Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Deprecate secret_token, long since usurped by secret_key_base.
See the changelog entry.
Remove `secrets.secret_token` from the bug report templates,
since we don't accept bug reports for Rails versions that
don't support a `secret_key_base`.
[ claudiob & Kasper Timm Hansen ]
Loading branch information
@@ -1,3 +1,15 @@
* Deprecate `secrets.secret_token` .
The architecture for secrets had a big upgrade between Rails 3 and Rails 4,
when the default changed from using `secret_token` to `secret_key_base` .
`secret_token` has been soft deprecated in documentation for four years
but is still in place to support apps created before Rails 4.
Deprecation warnings have been added to help developers upgrade their
applications to `secret_key_base` .
*claudiob* , *Kasper Timm Hansen*
* Return an instance of `HashWithIndifferentAccess` from `HashWithIndifferentAccess#transform_keys` .
*Yuji Yaginuma*
@@ -22,7 +22,6 @@
class TestApp < Rails ::Application
config . root = __dir__
config . session_store :cookie_store , key : "cookie_store_key"
secrets . secret_token = "secret_token"
secrets . secret_key_base = "secret_key_base"
config . logger = Logger . new ( $stdout)
@@ -20,7 +20,6 @@
class TestApp < Rails ::Application
config . root = __dir__
secrets . secret_token = "secret_token"
secrets . secret_key_base = "secret_key_base"
config . logger = Logger . new ( $stdout)
@@ -6,6 +6,7 @@
require "active_support/key_generator"
require "active_support/message_verifier"
require "active_support/encrypted_configuration"
require "active_support/deprecation"
require_relative "engine"
require_relative "secrets"
@@ -398,6 +399,11 @@ def secrets
# Fallback to config.secret_token if secrets.secret_token isn't set
secrets . secret_token ||= config . secret_token
if secrets . secret_token . present?
ActiveSupport ::Deprecation . warn \
"`secrets.secret_token` is deprecated in favor of `secret_key_base` and will be removed in Rails 6.0."
end
secrets
end
end
@@ -487,6 +487,32 @@ def index
assert_equal "some_value" , Rails . application . message_verifier ( :sensitive_value ) . verify ( message )
end
test "config.secret_token is deprecated" do
app_file "config/initializers/secret_token.rb" , <<-RUBY
Rails.application.config.secret_token = "b3c631c314c0bbca50c1b2843150fe33"
RUBY
app "production"
assert_deprecated ( /secret_token/ ) do
app . secrets
end
end
test "secrets.secret_token is deprecated" do
app_file "config/secrets.yml" , <<-YAML
production:
secret_token: "b3c631c314c0bbca50c1b2843150fe33"
YAML
app "production"
assert_deprecated ( /secret_token/ ) do
app . secrets
end
end
test "raises when secret_key_base is blank" do
app_file "config/initializers/secret_token.rb" , <<-RUBY
Rails.application.credentials.secret_key_base = nil
Toggle all file notes
This comment has been minimized.
fbcc4bf