feat(security): Enforce secret key for flask application.

2022-02-21 21:03:15 +01:00 · 2022-02-21 21:03:15 +01:00 · 1484d678ce
parent e82d830410
commit 1484d678ce
1 changed files with 4 additions and 4 deletions
--- a/flaschengeist/config.py
+++ b/flaschengeist/config.py
@ -89,10 +89,10 @@ def configure_app(app, test_config=None):
    )

    if "secret_key" not in config["FLASCHENGEIST"]:
-        logger.warning("No secret key was configured, please configure one for production systems!")
-        app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29"
-    else:
-        app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"]
+        logger.critical("No secret key was configured, please configure one for production systems!")
+        raise RuntimeError("No secret key was configured")
+
+    app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"]

    if test_config is not None:
        config["DATABASE"]["engine"] = "sqlite"