.2) - 2019-02-04

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -35,10 +35,10 @@ def active_advanced_search_parameters?
   end
 
   def can_see_full_notice_version?(notice)
-    whitelisted_notices = (ENV['WHITELISTED_NOTICES_FULL'] || []).split(',')
+    allowed_notices = (ENV['ALLOWED_NOTICES_FULL'] || []).split(',')
 
     return true if can?(:view_full_version, notice) ||
-                   whitelisted_notices.include?(notice.id.to_s)
+                   allowed_notices.include?(notice.id.to_s)
 
     TokenUrl.valid?(params[:access_token], notice)
   end

diff --git a/config/application.rb b/config/application.rb
@@ -58,11 +58,10 @@ class Application < Rails::Application
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
-    # Enforce whitelist mode for mass assignment.
-    # This will create an empty whitelist of attributes available for mass-assignment for all models
-    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # Enforce allow mode for mass assignment.
+    # This will create an empty list of allowed attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly allow or deny accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    # config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = true

diff --git a/config/initializers/comfortable_mexican_sofa.rb b/config/initializers/comfortable_mexican_sofa.rb
@@ -63,12 +63,12 @@
   # <% User.delete_all %> but if you really want to allow it...
   #   config.allow_erb = false
 
-  # Whitelist of all helper methods that can be used via {{cms:helper}} tag. By default
+  # A list of all allowed helper methods that can be used via {{cms:helper}} tag. By default
   # all helpers are allowed except `eval`, `send`, `call` and few others. Empty array
   # will prevent rendering of all helpers.
   #   config.allowed_helpers = nil
 
-  # Whitelist of partials paths that can be used via {{cms:partial}} tag. All partials
+  # A list of allowed partials paths that can be used via {{cms:partial}} tag. All partials
   # are accessible by default. Empty array will prevent rendering of all partials.
   #   config.allowed_partials = nil
 

diff --git a/config/initializers/mini-profiler.rb b/config/initializers/mini-profiler.rb
@@ -3,5 +3,7 @@
 # after it, so use require: false in the Gemfile and then require it here.
 # Rails.application.config.middleware.insert_after Rack::Deflater, Rack::MiniProfiler
 
+# @TODO Create a PR in the rack-mini-profiler repository and ask for replacing
+# the whitelist word and when it's replaced remove it from here
 Rack::MiniProfiler.config.authorization_mode = :whitelist if Rails.env.production?
 Rack::MiniProfiler.config.disable_caching = false
diff --git a/lib/rack-attack/request.rb b/lib/rack-attack/request.rb
@@ -74,8 +74,8 @@ def user_from_token
   # IP addresses of known legitimate researchers who might otherwise be
   # caught up in low rate limits.
   def special_ip?
-    if defined? WhitelistedIps::IPS
-      WhitelistedIps::IPS.map { |iprange| iprange.include? ip }.any?
+    if defined? AllowedIps::IPS
+      AllowedIps::IPS.map { |iprange| iprange.include? ip }.any?
     else
       false
     end

diff --git a/spec/integration/viewing_notices.spec.rb b/spec/integration/viewing_notices.spec.rb
@@ -60,8 +60,8 @@
     check_full_works_urls
   end
 
-  scenario 'as an anonymous user viewing whitelisted notice' do
-    ENV['WHITELISTED_NOTICES_FULL'] = "1234,#{Notice.last.id}"
+  scenario 'as an anonymous user viewing allowed notice' do
+    ENV['ALLOWED_NOTICES_FULL'] = "1234,#{Notice.last.id}"
 
     visit notice_url(Notice.last)