Generate a secret_token (for signed cookies).

3 files changed, 12 insertions, 2 deletions

diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 6f04f07..ecd511c 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-Gemeinschaft42c::Application.config.secret_token = '9a59cac7fe4b23e0253a7beb341d9498d721923e966b45983f441f991e81f758067a6d9a949247d489773288284ab96b5015be52bf7b2834e666d43f864034e4'
+Gemeinschaft42c::Application.config.secret_token = GsParameter.get('SECRET_TOKEN')
diff --git a/db/migrate/20130111111747_add_secret_token_to_gs_parameter.rb b/db/migrate/20130111111747_add_secret_token_to_gs_parameter.rb
new file mode 100644
index 0000000..bb99ace
--- /dev/null
+++ b/db/migrate/20130111111747_add_secret_token_to_gs_parameter.rb
@@ -0,0 +1,10 @@
+class AddSecretTokenToGsParameter < ActiveRecord::Migration
+  def up
+  	require 'securerandom'
+    GsParameter.create(:name => 'SECRET_TOKEN', :section => 'Cookies', :value => SecureRandom.hex(64), :class_type => 'String')
+  end
+
+  def down
+		GsParameter.where(:name => 'SECRET_TOKEN').destroy_all
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 2c14be3..bc7693b 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20130110205056) do
+ActiveRecord::Schema.define(:version => 20130111111747) do
 
   create_table "access_authorizations", :force => true do |t|
     t.string   "access_authorizationable_type"