Merge pull request #1254 from alphagov/fix-secrets-deprecation

Resolve `Rails.application.secrets` deprecation warning

app/controllers/media_controller.rb

@@ -173,7 +173,7 @@ def temporary_redirect?
   def set_token_payload
     token = params.fetch(:token, cookies[:auth_bypass_token])
     @token_payload = if token
-                       secret = Rails.application.secrets.jwt_auth_secret
+                       secret = Rails.application.config_for(:secrets).jwt_auth_secret
                        JWT.decode(token, secret, true, algorithm: "HS256").first
                      end
   rescue JWT::DecodeError

config/application.rb

@@ -44,7 +44,7 @@ class Application < Rails::Application
 
     config.assets.prefix = "/asset-manager"
 
-    unless Rails.application.secrets.jwt_auth_secret
+    unless Rails.application.config_for(:secrets).jwt_auth_secret
       raise "JWT auth secret is not configured. See config/secrets.yml"
     end
   end

spec/controllers/media_controller_spec.rb

@@ -417,7 +417,7 @@ def download
         let(:token_with_draft_asset_manager_access) do
           JWT.encode(
             { "draft_asset_manager_access" => true },
-            Rails.application.secrets.jwt_auth_secret,
+            Rails.application.config_for(:secrets).jwt_auth_secret,
             "HS256",
           )
         end
@@ -447,14 +447,14 @@ def download
       let(:valid_token) do
         JWT.encode(
           { "sub" => auth_bypass_id },
-          Rails.application.secrets.jwt_auth_secret,
+          Rails.application.config_for(:secrets).jwt_auth_secret,
           "HS256",
         )
       end
       let(:token_with_draft_asset_manager_access) do
         JWT.encode(
           { "draft_asset_manager_access" => true },
-          Rails.application.secrets.jwt_auth_secret,
+          Rails.application.config_for(:secrets).jwt_auth_secret,
           "HS256",
         )
       end

spec/controllers/whitehall_media_controller_spec.rb

@@ -212,14 +212,14 @@
       let(:valid_token) do
         JWT.encode(
           { "sub" => auth_bypass_id },
-          Rails.application.secrets.jwt_auth_secret,
+          Rails.application.config_for(:secrets).jwt_auth_secret,
           "HS256",
         )
       end
       let(:token_with_draft_asset_manager_access) do
         JWT.encode(
           { "draft_asset_manager_access" => true },
-          Rails.application.secrets.jwt_auth_secret,
+          Rails.application.config_for(:secrets).jwt_auth_secret,
           "HS256",
         )
       end

spec/requests/media_requests_spec.rb

@@ -106,7 +106,7 @@
       end
 
       it "serves the asset with a valid token" do
-        secret = Rails.application.secrets.jwt_auth_secret
+        secret = Rails.application.config_for(:secrets).jwt_auth_secret
         valid_token = JWT.encode({ "sub" => auth_bypass_id }, secret, "HS256")
         get download_media_path(id: asset, filename: "asset.png", params: { token: valid_token })
         expect(response).to be_successful
@@ -129,7 +129,7 @@
       end
 
       it "serves the asset with a valid token" do
-        secret = Rails.application.secrets.jwt_auth_secret
+        secret = Rails.application.config_for(:secrets).jwt_auth_secret
         valid_token = JWT.encode({ "sub" => auth_bypass_id }, secret, "HS256")
         get download_media_path(id: asset, filename: "asset.png", params: { token: valid_token })
         expect(response).to be_successful
@@ -153,7 +153,7 @@
       end
 
       it "serves the asset with a valid token" do
-        secret = Rails.application.secrets.jwt_auth_secret
+        secret = Rails.application.config_for(:secrets).jwt_auth_secret
         valid_token = JWT.encode({ "sub" => auth_bypass_id }, secret, "HS256")
         get download_media_path(id: asset, filename: "asset.png", params: { token: valid_token })
         expect(response).to be_successful
@@ -180,7 +180,7 @@
       end
 
       it "serves the asset with a valid token" do
-        secret = Rails.application.secrets.jwt_auth_secret
+        secret = Rails.application.config_for(:secrets).jwt_auth_secret
         valid_token = JWT.encode({ "sub" => auth_bypass_id }, secret, "HS256")
         get download_media_path(id: asset, filename: "asset.png", params: { token: valid_token })
         expect(response).to be_successful
@@ -203,7 +203,7 @@
       end
 
       it "serves the asset with a valid token" do
-        secret = Rails.application.secrets.jwt_auth_secret
+        secret = Rails.application.config_for(:secrets).jwt_auth_secret
         valid_token = JWT.encode({ "sub" => auth_bypass_id }, secret, "HS256")
         get download_media_path(id: asset, filename: "asset.png", params: { token: valid_token })
         expect(response).to be_successful

spec/requests/whitehall_media_requests_spec.rb

@@ -133,8 +133,8 @@
     let(:path) { "/government/uploads/asset.png" }
     let(:auth_bypass_id) { "bypass-id" }
 
-    let(:valid_token) { JWT.encode({ "sub" => auth_bypass_id }, Rails.application.secrets.jwt_auth_secret, "HS256") }
-    let(:token_without_access) { JWT.encode({ "sub" => "not-the-right-bypass-id" }, Rails.application.secrets.jwt_auth_secret, "HS256") }
+    let(:valid_token) { JWT.encode({ "sub" => auth_bypass_id }, Rails.application.config_for(:secrets).jwt_auth_secret, "HS256") }
+    let(:token_without_access) { JWT.encode({ "sub" => "not-the-right-bypass-id" }, Rails.application.config_for(:secrets).jwt_auth_secret, "HS256") }
 
     context "when the asset is not access limited" do
       let(:asset) do