Move drone_secret to core config to avoid exposure

api/base.py

@@ -73,9 +73,9 @@ class RequestHandler(webapp2.RequestHandler):
 
         # Drone shared secret authentication
         elif drone_secret is not None and user_agent.startswith('SciTran Drone '):
-            if config.get_item('auth', 'drone_secret') is None:
+            if config.get_item('core', 'drone_secret') is None:
                 self.abort(401, 'drone secret not configured')
-            if drone_secret != config.get_item('auth', 'drone_secret'):
+            if drone_secret != config.get_item('core', 'drone_secret'):
                 self.abort(401, 'invalid drone secret')
             log.info('drone "' + user_agent.replace('SciTran Drone ', '') + '" request accepted')
             drone_request = True

api/config.py

@@ -25,6 +25,7 @@ DEFAULT_CONFIG = {
         'debug': False,
         'insecure': False,
         'newrelic': None,
+        'drone_secret': None,
     },
     'site': {
         '_id': 'local',
@@ -35,7 +36,6 @@ DEFAULT_CONFIG = {
         'ssl_cert': None,
     },
     'auth': {
-        'drone_secret': None,
         'client_id': '1052740023071-n20pk8h5uepdua3r8971pc6jrf25lvee.apps.googleusercontent.com',
         'id_endpoint': 'https://www.googleapis.com/plus/v1/people/me/openIdConnect',
         'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',

sample.config

@@ -10,6 +10,7 @@
 #SCITRAN_CORE_INSECURE=false                        # accept user name as query param
 #SCITRAN_CORE_LOG_LEVEL=debug
 #SCITRAN_CORE_NEWRELIC=none
+#SCITRAN_CORE_DRONE_SECRET=""
 
 #SCITRAN_SITE__ID=""
 #SCITRAN_SITE_NAME=""
@@ -26,6 +27,5 @@
 
 #SCITRAN_AUTH_AUTH_ENDPOINT=""
 #SCITRAN_AUTH_CLIENT_ID=""
-#SCITRAN_AUTH_DRONE_SECRET=""
 #SCITRAN_AUTH_ID_ENDPOINT=""
 #SCITRAN_AUTH_VERIFY_ENDPOINT=""