fix: restore accidentally deleted configuration fields in default.yml

clutester · clutester · commit e7bfe0b013c7 · 2026-03-11T14:26:30.000-06:00
diff --git a/app/service/auth_svc.py b/app/service/auth_svc.py
@@ -73,9 +73,7 @@ async def apply(self, app, users):
                 for username, password in user.items():
                     await self.create_user(username, password, group)
         app.user_map = self.user_map
-
-        # --- START CUSTOM SESSION PERSISTENCE LOGIC --- DBC
-        raw_session_key = self.get_config('session_cookie_key') 
+        raw_session_key = self.get_config('session_cookie_key')
         expiration_days = self.get_config('session_expiration_days')
 
         # Safely calculate max_age in seconds, allowing for fractional days
@@ -85,8 +83,15 @@ async def apply(self, app, users):
             max_age = None
 
         if raw_session_key:
-            # Pad or truncate the string to exactly 32 bytes for the AES cipher
-            secret_key = str(raw_session_key).encode('utf-8').ljust(32, b'\0')[:32]
+            try:
+                # Pad or truncate the string to exactly 32 bytes for the AES cipher; decode as base64
+                secret_key = base64.b64decode(str(raw_session_key), validate=True)
+                self.log.debug('Using persistent session cookie key from config.')
+            except Exception:
+                self.log.exception('Invalid session cookie key provided in config. Falling back to random key.')
+                secret_key = str(raw_session_key).encode('utf-8')
+            
+            secret_key = secret_key.ljust(32, b'\0')[:32]
             self.log.debug('Using persistent session cookie key from config.')
         else:
             # Fallback to the original Caldera behavior (random key on startup)
@@ -96,8 +101,6 @@ async def apply(self, app, users):
 
         # Pass max_age to the storage initializer
         storage = EncryptedCookieStorage(secret_key, cookie_name=COOKIE_SESSION, max_age=max_age)
-        # --- END CUSTOM SESSION PERSISTENCE LOGIC --- DBC
-
         setup_session(app, storage)
         policy = SessionIdentityPolicy()
         setup_security(app, policy, DictionaryAuthorizationPolicy(self.user_map))
diff --git a/conf/default.yml b/conf/default.yml
@@ -3,33 +3,35 @@ api_key_blue: BLUEADMIN123
 api_key_red: ADMIN123
 app.contact.dns.domain: mycaldera.caldera
 app.contact.dns.socket: 0.0.0.0:8853
-app.contact.ftp.host: 0.0.0.0
-app.contact.ftp.port: 2222
-app.contact.ftp.pword: caldera
-app.contact.ftp.server.dir: ftp_dir
-app.contact.ftp.user: caldera_user
 app.contact.gist: API_KEY
 app.contact.html: /weather
 app.contact.http: http://0.0.0.0:8888
 app.contact.slack.api_key: SLACK_TOKEN
 app.contact.slack.bot_id: SLACK_BOT_ID
 app.contact.slack.channel_id: SLACK_CHANNEL_ID
-app.contact.tcp: 0.0.0.0:7010
 app.contact.tunnel.ssh.host_key_file: REPLACE_WITH_KEY_FILE_PATH
 app.contact.tunnel.ssh.host_key_passphrase: REPLACE_WITH_KEY_FILE_PASSPHRASE
 app.contact.tunnel.ssh.socket: 0.0.0.0:8022
 app.contact.tunnel.ssh.user_name: sandcat
 app.contact.tunnel.ssh.user_password: s4ndc4t!
+app.contact.ftp.host: 0.0.0.0
+app.contact.ftp.port: 2222
+app.contact.ftp.pword: caldera
+app.contact.ftp.server.dir: ftp_dir
+app.contact.ftp.user: caldera_user
+app.contact.tcp: 0.0.0.0:7010
 app.contact.udp: 0.0.0.0:7011
 app.contact.websocket: 0.0.0.0:7012
-auth.login.handler.module: default
+objects.planners.default: atomic
 crypt_salt: REPLACE_WITH_RANDOM_VALUE
 encryption_key: ADMIN123
-session_cookie_key: REPLACE_WITH_RANDOM_VALUE #persistent cookie key for sessions, should be a random value and kept secret -DBC
-session_expiration_days: 7 #Number of days before a session expires, should be set to a reasonable value and not too long or short. Edge cases show too short requires browser refresh. -DBC
+session_cookie_key: REPLACE_WITH_RANDOM_VALUE
+session_expiration_days: 7
 exfil_dir: /tmp/caldera
+reachable_host_traits:
+- remote.host.fqdn
+- remote.host.ip
 host: 0.0.0.0
-objects.planners.default: atomic
 plugins:
 - access
 - atomic
@@ -42,10 +44,8 @@ plugins:
 - stockpile
 - training
 port: 8888
-reachable_host_traits:
-- remote.host.fqdn
-- remote.host.ip
 reports_dir: /tmp
+auth.login.handler.module: default
 requirements:
   go:
     command: go version
