Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e3ef6eef
Commit
e3ef6eef
authored
May 09, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
d0d7fd9b
6b2f4ea5
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
17 additions
and
1 deletion
+17
-1
config/initializers/01_secret_token.rb
config/initializers/01_secret_token.rb
+6
-1
spec/initializers/secret_token_spec.rb
spec/initializers/secret_token_spec.rb
+11
-0
No files found.
config/initializers/01_secret_token.rb
View file @
e3ef6eef
...
@@ -28,7 +28,8 @@ def create_tokens
...
@@ -28,7 +28,8 @@ def create_tokens
secret_key_base:
file_secret_key
||
generate_new_secure_token
,
secret_key_base:
file_secret_key
||
generate_new_secure_token
,
otp_key_base:
env_secret_key
||
file_secret_key
||
generate_new_secure_token
,
otp_key_base:
env_secret_key
||
file_secret_key
||
generate_new_secure_token
,
db_key_base:
generate_new_secure_token
,
db_key_base:
generate_new_secure_token
,
openid_connect_signing_key:
generate_new_rsa_private_key
openid_connect_signing_key:
generate_new_rsa_private_key
,
lets_encrypt_private_key:
generate_lets_encrypt_private_key
}
}
missing_secrets
=
set_missing_keys
(
defaults
)
missing_secrets
=
set_missing_keys
(
defaults
)
...
@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
...
@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
OpenSSL
::
PKey
::
RSA
.
new
(
2048
).
to_pem
OpenSSL
::
PKey
::
RSA
.
new
(
2048
).
to_pem
end
end
def
generate_lets_encrypt_private_key
OpenSSL
::
PKey
::
RSA
.
new
(
4096
).
to_pem
end
def
warn_missing_secret
(
secret
)
def
warn_missing_secret
(
secret
)
warn
"Missing Rails.application.secrets.
#{
secret
}
for
#{
Rails
.
env
}
environment. The secret will be generated and stored in config/secrets.yml."
warn
"Missing Rails.application.secrets.
#{
secret
}
for
#{
Rails
.
env
}
environment. The secret will be generated and stored in config/secrets.yml."
end
end
...
...
spec/initializers/secret_token_spec.rb
View file @
e3ef6eef
...
@@ -45,11 +45,21 @@ describe 'create_tokens' do
...
@@ -45,11 +45,21 @@ describe 'create_tokens' do
expect
(
keys
).
to
all
(
match
(
RSA_KEY
))
expect
(
keys
).
to
all
(
match
(
RSA_KEY
))
end
end
it
"generates private key for Let's Encrypt"
do
create_tokens
keys
=
secrets
.
values_at
(
:lets_encrypt_private_key
)
expect
(
keys
.
uniq
).
to
eq
(
keys
)
expect
(
keys
).
to
all
(
match
(
RSA_KEY
))
end
it
'warns about the secrets to add to secrets.yml'
do
it
'warns about the secrets to add to secrets.yml'
do
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'secret_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'secret_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'otp_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'otp_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'db_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'db_key_base'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'openid_connect_signing_key'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'openid_connect_signing_key'
)
expect
(
self
).
to
receive
(
:warn_missing_secret
).
with
(
'lets_encrypt_private_key'
)
create_tokens
create_tokens
end
end
...
@@ -78,6 +88,7 @@ describe 'create_tokens' do
...
@@ -78,6 +88,7 @@ describe 'create_tokens' do
before
do
before
do
secrets
.
db_key_base
=
'db_key_base'
secrets
.
db_key_base
=
'db_key_base'
secrets
.
openid_connect_signing_key
=
'openid_connect_signing_key'
secrets
.
openid_connect_signing_key
=
'openid_connect_signing_key'
secrets
.
lets_encrypt_private_key
=
'lets_encrypt_private_key'
allow
(
File
).
to
receive
(
:exist?
).
with
(
'.secret'
).
and_return
(
true
)
allow
(
File
).
to
receive
(
:exist?
).
with
(
'.secret'
).
and_return
(
true
)
allow
(
File
).
to
receive
(
:read
).
with
(
'.secret'
).
and_return
(
'file_key'
)
allow
(
File
).
to
receive
(
:read
).
with
(
'.secret'
).
and_return
(
'file_key'
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment