Permalink
Browse files

Ensure generated secret is stable in dev mode

  • Loading branch information...
1 parent 5e0f02a commit b57fa9a619d104839aec8045ed69ebc188dc7607 @jroper jroper committed Apr 17, 2014
@@ -51,6 +51,9 @@ object CryptoSpec extends PlaySpecification {
"generate a secret if secret is empty in dev" in new WithApplication(fakeApp(Mode.Dev, Some(""))) {
Crypto.secret must_!= ""
}
+ "generate a stable secret in dev" in new WithApplication(fakeApp(Mode.Dev, Some("changeme"))) {
+ Crypto.secret must_== Crypto.secret
+ }
}
}
@@ -9,7 +9,7 @@ import javax.crypto.spec.SecretKeySpec
import play.api.{ Mode, Play, PlayException }
import java.security.SecureRandom
import org.apache.commons.codec.binary.Hex
-import org.apache.commons.codec.digest.Md5Crypt
+import org.apache.commons.codec.digest.DigestUtils
/**
* Cryptographic utilities.
@@ -72,7 +72,7 @@ object Crypto {
} else {
applicationConfLocation.toString
}
- val md5Secret = Md5Crypt.md5Crypt(secret.getBytes("utf-8"))
+ val md5Secret = DigestUtils.md5Hex(secret)
Play.logger.debug(s"Generated dev mode secret ${md5Secret} for app at ${Option(applicationConfLocation).getOrElse("unknown location")}")
md5Secret
case Some(s) => s

0 comments on commit b57fa9a

Please sign in to comment.