From db5f1a46f26ed2b8359d3dde3398dd1a8ca443d4 Mon Sep 17 00:00:00 2001
From: Benjamin Fleischer <github@benjaminfleischer.com>
Date: Mon, 27 Oct 2014 12:04:37 -0500
Subject: `secret_token` is now saved in
 `Rails.application.secrets.secret_token`

- `secrets.secret_token` is now used in all places `config.secret_token` was
  - `secrets.secret_token`, when not present in `config/secrets.yml`,
    now falls back to the value of `config.secret_token`
  - when `secrets.secret_token` is set, it over-writes
    `config.secret_token` so they are the same (for backwards-compatibility)
  - Update docs to reference app.secrets in all places
    - Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
  - the legacy key generator is used with the message verifier when
    secrets.secret_key_base is blank and secret_token is set
  - app.key_generator raises when neither secrets.secret_key_base nor
    secret_token are set
  - app.env_config    raises when neither secrets.secret_key_base nor
    secret_token are set
- Add changelog

Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
---
 railties/test/application/middleware/session_test.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'railties/test/application/middleware')

diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index 31a64c2f5a..eb7885e5b1 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -203,7 +203,7 @@ module ApplicationTests
       RUBY
 
       add_to_config <<-RUBY
-        config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
+        secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
       RUBY
 
       require "#{app_path}/config/environment"
@@ -258,7 +258,7 @@ module ApplicationTests
       RUBY
 
       add_to_config <<-RUBY
-        config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
+        secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
       RUBY
 
       require "#{app_path}/config/environment"
@@ -317,7 +317,7 @@ module ApplicationTests
       RUBY
 
       add_to_config <<-RUBY
-        config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
+        secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
         secrets.secret_key_base = nil
       RUBY
 
@@ -334,7 +334,7 @@ module ApplicationTests
       get '/foo/read_signed_cookie'
       assert_equal '2', last_response.body
 
-      verifier = ActiveSupport::MessageVerifier.new(app.config.secret_token)
+      verifier = ActiveSupport::MessageVerifier.new(app.secrets.secret_token)
 
       get '/foo/read_raw_cookie'
       assert_equal 2, verifier.verify(last_response.body)['foo']
-- 
cgit v1.2.3