# HG changeset patch
# User David Douard <david.douard@logilab.fr>
# Date 1456758993 -3600
# Node ID e245680acce305290201e8d2d3897eb800364864
# Parent  2bf1eabb2bbd33c511ccb28d93411044d6732086
[config] move config of the secret used to encrypt session's data ID in pyramid.ini (closes #11689082)

Introduce a new config entry (in pyramid.ini) for this (cubicweb.session.secret)
to replace the (now deprecated) pyramid-session-secret (in all-in-one.conf).

So we have now 3 secrets to configure:

- cubicweb.session.secret: to encrypt session's data ID stored in a cookie,
- cubicweb.auth.authtkt.session.secret: to encrypt auth cookie
- cubicweb.auth.authtkt.persistent.secret: to encrypt persistent session auth cookie

diff -r 2bf1eabb2bbd -r e245680acce3 pyramid_cubicweb/session.py
--- a/pyramid_cubicweb/session.py	Mon Mar 07 10:47:11 2016 +0100
+++ b/pyramid_cubicweb/session.py	Mon Feb 29 16:16:33 2016 +0100
@@ -144,7 +144,15 @@
 
     See also :ref:`defaults_module`
     """
-    secret = config.registry['cubicweb.config']['pyramid-session-secret']
+    settings = config.registry.settings
+    secret = settings.get('cubicweb.session.secret', '')
+    if not secret:
+        secret = config.registry['cubicweb.config'].get('pyramid-session-secret')
+        warnings.warn('''
+        Please migrate pyramid-session-secret from
+        all-in-one.conf to cubicweb.session.secret config entry in
+        your pyramid.ini file.
+        ''')
     if not secret:
         secret = 'notsosecret'
         warnings.warn('''
@@ -152,8 +160,8 @@
             !! WARNING !! !! WARNING !!
 
             The session cookies are signed with a static secret key.
-            To put your own secret key, edit your all-in-one.conf file
-            and set the 'pyramid-session-secret' key.
+            To put your own secret key, edit your pyramid.ini file
+            and set the 'cubicweb.session.secret' key.
 
             YOU SHOULD STOP THIS INSTANCE unless your really know what you
             are doing !!
diff -r 2bf1eabb2bbd -r e245680acce3 pyramid_cubicweb/tests/__init__.py
--- a/pyramid_cubicweb/tests/__init__.py	Mon Mar 07 10:47:11 2016 +0100
+++ b/pyramid_cubicweb/tests/__init__.py	Mon Feb 29 16:16:33 2016 +0100
@@ -13,8 +13,6 @@
         super(PyramidCWTest, cls).init_config(config)
         config.global_set_option('https-url', 'https://localhost.local/')
         config.global_set_option('anonymous-user', 'anon')
-        config['pyramid-auth-secret'] = 'authsecret'
-        config['pyramid-session-secret'] = 'sessionsecret'
         config.https_uiprops = None
         config.https_datadir_url = None