From d63783983f8c03d5c624938081615579dcc753f7 Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Fri, 2 Nov 2012 00:43:24 -0200
Subject: Disallow ability to use EncryptedCookieJar with DummyKeyGenerator

Developers must set config.secret_key_base in
config/initializers/secret_token.rb
---
 actionpack/lib/action_dispatch/middleware/cookies.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 1090473797..7936dcb515 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -347,6 +347,11 @@ module ActionDispatch
 
     class EncryptedCookieJar < SignedCookieJar #:nodoc:
       def initialize(parent_jar, key_generator, options = {})
+        if ActiveSupport::DummyKeyGenerator === key_generator
+          raise "Encrypted Cookies must be used in conjunction with config.secret_key_base." +
+                "Set config.secret_key_base in config/initializers/secret_token.rb"
+        end
+
         @parent_jar = parent_jar
         @options = options
         secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
-- 
cgit v1.2.3