-
Notifications
You must be signed in to change notification settings - Fork 407
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #347 from scouttyg/security-overhaul
Complete security overhaul on the application due to possible attack vec...
- Loading branch information
Showing
14 changed files
with
84 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,6 +25,7 @@ DS_Store | |
.rvmrc | ||
.ruby-version | ||
.ruby-gemset | ||
.secret | ||
|
||
/public/assets | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,26 @@ | ||
require 'securerandom' | ||
# Be sure to restart your server when you modify this file. | ||
|
||
# Your secret key for verifying the integrity of signed cookies. | ||
# If you change this key, all old signed cookies will become invalid! | ||
# Make sure the secret is at least 30 characters and all random, | ||
# no regular words or you'll be exposed to dictionary attacks. | ||
Kandan::Application.config.secret_token = 'bb04f17da6af7d0c441a12973ce4594dc562fdf035987fa39d1034dffe2708ed1791dee4e09bd3ebd06769699bd063821fa40881724e2d3ebbb57cfe56f32c12' | ||
|
||
def find_secure_token | ||
token_file = Rails.root.join('.secret') | ||
if ENV.key?('SECRET_KEY_BASE') | ||
ENV['SECRET_KEY_BASE'] | ||
elsif File.exist? token_file | ||
# Use the existing token. | ||
File.read(token_file).chomp | ||
else | ||
# Generate a new token of 64 random hexadecimal characters and store it in token_file. | ||
token = SecureRandom.hex(64) | ||
File.write(token_file, token) | ||
token | ||
end | ||
end | ||
|
||
Kandan::Application.config.secret_token = find_secure_token | ||
Kandan::Application.config.secret_key_base = find_secure_token | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
FactoryGirl.define do | ||
sequence :file_name do |n| | ||
"file#{n}.jpg" | ||
end | ||
|
||
factory :attachment do | ||
file { generate(:file_name) } | ||
user | ||
channel | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters