Commit c56be7002d5bff816a45c4a679aa5ff2988237fa
1 parent
75570d37
Exists in
master
and in
29 other branches
ActionItem922: generate a unique session secret for each installation
Showing
1 changed file
with
12 additions
and
1 deletions
Show diff stats
config/environment.rb
... | ... | @@ -18,6 +18,17 @@ extra_controller_dirs = %w[ |
18 | 18 | app/controllers/public |
19 | 19 | ].map {|item| File.join(RAILS_ROOT, item) } |
20 | 20 | |
21 | +def noosfero_session_secret | |
22 | + file = File.join(File.dirname(__FILE__), 'session.secret') | |
23 | + if !File.exists?(file) | |
24 | + secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('') | |
25 | + File.open(file, 'w') do |f| | |
26 | + f.puts secret | |
27 | + end | |
28 | + end | |
29 | + File.read(file).strip | |
30 | +end | |
31 | + | |
21 | 32 | Rails::Initializer.run do |config| |
22 | 33 | # Settings in config/environments/* take precedence those specified here |
23 | 34 | |
... | ... | @@ -51,7 +62,7 @@ Rails::Initializer.run do |config| |
51 | 62 | # no regular words or you'll be exposed to dictionary attacks. |
52 | 63 | config.action_controller.session = { |
53 | 64 | :session_key => '_noosfero_session', |
54 | - :secret => '7372009258e02886ca36278257637a008959504400f6286cd09133f6e9131d23460dd77e289bf99b480a3b4d017be0578b59335ce6a1c74e3644e37514926009' | |
65 | + :secret => noosfero_session_secret(), | |
55 | 66 | } |
56 | 67 | |
57 | 68 | # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper | ... | ... |