From d03082680007d30b8883495c2ae5110daec14f71 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Wed, 22 Mar 2017 10:34:12 +0100
Subject: upgrade: use rails4s 'secret_key_base'

This will get us encrypted cookies but also requires changes to the platform.
fixes #23
---
 config/initializers/secret_token.rb | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'config/initializers/secret_token.rb')

diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index bdd9b1c..4a2e6d7 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -5,8 +5,14 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 
-if token = APP_CONFIG[:secret_token]
-  LeapWeb::Application.config.secret_token = token
-else
-  raise StandardError.new("No secret_token defined in config/config.yml - please provide one.")
+unless APP_CONFIG[:secret_key_base] or APP_CONFIG[:secret_token]
+  raise StandardError.new("No secret_key_base or secret_token defined in config/config.yml - please provide one.")
+end
+
+if APP_CONFIG[:secret_key_base]
+  LeapWeb::Application.config.secret_key_base = APP_CONFIG[:secret_key_base]
+end
+
+if APP_CONFIG[:secret_token]
+  LeapWeb::Application.config.secret_token = APP_CONFIG[:secret_token]
 end
-- 
cgit v1.2.3