Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing config.secret_key_base from default devise.rb? #33

Closed
stephen-puiszis opened this issue Feb 15, 2016 · 2 comments
Closed

Missing config.secret_key_base from default devise.rb? #33

stephen-puiszis opened this issue Feb 15, 2016 · 2 comments

Comments

@stephen-puiszis
Copy link

I'm using the default Devise initializer provided by the gem. When starting up a rails server, I get the following warning from Devise. Is this intentional to use a pepper without a secret_key?

# devise.rb
Devise.setup do |config|

... 

  # ==> Configuration for :database_authenticatable
  # For bcrypt, this is the cost for hashing the password and defaults to 10. If
  # using other encryptors, it sets how many times you want the password re-encrypted.
  config.stretches = 20
  config.encryptor = 'authlogic_sha512'

  # Setup a pepper to generate the encrypted password.
  config.pepper = Rails.configuration.secret_token

...

end
# rails server log 
=> Booting WEBrick
=> Rails 4.2.5 application starting in development on http://localhost:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[WARNING] You are not setting Devise.secret_key within your application!
You must set this in config/initializers/devise.rb. Here's an example:

Devise.secret_key = "a12b4c26be470f7d49ee8e852aab31e8f0fa20794136b817c1387ad6a2bc77e33a9655657d3630b37f064ca989265e655ba7"
@stewart
Copy link
Contributor

stewart commented Mar 15, 2016

Hi @stephen-puiszis - the config/initializers/devise.rb in this repo is
intended as a way to provide sensible default settings for Devise. It will be
automatically loaded before your own app's initializers, simply by virtue of
having solidus_auth_devise in your Gemfile.

You can provide an initializer in your app to override or extend this default
configuration as necessary - this is where you should supply a
Devise.secret_key value for your app.

You can generate a basic initializer with the solidus:auth:install Rails
generator. This will generate a Devise.secret_key value for you using
SecureRandom.hex, but be warned that this will not overwrite an existing
config/initializers/devise.rb file.

Example usage:

$ rails generate solidus:auth:install
      create  config/initializers/devise.rb
         run  bundle exec rake railties:install:migrations FROM=solidus_auth_devise from "."
         run  bundle exec rake db:migrate from "."

$ cat config/initializers/devise.rb
Devise.secret_key = "37a3048dc9e203caad6698537c9960a0f9923979bbe7b8e5f613e48fccd4b41628b48cc1415c6f520eeccef247a59161a740"

@graygilmore graygilmore mentioned this issue May 3, 2016
Closed
@spaghetticode
Copy link
Member

I think this issue can be safely closed, or is this still open for documentation purposes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spaghetticode @kennyadsl @stewart @stephen-puiszis