Commit bdfe6dc3 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'fix-secret' into 'master'

Don't read otp_secret_encryption_key from hardcoded path in models/user

Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case.

Mirror of https://github.com/gitlabhq/gitlabhq/pull/10311

See merge request !4044
parents 618033fb e4c64855
......@@ -86,7 +86,7 @@ class User < ActiveRecord::Base
default_value_for :theme_id, gitlab_config.default_theme
devise :two_factor_authenticatable,
otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
alias_attribute :two_factor_enabled, :otp_required_for_login
devise :two_factor_backupable, otp_number_of_backup_codes: 10
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment