From 4fca4d2b45787295574079209014f2d31fba7ca7 Mon Sep 17 00:00:00 2001
From: Braulio Bhavamitra <braulio@eita.org.br>
Date: Sat, 27 Sep 2014 00:05:33 -0300
Subject: [PATCH] rails4: use secret_key_base

---
 config/application.rb               | 23 +++--------------------
 config/initializers/secret_token.rb |  3 +++
 lib/noosfero.rb                     | 14 ++++++++++++++
 3 files changed, 20 insertions(+), 20 deletions(-)
 create mode 100644 config/initializers/secret_token.rb

diff --git a/config/application.rb b/config/application.rb
index 0775e71..0fb44b2 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -107,26 +107,9 @@ module Noosfero
     config.sass.cache = true
     config.sass.line_comments = false
 
-    def noosfero_session_secret
-      require 'fileutils'
-      target_dir = File.join(File.dirname(__FILE__), '../tmp')
-      FileUtils.mkdir_p(target_dir)
-      file = File.join(target_dir, 'session.secret')
-      if !File.exists?(file)
-        secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')
-        File.open(file, 'w') do |f|
-          f.puts secret
-        end
-      end
-      File.read(file).strip
-    end
-
-    # Your secret key for verifying cookie session data integrity.
-    # If you change this key, all old sessions will become invalid!
-    # Make sure the secret is at least 30 characters and all random,
-    # no regular words or you'll be exposed to dictionary attacks.
-    config.secret_token = noosfero_session_secret
-    config.session_store :cookie_store, :key => '_noosfero_session'
+    config.action_dispatch.session = {
+      :key    => '_noosfero_session',
+    }
 
     config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate"
     config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}"
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
new file mode 100644
index 0000000..8d2e4f3
--- /dev/null
+++ b/config/initializers/secret_token.rb
@@ -0,0 +1,3 @@
+Noosfero::Application.config.secret_token = Noosfero.session_secret
+Noosfero::Application.config.secret_key_base = Noosfero.session_secret
+
diff --git a/lib/noosfero.rb b/lib/noosfero.rb
index b1ae492..4dc368c 100644
--- a/lib/noosfero.rb
+++ b/lib/noosfero.rb
@@ -51,6 +51,20 @@ module Noosfero
       yield
       FastGettext.set_locale(orig_locale)
     end
+
+    def session_secret
+      require 'fileutils'
+      target_dir = File.join(File.dirname(__FILE__), '../tmp')
+      FileUtils.mkdir_p(target_dir)
+      file = File.join(target_dir, 'session.secret')
+      if !File.exists?(file)
+        secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')
+        File.open(file, 'w') do |f|
+          f.puts secret
+        end
+      end
+      File.read(file).strip
+    end
   end
 
   def self.identifier_format
--
libgit2 0.21.2