mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 18:52:45 +08:00
FIX: skips caching a generated secret key base token if skip_redis is true. (#29029)
Allows for `SKIP_DB_AND_REDIS` env var to be used without a secret key setup in global setting env.
This commit is contained in:
Jeff Wong
GitHub
parent
91ac382d83
commit
7d441e3782
|
|
@ -18,6 +18,7 @@ class GlobalSetting
|
||||||
# This method will
|
# This method will
|
||||||
# - use existing token if already set in ENV or discourse.conf
|
# - use existing token if already set in ENV or discourse.conf
|
||||||
# - generate a token on the fly if needed and cache in redis
|
# - generate a token on the fly if needed and cache in redis
|
||||||
|
# - skips caching generated token to redis if redis is skipped
|
||||||
# - enforce rules about token format falling back to redis if needed
|
# - enforce rules about token format falling back to redis if needed
|
||||||
def self.safe_secret_key_base
|
def self.safe_secret_key_base
|
||||||
if @safe_secret_key_base && @token_in_redis &&
|
if @safe_secret_key_base && @token_in_redis &&
|
||||||
|
|
@ -31,6 +32,9 @@ class GlobalSetting
|
||||||
begin
|
begin
|
||||||
token = secret_key_base
|
token = secret_key_base
|
||||||
if token.blank? || token !~ VALID_SECRET_KEY
|
if token.blank? || token !~ VALID_SECRET_KEY
|
||||||
|
if GlobalSetting.skip_redis?
|
||||||
|
token = SecureRandom.hex(64)
|
||||||
|
else
|
||||||
@token_in_redis = true
|
@token_in_redis = true
|
||||||
@token_last_validated = Time.now
|
@token_last_validated = Time.now
|
||||||
|
|
||||||
|
|
@ -40,6 +44,7 @@ class GlobalSetting
|
||||||
Discourse.redis.without_namespace.set(REDIS_SECRET_KEY, token)
|
Discourse.redis.without_namespace.set(REDIS_SECRET_KEY, token)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
if !secret_key_base.blank? && token != secret_key_base
|
if !secret_key_base.blank? && token != secret_key_base
|
||||||
STDERR.puts "WARNING: DISCOURSE_SECRET_KEY_BASE is invalid, it was re-generated"
|
STDERR.puts "WARNING: DISCOURSE_SECRET_KEY_BASE is invalid, it was re-generated"
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,22 @@ RSpec.describe GlobalSetting do
|
||||||
new_token = Discourse.redis.without_namespace.get(GlobalSetting::REDIS_SECRET_KEY)
|
new_token = Discourse.redis.without_namespace.get(GlobalSetting::REDIS_SECRET_KEY)
|
||||||
expect(new_token).to eq(token)
|
expect(new_token).to eq(token)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context "when a secret key is not provided and redis is not used" do
|
||||||
|
before do
|
||||||
|
GlobalSetting.skip_redis = true
|
||||||
|
GlobalSetting.stubs(:secret_key_base).returns("")
|
||||||
|
# Fail tests if redis calls are made
|
||||||
|
Discourse.stubs(:redis).returns(nil)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "generates a new random key in memory without redis" do
|
||||||
|
GlobalSetting.reset_secret_key_base!
|
||||||
|
token = GlobalSetting.safe_secret_key_base
|
||||||
|
new_token = GlobalSetting.safe_secret_key_base
|
||||||
|
expect(new_token).to eq(token)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe ".add_default" do
|
describe ".add_default" do
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user