Merge branch 'fix-secret' into 'master'

Don't read otp_secret_encryption_key from hardcoded path in models/user Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case. Mirror of https://github.com/gitlabhq/gitlabhq/pull/10311 See merge request !4044

Merge branch 'fix-secret' into 'master'
Don't read otp_secret_encryption_key from hardcoded path in models/user Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case. Mirror of https://github.com/gitlabhq/gitlabhq/pull/10311 See merge request !4044
bdfe6dc3 · Rémy Coutable · 618033fb · e4c64855 · bdfe6dc3
Commit bdfe6dc3 authored May 09, 2016 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

app/models/user.rb app/models/user.rb +1 -1

No files found.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,7 +86,7 @@ class User < ActiveRecord::Base
  default_value_for :theme_id, gitlab_config.default_theme

  devise :two_factor_authenticatable,
-         otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
+         otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
  alias_attribute :two_factor_enabled, :otp_required_for_login

  devise :two_factor_backupable, otp_number_of_backup_codes: 10