commit: 5cc716688abdf7eaafc58d804209510601190791
parent: f0a1b1a152f8f46e2ff685b405d6361b7725f5ae
Author: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 26 Feb 2018 01:31:44 +0100
Ensure the app does not even start if OTP_SECRET is not set (#6557)
* Ensure the app does not even start if OTP_SECRET is not set
* Remove PAPERCLIP_SECRET (it's not used by anything, actually)
Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
Diffstat:
4 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/.env.production.sample b/.env.production.sample
@@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
# Application secrets
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
-PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=
diff --git a/app/models/import.rb b/app/models/import.rb
@@ -26,7 +26,7 @@ class Import < ApplicationRecord
validates :type, presence: true
- has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
+ has_attached_file :data
validates_attachment_content_type :data, content_type: FILE_TYPES
validates_attachment_presence :data
end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -44,7 +44,7 @@ class User < ApplicationRecord
ACTIVE_DURATION = 14.days
devise :two_factor_authenticatable,
- otp_secret_encryption_key: ENV['OTP_SECRET']
+ otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
devise :two_factor_backupable,
otp_number_of_backup_codes: 10
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
@@ -23,7 +23,7 @@ namespace :mastodon do
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
- %w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
+ %w(SECRET_KEY_BASE OTP_SECRET).each do |key|
env[key] = SecureRandom.hex(64)
end
