From 4810f401c4fd63985fb194d068717853599d0ba9 Mon Sep 17 00:00:00 2001 From: Arun Agrawal Date: Mon, 26 Oct 2015 16:28:09 +0100 Subject: raise `ArgumentError` when `SECRET_KEY_BASE` is an integer If `SECRET_KEY_BASE` or other `secret` gets passed as other then string we need to raise `ArgumentError` to know that it's a wrong argument. Closes #22072 --- railties/lib/rails/application.rb | 3 +++ railties/test/application/configuration_test.rb | 13 +++++++++++++ 2 files changed, 16 insertions(+) (limited to 'railties') diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 7916e24af1..e81ec62a1d 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -167,6 +167,9 @@ module Rails # team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220 @caching_key_generator ||= if secrets.secret_key_base + unless secrets.secret_key_base.kind_of?(String) + raise ArgumentError, "`secret_key_base` for #{Rails.env} environment must be a type of String, change this value in `config/secrets.yml`" + end key_generator = ActiveSupport::KeyGenerator.new(secrets.secret_key_base, iterations: 1000) ActiveSupport::CachingKeyGenerator.new(key_generator) else diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index d96d8ded6b..ebcfcb1c3a 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -417,6 +417,19 @@ module ApplicationTests end end + test "raise when secrets.secret_key_base is not a type of string" do + app_file 'config/secrets.yml', <<-YAML + development: + secret_key_base: 123 + YAML + + app 'development' + + assert_raise(ArgumentError) do + app.key_generator + end + end + test "prefer secrets.secret_token over config.secret_token" do app_file 'config/initializers/secret_token.rb', <<-RUBY Rails.application.config.secret_token = "" -- cgit v1.2.3