Fix minor regression about old apps not getting per_form_csrf and request_forgery_protection configs

- Earlier per_form_csrf_tokens and request_forgery_protection config
  files were generated for old apps upgraded to Rails 5.
- But when we collapsed all initializers into one file, the entire file
  does not get created for old apps.
- This commit fixes it and also changes values for all new defaults for
  old apps so that they will not break.
- Also added a test for `rails app:update`.

3 files changed, 5 insertions, 8 deletions

diff --git a/railties/lib/rails/generators/rails/app/app_generator.rb b/railties/lib/rails/generators/rails/app/app_generator.rb
index c288b3dfce..448dce06af 100644
--- a/railties/lib/rails/generators/rails/app/app_generator.rb
+++ b/railties/lib/rails/generators/rails/app/app_generator.rb
@@ -90,7 +90,6 @@ module Rails
 
     def config_when_updating
       cookie_serializer_config_exist = File.exist?('config/initializers/cookies_serializer.rb')
-      new_framework_defaults_config_exist = File.exist?('config/initializers/new_framework_defaults.rb')
       action_cable_config_exist = File.exist?('config/cable.yml')
       rack_cors_config_exist = File.exist?('config/initializers/cors.rb')
 
@@ -102,10 +101,6 @@ module Rails
         gsub_file 'config/initializers/cookies_serializer.rb', /json(?!,)/, 'marshal'
       end
 
-      unless new_framework_defaults_config_exist
-        remove_file 'config/initializers/new_framework_defaults.rb'
-      end
-
       unless action_cable_config_exist
         template 'config/cable.yml'
       end
diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt
index 438627e601..34905e0e27 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt
+++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt
@@ -15,14 +15,16 @@ Rails.application.config.action_controller.forgery_protection_origin_check = tru
 <%- unless options[:skip_active_record] -%>
 
 # Require `belongs_to` associations by default.
-Rails.application.config.active_record.belongs_to_required_by_default = true
+Rails.application.config.active_record.belongs_to_required_by_default = <%= options[:update] ? false : true %>
 <%- end -%>
 
 # Do not halt callback chains when a callback returns false.
-ActiveSupport.halt_callback_chains_on_return_false = false
+ActiveSupport.halt_callback_chains_on_return_false = <%= options[:update] ? true : false %>
+<%- unless options[:update] -%>
 
 # Configure SSL options to enable HSTS with subdomains.
 Rails.application.config.ssl_options = { hsts: { subdomains: true } }
+<%- end -%>
 
 # Preserve the timezone of the receiver when calling to `to_time`.
 # Ruby 2.4 will change the behavior of `to_time` to preserve the timezone
diff --git a/railties/lib/rails/tasks/framework.rake b/railties/lib/rails/tasks/framework.rake
index 3e771167ee..70458299c5 100644
--- a/railties/lib/rails/tasks/framework.rake
+++ b/railties/lib/rails/tasks/framework.rake
@@ -48,7 +48,7 @@ namespace :app do
           require 'rails/generators'
           require 'rails/generators/rails/app/app_generator'
           gen = Rails::Generators::AppGenerator.new ["rails"],
-                                                    { api: !!Rails.application.config.api_only },
+                                                    { api: !!Rails.application.config.api_only, update: true, force: ENV['FORCE'] },
                                                     destination_root: Rails.root
           File.exist?(Rails.root.join("config", "application.rb")) ?
             gen.send(:app_const) : gen.send(:valid_const?)