summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2012-04-28 12:00:45 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2012-04-28 12:00:45 +0000
commitbceaf8be94091ca331b820fdc68e4a3b10a831bd (patch)
tree48f7679c9e79dc9b5d1565f2ab24e2e8cd8270c7
parent52986e8cd1bba6ad1c4e3e78fe5f1d8d3eb5d44f (diff)
downloadredmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.tar.gz
redmine-bceaf8be94091ca331b820fdc68e4a3b10a831bd.zip
Let the secret token be set in configuration.yml.
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9567 e93f8b46-1217-0410-a6f0-8f06a7374b81
-rw-r--r--config/configuration.yml.example9
-rw-r--r--config/initializers/30-redmine.rb6
2 files changed, 15 insertions, 0 deletions
diff --git a/config/configuration.yml.example b/config/configuration.yml.example
index 9fefdde22..2224cd130 100644
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -154,6 +154,15 @@ default:
#
#mirror_plugins_assets_on_startup: false
+ # Your secret key for verifying cookie session data integrity. If you
+ # change this key, all old sessions will become invalid! Make sure the
+ # secret is at least 30 characters and all random, no regular words or
+ # you'll be exposed to dictionary attacks.
+ #
+ # If you have a load-balancing Redmine cluster, you have to use the
+ # same secret token on each machine.
+ #secret_token: 'change it to a long random string'
+
# specific configuration options for production environment
# that overrides the default ones
production:
diff --git a/config/initializers/30-redmine.rb b/config/initializers/30-redmine.rb
index 58972b023..11a248959 100644
--- a/config/initializers/30-redmine.rb
+++ b/config/initializers/30-redmine.rb
@@ -4,6 +4,12 @@ I18n::Backend::Simple.send(:include, I18n::Backend::Fallbacks)
require 'redmine'
+# Load the secret token from the Redmine configuration file
+secret = Redmine::Configuration['secret_token']
+if secret.present?
+ RedmineApp::Application.config.secret_token = secret
+end
+
Redmine::Plugin.load
unless Redmine::Configuration['mirror_plugins_assets_on_startup'] == false
Redmine::Plugin.mirror_assets