Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py).

2015-01-05 12:31:02 -05:00 · 2015-01-05 12:31:02 -05:00 · 40d2b1748f
commit 40d2b1748f
parent 1bf25f25c1
6 changed files with 11 additions and 5 deletions
--- a/app.py
+++ b/app.py
@ -19,7 +19,7 @@ from util.exceptionlog import Sentry
 from util.queuemetrics import QueueMetrics
 from util.names import urn_generator
 from util.oauth import GoogleOAuthConfig, GithubOAuthConfig
-from util.configutil import import_yaml
+from util.configutil import import_yaml, generate_secret_key
 from data.billing import Billing
 from data.buildlogs import BuildLogs
 from data.archivedlogs import LogArchive
@ -139,5 +139,10 @@ database.configure(app.config)
 model.config.app_config = app.config
 model.config.store = storage
 # Generate a secret key if none was specified.
 if app.config['SECRET_KEY'] is None:
  logger.debug('Generating in-memory secret key')
  app.config['SECRET_KEY'] = generate_secret_key()
 def get_app_url():
  return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
--- a/conf/gunicorn_local.py
+++ b/conf/gunicorn_local.py
@ -5,3 +5,4 @@ timeout = 2000
 daemon = False
 logconfig = 'conf/logging.conf'
 pythonpath = '.'
 preload_app = True
--- a/config.py
+++ b/config.py
@ -36,7 +36,6 @@ def getFrontendVisibleConfig(config_dict):
 class DefaultConfig(object):
  # Flask config
  SECRET_KEY = 'a36c9d7d-25a9-4d3f-a586-3d2f8dc40a83'
  JSONIFY_PRETTYPRINT_REGULAR = False
  SESSION_COOKIE_SECURE = False
--- a/endpoints/api/suconfig.py
+++ b/endpoints/api/suconfig.py
@ -104,7 +104,7 @@ class SuperUserGetConfig(ApiResource):
      config_object = request.get_json()['config']
      # Add any enterprise defaults missing from the config.
-      add_enterprise_config_defaults(config_object)
+      add_enterprise_config_defaults(config_object, app.config['SECRET_KEY'])
      # Write the configuration changes to the YAML file.
      export_yaml(config_object, OVERRIDE_CONFIG_YAML_FILENAME)
--- a/test/testconfig.py
+++ b/test/testconfig.py
@ -15,6 +15,7 @@ class FakeTransaction(object):
 class TestConfig(DefaultConfig):
  TESTING = True
  SECRET_KEY = 'a36c9d7d-25a9-4d3f-a586-3d2f8dc40a83'
  DB_URI = os.environ.get('TEST_DATABASE_URI', 'sqlite:///:memory:')
  DB_CONNECTION_ARGS = {
--- a/util/configutil.py
+++ b/util/configutil.py
@ -36,7 +36,7 @@ def set_config_value(config_file, config_key, value):
  export_yaml(config_obj, config_file)
-def add_enterprise_config_defaults(config_obj):
+def add_enterprise_config_defaults(config_obj, current_secret_key):
  """ Adds/Sets the config defaults for enterprise registry config. """
  # These have to be false.
  config_obj['TESTING'] = False
@ -52,7 +52,7 @@ def add_enterprise_config_defaults(config_obj):
  # Default secret key.
  if not 'SECRET_KEY' in config_obj:
-    config_obj['SECRET_KEY'] = generate_secret_key()
+    config_obj['SECRET_KEY'] = current_secret_key
  # Default storage configuration.
  if not 'DISTRIBUTED_STORAGE_CONFIG' in config_obj: