Raise an error only when `require_master_key` is specified

To prevent errors from being raise in environments where credentials is unnecessary. Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489 Fixes #31283
author: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2017-12-05 21:41:19 +0900
committer: yuuji.yaginuma <yuuji.yaginuma@gmail.com> 2017-12-18 08:04:15 +0900
commit: 35373219c91ea8096ef2f8e7f3c62bcd46f436be (patch)
tree: 568eddd5f7ef943f297c8cfe56d1087d371d5122 /railties/test
parent: daf15f58b943d85d8fb726590ae94f77ca0a5d5f (diff)
download: rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.tar.gz
rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.tar.bz2
rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.zip
3 files changed, 44 insertions, 8 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index d28f7ffc7f..ec745a397e 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -707,6 +707,14 @@ module ApplicationTests
       assert_match(/Missing.*RAILS_MASTER_KEY/, error)
     end
 
+    test "credentials does not raise error when require_master_key is false and master key does not exist" do
+      remove_file "config/master.key"
+      add_to_config "config.require_master_key = false"
+      app "development"
+
+      assert_not app.credentials.secret_key_base
+    end
+
     test "protect from forgery is the default in a new app" do
       make_basic_app
 
diff --git a/railties/test/commands/credentials_test.rb b/railties/test/commands/credentials_test.rb
index f1bb1ef08a..7c464b3fde 100644
--- a/railties/test/commands/credentials_test.rb
+++ b/railties/test/commands/credentials_test.rb
@@ -26,10 +26,6 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
     end
   end
 
-  test "show credentials" do
-    assert_match(/access_key_id: 123/, run_show_command)
-  end
-
   test "edit command does not add master key to gitignore when already exist" do
     run_edit_command
 
@@ -47,6 +43,24 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
     assert_match(/api_key: abc/, run_show_command)
   end
 
+  test "show credentials" do
+    assert_match(/access_key_id: 123/, run_show_command)
+  end
+
+  test "show command raise error when require_master_key is specified and key does not exist" do
+    remove_file "config/master.key"
+    add_to_config "config.require_master_key = true"
+
+    assert_match(/Missing encryption key to decrypt file with/, run_show_command(allow_failure: true))
+  end
+
+  test "show command does not raise error when require_master_key is false and master key does not exist" do
+    remove_file "config/master.key"
+    add_to_config "config.require_master_key = false"
+
+    assert_match(/Missing master key to decrypt credentials/, run_show_command)
+  end
+
   private
     def run_edit_command(editor: "cat")
       switch_env("EDITOR", editor) do
@@ -54,7 +68,7 @@ class Rails::Command::CredentialsCommandTest < ActiveSupport::TestCase
       end
     end
 
-    def run_show_command
-      rails "credentials:show"
+    def run_show_command(**options)
+      rails "credentials:show", **options
     end
 end
diff --git a/railties/test/commands/encrypted_test.rb b/railties/test/commands/encrypted_test.rb
index 0461493f2a..6647dcc902 100644
--- a/railties/test/commands/encrypted_test.rb
+++ b/railties/test/commands/encrypted_test.rb
@@ -52,6 +52,20 @@ class Rails::Command::EncryptedCommandTest < ActiveSupport::TestCase
     assert_match(/access_key_id: 123/, run_show_command("config/tokens.yml.enc", key: "config/tokens.key"))
   end
 
+  test "show command raise error when require_master_key is specified and key does not exist" do
+    add_to_config "config.require_master_key = true"
+
+    assert_match(/Missing encryption key to decrypt file with/,
+      run_show_command("config/tokens.yml.enc", key: "unexist.key", allow_failure: true))
+  end
+
+  test "show command does not raise error when require_master_key is false and master key does not exist" do
+    remove_file "config/master.key"
+    add_to_config "config.require_master_key = false"
+
+    assert_match(/Missing 'config\/master\.key' to decrypt data/, run_show_command("config/tokens.yml.enc"))
+  end
+
   test "won't corrupt encrypted file when passed wrong key" do
     run_edit_command("config/tokens.yml.enc", key: "config/tokens.key")
 
@@ -68,8 +82,8 @@ class Rails::Command::EncryptedCommandTest < ActiveSupport::TestCase
       end
     end
 
-    def run_show_command(file, key: nil)
-      rails "encrypted:show", prepare_args(file, key)
+    def run_show_command(file, key: nil, **options)
+      rails "encrypted:show", prepare_args(file, key), **options
     end
 
     def prepare_args(file, key)
author	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2017-12-05 21:41:19 +0900
committer	yuuji.yaginuma <yuuji.yaginuma@gmail.com>	2017-12-18 08:04:15 +0900
commit	35373219c91ea8096ef2f8e7f3c62bcd46f436be (patch)
tree	568eddd5f7ef943f297c8cfe56d1087d371d5122 /railties/test
parent	daf15f58b943d85d8fb726590ae94f77ca0a5d5f (diff)
download	rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.tar.gz rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.tar.bz2 rails-35373219c91ea8096ef2f8e7f3c62bcd46f436be.zip