Download as
Browse Code »

Commit 4fca4d2b45787295574079209014f2d31fba7ca7

Authored by Braulio Bhavamitra
1 parent 8ca818fa
Exists in master and in 20 other branches add_member_task_reject_details, admin_visible_profile, community_notifications, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, organization_ratings_improvements, profile_api_improvements, ratings_minor_fixes, send_email_to_admins, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

rails4: use secret_key_base

Showing 3 changed files with 20 additions and 20 deletions   Show diff stats
config/application.rb
  Diff comments   View file @4fca4d2
@@ -107,26 +107,9 @@ module Noosfero @@ -107,26 +107,9 @@ module Noosfero
107 config.sass.cache = true 107 config.sass.cache = true
108 config.sass.line_comments = false 108 config.sass.line_comments = false
109 109
110 - def noosfero_session_secret  
111 - require 'fileutils'  
112 - target_dir = File.join(File.dirname(__FILE__), '../tmp')  
113 - FileUtils.mkdir_p(target_dir)  
114 - file = File.join(target_dir, 'session.secret')  
115 - if !File.exists?(file)  
116 - secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')  
117 - File.open(file, 'w') do |f|  
118 - f.puts secret  
119 - end  
120 - end  
121 - File.read(file).strip  
122 - end  
123 -  
124 - # Your secret key for verifying cookie session data integrity.  
125 - # If you change this key, all old sessions will become invalid!  
126 - # Make sure the secret is at least 30 characters and all random,  
127 - # no regular words or you'll be exposed to dictionary attacks.  
128 - config.secret_token = noosfero_session_secret  
129 - config.session_store :cookie_store, :key => '_noosfero_session' 110 + config.action_dispatch.session = {
  111 + :key => '_noosfero_session',
  112 + }
130 113
131 config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate" 114 config.paths['db/migrate'] += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/db/migrate"
132 config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}" 115 config.i18n.load_path += Dir.glob "#{Rails.root}/{baseplugins,config/plugins}/*/locales/*.{rb,yml}"
config/initializers/secret_token.rb 0 → 100644
  Diff comments   View file @4fca4d2
@@ -0,0 +1,3 @@ @@ -0,0 +1,3 @@
  1 +Noosfero::Application.config.secret_token = Noosfero.session_secret
  2 +Noosfero::Application.config.secret_key_base = Noosfero.session_secret
  3 +
lib/noosfero.rb
  Diff comments   View file @4fca4d2
@@ -51,6 +51,20 @@ module Noosfero @@ -51,6 +51,20 @@ module Noosfero
51 yield 51 yield
52 FastGettext.set_locale(orig_locale) 52 FastGettext.set_locale(orig_locale)
53 end 53 end
  54 +
  55 + def session_secret
  56 + require 'fileutils'
  57 + target_dir = File.join(File.dirname(__FILE__), '../tmp')
  58 + FileUtils.mkdir_p(target_dir)
  59 + file = File.join(target_dir, 'session.secret')
  60 + if !File.exists?(file)
  61 + secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')
  62 + File.open(file, 'w') do |f|
  63 + f.puts secret
  64 + end
  65 + end
  66 + File.read(file).strip
  67 + end
54 end 68 end
55 69
56 def self.identifier_format 70 def self.identifier_format