Commit c56be7002d5bff816a45c4a679aa5ff2988237fa

Authored by Antonio Terceiro
1 parent 75570d37

ActionItem922: generate a unique session secret for each installation

Showing 1 changed file with 12 additions and 1 deletions   Show diff stats
config/environment.rb
... ... @@ -18,6 +18,17 @@ extra_controller_dirs = %w[
18 18 app/controllers/public
19 19 ].map {|item| File.join(RAILS_ROOT, item) }
20 20  
  21 +def noosfero_session_secret
  22 + file = File.join(File.dirname(__FILE__), 'session.secret')
  23 + if !File.exists?(file)
  24 + secret = (1..128).map { %w[0 1 2 3 4 5 6 7 8 9 a b c d e f][rand(16)] }.join('')
  25 + File.open(file, 'w') do |f|
  26 + f.puts secret
  27 + end
  28 + end
  29 + File.read(file).strip
  30 +end
  31 +
21 32 Rails::Initializer.run do |config|
22 33 # Settings in config/environments/* take precedence those specified here
23 34  
... ... @@ -51,7 +62,7 @@ Rails::Initializer.run do |config|
51 62 # no regular words or you'll be exposed to dictionary attacks.
52 63 config.action_controller.session = {
53 64 :session_key => '_noosfero_session',
54   - :secret => '7372009258e02886ca36278257637a008959504400f6286cd09133f6e9131d23460dd77e289bf99b480a3b4d017be0578b59335ce6a1c74e3644e37514926009'
  65 + :secret => noosfero_session_secret(),
55 66 }
56 67  
57 68 # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
... ...