Ensure the app does not even start if OTP_SECRET is not set (#6557)

* Ensure the app does not even start if OTP_SECRET is not set

* Remove PAPERCLIP_SECRET (it's not used by anything, actually)

Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
This commit is contained in:
Eugen Rochko 2018-02-26 01:31:44 +01:00 committed by GitHub
parent f0a1b1a152
commit 5cc716688a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 3 additions and 4 deletions

View file

@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
# Application secrets # Application secrets
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET=
SECRET_KEY_BASE= SECRET_KEY_BASE=
OTP_SECRET= OTP_SECRET=

View file

@ -26,7 +26,7 @@ class Import < ApplicationRecord
validates :type, presence: true validates :type, presence: true
has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET'] has_attached_file :data
validates_attachment_content_type :data, content_type: FILE_TYPES validates_attachment_content_type :data, content_type: FILE_TYPES
validates_attachment_presence :data validates_attachment_presence :data
end end

View file

@ -44,7 +44,7 @@ class User < ApplicationRecord
ACTIVE_DURATION = 14.days ACTIVE_DURATION = 14.days
devise :two_factor_authenticatable, devise :two_factor_authenticatable,
otp_secret_encryption_key: ENV['OTP_SECRET'] otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
devise :two_factor_backupable, devise :two_factor_backupable,
otp_number_of_backup_codes: 10 otp_number_of_backup_codes: 10

View file

@ -23,7 +23,7 @@ namespace :mastodon do
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.') prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false) env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
%w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key| %w(SECRET_KEY_BASE OTP_SECRET).each do |key|
env[key] = SecureRandom.hex(64) env[key] = SecureRandom.hex(64)
end end