1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Load secret_key_base from tokens.yml, fallback to config.secret_key_base

This commit is contained in:
Guillermo Iguaran 2013-12-10 10:04:07 -05:00
parent 0f4d235c16
commit 3eaa29840b
5 changed files with 54 additions and 12 deletions

View file

@ -1,4 +1,5 @@
require 'fileutils' require 'fileutils'
require 'active_support/core_ext/hash/keys'
require 'active_support/core_ext/object/blank' require 'active_support/core_ext/object/blank'
require 'active_support/key_generator' require 'active_support/key_generator'
require 'active_support/message_verifier' require 'active_support/message_verifier'
@ -104,7 +105,7 @@ module Rails
delegate :default_url_options, :default_url_options=, to: :routes delegate :default_url_options, :default_url_options=, to: :routes
INITIAL_VARIABLES = [:config, :railties, :routes_reloader, :reloaders, INITIAL_VARIABLES = [:config, :railties, :routes_reloader, :reloaders,
:routes, :helpers, :app_env_config] # :nodoc: :routes, :helpers, :app_env_config, :secrets] # :nodoc:
def initialize(initial_variable_values = {}, &block) def initialize(initial_variable_values = {}, &block)
super() super()
@ -151,8 +152,8 @@ module Rails
# number of iterations selected based on consultation with the google security # number of iterations selected based on consultation with the google security
# team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220 # team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220
@caching_key_generator ||= begin @caching_key_generator ||= begin
if config.secret_key_base if secrets.secret_key_base
key_generator = ActiveSupport::KeyGenerator.new(config.secret_key_base, iterations: 1000) key_generator = ActiveSupport::KeyGenerator.new(secrets.secret_key_base, iterations: 1000)
ActiveSupport::CachingKeyGenerator.new(key_generator) ActiveSupport::CachingKeyGenerator.new(key_generator)
else else
ActiveSupport::LegacyKeyGenerator.new(config.secret_token) ActiveSupport::LegacyKeyGenerator.new(config.secret_token)
@ -195,7 +196,7 @@ module Rails
"action_dispatch.parameter_filter" => config.filter_parameters, "action_dispatch.parameter_filter" => config.filter_parameters,
"action_dispatch.redirect_filter" => config.filter_redirect, "action_dispatch.redirect_filter" => config.filter_redirect,
"action_dispatch.secret_token" => config.secret_token, "action_dispatch.secret_token" => config.secret_token,
"action_dispatch.secret_key_base" => config.secret_key_base, "action_dispatch.secret_key_base" => secrets.secret_key_base,
"action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions, "action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
"action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local, "action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
"action_dispatch.logger" => Rails.logger, "action_dispatch.logger" => Rails.logger,
@ -300,6 +301,27 @@ module Rails
@config = configuration @config = configuration
end end
def secrets #:nodoc:
@secrets ||= begin
secrets = ActiveSupport::OrderedOptions.new
yaml = config.paths["config/tokens"].first
if File.exist?(yaml)
require "erb"
env_secrets = YAML.load(ERB.new(IO.read(yaml)).result)[Rails.env]
secrets.merge!(env_secrets.symbolize_keys) if env_secrets
end
# Fallback to config.secret_key_base if secrets.secret_key_base isn't set
secrets.secret_key_base ||= config.secret_key_base
secrets
end
end
def secrets=(secrets) #:nodoc:
@secrets = secrets
end
def to_app #:nodoc: def to_app #:nodoc:
self self
end end
@ -391,8 +413,8 @@ module Rails
end end
def validate_secret_key_config! #:nodoc: def validate_secret_key_config! #:nodoc:
if config.secret_key_base.blank? && config.secret_token.blank? if secrets.secret_key_base.blank? && config.secret_token.blank?
raise "You must set config.secret_key_base in your app's config." raise "You must set secret_key_base in your app's config"
end end
end end
end end

View file

@ -76,6 +76,7 @@ module Rails
@paths ||= begin @paths ||= begin
paths = super paths = super
paths.add "config/database", with: "config/database.yml" paths.add "config/database", with: "config/database.yml"
paths.add "config/tokens", with: "config/tokens.yml"
paths.add "config/environment", with: "config/environment.rb" paths.add "config/environment", with: "config/environment.rb"
paths.add "lib/templates" paths.add "lib/templates"
paths.add "log", with: "log/#{Rails.env}.log" paths.add "log", with: "log/#{Rails.env}.log"

View file

@ -14,6 +14,6 @@ require 'rails/all'
module TestApp module TestApp
class Application < Rails::Application class Application < Rails::Application
config.root = File.dirname(__FILE__) config.root = File.dirname(__FILE__)
config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' secrets.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
end end
end end

View file

@ -250,7 +250,7 @@ module ApplicationTests
test "Use key_generator when secret_key_base is set" do test "Use key_generator when secret_key_base is set" do
make_basic_app do |app| make_basic_app do |app|
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' app.secrets.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
app.config.session_store :disabled app.config.session_store :disabled
end end
@ -270,7 +270,7 @@ module ApplicationTests
test "application verifier can be used in the entire application" do test "application verifier can be used in the entire application" do
make_basic_app do |app| make_basic_app do |app|
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' app.secrets.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
app.config.session_store :disabled app.config.session_store :disabled
end end
@ -285,7 +285,7 @@ module ApplicationTests
test "application verifier can build different verifiers" do test "application verifier can build different verifiers" do
make_basic_app do |app| make_basic_app do |app|
app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' app.secrets.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33'
app.config.session_store :disabled app.config.session_store :disabled
end end
@ -303,6 +303,26 @@ module ApplicationTests
assert_not_equal default_verifier.object_id, text_verifier.object_id assert_not_equal default_verifier.object_id, text_verifier.object_id
end end
test "secrets.secret_key_base is used when config/tokens.yml is present" do
app_file 'config/tokens.yml', <<-YAML
development:
secret_key_base: 3b7cd727ee24e8444053437c36cc66c3
YAML
require "#{app_path}/config/environment"
assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.secrets.secret_key_base
end
test "secret_key_base is copied from config to secrets when not set" do
remove_file "config/tokens.yml"
app_file 'config/initializers/secret_token.rb', <<-RUBY
Rails.application.config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c3"
RUBY
require "#{app_path}/config/environment"
assert_equal '3b7cd727ee24e8444053437c36cc66c3', app.secrets.secret_key_base
end
test "protect from forgery is the default in a new app" do test "protect from forgery is the default in a new app" do
make_basic_app make_basic_app

View file

@ -119,7 +119,6 @@ module TestHelpers
add_to_config <<-RUBY add_to_config <<-RUBY
config.eager_load = false config.eager_load = false
config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4"
config.session_store :cookie_store, key: "_myapp_session" config.session_store :cookie_store, key: "_myapp_session"
config.active_support.deprecation = :log config.active_support.deprecation = :log
config.action_controller.allow_forgery_protection = false config.action_controller.allow_forgery_protection = false
@ -139,7 +138,7 @@ module TestHelpers
app = Class.new(Rails::Application) app = Class.new(Rails::Application)
app.config.eager_load = false app.config.eager_load = false
app.config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4" app.secrets.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4"
app.config.session_store :cookie_store, key: "_myapp_session" app.config.session_store :cookie_store, key: "_myapp_session"
app.config.active_support.deprecation = :log app.config.active_support.deprecation = :log