aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/application.rb
Commit message (Collapse)AuthorAgeFilesLines
* Update comment for how secret key is calculatedJohn Hawthorn2019-03-221-1/+2
| | | | | | | This updates the comment to reflect how the secret key is generated since 4c743587ad6a31908503ab317e37d70361d49e66 Fixes #35717
* Make application work without tmp directoryyuuji.yaginuma2019-03-141-0/+1
| | | | | | | | | | | | The tmp directory is added to version control in the newly created application. This was added in Rails 5.0.0(https://github.com/rails/rails/commit/f06ce4c12a396795a3b2c1812951d9277bcb3a82). However, applications created before that are not guaranteed to have the tmp directory. If the tmp directory does not exist, writing to the key file raise error. This is a bit incompatible. So I fixed that create the directory before writing a key.
* Fix possible dev mode RCEAaron Patterson2019-03-101-2/+17
| | | | | | | | | | | | If the secret_key_base is nil in dev or test generate a key from random bytes and store it in a tmp file. This prevents the app developers from having to share / checkin the secret key for dev / test but also maintains a key between app restarts in dev/test. [CVE-2019-5420] Co-Authored-By: eileencodes <eileencodes@gmail.com> Co-Authored-By: John Hawthorn <john@hawthorn.email>
* Fix the `config_for` to always return a NonSymbolAccessDeprecatedHash:Edouard CHIN2019-02-141-4/+18
| | | | | | | | | | | | | | | | | | - If you have hashes inside array, the hashes were getting initialized as regular HWIA wereas we want them to be NonSymbolAccessDeprecatedHash in order to trigger a deprecation warning when keys are accessed with string. This patch fixes that by overwriting the `[]=` to to the same as what HWIA does (with the difference that we don't call `convert_key` to not trigger a deprecation when setting value). I also took the liberty to extract `hash.nested_under_indifferent_access`, into a separate method to allow subclasses to return whatever they want. Inheriting HWIA is not common, but I think it's useful for cases like this one where we want to preprocess reading and writing values in the hash (for deprecation purposes or other reasons).
* Allow deprecated non-symbol access to nested `config_for` hashesUfuk Kayserilioglu2019-02-111-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | A change to `Rails::Application.config_for` in https://github.com/rails/rails/pull/33815 and https://github.com/rails/rails/pull/33882 has altered the behaviour of the returned object in a breaking manner. Before that change, nested hashes returned from `config_for` could be accessed using non-symbol keys. After the change, all keys are recursively symbolized so non-symbol access fails to read the expected values. This is a breaking change for any app that might be relying on the nested hashes returned from `config_for` calls, and thus should be deprecated before being removed from the codebase. This commit introduces a temporary `NonSymbolAccessDeprecatedHash` class that recursively wraps any nested hashes inside the `OrderedOptions` object returned from `config_for` and issues a deprecation notice when a non-symbol based access is performed. This way, apps that are still relying on the ability to access these nested hashes using non-symbol keys will be able to observe the deprecation notices and have time to implement changes before non-symbol access is removed for good. A CHANGELOG entry is also added to note that non-symbol access to nested `config_for` hashes is deprecated.
* Remove deprecated `config.secret_token`Rafael Mendonça França2019-01-171-18/+4
|
* chore: implement config_for as ActiveSupport::OrderedOptionsMauro Berlanda2018-10-191-3/+5
|
* Fixed to RAILS_MASTER_KEY as a default env key for decrypting.Wojciech Wnętrzak2018-09-201-1/+1
| | | | | Fixes mistake left in https://github.com/rails/rails/pull/33521/files#diff-2a29095afcfe2c683b82a779a94c2208R59 and misunderstanding in https://github.com/rails/rails/commit/d69b04de0ff33237209afea6f6cac3ab27934908
* Fix env name for master keyyuuji.yaginuma2018-09-201-1/+1
| | | | When using environment specific credentials, `RAILS_MASTER_KEY` is not used.
* Support environment specific credentials file. (#33521)Wojciech Wnętrzak2018-09-191-1/+5
| | | | | | For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
* refacto: config_for with ActiveSupport::InheritableOptions and symbolized keysMauro Berlanda2018-09-111-1/+4
|
* Purpose Metadata For Signed And Encrypted CookiesAssain2018-08-121-0/+1
| | | | | | | | | | | | | | | | Purpose metadata prevents cookie values from being copy-pasted and ensures that the cookie is used only for its originally intended purpose. The Purpose and Expiry metadata are embedded inside signed/encrypted cookies and will not be readable on previous versions of Rails. We can switch off purpose and expiry metadata embedded in signed and encrypted cookies using config.action_dispatch.use_cookies_with_metadata = false if you want your cookies to be readable on older versions of Rails.
* Merge pull request #32381 from q-centrix/update-codeclimate-configsRichard Schneeman2018-07-251-6/+2
|\ | | | | Turn on performance based cops
| * Turn on performance based copsDillon Welch2018-07-231-6/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use attr_reader/attr_writer instead of methods method is 12% slower Use flat_map over map.flatten(1) flatten is 66% slower Use hash[]= instead of hash.merge! with single arguments merge! is 166% slower See https://github.com/rails/rails/pull/32337 for more conversation
* | Recommend use of rails over bin/railsAlberto Almagro2018-07-061-1/+1
|/ | | | | | | | | As discussed in #33203 rails command already looks for, and runs, bin/rails if it is present. We were mixing recommendations within guides and USAGE guidelines, in some files we recommended using rails, in others bin/rails and in some cases we even had both options mixed together.
* Deriving `secret_key_base` breaks `key_generator` defined in 5.1.Yoshiyuki Kinjo2018-03-311-1/+1
| | | | | | | | | | | If one created Rails 5.1 app and then updated to 5.2, `secret_key_base` defined in `config/secrets.yml` is ignored for `development` and `test` environment. A change in `secret_key_base` in turn breaks `Rails.application.key_generator`. If one encrypt data in Rails 5.1, she cannot decrypt it in Rails 5.2 for `development` and `test` environment.
* Add support for automatic nonce generation for Rails UJSAndrew White2018-02-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* Raise an error only when `require_master_key` is specifiedyuuji.yaginuma2017-12-181-1/+2
| | | | | | | | | To prevent errors from being raise in environments where credentials is unnecessary. Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489 Fixes #31283
* Add DSL for configuring Content-Security-Policy headerAndrew White2017-11-271-1/+3
| | | | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
* Use parentheses for multi-line method callsRafael Mendonça França2017-11-251-4/+8
| | | | | Own style guide says we should be using parentheses for method calls with arguments.
* Fix formatting of `credentials` and `encrypted` [ci skip]yuuji.yaginuma2017-11-191-8/+8
|
* Fixed example of `Rails.application.encrypted` method usageWojciech Wnętrzak2017-11-161-1/+1
| | | | [ci skip]
* Add CLI to manage encrypted files/configs.Wojciech Wnętrzak2017-11-151-4/+35
| | | | | | | | | | | | | | | | | | To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
* [Railties] require_relative => requireAkira Matsuda2017-10-211-3/+3
| | | | This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
* Deprecate secret_token, long since usurped by secret_key_base.Kasper Timm Hansen2017-09-281-0/+6
| | | | | | | | | | See the changelog entry. Remove `secrets.secret_token` from the bug report templates, since we don't accept bug reports for Rails versions that don't support a `secret_key_base`. [ claudiob & Kasper Timm Hansen ]
* Add key rotation cookies middlewareMichael Coyne2017-09-241-0/+1
| | | | | | Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
* Add key rotation message Encryptor and VerifierMichael Coyne2017-09-231-1/+4
| | | | | | Both classes now have a rotate method where new instances are added for each call. When decryption or verification fails the next rotation instance is tried.
* [ci skip] Prefer credentials to secrets in docs.Kasper Timm Hansen2017-09-131-2/+2
| | | | | | | Removes most mentions of secrets.secret_key_base and explains credentials instead. Also removes some very stale upgrade notices about Rails 3/4.
* Add credentials using a generic EncryptedConfiguration class (#30067)David Heinemeier Hansson2017-09-111-17/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
* Adding frozen_string_literal pragma to Railties.Pat Allan2017-08-141-0/+2
|
* [Railties] require => require_relativeAkira Matsuda2017-07-011-3/+3
|
* AEAD encrypted cookies and sessionsMichael Coyne2017-05-221-0/+1
| | | | | | | | | | | | | | | | This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted.
* Use the config value directly when call `secrets`yuuji.yaginuma2017-04-161-1/+3
| | | | | | | | | | | Currently, `read_encrypted_secrets` is set with initializer. Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false, so can not get the value of `secrets.yml.enc`. In order to be able to refer to secrets in config, modified to refer to `config.read_encrypted_secrets` when calling `secrets`. Fixes #28618.
* Revert "Revert "Add encrypted secrets""Kasper Timm Hansen2017-02-231-12/+2
|
* Revert "Add encrypted secrets" (#28127)David Heinemeier Hansson2017-02-231-2/+12
|
* Add encrypted secrets (#28038)Kasper Timm Hansen2017-02-231-12/+2
|
* Reduce string objects by using \ instead of + or << for concatenating stringsAkira Matsuda2017-01-121-1/+1
| | | | (I personally prefer writing one string in one line no matter how long it is, though)
* Capitalize RakeJon Moss2016-12-191-3/+3
| | | | [ci skip]
* deep symbolize keys on secrets.ymlIsaac Sloan2016-11-211-2/+2
|
* Add more rubocop rules about whitespacesRafael Mendonça França2016-10-291-2/+2
|
* run `before_configuration` callbacks as soon as application constant ↵yuuji.yaginuma2016-08-191-1/+1
| | | | | | | | | | | | | inherits from Rails::Application Until Rails 4.1, `before_configuration` run as soon as the application constant inherits from `Rails::Application`. However, in d25fe31c40928712b5e08fe0afb567c3bc88eddf, it has been modified to run at instantiation process. This modify to `before_configuration` is run at same timing as to Rails 4.1. Fixes #19880
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-9/+9
|
* applies new string literal convention in railties/libXavier Noria2016-08-061-14/+14
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Added a shared section to config/secrets.yml that will be loaded for all ↵David Heinemeier Hansson2016-05-211-3/+8
| | | | environments
* remove explicit curlies for hash argumentXavier Noria2016-04-111-2/+2
| | | | | Idiomatically trailing hashes in method calls do not use explicit curlies.
* revises fileutils dependencies in railtiesXavier Noria2016-04-111-1/+0
| | | | | | With the exception of what is loaded in active_support/rails, each file is responsible for its own dependencies. You cannot rely on runtime order of execution.
* [ci skip] correcting sentence in description of application.rbMohit Natoo2016-03-041-2/+1
| | | | Adding period in the end.
* Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-021-1/+5
| | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* Use correct path in documentation.Tom von Schwerdtner2016-02-121-1/+1
| | | | | | s/config\/production/config\/environments\/production/ [ci skip]
* Accept a Pathname in Application#config_forRafael Mendonça França2015-12-151-1/+5
| | | | That would make possible to use it with action cable configuration.