use encrypted cookies on new installations
This commit is contained in:
parent
7841245795
commit
ab514d7eb6
4 changed files with 8 additions and 4 deletions
|
@ -4,4 +4,7 @@
|
|||
# If you change this key, all old signed cookies will become invalid!
|
||||
# Make sure the secret is at least 30 characters and all random,
|
||||
# no regular words or you'll be exposed to dictionary attacks.
|
||||
Foodsoft::Application.config.secret_token = '2be5574568ff4d270b108399078a8e485b363af84d441d02d2a6fd3fc51a8c015065790b7e414134e6d97ffc40da898a5a12f66f9de6b992b7ea96e7a34839b8'
|
||||
Foodsoft::Application.config.secret_key_base = 'you really really need to change me!'
|
||||
|
||||
# When you're upgrading from Rails 3, it's ok to keep using `secret_token`.
|
||||
# http://api.rubyonrails.org/classes/ActionDispatch/Session/CookieStore.html
|
||||
|
|
|
@ -70,7 +70,7 @@ namespace :deploy do
|
|||
require 'securerandom'
|
||||
on roles(:app), in: :groups do
|
||||
secret = SecureRandom.hex(64)
|
||||
text = "Foodsoft::Application.config.secret_token = \"#{secret}\""
|
||||
text = "Foodsoft::Application.config.secret_key_base = \"#{secret}\""
|
||||
execute :mkdir, '-p', shared_path.join("config/initializers")
|
||||
upload! StringIO.new(text), shared_path.join("config/initializers/secret_token.rb")
|
||||
end
|
||||
|
|
|
@ -106,7 +106,7 @@ def setup_secret_token
|
|||
puts yellow "Generating secret_token and writing to #{file}..."
|
||||
Rake::Task["secret"].reenable
|
||||
secret = capture_stdout { Rake::Task["secret"].invoke }
|
||||
%x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_token = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
|
||||
%x( touch #{Rails.root.join("#{file}")}; echo 'Foodsoft::Application.config.secret_key_base = "#{secret.chomp}"' > #{Rails.root.join("#{file}")} )
|
||||
end
|
||||
|
||||
def start_mailcatcher
|
||||
|
|
|
@ -31,7 +31,8 @@ class TokenVerifier < ActiveSupport::MessageVerifier
|
|||
protected
|
||||
|
||||
def self.secret
|
||||
Foodsoft::Application.config.secret_token
|
||||
# secret_key_base for Rails 4, but Rails 3 initializer may still be used
|
||||
Foodsoft::Application.config.secret_key_base or Foodsoft::Application.config.secret_token
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue