From e4f221ab13cdf1e55aab81e3c719d97378b839af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= <sybren@stuvel.eu>
Date: Thu, 18 May 2017 13:07:09 +0200
Subject: [PATCH] Take default crappy secret key from config.py

This forces anyone installing Pillar to actually generate a proper secret.
---
 pillar/__init__.py             | 3 +++
 pillar/config.py               | 4 +++-
 pillar/tests/config_testing.py | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/pillar/__init__.py b/pillar/__init__.py
index e5c6b32c..1bf0e551 100644
--- a/pillar/__init__.py
+++ b/pillar/__init__.py
@@ -80,6 +80,9 @@ class PillarServer(Eve):
         # self.settings = self.config['EVE_SETTINGS_PATH']
         self.load_config()
 
+        if not self.config.get('SECRET_KEY'):
+            raise ConfigurationMissingError('SECRET_KEY configuration key is missing')
+
         # Configure authentication
         self.login_manager = auth.config_login_manager(self)
         self.oauth_blender_id = auth.config_oauth_login(self)
diff --git a/pillar/config.py b/pillar/config.py
index cae13ad0..d7bc08e7 100644
--- a/pillar/config.py
+++ b/pillar/config.py
@@ -18,7 +18,9 @@ PORT = 5000
 HOST = '0.0.0.0'
 DEBUG = False
 
-SECRET_KEY = '123'
+# Flask and CSRF secret key; generate local one with:
+# python3 -c 'import secrets; print(secrets.token_urlsafe(128))'
+SECRET_KEY = ''
 
 # Authentication settings
 BLENDER_ID_ENDPOINT = 'http://blender_id:8000/'
diff --git a/pillar/tests/config_testing.py b/pillar/tests/config_testing.py
index fa8ed776..97519f49 100644
--- a/pillar/tests/config_testing.py
+++ b/pillar/tests/config_testing.py
@@ -14,3 +14,5 @@ GCLOUD_APP_CREDENTIALS = 'invalid-file-because-gcloud-storage-should-be-mocked-i
 STORAGE_BACKEND = 'local'
 
 EXTERNAL_SUBSCRIPTIONS_MANAGEMENT_SERVER = "http://store.localhost/api"
+
+SECRET_KEY = '12345'