From 98bc2df841506ecccbec96274e65e8d88d042e65 Mon Sep 17 00:00:00 2001 From: ilya Date: Mon, 27 Sep 2010 10:10:54 -0700 Subject: [PATCH 1/2] removed the encryption key= method, and user with private key factory --- app/models/user.rb | 6 ------ spec/factories.rb | 4 ---- 2 files changed, 10 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 535577fd3..d89b8b59a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -291,10 +291,4 @@ class User OpenSSL::PKey::RSA.new( serialized_private_key ) end - def encryption_key= new_key - raise TypeError unless new_key.class == OpenSSL::PKey::RSA - serialized_private_key = new_key.export - end - - end diff --git a/spec/factories.rb b/spec/factories.rb index 826ca970d..9f8efc4c3 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -25,10 +25,6 @@ Factory.define :album do |p| p.person { |a| Factory.create(:person) } end -Factory.define :person_with_private_key, :parent => :person do |p| - p.serialized_key OpenSSL::PKey::RSA.generate(1024).export -end - Factory.define :user do |u| u.sequence(:username) {|n| "bob#{n}"} u.sequence(:email) {|n| "bob#{n}@pivotallabs.com"} From b823213c0db600eaab02fb6c5a923283996988dd Mon Sep 17 00:00:00 2001 From: ilya Date: Mon, 27 Sep 2010 15:29:55 -0700 Subject: [PATCH 2/2] added a generate:secret_token task, and added an initializer to generate one if the file does not exist --- .gitignore | 1 + config/initializers/check_session_secret.rb | 5 ++++ config/initializers/secret_token.rb | 2 +- lib/tasks/generate_session_secret.rake | 26 +++++++++++++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 config/initializers/check_session_secret.rb create mode 100644 lib/tasks/generate_session_secret.rake diff --git a/.gitignore b/.gitignore index 4a78ed39f..d02467332 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ public/uploads/* config/app_config.yml bin/* nbproject +config/initializers/secret_token.rb diff --git a/config/initializers/check_session_secret.rb b/config/initializers/check_session_secret.rb new file mode 100644 index 000000000..1970c5078 --- /dev/null +++ b/config/initializers/check_session_secret.rb @@ -0,0 +1,5 @@ +unless File.exists?( File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')) + `rake generate:secret_token` + require File.join(Rails.root, 'config', 'initializers', 'secret_token.rb') +end + diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb index 20f6087bf..66c59261a 100644 --- a/config/initializers/secret_token.rb +++ b/config/initializers/secret_token.rb @@ -8,4 +8,4 @@ # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -Rails.application.config.secret_token = 'ea08916110cae7f10fe9e1f7c7cb8c1fee13c3c3bee35180ac3061c370bd9ad985f28fcf2eb5f5684d0d618855efdeb862918628e994ed3e7fc806777428ef40' +Rails.application.config.secret_token = '3484b78b0f9d88f40cd44a20cf647140e5900632d0c9b85e1fd91dc539811d243f2f0756f791019c' diff --git a/lib/tasks/generate_session_secret.rake b/lib/tasks/generate_session_secret.rake new file mode 100644 index 000000000..90274dff3 --- /dev/null +++ b/lib/tasks/generate_session_secret.rake @@ -0,0 +1,26 @@ +namespace :generate do + desc 'Generates a Session Secret Token' + task :secret_token do + + path = File.join(Rails.root, 'config', 'initializers', 'secret_token.rb') + secret = ActiveSupport::SecureRandom.hex(40) + File.open(path, 'w') do |f| + f.write <<"EOF" +# Copyright (c) 2010, Diaspora Inc. This file is +# licensed under the Affero General Public License version 3. See +# the COPYRIGHT file. + +# Be sure to restart your server when you modify this file. + +# Your secret key for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +Rails.application.config.secret_token = '#{secret}' +EOF + +puts "YAY!!" +end + + end +end