kill session secret and put in app config. closes #112

13 years ago · c69be83742
parent 9fb14fbdb3
commit c69be83742
3 changed files with 8 additions and 1 deletions
--- a/config/app_config.yml.sample
+++ b/config/app_config.yml.sample
@ -2,6 +2,7 @@ development:
  account_host: 'localhost.lan:4000'
  account_path: '/account'
  developers_host: 'http://developers.localhost.lan:3000'
+  secret_token: "some_secret"
  session_domain: '.localhost.lan'
  amazon_access_key: ''
  amazon_secret_key: ''
@ -16,6 +17,7 @@ test:
  account_host: 'testhost.lan'
  account_path: '/account'
  developers_host: 'http://developers.testhost.lan:53716'
+  secret_token: "some_secret"
  session_domain: '.testhost.lan'
  amazon_access_key: ''
  amazon_secret_key: ''
@ -33,6 +35,7 @@ production:
  session_domain: ''
  amazon_access_key: ''
  amazon_secret_key: ''
+  secret_token: "some_secret"
  redis: 
    host: '127.0.0.1'
    port: 6379
--- a/config/initializers/carto_db.rb
+++ b/config/initializers/carto_db.rb
@ -4,6 +4,10 @@ module CartoDB
    APP_CONFIG[:session_domain]
  end
  
+  def self.secret_token
+    APP_CONFIG[:secret_token]
+  end
+  
  def self.domain
    @@domain ||= if Rails.env.production?
      `hostname -f`.strip
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-CartoDB::Application.config.secret_token = '2e249ed0a5442d33b31fb8baf8e0ff285d9916d79becbab14e5c8821d53e40d2488babddbb1804ac11d9d3d720ba72173e51ee2c2d716aa6b898ba47d44c1f6e'
+CartoDB::Application.config.secret_token = CartoDB.secret_token