|
|
|
@ -14,35 +14,25 @@ |
|
|
|
|
|
|
|
|
|
desc 'Generates a configuration file for cookie store sessions.' |
|
|
|
|
|
|
|
|
|
file 'config/initializers/session_store.rb' do |
|
|
|
|
path = Rails.root.join('config/initializers/session_store.rb').to_s |
|
|
|
|
secret = SecureRandom.hex(40) |
|
|
|
|
file 'config/initializers/secret_token.rb' do |
|
|
|
|
path = Rails.root.join('config/initializers/secret_token.rb').to_s |
|
|
|
|
secret = SecureRandom.hex(128) |
|
|
|
|
File.open(path, 'w') do |f| |
|
|
|
|
f.write <<"EOF" |
|
|
|
|
# This file was generated by 'rake config/initializers/session_store.rb', |
|
|
|
|
# This file was generated by 'rake config/initializers/secret_token.rb', |
|
|
|
|
# and should not be made visible to public. |
|
|
|
|
# If you have a load-balancing Redmine cluster, you will need to use the |
|
|
|
|
# If you have a load-balancing OpenProject cluster, you will need to use the |
|
|
|
|
# same version of this file on each machine. And be sure to restart your |
|
|
|
|
# server when you modify this file. |
|
|
|
|
|
|
|
|
|
# Your secret key for verifying cookie session data integrity. If you |
|
|
|
|
# change this key, all old sessions will become invalid! Make sure the |
|
|
|
|
# secret is at least 30 characters and all random, no regular words or |
|
|
|
|
# you'll be exposed to dictionary attacks. |
|
|
|
|
ActionController::Base.session = { |
|
|
|
|
:key => '_chiliproject_session', |
|
|
|
|
# |
|
|
|
|
# Uncomment and edit the :session_path below if are hosting your Redmine |
|
|
|
|
# at a suburi and don't want the top level path to access the cookies |
|
|
|
|
# |
|
|
|
|
# See: http://www.redmine.org/issues/3968 |
|
|
|
|
# |
|
|
|
|
# :session_path => '/url_path_to/your/redmine/', |
|
|
|
|
:secret => '#{secret}' |
|
|
|
|
} |
|
|
|
|
# Your secret key for verifying the integrity of signed cookies. |
|
|
|
|
# If you change this key, all old signed cookies will become invalid! |
|
|
|
|
# Make sure the secret is at least 30 characters and all random, |
|
|
|
|
# no regular words or you'll be exposed to dictionary attacks. |
|
|
|
|
OpenProject::Application.config.secret_token = '#{secret}' |
|
|
|
|
EOF |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
desc 'Generates a configuration file for cookie store sessions.' |
|
|
|
|
task :generate_session_store => ['config/initializers/session_store.rb'] |
|
|
|
|
task :generate_secret_token => ['config/initializers/secret_token.rb'] |
|
|
|
|