From aaf41d227f77b8e52ab682ca8f1dfe56b68d7fce Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 29 Aug 2013 15:27:01 +1000
Subject: [PATCH] fix secret_token init to always allow an override even if its
 too short

---
 config/initializers/secret_token.rb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index 8ff0b8bed91..4c858affbee 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -1,10 +1,13 @@
 # We have had lots of config issues with SECRET_TOKEN to avoid this mess we are moving it to redis
 #  if you feel strongly that it does not belong there use ENV['SECRET_TOKEN']
 #
-token = ENV['SECRET_TOKEN'] || $redis.get('SECRET_TOKEN')
-unless token && token.length == 128
-  token = SecureRandom.hex(64)
-  $redis.set('SECRET_TOKEN',token)
+token = ENV['SECRET_TOKEN']
+unless token
+  token = $redis.get('SECRET_TOKEN')
+  unless token && token.length == 128
+    token = SecureRandom.hex(64)
+    $redis.set('SECRET_TOKEN',token)
+  end
 end
 
 Discourse::Application.config.secret_token = token