Take default crappy secret key from config.py

This forces anyone installing Pillar to actually generate a proper secret.
2017-05-18 13:07:09 +02:00 · 2017-05-18 13:07:09 +02:00 · e4f221ab13
commit e4f221ab13
parent 4ad82a1eb3
3 changed files with 8 additions and 1 deletions
--- a/pillar/init.py
+++ b/pillar/init.py
@ -80,6 +80,9 @@ class PillarServer(Eve):
        # self.settings = self.config['EVE_SETTINGS_PATH']
        self.load_config()

+        if not self.config.get('SECRET_KEY'):
+            raise ConfigurationMissingError('SECRET_KEY configuration key is missing')
+
        # Configure authentication
        self.login_manager = auth.config_login_manager(self)
        self.oauth_blender_id = auth.config_oauth_login(self)
--- a/pillar/config.py
+++ b/pillar/config.py
@ -18,7 +18,9 @@ PORT = 5000
 HOST = '0.0.0.0'
 DEBUG = False

-SECRET_KEY = '123'
+# Flask and CSRF secret key; generate local one with:
+# python3 -c 'import secrets; print(secrets.token_urlsafe(128))'
+SECRET_KEY = ''

 # Authentication settings
 BLENDER_ID_ENDPOINT = 'http://blender_id:8000/'
--- a/pillar/tests/config_testing.py
+++ b/pillar/tests/config_testing.py
@ -14,3 +14,5 @@ GCLOUD_APP_CREDENTIALS = 'invalid-file-because-gcloud-storage-should-be-mocked-i
 STORAGE_BACKEND = 'local'

 EXTERNAL_SUBSCRIPTIONS_MANAGEMENT_SERVER = "http://store.localhost/api"
+
+SECRET_KEY = '12345'