From f1d6a0e4d25ad67fead3ed215495adcf08332c80 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Wed, 28 Nov 2007 19:36:59 +0000
Subject: Introduce SecretKeyGenerator for more secure session secrets than
 CGI::Session's pseudo-random id generator. Consider extracting to Active
 Support later. Closes #10286.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8229 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 .../rails_generator/generators/applications/app/app_generator.rb    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'railties/lib/rails_generator/generators/applications')

diff --git a/railties/lib/rails_generator/generators/applications/app/app_generator.rb b/railties/lib/rails_generator/generators/applications/app/app_generator.rb
index 55c8bf3239..02d9b0fb88 100644
--- a/railties/lib/rails_generator/generators/applications/app/app_generator.rb
+++ b/railties/lib/rails_generator/generators/applications/app/app_generator.rb
@@ -1,5 +1,6 @@
 require 'rbconfig'
 require 'digest/md5' 
+require 'rails_generator/secret_key_generator'
 
 class AppGenerator < Rails::Generator::Base
   DEFAULT_SHEBANG = File.join(Config::CONFIG['bindir'],
@@ -33,6 +34,9 @@ class AppGenerator < Rails::Generator::Base
     md5 << String($$)
     md5 << @app_name
 
+    # Do our best to generate a secure secret key for CookieStore
+    secret = Rails::SecretKeyGenerator.new(@app_name).generate_secret
+
     record do |m|
       # Root directory and all subdirectories.
       m.directory ''
@@ -61,7 +65,7 @@ class AppGenerator < Rails::Generator::Base
 
       # Environments
       m.file "environments/boot.rb",    "config/boot.rb"
-      m.template "environments/environment.rb", "config/environment.rb", :assigns => { :freeze => options[:freeze], :app_name => @app_name, :app_secret => md5.hexdigest }
+      m.template "environments/environment.rb", "config/environment.rb", :assigns => { :freeze => options[:freeze], :app_name => @app_name, :app_secret => secret }
       m.file "environments/production.rb",  "config/environments/production.rb"
       m.file "environments/development.rb", "config/environments/development.rb"
       m.file "environments/test.rb",        "config/environments/test.rb"
-- 
cgit v1.2.3