Reset secret of web app that could have been exposed by Doorkeeper (#13688)

There are no obvious ways it could be misused, as the secret is not
really used for anything, but it is best to secure it for the future

Follow-up to #13613
Cette révision appartient à :
Eugen Rochko 2020-05-10 18:18:12 +02:00 révisé par GitHub
Parent 8012fce727
révision 4b2d9b8a55
Signature inconnue de Forgejo
ID de la clé GPG: 4AEE18F83AFDEB23
2 fichiers modifiés avec 16 ajouts et 1 suppressions

Voir le fichier

@ -0,0 +1,15 @@
class ResetWebAppSecret < ActiveRecord::Migration[5.2]
disable_ddl_transaction!
def up
web_app = Doorkeeper::Application.find_by(superapp: true)
return if web_app.nil?
web_app.renew_secret
web_app.save!
end
def down
end
end

Voir le fichier

@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2020_05_08_212852) do
ActiveRecord::Schema.define(version: 2020_05_10_110808) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"