Unverified Commit 470787d3 authored by azul's avatar azul
Browse files

upgrade: use the new config/secrets.yml

Still reading secret_token from config/crabgrass/secret.txt if it is there.

This way we can migrate old sessions to the new keybase.
parent b08cb42e
......@@ -41,8 +41,6 @@ module Crabgrass
config.session_store :cookie_store,
:key => 'crabgrass_session'
config.secret_token = Conf.secret
# Enable the asset pipeline
config.assets.enabled = true
# Version of your assets, change this if you want to expire all your assets
......
......@@ -10,6 +10,8 @@ APP_ROOT = Pathname.new(File.dirname(__FILE__)) + '..'
# config
dirs << CRABGRASS_CONFIG_DIRECTORY = APP_ROOT + "config/crabgrass"
# DEPRECATED. For new secrets use config/secrets.yml instead.
CRABGRASS_SECRET_FILE = CRABGRASS_CONFIG_DIRECTORY + "secret.txt"
# extensions
......
#
# I don't think we want signed cookies. This is only for 'remember me' cookies,
# I believe:
#
# http://m.onkey.org/2010/2/5/signed-and-permanent-cookies-in-rails-3
#
# I consider these permanent cookies to be a huge security vulnerability.
#
# Be sure to restart your server when you modify this file.
#
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
#
# ActionController::Base.cookie_verifier_secret = '';
#
<% #If its around we still use the old secret file %>
<% #to migrate sessions from previous version %>
<% old_secret = File.read(CRABGRASS_SECRET_FILE).chomp rescue nil %>
development:
secret_key_base: 8a10650ac87e29d30fd6951ec00fb5e36670923a529980a3cea3b50d70af379a3cfd3eb35b1117d6f6558645aaea1e8ceab34f2a35ed9ff878b48e8e9d3d5264
secret_token: <%= old_secret %>
test:
secret_key_base: <%= SecureRandom.hex(64) %>
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
secret_token: <%= old_secret %>
......@@ -21,12 +21,3 @@ end
# load configuration file
Conf.load("crabgrass.#{Rails.env}.yml")
begin
Conf.secret = File.read(CRABGRASS_SECRET_FILE).chomp
rescue
unless ARGV.first == "create_a_secret"
raise "Can't load the secret key from file #{CRABGRASS_SECRET_FILE}. Have you run 'rake create_a_secret'?"
end
end
......@@ -63,7 +63,6 @@ class Conf
cattr_accessor :enabled_languages_hash # (private)
cattr_accessor :email
cattr_accessor :sites
cattr_accessor :secret
cattr_accessor :paranoid_emails
cattr_accessor :ensure_page_owner
cattr_accessor :default_page_access
......@@ -132,7 +131,6 @@ class Conf
self.enabled_languages = []
self.email = nil
self.sites = []
self.secret = nil
self.ensure_page_owner = true
self.default_page_access = :admin
self.default_group_permissions = {
......
task :create_a_secret do
require File.dirname(__FILE__) + '/../../config/directories.rb'
`rake -s secret > #{CRABGRASS_SECRET_FILE}`
puts "Crabgrass now uses the default rails4 mechanism for storing secrets."
puts "Please run 'rake secret' and copy the key to the line for your"
puts "environment in config/secrets.yml."
puts "For production you can also set the environments SECRET_KEY_BASE."
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment