FIX: skips caching a generated secret key base token if `skip_redis` is true. (#29029)

Allows for `SKIP_DB_AND_REDIS` env var to be used without a secret key setup in global setting env.
2024-10-06 22:46:58 +09:00 · 2024-10-06 22:46:58 +09:00 · 7d441e3782
parent 91ac382d83
commit 7d441e3782
2 changed files with 27 additions and 6 deletions
--- a/app/models/global_setting.rb
+++ b/app/models/global_setting.rb
@ -18,6 +18,7 @@ class GlobalSetting
  # This method will
  # - use existing token if already set in ENV or discourse.conf
  # - generate a token on the fly if needed and cache in redis
+  # - skips caching generated token to redis if redis is skipped
  # - enforce rules about token format falling back to redis if needed
  def self.safe_secret_key_base
    if @safe_secret_key_base && @token_in_redis &&
@ -31,13 +32,17 @@ class GlobalSetting
      begin
        token = secret_key_base
        if token.blank? || token !~ VALID_SECRET_KEY
-          @token_in_redis = true
-          @token_last_validated = Time.now
-
-          token = Discourse.redis.without_namespace.get(REDIS_SECRET_KEY)
-          unless token && token =~ VALID_SECRET_KEY
+          if GlobalSetting.skip_redis?
            token = SecureRandom.hex(64)
-            Discourse.redis.without_namespace.set(REDIS_SECRET_KEY, token)
+          else
+            @token_in_redis = true
+            @token_last_validated = Time.now
+
+            token = Discourse.redis.without_namespace.get(REDIS_SECRET_KEY)
+            unless token && token =~ VALID_SECRET_KEY
+              token = SecureRandom.hex(64)
+              Discourse.redis.without_namespace.set(REDIS_SECRET_KEY, token)
+            end
          end
        end
        if !secret_key_base.blank? && token != secret_key_base
--- a/spec/models/global_setting_spec.rb
+++ b/spec/models/global_setting_spec.rb
@ -46,6 +46,22 @@ RSpec.describe GlobalSetting do
      new_token = Discourse.redis.without_namespace.get(GlobalSetting::REDIS_SECRET_KEY)
      expect(new_token).to eq(token)
    end
+
+    context "when a secret key is not provided and redis is not used" do
+      before do
+        GlobalSetting.skip_redis = true
+        GlobalSetting.stubs(:secret_key_base).returns("")
+        # Fail tests if redis calls are made
+        Discourse.stubs(:redis).returns(nil)
+      end
+
+      it "generates a new random key in memory without redis" do
+        GlobalSetting.reset_secret_key_base!
+        token = GlobalSetting.safe_secret_key_base
+        new_token = GlobalSetting.safe_secret_key_base
+        expect(new_token).to eq(token)
+      end
+    end
  end

  describe ".add_default" do