reg: use pickle again in beaker

DCOR-dev · Jan 17, 2024 · 4ed8914 · 4ed8914
1 parent 743c3af
commit 4ed8914
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/dcor_control/inspect/config_ckan.py b/dcor_control/inspect/config_ckan.py
@@ -14,19 +14,20 @@
 from . import common
 
 
-def check_ckan_beaker_session_cookie_validate_key(autocorrect=False):
+def check_ckan_beaker_session_cookie_secrets(autocorrect=False):
     """Generate a beaker cookie hash secret
 
     This is the secret token that the beaker library uses to hash the
     cookie sent to the client. ckan generate config generates a unique
     value for this each time it generates a config file. When used in a
     cluster environment, the value must be the same on every machine.
     """
-    opt = get_actual_ckan_option("beaker.session.validate_key")
-    if opt == "NOT SET!":
-        check_ckan_ini_option("beaker.session.validate_key",
-                              str(uuid.uuid4()),
-                              autocorrect=autocorrect)
+    for key in ["beaker.session.validate_key"]:
+        opt = get_actual_ckan_option(key)
+        if opt == "NOT SET!":
+            check_ckan_ini_option(key,
+                                  str(uuid.uuid4()),
+                                  autocorrect=autocorrect)
 
 
 def check_ckan_ini(autocorrect=False):

diff --git a/dcor_control/resources/dcor_options.ini b/dcor_control/resources/dcor_options.ini
@@ -75,8 +75,11 @@ ckan.csrf_protection.ignore_extensions = false
 
 # cookies
 beaker.session.type = cookie
-beaker.session.data_serializer = json
+# Optimal would be "json", but there were issues with `datetime`
+# objects that could not be jsonified.
+beaker.session.data_serializer = pickle
 beaker.session.httponly = true
 beaker.session.secure = true
 beaker.session.samesite = Strict
 beaker.session.httponly = true
+beaker.session.crypto_type = cryptography