From 1484d678cee3c9767558a9f0bf3600a37f261e8e Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Mon, 21 Feb 2022 21:03:15 +0100 Subject: [PATCH] feat(security): Enforce secret key for flask application. --- flaschengeist/config.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flaschengeist/config.py b/flaschengeist/config.py index 9cf3b69..3dfb078 100644 --- a/flaschengeist/config.py +++ b/flaschengeist/config.py @@ -89,10 +89,10 @@ def configure_app(app, test_config=None): ) if "secret_key" not in config["FLASCHENGEIST"]: - logger.warning("No secret key was configured, please configure one for production systems!") - app.config["SECRET_KEY"] = "0a657b97ef546da90b2db91862ad4e29" - else: - app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"] + logger.critical("No secret key was configured, please configure one for production systems!") + raise RuntimeError("No secret key was configured") + + app.config["SECRET_KEY"] = config["FLASCHENGEIST"]["secret_key"] if test_config is not None: config["DATABASE"]["engine"] = "sqlite"