Permalink
Browse files

Merge pull request #9 from fotioslindiakos/rails_32

Added OpenShift security functions
  • Loading branch information...
2 parents 9438670 + 393ba2c commit 01e444340c51738ecdd680b2017a0a84674b00bb @thefotios thefotios committed Jul 18, 2012
Showing with 47 additions and 3 deletions.
  1. +8 −1 config/initializers/secret_token.rb
  2. +8 −2 config/initializers/session_store.rb
  3. +31 −0 lib/openshift_secret_generator.rb
@@ -1,7 +1,14 @@
+
+require File.join(Rails.root,'lib','openshift_secret_generator.rb')
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
-RailsApp::Application.config.secret_token = '1dcdc33f3d7941da1628655ccb823d8b12baebb423945e4fceef7ead9d7fbee25d49ff51bdaff781fc2d2c46ac5cf08f0a356e54c5a44e31812d0d2385dc24fc'
+
+# Set token based on intialize_secret function (defined in initializers/secret_generator.rb)
+RailsApp::Application.config.secret_token = initialize_secret(
+ :token,
+ '335a4e365ef2daeea969640d74e18f0e3cd9fae1abd8f4125691a880774ea6d456a29c0831aa6921bf86a710fe555e916f0673f5657619ec9df22e0409bec345'
+)
@@ -1,8 +1,14 @@
+require File.join(Rails.root,'lib','openshift_secret_generator.rb')
+
# Be sure to restart your server when you modify this file.
-RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session'
+# Set token based on intialize_secret function (defined in initializers/secret_generator.rb)
+RailsApp::Application.config.session_store :cookie_store, :key => initialize_secret(
+ :session_store,
+ '_railsapp_session'
+)
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rails generate session_migration")
-# RailsApp::Application.config.session_store :active_record_store
+# Railsapp::Application.config.session_store :active_record_store
@@ -0,0 +1,31 @@
+# Create random key based on the OPENSHIFT_SECRET_TOKEN
+
+def initialize_secret(name,default)
+ # Only generate token based if we're running on OPENSHIFT
+ if secret = get_env_secret
+ # Create seed for random function from secret and name
+ seed = [secret,name.to_s].join('-')
+ # Generate hash from seed
+ hash = Digest::SHA512.hexdigest(seed)
+ # Set token, ensuring it is the same length as the default
+ hash[0,default.length]
+ else
+ Rails.logger.warn "Unable to get OPENSHIFT_SECRET_TOKEN, using default"
+ default
+ end
+end
+
+def get_env_secret
+ ENV['OPENSHIFT_SECRET_TOKEN'] || generate_secret_token
+end
+
+def generate_secret_token
+ Rails.logger.debug "No secret token environment variable set"
+ (name,uuid) = ENV.values_at('OPENSHIFT_APP_NAME','OPENSHIFT_APP_UUID')
+ if name && uuid
+ Rails.logger.debug "Running on Openshift, creating OPENSHIFT_SECRET_TOKEN"
+ Digest::SHA256.hexdigest([name,uuid].join('-'))
+ else
+ nil
+ end
+end

0 comments on commit 01e4443

Please sign in to comment.