System Check - Add a reminder about CIVICRM_SIGN_KEYS. #23224
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------- The setting `CIVICRM_SIGN_KEYS` was introduced circa 5.36. However, it is defined in `civicrm.settings.php`, which makes it difficult to reliably configure in an automated upgrade. Consequently, some sites may not have this setting, and we must rely on the sysadmin to provide it. The setting is required for the `crypto.jwt` API (which in turn is used by some core extensions, like `authx` and `afform`). Before ------ There is a pre-upgrade message when somebody passes through v5.36. If you missed the message in 5.36, then you would be unaware of the missing setting (until you hit some failure because you use some new/update code-path that relies on it). After ----- There is a system status-check. If you don't have `CIVICRM_SIGN_KEYS`, then it will show a link to https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/.
|
(Standard links)
|
totten
commented
Apr 15, 2022
| [1 => 'href="https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/" target="_blank"'] | ||
| ), | ||
| ts('Signing Key Recommended'), | ||
| \Psr\Log\LogLevel::NOTICE, |
There was a problem hiding this comment.
@agh1 What do you think of NOTICE here?
|
Looks good! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
The setting
CIVICRM_SIGN_KEYSwas introduced circa 5.36. However, it is defined incivicrm.settings.php, which makes it difficult to reliably configure in an automated upgrade. Consequently, some sites may not have this setting.The setting is required for the
crypto.jwtAPI (which in turn is used by some core extensions, likeauthxandafform).Before
There is a pre-upgrade message when somebody passes through v5.36.
If you missed the message in 5.36, then you would be unaware of the missing setting (until you hit some failure because you use some new/update code-path that relies on it).
After
There is also a system status-check. If you don't have
CIVICRM_SIGN_KEYS, then it will show a link to https://docs.civicrm.org/sysadmin/en/latest/setup/secret-keys/.Comments
r-running is pretty simple - just edit yourcivicrm.settings.phpand comment-out any lines mentioningCIVICRM_SIGN_KEYS- then reload the status page. (That's what I did.)