Merge pull request #31651 from eugeneius/use_sha1_digests

Use SHA-1 for non-sensitive digests by default

4 files changed, 19 insertions, 7 deletions

diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index 5d8d6740c8..f02aef94e0 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -102,6 +102,7 @@ module Rails
 
           if respond_to?(:active_support)
             active_support.use_authenticated_message_encryption = true
+            active_support.use_sha1_digests = true
           end
 
           if respond_to?(:action_controller)
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
index ae665b960a..b4ef455802 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_5_2.rb.tt
@@ -25,3 +25,6 @@
 # Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and
 # 'f' after migrating old data.
 # Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
+
+# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
+# Rails.application.config.active_support.use_sha1_digests = true
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 437b1ded72..5f932f38db 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -1914,17 +1914,25 @@ module ApplicationTests
       assert_equal true, ActiveSupport::MessageEncryptor.use_authenticated_message_encryption
     end
 
-    test "config.active_support.hash_digest_class is Digest::MD5 by default" do
+    test "ActiveSupport::Digest.hash_digest_class is Digest::SHA1 by default for new apps" do
+      app "development"
+
+      assert_equal Digest::SHA1, ActiveSupport::Digest.hash_digest_class
+    end
+
+    test "ActiveSupport::Digest.hash_digest_class is Digest::MD5 by default for upgraded apps" do
+      remove_from_config '.*config\.load_defaults.*\n'
+
       app "development"
 
       assert_equal Digest::MD5, ActiveSupport::Digest.hash_digest_class
     end
 
-    test "config.active_support.hash_digest_class can be configured" do
-      app_file "config/environments/development.rb", <<-RUBY
-      Rails.application.configure do
-        config.active_support.hash_digest_class = Digest::SHA1
-      end
+    test "ActiveSupport::Digest.hash_digest_class can be configured via config.active_support.use_sha1_digests" do
+      remove_from_config '.*config\.load_defaults.*\n'
+
+      app_file "config/initializers/new_framework_defaults_5_2.rb", <<-RUBY
+      Rails.application.config.active_support.use_sha1_digests = true
       RUBY
 
       app "development"
diff --git a/railties/test/application/per_request_digest_cache_test.rb b/railties/test/application/per_request_digest_cache_test.rb
index e9bc91785c..10d3313f6e 100644
--- a/railties/test/application/per_request_digest_cache_test.rb
+++ b/railties/test/application/per_request_digest_cache_test.rb
@@ -59,7 +59,7 @@ class PerRequestDigestCacheTest < ActiveSupport::TestCase
     assert_equal 200, last_response.status
 
     values = ActionView::LookupContext::DetailsKey.digest_caches.first.values
-    assert_equal [ "8ba099b7749542fe765ff34a6824d548" ], values
+    assert_equal [ "effc8928d0b33535c8a21d24ec617161" ], values
     assert_equal %w(david dingus), last_response.body.split.map(&:strip)
   end