use encrypted cookies on new installations

This commit is contained in:
wvengen 2014-01-16 13:01:11 +01:00
parent 7841245795
commit ab514d7eb6
4 changed files with 8 additions and 4 deletions

View file

@ -4,4 +4,7 @@
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
Foodsoft::Application.config.secret_token = '2be5574568ff4d270b108399078a8e485b363af84d441d02d2a6fd3fc51a8c015065790b7e414134e6d97ffc40da898a5a12f66f9de6b992b7ea96e7a34839b8'
Foodsoft::Application.config.secret_key_base = 'you really really need to change me!'
# When you're upgrading from Rails 3, it's ok to keep using `secret_token`.
# http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html

View file

@ -70,7 +70,7 @@ namespace :deploy do
require 'securerandom'
on roles(:app), in: :groups do
secret = SecureRandom.hex(64)
text = "Foodsoft::Application.config.secret_token = \"#{secret}\""
text = "Foodsoft::Application.config.secret_key_base = \"#{secret}\""
execute :mkdir, '-p', shared_path.join("config/initializers")
upload! StringIO.new(text), shared_path.join("config/initializers/secret_token.rb")
end

View file

@ -106,7 +106,7 @@ def setup_secret_token
puts yellow "Generating secret_token and writing to #{file}..."
Rake::Task["secret"].reenable
secret = capture_stdout { Rake::Task["secret"].invoke }
%x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_token = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
%x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_key_base = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
end
def start_mailcatcher

View file

@ -31,7 +31,8 @@ class TokenVerifier < ActiveSupport::MessageVerifier
protected
def self.secret
Foodsoft::Application.config.secret_token
# secret_key_base for Rails 4, but Rails 3 initializer may still be used
Foodsoft::Application.config.secret_key_base or Foodsoft::Application.config.secret_token
end
end