-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change has_secure_token
default to on: :initialize
#48912
Change has_secure_token
default to on: :initialize
#48912
Conversation
623f701
to
28d810b
Compare
...ib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults_7_1.rb.tt
Show resolved
Hide resolved
2132388
to
37572c3
Compare
37572c3
to
12c6e20
Compare
efd3d9f
to
9dc9990
Compare
136c459
to
5b0468c
Compare
5b0468c
to
2497f28
Compare
@rafaelfranca @skipkayhil are there any other issues with this diff that need addressing? |
@rafaelfranca since it involves a breaking change with new defaults, does this feel worthwhile to include in the 7.1 release? |
1201abc
to
e2851f1
Compare
e2851f1
to
d53f1f7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good to me, just need a committer to review 👍
aa90125
to
e5f7dbf
Compare
@rafaelfranca if you're able, could you re-review these changes? |
9f51aa1
to
b5c310b
Compare
Follow-up to [rails#47420][] With the changes made in [rails#47420][], `has_secure_token` declarations can be configured to execute in an `after_initialize` callback. This commit proposed a new Rails 7.1 default: generate all `has_secure_token` values when their corresponding models are initialized. To preserve pre-7.1 behavior, applications can set `config.active_record.generate_secure_token_on = :create`. By default, generate the value when the model is initialized: ```ruby class User < ApplicationRecord has_secure_token end record = User.new record.token # => "fwZcXX6SkJBJRogzMdciS7wf" ``` With `config.active_record.generate_secure_token_on = :create`, generate the value when the model is created: ```ruby # config/application.rb config.active_record.generate_secure_token_on = :create # app/models/user.rb class User < ApplicationRecord has_secure_token on: :create end record = User.new record.token # => nil record.save! record.token # => "fwZcXX6SkJBJRogzMdciS7wf" ``` [rails#47420]: rails#47420 Co-authored-by: Hartley McGuire <skipkayhil@gmail.com>
b5c310b
to
e85a3ec
Compare
Since default behavior is still `on: :create`.
Follow-up to #47420
Motivation / Background
With the changes made in #47420,
has_secure_token
declarations can be configured to execute in anafter_initialize
callback. This commit proposed a new Rails 7.1 default: generate allhas_secure_token
values when their corresponding models are initialized.Detail
To preserve pre-7.1 behavior, applications can set
config.active_record.generate_secure_token_on = :create
.By default, generate the value when the model is initialized:
With
config.active_record.generate_secure_token_on = :create
, generate thevalue when the model is created:
Checklist
Before submitting the PR make sure the following are checked:
[Fix #issue-number]