From bb8952887bdaaa65e23b20af8029e99525d98d3f Mon Sep 17 00:00:00 2001
From: Gunnar Schaefer <gsfr@stanford.edu>
Date: Mon, 14 Dec 2015 10:14:31 -0800
Subject: [PATCH] Move drone_secret to core config to avoid exposure

---
 api/base.py   | 4 ++--
 api/config.py | 2 +-
 sample.config | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/base.py b/api/base.py
index ee1aa1a8..89269a03 100644
--- a/api/base.py
+++ b/api/base.py
@@ -73,9 +73,9 @@ class RequestHandler(webapp2.RequestHandler):
 
         # Drone shared secret authentication
         elif drone_secret is not None and user_agent.startswith('SciTran Drone '):
-            if config.get_item('auth', 'drone_secret') is None:
+            if config.get_item('core', 'drone_secret') is None:
                 self.abort(401, 'drone secret not configured')
-            if drone_secret != config.get_item('auth', 'drone_secret'):
+            if drone_secret != config.get_item('core', 'drone_secret'):
                 self.abort(401, 'invalid drone secret')
             log.info('drone "' + user_agent.replace('SciTran Drone ', '') + '" request accepted')
             drone_request = True
diff --git a/api/config.py b/api/config.py
index 555e8768..0b29d7de 100644
--- a/api/config.py
+++ b/api/config.py
@@ -25,6 +25,7 @@ DEFAULT_CONFIG = {
         'debug': False,
         'insecure': False,
         'newrelic': None,
+        'drone_secret': None,
     },
     'site': {
         '_id': 'local',
@@ -35,7 +36,6 @@ DEFAULT_CONFIG = {
         'ssl_cert': None,
     },
     'auth': {
-        'drone_secret': None,
         'client_id': '1052740023071-n20pk8h5uepdua3r8971pc6jrf25lvee.apps.googleusercontent.com',
         'id_endpoint': 'https://www.googleapis.com/plus/v1/people/me/openIdConnect',
         'auth_endpoint': 'https://accounts.google.com/o/oauth2/auth',
diff --git a/sample.config b/sample.config
index 3b53d494..d769ca55 100644
--- a/sample.config
+++ b/sample.config
@@ -10,6 +10,7 @@
 #SCITRAN_CORE_INSECURE=false                        # accept user name as query param
 #SCITRAN_CORE_LOG_LEVEL=debug
 #SCITRAN_CORE_NEWRELIC=none
+#SCITRAN_CORE_DRONE_SECRET=""
 
 #SCITRAN_SITE__ID=""
 #SCITRAN_SITE_NAME=""
@@ -26,6 +27,5 @@
 
 #SCITRAN_AUTH_AUTH_ENDPOINT=""
 #SCITRAN_AUTH_CLIENT_ID=""
-#SCITRAN_AUTH_DRONE_SECRET=""
 #SCITRAN_AUTH_ID_ENDPOINT=""
 #SCITRAN_AUTH_VERIFY_ENDPOINT=""
-- 
GitLab