From afdc2af9e243ad7cd7679dd5e138605d78173a7e Mon Sep 17 00:00:00 2001
From: Sunny Ripert <sunny@sunfox.org>
Date: Thu, 3 Jun 2021 15:16:14 +0200
Subject: [PATCH] Raise missing key error when master key env var is blank

---
 activesupport/CHANGELOG.md                       |  7 ++++++-
 .../lib/active_support/encrypted_file.rb         |  2 +-
 activesupport/test/encrypted_file_test.rb        | 16 ++++++++++++++++
 3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md
index 7da156ba78..489842d44b 100644
--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
@@ -1,3 +1,8 @@
+*   Raise `ActiveSupport::EncryptedFile::MissingKeyError` when the
+    `RAILS_MASTER_KEY` environment variable is blank (e.g. `""`).
+
+    *Sunny Ripert*
+
 *   The `from:` option is added to `ActiveSupport::TestCase#assert_no_changes`.
 
     It permits asserting on the initial value that is expected not to change.
@@ -7,7 +12,7 @@
       post :create, params: { status: { ok: true } }
     end
     ```
-  
+
     *George Claghorn*
 
 *   Deprecate `ActiveSupport::SafeBuffer`'s incorrect implicit conversion of objects into string.
diff --git a/activesupport/lib/active_support/encrypted_file.rb b/activesupport/lib/active_support/encrypted_file.rb
index a35cc54ef5..6a6d6c0c33 100644
--- a/activesupport/lib/active_support/encrypted_file.rb
+++ b/activesupport/lib/active_support/encrypted_file.rb
@@ -98,7 +98,7 @@ module ActiveSupport
 
 
       def read_env_key
-        ENV[env_key]
+        ENV[env_key].presence
       end
 
       def read_key_file
diff --git a/activesupport/test/encrypted_file_test.rb b/activesupport/test/encrypted_file_test.rb
index 0050685065..9c4f289f7b 100644
--- a/activesupport/test/encrypted_file_test.rb
+++ b/activesupport/test/encrypted_file_test.rb
@@ -55,6 +55,22 @@ class EncryptedFileTest < ActiveSupport::TestCase
     end
   end
 
+  test "raise MissingKeyError when env key is blank" do
+    FileUtils.rm_rf @key_path
+
+    begin
+      ENV["CONTENT_KEY"] = ""
+      raised = assert_raise ActiveSupport::EncryptedFile::MissingKeyError do
+        @encrypted_file.write @content
+        @encrypted_file.read
+      end
+
+      assert_match(/Missing encryption key to decrypt file/, raised.message)
+    ensure
+      ENV["CONTENT_KEY"] = nil
+    end
+  end
+
   test "raise InvalidKeyLengthError when key is too short" do
     File.write(@key_path, ActiveSupport::EncryptedFile.generate_key[0..-2])