Maintenance: make more settings runtime writable where possible

app/contracts/backups/create_contract.rb

@@ -49,15 +49,15 @@ def backup_token
 
     def check_waiting_period(token)
       if token.waiting?
-        valid_at = token.created_at + OpenProject::Configuration.backup_initial_waiting_period
+        valid_at = token.created_at + Setting.backup_initial_waiting_period
         hours = ((valid_at - Time.zone.now) / 60.0 / 60.0).round
 
         errors.add :base, :token_cooldown, message: I18n.t("backup.error.token_cooldown", hours:)
       end
     end
 
     def backup_limit
-      limit = OpenProject::Configuration.backup_daily_limit
+      limit = Setting.backup_daily_limit
       if Backup.where("created_at >= ?", Time.zone.today).count > limit
         errors.add :base, :limit_reached, message: I18n.t("backup.error.limit_reached", limit:)
       end

app/controllers/account_controller.rb

@@ -146,7 +146,7 @@ def register
   end
 
   def allow_registration?
-    allow = Setting::SelfRegistration.enabled? && !OpenProject::Configuration.disable_password_login?
+    allow = Setting::SelfRegistration.enabled? && !Setting.disable_password_login?
 
     invited = session[:invitation_token].present?
     get = request.get? && allow
@@ -156,7 +156,7 @@ def allow_registration?
   end
 
   def allow_lost_password_recovery?
-    Setting.lost_password? && !OpenProject::Configuration.disable_password_login?
+    Setting.lost_password? && !Setting.disable_password_login?
   end
 
   # Token based account activation
@@ -234,7 +234,7 @@ def activate_invited(token)
   def activate_user(user)
     if omniauth_direct_login?
       direct_login user
-    elsif OpenProject::Configuration.disable_password_login?
+    elsif Setting.disable_password_login?
       flash[:notice] = I18n.t("account.omniauth_login")
 
       redirect_to signin_path
@@ -401,7 +401,7 @@ def direct_login(user)
   end
 
   def authenticate_user
-    if OpenProject::Configuration.disable_password_login?
+    if Setting.disable_password_login?
       render_404
     else
       password_authentication(params[:username]&.strip, params[:password])

app/controllers/admin/backups_controller.rb

@@ -85,7 +85,7 @@ def show_local_breadcrumb
   end
 
   def check_enabled
-    render_404 unless OpenProject::Configuration.backup_enabled?
+    render_404 unless Setting.backup_enabled?
   end
 
   private

app/controllers/admin_controller.rb

@@ -105,7 +105,7 @@ def show_local_breadcrumb
   private
 
   def hidden_admin_menu_items
-    OpenProject::Configuration.hidden_menu_items[:admin_menu.to_s] || []
+    Setting.hidden_menu_items[:admin_menu.to_s] || []
   end
 
   def plaintext_extraction_checks

app/controllers/concerns/accounts/redirect_after_login.rb

@@ -43,15 +43,15 @@ def redirect_after_login(user)
   end
 
   def default_redirect
-    if (url = OpenProject::Configuration.after_login_default_redirect_url)
+    if (url = Setting.after_login_default_redirect_url)
       redirect_back_or_default url
     else
       redirect_back_or_default my_page_path
     end
   end
 
   def first_login_redirect
-    if (url = OpenProject::Configuration.after_first_login_redirect_url)
+    if (url = Setting.after_first_login_redirect_url)
       redirect_back_or_default url
     else
       redirect_back_or_default home_url(first_time_user: true)

app/controllers/concerns/accounts/user_password_change.rb

@@ -33,33 +33,33 @@
   # Process a password change form, used when the user is forced
   # to change the password.
   # When making changes here, also check MyController.change_password
   def change_password_flow(user:, params:, update_legacy: true, show_user_name: false)
-    return render_404 if OpenProject::Configuration.disable_password_login?
+    return render_404 if Setting.disable_password_login?
 
     # A JavaScript hides the force_password_change field for external
     # auth sources in the admin UI, so this shouldn't normally happen.
     return if redirect_if_password_change_not_allowed(user)
 
     # Ensure the current password is validated
     unless user.check_password?(params[:password], update_legacy:)
       flash_and_log_invalid_credentials(is_logged_in: !show_user_name)
       return render_password_change(user, nil, show_user_name:)
     end
 
     # Call the service to set the new password
     call = ::Users::ChangePasswordService.new(current_user: @user, session:).call(params)
 
     # Yield the success to the caller
     if call.success?
       response = yield call
 
       call.apply_flash_message!(flash)
       return response
     end
 
     # Render the username to hint to a user in case of a forced password change
     render_password_change user, call.message, show_user_name:
   end
 
   ##
   # Log an attempt to log in to a locked account or with invalid credentials

app/controllers/concerns/password_confirmation.rb

@@ -45,7 +45,7 @@ def check_password_confirmation
   # Returns whether password confirmation has been enabled globally
   # AND the current user is internally authenticated.
   def password_confirmation_required?
-    OpenProject::Configuration.internal_password_confirmation? &&
+    Setting.internal_password_confirmation? &&
       !User.current.uses_external_authentication?
   end
 end

app/controllers/help_controller.rb

@@ -33,7 +33,7 @@ def keyboard_shortcuts
 
   def text_formatting
     default_link = OpenProject::Static::Links[:text_formatting][:href]
-    help_link = OpenProject::Configuration.force_formatting_help_link.presence || default_link
+    help_link = Setting.force_formatting_help_link.presence || default_link
 
     redirect_to help_link
   end

app/controllers/ldap_auth_sources_controller.rb

@@ -119,6 +119,6 @@ def show_local_breadcrumb
   end
 
   def block_if_password_login_disabled
-    render_404 if OpenProject::Configuration.disable_password_login?
+    render_404 if Setting.disable_password_login?
   end
 end

app/controllers/users_controller.rb

@@ -295,7 +295,7 @@ def my_or_admin_layout
   end
 
   def set_password?(params)
-    params[:user][:password].present? && !OpenProject::Configuration.disable_password_choice?
+    params[:user][:password].present? && !Setting.disable_password_choice?
   end
 
   protected

app/helpers/backup_helper.rb

@@ -49,7 +49,7 @@ def allow_instant_backup_for_user?(user, date: instant_backup_threshold_date)
   end
 
   def instant_backup_threshold_date
-    DateTime.now - OpenProject::Configuration.backup_initial_waiting_period
+    DateTime.now - Setting.backup_initial_waiting_period
   end
 
   def just_installed_openproject?(after: instant_backup_threshold_date)
@@ -71,7 +71,7 @@ def create_backup_token(user: current_user)
   end
 
   def notify_user_and_admins(user, backup_token:)
-    waiting_period = backup_token.waiting? && OpenProject::Configuration.backup_initial_waiting_period
+    waiting_period = backup_token.waiting? && Setting.backup_initial_waiting_period
     users = ([user] + User.admin.active).uniq
 
     users.each do |recipient|

app/helpers/homescreen_helper.rb

@@ -54,12 +54,12 @@ def static_link_to(key)
   ##
   # Determine whether we should render the links on homescreen?
   def show_homescreen_links?
-    EnterpriseToken.show_banners? || OpenProject::Configuration.show_community_links?
+    EnterpriseToken.show_banners? || Setting.show_community_links?
   end
 
   ##
   # Determine whether we should render the onboarding modal
   def show_onboarding_modal?
-    OpenProject::Configuration.onboarding_enabled? && params[:first_time_user]
+    Setting.onboarding_enabled? && params[:first_time_user]
   end
 end

app/helpers/users_helper.rb

@@ -142,6 +142,6 @@ def allowed_management_user_profile_path(user)
   end
 
   def can_users_have_auth_source?
-    LdapAuthSource.any? && !OpenProject::Configuration.disable_password_login?
+    LdapAuthSource.any? && !Setting.disable_password_login?
   end
 end

app/mailers/user_mailer.rb

@@ -45,7 +45,7 @@ def backup_ready(user)
     send_localized_mail(user) { I18n.t(:mail_subject_backup_ready) }
   end
 
-  def backup_token_reset(recipient, user:, waiting_period: OpenProject::Configuration.backup_initial_waiting_period)
+  def backup_token_reset(recipient, user:, waiting_period: Setting.backup_initial_waiting_period)
     @admin_notification = recipient != user # notification for other admins rather than oneself
     @user_login = user.login
     @waiting_period = waiting_period

app/models/backup.rb

@@ -5,7 +5,7 @@ def permission
     end
 
     def include_attachments?
-      val = OpenProject::Configuration.backup_include_attachments
+      val = Setting.backup_include_attachments
 
       val.nil? ? true : val.to_s.to_bool # default to true
     end
@@ -14,7 +14,7 @@ def include_attachments?
     # Don't include attachments in archive if they are larger than
     # this value combined.
     def attachment_size_max_sum_mb
-      (OpenProject::Configuration.backup_attachment_size_max_sum_mb.presence || 1024).to_i
+      (Setting.backup_attachment_size_max_sum_mb.presence || 1024).to_i
     end
 
     def attachments_query

app/models/ldap_auth_source.rb

@@ -235,7 +235,7 @@ def ldap_connection_options
     {
       host:,
       port:,
-      force_no_page: OpenProject::Configuration.ldap_force_no_page,
+      force_no_page: Setting.ldap_force_no_page,
       encryption: ldap_encryption
     }
   end

app/models/permitted_params/allowed_settings.rb

@@ -70,7 +70,7 @@ def init!
 
       add_restriction!(
         keys: password_keys,
-        condition: -> { OpenProject::Configuration.disable_password_login? }
+        condition: -> { Setting.disable_password_login? }
       )
 
       add_restriction!(

app/models/token/backup.rb

@@ -31,7 +31,7 @@ class Backup < HashedToken
     def ready?
       return false if created_at.nil?
 
-      created_at.since(OpenProject::Configuration.backup_initial_waiting_period).past?
+      created_at.since(Setting.backup_initial_waiting_period).past?
     end
 
     def waiting?

app/models/user.rb

@@ -210,22 +210,22 @@
 
   # Tries to authenticate a user in the database via external auth source
   # or password stored in the database
   def self.try_authentication_for_existing_user(user, password, session = nil)
     activate_user! user, session if session
 
-    return nil if !user.active? || OpenProject::Configuration.disable_password_login?
+    return nil if !user.active? || Setting.disable_password_login?
 
     if user.ldap_auth_source
       # user has an external authentication method
       return nil unless user.ldap_auth_source.authenticate(user.login, password)
     else
       # authentication with local password
       return nil unless user.check_password?(password)
       return nil if user.force_password_change
       return nil if user.password_expired?
     end
     user
   end
 
   def self.activate_user!(user, session)
     if session[:invitation_token]
@@ -242,7 +242,7 @@
 
   # Tries to authenticate with available sources and creates user on success
   def self.try_authentication_and_create_user(login, password)
-    return nil if OpenProject::Configuration.disable_password_login?
+    return nil if Setting.disable_password_login?
 
     user = LdapAuthSource.authenticate(login, password)
 
@@ -344,7 +344,7 @@
   # Does the backend storage allow this user to change their password?
   def change_password_allowed?
     return false if uses_external_authentication? ||
-                    OpenProject::Configuration.disable_password_login?
+                    Setting.disable_password_login?
 
     ldap_auth_source_id.blank?
   end

app/models/user_preference.rb

@@ -79,7 +79,7 @@ def []=(attr_name, value)
   end
 
   def comments_sorting
-    settings.fetch(:comments_sorting, OpenProject::Configuration.default_comment_sort_order)
+    settings.fetch(:comments_sorting, Setting.default_comment_sort_order)
   end
 
   def comments_in_reverse_order?

app/services/ldap/base_service.rb

@@ -72,7 +72,7 @@ def try_to_create(attrs)
     ##
     # Locks the given user if this is what the sync service should do.
     def lock_user!(user)
-      if OpenProject::Configuration.ldap_users_sync_status?
+      if Setting.ldap_users_sync_status?
         Rails.logger.info { "Could not find user #{user.login} in #{ldap.name}. Locking the user." }
         user.update_column(:status, Principal.statuses[:locked])
       else
@@ -85,7 +85,7 @@ def lock_user!(user)
     ##
     # Activates the given user if this is what the sync service should do.
     def activate_user!(user)
-      if OpenProject::Configuration.ldap_users_sync_status?
+      if Setting.ldap_users_sync_status?
         Rails.logger.info { "Activating #{user.login} due to it being synced from LDAP #{ldap.name}." }
         user.update_column(:status, Principal.statuses[:active])
       else

app/services/users/logout_service.rb

@@ -38,7 +38,7 @@ def initialize(controller:)
     def call!(user)
       OpenProject.logger.info { "Logging out ##{user.id}" }
 
-      if OpenProject::Configuration.drop_old_sessions_on_logout?
+      if Setting.drop_old_sessions_on_logout?
         remove_all_autologin_tokens! user
         remove_all_sessions! user
       else

app/uploaders/fog_file_uploader.rb

@@ -114,7 +114,7 @@ def set_content_disposition!(url_options, options:)
 
   def set_expires_at!(url_options, options:)
     if options[:expires_in].present?
-      expires = [options[:expires_in], OpenProject::Configuration.fog_download_url_expires_in].min
+      expires = [options[:expires_in], Setting.fog_download_url_expires_in].min
       url_options[:expire_at] = ::Fog::Time.now + expires
     end
 

app/views/account/_auth_providers.html.erb

@@ -37,7 +37,7 @@ See COPYRIGHT and LICENSE files for more details.
 # * https://community.openproject.org/work_packages/7192
 # * http://stackoverflow.com/questions/13112430/find-loaded-providers-for-omniauth
 auth_provider_html = call_hook :view_account_login_auth_provider
-no_pwd = OpenProject::Configuration.disable_password_login?
+no_pwd = Setting.disable_password_login?
 pclass = no_pwd ? 'no-pwd' : ''
 wclass = local_assigns[:wide] ? 'wide' : ''
 %>

app/views/account/login.html.erb

@@ -34,7 +34,7 @@ See COPYRIGHT and LICENSE files for more details.
   <h1><%= I18n.t(:label_login) %></h1>
 
   <hr class="form--separator" />
-  <% unless OpenProject::Configuration.disable_password_login? %>
+  <% unless Setting.disable_password_login? %>
     <%= render partial: 'password_login_form' %>
   <% end %>
   <%= render partial: 'auth_providers' %>

app/views/admin/settings/authentication_settings/show.html.erb

@@ -59,7 +59,7 @@ See COPYRIGHT and LICENSE files for more details.
 
     <fieldset class="form--fieldset">
       <legend class="form--fieldset-legend"><%= I18n.t(:passwords, scope: [:settings]) %></legend>
-      <% if !OpenProject::Configuration.disable_password_login? %>
+      <% if !Setting.disable_password_login? %>
         <div class="form--field -wide-label"><%= setting_text_field :password_min_length, size: 6, container_class: '-xslim' %></div>
         <div class="form--field -wide-label">
           <% rules = OpenProject::Passwords::Evaluator.known_rules.map do |rule|
@@ -91,7 +91,7 @@ See COPYRIGHT and LICENSE files for more details.
       <% end %>
     </fieldset>
 
-    <% unless OpenProject::Configuration.disable_password_login? %>
+    <% unless Setting.disable_password_login? %>
       <fieldset class="form--fieldset">
         <legend class="form--fieldset-legend"><%= I18n.t(:brute_force_prevention, scope: [:settings]) %></legend>
         <div class="form--field -wide-label"><%= setting_text_field :brute_force_block_after_failed_logins, container_class: '-xslim' %>
@@ -127,7 +127,7 @@ See COPYRIGHT and LICENSE files for more details.
       <div class="form--field -wide-label"><%= setting_check_box :log_requesting_user %></div>
     </fieldset>
   </section>
-  <% unless OpenProject::Configuration.disable_password_login? %>
+  <% unless Setting.disable_password_login? %>
     <div style="float:right;">
       <%= link_to t(:label_ldap_authentication), {controller: '/ldap_auth_sources', action: 'index'}, class: 'icon icon-server-key' %>
     </div>

app/views/users/form/authentication/_internal.html.erb

@@ -1,4 +1,4 @@
-<% if OpenProject::Configuration.disable_password_login? %>
+<% if Setting.disable_password_login? %>
   <div id="no_password_info">
     <div class="form--field">
       <%= styled_label_tag nil, I18n.t(:warning) %>

app/views/users/form/authentication/_internal_password.html.erb

@@ -21,7 +21,7 @@
     </div>
   </div>
 
-  <% unless OpenProject::Configuration.disable_password_choice? %>
+  <% unless Setting.disable_password_choice? %>
     <div class="form--field">
       <%= f.password_field :password,
                            required: @user.new_record?,

app/workers/attachments/cleanup_uncontainered_job.rb

@@ -47,7 +47,7 @@ def too_old
     attachment_table = Attachment.arel_table
 
     attachment_table[:created_at]
-      .lteq(Time.zone.now - OpenProject::Configuration.attachments_grace_period.minutes)
+      .lteq(Time.zone.now - Setting.attachments_grace_period.minutes)
       .to_sql
   end
 end

app/workers/attachments/extract_fulltext_job.rb

@@ -36,7 +36,7 @@ def perform(attachment_id)
       @text = nil
       @file = nil
       @filename = nil
-      @language = OpenProject::Configuration.main_content_language
+      @language = Setting.main_content_language
 
       return unless OpenProject::Database.allows_tsv?
       return unless @attachment = find_attachment(attachment_id)

app/workers/exports/cleanup_outdated_job.rb

@@ -30,12 +30,12 @@
   queue_with_priority :low
 
   def self.perform_after_grace
-    set(wait: OpenProject::Configuration.attachments_grace_period.minutes).perform_later
+    set(wait: Setting.attachments_grace_period.minutes).perform_later
   end
 
   def perform
     Export
-      .where("created_at <= ?", Time.current - OpenProject::Configuration.attachments_grace_period.minutes)
+      .where("created_at <= ?", Time.current - Setting.attachments_grace_period.minutes)
       .destroy_all
   end
 end