config/initializers/devise.rb in solidus_auth_devise-2.2.0 vs config/initializers/devise.rb in solidus_auth_devise-2.3.0

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Use this hook to configure devise mailer, warden hooks and so forth. The first
 # four configuration values can also be set straight in your models.
 Devise.setup do |config|
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in DeviseMailer.
@@ -27,11 +29,11 @@
 
   # Tell if authentication through HTTP Basic Auth is enabled. False by default.
   config.http_authenticatable = true
 
   # Set this to true to use Basic Auth for AJAX requests.  True by default.
-  #config.http_authenticatable_on_xhr = false
+  # config.http_authenticatable_on_xhr = false
 
   # The realm used in Http Basic Authentication
   config.http_authentication_realm = 'Spree Application'
 
   # ==> Configuration for :database_authenticatable
@@ -39,11 +41,15 @@
   # using other encryptors, it sets how many times you want the password re-encrypted.
   config.stretches = 20
   config.encryptor = 'authlogic_sha512'
 
   # Setup a pepper to generate the encrypted password.
-  config.pepper = Rails.configuration.secret_token
+  config.pepper = if Rails.configuration.respond_to?(:secret_token) && Rails.configuration.secret_token.present?
+    Rails.configuration.secret_token
+  else
+    Rails.configuration.secret_key_base
+  end
 
   # ==> Configuration for :confirmable
   # The time you want to give your user to confirm his account. During this time
   # he will be able to access your application without confirming. Default is nil.
   # When confirm_within is zero, the user won't be able to sign in without confirming.
@@ -112,10 +118,13 @@
   # access, but formats like :xml or :json, should return 401.
   # If you have any extra navigational formats, like :iphone or :mobile, you
   # should add them to the navigational formats lists. Default is [:html]
   config.navigational_formats = [:html, :json, :xml]
 
+  # The default HTTP method used to sign out a resource. Default is :delete.
+  config.sign_out_via = :delete
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not (yet) supported by Devise,
   # you can configure them inside the config.warden block. The example below
   # allows you to setup OAuth, using http://github.com/roman/warden_oauth
   #
@@ -130,9 +139,8 @@
   #
   # Time interval you can reset your password with a reset password key.
   # Don't put a too small interval or your users won't have the time to
   # change their passwords.
   config.reset_password_within = 6.hours
-  config.sign_out_via = :get
 
   config.case_insensitive_keys = [:email]
 end