Require the secret config to be configured

If it's not configured the instance will looks like it is working but various features will silently break (end to end encryption, setting alternate email and probably more). One issue is that changing the secret from empty to something will break various other stuff (app token). I don't think there is a good way to solve this issue other than breaking early instead of having to handle a painful migration later on. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
nextcloud · Mar 8, 2022 · 38d4865 · 38d4865
1 parent 8a52591
commit 38d4865
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/base.php b/lib/base.php
@@ -618,6 +618,10 @@ public static function init() {
 			throw new \RuntimeException('Could not set timezone to UTC');
 		}
 
+		if (self::$config->getValue('secret', '') === '') {
+			throw new \RuntimeException('Critical: The \'secret\' config is not configured.');
+		}
+
 		//try to configure php to enable big file uploads.
 		//this doesn´t work always depending on the web server and php configuration.
 		//Let´s try to overwrite some defaults anyway