Merge pull request #156 from opf/feature/rails3_fix_secret_token

Better secret token handling
pull/48/merge
meeee 12 years ago
commit 2f15f6f363
  1. 2
      .gitignore
  2. 21
      config/initializers/secret_token.rb
  3. 2
      lib/tasks/ci.rake
  4. 48
      lib/tasks/initializers.rake
  5. 28
      lib/tasks/secret_token.rake

2
.gitignore vendored

@ -20,7 +20,7 @@
/config/configuration.yml
/config/database.yml
/config/email.yml
#/config/initializers/session_store.rb
/config/secret_token.yml
/coverage
/db/*.db
/db/*.sqlite3

@ -1,7 +1,26 @@
require 'yaml'
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
OpenProject::Application.config.secret_token = '95c3dfbae641c113be1eed4b8ff2c3723e33f5df9485aa8784d3e2449aeb7e2d67db29063464e49e4028e41fe7076b4222f00f25ebbd5a553457a5b4804a93e6'
begin
secret_token_config = YAML.load_file('config/secret_token.yml')
secret_token = secret_token_config['secret_token']
rescue
end
OpenProject::Application.config.secret_token = if Rails.env.development? or Rails.env.test?
('x' * 30) # meets minimum requirement of 30 chars long
else
ENV['SECRET_TOKEN'] || secret_token
end
if OpenProject::Application.config.secret_token.nil?
puts "Error: secret_token empty!"
puts "Please set it with ENV variable 'SECRET_TOKEN' or "
puts "run 'rake generate_secret_token'"
exit 1
end

@ -57,8 +57,6 @@ namespace :ci do
YAML.dump({"test" => database_yml}, f)
end
Rake::Task["generate_session_store"].invoke
# Create and migrate the database
Rake::Task["db:create"].invoke
Rake::Task["db:migrate"].invoke

@ -1,48 +0,0 @@
#-- encoding: UTF-8
#-- copyright
# ChiliProject is a project management system.
#
# Copyright (C) 2010-2011 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
desc 'Generates a configuration file for cookie store sessions.'
file 'config/initializers/session_store.rb' do
path = Rails.root.join('config/initializers/session_store.rb').to_s
secret = SecureRandom.hex(40)
File.open(path, 'w') do |f|
f.write <<"EOF"
# This file was generated by 'rake config/initializers/session_store.rb',
# and should not be made visible to public.
# If you have a load-balancing Redmine cluster, you will need to use the
# same version of this file on each machine. And be sure to restart your
# server when you modify this file.
# Your secret key for verifying cookie session data integrity. If you
# change this key, all old sessions will become invalid! Make sure the
# secret is at least 30 characters and all random, no regular words or
# you'll be exposed to dictionary attacks.
ActionController::Base.session = {
:key => '_chiliproject_session',
#
# Uncomment and edit the :session_path below if are hosting your Redmine
# at a suburi and don't want the top level path to access the cookies
#
# See: http://www.redmine.org/issues/3968
#
# :session_path => '/url_path_to/your/redmine/',
:secret => '#{secret}'
}
EOF
end
end
desc 'Generates a configuration file for cookie store sessions.'
task :generate_session_store => ['config/initializers/session_store.rb']

@ -0,0 +1,28 @@
#-- encoding: UTF-8
#-- copyright
# ChiliProject is a project management system.
#
# Copyright (C) 2010-2011 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# See doc/COPYRIGHT.rdoc for more details.
#++
desc 'Generates a secret token file.'
file 'config/secret_token.yml' do
path = Rails.root.join('config/secret_token.yml').to_s
secret = SecureRandom.hex(64)
File.open(path, 'w') do |f|
f.write <<"EOF"
secret_token: '#{secret}'
EOF
end
end
desc 'Generates a secret token file.'
task :generate_secret_token => ['config/secret_token.yml']
Loading…
Cancel
Save