Disallow ability to use EncryptedCookieJar with DummyKeyGenerator

Developers must set config.secret_key_base in config/initializers/secret_token.rb
author: Santiago Pastorino <santiago@wyeworks.com> 2012-11-02 00:43:24 -0200
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-11-03 14:57:54 -0200
commit: d63783983f8c03d5c624938081615579dcc753f7 (patch)
tree: b42307bc74f5d2e5eaebc0a5e080ee9e94475288 /actionpack
parent: 4faa0418453055bc81456685d418d486252cc379 (diff)
download: rails-d63783983f8c03d5c624938081615579dcc753f7.tar.gz
rails-d63783983f8c03d5c624938081615579dcc753f7.tar.bz2
rails-d63783983f8c03d5c624938081615579dcc753f7.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 1090473797..7936dcb515 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -347,6 +347,11 @@ module ActionDispatch
 
     class EncryptedCookieJar < SignedCookieJar #:nodoc:
       def initialize(parent_jar, key_generator, options = {})
+        if ActiveSupport::DummyKeyGenerator === key_generator
+          raise "Encrypted Cookies must be used in conjunction with config.secret_key_base." +
+                "Set config.secret_key_base in config/initializers/secret_token.rb"
+        end
+
         @parent_jar = parent_jar
         @options = options
         secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
author	Santiago Pastorino <santiago@wyeworks.com>	2012-11-02 00:43:24 -0200
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-11-03 14:57:54 -0200
commit	d63783983f8c03d5c624938081615579dcc753f7 (patch)
tree	b42307bc74f5d2e5eaebc0a5e080ee9e94475288 /actionpack
parent	4faa0418453055bc81456685d418d486252cc379 (diff)
download	rails-d63783983f8c03d5c624938081615579dcc753f7.tar.gz rails-d63783983f8c03d5c624938081615579dcc753f7.tar.bz2 rails-d63783983f8c03d5c624938081615579dcc753f7.zip