search

solidusio / solidus_auth_devise

🔑 Devise authentication for your Solidus store.
http://solidus.io
BSD 3-Clause "New" or "Revised" License
52 stars 124 forks source link

Missing `config.secret_key_base` from default devise.rb? #33

Closed stephen-puiszis closed 4 years ago

stephen-puiszis commented 8 years ago

I'm using the default Devise initializer provided by the gem. When starting up a rails server, I get the following warning from Devise. Is this intentional to use a pepper without a secret_key? 

# devise.rb
Devise.setup do |config|

... 

  # ==> Configuration for :database_authenticatable
  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
  # using other encryptors, it sets how many times you want the password re-encrypted.
  config.stretches = 20
  config.encryptor = 'authlogic_sha512'

  # Setup a pepper to generate the encrypted password.
  config.pepper = Rails.configuration.secret_token

...

end
# rails server log 
=> Booting WEBrick
=> Rails 4.2.5 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[WARNING] You are not setting Devise.secret_key within your application!
You must set this in config/initializers/devise.rb. Here's an example:

Devise.secret_key = "a12b4c26be470f7d49ee8e852aab31e8f0fa20794136b817c1387ad6a2bc77e33a9655657d3630b37f064ca989265e655ba7"
stewart commented 8 years ago

Hi @stephen-puiszis - the config/initializers/devise.rb in this repo is intended as a way to provide sensible default settings for Devise. It will be automatically loaded before your own app's initializers, simply by virtue of having solidus_auth_devise in your Gemfile.

You can provide an initializer in your app to override or extend this default configuration as necessary - this is where you should supply a Devise.secret_key value for your app.

You can generate a basic initializer with the solidus:auth:install Rails generator. This will generate a Devise.secret_key value for you using SecureRandom.hex, but be warned that this will not overwrite an existing config/initializers/devise.rb file.

Example usage:

$ rails generate solidus:auth:install
      create  config/initializers/devise.rb
         run  bundle exec rake railties:install:migrations FROM=solidus_auth_devise from "."
         run  bundle exec rake db:migrate from "."

$ cat config/initializers/devise.rb
Devise.secret_key = "37a3048dc9e203caad6698537c9960a0f9923979bbe7b8e5f613e48fccd4b41628b48cc1415c6f520eeccef247a59161a740"
spaghetticode commented 5 years ago

I think this issue can be safely closed, or is this still open for documentation purposes?