Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploying with faulty PORTAL_CONFIG_KEY renders strange results #59

Closed
DonMartin76 opened this issue Feb 22, 2017 · 1 comment
Closed

Deploying with faulty PORTAL_CONFIG_KEY renders strange results #59

DonMartin76 opened this issue Feb 22, 2017 · 1 comment
Labels
developer experience
Milestone
0.11.4

Comments

@DonMartin76
Copy link
Member

DonMartin76 commented Feb 22, 2017
edited

If you deploy wicked with a different PORTAL_CONFIG_KEY (the key from deploy.envkey) than the one you used when creating the static configuration, things can start behaving really strangely; most prominent will be the following:

  • reCaptcha is not validated correctly
  • Google/Github login does not work ("Unauthorized"), as the client secret is not decoded correctly
  • User creation does not work correctly

It would be good if the portal API could check whether the PORTAL_CONFIG_KEY is correct, e.g. by creating an encrypted field containing a static text, like "wicked.haufe.io" which always has to be present.
DonMartin76 added a commit to apim-haufe-io/wicked.env that referenced this issue Mar 20, 2017
@DonMartin76
Env part fix of Haufe-Lexware/wicked.haufe.io#59
412d6af 
- update step to write configuration config key check item
- verification of config key at startup, both in kickstarter and API
DonMartin76 added a commit to apim-haufe-io/wicked.api that referenced this issue Mar 20, 2017
@DonMartin76
API part of fix Haufe-Lexware/wicked.haufe.io#59
d345b9f 
- Pass config_key to config-updater
DonMartin76 added a commit to apim-haufe-io/wicked.kickstarter that referenced this issue Mar 20, 2017
@DonMartin76
Kickstarter part fix of Haufe-Lexware/wicked.haufe.io#59
92413cd 
- Pass config_key to config-updater
@DonMartin76 DonMartin76 added this to the 0.11.4 milestone Mar 20, 2017
@DonMartin76
Copy link
Member Author

Both the kickstarter and the portal-api will not verify that they have a valid config key when starting up. This will only apply after you have run and updated the static configuration once using the kickstarter 0.11.4 or later.

This will update the configuration to revision 4 and add a configKeyCheck property to the globals.json file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
developer experience
Projects
None yet
Milestone
0.11.4
Development

No branches or pull requests
1 participant
@DonMartin76