diff options
author | Azul <azul@riseup.net> | 2017-03-22 10:34:12 +0100 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-03-23 08:47:25 +0100 |
commit | d03082680007d30b8883495c2ae5110daec14f71 (patch) | |
tree | 96ebbcb9f18dacadd0886efe029e1e91531f938b /config | |
parent | 84be2700a09808ccae4a3f68a8586ce9aa74066c (diff) |
upgrade: use rails4s 'secret_key_base'
This will get us encrypted cookies but also requires changes to the platform.
fixes #23
Diffstat (limited to 'config')
-rw-r--r-- | config/defaults.yml | 4 | ||||
-rw-r--r-- | config/initializers/secret_token.rb | 14 |
2 files changed, 12 insertions, 6 deletions
diff --git a/config/defaults.yml b/config/defaults.yml index 7e2ea58..52ad571 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -122,7 +122,7 @@ development: monitor: nil admin: nil domain: example.org - secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' + secret_key_base: "1a904c4222fe04548fbe7a3545c4d5210b0a31af1227cbbe304708cf08e5f3a4dffe56372c30aa5486bb8ad577bf86032e720c1513b61870dc1a480e813ffecd" reraise_errors: true test: @@ -138,7 +138,7 @@ test: allowed_ips: - 0.0.0.0 domain: test.me - secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' + secret_key_base: "e1c04f93edb26b64040ba49f34084b03abbc286a7fbb60b5b0736bed2d9fe3ec5f16ef4253b252080f3c8b52e11541d57adc8eee6e4bd53f3b568aced3455106" reraise_errors: true billing: {} default_locale: :en diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index bdd9b1c..4a2e6d7 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -5,8 +5,14 @@ # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -if token = APP_CONFIG[:secret_token] - LeapWeb::Application.config.secret_token = token -else - raise StandardError.new("No secret_token defined in config/config.yml - please provide one.") +unless APP_CONFIG[:secret_key_base] or APP_CONFIG[:secret_token] + raise StandardError.new("No secret_key_base or secret_token defined in config/config.yml - please provide one.") +end + +if APP_CONFIG[:secret_key_base] + LeapWeb::Application.config.secret_key_base = APP_CONFIG[:secret_key_base] +end + +if APP_CONFIG[:secret_token] + LeapWeb::Application.config.secret_token = APP_CONFIG[:secret_token] end |