Warning for using the default secret_key

stefano-maggiolo · stefano-maggiolo · commit 4a31176ac92e · 2015-01-08T16:01:25.000Z
diff --git a/cms/conf.py b/cms/conf.py
@@ -3,7 +3,7 @@
 
 # Contest Management System - http://cms-dev.github.io/
 # Copyright © 2010-2014 Giovanni Mascellani <mascellani@poisson.phc.unipi.it>
-# Copyright © 2010-2012 Stefano Maggiolo <s.maggiolo@gmail.com>
+# Copyright © 2010-2015 Stefano Maggiolo <s.maggiolo@gmail.com>
 # Copyright © 2010-2012 Matteo Boscariol <boscarim@hotmail.com>
 # Copyright © 2013 Luca Wehrstedt <luca.wehrstedt@gmail.com>
 # Copyright © 2014 Fabian Gundlach <320pointsguy@gmail.com>
@@ -69,7 +69,8 @@ def __init__(self):
         self.sandbox_implementation = 'isolate'
 
         # WebServers.
-        self.secret_key = "8e045a51e4b102ea803c06f92841a1fb"
+        self.secret_key_default = "8e045a51e4b102ea803c06f92841a1fb"
+        self.secret_key = self.secret_key_default
         self.tornado_debug = False
 
         # ContestWebServer.
diff --git a/cms/server/static/aws_style.css b/cms/server/static/aws_style.css
@@ -161,6 +161,14 @@ ul.normal_list {
     text-shadow: none;
 }
 
+.secret_notice {
+    font-size: 0.8em;
+    line-height: 1.125em;
+    text-align: center;
+    margin: 20px auto 20px;
+    color: red;
+}
+
 .cr_notice {
     font-size: 0.6em;
     line-height: 1.125em;
diff --git a/cms/server/templates/admin/base.html b/cms/server/templates/admin/base.html
@@ -1,7 +1,8 @@
 {% import time %}
 {% import json %}
-{% from cms import DEFAULT_LANGUAGES, LANGUAGE_NAMES, LANGUAGES %}
+{% from cms import DEFAULT_LANGUAGES, LANGUAGE_NAMES, LANGUAGES, config %}
 {% from cmscommon.datetime import make_timestamp %}
+{% from cmscommon.crypto import get_hex_random_key %}
 <html>
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
@@ -65,6 +66,13 @@
     <div id="global">
       <div id="sidebar">
         <h1>Administration</h1>
+        {% if config.secret_key == config.secret_key_default %}
+        <div class="secret_notice">
+          Change secret_key in cms.conf!<br/>
+          For example,<br/>
+          {{ get_hex_random_key() }}
+        </div>
+        {% end %}
         <ul class="menu">
           <li class="menu_entry"><a class="menu_link" href="{{ url_root }}/{% if contest is not None %}{{ contest.id }}{% end %}">Overview</a></li>
           <li class="menu_entry"><a class="menu_link" href="{{ url_root }}/resourceslist{% if contest is not None %}/{{ contest.id }}{% end %}">Resource usage</a></li>
