diff options
| author | Azul <azul@riseup.net> | 2017-03-22 10:10:16 +0100 |
|---|---|---|
| committer | Azul <azul@riseup.net> | 2017-03-22 10:10:16 +0100 |
| commit | 44f20f7c3907d500adde0edc87c90b2cd339acea (patch) | |
| tree | ae84426cb988ebee7db1d2e9da5b77f016b998df | |
| parent | 4dbb2c726b7594685ed7857a3f2f89d9a08f36ff (diff) | |
webapp: add secret_key_base to config
This replaces the secret_token from rails 4.1 on.
Both are used for securing cookies in the browser. The secret_key_base
will also encrypt the cookies while the token will only sign them.
Keeping the token in there for now allows us to migrate existing sessions
/ cookies to the new secrets. We can remove it in the next version once
all providers have run with secret_key_base for a while.
| -rw-r--r-- | provider_base/services/webapp.json | 1 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 1 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 064d5b1a..ede3bf66 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,6 +23,7 @@ "invite_required": "= provider.enrollment_policy == 'invite'", "default_service_level": "= provider.service.default_service_level", "service_levels": "= service_levels()", + "secret_key_base": "= secret :webapp_secret_key_base", "secret_token": "= secret :webapp_secret_token", "api_version": 1, "secure": false, diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1ae80012..deb8e8c8 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -10,6 +10,7 @@ class site_webapp { $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') $api_version = $webapp['api_version'] + $secret_key_base = $webapp['secret_key_base'] $secret_token = $webapp['secret_token'] $tor = hiera('tor', false) $sources = hiera('sources') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index dd55d3e9..1a802f4c 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -8,6 +8,7 @@ production = { "force_ssl" => @webapp['secure'], "client_ca_key" => "%s/%s.key" % [scope.lookupvar('x509::variables::keys'), scope.lookupvar('site_config::params::client_ca_name')], "client_ca_cert" => "%s/%s.crt" % [scope.lookupvar('x509::variables::local_CAs'), scope.lookupvar('site_config::params::client_ca_name')], + "secret_key_base" => @secret_key_base, "secret_token" => @secret_token, "client_cert_lifespan" => cert_options['life_span'], "client_cert_bit_size" => cert_options['bit_size'].to_i, |