Merge pull request #39 from azul/feature/keep-session-secret

fetch secret token for signing cookies from config
author: jessib <jessib@riseup.net> 2013-04-08 11:18:45 -0700
committer: jessib <jessib@riseup.net> 2013-04-08 11:18:45 -0700
commit: 1ca17ae19a6997e12b180b49637d18850d04a774 (patch)
tree: 43a3488ae427d9cda2ce30f1ab52ca43b4e7e0de /config/initializers
parent: 45c59e825a36be48d86518b5f26ae279e8a2d301 (diff)
parent: 1eab831d706720777921bb429f97a72721d049f6 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 23c1aac..c4e1e6d 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -4,4 +4,9 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-LeapWeb::Application.config.secret_token = '550df064dbc5052d9e192b324c1c5a1095c85a2195f88bd6f6829c63b74d8dffa4556494a2e8cc44345a1926be8b6cb17aa4b3f3102d826f5679c3fb57bb7100'
+
+if token = APP_CONFIG['secret_token']
+  LeapWeb::Application.config.secret_token = token
+else
+  raise StandartError.new("No secret_token defined in config/config.yml - please provide one.")
+end
author	jessib <jessib@riseup.net>	2013-04-08 11:18:45 -0700
committer	jessib <jessib@riseup.net>	2013-04-08 11:18:45 -0700
commit	1ca17ae19a6997e12b180b49637d18850d04a774 (patch)
tree	43a3488ae427d9cda2ce30f1ab52ca43b4e7e0de /config/initializers
parent	45c59e825a36be48d86518b5f26ae279e8a2d301 (diff)
parent	1eab831d706720777921bb429f97a72721d049f6 (diff)