1 files changed, 43 insertions, 16 deletions

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
index 9ef001c7d0..b7844bbfbe 100644
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@@ -1,5 +1,7 @@
 require 'fileutils'
 require 'active_support/queueing'
+# FIXME remove DummyKeyGenerator and this require in 4.1
+require 'active_support/key_generator'
 require 'rails/engine'
 
 module Rails
@@ -106,32 +108,57 @@ module Rails
     def key_generator
       # number of iterations selected based on consultation with the google security
       # team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220
-      @key_generator ||= ActiveSupport::KeyGenerator.new(config.secret_token, iterations: 1000)
+      @caching_key_generator ||= begin
+        if config.secret_key_base
+          key_generator = ActiveSupport::KeyGenerator.new(config.secret_key_base, iterations: 1000)
+          ActiveSupport::CachingKeyGenerator.new(key_generator)
+        else
+          ActiveSupport::DummyKeyGenerator.new(config.secret_token)
+        end
+      end
     end
 
     # Stores some of the Rails initial environment parameters which
     # will be used by middlewares and engines to configure themselves.
     # Currently stores:
     #
-    #   * "action_dispatch.parameter_filter"         => config.filter_parameters,
-    #   * "action_dispatch.secret_token"             => config.secret_token,
-    #   * "action_dispatch.show_exceptions"          => config.action_dispatch.show_exceptions,
-    #   * "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
-    #   * "action_dispatch.logger"                   => Rails.logger,
-    #   * "action_dispatch.backtrace_cleaner"        => Rails.backtrace_cleaner
+    #   * "action_dispatch.parameter_filter"             => config.filter_parameters
+    #   * "action_dispatch.show_exceptions"              => config.action_dispatch.show_exceptions
+    #   * "action_dispatch.show_detailed_exceptions"     => config.consider_all_requests_local
+    #   * "action_dispatch.logger"                       => Rails.logger
+    #   * "action_dispatch.backtrace_cleaner"            => Rails.backtrace_cleaner
+    #   * "action_dispatch.key_generator"                => key_generator
+    #   * "action_dispatch.http_auth_salt"               => config.action_dispatch.http_auth_salt
+    #   * "action_dispatch.signed_cookie_salt"           => config.action_dispatch.signed_cookie_salt
+    #   * "action_dispatch.encrypted_cookie_salt"        => config.action_dispatch.encrypted_cookie_salt
+    #   * "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt
     #
     # These parameters will be used by middlewares and engines to configure themselves
     #
     def env_config
-      @env_config ||= super.merge({
-        "action_dispatch.parameter_filter" => config.filter_parameters,
-        "action_dispatch.secret_token" => config.secret_token,
-        "action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
-        "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
-        "action_dispatch.logger" => Rails.logger,
-        "action_dispatch.backtrace_cleaner" => Rails.backtrace_cleaner,
-        "action_dispatch.key_generator" => key_generator
-      })
+      @env_config ||= begin
+        if config.secret_key_base.nil?
+          ActiveSupport::Deprecation.warn "You didn't set config.secret_key_base. " +
+            "This should be used instead of the old deprecated config.secret_token. " +
+            "Set config.secret_key_base instead of config.secret_token in config/initializers/secret_token.rb"
+          if config.secret_token.blank?
+            raise "You must set config.secret_key_base in your app's config"
+          end
+        end
+
+        super.merge({
+          "action_dispatch.parameter_filter" => config.filter_parameters,
+          "action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
+          "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
+          "action_dispatch.logger" => Rails.logger,
+          "action_dispatch.backtrace_cleaner" => Rails.backtrace_cleaner,
+          "action_dispatch.key_generator" => key_generator,
+          "action_dispatch.http_auth_salt" => config.action_dispatch.http_auth_salt,
+          "action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
+          "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
+          "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt
+        })
+      end
     end
 
     ## Rails internal API