diff options
author | lislis <lislis@users.noreply.github.com> | 2019-04-28 20:06:48 +0300 |
---|---|---|
committer | Jonne Haß <me@jhass.eu> | 2019-04-28 20:06:48 +0300 |
commit | 1da118780e3edb611c245819435c4149ba497119 (patch) | |
tree | b1a14d6f05bf6bd0e02b7cc818eb606e90569165 /lib | |
parent | ce597380e63b2b831162397acd1d3d73cd150ab1 (diff) |
Two factor authentication (#7751)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/configuration_methods.rb | 30 | ||||
-rw-r--r-- | lib/tasks/generate_2fa_encription_key.rake | 24 |
2 files changed, 48 insertions, 6 deletions
diff --git a/lib/configuration_methods.rb b/lib/configuration_methods.rb index 511e8e2d2..487b70672 100644 --- a/lib/configuration_methods.rb +++ b/lib/configuration_methods.rb @@ -52,25 +52,43 @@ module Configuration def secret_token if heroku? - return ENV['SECRET_TOKEN'] if ENV['SECRET_TOKEN'] + return ENV["SECRET_TOKEN"] if ENV["SECRET_TOKEN"] + warn "FATAL: Running on Heroku with SECRET_TOKEN unset" warn " Run heroku config:add SECRET_TOKEN=#{SecureRandom.hex(40)}" - Process.exit(1) + abort else token_file = File.expand_path( - '../config/initializers/secret_token.rb', + "../config/initializers/secret_token.rb", File.dirname(__FILE__) ) - unless File.exist? token_file - `DISABLE_SPRING=1 bin/rake generate:secret_token` - end + system "DISABLE_SPRING=1 bin/rake generate:secret_token" unless File.exist? token_file require token_file Diaspora::Application.config.secret_key_base end end + def twofa_encryption_key + if heroku? + return ENV["TWOFA_ENCRYPTION_KEY"] if ENV["TWOFA_ENCRYPTION_KEY"] + + warn "FATAL: Running on Heroku with TWOFA_ENCRYPTION_KEY unset" + warn " Run heroku config:add TWOFA_ENCRYPTION_KEY=#{SecureRandom.hex(32)}" + abort + else + key_file = File.expand_path( + "../config/initializers/twofa_encryption_key.rb", + File.dirname(__FILE__) + ) + system "DISABLE_SPRING=1 bin/rake generate:twofa_key" unless File.exist? key_file + require key_file + Diaspora::Application.config.twofa_encryption_key + end + end + def version_string return @version_string unless @version_string.nil? + @version_string = version.number.to_s @version_string = "#{@version_string}-p#{git_revision[0..7]}" if git_available? @version_string diff --git a/lib/tasks/generate_2fa_encription_key.rake b/lib/tasks/generate_2fa_encription_key.rake new file mode 100644 index 000000000..53572f51f --- /dev/null +++ b/lib/tasks/generate_2fa_encription_key.rake @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +namespace :generate do + desc "Generates a key for encrypting 2fa tokens" + task :twofa_key do + path = Rails.root.join("config", "initializers", "twofa_encryption_key.rb") + key = SecureRandom.hex(32) + File.open(path, "w") do |f| + f.write <<~CONF + # frozen_string_literal: true + + # The 2fa encryption key is used to encrypt users' OTP tokens in the database. + + # You can regenerate this key by running `rake generate:twofa_key` + + # If you change this key after a user has set up 2fa + # the users' tokens cannot be recovered + # and they will not be able to log in again! + + Diaspora::Application.config.twofa_encryption_key = "#{key}" + CONF + end + end +end |