[odrs-web] trivial: Use the ODRS hash as the session secret

From: Richard Hughes <rhughes src gnome org>
To: commits-list gnome org
Cc:
Subject: [odrs-web] trivial: Use the ODRS hash as the session secret
Date: Tue, 27 Sep 2016 11:30:41 +0000 (UTC)

commit 28b30f3241828a701a200ba77cb00ee81c7d7115
Author: Richard Hughes <richard hughsie com>
Date:   Mon Sep 26 14:15:51 2016 +0100

    trivial: Use the ODRS hash as the session secret

 flaskapp.py |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/flaskapp.py b/flaskapp.py
index 67dc21f..e5621a1 100755
--- a/flaskapp.py
+++ b/flaskapp.py
@@ -19,6 +19,10 @@ app.config.from_object(__name__)
 app.register_blueprint(api10, url_prefix='/1.0/reviews')
 app.register_blueprint(admin, url_prefix='/admin')
 
+# use the hash as the session key
+if 'ODRS_REVIEWS_SECRET' in os.environ:
+    app.secret_key = os.environ['ODRS_REVIEWS_SECRET']
+
 login_manager = LoginManager()
 login_manager.init_app(app)
 
@@ -79,6 +83,7 @@ if __name__ == '__main__':
 
     # we need this
     if not 'ODRS_REVIEWS_SECRET' in os.environ:
+        os.environ['ODRS_REVIEWS_SECRET'] = 'dummy'
         print('NO ODRS_REVIEWS_SECRET DEFINED, WE ARE INSECURE')
 
     app.run()

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]