Strengthen case to generate unique secret token.

fatfreecrm · Dec 27, 2013 · 676fdfd · 676fdfd
1 parent 47b0436
commit 676fdfd
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 4 deletions.
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
@@ -3,16 +3,23 @@
 # Fat Free CRM is freely distributable under the terms of MIT license.
 # See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
 #------------------------------------------------------------------------------
+
 # Be sure to restart your server when you modify this file.
 
-# Your secret key for verifying the integrity of signed cookies.
+# Your secret key is used for verifying the integrity of signed cookies.
 # If you change this key, all old signed cookies will become invalid!
+
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
 
-# PLEASE NOTE: This secret token must be changed in your fork of Fat Free CRM.
-# This problem is mitigated when running Fat Free CRM as a Rails Engine.
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
 
 if defined?(FatFreeCRM::Application)
-  FatFreeCRM::Application.config.secret_token = '51aa366864a80316a85cff0d3762347f4ae3d029d548bef034d56e82b1a2ffac5353ee6719d9b64e4354e2a0b1a901679f46a851c360a2ea377188e4b196b6b6'
+  if Rails.env == 'test'
+    FatFreeCRM::Application.config.secret_token = '51aa366864a80316a85cff0d3762347f4ae3d029d548bef034d56e82b1a2ffac5353ee6719d9b64e4354e2a0b1a901679f46a851c360a2ea377188e4b196b6b6'
+  else
+    raise "Please run 'rake ffcrm:secret' to generate a secret token."
+  end
 end
diff --git a/lib/tasks/ffcrm/secret.rake b/lib/tasks/ffcrm/secret.rake
@@ -0,0 +1,17 @@
+# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
+#
+# Fat Free CRM is freely distributable under the terms of MIT license.
+# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
+#------------------------------------------------------------------------------
+
+namespace :ffcrm do
+
+  desc "Generate a secret token for Rails to use."
+  task :secret do
+    require 'securerandom'
+    secret = SecureRandom.hex(64)
+    filename = File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')
+    File.open(filename, 'w'){|f| f.puts "FatFreeCRM::Application.config.secret_token = '#{secret}'"}
+  end
+
+end