mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Merge pull request #40213 from dbussink/allow-setting-digest-class
Add an ActiveSupport option to allow setting a digest class
This commit is contained in:
commit
5abe09bba7
5 changed files with 30 additions and 3 deletions
|
@ -85,8 +85,17 @@ module ActiveSupport
|
|||
initializer "active_support.set_hash_digest_class" do |app|
|
||||
config.after_initialize do
|
||||
if app.config.active_support.use_sha1_digests
|
||||
ActiveSupport::Deprecation.warn(<<-MSG.squish)
|
||||
config.active_support.use_sha1_digests is deprecated and will
|
||||
be removed from Rails 6.2. Use config.active_support.hash_digest_class
|
||||
instead.
|
||||
MSG
|
||||
ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1
|
||||
end
|
||||
|
||||
if klass = app.config.active_support.hash_digest_class
|
||||
ActiveSupport::Digest.hash_digest_class = klass
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -819,7 +819,7 @@ There are a few configuration options available in Active Support:
|
|||
|
||||
* `config.active_support.time_precision` sets the precision of JSON encoded time values. Defaults to `3`.
|
||||
|
||||
* `config.active_support.use_sha1_digests` specifies whether to use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
|
||||
* `config.active_support.hash_digest_class` allows configuring the digest class to use to generate non-sensitive digests, such as the ETag header.
|
||||
|
||||
* `config.active_support.use_authenticated_message_encryption` specifies whether to use AES-256-GCM authenticated encryption as the default cipher for encrypting messages instead of AES-256-CBC.
|
||||
|
||||
|
@ -1035,7 +1035,7 @@ text/javascript image/svg+xml application/postscript application/x-shockwave-fla
|
|||
- `config.active_record.cache_versioning`: `true`
|
||||
- `config.action_dispatch.use_authenticated_cookie_encryption`: `true`
|
||||
- `config.active_support.use_authenticated_message_encryption`: `true`
|
||||
- `config.active_support.use_sha1_digests`: `true`
|
||||
- `config.active_support.hash_digest_class`: `::Digest::SHA1`
|
||||
- `config.action_controller.default_protect_from_forgery`: `true`
|
||||
- `config.action_view.form_with_generates_ids`: `true`
|
||||
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
* Deprecate `config.active_support.use_sha1_digests`
|
||||
|
||||
`config.active_support.use_sha1_digests` is deprecated. It is replaced with `config.active_support.hash_digest_class` which allows setting the desired Digest instead. The Rails version defaults have been updated to use this new method as well so the behavior there is unchanged.
|
||||
|
||||
*Dirkjan Bussink*
|
||||
|
||||
* Change the default logging level from :debug to :info to avoid inadvertent exposure of personally
|
||||
identifiable information (PII) in production environments.
|
||||
|
||||
|
|
|
@ -115,7 +115,7 @@ module Rails
|
|||
|
||||
if respond_to?(:active_support)
|
||||
active_support.use_authenticated_message_encryption = true
|
||||
active_support.use_sha1_digests = true
|
||||
active_support.hash_digest_class = ::Digest::SHA1
|
||||
end
|
||||
|
||||
if respond_to?(:action_controller)
|
||||
|
|
|
@ -2225,6 +2225,18 @@ module ApplicationTests
|
|||
assert_equal Digest::SHA1, ActiveSupport::Digest.hash_digest_class
|
||||
end
|
||||
|
||||
test "ActiveSupport::Digest.hash_digest_class can be configured via config.active_support.hash_digest_class" do
|
||||
remove_from_config '.*config\.load_defaults.*\n'
|
||||
|
||||
app_file "config/initializers/custom_digest_class.rb", <<-RUBY
|
||||
Rails.application.config.active_support.hash_digest_class = Digest::SHA256
|
||||
RUBY
|
||||
|
||||
app "development"
|
||||
|
||||
assert_equal Digest::SHA256, ActiveSupport::Digest.hash_digest_class
|
||||
end
|
||||
|
||||
test "custom serializers should be able to set via config.active_job.custom_serializers in an initializer" do
|
||||
class ::DummySerializer < ActiveJob::Serializers::ObjectSerializer; end
|
||||
|
||||
|
|
Loading…
Reference in a new issue