#361: Removing additional secret key, per CW's request.

author Nathan Yergler <nathan@yergler.net>

Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)

committer Nathan Yergler <nathan@yergler.net>

Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)
author Nathan Yergler <nathan@yergler.net>
Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)
committer Nathan Yergler <nathan@yergler.net>
Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini

index 37fe7130d569551f3d2278bf775afc64be045c4b..298a6951632774d615e9bb7957292ba6ce27f3e3 100644 (file)
--- a/mediagoblin/config_spec.ini
+++ b/mediagoblin/config_spec.ini
@@ -42,7 +42,6 @@ celery_setup_elsewhere = boolean(default=False)
  allow_attachments = boolean(default=False)
  
  # Cookie stuff
-secret_key = string(default="Something Super Duper Secrit!")
  csrf_cookie_name = string(default='mediagoblin_nonce')
  
  [storage:publicstore]
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py

index d41bcd87abe9d94d81da8433305c67d906b97691..44b799d54f42e42d0bd511e872f00508d919188d 100644 (file)
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -106,7 +106,7 @@ class CsrfMiddleware(object):
  
          return hashlib.md5("%s%s" %
                             (randrange(0, self.MAX_CSRF_KEY),
-                            mg_globals.app_config['secret_key'])).hexdigest()
+                            randrange(0, self.MAX_CSRF_KEY))).hexdigest()
  
      def verify_tokens(self, request):
          """Verify that the CSRF Cookie exists and that it matches the
author	Nathan Yergler <nathan@yergler.net>
	Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)
committer	Nathan Yergler <nathan@yergler.net>
	Sat, 1 Oct 2011 21:24:49 +0000 (14:24 -0700)
mediagoblin/config_spec.ini		patch \| blob \| blame \| history
mediagoblin/middleware/csrf.py		patch \| blob \| blame \| history