Description: Externalize session config to yml in /etc Forwarded: not-needed Author: Jérémy Lal Last-Update: 2010-01-10 Index: b/config/environment.rb =================================================================== --- a/config/environment.rb 2011-03-08 10:26:55.000000000 +0100 +++ b/config/environment.rb 2011-03-08 10:26:56.000000000 +0100 @@ -18,6 +18,20 @@ # Bootstrap the Rails environment, frameworks, and default configuration require File.join(File.dirname(__FILE__), 'boot') +# loads cookie based session session and secret keys +# this is needed here because initializers are loaded after plugins, +# and some plugins initialize ActionController which requires a secret to be set. +# crash if file not found +filename = ENV['RAILS_ETC'] ? File.join(ENV['RAILS_ETC'], 'session.yml') : File.join(File.dirname(__FILE__), '..', 'session.yml') +sessionconfig = YAML::load_file(filename) +require 'action_controller' +relativeUrlRoot = ENV['RAILS_RELATIVE_URL_ROOT'] +ActionController::Base.session = { + :key => sessionconfig[Rails.env]['key'], + :secret => sessionconfig[Rails.env]['secret'], + :path => (relativeUrlRoot.blank?) ? '/' : relativeUrlRoot +} + # Load Engine plugin if available begin require File.join(File.dirname(__FILE__), '../vendor/plugins/engines/boot') Index: b/lib/tasks/initializers.rake =================================================================== --- a/lib/tasks/initializers.rake 2011-03-07 20:44:40.000000000 +0100 +++ b/lib/tasks/initializers.rake 2011-03-08 10:26:56.000000000 +0100 @@ -1,11 +1,14 @@ desc 'Generates a configuration file for cookie store sessions.' +task :generate_session_store do -file 'config/initializers/session_store.rb' do - path = File.join(RAILS_ROOT, 'config', 'initializers', 'session_store.rb') - secret = ActiveSupport::SecureRandom.hex(40) - File.open(path, 'w') do |f| - f.write <<"EOF" -# This file was generated by 'rake config/initializers/session_store.rb', +ENV['X_DEBIAN_SITEID'] ||= 'default' +ENV['RAILS_ETC'] ||= "/etc/redmine/#{ENV['X_DEBIAN_SITEID']}" +filename = ENV['YML_SESSION_FILENAME'] ? ENV['YML_SESSION_FILENAME'] : 'session.yml' +path = File.join(ENV['RAILS_ETC'] ? ENV['RAILS_ETC'] : File.join(RAILS_ROOT, 'config'), filename) +secret = ActiveSupport::SecureRandom.hex(40) +File.open(path, 'w') do |f| + f.write <<"EOF" +# This file was generated by 'rake generate_session_store', # and should not be made visible to public. # If you have a load-balancing Redmine cluster, you will need to use the # same version of this file on each machine. And be sure to restart your @@ -15,20 +18,19 @@ # change this key, all old sessions will become invalid! Make sure the # secret is at least 30 characters and all random, no regular words or # you'll be exposed to dictionary attacks. -ActionController::Base.session = { - :key => '_redmine_session', - # - # Uncomment and edit the :session_path below if are hosting your Redmine - # at a suburi and don't want the top level path to access the cookies - # - # See: http://www.redmine.org/issues/3968 - # - # :session_path => '/url_path_to/your/redmine/', - :secret => '#{secret}' -} + +production: + key: _redmine_#{ENV['X_DEBIAN_SITEID']} + secret: #{secret} + +development: + key: _redmine_#{ENV['X_DEBIAN_SITEID']} + secret: #{secret} + +test: + key: _redmine_#{ENV['X_DEBIAN_SITEID']} + secret: #{secret} + EOF end end - -desc 'Generates a configuration file for cookie store sessions.' -task :generate_session_store => ['config/initializers/session_store.rb']