Open BroiSatse opened 11 months ago
The best bugfix is one that removes code. :)
Any news?
For those looking for a workaround, you can set the secret key in your devise.rb
initializer:
config.secret_key = Rails.application.secret_key_base
and you won't see the deprecation warning anymore.
Would be nice to have this published. cc @carlosantoniodasilva? 🙏
Yes! I was just about to submit a similar change, but you went a step further. 👍
It is probably worth noting somewhere that this is a potentially breaking change. As I noted in #5634, Rails and Devise use a different priority order in what they choose. For certain old app configurations this could result in the key unintentionally changing.
@albus522 good call. And we could even consider this a bugfix, because Devise shouldn't have been choosing a different key than the application. Seems like bumping the version to 4.10 and noting this breaking change in CHANGELOG.md would be sufficient.
It looks like this PR lost momentum and still addresses an open issue. What's needed to move it forward?
SecretKeyFinder was required to handle rails configuration pre 6.0 which is no longer supported. Secret key can (and should!) be now read directly from rails application.
Fixes: https://github.com/heartcombo/devise/issues/5644 Probably surpasses: https://github.com/heartcombo/devise/pull/5604