From 6412780ddfe42115f55c71c92e0d306eb25654b3 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Wed, 23 Mar 2022 16:14:08 +0100
Subject: [PATCH] Fix SECRET_KEY autogeneration in Debian package

Also fixes that "SECRET_KEY" was wrongly named "SECRET" in the default config.
---
 debian/contrib/uffd-nginxauth.cfg |  2 +-
 debian/postinst                   | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/debian/contrib/uffd-nginxauth.cfg b/debian/contrib/uffd-nginxauth.cfg
index 6ff5c1b..fc6203f 100644
--- a/debian/contrib/uffd-nginxauth.cfg
+++ b/debian/contrib/uffd-nginxauth.cfg
@@ -1,5 +1,5 @@
 FLASK_ENV="production"
-#SECRET=autogenerated by postinst script
+#SECRET_KEY=autogenerated by postinst script
 
 # URLs of the OAuth2-based identity provider (must be set!)
 #OAUTH2_AUTH_URL = 'http://localhost:5001/oauth2/authorize'
diff --git a/debian/postinst b/debian/postinst
index 176bc6e..b086fea 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -13,6 +13,18 @@ case "$1" in
 		chown root:uffd-nginxauth /etc/uffd-nginxauth/uffd-nginxauth.cfg
 		chmod 0640 /etc/uffd-nginxauth/uffd-nginxauth.cfg
 
+		python3 <<EOF
+import secrets
+cfg = open('/etc/uffd-nginxauth/uffd-nginxauth.cfg', 'r').read()
+cfg = cfg.replace('\n#SECRET_KEY=autogenerated by postinst script\n',
+                  '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
+# Prior to v0.2.1 the default config used a wrong name for SECRET_KEY
+if '\nSECRET_KEY=' not in cfg:
+	cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n',
+	                  '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
+open('/etc/uffd-nginxauth/uffd-nginxauth.cfg', 'w').write(cfg)
+EOF
+
 		invoke-rc.d uwsgi restart uffd-nginxauth
 	;;
 
-- 
GitLab