Deprecate secret_token, long since usurped by secret_key_base.

See the changelog entry.

Remove `secrets.secret_token` from the bug report templates,
since we don't accept bug reports for Rails versions that
don't support a `secret_key_base`.

[ claudiob & Kasper Timm Hansen ]

activesupport/CHANGELOG.md

@@ -1,3 +1,15 @@
*   Deprecate `secrets.secret_token`.

    The architecture for secrets had a big upgrade between Rails 3 and Rails 4,
    when the default changed from using `secret_token` to `secret_key_base`.

    `secret_token` has been soft deprecated in documentation for four years
    but is still in place to support apps created before Rails 4.
    Deprecation warnings have been added to help developers upgrade their
    applications to `secret_key_base`.

    *claudiob*, *Kasper Timm Hansen*

*   Return an instance of `HashWithIndifferentAccess` from `HashWithIndifferentAccess#transform_keys`.

    *Yuji Yaginuma*

guides/bug_report_templates/action_controller_gem.rb

@@ -22,7 +22,6 @@
class TestApp < Rails::Application
  config.root = __dir__
  config.session_store :cookie_store, key: "cookie_store_key"
  secrets.secret_token    = "secret_token"
  secrets.secret_key_base = "secret_key_base"

  config.logger = Logger.new($stdout)

guides/bug_report_templates/action_controller_master.rb

@@ -20,7 +20,6 @@

class TestApp < Rails::Application
  config.root = __dir__
  secrets.secret_token    = "secret_token"
  secrets.secret_key_base = "secret_key_base"

  config.logger = Logger.new($stdout)

railties/lib/rails/application.rb

@@ -6,6 +6,7 @@
require "active_support/key_generator"
require "active_support/message_verifier"
require "active_support/encrypted_configuration"
require "active_support/deprecation"
require_relative "engine"
require_relative "secrets"

@@ -398,6 +399,11 @@ def secrets
        # Fallback to config.secret_token if secrets.secret_token isn't set
        secrets.secret_token ||= config.secret_token

        if secrets.secret_token.present?
          ActiveSupport::Deprecation.warn \
            "`secrets.secret_token` is deprecated in favor of `secret_key_base` and will be removed in Rails 6.0."
        end

        secrets
      end
    end

railties/test/application/configuration_test.rb

@@ -487,6 +487,32 @@ def index
      assert_equal "some_value", Rails.application.message_verifier(:sensitive_value).verify(message)
    end

    test "config.secret_token is deprecated" do
      app_file "config/initializers/secret_token.rb", <<-RUBY
        Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
      RUBY

      app "production"

      assert_deprecated(/secret_token/) do
        app.secrets
      end
    end

    test "secrets.secret_token is deprecated" do
      app_file "config/secrets.yml", <<-YAML
        production:
          secret_token: "b3c631c314c0bbca50c1b2843150fe33"
      YAML

      app "production"

      assert_deprecated(/secret_token/) do
        app.secrets
      end
    end


    test "raises when secret_key_base is blank" do
      app_file "config/initializers/secret_token.rb", <<-RUBY
        Rails.application.credentials.secret_key_base = nil