Merge branch 'fix-secret' into 'master'

Don't read otp_secret_encryption_key from hardcoded path in models/user Variable `Gitlab::Application.config.secret_key_base` is set in config/initializers/secret_token.rb. It's very bad practice to use hard-coded paths inside an application and really unnecessary in this case. Mirror of https://github.com/gitlabhq/gitlabhq/pull/10311 See merge request !4044
author: Rémy Coutable <remy@rymai.me> 2016-05-09 14:17:33 +0000
committer: Rémy Coutable <remy@rymai.me> 2016-05-09 14:17:33 +0000
commit: bdfe6dc319571dbae8340a7132e5bd6a8ea06764 (patch)
tree: 70e1d133962534c64fe5a98d675caadb9664901f
parent: 618033fb2f0461275f03541f428e33b3e1b4d721 (diff)
parent: e4c64855e8531a9375de1d64a95f2e593b80c2bd (diff)
download: gitlab-ce-bdfe6dc319571dbae8340a7132e5bd6a8ea06764.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 959b1f93758..56d6de610f0 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,7 +86,7 @@ class User < ActiveRecord::Base
   default_value_for :theme_id, gitlab_config.default_theme
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
+         otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
   alias_attribute :two_factor_enabled, :otp_required_for_login
 
   devise :two_factor_backupable, otp_number_of_backup_codes: 10
author	Rémy Coutable <remy@rymai.me>	2016-05-09 14:17:33 +0000
committer	Rémy Coutable <remy@rymai.me>	2016-05-09 14:17:33 +0000
commit	bdfe6dc319571dbae8340a7132e5bd6a8ea06764 (patch)
tree	70e1d133962534c64fe5a98d675caadb9664901f
parent	618033fb2f0461275f03541f428e33b3e1b4d721 (diff)
parent	e4c64855e8531a9375de1d64a95f2e593b80c2bd (diff)
download	gitlab-ce-bdfe6dc319571dbae8340a7132e5bd6a8ea06764.tar.gz