Merge pull request #156 from opf/feature/rails3_fix_secret_token
Better secret token handlingpull/48/merge
commit
2f15f6f363
@ -1,7 +1,26 @@ |
||||
require 'yaml' |
||||
# Be sure to restart your server when you modify this file. |
||||
|
||||
# Your secret key for verifying the integrity of signed cookies. |
||||
# If you change this key, all old signed cookies will become invalid! |
||||
# Make sure the secret is at least 30 characters and all random, |
||||
# no regular words or you'll be exposed to dictionary attacks. |
||||
OpenProject::Application.config.secret_token = '95c3dfbae641c113be1eed4b8ff2c3723e33f5df9485aa8784d3e2449aeb7e2d67db29063464e49e4028e41fe7076b4222f00f25ebbd5a553457a5b4804a93e6' |
||||
|
||||
begin |
||||
secret_token_config = YAML.load_file('config/secret_token.yml') |
||||
secret_token = secret_token_config['secret_token'] |
||||
rescue |
||||
end |
||||
|
||||
OpenProject::Application.config.secret_token = if Rails.env.development? or Rails.env.test? |
||||
('x' * 30) # meets minimum requirement of 30 chars long |
||||
else |
||||
ENV['SECRET_TOKEN'] || secret_token |
||||
end |
||||
|
||||
if OpenProject::Application.config.secret_token.nil? |
||||
puts "Error: secret_token empty!" |
||||
puts "Please set it with ENV variable 'SECRET_TOKEN' or " |
||||
puts "run 'rake generate_secret_token'" |
||||
exit 1 |
||||
end |
||||
|
@ -1,48 +0,0 @@ |
||||
#-- encoding: UTF-8 |
||||
#-- copyright |
||||
# ChiliProject is a project management system. |
||||
# |
||||
# Copyright (C) 2010-2011 the ChiliProject Team |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# as published by the Free Software Foundation; either version 2 |
||||
# of the License, or (at your option) any later version. |
||||
# |
||||
# See doc/COPYRIGHT.rdoc for more details. |
||||
#++ |
||||
|
||||
desc 'Generates a configuration file for cookie store sessions.' |
||||
|
||||
file 'config/initializers/session_store.rb' do |
||||
path = Rails.root.join('config/initializers/session_store.rb').to_s |
||||
secret = SecureRandom.hex(40) |
||||
File.open(path, 'w') do |f| |
||||
f.write <<"EOF" |
||||
# This file was generated by 'rake config/initializers/session_store.rb', |
||||
# and should not be made visible to public. |
||||
# If you have a load-balancing Redmine cluster, you will need to use the |
||||
# same version of this file on each machine. And be sure to restart your |
||||
# server when you modify this file. |
||||
|
||||
# Your secret key for verifying cookie session data integrity. If you |
||||
# change this key, all old sessions will become invalid! Make sure the |
||||
# secret is at least 30 characters and all random, no regular words or |
||||
# you'll be exposed to dictionary attacks. |
||||
ActionController::Base.session = { |
||||
:key => '_chiliproject_session', |
||||
# |
||||
# Uncomment and edit the :session_path below if are hosting your Redmine |
||||
# at a suburi and don't want the top level path to access the cookies |
||||
# |
||||
# See: http://www.redmine.org/issues/3968 |
||||
# |
||||
# :session_path => '/url_path_to/your/redmine/', |
||||
:secret => '#{secret}' |
||||
} |
||||
EOF |
||||
end |
||||
end |
||||
|
||||
desc 'Generates a configuration file for cookie store sessions.' |
||||
task :generate_session_store => ['config/initializers/session_store.rb'] |
@ -0,0 +1,28 @@ |
||||
#-- encoding: UTF-8 |
||||
#-- copyright |
||||
# ChiliProject is a project management system. |
||||
# |
||||
# Copyright (C) 2010-2011 the ChiliProject Team |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# as published by the Free Software Foundation; either version 2 |
||||
# of the License, or (at your option) any later version. |
||||
# |
||||
# See doc/COPYRIGHT.rdoc for more details. |
||||
#++ |
||||
|
||||
desc 'Generates a secret token file.' |
||||
|
||||
file 'config/secret_token.yml' do |
||||
path = Rails.root.join('config/secret_token.yml').to_s |
||||
secret = SecureRandom.hex(64) |
||||
File.open(path, 'w') do |f| |
||||
f.write <<"EOF" |
||||
secret_token: '#{secret}' |
||||
EOF |
||||
end |
||||
end |
||||
|
||||
desc 'Generates a secret token file.' |
||||
task :generate_secret_token => ['config/secret_token.yml'] |
Loading…
Reference in new issue