In production the query cache was already being loaded before the first
request even without #33856, so added a test to make sure of it.
This new test is passing even if #33856 is reverted.
It would allow `filter_attributes` to be reused across multiple
calls to `#inspect` or `#pretty_print`.
- Add `require "set"`
- Remove `filter_attributes` instance reader. I think there is no need
to keep it.
In a test app we observed that the query cache was not enabled on the
first request. This was because the query cache hooks are installed on
load and active record is loaded in the middle of the first request.
If we remove the `on_load` from the railtie the query cache hooks will
be installed before the first request, allowing the cache to be enabled
on that first request.
This is ok because query cache doesn't load anything else, only itself
so we're not eager loading all of active record before the first
request, just the query cache hooks.
[Eileen M. Uchitelle & Matthew Draper]
* Why
Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g.
```ruby
@account = Account.find params[:id]
payload = { account: @account }
logger.info "payload will be #{ payload }"
```
All the information of `@account` will be exposed in log.
* Solution
Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed.
This attribute equals to `Rails.application.config.filter_parameters` by default.
```ruby
Rails.application.config.filter_parameters += [:credit_card_number]
Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...>
```
The rake tasks which became deprecate now does not load the environment.
Therefore, even if the application specifies the behavior of deprecating,
the message is output to stderr ignoring the specification.
It seems that this is not the expected behavior.
We should respect the setting even in the rake tasks.
Changes the `configs_for` method from using traditional arguments to
using kwargs. This is so I can add the `include_replicas` kwarg without
having to always include `env_name` and `spec_name` in the method call.
`include_replicas` defaults to false because everywhere internally in
Rails we don't want replicas. `configs_for` is for iterating over
configurations to create / run rake tasks, so we really don't ever need
replicas in that case.
While the three-tier config makes it easier to define databases for
multiple database applications, it quickly became clear to offer full
support for multiple databases we need to change the way the connections
hash was handled.
A three-tier config means that when Rails needed to choose a default
configuration (in the case a user doesn't ask for a specific
configuration) it wasn't clear to Rails which the default was. I
[bandaid fixed this so the rake tasks could work](#32271) but that fix
wasn't correct because it actually doubled up the configuration hashes.
Instead of attemping to manipulate the hashes @tenderlove and I decided
that it made more sense if we converted the hashes to objects so we can
easily ask those object questions. In a three tier config like this:
```
development:
primary:
database: "my_primary_db"
animals:
database; "my_animals_db"
```
We end up with an object like this:
```
@configurations=[
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10
@env_name="development",@spec_name="primary",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>,
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90
@env_name="development",@spec_name="animals",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>
]>
```
The configurations setter takes the database configuration set by your
application and turns them into an
`ActiveRecord::DatabaseConfigurations` object that has one getter -
`@configurations` which is an array of all the database objects.
The configurations getter returns this object by default since it acts
like a hash in most of the cases we need. For example if you need to
access the default `development` database we can simply request it as we
did before:
```
ActiveRecord::Base.configurations["development"]
```
This will return primary development database configuration hash:
```
{ "database" => "my_primary_db" }
```
Internally all of Active Record has been converted to use the new
objects. I've built this to be backwards compatible but allow for
accessing the hash if needed for a deprecation period. To get the
original hash instead of the object you can either add `to_h` on the
configurations call or pass `legacy: true` to `configurations.
```
ActiveRecord::Base.configurations.to_h
=> { "development => { "database" => "my_primary_db" } }
ActiveRecord::Base.configurations(legacy: true)
=> { "development => { "database" => "my_primary_db" } }
```
The new configurations object allows us to iterate over the Active
Record configurations without losing the known environment or
specification name for that configuration. You can also select all the
configs for an env or env and spec. With this we can always ask
any object what environment it belongs to:
```
db_configs = ActiveRecord::Base.configurations.configurations_for("development")
=> #<ActiveRecord::DatabaseConfigurations:0x00007fd1acbdf800
@configurations=[
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10
@env_name="development",@spec_name="primary",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>,
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90
@env_name="development",@spec_name="animals",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>
]>
db_config.env_name
=> "development"
db_config.spec_name
=> "primary"
db_config.config
=> { "adapter"=>"sqlite3", "database"=>"db/development.sqlite3" }
```
The configurations object is more flexible than the configurations hash
and will allow us to build on top of the connection management in order
to add support for primary/replica connections, sharding, and
constructing queries for associations that live in multiple databases.
We originally did the whole `load_database_yaml` thing because this test
wasn't cooperating and we needed to finish the namespaced rake tasks for
multiple databases.
However, it turns out that YAML can't eval ERB if you don't tell it it's
ERB so you get Pysch parse errors if you're using multi-line ERB or
ERB with conditionals. It's a hot mess.
After trying a few things and thinking it over we decided that it wasn't
worth bandaiding over, the test needed to be improved. The test was
added in #31135 to test that the env is loaded in these tasks. But it
was blowing up because we were trying to read a database name out of the
configuration - however that's not the purpose of this change. We want
to read environment files in the rake tasks, but not in the config
file.
In this PR we changed the test to test what the PR was actually fixing.
We've also deleted the `load_database_yaml` because it caused more
problems than it was worth. This should fix the issues described in
https://github.com/rails/rails/pull/32274#issuecomment-384161057. We
also had these problems at GitHub.
Co-authored-by: alimi <aibrahim2k2@gmail.com>
Issue #27852 reports that when `rails db:create` fails, it causes
leaking of user's DB credentials to $stderr.
We print a DB's configuration hash in order to help users more quickly
to figure out what could be wrong with his configuration.
This commit changes message from
"Couldn't create database for #{configuration.inspect}" to
"Couldn't create '#{configuration['database']}' database. Please check your configuration.".
There are two PRs that fixing it #27878, #27879, but they need a bit more work.
I decided help to finish this and added Author of those PRs credit in this commit.
Since it is a security issue, I think we should backport it to
`5-2-stable`, and `5-1-stable`.
Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issuesFixes#27852Closes#27879
Related to #27878
[Alexander Marrs & bogdanvlviv]
Purpose metadata prevents cookie values from being
copy-pasted and ensures that the cookie is used only
for its originally intended purpose.
The Purpose and Expiry metadata are embedded inside signed/encrypted
cookies and will not be readable on previous versions of Rails.
We can switch off purpose and expiry metadata embedded in
signed and encrypted cookies using
config.action_dispatch.use_cookies_with_metadata = false
if you want your cookies to be readable on older versions of Rails.
After 1996fbe2a3e46ff5698bfa3812afb7f42cdfa899 `rails notes`
isn't the same as `rake notes`.
Since that, we should test `rake routes` instead of `rails notes` in
`railties/test/application/rake/notes_test.rb` file.
So I changed all occurrences of `rails routes` to `rake routes` in that file,
and added assertions about deprecation warning of using `rake notes`.
It will help to figure out that we should remove
`railties/test/application/rake/notes_test.rb` entirely in favour of
`railties/test/commands/notes_test.rb` that was added
in 1996fbe2a3e46ff5698bfa3812afb7f42cdfa899.
As discussed in #33203 rails command already looks for, and runs,
bin/rails if it is present.
We were mixing recommendations within guides and USAGE guidelines,
in some files we recommended using rails, in others bin/rails and
in some cases we even had both options mixed together.
I realized I wasn't really testing some of the new rake tasks added so I
built out this new test that uses a multi-db database.yml and allows us
to run create/drop/migrate/schema:dump/schema:load and those that are
namespaced like create:animals. This will make our testing more robust
so we can catch problems quicker and set a good place to add future
tests as these features evolve.
73e7aab behaved as expected on codeship, failing the build with
exactly these RuboCop violations. Hopefully `rubocop -a` will
have been enough to get a passing build!
If one created Rails 5.1 app and then updated to 5.2,
`secret_key_base` defined in `config/secrets.yml` is ignored for
`development` and `test` environment.
A change in `secret_key_base` in turn breaks
`Rails.application.key_generator`.
If one encrypt data in Rails 5.1, she cannot decrypt it in Rails 5.2
for `development` and `test` environment.
When using rails routes with small terminal or complicated routes it can be
very difficult to understand where is the element listed in header. psql
had the same issue, that's why they created "expanded mode" you can
switch using `\x` or by starting psql with
```
-x
--expanded
Turn on the expanded table formatting mode. This is equivalent to the \x command.
```
The output is similar to one implemented here for rails routes:
db_user-# \du
List of roles
-[ RECORD 1 ]----------------------------------------------
Role name | super
Attributes | Superuser, Create role, Create DB
Member of | {}
-[ RECORD 2 ]----------------------------------------------
Role name | role
Attributes | Superuser, Create role, Create DB, Replication
Member of | {}
With the disabling of TLS 1.0 by most major websites, continuing to run
IE8 or lower becomes increasingly difficult so default to not enforcing
UTF-8 encoding as it's not relevant to other browsers.
`to_prepare` callbacks are run during initialization; using one here
meant that `ActiveStorage::Blob` would be loaded when the app boots,
which would in turn load `ActiveRecord::Base`.
By using a lazy load hook to configure `ActiveStorage::Blob` instead,
we can avoid loading `ActiveRecord::Base` unnecessarily.
Although the spec[1] is defined in such a way that a trailing semi-colon
is valid it also doesn't allow a semi-colon by itself to indicate an
empty policy. Therefore it's easier (and valid) just to omit it rather
than to detect whether the policy is empty or not.
[1]: https://www.w3.org/TR/CSP2/#policy-syntax
Setting up the request environment was accidentally creating a CSP
as a consequence of accessing the option - only set the instance
variable if a block is passed.
This reverts commit 86f7c269073a3a9e6ddec9b957deaa2716f2627d, reversing
changes made to 5ece2e4a4459065b5efd976aebd209bbf0cab89b.
If a policy is set then we should generate it even if it's empty.
However what is happening is that we're accidentally generating an
empty policy when the initializer is commented out by default.
`Rails.application.config.content_security_policy` is configured with no
policies by default. In this case, Content-Security-Policy header should
not be generated instead of generating the header with no directives.
Firefox also warns "Content Security Policy: Couldn't process unknown
directive ''".
The serializer should be set up in `after_initialize` so that it work
properly even if the user specifies serializer with initializers.
Also, since `custom_serializers` is `Array`, it needs to be flattened
before setting the value.
Provides both a forked process and threaded parallelization options. To
use add `parallelize` to your test suite.
Takes a `workers` argument that controls how many times the process
is forked. For each process a new database will be created suffixed
with the worker number; test-database-0 and test-database-1
respectively.
If `ENV["PARALLEL_WORKERS"]` is set the workers argument will be ignored
and the environment variable will be used instead. This is useful for CI
environments, or other environments where you may need more workers than
you do for local testing.
If the number of workers is set to `1` or fewer, the tests will not be
parallelized.
The default parallelization method is to fork processes. If you'd like to
use threads instead you can pass `with: :threads` to the `parallelize`
method. Note the threaded parallelization does not create multiple
database and will not work with system tests at this time.
parallelize(workers: 2, with: :threads)
The threaded parallelization uses Minitest's parallel exector directly.
The processes paralleliztion uses a Ruby Drb server.
For parallelization via threads a setup hook and cleanup hook are
provided.
```
class ActiveSupport::TestCase
parallelize_setup do |worker|
# setup databases
end
parallelize_teardown do |worker|
# cleanup database
end
parallelize(workers: 2)
end
```
[Eileen M. Uchitelle, Aaron Patterson]
down is only called with a block from the rake tasks where it passes a
`SCOPE`. Technically this was tested but since we don't run all the
migrations we're not actually testing the down works with a `SCOPE`. To
ensure we're testing both we can run `db:migrate` again to migrate users
and then run `down` with a scope to test that only the bukkits migration
is reverted.
Updates test to prevent having to fix regressions like we did in
4d4db4c.
Rails has some support for multiple databases but it can be hard to
handle migrations with those. The easiest way to implement multiple
databases is to contain migrations into their own folder ("db/migrate"
for the primary db and "db/seconddb_migrate" for the second db). Without
this you would need to write code that allowed you to switch connections
in migrations. I can tell you from experience that is not a fun way to
implement multiple databases.
This refactoring is a pre-requisite for implementing other features
related to parallel testing and improved handling for multiple
databases.
The refactoring here moves the class methods from the `Migrator` class
into it's own new class `MigrationContext`. The goal was to move the
`migrations_paths` method off of the `Migrator` class and onto the
connection. This allows users to do the following in their
`database.yml`:
```
development:
adapter: mysql2
username: root
password:
development_seconddb:
adapter: mysql2
username: root
password:
migrations_paths: "db/second_db_migrate"
```
Migrations for the `seconddb` can now be store in the
`db/second_db_migrate` directory. Migrations for the primary database
are stored in `db/migrate`".
The refactoring here drastically reduces the internal API for migrations
since we don't need to pass `migrations_paths` around to every single
method. Additionally this change does not require any Rails applications
to make changes unless they want to use the new public API. All of the
class methods from the `Migrator` class were `nodoc`'d except for the
`migrations_paths` and `migrations_path` getter/setters respectively.
Instead of providing a configuration option to set the hash function,
switch to SHA-1 for new apps and allow upgrading apps to opt in later
via `new_framework_defaults_5_2.rb`.
Enabling this option in new_framework_defaults_5_2.rb didn't work
before, as railtie initializers run before application initializers.
Using `respond_to?` to decide whether to set the option wasn't working
either, as `ActiveSupport::OrderedOptions` responds to any message.
Puma gets bundler's info from `Bundler::ORIGINAL_ENV` for restart.
f6f3892f4d/lib/puma/launcher.rb (L168)
So, specified `BUNDLE_GEMFILE` env for use same Gemfile in the restart.
Fixes#31351
This pull request handles `FrozenError` introduced by Ruby 2.5.
Refer https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/61131
Since `FrozenError` is a subclass of `RuntimeError` minitest used by master
branch can handle it, though it would be better to handle `FrozenError`
explicitly if possible.
`FrozenError` does not exist in Ruby 2.4 or lower, `frozen_error_class`
handles which exception is expected to be raised.
This pull request is intended to be merged to master,
then backported to `5-1-stable` to address #31508
This new ActiveRecord configuration option allows you to easily
pinpoint what line of application code is triggering SQL queries in the
development log by appending below each SQL statement log the line of
Ruby code that triggered it.
It’s useful with N+1 issues, and to locate stray queries.
By default this new option ignores Rails and Ruby code in order to
surface only callers from your application Ruby code or your gems.
It is enabled on newly generated Rails 5.2 applications and can be
enabled on existing Rails applications:
```ruby
Rails.application.configure do
# ...
config.active_record.verbose_query_logs = true
end
```
The `rails app:upgrade` task will also add it to
`config/development.rb`.
This feature purposely avoids coupling with
ActiveSupport::BacktraceCleaner since ActiveRecord can be used without
ActiveRecord. This decision can be reverted in the future to allow more
configurable backtraces (the exclusion of gem callers for example).
Option parsing happens too late to have any impact on the Rails
environment. Rails accesses the environment name and memoizes it too
early in the boot process for a commandline option to have any impact on
the database connection, so we'll change this test to set the
environment from an environment variable (and ensure it still works when
running tests with `ruby`)
When tests are run with just `ruby`, the RAILS_ENV is set to
`development` too early, and we connect to the development database
rather than the test database.
I frequently run tests with `ruby`, not with a runner like `rake` or
`rails`. When running the test with just `ruby` the `RAILS_ENV`
environment variable did not get set to "test", and this would cause the
tests to fail (and even mutate the development database!)
This commit adds integration tests for running tests with just `ruby`
and ensures the environment gets defaulted to "test". I also added a
test to ensure that passing an environment to `-e` actually works (and
fixed that case too).
An interesting / annoying thing is that Minitest picks up it's plugins
by asking RubyGems for a list of files:
ca6a71ca90/lib/minitest.rb (L92-L100)
This means that RubyGems needs to somehow know about the file before it
can return it to Minitest. Since we are not packaging Rails as a Gem
before running the integration tests on it (duh, why would you do
that?), RubyGems doesn't know about the file, so it can't tell Minitest,
so Minitest doesn't automatically require it. This means I had to
manually require and insert the plugin in our integration test. I've
left comments about that in the test as well.
Ugh.
When `form_with` was introduced we disabled the automatic
generation of ids that was enabled in `form_for`. This usually
is not an good idea since labels don't work when the input
doesn't have an id and it made harder to test with Capybara.
You can still disable the automatic generation of ids setting
`config.action_view.form_with_generates_ids` to `false.`
Currently the environment is not loaded in some db tasks.
Therefore, if use encrypted secrets values in `database.yml`,
`read_encrypted_secrets` will not be true, so the value can not be
used correctly.
To fix this, added `environment` as dependency of `load_config`.
It also removes explicit `environment` dependencies that are no longer
needed.
Fixes#30717
Since credentials generator is executed via the credentials command and
does not need to be executed directly, so it is not necessary to show it in
help.
Ensure that `bin/rails db:migrate` with specified `VERSION` reverts
all migrations only if `VERSION` is `0`.
Raise error if target migration doesn't exist.
Omit `rails activestorage:install` for jdbcmysql, jdbc and shebang tests
AppGeneratorTest#test_config_jdbcmysql_database
rails aborted!
LoadError: Could not load 'active_record/connection_adapters/mysql_adapter'.
Make sure that the adapter in config/database.yml is valid.
If you use an adapter other than 'mysql2', 'postgresql' or 'sqlite3' add
the necessary adapter gem to the Gemfile.
(compressed)
bin/rails:4:in `<main>'
Tasks: TOP => activestorage:install => environment
(See full trace by running task with --trace)
AppGeneratorTest#test_config_jdbc_database
rails aborted!
LoadError: Could not load 'active_record/connection_adapters/jdbc_adapter'.
Make sure that the adapter in config/database.yml is valid.
If you use an adapter other than 'mysql2', 'postgresql' or 'sqlite3' add
the necessary adapter gem to the Gemfile.
(compressed)
bin/rails:4:in `<main>'
Tasks: TOP => activestorage:install => environment
(See full trace by running task with --trace)
AppGeneratorTest#test_shebang_is_added_to_rails_file
/home/ubuntu/.rbenv/versions/2.4.1/bin/ruby: no Ruby script found in input (LoadError)
Prevent PendingMigrationError in tests
* Run `bin/rails db:migrate RAILS_ENV=test` in test_cases before start tests to prevent PendingMigrationError
* FileUtils.rm_r("db/migrate")
* --skip-active-storage
Fix failed tests in `railties/test/railties/engine_test.rb`
Related to #30111
Imporve `SharedGeneratorTests#test_default_frameworks_are_required_when_others_are_removed`
- Explicitly skip active_storage
- Ensure that skipped frameworks are commented
- Ensure that default frameworks are not commented
Fix error `Errno::ENOSPC: No space left on device - sendfile`
Since `rails new` runs `rails active_storage:install`
that boots an app.
Since adding Bootsnap 0312a5c67e35b960e33677b5358c539f1047e4e1
during booting an app, it creates the cache:
264K tmp/cache/bootsnap-load-path-cache
27M tmp/cache/bootsnap-compile-cache
* teardown_app must remove app
When load schema from `structure.sql`, database connection isn't
established. `ActiveRecord::Tasks::DatabaseTasks.load_schema` has to
establish database connection since it executes
```
ActiveRecord::InternalMetadata.create_table
ActiveRecord::InternalMetadata[:environment] = environment
```
See the changelog entry.
Remove `secrets.secret_token` from the bug report templates,
since we don't accept bug reports for Rails versions that
don't support a `secret_key_base`.
[ claudiob & Kasper Timm Hansen ]
Based on, yet closes https://github.com/rails/rails/pull/30708
Fix the session test by properly truncating the legacy encryption
key for cbc encryption. Borrowed straight from 👆.
Fix the cookies test a little differently than the PR. Basically
keep every config within the config block.
[ Michael Coyne & Kasper Timm Hansen ]
Both classes now have a rotate method where new instances are added for
each call. When decryption or verification fails the next rotation
instance is tried.
Binding to capture the local scope. This means that if a constant with same
name as constant specified by the user exists in local scope, constant
defined in local will use. This is different from what the user expects.
Therefore, fixed to use top-level binding instead of local scope.
Fixes#30644
These routes are only used internally in Active Storage, and it seems
that there is no need for the user to directly use them.
Therefore, I think that routes should not be exposed to users.
* WIP: Add credentials using a generic EncryptedConfiguration class
This is sketch code so far.
* Flesh out EncryptedConfiguration and test it
* Better name
* Add command and generator for credentials
* Use the Pathnames
* Extract EncryptedFile from EncryptedConfiguration and add serializers
* Test EncryptedFile
* Extract serializer validation
* Stress the point about losing comments
* Allow encrypted configuration to be read without parsing for display
* Use credentials by default and base them on the master key
* Derive secret_key_base in test/dev, source it from credentials in other envs
And document the usage.
* Document the new credentials setup
* Stop generating the secrets.yml file now that we have credentials
* Document what we should have instead
Still need to make it happen, tho.
* [ci skip] Keep wording to `key base`; prefer defaults.
Usually we say we change defaults, not "spec" out a release.
Can't use backticks in our sdoc generated documentation either.
* Abstract away OpenSSL; prefer MessageEncryptor.
* Spare needless new when raising.
* Encrypted file test shouldn't depend on subclass.
* [ci skip] Some woordings.
* Ditch serializer future coding.
* I said flip it. Flip it good.
* [ci skip] Move require_master_key to the real production.rb.
* Add require_master_key to abort the boot process.
In case the master key is required in a certain environment
we should inspect that the key is there and abort if it isn't.
* Print missing key message and exit immediately.
Spares us a lengthy backtrace and prevents further execution.
I've verified the behavior in a test app, but couldn't figure the
test out as loading the app just exits immediately with:
```
/Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError)
from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start'
```
It's likely we need to capture and prevent the exit somehow.
Kernel.stub(:exit) didn't work. Leaving it for tomorrow.
* Fix require_master_key config test.
Loading the app would trigger the `exit 1` per require_master_key's
semantics, which then aborted the test.
Fork and wait for the child process to finish, then inspect the
exit status.
Also check we aborted because of a missing master key, so something
else didn't just abort the boot.
Much <3 to @tenderlove for the tip.
* Support reading/writing configs via methods.
* Skip needless deep symbolizing.
* Remove save; test config reader elsewhere.
* Move secret_key_base check to when we're reading it.
Otherwise we'll abort too soon since we don't assign the secret_key_base
to secrets anymore.
* Add missing string literal comments; require unneeded yaml require.
* ya ya ya, rubocop.
* Add master_key/credentials after bundle.
Then we can reuse the existing message on `rails new bc4`.
It'll look like:
```
Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb)
Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails`
Using sass-rails 5.0.6
Bundle complete! 16 Gemfile dependencies, 72 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0
Save this in a password manager your team can access.
If you lose the key, no one, including you, can access anything encrypted with it.
create config/master.key
```
And that'll be executed even if `--skip-bundle` was passed.
* Ensure test app has secret_key_base.
* Assign secret_key_base to app or omit.
* Merge noise
* Split options for dynamic delegation into its own method and use deep symbols to make it work
* Update error to point to credentials instead
* Appease Rubocop
* Validate secret_key_base when reading it.
Instead of relying on the validation in key_generator move that into
secret_key_base itself.
* Fix generator and secrets test.
Manually add config.read_encrypted_secrets since it's not there by default
anymore.
Move mentions of config/secrets.yml to config/credentials.yml.enc.
* Remove files I have no idea how they got here.
* [ci skip] swap secrets for credentials.
* [ci skip] And now, changelogs are coming.
Originally, it hard-coded pid file path. It can not be removed when customizing
pid file path.
But rake task can not get pid file path. Therefore, do not remove file in rake
task, makes it possible to judge whether it is restart from the argument of the
command and removes the file in server command.
Fixes#29306
Since Rails 4.0, `config.ru` generated by default uses instances of
`Rails.application`. Therefore, I think that it is good to deprecate
the old behavior.
Related: #9669
It's worth considering whether we should hide these by default, but I'm kinda thinking no. It's very reasonable that someone would want to call these directly, so they should be documented.
Output changed due to specification change of `SummaryReporter#aggregated_results`
in minitest 5.10.2.
In my opinion, that should fix rails's test runner(proceeding with #29354).
However, we still need discussion and the fix itself is minor, so I think
that we can fix only the test first.
On the first request, ActionController::Base#action_methods computes
and memoized the list of available actions [1]. With this PR we move
this expensive operation into eager load step to reduce response time
of the first request served in production.
This also reduces the memory footprint when running on forking server
like Unicorn.
[1] a3813dce9a/actionpack/lib/abstract_controller/base.rb (L66-L77)
This fixes the following warning:
```
/tmp/d20170727-7039-kmdtb1/app/app/models/user.rb:5: warning: method redefined; discarding old model_name
rails/activemodel/lib/active_model/naming.rb:222: warning: previous definition of model_name was here
```
Solves #29923
This regression was caused due to a wrong regex to filter out
paths, introduced in commit 796a1cf0e
The regex was /^\w+\// which did not accept paths with a leading
slash and hence all absolute paths were filtered out.
This change introduces a change in regex which allows for a leading
slash and acts on the matched term accordingly.
While cascading through the case block, the paths are checked for
line number specification, existence of a directory at that path
and if none of those match, then it is considered to be a path to the
file. The regex matchers specified are filtered out via the call
to `Array#compact` since they do not match any of these conditions.
The output of `.databases` in SQLite will truncate to a certain size.
This causes the test to fail when run locally from a mac, or anything
which has a tempdir with more than a few characters. This pragma has
the same output, but presented as a normal query, meaning no truncation
will occur.
This fixes the following warning:
```
railties/test/application/rake/dbs_test.rb:265: warning: ambiguous first argument; put parentheses or a space even after `/' operator
```
This was missed when the frozen string literal pragma was added to this
file because the string is only modified when running in the context of
a full Rails app, which wasn't covered by the test suite.
in Rails 4.0, you could use `/dev/stdin` on both Linux and Mac, but with
the switch to Kernel.load in Rails 4.1, this broke on Linux (you get
a LoadError). Instead, explicitly detect `-` as meaning stdin, then
read from stdin explicitly, instead of performing file gymnastics. This
should now work on any platform uniformly.
Passing a script via stdin is useful when you're sshing to a server,
and the script you want to run is stored locally. You could theoretically
pass the entire script on the command line, but in reality you'll run
into problems with the command being too long.
Since #29725, load application file when `dbconsole` command is executed.
However, if do not set `RAILS_ENV` before reading the application file,
can not connect to the env specified in option, so added the setting
of `RAILS_ENV`.
Abstract boolean serialization has been using 't' and 'f', with MySQL
overriding that to use 1 and 0.
This has the advantage that SQLite natively recognizes 1 and 0 as true
and false, but does not natively recognize 't' and 'f'.
This change in serialization requires a migration of stored boolean data
for SQLite databases, so it's implemented behind a configuration flag
whose default false value is deprecated. The flag itself can be
deprecated in a future version of Rails. While loaded models will give
the correct result for boolean columns without migrating old data,
where() clauses will interact incorrectly with old data.
While working in this area, also change the abstract adapter to use
`"TRUE"` and `"FALSE"` as quoted values and `true` and `false` for
unquoted. These are supported by PostreSQL, and MySQL remains
overriden.
Rather than protecting from forgery in the generated
ApplicationController, add it to ActionController::Base by config. This
configuration defaults to false to support older versions which have
removed it from their ApplicationController, but is set to true for
Rails 5.2.
By making the Rails minitest behave like a standard minitest plugin
we're much more likely to not break when people use other minitest
plugins. Like minitest-focus and pride.
To do this, we need to behave like minitest: require files up front
and then perform the plugin behavior via the at_exit hook.
This also saves us a fair bit of wrangling with test file loading.
Finally, since the environment and warnings options have to be applied
as early as possible, and since minitest loads plugins at_exit, they
have to be moved to the test command.
* Don't expect the root method.
It's likely this worked because we eagerly loaded the Rails minitest plugin
and that somehow defined a root method on `Rails`.
* Assign a backtrace to failed exceptions.
Otherwise Minitest pukes when attempting to filter the backtrace (which
Rails' backtrace cleaner then removes).
Means the exception message test has to be revised too.
This is likely caused by the rails minitest plugin now being loaded for
these tests and assigning a default backtrace cleaner.
Currently the environment file is not loaded in `dbconsole` command.
Therefore, for example, if use encrypted secrets values in database.yml,
`read_encrypted_secrets` will not be true, so the value can not be
used correctly.
Fixes#29717
Now that the parameters configurations are only loaded when
ActionController::Base is we need to foce them to load in our tests. In
an application this is not needed since every request already load the
controllers.
These tests relied on `ActionController::Parameters` being configured as
part of the boot process; since that now happens lazily we need to force
`ActionController::Base` to load so that we can test the behaviour.
The new tests added here ensure that `ActionController::Parameters` can
be configured from an initializer, which was broken until recently.
* Add ActiveSupport::CurrentAttributes to provide a thread-isolated attributes singleton
* Need to require first
* Move stubs into test namespace.
Thus they won't conflict with other Current and Person stubs.
* End of the line for you, whitespace!
* Support super in attribute methods.
Define instance level accessors in an included module such that
`super` in an overriden accessor works, akin to Active Model.
* Spare users the manual require.
Follow the example of concerns, autoload in the top level Active Support file.
* Add bidelegation support
* Rename #expose to #set. Simpler, clearer
* Automatically reset every instance.
Skips the need for users to actively embed something that resets
their CurrentAttributes instances.
* Fix test name; add tangible name value when blank.
* Try to ensure we run after a request as well.
* Delegate all missing methods to the instance
This allows regular `delegate` to serve, so we don't need bidelegate.
* Properly test resetting after execution cycle.
Also remove the stale puts debugging.
* Update documentation to match new autoreset
This commit changes encrypted cookies from AES in CBC HMAC mode to
Authenticated Encryption using AES-GCM. It also provides a cookie jar
to transparently upgrade encrypted cookies to this new scheme. Some
other notable changes include:
- There is a new application configuration value:
+use_authenticated_cookie_encryption+. When enabled, AEAD encrypted
cookies will be used.
- +cookies.signed+ does not raise a +TypeError+ now if the name of an
encrypted cookie is used. Encrypted cookies using the same key as
signed cookies would be verified and serialization would then fail
due the message still be encrypted.
Without this check, even if config is not specified, `ActionView::Helpers::FormHelper.form_with_generates_remote_forms`
always be set to nil and remote form not be generated.
Follow up to 128b804c6ce40fcbde744f294f8cb98654f6efec
This configuration is not present in ActionView::Base so we can't let
the action_view.set_configs initializer set it.
Also add tests to make sure this config works.
Fixes#28824
With Rack::Test the headers needs to match the `HTTP_` format. The tests
were passing before because they are not asserting the response was a
cache hit.
Add stronger assertions to rake migration tasks to make sure the user is providing a numeric VERSION
An empty string was getting converted to version = 0. This would in turn pass the presence check.
Address linting warning
Add test for rake task and refactor code to meet expectations
In particular passing VERSION=0 should not raise an error.
Addressed Comments for PR #28485. Trimmed empty lines + change of wording for error message
Adjust test for change of wording in error message
Change condition to follow rails idioms
These tests may be expansive so let's only allow users to run them
through `bin/rails test:system` or by passing a path to the `test`
command.
The same applies for `bin/rake test`.
Refs #28109.
If application has ajax, browser may begin request after rollback.
`teardown_fixtures` will be called after `super` on `after_teardown`
so we must call `Capybara.reset_sessions!` before `super`
b61a56541a/activerecord/lib/active_record/fixtures.rb (L857)
Using `undef_method` means that when a route is removed any other
implementations of that method in the ancestor chain are inaccessible
so instead use `remove_method` which restores access to the ancestor.
Allow the use of `direct` to specify custom mappings for polymorphic_url, e.g:
resource :basket
direct(class: "Basket") { [:basket] }
This will then generate the following:
>> link_to "Basket", @basket
=> <a href="/basket">Basket</a>
More importantly it will generate the correct url when used with `form_for`.
Fixes#1769.
Allow the definition of custom url helpers that will be available
automatically wherever standard url helpers are available. The
current solution is to create helper methods in ApplicationHelper
or some other helper module and this isn't a great solution since
the url helper module can be called directly or included in another
class which doesn't include the normal helper modules.
Reference #22512.
