diff --git a/.gitignore b/.gitignore index ec37fb8da7..6f1ee11031 100644 --- a/.gitignore +++ b/.gitignore @@ -20,7 +20,7 @@ /config/configuration.yml /config/database.yml /config/email.yml -#/config/initializers/session_store.rb +/config/secret_token.yml /coverage /db/*.db /db/*.sqlite3 diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index b9ee1ce96b..7b4b9bd113 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -1,7 +1,26 @@ +require 'yaml' # Be sure to restart your server when you modify this file. # Your secret key for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -OpenProject::Application.config.secret_token = '95c3dfbae641c113be1eed4b8ff2c3723e33f5df9485aa8784d3e2449aeb7e2d67db29063464e49e4028e41fe7076b4222f00f25ebbd5a553457a5b4804a93e6' + +begin + secret_token_config = YAML.load_file('config/secret_token.yml') + secret_token = secret_token_config['secret_token'] +rescue +end + +OpenProject::Application.config.secret_token = if Rails.env.development? or Rails.env.test? + ('x' * 30) # meets minimum requirement of 30 chars long +else + ENV['SECRET_TOKEN'] || secret_token +end + +if OpenProject::Application.config.secret_token.nil? + puts "Error: secret_token empty!" + puts "Please set it with ENV variable 'SECRET_TOKEN' or " + puts "run 'rake generate_secret_token'" + exit 1 +end diff --git a/lib/tasks/ci.rake b/lib/tasks/ci.rake index 79809ef8ee..92c5499b83 100644 --- a/lib/tasks/ci.rake +++ b/lib/tasks/ci.rake @@ -57,8 +57,6 @@ namespace :ci do YAML.dump({"test" => database_yml}, f) end - Rake::Task["generate_session_store"].invoke - # Create and migrate the database Rake::Task["db:create"].invoke Rake::Task["db:migrate"].invoke diff --git a/lib/tasks/initializers.rake b/lib/tasks/initializers.rake deleted file mode 100644 index 5a086693d3..0000000000 --- a/lib/tasks/initializers.rake +++ /dev/null @@ -1,48 +0,0 @@ -#-- encoding: UTF-8 -#-- copyright -# ChiliProject is a project management system. -# -# Copyright (C) 2010-2011 the ChiliProject Team -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# See doc/COPYRIGHT.rdoc for more details. -#++ - -desc 'Generates a configuration file for cookie store sessions.' - -file 'config/initializers/session_store.rb' do - path = Rails.root.join('config/initializers/session_store.rb').to_s - secret = SecureRandom.hex(40) - File.open(path, 'w') do |f| - f.write <<"EOF" -# This file was generated by 'rake config/initializers/session_store.rb', -# and should not be made visible to public. -# If you have a load-balancing Redmine cluster, you will need to use the -# same version of this file on each machine. And be sure to restart your -# server when you modify this file. - -# Your secret key for verifying cookie session data integrity. If you -# change this key, all old sessions will become invalid! Make sure the -# secret is at least 30 characters and all random, no regular words or -# you'll be exposed to dictionary attacks. -ActionController::Base.session = { - :key => '_chiliproject_session', - # - # Uncomment and edit the :session_path below if are hosting your Redmine - # at a suburi and don't want the top level path to access the cookies - # - # See: http://www.redmine.org/issues/3968 - # - # :session_path => '/url_path_to/your/redmine/', - :secret => '#{secret}' -} -EOF - end -end - -desc 'Generates a configuration file for cookie store sessions.' -task :generate_session_store => ['config/initializers/session_store.rb'] diff --git a/lib/tasks/secret_token.rake b/lib/tasks/secret_token.rake new file mode 100644 index 0000000000..886a5c0d8b --- /dev/null +++ b/lib/tasks/secret_token.rake @@ -0,0 +1,28 @@ +#-- encoding: UTF-8 +#-- copyright +# ChiliProject is a project management system. +# +# Copyright (C) 2010-2011 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# See doc/COPYRIGHT.rdoc for more details. +#++ + +desc 'Generates a secret token file.' + +file 'config/secret_token.yml' do + path = Rails.root.join('config/secret_token.yml').to_s + secret = SecureRandom.hex(64) + File.open(path, 'w') do |f| + f.write <<"EOF" +secret_token: '#{secret}' +EOF + end +end + +desc 'Generates a secret token file.' +task :generate_secret_token => ['config/secret_token.yml']