You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 22, 2021. It is now read-only.
It worked well until I decided to upgrade to the newer fork of knock - this repository. I noticed that previous tokens stopped work and I started to dig.
It turned out, that in that fork, the author replaced to self.token_secret_signature_key = -> { Rails.application.credentials.read }, which returns an empty string "" for my Rails 5.2.
So I have been running the application for years with no secret signature key. Of course, it's my responsibility.
What I suggest is to add a check somewhere in the code so other potential users couldn't shoot in the foot again. Something like
raise"Knock secret signature key can't be empty"ifKnock.token_secret_signature_key.call.blank?
The text was updated successfully, but these errors were encountered:
The problem happened with a fork of
knock
which I was using for a long time: https://github.com/JonaMX/knock.It worked well until I decided to upgrade to the newer fork of
knock
- this repository. I noticed that previous tokens stopped work and I started to dig.It turned out, that in that fork, the author replaced to
self.token_secret_signature_key = -> { Rails.application.credentials.read }
, which returns an empty string""
for my Rails 5.2.So I have been running the application for years with no secret signature key. Of course, it's my responsibility.
What I suggest is to add a check somewhere in the code so other potential users couldn't shoot in the foot again. Something like
The text was updated successfully, but these errors were encountered: