From bd77bda3b02d93a41e1946e6d1aaba7665343377 Mon Sep 17 00:00:00 2001 From: amercader Date: Wed, 2 Oct 2024 10:29:46 +0200 Subject: [PATCH] [#8467] Use legacy_key in SECRET_KEY fallback Use `legacy_key` instead of `configured_default` to avoid a non-declared warning. Note that the fallback to `beaker.session.secret` will only work if `SECRET_KEY` is not present at all. If it is present but empty a non-empty error will be shown. --- ckan/config/config_declaration.yaml | 2 +- ckan/tests/config/test_environment.py | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ckan/config/config_declaration.yaml b/ckan/config/config_declaration.yaml index 98655987f16..1fe68f7221b 100644 --- a/ckan/config/config_declaration.yaml +++ b/ckan/config/config_declaration.yaml @@ -141,12 +141,12 @@ groups: placeholder: egg:ckan - key: SECRET_KEY + legacy_key: beaker.session.secret validators: not_empty required: true placeholder_callable: secrets:token_urlsafe callable_args: nbytes: 20 - validators: configured_default("beaker.session.secret",None) description: | This is the secret token that is used by security related tasks by CKAN and its extensions. ``ckan generate config`` generates a unique diff --git a/ckan/tests/config/test_environment.py b/ckan/tests/config/test_environment.py index 9680b7f93d4..2a894baf7b5 100644 --- a/ckan/tests/config/test_environment.py +++ b/ckan/tests/config/test_environment.py @@ -123,3 +123,13 @@ def test_all_secrets_default_to_SECRET_KEY(ckan_config): assert ckan_config[key] == "super_secret" # Note: api_token.jwt.*.secret are tested in ckan/tests/lib/test_api_token.py + + +@pytest.mark.ckan_config("beaker.session.secret", "super_secret") +def test_SECRET_KEY_falls_back_to_beaker_session_secret(ckan_config, monkeypatch): + + monkeypatch.delitem(ckan_config, "SECRET_KEY") + + environment.update_config() + + assert ckan_config["SECRET_KEY"] == "super_secret"