Should use config.secret_token instead of config.cookie_secret.

This commit is contained in:
José Valim 2010-04-06 00:56:13 +02:00
parent c3b269e486
commit 55b5d52786
2 changed files with 30 additions and 9 deletions

View File

@ -237,14 +237,28 @@ module Rails
end end
# Checks for old cookie secret settings # Checks for old cookie secret settings
def check_old_cookie_setting def check_old_cookie_secret
lines = grep_for("ActionController::Base.session = {", "config/**/*") lines = grep_for("ActionController::Base.cookie_verifier_secret = ", "config/**/*")
files = extract_filenames(lines) files = extract_filenames(lines)
if files if files
alert( alert(
"Deprecated cookie secret setting", "Deprecated cookie secret setting",
"Previously, session store was set directly on ActionController::Base; now it's now config.cookie_secret.", "Previously, cookie secret was set directly on ActionController::Base; it's now config.secret_token.",
"http://weblog.rubyonrails.org/",
files
)
end
end
def check_old_session_secret
lines = grep_for("ActionController::Base.session = {", "config/**/*")
files = extract_filenames(lines)
if files
alert(
"Deprecated session secret setting",
"Previously, session secret was set directly on ActionController::Base; it's now config.secret_token.",
"http://weblog.rubyonrails.org/", "http://weblog.rubyonrails.org/",
files files
) )
@ -259,7 +273,7 @@ module Rails
if files if files
alert( alert(
"Old session store setting", "Old session store setting",
"Previously, session store was set directly on ActionController::Base; now it's now config.session_store :whatever.", "Previously, session store was set directly on ActionController::Base; it's now config.session_store :whatever.",
"http://weblog.rubyonrails.org/", "http://weblog.rubyonrails.org/",
files files
) )

View File

@ -163,12 +163,19 @@ class ApplicationCheckerTest < ActiveSupport::TestCase
end end
def test_check_deprecated_cookie_settings def test_check_deprecated_cookie_settings
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session = {\n:whatever => 'woot'\n}") make_file("config/initializers/", "more_settings.rb", "ActionController::Base.cookie_verifier_secret = 'OMG'")
@checker.check_old_cookie_setting @checker.check_old_cookie_secret
assert @checker.alerts.has_key?("Deprecated cookie secret setting") assert @checker.alerts.has_key?("Deprecated cookie secret setting")
end end
def test_check_deprecated_session_secret
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session = {\n:whatever => 'woot'\n}")
@checker.check_old_session_secret
assert @checker.alerts.has_key?("Deprecated session secret setting")
end
def test_check_deprecated_session_settings def test_check_deprecated_session_settings
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session_store = :cookie\nthings.awesome(:whatever)") make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session_store = :cookie\nthings.awesome(:whatever)")
@checker.check_old_session_setting @checker.check_old_session_setting