diff options
31 files changed, 368 insertions, 32 deletions
diff --git a/actionpack/lib/action_dispatch/system_test_case.rb b/actionpack/lib/action_dispatch/system_test_case.rb index 9772beb8aa..4fda2cf44f 100644 --- a/actionpack/lib/action_dispatch/system_test_case.rb +++ b/actionpack/lib/action_dispatch/system_test_case.rb @@ -120,7 +120,13 @@ module ActionDispatch super self.class.driver.use @proxy_route = if ActionDispatch.test_app - Class.new { include ActionDispatch.test_app.routes.url_helpers }.new + Class.new do + include ActionDispatch.test_app.routes.url_helpers + + def url_options + default_url_options.merge(host: Capybara.app_host) + end + end.new else nil end @@ -164,10 +170,6 @@ module ActionDispatch driven_by :selenium - def url_options # :nodoc: - default_url_options.merge(host: Capybara.app_host) - end - def method_missing(method, *args, &block) if @proxy_route.respond_to?(method) @proxy_route.send(method, *args, &block) diff --git a/actionview/lib/action_view/helpers/asset_url_helper.rb b/actionview/lib/action_view/helpers/asset_url_helper.rb index cc62783d60..295f945325 100644 --- a/actionview/lib/action_view/helpers/asset_url_helper.rb +++ b/actionview/lib/action_view/helpers/asset_url_helper.rb @@ -133,6 +133,8 @@ module ActionView # which is implemented by sprockets-rails. # # asset_path("application.js") # => "/assets/application-60aa4fdc5cea14baf5400fba1abf4f2a46a5166bad4772b1effe341570f07de9.js" + # asset_path('application.js', host: 'example.com') # => "//example.com/assets/application.js" + # asset_path("application.js", host: 'example.com', protocol: 'https') # => "https://example.com/assets/application.js" # # === Without the asset pipeline (<tt>skip_pipeline: true</tt>) # diff --git a/actionview/lib/action_view/helpers/url_helper.rb b/actionview/lib/action_view/helpers/url_helper.rb index 3df2eaf079..85fd549177 100644 --- a/actionview/lib/action_view/helpers/url_helper.rb +++ b/actionview/lib/action_view/helpers/url_helper.rb @@ -60,8 +60,8 @@ module ActionView # Creates an anchor element of the given +name+ using a URL created by the set of +options+. # See the valid options in the documentation for +url_for+. It's also possible to - # pass a String instead of an options hash, which generates an anchor element that uses the - # value of the String as the href for the link. Using a <tt>:back</tt> Symbol instead + # pass a \String instead of an options hash, which generates an anchor element that uses the + # value of the \String as the href for the link. Using a <tt>:back</tt> \Symbol instead # of an options hash will generate a link to the referrer (a JavaScript back link # will be used in place of a referrer if none exists). If +nil+ is passed as the name # the value of the link itself will become the name. @@ -226,7 +226,7 @@ module ActionView # The +options+ hash accepts the same options as +url_for+. # # There are a few special +html_options+: - # * <tt>:method</tt> - Symbol of HTTP verb. Supported verbs are <tt>:post</tt>, <tt>:get</tt>, + # * <tt>:method</tt> - \Symbol of HTTP verb. Supported verbs are <tt>:post</tt>, <tt>:get</tt>, # <tt>:delete</tt>, <tt>:patch</tt>, and <tt>:put</tt>. By default it will be <tt>:post</tt>. # * <tt>:disabled</tt> - If set to true, it will generate a disabled button. # * <tt>:data</tt> - This option can be used to add custom data attributes. @@ -235,7 +235,7 @@ module ActionView # * <tt>:form</tt> - This hash will be form attributes # * <tt>:form_class</tt> - This controls the class of the form within which the submit button will # be placed - # * <tt>:params</tt> - Hash of parameters to be rendered as hidden fields within the form. + # * <tt>:params</tt> - \Hash of parameters to be rendered as hidden fields within the form. # # ==== Data attributes # @@ -576,7 +576,7 @@ module ActionView # HTML attributes for the link can be passed in +html_options+. # # When clicked, an SMS message is prepopulated with the passed phone number - # and optional +body+ value. + # and optional +body+ value. # # +sms_to+ has a +body+ option for customizing the SMS message itself by # passing special keys to +html_options+. @@ -595,7 +595,7 @@ module ActionView # body: "Hello Jim I have a question about your product." # # => <a href="sms:5155555785;?body=Hello%20Jim%20I%20have%20a%20question%20about%20your%20product">Text me</a> # - # You can use a block as well if your link target is hard to fit into the name parameter. ERB example: + # You can use a block as well if your link target is hard to fit into the name parameter. \ERB example: # # <%= sms_to "5155555785" do %> # <strong>Text me:</strong> diff --git a/activemodel/lib/active_model/errors.rb b/activemodel/lib/active_model/errors.rb index e7405fb586..42c004ce31 100644 --- a/activemodel/lib/active_model/errors.rb +++ b/activemodel/lib/active_model/errors.rb @@ -304,9 +304,13 @@ module ActiveModel end def to_h - deprecation_rename_warning(:to_h, :to_hash) + ActiveSupport::Deprecation.warn(<<~EOM) + ActiveModel::Errors#to_h is deprecated and will be removed in Rails 6.2 + Please use `ActiveModel::Errors.to_hash` instead. The values in the hash + returned by `ActiveModel::Errors.to_hash` is an array of error messages. + EOM - to_hash + to_hash.transform_values { |values| values.last } end def messages diff --git a/activemodel/test/cases/errors_test.rb b/activemodel/test/cases/errors_test.rb index 79ccfe0c13..a6cd1da717 100644 --- a/activemodel/test/cases/errors_test.rb +++ b/activemodel/test/cases/errors_test.rb @@ -477,10 +477,11 @@ class ErrorsTest < ActiveModel::TestCase test "to_h is deprecated" do person = Person.new person.errors.add(:name, "cannot be blank") + person.errors.add(:name, "too long") - expected_deprecation = "ActiveModel::Errors#to_h is deprecated. Please call #to_hash instead." + expected_deprecation = "ActiveModel::Errors#to_h is deprecated" assert_deprecated(expected_deprecation) do - assert_equal({ name: ["cannot be blank"] }, person.errors.to_h) + assert_equal({ name: "too long" }, person.errors.to_h) end end diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index b39f423700..727ddd6bb7 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,7 @@ +* Make currency symbols optional for money column type in PostgreSQL + + *Joel Schneider* + * Add support for beginless ranges, introduced in Ruby 2.7. *Josh Goodall* diff --git a/activerecord/lib/active_record/autosave_association.rb b/activerecord/lib/active_record/autosave_association.rb index 94d8134b55..734ebb45ae 100644 --- a/activerecord/lib/active_record/autosave_association.rb +++ b/activerecord/lib/active_record/autosave_association.rb @@ -302,7 +302,7 @@ module ActiveRecord def validate_single_association(reflection) association = association_instance_get(reflection.name) record = association && association.reader - association_valid?(reflection, record) if record + association_valid?(reflection, record) if record && record.changed_for_autosave? end # Validate the associated records if <tt>:validate</tt> or diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/oid/money.rb b/activerecord/lib/active_record/connection_adapters/postgresql/oid/money.rb index 6434377b57..357493dfc0 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql/oid/money.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql/oid/money.rb @@ -26,9 +26,9 @@ module ActiveRecord value = value.sub(/^\((.+)\)$/, '-\1') # (4) case value - when /^-?\D+[\d,]+\.\d{2}$/ # (1) + when /^-?\D*[\d,]+\.\d{2}$/ # (1) value.gsub!(/[^-\d.]/, "") - when /^-?\D+[\d.]+,\d{2}$/ # (2) + when /^-?\D*[\d.]+,\d{2}$/ # (2) value.gsub!(/[^-\d,]/, "").sub!(/,/, ".") end diff --git a/activerecord/lib/active_record/connection_adapters/schema_cache.rb b/activerecord/lib/active_record/connection_adapters/schema_cache.rb index 7d54fcf9a0..5e30304864 100644 --- a/activerecord/lib/active_record/connection_adapters/schema_cache.rb +++ b/activerecord/lib/active_record/connection_adapters/schema_cache.rb @@ -46,7 +46,11 @@ module ActiveRecord end def primary_keys(table_name) - @primary_keys[table_name] ||= data_source_exists?(table_name) ? connection.primary_key(table_name) : nil + @primary_keys.fetch(table_name) do + if data_source_exists?(table_name) + @primary_keys[deep_deduplicate(table_name)] = deep_deduplicate(connection.primary_key(table_name)) + end + end end # A cached lookup for table existence. @@ -54,7 +58,7 @@ module ActiveRecord prepare_data_sources if @data_sources.empty? return @data_sources[name] if @data_sources.key? name - @data_sources[name] = connection.data_source_exists?(name) + @data_sources[deep_deduplicate(name)] = connection.data_source_exists?(name) end # Add internal cache for table with +table_name+. @@ -73,13 +77,17 @@ module ActiveRecord # Get the columns for a table def columns(table_name) - @columns[table_name] ||= connection.columns(table_name) + @columns.fetch(table_name) do + @columns[deep_deduplicate(table_name)] = deep_deduplicate(connection.columns(table_name)) + end end # Get the columns for a table as a hash, key is the column name # value is the column object. def columns_hash(table_name) - @columns_hash[table_name] ||= columns(table_name).index_by(&:name) + @columns_hash.fetch(table_name) do + @columns_hash[deep_deduplicate(table_name)] = columns(table_name).index_by(&:name) + end end # Checks whether the columns hash is already cached for a table. @@ -88,7 +96,9 @@ module ActiveRecord end def indexes(table_name) - @indexes[table_name] ||= connection.indexes(table_name) + @indexes.fetch(table_name) do + @indexes[deep_deduplicate(table_name)] = deep_deduplicate(connection.indexes(table_name)) + end end def database_version # :nodoc: diff --git a/activerecord/lib/active_record/railties/databases.rake b/activerecord/lib/active_record/railties/databases.rake index 98f57549a5..4d9acc911b 100644 --- a/activerecord/lib/active_record/railties/databases.rake +++ b/activerecord/lib/active_record/railties/databases.rake @@ -297,10 +297,11 @@ db_namespace = namespace :db do ActiveRecord::Base.configurations.configs_for(env_name: ActiveRecord::Tasks::DatabaseTasks.env).each do |db_config| ActiveRecord::Base.establish_connection(db_config.config) - ActiveRecord::Tasks::DatabaseTasks.migrate - # Skipped when no database - ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config.config, ActiveRecord::Base.schema_format, db_config.spec_name) + ActiveRecord::Tasks::DatabaseTasks.migrate + if ActiveRecord::Base.dump_schema_after_migration + ActiveRecord::Tasks::DatabaseTasks.dump_schema(db_config.config, ActiveRecord::Base.schema_format, db_config.spec_name) + end rescue ActiveRecord::NoDatabaseError ActiveRecord::Tasks::DatabaseTasks.create_current(db_config.env_name, db_config.spec_name) diff --git a/activerecord/test/cases/adapters/postgresql/money_test.rb b/activerecord/test/cases/adapters/postgresql/money_test.rb index 1aa0348879..ff2ab22a80 100644 --- a/activerecord/test/cases/adapters/postgresql/money_test.rb +++ b/activerecord/test/cases/adapters/postgresql/money_test.rb @@ -54,8 +54,12 @@ class PostgresqlMoneyTest < ActiveRecord::PostgreSQLTestCase type = PostgresqlMoney.type_for_attribute("wealth") assert_equal(12345678.12, type.cast(+"$12,345,678.12")) assert_equal(12345678.12, type.cast(+"$12.345.678,12")) + assert_equal(12345678.12, type.cast(+"12,345,678.12")) + assert_equal(12345678.12, type.cast(+"12.345.678,12")) assert_equal(-1.15, type.cast(+"-$1.15")) assert_equal(-2.25, type.cast(+"($2.25)")) + assert_equal(-1.15, type.cast(+"-1.15")) + assert_equal(-2.25, type.cast(+"(2.25)")) end def test_schema_dumping diff --git a/activerecord/test/cases/autosave_association_test.rb b/activerecord/test/cases/autosave_association_test.rb index 2d223a3035..3528ac045f 100644 --- a/activerecord/test/cases/autosave_association_test.rb +++ b/activerecord/test/cases/autosave_association_test.rb @@ -13,12 +13,14 @@ require "models/developer" require "models/computer" require "models/invoice" require "models/line_item" +require "models/mouse" require "models/order" require "models/parrot" require "models/pirate" require "models/project" require "models/ship" require "models/ship_part" +require "models/squeak" require "models/tag" require "models/tagging" require "models/treasure" @@ -386,6 +388,20 @@ class TestDefaultAutosaveAssociationOnABelongsToAssociation < ActiveRecord::Test assert_predicate auditlog, :valid? end + + def test_validation_does_not_validate_non_dirty_association_target + mouse = Mouse.create!(name: "Will") + Squeak.create!(mouse: mouse) + + mouse.name = nil + mouse.save! validate: false + + squeak = Squeak.last + + assert_equal true, squeak.valid? + assert_equal true, squeak.mouse.present? + assert_equal true, squeak.valid? + end end class TestDefaultAutosaveAssociationOnAHasManyAssociationWithAcceptsNestedAttributes < ActiveRecord::TestCase diff --git a/activerecord/test/models/mouse.rb b/activerecord/test/models/mouse.rb new file mode 100644 index 0000000000..75a55c125d --- /dev/null +++ b/activerecord/test/models/mouse.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +class Mouse < ActiveRecord::Base + has_many :squeaks, autosave: true + validates :name, presence: true +end diff --git a/activerecord/test/models/squeak.rb b/activerecord/test/models/squeak.rb new file mode 100644 index 0000000000..e0a643c238 --- /dev/null +++ b/activerecord/test/models/squeak.rb @@ -0,0 +1,6 @@ +# frozen_string_literal: true + +class Squeak < ActiveRecord::Base + belongs_to :mouse + accepts_nested_attributes_for :mouse +end diff --git a/activerecord/test/schema/schema.rb b/activerecord/test/schema/schema.rb index b6c0ae0de2..dd0ff759b6 100644 --- a/activerecord/test/schema/schema.rb +++ b/activerecord/test/schema/schema.rb @@ -563,6 +563,10 @@ ActiveRecord::Schema.define do t.string :type end + create_table :mice, force: true do |t| + t.string :name + end + create_table :movies, force: true, id: false do |t| t.primary_key :movieid t.string :name @@ -843,6 +847,10 @@ ActiveRecord::Schema.define do end end + create_table :squeaks, force: true do |t| + t.integer :mouse_id + end + create_table :prisoners, force: true do |t| t.belongs_to :ship end diff --git a/activestorage/lib/active_storage/service/azure_storage_service.rb b/activestorage/lib/active_storage/service/azure_storage_service.rb index 993cc0e5f7..8d77e9b20f 100644 --- a/activestorage/lib/active_storage/service/azure_storage_service.rb +++ b/activestorage/lib/active_storage/service/azure_storage_service.rb @@ -17,10 +17,10 @@ module ActiveStorage @container = container end - def upload(key, io, checksum: nil, **) + def upload(key, io, checksum: nil, content_type: nil, **) instrument :upload, key: key, checksum: checksum do handle_errors do - blobs.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum) + blobs.create_block_blob(container, key, IO.try_convert(io) || io, content_md5: checksum, content_type: content_type) end end end diff --git a/activestorage/test/service/azure_storage_service_test.rb b/activestorage/test/service/azure_storage_service_test.rb index 2b07902d07..fc7b86ccb0 100644 --- a/activestorage/test/service/azure_storage_service_test.rb +++ b/activestorage/test/service/azure_storage_service_test.rb @@ -9,6 +9,20 @@ if SERVICE_CONFIGURATIONS[:azure] include ActiveStorage::Service::SharedServiceTests + test "upload with content_type" do + key = SecureRandom.base58(24) + data = "Foobar" + + @service.upload(key, StringIO.new(data), checksum: Digest::MD5.base64digest(data), filename: ActiveStorage::Filename.new("test.txt"), content_type: "text/plain") + + url = @service.url(key, expires_in: 2.minutes, disposition: :attachment, content_type: nil, filename: ActiveStorage::Filename.new("test.html")) + response = Net::HTTP.get_response(URI(url)) + assert_equal "text/plain", response.content_type + assert_match(/attachment;.*test\.html/, response["Content-Disposition"]) + ensure + @service.delete key + end + test "signed URL generation" do url = @service.url(@key, expires_in: 5.minutes, disposition: :inline, filename: ActiveStorage::Filename.new("avatar.png"), content_type: "image/png") diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index d56d4c22de..5d6bb7a0b3 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,3 +1,35 @@ +* Make ActiveSupport::Logger Fiber-safe. Fixes #36752. + + Use `Fiber.current.__id__` in `ActiveSupport::Logger#local_level=` in order + to make log level local to Ruby Fibers in addition to Threads. + + Example: + + logger = ActiveSupport::Logger.new(STDOUT) + logger.level = 1 + p "Main is debug? #{logger.debug?}" + + Fiber.new { + logger.local_level = 0 + p "Thread is debug? #{logger.debug?}" + }.resume + + p "Main is debug? #{logger.debug?}" + + Before: + + Main is debug? false + Thread is debug? true + Main is debug? true + + After: + + Main is debug? false + Thread is debug? true + Main is debug? false + + *Alexander Varnin* + * Allow the `on_rotation` proc used when decrypting/verifying a message to be passed at the constructor level. diff --git a/activesupport/lib/active_support/logger_thread_safe_level.rb b/activesupport/lib/active_support/logger_thread_safe_level.rb index f16c90cfc6..1775a41492 100644 --- a/activesupport/lib/active_support/logger_thread_safe_level.rb +++ b/activesupport/lib/active_support/logger_thread_safe_level.rb @@ -3,6 +3,7 @@ require "active_support/concern" require "active_support/core_ext/module/attribute_accessors" require "concurrent" +require "fiber" module ActiveSupport module LoggerThreadSafeLevel # :nodoc: @@ -28,7 +29,7 @@ module ActiveSupport end def local_log_id - Thread.current.__id__ + Fiber.current.__id__ end def local_level diff --git a/activesupport/lib/active_support/parameter_filter.rb b/activesupport/lib/active_support/parameter_filter.rb index 8e5595babf..e1cd7c46c1 100644 --- a/activesupport/lib/active_support/parameter_filter.rb +++ b/activesupport/lib/active_support/parameter_filter.rb @@ -109,7 +109,12 @@ module ActiveSupport elsif value.is_a?(Hash) value = call(value, parents, original_params) elsif value.is_a?(Array) - value = value.map { |v| v.is_a?(Hash) ? call(v, parents, original_params) : v } + # If we don't pop the current parent it will be duplicated as we + # process each array value. + parents.pop if deep_regexps + value = value.map { |v| value_for_key(key, v, parents, original_params) } + # Restore the parent stack after processing the array. + parents.push(key) if deep_regexps elsif blocks.any? key = key.dup if key.duplicable? value = value.dup if value.duplicable? diff --git a/activesupport/lib/active_support/secure_compare_rotator.rb b/activesupport/lib/active_support/secure_compare_rotator.rb new file mode 100644 index 0000000000..14a0aee947 --- /dev/null +++ b/activesupport/lib/active_support/secure_compare_rotator.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true + +require "active_support/security_utils" +require "active_support/messages/rotator" + +module ActiveSupport + # The ActiveSupport::SecureCompareRotator is a wrapper around +ActiveSupport::SecurityUtils.secure_compare+ + # and allows you to rotate a previously defined value to a new one. + # + # It can be used as follow: + # + # rotator = ActiveSupport::SecureCompareRotator.new('new_production_value') + # rotator.rotate('previous_production_value') + # rotator.secure_compare!('previous_production_value') + # + # One real use case example would be to rotate a basic auth credentials: + # + # class MyController < ApplicationController + # def authenticate_request + # rotator = ActiveSupport::SecureComparerotator.new('new_password') + # rotator.rotate('old_password') + # + # authenticate_or_request_with_http_basic do |username, password| + # rotator.secure_compare!(password) + # rescue ActiveSupport::SecureCompareRotator::InvalidMatch + # false + # end + # end + # end + class SecureCompareRotator + include SecurityUtils + prepend Messages::Rotator + + InvalidMatch = Class.new(StandardError) + + def initialize(value, **_options) + @value = value + end + + def secure_compare!(other_value, on_rotation: @rotation) + secure_compare(@value, other_value) || + run_rotations(on_rotation) { |wrapper| wrapper.secure_compare!(other_value) } || + raise(InvalidMatch) + end + + private + + def build_rotation(previous_value, _options) + self.class.new(previous_value) + end + end +end diff --git a/activesupport/test/logger_test.rb b/activesupport/test/logger_test.rb index 160e1156b6..6f7a186022 100644 --- a/activesupport/test/logger_test.rb +++ b/activesupport/test/logger_test.rb @@ -258,6 +258,50 @@ class LoggerTest < ActiveSupport::TestCase assert_level(Logger::INFO) end + def test_logger_level_main_fiber_safety + @logger.level = Logger::INFO + assert_level(Logger::INFO) + + fiber = Fiber.new do + assert_level(Logger::INFO) + end + + @logger.silence(Logger::ERROR) do + assert_level(Logger::ERROR) + fiber.resume + end + end + + def test_logger_level_local_fiber_safety + @logger.level = Logger::INFO + assert_level(Logger::INFO) + + another_fiber = Fiber.new do + @logger.silence(Logger::ERROR) do + assert_level(Logger::ERROR) + @logger.silence(Logger::DEBUG) do + assert_level(Logger::DEBUG) + end + end + + assert_level(Logger::INFO) + end + + Fiber.new do + @logger.silence(Logger::ERROR) do + assert_level(Logger::ERROR) + @logger.silence(Logger::DEBUG) do + another_fiber.resume + assert_level(Logger::DEBUG) + end + end + + assert_level(Logger::INFO) + end.resume + + assert_level(Logger::INFO) + end + private def level_name(level) ::Logger::Severity.constants.find do |severity| diff --git a/activesupport/test/parameter_filter_test.rb b/activesupport/test/parameter_filter_test.rb index d2dc71061d..e680a22479 100644 --- a/activesupport/test/parameter_filter_test.rb +++ b/activesupport/test/parameter_filter_test.rb @@ -28,10 +28,17 @@ class ParameterFilterTest < ActiveSupport::TestCase value.replace("world!") if original_params["barg"]["blah"] == "bar" && key == "hello" } + filter_words << lambda { |key, value| + value.upcase! if key == "array_elements" + } + parameter_filter = ActiveSupport::ParameterFilter.new(filter_words) before_filter["barg"] = { :bargain => "gain", "blah" => "bar", "bar" => { "bargain" => { "blah" => "foo", "hello" => "world" } } } after_filter["barg"] = { :bargain => "niag", "blah" => "[FILTERED]", "bar" => { "bargain" => { "blah" => "[FILTERED]", "hello" => "world!" } } } + before_filter["array_elements"] = %w(element1 element2) + after_filter["array_elements"] = %w(ELEMENT1 ELEMENT2) + assert_equal after_filter, parameter_filter.filter(before_filter) end end diff --git a/activesupport/test/secure_compare_rotator_test.rb b/activesupport/test/secure_compare_rotator_test.rb new file mode 100644 index 0000000000..8acf13e38f --- /dev/null +++ b/activesupport/test/secure_compare_rotator_test.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require "abstract_unit" +require "active_support/secure_compare_rotator" + +class SecureCompareRotatorTest < ActiveSupport::TestCase + test "#secure_compare! works correctly after rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + + assert_equal(true, wrapper.secure_compare!("new_secret")) + end + + test "#secure_compare! works correctly after multiple rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + wrapper.rotate("another_secret") + wrapper.rotate("and_another_one") + + assert_equal(true, wrapper.secure_compare!("and_another_one")) + end + + test "#secure_compare! fails correctly when credential is not part of the rotation" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + + assert_raises(ActiveSupport::SecureCompareRotator::InvalidMatch) do + wrapper.secure_compare!("different_secret") + end + end + + test "#secure_compare! calls the on_rotation proc" do + wrapper = ActiveSupport::SecureCompareRotator.new("old_secret") + wrapper.rotate("new_secret") + wrapper.rotate("another_secret") + wrapper.rotate("and_another_one") + + @witness = nil + + assert_changes(:@witness, from: nil, to: true) do + assert_equal(true, wrapper.secure_compare!("and_another_one", on_rotation: -> { @witness = true })) + end + end +end diff --git a/guides/source/5_2_release_notes.md b/guides/source/5_2_release_notes.md index ac247bc3f9..7aac07dbbe 100644 --- a/guides/source/5_2_release_notes.md +++ b/guides/source/5_2_release_notes.md @@ -326,7 +326,7 @@ Please refer to the [Changelog][action-view] for detailed changes. select divider `option`. ([Pull Request](https://github.com/rails/rails/pull/31088)) -* Change `form_with` to generates ids by default. +* Change `form_with` to generate ids by default. ([Commit](https://github.com/rails/rails/commit/260d6f112a0ffdbe03e6f5051504cb441c1e94cd)) * Add `preload_link_tag` helper. diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md index 932a5dc2e9..54f8f5c2b5 100644 --- a/guides/source/active_storage_overview.md +++ b/guides/source/active_storage_overview.md @@ -43,6 +43,8 @@ tables. Use `rails db:migrate` to run the migration. WARNING: `active_storage_attachments` is a polymorphic join table that stores your model's class name. If your model's class name changes, you will need to run a migration on this table to update the underlying `record_type` to your model's new class name. +WARNING: If you are using UUIDs instead of integers as the primary key on your models you will need to change the column type of `record_id` for the `active_storage_attachments` table in the generated migration accordingly. + Declare Active Storage services in `config/storage.yml`. For each service your application uses, provide a name and the requisite configuration. The example below declares three services named `local`, `test`, and `amazon`: @@ -398,6 +400,10 @@ helper allows you to set the disposition. rails_blob_path(user.avatar, disposition: "attachment") ``` +WARNING: To prevent XSS attacks, ActiveStorage forces the Content-Disposition header +to "attachment" for some kind of files. To change this behaviour see the +available configuration opions in [Configuring Rails Applications](configuring.html#configuring-active-storage). + If you need to create a link from outside of controller/view context (Background jobs, Cronjobs, etc.), you can access the rails_blob_path like this: diff --git a/guides/source/command_line.md b/guides/source/command_line.md index 4681574edd..60d0de17bc 100644 --- a/guides/source/command_line.md +++ b/guides/source/command_line.md @@ -601,6 +601,8 @@ The `tmp:` namespaced commands will help you clear and create the `Rails.root/tm ### Miscellaneous +* `rails initializers` prints out all defined initializers in the order they are invoked by Rails. +* `rails middleware` lists Rack middleware stack enabled for your app. * `rails stats` is great for looking at statistics on your code, displaying things like KLOCs (thousands of lines of code) and your code to test ratio. * `rails secret` will give you a pseudo-random key to use for your session secret. * `rails time:zones:all` lists all the timezones Rails knows about. diff --git a/guides/source/configuring.md b/guides/source/configuring.md index ded985debe..c5d3d09bd0 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -844,6 +844,8 @@ You can find more detailed configuration options in the * `config.active_storage.content_types_to_serve_as_binary` accepts an array of strings indicating the content types that Active Storage will always serve as an attachment, rather than inline. The default is `%w(text/html text/javascript image/svg+xml application/postscript application/x-shockwave-flash text/xml application/xml application/xhtml+xml application/mathml+xml text/cache-manifest)`. +* `config.active_storage.content_types_allowed_inline` accepts an array of strings indicating the content types that Active Storage allows to serve as inline. The default is `%w(image/png image/gif image/jpg image/jpeg image/vnd.adobe.photoshop image/vnd.microsoft.icon application/pdf)`. + * `config.active_storage.queues.analysis` accepts a symbol indicating the Active Job queue to use for analysis jobs. When this option is `nil`, analysis jobs are sent to the default Active Job queue (see `config.active_job.default_queue_name`). ```ruby diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt index 4a994e1e7b..eea99edb65 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt @@ -1,4 +1,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [ + :password, :secret, :token, :_key, :auth, :crypt, :salt, :certificate, :otp, :access, :private, :protected, :ssn +] diff --git a/railties/test/application/rake/dbs_test.rb b/railties/test/application/rake/dbs_test.rb index 79c521dbf6..c9931c45a6 100644 --- a/railties/test/application/rake/dbs_test.rb +++ b/railties/test/application/rake/dbs_test.rb @@ -630,6 +630,22 @@ module ApplicationTests assert_match(/CreateRecipes: migrated/, output) end end + + test "db:prepare does not touch schema when dumping is disabled" do + Dir.chdir(app_path) do + rails "generate", "model", "book", "title:string" + rails "db:create", "db:migrate" + + app_file "db/schema.rb", "Not touched" + app_file "config/initializers/disable_dumping_schema.rb", <<-RUBY + Rails.application.config.active_record.dump_schema_after_migration = false + RUBY + + rails "db:prepare" + + assert_equal("Not touched", File.read("db/schema.rb").strip) + end + end end end end diff --git a/railties/test/application/system_test_case_test.rb b/railties/test/application/system_test_case_test.rb new file mode 100644 index 0000000000..d15a0d9210 --- /dev/null +++ b/railties/test/application/system_test_case_test.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +require "isolation/abstract_unit" +require "rack/test" + +class SystemTestCaseTest < ActiveSupport::TestCase + include ActiveSupport::Testing::Isolation + + def setup + build_app + end + + def teardown + teardown_app + end + + test "url helpers are delegated to a proxy class" do + app_file "config/routes.rb", <<-RUBY + Rails.application.routes.draw do + get 'foo', to: 'foo#index', as: 'test_foo' + end + RUBY + + app("test") + + assert_not_includes(ActionDispatch::SystemTestCase.runnable_methods, :test_foo_url) + end + + test "system tests set the Capybara host in the url_options by default" do + app_file "config/routes.rb", <<-RUBY + Rails.application.routes.draw do + get 'foo', to: 'foo#index', as: 'test_foo' + end + RUBY + + app("test") + system_test = ActionDispatch::SystemTestCase.new("my_test") + previous_app_host = ::Capybara.app_host + ::Capybara.app_host = "https://my_test_example.com" + + assert_equal("https://my_test_example.com/foo", system_test.test_foo_url) + ensure + ::Capybara.app_host = previous_app_host + end +end |