Rename config.cookie_secret to config.secret_token and pass it as configuration in request.env. This is another step forward removing global configuration.

14 files changed, 55 insertions, 21 deletions

diff --git a/railties/CHANGELOG b/railties/CHANGELOG
index 24ba378efe..82684e4614 100644
--- a/railties/CHANGELOG
+++ b/railties/CHANGELOG
@@ -1,3 +1,5 @@
+* Renamed config.cookie_secret to config.secret_token and pass it as env key. [JV]
+
 *Rails 3.0.0 [beta 2] (April 1st, 2010)*
 
 * Session store configuration has changed [YK & CL]
@@ -6,12 +8,11 @@
     config.cookie_secret = "fdsfhisdghfidugnfdlg"
 
 * railtie_name and engine_name are deprecated. You can now add any object to
-  the configuration object: config.your_plugin = {} [JK]
+  the configuration object: config.your_plugin = {} [JV]
 
 * Added config.generators.templates to provide alternative paths for the generators
   to look for templates [JV]
 
-
 *Rails 3.0.0 [beta 1] (February 4, 2010)*
 
 * Added "rake about" as a replacement for script/about [DHH]
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 0084309ea4..38a5aa8ca3 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -1,3 +1,4 @@
+require 'active_support/core_ext/hash/reverse_merge'
 require 'fileutils'
 require 'rails/plugin'
 require 'rails/engine'
@@ -128,8 +129,14 @@ module Rails
     end
 
     def call(env)
-      env["action_dispatch.parameter_filter"] = config.filter_parameters
-      app.call(env)
+      app.call(env.reverse_merge!(env_defaults))
+    end
+
+    def env_defaults
+      @env_defaults ||= {
+        "action_dispatch.parameter_filter" => config.filter_parameters,
+        "action_dispatch.secret_token" => config.secret_token
+      }
     end
 
     def initializers
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 5c7de616be..d3e4742e8a 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -6,7 +6,7 @@ module Rails
       include ::Rails::Configuration::Deprecated
 
       attr_accessor :allow_concurrency, :cache_classes, :cache_store,
-                    :cookie_secret, :consider_all_requests_local, :dependency_loading,
+                    :secret_token, :consider_all_requests_local, :dependency_loading,
                     :filter_parameters,  :log_level, :logger, :metals,
                     :plugins, :preload_frameworks, :reload_engines, :reload_plugins,
                     :serve_static_assets, :time_zone, :whiny_nils
@@ -37,6 +37,7 @@ module Rails
           paths.app.controllers << builtin_controller if builtin_controller
           paths.config.database    "config/database.yml"
           paths.config.environment "config/environments", :glob => "#{Rails.env}.rb"
+          paths.lib.templates      "lib/templates"
           paths.log                "log/#{Rails.env}.log"
           paths.tmp                "tmp"
           paths.tmp.cache          "tmp/cache"
@@ -123,7 +124,7 @@ module Rails
 
       def session_options
         return @session_options unless @session_store == :cookie_store
-        @session_options.merge(:secret => @cookie_secret)
+        @session_options.merge(:secret => @secret_token)
       end
 
       def default_middleware_stack
diff --git a/railties/lib/rails/application/finisher.rb b/railties/lib/rails/application/finisher.rb
index 978490f25f..94507bb387 100644
--- a/railties/lib/rails/application/finisher.rb
+++ b/railties/lib/rails/application/finisher.rb
@@ -3,6 +3,10 @@ module Rails
     module Finisher
       include Initializable
 
+      initializer :add_generator_templates do
+        config.generators.templates.unshift(*paths.lib.templates.to_a)
+      end
+
       initializer :ensure_load_once_paths_as_subset do
         extra = ActiveSupport::Dependencies.load_once_paths -
                 ActiveSupport::Dependencies.load_paths
diff --git a/railties/lib/rails/configuration.rb b/railties/lib/rails/configuration.rb
index 73ae9bcb16..dfd849b4bb 100644
--- a/railties/lib/rails/configuration.rb
+++ b/railties/lib/rails/configuration.rb
@@ -104,6 +104,18 @@ module Rails
           "please do paths.app.controllers instead", caller
         paths.app.controllers.to_a.uniq
       end
+
+      def cookie_secret=(value)
+        ActiveSupport::Deprecation.warn "config.cookie_secret= is deprecated, " <<
+          "please use config.secret_token= instead", caller
+        self.secret_token = value
+      end
+
+      def cookie_secret
+        ActiveSupport::Deprecation.warn "config.cookie_secret is deprecated, " <<
+          "please use config.secret_token instead", caller
+        self.secret_token
+      end
     end
   end
 end
diff --git a/railties/lib/rails/engine.rb b/railties/lib/rails/engine.rb
index e9013348b5..54c97258ce 100644
--- a/railties/lib/rails/engine.rb
+++ b/railties/lib/rails/engine.rb
@@ -193,17 +193,13 @@ module Rails
       app.metal_loader.paths.unshift(*paths.app.metals.to_a)
     end
 
-    initializer :add_generator_templates do |app|
-      config.generators.templates.unshift(*paths.lib.templates.to_a)
-    end
-
-    initializer :load_application_initializers do
+    initializer :load_config_initializers do
       paths.config.initializers.to_a.sort.each do |initializer|
         load(initializer)
       end
     end
 
-    initializer :load_application_classes do |app|
+    initializer :load_app_classes do |app|
       next if $rails_rake_task
 
       if app.config.cache_classes
diff --git a/railties/lib/rails/engine/configuration.rb b/railties/lib/rails/engine/configuration.rb
index b8f1f1009c..2129e10af8 100644
--- a/railties/lib/rails/engine/configuration.rb
+++ b/railties/lib/rails/engine/configuration.rb
@@ -23,7 +23,6 @@ module Rails
           paths.app.views           "app/views",           :eager_load => true
           paths.lib                 "lib",                 :load_path => true
           paths.lib.tasks           "lib/tasks",           :glob => "**/*.rake"
-          paths.lib.templates       "lib/templates"
           paths.config              "config"
           paths.config.initializers "config/initializers", :glob => "**/*.rb"
           paths.config.locales      "config/locales",      :glob => "*.{rb,yml}"
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt
index be627fbbcc..c2fa31aadb 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/secret_token.rb.tt
@@ -4,4 +4,4 @@
 # If you change this key, all old signed cookies will become invalid!
 # Make sure the secret is at least 30 characters and all random, 
 # no regular words or you'll be exposed to dictionary attacks.
-Rails.application.config.cookie_secret = '<%= app_secret %>'
+Rails.application.config.secret_token = '<%= app_secret %>'
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
index 9e32fb930e..a869a21e2c 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/session_store.rb.tt
@@ -1,8 +1,6 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, {
-  :key => '_<%= app_name %>_session',
-}
+Rails.application.config.session_store :cookie_store, :key => '_<%= app_name %>_session'
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information
diff --git a/railties/lib/rails/plugin.rb b/railties/lib/rails/plugin.rb
index 0997be1b6f..fcdd099135 100644
--- a/railties/lib/rails/plugin.rb
+++ b/railties/lib/rails/plugin.rb
@@ -61,7 +61,7 @@ module Rails
       @config ||= Engine::Configuration.new
     end
 
-    initializer :load_init_rb, :before => :load_application_initializers do |app|
+    initializer :load_init_rb, :before => :load_config_initializers do |app|
       files = %w(rails/init.rb init.rb).map { |path| File.expand_path path, root }
       if initrb = files.find { |path| File.file? path }
         if initrb == files.first
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 68ca2acaad..90f2e2b370 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -234,6 +234,22 @@ module ApplicationTests
       assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"]
     end
 
+    test "config.secret_token is sent in env" do
+      make_basic_app do |app|
+        app.config.secret_token = 'ThisIsASECRET123'
+      end
+
+      class ::OmgController < ActionController::Base
+        def index
+          cookies.signed[:some_key] = "some_value"
+          render :text => env["action_dispatch.secret_token"]
+        end
+      end
+
+      get "/"
+      assert_equal 'ThisIsASECRET123', last_response.body
+    end
+
     test "protect from forgery is the default in a new app" do
       make_basic_app
 
diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb
index 284f7e2e5b..f31ca01fbf 100644
--- a/railties/test/application/middleware_stack_defaults_test.rb
+++ b/railties/test/application/middleware_stack_defaults_test.rb
@@ -10,7 +10,7 @@ class MiddlewareStackDefaultsTest < Test::Unit::TestCase
 
     Object.const_set(:MyApplication, Class.new(Rails::Application))
     MyApplication.class_eval do
-      config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+      config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
       config.session_store :cookie_store, :key => "_myapp_session"
     end
   end
diff --git a/railties/test/application/url_generation_test.rb b/railties/test/application/url_generation_test.rb
index 04f5454e09..72cae23985 100644
--- a/railties/test/application/url_generation_test.rb
+++ b/railties/test/application/url_generation_test.rb
@@ -14,7 +14,7 @@ module ApplicationTests
       require "action_controller/railtie"
 
       class MyApp < Rails::Application
-        config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+        config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
         config.session_store :cookie_store, :key => "_myapp_session"
       end
 
diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb
index 8f2f15b49e..e6896a1629 100644
--- a/railties/test/isolation/abstract_unit.rb
+++ b/railties/test/isolation/abstract_unit.rb
@@ -100,7 +100,7 @@ module TestHelpers
         end
       end
 
-      add_to_config 'config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"; config.session_store :cookie_store, :key => "_myapp_session"'
+      add_to_config 'config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"; config.session_store :cookie_store, :key => "_myapp_session"'
     end
 
     class Bukkit