Use derived keys everywhere, http_authentication was missing it

author: Santiago Pastorino <santiago@wyeworks.com> 2012-11-02 20:26:11 -0200
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-11-03 14:57:54 -0200
commit: 5d23925f84f0241e28b3fbce740150136ba08254 (patch)
tree: 827b0954d7ee8528c7b827814172cc0b60aff92e /actionpack/lib/action_controller/metal
parent: fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1 (diff)
download: rails-5d23925f84f0241e28b3fbce740150136ba08254.tar.gz
rails-5d23925f84f0241e28b3fbce740150136ba08254.tar.bz2
rails-5d23925f84f0241e28b3fbce740150136ba08254.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 6d46586367..1537b8b806 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -249,9 +249,8 @@ module ActionController
       end
 
       def secret_token(request)
-        secret = request.env["action_dispatch.secret_token"]
-        raise "You must set config.secret_token in your app's config" if secret.blank?
-        secret
+        key_generator = request.env["action_dispatch.key_generator"]
+        key_generator.generate_key('http authentication')
       end
 
       # Uses an MD5 digest based on time to generate a value to be used only once.
author	Santiago Pastorino <santiago@wyeworks.com>	2012-11-02 20:26:11 -0200
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-11-03 14:57:54 -0200
commit	5d23925f84f0241e28b3fbce740150136ba08254 (patch)
tree	827b0954d7ee8528c7b827814172cc0b60aff92e /actionpack/lib/action_controller/metal
parent	fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1 (diff)
download	rails-5d23925f84f0241e28b3fbce740150136ba08254.tar.gz rails-5d23925f84f0241e28b3fbce740150136ba08254.tar.bz2 rails-5d23925f84f0241e28b3fbce740150136ba08254.zip