Should use config.secret_token instead of config.cookie_secret.
This commit is contained in:
parent
c3b269e486
commit
55b5d52786
@ -237,14 +237,28 @@ module Rails
|
|||||||
end
|
end
|
||||||
|
|
||||||
# Checks for old cookie secret settings
|
# Checks for old cookie secret settings
|
||||||
def check_old_cookie_setting
|
def check_old_cookie_secret
|
||||||
lines = grep_for("ActionController::Base.session = {", "config/**/*")
|
lines = grep_for("ActionController::Base.cookie_verifier_secret = ", "config/**/*")
|
||||||
files = extract_filenames(lines)
|
files = extract_filenames(lines)
|
||||||
|
|
||||||
if files
|
if files
|
||||||
alert(
|
alert(
|
||||||
"Deprecated cookie secret setting",
|
"Deprecated cookie secret setting",
|
||||||
"Previously, session store was set directly on ActionController::Base; now it's now config.cookie_secret.",
|
"Previously, cookie secret was set directly on ActionController::Base; it's now config.secret_token.",
|
||||||
|
"http://weblog.rubyonrails.org/",
|
||||||
|
files
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_old_session_secret
|
||||||
|
lines = grep_for("ActionController::Base.session = {", "config/**/*")
|
||||||
|
files = extract_filenames(lines)
|
||||||
|
|
||||||
|
if files
|
||||||
|
alert(
|
||||||
|
"Deprecated session secret setting",
|
||||||
|
"Previously, session secret was set directly on ActionController::Base; it's now config.secret_token.",
|
||||||
"http://weblog.rubyonrails.org/",
|
"http://weblog.rubyonrails.org/",
|
||||||
files
|
files
|
||||||
)
|
)
|
||||||
@ -259,7 +273,7 @@ module Rails
|
|||||||
if files
|
if files
|
||||||
alert(
|
alert(
|
||||||
"Old session store setting",
|
"Old session store setting",
|
||||||
"Previously, session store was set directly on ActionController::Base; now it's now config.session_store :whatever.",
|
"Previously, session store was set directly on ActionController::Base; it's now config.session_store :whatever.",
|
||||||
"http://weblog.rubyonrails.org/",
|
"http://weblog.rubyonrails.org/",
|
||||||
files
|
files
|
||||||
)
|
)
|
||||||
|
@ -163,12 +163,19 @@ class ApplicationCheckerTest < ActiveSupport::TestCase
|
|||||||
end
|
end
|
||||||
|
|
||||||
def test_check_deprecated_cookie_settings
|
def test_check_deprecated_cookie_settings
|
||||||
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session = {\n:whatever => 'woot'\n}")
|
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.cookie_verifier_secret = 'OMG'")
|
||||||
@checker.check_old_cookie_setting
|
@checker.check_old_cookie_secret
|
||||||
|
|
||||||
assert @checker.alerts.has_key?("Deprecated cookie secret setting")
|
assert @checker.alerts.has_key?("Deprecated cookie secret setting")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_check_deprecated_session_secret
|
||||||
|
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session = {\n:whatever => 'woot'\n}")
|
||||||
|
@checker.check_old_session_secret
|
||||||
|
|
||||||
|
assert @checker.alerts.has_key?("Deprecated session secret setting")
|
||||||
|
end
|
||||||
|
|
||||||
def test_check_deprecated_session_settings
|
def test_check_deprecated_session_settings
|
||||||
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session_store = :cookie\nthings.awesome(:whatever)")
|
make_file("config/initializers/", "more_settings.rb", "ActionController::Base.session_store = :cookie\nthings.awesome(:whatever)")
|
||||||
@checker.check_old_session_setting
|
@checker.check_old_session_setting
|
||||||
|
Loading…
Reference in New Issue
Block a user