Skip to content
Snippets Groups Projects
Commit 05460269 authored by c-tim's avatar c-tim Committed by Julian
Browse files

Fail if running in production and no SECRET_KEY is configured

parent 0f4561d7
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 2
2
View file @ 05460269
...@@ -44,8 +44,8 @@ build:apt: ...@@ -44,8 +44,8 @@ build:apt:
db_migrations_updated: db_migrations_updated:
stage: test stage: test
script: script:
- FLASK_APP=uffd flask db upgrade - FLASK_APP=uffd FLASK_ENV=testing flask db upgrade
- FLASK_APP=uffd flask db migrate 2>&1 | grep -q 'No changes in schema detected' - FLASK_APP=uffd FLASK_ENV=testing flask db migrate 2>&1 | grep -q 'No changes in schema detected'
test_db_migrations:sqlite: test_db_migrations:sqlite:
stage: test stage: test
......
debian/postinst
+ 2
2
View file @ 05460269
...@@ -13,8 +13,8 @@ case "$1" in ...@@ -13,8 +13,8 @@ case "$1" in
python3 <<EOF python3 <<EOF
import secrets import secrets
cfg = open('/etc/uffd/uffd.cfg', 'r').read() cfg = open('/etc/uffd/uffd.cfg', 'r').read()
cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n', cfg = cfg.replace('\n#SECRET_KEY=autogenerated by postinst script\n',
'\nSECRET="'+secrets.token_hex(128)+'"\n', 1) '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
open('/etc/uffd/uffd.cfg', 'w').write(cfg) open('/etc/uffd/uffd.cfg', 'w').write(cfg)
EOF EOF
chown root:uffd /etc/uffd/uffd.cfg chown root:uffd /etc/uffd/uffd.cfg
......
debian/uffd.cfg
+ 1
1
View file @ 05460269
FLASK_ENV="production" FLASK_ENV="production"
SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite" SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite"
#SECRET=autogenerated by postinst script #SECRET_KEY=autogenerated by postinst script
uffd/__init__.py
+ 13
9
View file @ 05460269
...@@ -40,16 +40,9 @@ def load_config_file(app, cfg_name, silent=False): ...@@ -40,16 +40,9 @@ def load_config_file(app, cfg_name, silent=False):
app.config.from_pyfile(cfg_path, silent=True) app.config.from_pyfile(cfg_path, silent=True)
return True return True
def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-statements def init_config(app: Flask, test_config):
# create and configure the app
app = Flask(__name__, instance_relative_config=False)
app.json_encoder = SQLAlchemyJSON
# set development default config values # set development default config values
app.config.from_mapping( app.config["SQLALCHEMY_DATABASE_URI"] = f"sqlite:///{os.path.join(app.instance_path, 'uffd.sqlit3')}"
SECRET_KEY=secrets.token_hex(128),
SQLALCHEMY_DATABASE_URI="sqlite:///{}".format(os.path.join(app.instance_path, 'uffd.sqlit3')),
)
app.config.from_pyfile('default_config.cfg') app.config.from_pyfile('default_config.cfg')
# load config # load config
...@@ -64,6 +57,17 @@ def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-sta ...@@ -64,6 +57,17 @@ def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-sta
# Prior to v1.1 login required ACL_SELFSERVICE_GROUP and ACL_ACCESS_GROUP did not exist # Prior to v1.1 login required ACL_SELFSERVICE_GROUP and ACL_ACCESS_GROUP did not exist
app.config.setdefault('ACL_ACCESS_GROUP', app.config['ACL_SELFSERVICE_GROUP']) app.config.setdefault('ACL_ACCESS_GROUP', app.config['ACL_SELFSERVICE_GROUP'])
if app.env == "production" and app.secret_key is None:
raise Exception("SECRET_KEY not configured and we are running in production mode!")
app.config.setdefault("SECRET_KEY", secrets.token_hex(128))
def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-statements
# create and configure the app
app = Flask(__name__, instance_relative_config=False)
app.json_encoder = SQLAlchemyJSON
init_config(app, test_config)
register_template_helper(app) register_template_helper(app)
setup_navbar(app) setup_navbar(app)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung