From 5cc716688abdf7eaafc58d804209510601190791 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 26 Feb 2018 01:31:44 +0100 Subject: [PATCH] Ensure the app does not even start if OTP_SECRET is not set (#6557) * Ensure the app does not even start if OTP_SECRET is not set * Remove PAPERCLIP_SECRET (it's not used by anything, actually) Imports are for internal consumption and the url option isn't even used correctly, so we can remove the hash stuff from them --- .env.production.sample | 1 - app/models/import.rb | 2 +- app/models/user.rb | 2 +- lib/tasks/mastodon.rake | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.env.production.sample b/.env.production.sample index f6ed28fd3e..5cd3e196e2 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com # Application secrets # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) -PAPERCLIP_SECRET= SECRET_KEY_BASE= OTP_SECRET= diff --git a/app/models/import.rb b/app/models/import.rb index ba88435bfd..fdb4c6b80f 100644 --- a/app/models/import.rb +++ b/app/models/import.rb @@ -26,7 +26,7 @@ class Import < ApplicationRecord validates :type, presence: true - has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET'] + has_attached_file :data validates_attachment_content_type :data, content_type: FILE_TYPES validates_attachment_presence :data end diff --git a/app/models/user.rb b/app/models/user.rb index fcd574f8bd..b053292da5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -44,7 +44,7 @@ class User < ApplicationRecord ACTIVE_DURATION = 14.days devise :two_factor_authenticatable, - otp_secret_encryption_key: ENV['OTP_SECRET'] + otp_secret_encryption_key: ENV.fetch('OTP_SECRET') devise :two_factor_backupable, otp_number_of_backup_codes: 10 diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake index d2e4f38a9a..bf4c53cb34 100644 --- a/lib/tasks/mastodon.rake +++ b/lib/tasks/mastodon.rake @@ -23,7 +23,7 @@ namespace :mastodon do prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.') env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false) - %w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key| + %w(SECRET_KEY_BASE OTP_SECRET).each do |key| env[key] = SecureRandom.hex(64) end