[ckan-changes] [okfn/ckan] 6ced7c: [#1422] More secure default for the repoze secret ...

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/okfn/ckan
  Commit: 6ced7cbffaa256ba6d1117012cdb078ecc83191d
      https://github.com/okfn/ckan/commit/6ced7cbffaa256ba6d1117012cdb078ecc83191d
  Author: amercader <amercadero at gmail.com>
  Date:   2014-01-07 (Tue, 07 Jan 2014)

  Changed paths:
    M ckan/config/middleware.py
    M ckan/config/who.ini

  Log Message:
  -----------
  [#1422] More secure default for the repoze secret key

The who.ini file has a secret key used during authentication. To make sure
users don't forget to update it we can use the beaker session secret which
is generated randomly when creating the ckan ini file.

If users define a secret in the who.ini file, this one will be used.

To do this, we use a small custom plugin that checks the secret key and
calls the core repoze plugin afterwards.


  Commit: 116ec3d2533b1bb969ae9bcc37cfc3952851ea5a
      https://github.com/okfn/ckan/commit/116ec3d2533b1bb969ae9bcc37cfc3952851ea5a
  Author: kindly <kindly at gmail.com>
  Date:   2014-01-09 (Thu, 09 Jan 2014)

  Changed paths:
    M ckan/config/middleware.py
    M ckan/config/who.ini

  Log Message:
  -----------
  Merge pull request #1422 from okfn/1422-repoze-key

Use a more secure default for the repoze secret key


Compare: https://github.com/okfn/ckan/compare/4bddcd8fe211...116ec3d2533b