aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--activesupport/CHANGELOG.md12
-rw-r--r--guides/bug_report_templates/action_controller_gem.rb1
-rw-r--r--guides/bug_report_templates/action_controller_master.rb1
-rw-r--r--railties/lib/rails/application.rb6
-rw-r--r--railties/test/application/configuration_test.rb26
5 files changed, 44 insertions, 2 deletions
diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 493ebeb01f..c95f95d076 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,15 @@
+* Deprecate `secrets.secret_token`.
+
+ The architecture for secrets had a big upgrade between Rails 3 and Rails 4,
+ when the default changed from using `secret_token` to `secret_key_base`.
+
+ `secret_token` has been soft deprecated in documentation for four years
+ but is still in place to support apps created before Rails 4.
+ Deprecation warnings have been added to help developers upgrade their
+ applications to `secret_key_base`.
+
+ *claudiob*, *Kasper Timm Hansen*
+
* Return an instance of `HashWithIndifferentAccess` from `HashWithIndifferentAccess#transform_keys`.
*Yuji Yaginuma*
diff --git a/guides/bug_report_templates/action_controller_gem.rb b/guides/bug_report_templates/action_controller_gem.rb
index 341724cdcd..557b1d7bef 100644
--- a/guides/bug_report_templates/action_controller_gem.rb
+++ b/guides/bug_report_templates/action_controller_gem.rb
@@ -22,7 +22,6 @@ require "action_controller/railtie"
class TestApp < Rails::Application
config.root = __dir__
config.session_store :cookie_store, key: "cookie_store_key"
- secrets.secret_token = "secret_token"
secrets.secret_key_base = "secret_key_base"
config.logger = Logger.new($stdout)
diff --git a/guides/bug_report_templates/action_controller_master.rb b/guides/bug_report_templates/action_controller_master.rb
index 558d9bf3e2..cf76de80d2 100644
--- a/guides/bug_report_templates/action_controller_master.rb
+++ b/guides/bug_report_templates/action_controller_master.rb
@@ -20,7 +20,6 @@ require "action_controller/railtie"
class TestApp < Rails::Application
config.root = __dir__
- secrets.secret_token = "secret_token"
secrets.secret_key_base = "secret_key_base"
config.logger = Logger.new($stdout)
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 24f5eeae87..4fd20185b1 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -6,6 +6,7 @@ require "active_support/core_ext/object/blank"
require "active_support/key_generator"
require "active_support/message_verifier"
require "active_support/encrypted_configuration"
+require "active_support/deprecation"
require_relative "engine"
require_relative "secrets"
@@ -398,6 +399,11 @@ module Rails
# Fallback to config.secret_token if secrets.secret_token isn't set
secrets.secret_token ||= config.secret_token
+ if secrets.secret_token.present?
+ ActiveSupport::Deprecation.warn \
+ "`secrets.secret_token` is deprecated in favor of `secret_key_base` and will be removed in Rails 6.0."
+ end
+
secrets
end
end
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index c1a80eaeaf..bb8cc0876c 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -487,6 +487,32 @@ module ApplicationTests
assert_equal "some_value", Rails.application.message_verifier(:sensitive_value).verify(message)
end
+ test "config.secret_token is deprecated" do
+ app_file "config/initializers/secret_token.rb", <<-RUBY
+ Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
+ RUBY
+
+ app "production"
+
+ assert_deprecated(/secret_token/) do
+ app.secrets
+ end
+ end
+
+ test "secrets.secret_token is deprecated" do
+ app_file "config/secrets.yml", <<-YAML
+ production:
+ secret_token: "b3c631c314c0bbca50c1b2843150fe33"
+ YAML
+
+ app "production"
+
+ assert_deprecated(/secret_token/) do
+ app.secrets
+ end
+ end
+
+
test "raises when secret_key_base is blank" do
app_file "config/initializers/secret_token.rb", <<-RUBY
Rails.application.credentials.secret_key_base = nil