Update to remove secret token.

steveklabnik · steveklabnik · commit 510e2feef6ae · 2013-08-23T12:38:10.000-04:00
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
@@ -1,7 +1,16 @@
-# Be sure to restart your server when you modify this file.
+if ENV["SECRET_TOKEN"].blank?
+  if Rails.env.production?
+    raise "You must set ENV[\"SECRET_TOKEN\"] in your app's config vars"
+  elsif Rails.env.test?
+    # Generate the key and test away
+    ENV["SECRET_TOKEN"] = HacketyHackCom::Application.config.secret_token = SecureRandom.hex(30)
+  else
+    config_file = File.expand_path(File.join(Rails.root, '/config/config.yml'))
+    config = YAML.load_file(config_file)
+    # Generate the key, set it for the current environment, update the yaml file and move on
+    ENV["SECRET_TOKEN"] = config[Rails.env]['SECRET_TOKEN'] = SecureRandom.hex(30)
+    File.open(config_file, 'w') { |file| file.write(config.to_yaml) }
+  end
+end
 
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-HacketyHackCom::Application.config.secret_token = '855ad4d9d95703179ef4280cd14ec205cb6a1fb2477c11bdf55d80390a8ecae82e4b60a4d9e572f9a83cd4d74cedf32a0592afdf36fc86aff0da766fa866aafd'
+HacketyHackCom::Application.config.secret_token = ENV["SECRET_TOKEN"]
