No need to sync config.secret_token and secrets.secret_token

Just prefer secrets over config

2 files changed, 4 insertions, 41 deletions

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index ae60337af2..f8bd6096f2 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -381,13 +381,8 @@ module Rails
 
         # Fallback to config.secret_key_base if secrets.secret_key_base isn't set
         secrets.secret_key_base ||= config.secret_key_base
-        # Sync secrets.secret_token with config.secret_token, preferring secrets.secret_token
-        # note that unset config's default to "", secrets default to nil
-        if secrets.secret_token.blank? && config.secret_token.present?
-          secrets.secret_token = config.secret_token
-        elsif secrets.secret_token.present?
-          config.secret_token = secrets.secret_token
-        end
+        # Fallback to config.secret_token if secrets.secret_token isn't set
+        secrets.secret_token ||= config.secret_token
 
         secrets
       end
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 55a3456cfc..922f387987 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -347,19 +347,17 @@ module ApplicationTests
       end
     end
 
-    test "uses secrets.secret_token when secrets.secret_key_base and config.secret_token are blank" do
+    test "prefer secrets.secret_token over config.secret_token" do
       app_file 'config/initializers/secret_token.rb', <<-RUBY
         Rails.application.config.secret_token = ""
       RUBY
       app_file 'config/secrets.yml', <<-YAML
         development:
-          secret_key_base:
           secret_token: 3b7cd727ee24e8444053437c36cc66c3
       YAML
       require "#{app_path}/config/environment"
 
       assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.secrets.secret_token
-      assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.config.secret_token
     end
 
     test "application verifier can build different verifiers" do
@@ -404,7 +402,7 @@ module ApplicationTests
 
     test "config.secret_token over-writes a blank secrets.secret_token" do
       app_file 'config/initializers/secret_token.rb', <<-RUBY
-        Rails.application.config.secret_token    = "b3c631c314c0bbca50c1b2843150fe33"
+        Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
       RUBY
       app_file 'config/secrets.yml', <<-YAML
         development:
@@ -417,36 +415,6 @@ module ApplicationTests
       assert_equal 'b3c631c314c0bbca50c1b2843150fe33', app.config.secret_token
     end
 
-    test "secret_token is copied from secrets to config when set" do
-      app_file 'config/initializers/secret_token.rb', <<-RUBY
-        Rails.application.config.secret_token    = ""
-      RUBY
-      app_file 'config/secrets.yml', <<-YAML
-        development:
-          secret_key_base:
-          secret_token: 3b7cd727ee24e8444053437c36cc66c3
-      YAML
-      require "#{app_path}/config/environment"
-
-      assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.secrets.secret_token
-      assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.config.secret_token
-    end
-
-    test "secret_token is copied from secrets to config when different" do
-      app_file 'config/initializers/secret_token.rb', <<-RUBY
-        Rails.application.config.secret_token    = "b3c631c314c0bbca50c1b2843150fe33"
-      RUBY
-      app_file 'config/secrets.yml', <<-YAML
-        development:
-          secret_key_base:
-          secret_token: 3b7cd727ee24e8444053437c36cc66c3
-      YAML
-      require "#{app_path}/config/environment"
-
-      assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.secrets.secret_token
-      assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.config.secret_token
-    end
-
     test "custom secrets saved in config/secrets.yml are loaded in app secrets" do
       app_file 'config/secrets.yml', <<-YAML
         development: