From fcb27fdbaeed0eeeb0d0ee9080f5cb0acdb76b6f Mon Sep 17 00:00:00 2001
From: Sebastien Ros <sebros@microsoft.com>
Date: Thu, 2 Sep 2010 13:51:26 -0700
Subject: [PATCH] MachineKey validation during Setup, with automatic proposed
 values

--HG--
branch : dev
---
 .../Orchard.Azure.Web/Web.Debug.config        |  2 +-
 .../Orchard.Azure.Web/Web.Release.config      |  2 +-
 .../Controllers/SetupController.cs            | 33 +++++++++++++++++++
 src/Orchard.Web/Web.config                    |  4 +--
 4 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/src/Orchard.Azure/Orchard.Azure.Web/Web.Debug.config b/src/Orchard.Azure/Orchard.Azure.Web/Web.Debug.config
index 1ae4a73f1..83e2f3bb9 100644
--- a/src/Orchard.Azure/Orchard.Azure.Web/Web.Debug.config
+++ b/src/Orchard.Azure/Orchard.Azure.Web/Web.Debug.config
@@ -2,7 +2,7 @@
 
 <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
   <system.web>
-    <machineKey xdt:Transform="Insert" validationKey="013B82F217ABB7EAB1F699E4E5B4D290030644D435994692354DAE82B06568B058BFE3C57BF199A41FFDBC84F3BC74D9C5BD96D1265F36A22D58347B591AC8DD" decryptionKey="04797035C490263D73ED991C84C5DFCD0D0206AD4F12BC3638A38FBEABEBB8C7" validation="SHA1" decryption="AES" />
+    <machineKey xdt:Transform="Insert" validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" decryption="AES" />
   </system.web>
   <system.web.extensions xdt:Transform="Remove" />
 </configuration>
\ No newline at end of file
diff --git a/src/Orchard.Azure/Orchard.Azure.Web/Web.Release.config b/src/Orchard.Azure/Orchard.Azure.Web/Web.Release.config
index 1ae4a73f1..83e2f3bb9 100644
--- a/src/Orchard.Azure/Orchard.Azure.Web/Web.Release.config
+++ b/src/Orchard.Azure/Orchard.Azure.Web/Web.Release.config
@@ -2,7 +2,7 @@
 
 <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
   <system.web>
-    <machineKey xdt:Transform="Insert" validationKey="013B82F217ABB7EAB1F699E4E5B4D290030644D435994692354DAE82B06568B058BFE3C57BF199A41FFDBC84F3BC74D9C5BD96D1265F36A22D58347B591AC8DD" decryptionKey="04797035C490263D73ED991C84C5DFCD0D0206AD4F12BC3638A38FBEABEBB8C7" validation="SHA1" decryption="AES" />
+    <machineKey xdt:Transform="Insert" validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" decryption="AES" />
   </system.web>
   <system.web.extensions xdt:Transform="Remove" />
 </configuration>
\ No newline at end of file
diff --git a/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs b/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
index e901b031a..5e37f7e4e 100644
--- a/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
@@ -1,5 +1,9 @@
 using System;
+using System.Configuration;
+using System.Security.Cryptography;
+using System.Web.Configuration;
 using System.Web.Mvc;
+using System.Linq;
 using Orchard.FileSystems.AppData;
 using Orchard.Setup.Services;
 using Orchard.Setup.ViewModels;
@@ -34,7 +38,34 @@ namespace Orchard.Setup.Controllers {
             return View(model);
         }
 
+        private bool ValidateMachineKey() {
+            // Get the machineKey section.
+            var section = ConfigurationManager.GetSection("system.web/machineKey") as MachineKeySection;
+
+            if (section == null
+                || section.DecryptionKey.Contains("AutoGenerate")
+                || section.ValidationKey.Contains("AutoGenerate")) {
+
+                var rng = new RNGCryptoServiceProvider();
+                var decryptionData = new byte[32];
+                var validationData = new byte[64];
+                
+                rng.GetBytes(decryptionData);
+                rng.GetBytes(validationData);
+
+                string decryptionKey = BitConverter.ToString(decryptionData).Replace("-", "");
+                string validationKey = BitConverter.ToString(validationData).Replace("-", "");
+
+                ModelState.AddModelError("MachineKey", T("You need to define a MachineKey value in your web.config file. Here is one for you:\n <machineKey validationKey=\"{0}\" decryptionKey=\"{1}\" validation=\"SHA1\" decryption=\"AES\" />", validationKey, decryptionKey).ToString());
+                return false;
+            }
+
+            return true;
+        }
+
         public ActionResult Index() {
+            ValidateMachineKey();
+
             var initialSettings = _setupService.Prime();
             return IndexViewResult(new SetupViewModel { AdminUsername = "admin", DatabaseIsPreconfigured = !string.IsNullOrEmpty(initialSettings.DataProvider)});
         }
@@ -49,6 +80,8 @@ namespace Orchard.Setup.Controllers {
                 ModelState.AddModelError("ConfirmPassword", T("Password confirmation must match").ToString());
             }
 
+            ValidateMachineKey();
+
             if (!ModelState.IsValid) {
                 return IndexViewResult(model);
             }
diff --git a/src/Orchard.Web/Web.config b/src/Orchard.Web/Web.config
index a11a2a1d0..43e31b3d0 100644
--- a/src/Orchard.Web/Web.config
+++ b/src/Orchard.Web/Web.config
@@ -19,8 +19,8 @@
     <defaultSettings timeout="00:30:00"/>
   </system.transactions>
   <system.web>
-    <machineKey validationKey="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" 
-                decryptionKey="0000000000000000000000000000000000000000000000000000000000000000" 
+    <machineKey validationKey="AutoGenerate" 
+                decryptionKey="AutoGenerate" 
                 validation="SHA1" 
                 decryption="AES" />
     <httpRuntime requestValidationMode="2.0" />