Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Added OpenShift security functions #9

Merged
merged 1 commit into from

1 participant

@thefotios

Had this commit stupidly stuck in my branch

@thefotios thefotios merged commit 01e4443 into openshift:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 18, 2012
  1. Added OpenShift security functions

    Fotios Lindiakos authored
This page is out of date. Refresh to see the latest.
View
9 config/initializers/secret_token.rb
@@ -1,7 +1,14 @@
+
+require File.join(Rails.root,'lib','openshift_secret_generator.rb')
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
-RailsApp::Application.config.secret_token = '1dcdc33f3d7941da1628655ccb823d8b12baebb423945e4fceef7ead9d7fbee25d49ff51bdaff781fc2d2c46ac5cf08f0a356e54c5a44e31812d0d2385dc24fc'
+
+# Set token based on intialize_secret function (defined in initializers/secret_generator.rb)
+RailsApp::Application.config.secret_token = initialize_secret(
+ :token,
+ '335a4e365ef2daeea969640d74e18f0e3cd9fae1abd8f4125691a880774ea6d456a29c0831aa6921bf86a710fe555e916f0673f5657619ec9df22e0409bec345'
+)
View
10 config/initializers/session_store.rb
@@ -1,8 +1,14 @@
+require File.join(Rails.root,'lib','openshift_secret_generator.rb')
+
# Be sure to restart your server when you modify this file.
-RailsApp::Application.config.session_store :cookie_store, key: '_rails_app_session'
+# Set token based on intialize_secret function (defined in initializers/secret_generator.rb)
+RailsApp::Application.config.session_store :cookie_store, :key => initialize_secret(
+ :session_store,
+ '_railsapp_session'
+)
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
# (create the session table with "rails generate session_migration")
-# RailsApp::Application.config.session_store :active_record_store
+# Railsapp::Application.config.session_store :active_record_store
View
31 lib/openshift_secret_generator.rb
@@ -0,0 +1,31 @@
+# Create random key based on the OPENSHIFT_SECRET_TOKEN
+
+def initialize_secret(name,default)
+ # Only generate token based if we're running on OPENSHIFT
+ if secret = get_env_secret
+ # Create seed for random function from secret and name
+ seed = [secret,name.to_s].join('-')
+ # Generate hash from seed
+ hash = Digest::SHA512.hexdigest(seed)
+ # Set token, ensuring it is the same length as the default
+ hash[0,default.length]
+ else
+ Rails.logger.warn "Unable to get OPENSHIFT_SECRET_TOKEN, using default"
+ default
+ end
+end
+
+def get_env_secret
+ ENV['OPENSHIFT_SECRET_TOKEN'] || generate_secret_token
+end
+
+def generate_secret_token
+ Rails.logger.debug "No secret token environment variable set"
+ (name,uuid) = ENV.values_at('OPENSHIFT_APP_NAME','OPENSHIFT_APP_UUID')
+ if name && uuid
+ Rails.logger.debug "Running on Openshift, creating OPENSHIFT_SECRET_TOKEN"
+ Digest::SHA256.hexdigest([name,uuid].join('-'))
+ else
+ nil
+ end
+end
Something went wrong with that request. Please try again.