From b5b22f0f36bcd583394e081bc53850d6655b19a7 Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 20 Aug 2013 17:09:42 +1000 Subject: [PATCH] move secret token into redis to ease install --- config/initializers/secret_token.rb | 22 +++++++--------------- docs/INSTALL-ubuntu.md | 6 ------ 2 files changed, 7 insertions(+), 21 deletions(-) diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index baef7c87bca..8ff0b8bed91 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -1,18 +1,10 @@ - -# Definitely change this when you deploy to production. Ours is replaced by jenkins. -# This token is used to secure sessions, we don't mind shipping with one to ease test and debug, -# however, the stock one should never be used in production, people will be able to crack -# session cookies. +# We have had lots of config issues with SECRET_TOKEN to avoid this mess we are moving it to redis +# if you feel strongly that it does not belong there use ENV['SECRET_TOKEN'] # -# Generate a new secret with "rake secret". Copy the output of that command and paste it -# in your secret_token.rb as the value of Discourse::Application.config.secret_token: -# -# Discourse::Application.config.secret_token = "SET_SECRET_HERE" - -if Rails.env.test? || Rails.env.development? || Rails.env == "profile" - Discourse::Application.config.secret_token = "47f5390004bf6d25bb97083fb98e7cc133ab450ba814dd19638a78282b4ca291" -else - raise "You must set a secret token in ENV['SECRET_TOKEN'] or in config/initializers/secret_token.rb" if ENV['SECRET_TOKEN'].blank? - Discourse::Application.config.secret_token = ENV['SECRET_TOKEN'] +token = ENV['SECRET_TOKEN'] || $redis.get('SECRET_TOKEN') +unless token && token.length == 128 + token = SecureRandom.hex(64) + $redis.set('SECRET_TOKEN',token) end +Discourse::Application.config.secret_token = token diff --git a/docs/INSTALL-ubuntu.md b/docs/INSTALL-ubuntu.md index 7270b92d5a8..d202d62482d 100644 --- a/docs/INSTALL-ubuntu.md +++ b/docs/INSTALL-ubuntu.md @@ -189,12 +189,6 @@ Edit /var/www/discourse/config/discourse.pill - Ensure appropriate Bluepill.application line is uncommented - search for "host to run on" and change to current hostname -Edit /var/www/discourse/config/initializers/secret_token.rb - -- uncomment secret_token line -- replace SET_SECRET_HERE with the output from 'RAILS_ENV=production rake secret' command run from the discourse directory (`/var/www/discourse`) -- delete the lines below as per instructions in the file - Edit /var/www/discourse/config/environments/production.rb - browse througn all the settings - be sure to add your mail server SMTP settings so outgoing mail can be sent (we recommend [Mandrill](https://mandrillapp.com))