Add new secrets.yml to installation generator

(and update the dummy app to have one)

Author: reidab

lib/generators/open_conference_ware/install/install_generator.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 class OpenConferenceWare::InstallGenerator < Rails::Generators::Base
   source_root File.expand_path('../templates', __FILE__)
 
@@ -15,10 +17,18 @@ def copy_omniauth_initializer
     copy_file "omniauth_initializer.rb", "config/initializers/02_omniauth.rb"
   end
 
+  def generate_secrets_yml
+    template "secrets.yml.erb", "config/secrets.yml"
+  end
+
   def mount_engine
     route %Q{mount OpenConferenceWare::Engine => "#{mount_point}"}
   end
 
+  def replace_secret_token_initializer
+    template "secret_token.rb.erb", "config/initializers/secret_token.rb"
+  end
+
   def include_engine_seeds
     append_to_file "db/seeds.rb" do
       <<-SEED

lib/generators/open_conference_ware/install/templates/config_initializer.rb

@@ -27,6 +27,21 @@
   # TODO: Setting the current event here is a short-term hack and will be replaced shortly with a Site record that tracks the current event in the database and provides a way to set it through an admin web UI.
   # config.current_event_slug = '2012'
 
+  ##[ Secrets ]##
+  # Some are sensitive and should not be checked in to version control.
+  # These are loaded from config/secrets.yml, which should be privately copied to your
+  # server and linked by your deployment process.
+
+  secrets_file = Rails.root.join('config', 'secrets.yml')
+  if File.exists?(secrets_file)
+    secrets = YAML.load_file(secrets_file)
+    config.administrator_email = secrets["administrator_email"]
+    config.comments_secret = secrets["comments_secret"]
+    config.secret_key_base = secrets["secret_key_base"]
+  else
+    raise "Oops, config/secrets.yml could not be found."
+  end
+
   ##[ OCW Features ]##
   # Many features of OpenConferenceWare can be toggled via these settings
 
@@ -114,5 +129,4 @@
   # NOTE: The current default theme never displays any breadcrumbs, but infrastructure exists to support them.
   #
   # config.breadcrumbs = [['Home', 'http://openconferenceware.org']]
-
 end

lib/generators/open_conference_ware/install/templates/secret_token.rb.erb

@@ -0,0 +1,13 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key is used for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+# You can use `rake secret` to generate a secure secret key.
+
+# Make sure your secret_key_base is kept private
+# if you're sharing your code publicly.
+<%= Rails.application.class.to_s %>.config.secret_key_base = OpenConferenceWare.secret_key_base
+

lib/generators/open_conference_ware/install/templates/secrets.yml.erb

@@ -0,0 +1,18 @@
+#===[ Secrets ]=========================================================
+#
+# This file is meant for storing secret information that is never
+# published or committed to a revision control system.
+#
+#---[ Values ]----------------------------------------------------------
+
+# Email address of administrator that will get requests for assistance from users:
+administrator_email: 'your@email.addr'
+
+# Secret key for getting an ATOM feed of private comments:
+comments_secret: <%= SecureRandom.hex(64) %>
+
+# The Rails secret_key_base
+# Used by config/initializers/secret_token.rb
+secret_key_base: <%= SecureRandom.hex(64) %>
+
+#===[ fin ]=============================================================

lib/open_conference_ware.rb

@@ -22,11 +22,12 @@ def self.mounted_path(path)
   # Email address of administrator that will get exception notifications
   # and requests for assistance from users:
   mattr_accessor :administrator_email
-  self.administrator_email ||= 'your@email.addr'
 
   # Secret key for getting an ATOM feed of private comments:
   mattr_accessor :comments_secret
-  self.comments_secret ||= '1234'
+
+  # The secret_key_base, which we'll pass on to Rails
+  mattr_accessor :secret_key_base
 
   # Email
 

spec/dummy/config/initializers/01_open_conference_ware.rb

@@ -6,6 +6,11 @@
   # in some cases with a string like "/open_conference_ware"
   config.mount_point = '/open_conference_ware'
 
+  # Mailer host
+  # The hostname to use when generating links in emails.
+  # This shoud be the domain where OCW is hosted.
+  config.mailer_host = 'ocw.local'
+
   # Event name, or organization running events:
   config.organization = 'Open Source Bridge'
 
@@ -22,6 +27,21 @@
   # TODO: Setting the current event here is a short-term hack and will be replaced shortly with a Site record that tracks the current event in the database and provides a way to set it through an admin web UI.
   # config.current_event_slug = '2012'
 
+  ##[ Secrets ]##
+  # Some are sensitive and should not be checked in to version control.
+  # These are loaded from config/secrets.yml, which should be privately copied to your
+  # server and linked by your deployment process.
+
+  secrets_file = Rails.root.join('config', 'secrets.yml')
+  if File.exists?(secrets_file)
+    secrets = YAML.load_file(secrets_file)
+    config.administrator_email = secrets["administrator_email"]
+    config.comments_secret = secrets["comments_secret"]
+    config.secret_key_base = secrets["secret_key_base"]
+  else
+    raise "Oops, config/secrets.yml could not be found."
+  end
+
   ##[ OCW Features ]##
   # Many features of OpenConferenceWare can be toggled via these settings
 
@@ -64,13 +84,16 @@
   # Can users add comments until a toggle is flipped on the event?
   config.have_event_proposal_comments_after_deadline = true
 
+  # Can users note their favorite sessions?
+  config.have_user_favorites = true
+
   # What audience experience levels can a proposal be classified as?
   # The list will be displayed on the form in the order defined below.
   # The "slug" is the unique key defining the particular audience level, while
   # the "label" is the human-readable value displayed.
   #
   # Set this to a blank array to disable audience levels
-  config.proposal_audience_levels ||= [
+  config.proposal_audience_levels = [
     {slug: 'a', label: 'Beginner'},
     {slug: 'b', label: 'Intermediate'},
     {slug: 'c', label: 'Advanced'}
@@ -106,5 +129,4 @@
   # NOTE: The current default theme never displays any breadcrumbs, but infrastructure exists to support them.
   #
   # config.breadcrumbs = [['Home', 'http://openconferenceware.org']]
-
 end

spec/dummy/config/initializers/02_omniauth.rb

@@ -1,4 +1,4 @@
-OmniAuth.config.path_prefix = OpenConferenceWare.mounted_path("/auth")
+OmniAuth.config.path_prefix = OpenConferenceWare.mounted_path("auth")
 
 Rails.application.config.middleware.use OpenConferenceWare::OmniAuthBuilder do
   provider :developer if %w[development preview].include?(Rails.env)

spec/dummy/config/initializers/secret_token.rb

@@ -9,4 +9,5 @@
 
 # Make sure your secret_key_base is kept private
 # if you're sharing your code publicly.
-Dummy::Application.config.secret_key_base = 'cb9562396c82c1de554ec36a5832641b772ff8e0fad846dbd7833f9ee97dd05715a914fe979bc651065a1f27ea9256ce1f786e610ddaf3e4fdf98794a7855b94'
+Dummy::Application.config.secret_key_base = OpenConferenceWare.secret_key_base
+

spec/dummy/config/secrets.yml

@@ -0,0 +1,18 @@
+#===[ Secrets ]=========================================================
+#
+# This file is meant for storing secret information that is never
+# published or committed to a revision control system.
+#
+#---[ Values ]----------------------------------------------------------
+
+# Email address of administrator that will get requests for assistance from users:
+administrator_email: 'your@email.addr'
+
+# Secret key for getting an ATOM feed of private comments:
+comments_secret: e7ed7cc63ae64f10fcb1dd9c7ba34656242dca9642222dcdaa8bd63a074913d9edbe300b0bef6bdc24e9a4cf7ad3f3177c6a762a8b62ad5ca482570d3969b19b
+
+# The Rails secret_key_base
+# Used by config/initializers/secret_token.rb
+secret_key_base: 1f5085ba0fbf858fa957a9ea1406898266b8685a51da9b2127afcd8d2e54ba454a51cd59d39265e1819144da15594874dcb5a8bbfd2a5f3bcc7d30960619bb94
+
+#===[ fin ]=============================================================