From b86348ab066a8c4f6ce0d2ae88c0308e0025c1e4 Mon Sep 17 00:00:00 2001
From: "stojanovskis1@icloud.com" <stojanovskis1@icloud.com>
Date: Tue, 21 Nov 2023 16:07:48 +0100
Subject: [PATCH] api-tokens fix, two different tokens secrets were generated
 for encode and decode

---
 images/ckan/2.9/setup/app/start_ckan.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/images/ckan/2.9/setup/app/start_ckan.sh b/images/ckan/2.9/setup/app/start_ckan.sh
index 58dffd7..99f09db 100755
--- a/images/ckan/2.9/setup/app/start_ckan.sh
+++ b/images/ckan/2.9/setup/app/start_ckan.sh
@@ -26,8 +26,10 @@ if grep -E "beaker.session.secret ?= ?$" $APP_DIR/production.ini
 then
     echo "Setting secrets in ini file"
     ckan config-tool $APP_DIR/production.ini "beaker.session.secret=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
-    ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
-    ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')"
+    ckan config-tool $APP_DIR/production.ini "WTF_CSRF_SECRET_KEY=$(python3 -c 'import secrets; print(secrets.token_urlsafe())')"
+    JWT_SECRET=$(python3 -c 'import secrets; print("string:" + secrets.token_urlsafe())')
+    ckan config-tool $APP_DIR/production.ini "api_token.jwt.encode.secret=$JWT_SECRET"
+    ckan config-tool $APP_DIR/production.ini "api_token.jwt.decode.secret=$JWT_SECRET"
 fi
 
 # Run the prerun script to init CKAN and create the default admin user