Ensure the app does not even start if OTP_SECRET is not set (#6557)

* Ensure the app does not even start if OTP_SECRET is not set

* Remove PAPERCLIP_SECRET (it's not used by anything, actually)

Imports are for internal consumption and the url option isn't even
used correctly, so we can remove the hash stuff from them
main
Eugen Rochko 7 years ago committed by GitHub
parent f0a1b1a152
commit 5cc716688a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
# Application secrets
# Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

@ -26,7 +26,7 @@ class Import < ApplicationRecord
validates :type, presence: true
has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
has_attached_file :data
validates_attachment_content_type :data, content_type: FILE_TYPES
validates_attachment_presence :data
end

@ -44,7 +44,7 @@ class User < ApplicationRecord
ACTIVE_DURATION = 14.days
devise :two_factor_authenticatable,
otp_secret_encryption_key: ENV['OTP_SECRET']
otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
devise :two_factor_backupable,
otp_number_of_backup_codes: 10

@ -23,7 +23,7 @@ namespace :mastodon do
prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
%w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
%w(SECRET_KEY_BASE OTP_SECRET).each do |key|
env[key] = SecureRandom.hex(64)
end

Loading…
Cancel
Save