devise icon indicating copy to clipboard operation
devise copied to clipboard
verified publisher icon heartcombo

Removed now obsolete SecretKeyFinder

Open BroiSatse opened this issue 2 years ago • 8 comments

SecretKeyFinder was required to handle rails configuration pre 6.0 which is no longer supported. Secret key can (and should!) be now read directly from rails application.

Fixes: https://github.com/heartcombo/devise/issues/5644 Probably surpasses: https://github.com/heartcombo/devise/pull/5604

BroiSatse avatar Oct 20 '23 10:10 BroiSatse

The best bugfix is one that removes code. :)

dgm avatar Nov 08 '23 00:11 dgm

Any news?

issei-m avatar Dec 29 '23 04:12 issei-m

For those looking for a workaround, you can set the secret key in your devise.rb initializer:

config.secret_key = Rails.application.secret_key_base

and you won't see the deprecation warning anymore.

grk avatar Dec 29 '23 08:12 grk

Would be nice to have this published. cc @carlosantoniodasilva? 🙏

jordan-brough avatar Jan 05 '24 18:01 jordan-brough

Yes! I was just about to submit a similar change, but you went a step further. 👍

jcoyne avatar Jan 19 '24 15:01 jcoyne

It is probably worth noting somewhere that this is a potentially breaking change. As I noted in #5634, Rails and Devise use a different priority order in what they choose. For certain old app configurations this could result in the key unintentionally changing.

albus522 avatar Jan 19 '24 18:01 albus522

@albus522 good call. And we could even consider this a bugfix, because Devise shouldn't have been choosing a different key than the application. Seems like bumping the version to 4.10 and noting this breaking change in CHANGELOG.md would be sufficient.

dan-jensen avatar Jan 30 '24 17:01 dan-jensen

It looks like this PR lost momentum and still addresses an open issue. What's needed to move it forward?

bbuchalter avatar Apr 15 '24 08:04 bbuchalter