aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--actionpack/lib/action_controller/metal/http_authentication.rb5
-rw-r--r--actionpack/test/controller/http_digest_authentication_test.rb4
-rw-r--r--railties/lib/rails/application.rb5
-rw-r--r--railties/lib/rails/application/configuration.rb8
-rw-r--r--railties/test/abstract_unit.rb1
-rw-r--r--railties/test/application/configuration_test.rb18
-rw-r--r--railties/test/application/middleware/remote_ip_test.rb4
7 files changed, 14 insertions, 31 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 6d46586367..1537b8b806 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -249,9 +249,8 @@ module ActionController
end
def secret_token(request)
- secret = request.env["action_dispatch.secret_token"]
- raise "You must set config.secret_token in your app's config" if secret.blank?
- secret
+ key_generator = request.env["action_dispatch.key_generator"]
+ key_generator.generate_key('http authentication')
end
# Uses an MD5 digest based on time to generate a value to be used only once.
diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
index b11ad633bd..dd95fad6e1 100644
--- a/actionpack/test/controller/http_digest_authentication_test.rb
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -1,4 +1,6 @@
require 'abstract_unit'
+# FIXME remove DummyKeyGenerator and this require in 4.1
+require 'active_support/key_generator'
class HttpDigestAuthenticationTest < ActionController::TestCase
class DummyDigestController < ActionController::Base
@@ -41,7 +43,7 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
setup do
# Used as secret in generating nonce to prevent tampering of timestamp
@secret = "session_options_secret"
- @request.env["action_dispatch.secret_token"] = @secret
+ @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new(@secret)
end
teardown do
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 741b03d80e..f9867721a2 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -120,7 +120,6 @@ module Rails
# Currently stores:
#
# * "action_dispatch.parameter_filter" => config.filter_parameters,
- # * "action_dispatch.secret_token" => config.secret_token,
# * "action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
# * "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
# * "action_dispatch.logger" => Rails.logger,
@@ -135,11 +134,13 @@ module Rails
ActiveSupport::Deprecation.warn "You didn't set config.secret_token_key. " +
"This should be used instead of the old deprecated config.secret_token. " +
"Set config.secret_token_key instead of config.secret_token in config/initializers/secret_token.rb"
+ if config.secret_token.blank?
+ raise "You must set config.secret_token_key in your app's config"
+ end
end
super.merge({
"action_dispatch.parameter_filter" => config.filter_parameters,
- "action_dispatch.secret_token" => config.secret_token,
"action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
"action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
"action_dispatch.logger" => Rails.logger,
diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb
index b01b97aa67..0faa62c86c 100644
--- a/railties/lib/rails/application/configuration.rb
+++ b/railties/lib/rails/application/configuration.rb
@@ -10,12 +10,12 @@ module Rails
:cache_classes, :cache_store, :consider_all_requests_local, :console,
:eager_load, :exceptions_app, :file_watcher, :filter_parameters,
:force_ssl, :helpers_paths, :logger, :log_formatter, :log_tags,
- :railties_order, :relative_url_root, :secret_token_key,
+ :railties_order, :relative_url_root, :secret_token, :secret_token_key,
:serve_static_assets, :ssl_options, :static_cache_control, :session_options,
:time_zone, :reload_classes_only_on_change,
:queue, :queue_consumer, :beginning_of_week
- attr_writer :secret_token, :log_level
+ attr_writer :log_level
attr_reader :encoding
def initialize(*)
@@ -146,10 +146,6 @@ module Rails
def whiny_nils=(*)
ActiveSupport::Deprecation.warn "config.whiny_nils option is deprecated and no longer works"
end
-
- def secret_token
- @secret_token_key || @secret_token
- end
end
end
end
diff --git a/railties/test/abstract_unit.rb b/railties/test/abstract_unit.rb
index dfcf5aa27d..486cc64137 100644
--- a/railties/test/abstract_unit.rb
+++ b/railties/test/abstract_unit.rb
@@ -14,5 +14,6 @@ require 'rails/all'
module TestApp
class Application < Rails::Application
config.root = File.dirname(__FILE__)
+ config.secret_token_key = 'b3c631c314c0bbca50c1b2843150fe33'
end
end
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index daf9dd3505..5d654e1be6 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -225,23 +225,6 @@ module ApplicationTests
assert_equal Pathname.new(app_path).join("somewhere"), Rails.public_path
end
- test "config.secret_token_key is sent in env" do
- make_basic_app do |app|
- app.config.secret_token_key = 'b3c631c314c0bbca50c1b2843150fe33'
- app.config.session_store :disabled
- end
-
- class ::OmgController < ActionController::Base
- def index
- cookies.signed[:some_key] = "some_value"
- render text: env["action_dispatch.secret_token"]
- end
- end
-
- get "/"
- assert_equal 'b3c631c314c0bbca50c1b2843150fe33', last_response.body
- end
-
test "Use key_generator when secret_token_key is set" do
make_basic_app do |app|
app.config.secret_token_key = 'b3c631c314c0bbca50c1b2843150fe33'
@@ -588,7 +571,6 @@ module ApplicationTests
assert_respond_to app, :env_config
assert_equal app.env_config['action_dispatch.parameter_filter'], app.config.filter_parameters
- assert_equal app.env_config['action_dispatch.secret_token'], app.config.secret_token
assert_equal app.env_config['action_dispatch.show_exceptions'], app.config.action_dispatch.show_exceptions
assert_equal app.env_config['action_dispatch.logger'], Rails.logger
assert_equal app.env_config['action_dispatch.backtrace_cleaner'], Rails.backtrace_cleaner
diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb
index 9d97bae9ae..fde13eeb94 100644
--- a/railties/test/application/middleware/remote_ip_test.rb
+++ b/railties/test/application/middleware/remote_ip_test.rb
@@ -1,4 +1,6 @@
require 'isolation/abstract_unit'
+# FIXME remove DummyKeyGenerator and this require in 4.1
+require 'active_support/key_generator'
module ApplicationTests
class RemoteIpTest < ActiveSupport::TestCase
@@ -8,7 +10,7 @@ module ApplicationTests
remote_ip = nil
env = Rack::MockRequest.env_for("/").merge(env).merge!(
'action_dispatch.show_exceptions' => false,
- 'action_dispatch.secret_token' => 'b3c631c314c0bbca50c1b2843150fe33'
+ 'action_dispatch.key_generator' => ActiveSupport::DummyKeyGenerator.new('b3c631c314c0bbca50c1b2843150fe33')
)
endpoint = Proc.new do |e|