1 files changed, 32 insertions, 50 deletions

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 64939e4ab4..c1a80eaeaf 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -476,45 +476,35 @@ module ApplicationTests
 
     test "application message verifier can be used when the key_generator is ActiveSupport::LegacyKeyGenerator" do
       app_file "config/initializers/secret_token.rb", <<-RUBY
+        Rails.application.credentials.secret_key_base = nil
         Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
       RUBY
-      app_file "config/secrets.yml", <<-YAML
-        development:
-          secret_key_base:
-      YAML
 
-      app "development"
+      app "production"
 
-      assert_equal app.env_config["action_dispatch.key_generator"], Rails.application.key_generator
-      assert_equal app.env_config["action_dispatch.key_generator"].class, ActiveSupport::LegacyKeyGenerator
+      assert_kind_of ActiveSupport::LegacyKeyGenerator, Rails.application.key_generator
       message = app.message_verifier(:sensitive_value).generate("some_value")
       assert_equal "some_value", Rails.application.message_verifier(:sensitive_value).verify(message)
     end
 
-    test "warns when secrets.secret_key_base is blank and config.secret_token is set" do
+    test "raises when secret_key_base is blank" do
       app_file "config/initializers/secret_token.rb", <<-RUBY
-        Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
+        Rails.application.credentials.secret_key_base = nil
       RUBY
-      app_file "config/secrets.yml", <<-YAML
-        development:
-          secret_key_base:
-      YAML
-
-      app "development"
 
-      assert_deprecated(/You didn't set `secret_key_base`./) do
-        app.env_config
+      error = assert_raise(ArgumentError) do
+        app "production"
       end
+      assert_match(/Missing `secret_key_base`./, error.message)
     end
 
-    test "raise when secrets.secret_key_base is not a type of string" do
-      app_file "config/secrets.yml", <<-YAML
-        development:
-          secret_key_base: 123
-      YAML
+    test "raise when secret_key_base is not a type of string" do
+      add_to_config <<-RUBY
+        Rails.application.credentials.secret_key_base = 123
+      RUBY
 
       assert_raise(ArgumentError) do
-        app "development"
+        app "production"
       end
     end
 
@@ -534,7 +524,7 @@ module ApplicationTests
 
     test "application verifier can build different verifiers" do
       make_basic_app do |application|
-        application.secrets.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33"
+        application.credentials.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33"
         application.config.session_store :disabled
       end
 
@@ -652,37 +642,15 @@ module ApplicationTests
 
     test "uses ActiveSupport::LegacyKeyGenerator as app.key_generator when secrets.secret_key_base is blank" do
       app_file "config/initializers/secret_token.rb", <<-RUBY
+        Rails.application.credentials.secret_key_base = nil
         Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
       RUBY
-      app_file "config/secrets.yml", <<-YAML
-        development:
-          secret_key_base:
-      YAML
 
-      app "development"
+      app "production"
 
       assert_equal "b3c631c314c0bbca50c1b2843150fe33", app.config.secret_token
-      assert_nil app.secrets.secret_key_base
-      assert_equal app.key_generator.class, ActiveSupport::LegacyKeyGenerator
-    end
-
-    test "uses ActiveSupport::LegacyKeyGenerator with config.secret_token as app.key_generator when secrets.secret_key_base is blank" do
-      app_file "config/initializers/secret_token.rb", <<-RUBY
-        Rails.application.config.secret_token = ""
-      RUBY
-      app_file "config/secrets.yml", <<-YAML
-        development:
-          secret_key_base:
-      YAML
-
-      app "development"
-
-      assert_equal "", app.config.secret_token
-      assert_nil app.secrets.secret_key_base
-      e = assert_raise ArgumentError do
-        app.key_generator
-      end
-      assert_match(/\AA secret is required/, e.message)
+      assert_nil app.credentials.secret_key_base
+      assert_kind_of ActiveSupport::LegacyKeyGenerator, app.key_generator
     end
 
     test "that nested keys are symbolized the same as parents for hashes more than one level deep" do
@@ -699,6 +667,20 @@ module ApplicationTests
       assert_equal "697361616320736c6f616e2028656c6f7265737429", app.secrets.smtp_settings[:password]
     end
 
+    test "require_master_key aborts app boot when missing key" do
+      skip "can't run without fork" unless Process.respond_to?(:fork)
+
+      remove_file "config/master.key"
+      add_to_config "config.require_master_key = true"
+
+      error = capture(:stderr) do
+        Process.wait(Process.fork { app "development" })
+      end
+
+      assert_equal 1, $?.exitstatus
+      assert_match(/Missing.*RAILS_MASTER_KEY/, error)
+    end
+
     test "protect from forgery is the default in a new app" do
       make_basic_app