Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Strengthen case to generate unique secret token.

  • Loading branch information...
commit 93c182dd4c6f3620b721d2a15ba6a6ecab5669df 1 parent 988ac36
@steveyken steveyken authored
Showing with 28 additions and 4 deletions.
  1. +11 −4 config/initializers/secret_token.rb
  2. +17 −0 lib/tasks/ffcrm/secret.rake
View
15 config/initializers/secret_token.rb
@@ -3,16 +3,23 @@
# Fat Free CRM is freely distributable under the terms of MIT license.
# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
#------------------------------------------------------------------------------
+
# Be sure to restart your server when you modify this file.
-# Your secret key for verifying the integrity of signed cookies.
+# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
+
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
-# PLEASE NOTE: This secret token must be changed in your fork of Fat Free CRM.
-# This problem is mitigated when running Fat Free CRM as a Rails Engine.
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
if defined?(FatFreeCRM::Application)
- FatFreeCRM::Application.config.secret_token = '51aa366864a80316a85cff0d3762347f4ae3d029d548bef034d56e82b1a2ffac5353ee6719d9b64e4354e2a0b1a901679f46a851c360a2ea377188e4b196b6b6'
+ if Rails.env == 'test'
+ FatFreeCRM::Application.config.secret_token = '51aa366864a80316a85cff0d3762347f4ae3d029d548bef034d56e82b1a2ffac5353ee6719d9b64e4354e2a0b1a901679f46a851c360a2ea377188e4b196b6b6'
+ else
+ raise "Please run 'rake ffcrm:secret' to generate a secret token."
+ end
end
View
17 lib/tasks/ffcrm/secret.rake
@@ -0,0 +1,17 @@
+# Copyright (c) 2008-2013 Michael Dvorkin and contributors.
+#
+# Fat Free CRM is freely distributable under the terms of MIT license.
+# See MIT-LICENSE file or http://www.opensource.org/licenses/mit-license.php
+#------------------------------------------------------------------------------
+
+namespace :ffcrm do
+
+ desc "Generate a secret token for Rails to use."
+ task :secret do
+ require 'securerandom'
+ secret = SecureRandom.hex(64)
+ filename = File.join(Rails.root, 'config', 'initializers', 'secret_token.rb')
+ File.open(filename, 'w'){|f| f.puts "FatFreeCRM::Application.config.secret_token = '#{secret}'"}
+ end
+
+end
Please sign in to comment.
Something went wrong with that request. Please try again.