Improve naming of local secret generation

For local environments (def and test), we create a secret file. However this file is called development_secret.txt, which imho is confusing as it is used by both dev and test environments. This commit renames the file and related code to local_secret.
rails · Jun 19, 2023 · f75934f · f75934f
1 parent e91b197
commit f75934f
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -27,7 +27,7 @@ module Session
     #   Rails.application.config.session_store :cookie_store, key: '_your_app_session'
     #
     # In the development and test environments your application's +secret_key_base+ is
-    # generated by Rails and stored in a temporary file in <tt>tmp/development_secret.txt</tt>.
+    # generated by Rails and stored in a temporary file in <tt>tmp/local_secret.txt</tt>.
     # In all other environments, it is stored encrypted in the
     # <tt>config/credentials.yml.enc</tt> file.
     #

diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
@@ -458,7 +458,7 @@ def secrets
     # including the ones that sign and encrypt cookies.
     #
     # In development and test, this is randomly generated and stored in a
-    # temporary file in <tt>tmp/development_secret.txt</tt>.
+    # temporary file in <tt>tmp/local_secret.txt</tt>.
     #
     # You can also set <tt>ENV["SECRET_KEY_BASE_DUMMY"]</tt> to trigger the use of a randomly generated
     # secret_key_base that's stored in a temporary file. This is useful when precompiling assets for
@@ -471,7 +471,7 @@ def secrets
     # the correct place to store it is in the encrypted credentials file.
     def secret_key_base
       if Rails.env.local? || ENV["SECRET_KEY_BASE_DUMMY"]
-        config.secret_key_base ||= generate_development_secret
+        config.secret_key_base ||= generate_local_secret
       else
         validate_secret_key_base(
           ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
@@ -645,9 +645,9 @@ def ensure_generator_templates_added
     end
 
     private
-      def generate_development_secret
+      def generate_local_secret
         if config.secret_key_base.nil?
-          key_file = Rails.root.join("tmp/development_secret.txt")
+          key_file = Rails.root.join("tmp/local_secret.txt")
 
           if File.exist?(key_file)
             config.secret_key_base = File.binread(key_file)

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
@@ -733,7 +733,21 @@ def index
       app "development"
 
       assert_not_nil app.secret_key_base
-      assert File.exist?(app_path("tmp/development_secret.txt"))
+      assert File.exist?(app_path("tmp/local_secret.txt"))
+    end
+
+    test "application will generate secret_key_base in tmp file if blank in test" do
+      app_file "config/initializers/secret_token.rb", <<-RUBY
+        Rails.application.credentials.secret_key_base = nil
+      RUBY
+
+      # For test that works even if tmp dir does not exist.
+      Dir.chdir(app_path) { FileUtils.remove_dir("tmp") }
+
+      app "test"
+
+      assert_not_nil app.secret_key_base
+      assert File.exist?(app_path("tmp/local_secret.txt"))
     end
 
     test "application will not generate secret_key_base in tmp file if blank in production" do