From 2d76aa029aea799467c4f55e85bbc23b1f3f6dc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Fri, 17 Oct 2014 13:04:35 +0200 Subject: [PATCH 1/2] Updated contribution guidelines We sadly still need to be more clear that tickets need to adhere to certain standards to be manageable... --- CONTRIBUTING.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b31b719b..cf41b053 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,11 +1,16 @@ Issues, Tickets, however you may call them ------------------------------------------ -- If you want to report a bug, **READ [How to file a bug report](https://github.com/foosel/OctoPrint/wiki/How-to-file-a-bug-report)!** Tickets will be automatically checked if they comply with the requirements outlined in that wiki node! Other then what's written in there you don't have to do anything special with your ticket. +Read the following short instructions **fully** and **follow them** if you want your ticket to be taken care of and not closed again directly! + +- Always create **one ticket for one purpose**. So don't mix two or more feature requests, support requests, bugs etc into one ticket. If you do, your ticket will be treated as if only describing the first purpose, the others will be ignored! +- If you want to report a bug, **READ AND FOLLOW [How to file a bug report](https://github.com/foosel/OctoPrint/wiki/How-to-file-a-bug-report)!** Tickets will be automatically checked if they comply with the requirements outlined in that wiki node! Other then what's written in there (**and really EVERYTHING that is written in there!**) you don't have to do anything special with your ticket. - If you want to post a **request** of any kind (feature request, documentation request, ...), **add [Request] to your issue's title!** -- If you need **support** with a problem of your installation (e.g. if you have problems getting the webcam to work), **add [Support] to your issue's title!** -- If you have a general **question**, **add [Question] to your issue's title!** -- If you have another reason for creating a ticket that doesn't fit any of the above categories, **add [Misc] to your issue's title!** +- If you need **support** with a problem of your installation (e.g. if you have problems getting the webcam to work), **add [Support] to your issue's title!**. Note that for problems like these, the [Mailinglist](https://groups.google.com/group/octoprint) or the [Google+ Community](https://plus.google.com/communities/102771308349328485741) will probably get you help faster! +- If you have a general **question**, **add [Question] to your issue's title!**. Note that for problems like these, the [Mailinglist](https://groups.google.com/group/octoprint) or the [Google+ Community](https://plus.google.com/communities/102771308349328485741) will probably get you help faster! +- If you have another reason for creating a ticket that doesn't fit any of the above categories, think hard if it might not be something better suited for the [Mailinglist](https://groups.google.com/group/octoprint) or the [Google+ Community](https://plus.google.com/communities/102771308349328485741). If you are sure it needs to be reported here, **add [Misc] to your issue's title!** + +Following these guidelines (**especially EVERYTHING mentioned in ["How to file a bug report"](https://github.com/foosel/OctoPrint/wiki/How-to-file-a-bug-report)**) is necessary so the tickets stay manageable - you are not the only one with an open issue, so please respect that you have to **play by the rules** so that your problem can be taken care of. Tickets not playing by the rules **will be closed without further investigation!**. Pull Requests ------------- From b4699825d6ab92d5451e5b1e3a06dfb81f86e777 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Thu, 23 Oct 2014 15:33:32 +0200 Subject: [PATCH 2/2] Generate the key used for session hashing individually for each server instance (cherry picked from commit 118a4f7) --- CHANGELOG.md | 1 + src/octoprint/server/__init__.py | 10 +++++++++- src/octoprint/settings.py | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ad22dac..f9f7ccd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * The API is now enabled by default and the API key -- if not yet set -- will be automatically generated on first server start and written back into ``config.yaml`` * Event subscriptions are now enabled by default (it was an accident that they weren't) +* Generate the key used for session hashing individually for each server instance ### Bug Fixes diff --git a/src/octoprint/server/__init__.py b/src/octoprint/server/__init__.py index 8b09db57..fd872141 100644 --- a/src/octoprint/server/__init__.py +++ b/src/octoprint/server/__init__.py @@ -155,7 +155,15 @@ class Server(): app.wsgi_app = ReverseProxied(app.wsgi_app) - app.secret_key = "k3PuVYgtxNm8DXKKTw2nWmFQQun9qceV" + secret_key = settings().get(["server", "secretKey"]) + if not secret_key: + import string + from random import choice + chars = string.ascii_lowercase + string.ascii_uppercase + string.digits + secret_key = "".join(choice(chars) for _ in xrange(32)) + settings().set(["server", "secretKey"], secret_key) + settings().save() + app.secret_key = secret_key loginManager = LoginManager() loginManager.session_protection = "strong" loginManager.user_callback = load_user diff --git a/src/octoprint/settings.py b/src/octoprint/settings.py index 8ed0c86f..68ba8b8f 100644 --- a/src/octoprint/settings.py +++ b/src/octoprint/settings.py @@ -41,6 +41,7 @@ default_settings = { "host": "0.0.0.0", "port": 5000, "firstRun": True, + "secretKey": None, "baseUrl": "", "scheme": "" },