use encrypted cookies on new installations

2014-01-16 13:01:11 +01:00 · 2014-01-16 13:01:11 +01:00 · ab514d7eb6
commit ab514d7eb6
parent 7841245795
4 changed files with 8 additions and 4 deletions
--- a/config/initializers/secret_token.rb.SAMPLE
+++ b/config/initializers/secret_token.rb.SAMPLE
@ -4,4 +4,7 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Foodsoft::Application.config.secret_token = '2be5574568ff4d270b108399078a8e485b363af84d441d02d2a6fd3fc51a8c015065790b7e414134e6d97ffc40da898a5a12f66f9de6b992b7ea96e7a34839b8'
+Foodsoft::Application.config.secret_key_base = 'you really really need to change me!'
+
+# When you're upgrading from Rails 3, it's ok to keep using `secret_token`.
+# http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html
--- a/lib/capistrano/tasks/deploy_initial.cap
+++ b/lib/capistrano/tasks/deploy_initial.cap
@ -70,7 +70,7 @@ namespace :deploy do
      require 'securerandom'
      on roles(:app), in: :groups do
        secret = SecureRandom.hex(64)
-        text = "Foodsoft::Application.config.secret_token = \"#{secret}\""
+        text = "Foodsoft::Application.config.secret_key_base = \"#{secret}\""
        execute :mkdir, '-p', shared_path.join("config/initializers")
        upload! StringIO.new(text), shared_path.join("config/initializers/secret_token.rb")
      end
--- a/lib/tasks/foodsoft_setup.rake
+++ b/lib/tasks/foodsoft_setup.rake
@ -106,7 +106,7 @@ def setup_secret_token
  puts yellow "Generating secret_token and writing to #{file}..."
  Rake::Task["secret"].reenable
  secret = capture_stdout { Rake::Task["secret"].invoke }
-  %x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_token = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
+  %x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_key_base = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
 end

 def start_mailcatcher
--- a/lib/token_verifier.rb
+++ b/lib/token_verifier.rb
@ -31,7 +31,8 @@ class TokenVerifier < ActiveSupport::MessageVerifier
  protected

  def self.secret
-    Foodsoft::Application.config.secret_token
+    # secret_key_base for Rails 4, but Rails 3 initializer may still be used
+    Foodsoft::Application.config.secret_key_base or Foodsoft::Application.config.secret_token
  end

 end