Sign cookies using key deriver

author: Santiago Pastorino <santiago@wyeworks.com> 2012-10-31 01:06:46 -0200
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-11-03 14:57:53 -0200
commit: 60609bb50d5b99d78a01a945a539cccd061cd7e7 (patch)
tree: 22bffef099ab1f5ef1eb7b1ac4a97c7f2b6c49ee /railties/lib/rails
parent: fa0aebf320995a598c5bffda729aed4429681f3a (diff)
download: rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.gz
rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.bz2
rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.zip
3 files changed, 18 insertions, 5 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 9ef001c7d0..f22025d35e 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -1,5 +1,7 @@
 require 'fileutils'
 require 'active_support/queueing'
+# FIXME remove DummyKeyGenerator and this require in 4.1
+require 'active_support/key_generator'
 require 'rails/engine'
 
 module Rails
@@ -106,7 +108,11 @@ module Rails
     def key_generator
       # number of iterations selected based on consultation with the google security
       # team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220
-      @key_generator ||= ActiveSupport::KeyGenerator.new(config.secret_token, iterations: 1000)
+      @key_generator ||= if config.secret_token_key
+                           ActiveSupport::KeyGenerator.new(config.secret_token_key, iterations: 1000)
+                         else
+                           ActiveSupport::DummyKeyGenerator.new(config.secret_token)
+                         end
     end
 
     # Stores some of the Rails initial environment parameters which
@@ -119,6 +125,7 @@ module Rails
     #   * "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
     #   * "action_dispatch.logger"                   => Rails.logger,
     #   * "action_dispatch.backtrace_cleaner"        => Rails.backtrace_cleaner
+    #   * "action_dispatch.key_generator"            => key_generator
     #
     # These parameters will be used by middlewares and engines to configure themselves
     #
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index cc21213f1c..b01b97aa67 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -10,12 +10,12 @@ module Rails
                     :cache_classes, :cache_store, :consider_all_requests_local, :console,
                     :eager_load, :exceptions_app, :file_watcher, :filter_parameters,
                     :force_ssl, :helpers_paths, :logger, :log_formatter, :log_tags,
-                    :railties_order, :relative_url_root, :secret_token,
+                    :railties_order, :relative_url_root, :secret_token_key,
                     :serve_static_assets, :ssl_options, :static_cache_control, :session_options,
                     :time_zone, :reload_classes_only_on_change,
                     :queue, :queue_consumer, :beginning_of_week
 
-      attr_writer :log_level
+      attr_writer :secret_token, :log_level
       attr_reader :encoding
 
       def initialize(*)
@@ -46,6 +46,8 @@ module Rails
         @queue                         = ActiveSupport::SynchronousQueue.new
         @queue_consumer                = nil
         @eager_load                    = nil
+        @secret_token                  = nil
+        @secret_token_key              = nil
 
         @assets = ActiveSupport::OrderedOptions.new
         @assets.enabled                  = false
@@ -144,6 +146,10 @@ module Rails
       def whiny_nils=(*)
         ActiveSupport::Deprecation.warn "config.whiny_nils option is deprecated and no longer works"
       end
+
+      def secret_token
+        @secret_token_key || @secret_token
+      end
     end
   end
 end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt
index 3c5611ca59..d96185ae2a 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt
@@ -7,6 +7,6 @@
 # no regular words or you'll be exposed to dictionary attacks.
 # You can use `rake secret` to generate a secure secret key.
 
-# Make sure your secret_token is kept private
+# Make sure your secret_token_key is kept private
 # if you're sharing your code publicly.
-<%= app_const %>.config.secret_token = '<%= app_secret %>'
+<%= app_const %>.config.secret_token_key = '<%= app_secret %>'
author	Santiago Pastorino <santiago@wyeworks.com>	2012-10-31 01:06:46 -0200
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-11-03 14:57:53 -0200
commit	60609bb50d5b99d78a01a945a539cccd061cd7e7 (patch)
tree	22bffef099ab1f5ef1eb7b1ac4a97c7f2b6c49ee /railties/lib/rails
parent	fa0aebf320995a598c5bffda729aed4429681f3a (diff)
download	rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.gz rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.bz2 rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.zip