diff options
author | Aidan Haran <aidanharan@yahoo.com> | 2017-12-09 13:41:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-09 13:41:02 +0000 |
commit | 66f34a8ea58c8c98d9cc2651d386c9e5a0789d08 (patch) | |
tree | d24e9014cf9045abc892ba97ac993e2e26e31c7e /railties/lib/rails/application.rb | |
parent | 3291fa3630c456450f8c6a9b771f77c293d036cd (diff) | |
parent | 55d4cf2a9c1a6e77ed7aedb866e964039bb4a143 (diff) | |
download | rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.gz rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.bz2 rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.zip |
Merge branch 'master' into custom-discarded-job-handling
Diffstat (limited to 'railties/lib/rails/application.rb')
-rw-r--r-- | railties/lib/rails/application.rb | 73 |
1 files changed, 60 insertions, 13 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index abfec90b6d..293a736bfd 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -6,8 +6,9 @@ require "active_support/core_ext/object/blank" require "active_support/key_generator" require "active_support/message_verifier" require "active_support/encrypted_configuration" -require_relative "engine" -require_relative "secrets" +require "active_support/deprecation" +require "rails/engine" +require "rails/secrets" module Rails # An Engine with the responsibility of coordinating the whole boot process. @@ -173,8 +174,9 @@ module Rails # team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220 @caching_key_generator ||= if secret_key_base - ActiveSupport::CachingKeyGenerator.new \ + ActiveSupport::CachingKeyGenerator.new( ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000) + ) else ActiveSupport::LegacyKeyGenerator.new(secrets.secret_token) end @@ -259,8 +261,14 @@ module Rails "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt, "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt, "action_dispatch.authenticated_encrypted_cookie_salt" => config.action_dispatch.authenticated_encrypted_cookie_salt, + "action_dispatch.use_authenticated_cookie_encryption" => config.action_dispatch.use_authenticated_cookie_encryption, + "action_dispatch.encrypted_cookie_cipher" => config.action_dispatch.encrypted_cookie_cipher, + "action_dispatch.signed_cookie_digest" => config.action_dispatch.signed_cookie_digest, "action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer, - "action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest + "action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest, + "action_dispatch.cookies_rotations" => config.action_dispatch.cookies_rotations, + "action_dispatch.content_security_policy" => config.content_security_policy, + "action_dispatch.content_security_policy_report_only" => config.content_security_policy_report_only ) end end @@ -394,6 +402,12 @@ module Rails # Fallback to config.secret_token if secrets.secret_token isn't set secrets.secret_token ||= config.secret_token + if secrets.secret_token.present? + ActiveSupport::Deprecation.warn( + "`secrets.secret_token` is deprecated in favor of `secret_key_base` and will be removed in Rails 6.0." + ) + end + secrets end end @@ -414,19 +428,52 @@ module Rails if Rails.env.test? || Rails.env.development? Digest::MD5.hexdigest self.class.name else - validate_secret_key_base \ + validate_secret_key_base( ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base + ) end end - # Decrypts the credentials hash as kept in `config/credentials.yml.enc`. This file is encrypted with - # the Rails master key, which is either taken from ENV["RAILS_MASTER_KEY"] or from loading - # `config/master.key`. + # Decrypts the credentials hash as kept in +config/credentials.yml.enc+. This file is encrypted with + # the Rails master key, which is either taken from <tt>ENV["RAILS_MASTER_KEY"]</tt> or from loading + # +config/master.key+. def credentials - @credentials ||= ActiveSupport::EncryptedConfiguration.new \ - config_path: Rails.root.join("config/credentials.yml.enc"), - key_path: Rails.root.join("config/master.key"), - env_key: "RAILS_MASTER_KEY" + @credentials ||= encrypted("config/credentials.yml.enc") + end + + # Shorthand to decrypt any encrypted configurations or files. + # + # For any file added with <tt>bin/rails encrypted:edit</tt> call +read+ to decrypt + # the file with the master key. + # The master key is either stored in +config/master.key+ or <tt>ENV["RAILS_MASTER_KEY"]</tt>. + # + # Rails.application.encrypted("config/mystery_man.txt.enc").read + # # => "We've met before, haven't we?" + # + # It's also possible to interpret encrypted YAML files with +config+. + # + # Rails.application.encrypted("config/credentials.yml.enc").config + # # => { next_guys_line: "I don't think so. Where was it you think we met?" } + # + # Any top-level configs are also accessible directly on the return value: + # + # Rails.application.encrypted("config/credentials.yml.enc").next_guys_line + # # => "I don't think so. Where was it you think we met?" + # + # The files or configs can also be encrypted with a custom key. To decrypt with + # a key in the +ENV+, use: + # + # Rails.application.encrypted("config/special_tokens.yml.enc", env_key: "SPECIAL_TOKENS") + # + # Or to decrypt with a file, that should be version control ignored, relative to +Rails.root+: + # + # Rails.application.encrypted("config/special_tokens.yml.enc", key_path: "config/special_tokens.key") + def encrypted(path, key_path: "config/master.key", env_key: "RAILS_MASTER_KEY") + ActiveSupport::EncryptedConfiguration.new( + config_path: Rails.root.join(path), + key_path: Rails.root.join(key_path), + env_key: env_key + ) end def to_app #:nodoc: @@ -464,7 +511,7 @@ module Rails def run_tasks_blocks(app) #:nodoc: railties.each { |r| r.run_tasks_blocks(app) } super - require_relative "tasks" + require "rails/tasks" task :environment do ActiveSupport.on_load(:before_initialize) { config.eager_load = false } |