Skip to content
This repository has been archived by the owner on Mar 22, 2021. It is now read-only.

Compatibility break with rails 5.2 rc1 #205

Closed
a2p0 opened this issue Feb 16, 2018 · 7 comments
Closed

Compatibility break with rails 5.2 rc1 #205

a2p0 opened this issue Feb 16, 2018 · 7 comments

Comments

@a2p0
Copy link

a2p0 commented Feb 16, 2018

Since rails 5.2 doesn't generate secret.yml but credentials.yml.enc on rails new command, knock is not able to generate token anymore.

rails c
> auth_user = Fabricate :user
=> #<User id: 1, email: "valid@email", password_digest: "$2a$10...
> token = Knock::AuthToken.new(payload: { sub: auth_user.id }).token
Traceback (most recent call last):
        2: from (irb):2
        1: from (irb):2:in `new'
TypeError (no implicit conversion of nil into String)

Secret generation is no longer available after app initialization

rails secrets:setup
Encrypted secrets is deprecated in favor of credentials. Run:
bin/rails credentials:help

Tried to configure knock initializer

  config.token_secret_signature_key = -> { Rails.application.credentials }
#
 TypeError (can't convert ActiveSupport::EncryptedConfiguration to String (ActiveSupport::EncryptedConfiguration#to_str gives NilClass))

Patched with manually add secrets.yml to the app/config folder.

> token = Knock::AuthToken.new(payload: { sub: auth_user.id }).token
 => "eyJ0eXAiOiJ...

Is there a way to configure knock with credentials.yml.enc ?
@mkhanal
Copy link

mkhanal commented Feb 19, 2018

You need to use
config.token_secret_signature_key = -> { Rails.application.credentials.read }

@a2p0
Copy link
Author

a2p0 commented Feb 19, 2018

Yes it works. Thanks @mkhanal!
It seems that I had to investigate one step further...

@JiProchazka JiProchazka mentioned this issue Mar 14, 2018
Closed
@stevepm
Copy link

stevepm commented May 9, 2018

I think what you actually want is Rails.application.credentials.fetch(:secret_key_base)

@qwexvf
Copy link

qwexvf commented Jul 5, 2018

@stevepm 's method worked with rails 5.2.
Thanks!

@calebuharrison calebuharrison mentioned this issue Jul 27, 2018
Closed
nicholasshirley added a commit to nicholasshirley/knock_once that referenced this issue Sep 7, 2018
@nicholasshirley
Rollback to < Rails 5.2
3b96595 
nsarno/knock#205
@AustineA
Copy link

AustineA commented Oct 8, 2018
edited
Loading

This config.token_secret_signature_key = -> { Rails.application.credentials.secret_key_base } worked for me. Don't forget to restart rails serve

For newbies wondering where to put this - Put it here #config/initalizers/knock.rb

@JoshCheek
Copy link

I think you're supposed to use Rails.application.secret_key_base, when I tried with credentials, it was using my production secret key base (okay, we had overridden it in prod, but you'll notice it's not the default dev / test secret key, which is derived from the app name:

$ bin/rails runner 'pp credentials: Rails.application.credentials.secret_key_base, app: Rails.application.secret_key_base, derived: Digest::MD5.hexdigest(Rails.application.class.name)'

Here's the relevant code, note that it only uses the credentials file / environment variable when it's in prod: https://github.com/rails/rails/blob/d7f48c9c39befaf23ccd63e0248a3bd5bf295ee5/railties/lib/rails/application.rb#L428-L436

@chibuezeayogu
Copy link

Adding RAILS_MASTER_KEY with the key in master.key as an environmental variable in CircleCI fixed it for me.

@nsarno nsarno closed this as completed Mar 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@JoshCheek @stevepm @nsarno @mkhanal @qwexvf @AustineA @a2p0 @chibuezeayogu