diff options
| author | Benjamin Fleischer <github@benjaminfleischer.com> | 2014-10-27 12:04:37 -0500 |
|---|---|---|
| committer | Benjamin Fleischer <github@benjaminfleischer.com> | 2014-11-02 21:21:09 -0600 |
| commit | db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4 (patch) | |
| tree | bd28f394bf7a6d2e093fdb4b94193de54ac6ac99 /railties/lib | |
| parent | 1d6d0cc2455f65454f7cb8f938204cddf6380e24 (diff) | |
| download | rails-db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4.tar.gz rails-db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4.tar.bz2 rails-db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4.zip | |
`secret_token` is now saved in `Rails.application.secrets.secret_token`
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
Diffstat (limited to 'railties/lib')
| -rw-r--r-- | railties/lib/rails/application.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index bc966e87c6..78b8a90432 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -175,7 +175,7 @@ module Rails key_generator = ActiveSupport::KeyGenerator.new(secrets.secret_key_base, iterations: 1000) ActiveSupport::CachingKeyGenerator.new(key_generator) else - ActiveSupport::LegacyKeyGenerator.new(config.secret_token) + ActiveSupport::LegacyKeyGenerator.new(secrets.secret_token) end end @@ -245,7 +245,7 @@ module Rails super.merge({ "action_dispatch.parameter_filter" => config.filter_parameters, "action_dispatch.redirect_filter" => config.filter_redirect, - "action_dispatch.secret_token" => config.secret_token, + "action_dispatch.secret_token" => secrets.secret_token, "action_dispatch.secret_key_base" => secrets.secret_key_base, "action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions, "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local, @@ -378,6 +378,13 @@ module Rails # Fallback to config.secret_key_base if secrets.secret_key_base isn't set secrets.secret_key_base ||= config.secret_key_base + # Sync secrets.secret_token with config.secret_token, preferring secrets.secret_token + # note that unset config's default to "", secrets default to nil + if secrets.secret_token.blank? && config.secret_token.present? + secrets.secret_token = config.secret_token + elsif secrets.secret_token.present? + config.secret_token = secrets.secret_token + end secrets end @@ -507,8 +514,13 @@ module Rails end def validate_secret_key_config! #:nodoc: - if secrets.secret_key_base.blank? && config.secret_token.blank? - raise "Missing `secret_key_base` for '#{Rails.env}' environment, set this value in `config/secrets.yml`" + if secrets.secret_key_base.blank? + ActiveSupport::Deprecation.warn "You didn't set `secret_key_base`. " + + "Read the upgrade documentation to learn more about this new config option." + + if secrets.secret_token.blank? + raise "Missing `secret_token` and `secret_key_base` for '#{Rails.env}' environment, set these values in `config/secrets.yml`" + end end end end |