Download as
Browse Code »

Commit 4fca4d2b45787295574079209014f2d31fba7ca7

Authored by Braulio Bhavamitra
1 parent 8ca818fa
Exists in staging and in 39 other branches all_pending_tasks_api, api-articles-period, api_roles, caching-rails4, captcha_serpro_plugin, comments_permissions, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export-comment-paragraph, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_notification_email, fix_string_downcase_and_upcase, follower_permition, json_cookie_serializer, login-captcha, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, production-vendorized, profile_api_improvements, user_mention, webfinger_server

rails4: use secret_key_base

Showing 3 changed files with 20 additions and 20 deletions   Show diff stats
config/application.rb
  Diff comments   View file @4fca4d2
@@ -107,26 +107,9 @@ module Noosfero @@ -107,26 +107,9 @@ module Noosfero
107 config.sass.cache = true 107 config.sass.cache = true
108 config.sass.line_comments = false 108 config.sass.line_comments = false
109 109
110 - def noosfero_session_secret  
111 - require 'fileutils'  
112 - target_dir = File.join(File.dirname(__FILE__), '../tmp')  
113 - FileUtils.mkdir_p(target_dir)  
114 - file = File.join(target_dir, 'session.secret')  
115 - if !File.exists?(file)  
116 - secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')  
117 - File.open(file, 'w') do |f|  
118 - f.puts secret  
119 - end  
120 - end  
121 - File.read(file).strip  
122 - end  
123 -  
124 - # Your secret key for verifying cookie session data integrity.  
125 - # If you change this key, all old sessions will become invalid!  
126 - # Make sure the secret is at least 30 characters and all random,  
127 - # no regular words or you'll be exposed to dictionary attacks.  
128 - config.secret_token = noosfero_session_secret  
129 - config.session_store :cookie_store, :key => '_noosfero_session' 110 + config.action_dispatch.session = {
  111 + :key => '_noosfero_session',
  112 + }
130 113
131 config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate" 114 config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate"
132 config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}" 115 config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}"
config/initializers/secret_token.rb 0 → 100644
  Diff comments   View file @4fca4d2
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
  1 +Noosfero::Application.config.secret_token = Noosfero.session_secret
  2 +Noosfero::Application.config.secret_key_base = Noosfero.session_secret
  3 +
lib/noosfero.rb
  Diff comments   View file @4fca4d2
@@ -51,6 +51,20 @@ module Noosfero @@ -51,6 +51,20 @@ module Noosfero
51 yield 51 yield
52 FastGettext.set_locale(orig_locale) 52 FastGettext.set_locale(orig_locale)
53 end 53 end
  54 +
  55 + def session_secret
  56 + require 'fileutils'
  57 + target_dir = File.join(File.dirname(__FILE__), '../tmp')
  58 + FileUtils.mkdir_p(target_dir)
  59 + file = File.join(target_dir, 'session.secret')
  60 + if !File.exists?(file)
  61 + secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')
  62 + File.open(file, 'w') do |f|
  63 + f.puts secret
  64 + end
  65 + end
  66 + File.read(file).strip
  67 + end
54 end 68 end
55 69
56 def self.identifier_format 70 def self.identifier_format