Use general token signing secret (#29205)

Use a clearly defined "signing secret" for token signing.
2025-07-22 18:28:37 +00:00 · 2024-02-19 01:39:04 +08:00
parent c2a8aacae5
commit 8be198cdef
9 changed files with 82 additions and 33 deletions
--- a/services/actions/auth_test.go
+++ b/services/actions/auth_test.go
@@ -20,7 +20,7 @@ func TestCreateAuthorizationToken(t *testing.T) {
 	assert.NotEqual(t, "", token)
 	claims := jwt.MapClaims{}
 	_, err = jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (interface{}, error) {
-		return []byte(setting.SecretKey), nil
+		return setting.GetGeneralTokenSigningSecret(), nil
 	})
 	assert.Nil(t, err)
 	scp, ok := claims["scp"]