Merge branch 'upgrade/secret-key-base' into 'master'

upgrade: use rails4s 'secret_key_base' Closes #23 See merge request !24
author: azul <azul@riseup.net> 2017-03-23 08:36:07 +0000
committer: azul <azul@riseup.net> 2017-03-23 08:36:07 +0000
commit: 3efe125d6e3bd5f4eecd18952376ffc37e09b9c5 (patch)
tree: 30640dfeafa9f847901bb149635a1a781ab51d9b
parent: 2989f4142576de191b16832b53c3d1e70701d286 (diff)
parent: d03082680007d30b8883495c2ae5110daec14f71 (diff)
4 files changed, 35 insertions, 11 deletions
diff --git a/CHANGES.md b/CHANGES.md
index b36cd18..bedc412 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,8 +1,26 @@
+version 0.9 (unreleased) - rails 4, twitter feed and deprecations
+----------------------------------------------------
+
+We have a great contribution from the Rails Girls Summer of Code again!
+The landing page of the webapp can now include a twitter feed to display
+news from the provider.
+Other than that this is a maintainance and transition release.
+
+* Twitter feed on main page (thanks theaamanda and lilaluca).
+* upgrade to rails 4.2
+
+Upgrading:
+
+* We now use rails 4's `secret_key_base`. Please make sure to supply it
+  in config/config.yml for production environments. If you are using the
+  leap platform that will already take care of it.
+
+
 version 0.8 - email and RGSoC
 ------------------------------------------
 
-This release focused on getting all the features needed for a complete 
-email provider and merging in the work done by Rails Girls Summer of 
+This release focused on getting all the features needed for a complete
+email provider and merging in the work done by Rails Girls Summer of
 Code.
 
 * Support for invite codes: admins can require that new
diff --git a/README.md b/README.md
index 3d56344..11b7a38 100644
--- a/README.md
+++ b/README.md
@@ -112,7 +112,7 @@ There are a few values you should make sure to modify:
       admins: ["myusername","otherusername"]
       domain: example.net
       force_ssl: true
-      secret_token: "4be2f60fafaf615bd4a13b96bfccf2c2c905898dad34"
+      secret_key_base: "e1c04f93edb26b64040ba49f34084b03abbc286a7fbb60b5b0736bed2d9fe3ec5f16ef4253b252080f3c8b52e11541d57adc8eee6e4bd53f3b568aced3455106"
       client_ca_key: "./test/files/ca.key"
       client_ca_cert: "./test/files/ca.key"
       ca_key_password: nil
@@ -125,8 +125,8 @@ There are a few values you should make sure to modify:
 * `force_ssl`, if set to true, will require secure cookies and turn on
    HSTS. Don't do this if you are using a self-signed server certificate.
 
-* `secret_token`, used for cookie security, you can create one with
-  `rake secret`. Should be at least 30 characters.
+* `secret_key_base`, used for cookie security, you can create one with
+  `rake secret`. Should be at least 64 bytes hex.
 
 * `client_ca_key`, the private key of the CA used to generate client
    certificates.
diff --git a/config/defaults.yml b/config/defaults.yml
index 7e2ea58..52ad571 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -122,7 +122,7 @@ development:
     monitor: nil
     admin: nil
   domain: example.org
-  secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+  secret_key_base: "1a904c4222fe04548fbe7a3545c4d5210b0a31af1227cbbe304708cf08e5f3a4dffe56372c30aa5486bb8ad577bf86032e720c1513b61870dc1a480e813ffecd"
   reraise_errors: true
 
 test:
@@ -138,7 +138,7 @@ test:
     allowed_ips:
       - 0.0.0.0
   domain: test.me
-  secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+  secret_key_base: "e1c04f93edb26b64040ba49f34084b03abbc286a7fbb60b5b0736bed2d9fe3ec5f16ef4253b252080f3c8b52e11541d57adc8eee6e4bd53f3b568aced3455106"
   reraise_errors: true
   billing: {}
   default_locale: :en
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index bdd9b1c..4a2e6d7 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -5,8 +5,14 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 
-if token = APP_CONFIG[:secret_token]
-  LeapWeb::Application.config.secret_token = token
-else
-  raise StandardError.new("No secret_token defined in config/config.yml - please provide one.")
+unless APP_CONFIG[:secret_key_base] or APP_CONFIG[:secret_token]
+  raise StandardError.new("No secret_key_base or secret_token defined in config/config.yml - please provide one.")
+end
+
+if APP_CONFIG[:secret_key_base]
+  LeapWeb::Application.config.secret_key_base = APP_CONFIG[:secret_key_base]
+end
+
+if APP_CONFIG[:secret_token]
+  LeapWeb::Application.config.secret_token = APP_CONFIG[:secret_token]
 end
author	azul <azul@riseup.net>	2017-03-23 08:36:07 +0000
committer	azul <azul@riseup.net>	2017-03-23 08:36:07 +0000
commit	3efe125d6e3bd5f4eecd18952376ffc37e09b9c5 (patch)
tree	30640dfeafa9f847901bb149635a1a781ab51d9b
parent	2989f4142576de191b16832b53c3d1e70701d286 (diff)
parent	d03082680007d30b8883495c2ae5110daec14f71 (diff)