diff options
| -rw-r--r-- | activemodel/CHANGELOG.md | 18 | ||||
| -rw-r--r-- | activemodel/lib/active_model/secure_password.rb | 103 | ||||
| -rw-r--r-- | activemodel/test/cases/secure_password_test.rb | 4 | ||||
| -rw-r--r-- | activemodel/test/models/user.rb | 3 | ||||
| -rw-r--r-- | activestorage/lib/active_storage/previewer/poppler_pdf_previewer.rb | 2 | ||||
| -rw-r--r-- | activesupport/CHANGELOG.md | 11 | ||||
| -rw-r--r-- | activesupport/lib/active_support/cache/redis_cache_store.rb | 24 | ||||
| -rw-r--r-- | activesupport/test/cache/stores/redis_cache_store_test.rb | 24 | ||||
| -rw-r--r-- | activesupport/test/core_ext/duration_test.rb | 12 | ||||
| -rw-r--r-- | guides/source/active_storage_overview.md | 2 | ||||
| -rw-r--r-- | guides/source/documents.yaml | 22 | ||||
| -rw-r--r-- | guides/source/getting_started.md | 9 |
12 files changed, 162 insertions, 72 deletions
diff --git a/activemodel/CHANGELOG.md b/activemodel/CHANGELOG.md index dcf94a5e21..1a464c2ffd 100644 --- a/activemodel/CHANGELOG.md +++ b/activemodel/CHANGELOG.md @@ -1,3 +1,21 @@ +* Allows configurable attribute name for `#has_secure_password`. This + still defaults to an attribute named 'password', causing no breaking + change. There is a new method `#authenticate_XXX` where XXX is the + configured attribute name, making the existing `#authenticate` now an + alias for this when the attribute is the default 'password'. + Example: + + class User < ActiveRecord::Base + has_secure_password :activation_token, validations: false + end + + user = User.new() + user.activation_token = "a_new_token" + user.activation_token_digest # => "$2a$10$0Budk0Fi/k2CDm2PEwa3Be..." + user.authenticate_activation_token('a_new_token') # => user + + *Unathi Chonco* + * Add `config.active_model.i18n_full_message` in order to control whether the `full_message` error format can be overridden at the attribute or model level in the locale files. This is `false` by default. diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb index 86f051f5ce..7f3763fa56 100644 --- a/activemodel/lib/active_model/secure_password.rb +++ b/activemodel/lib/active_model/secure_password.rb @@ -16,15 +16,16 @@ module ActiveModel module ClassMethods # Adds methods to set and authenticate against a BCrypt password. - # This mechanism requires you to have a +password_digest+ attribute. + # This mechanism requires you to have a +XXX_digest+ attribute. + # Where +XXX+ is the attribute name of your desired password/token or defaults to +password+ # # The following validations are added automatically: # * Password must be present on creation # * Password length should be less than or equal to 72 bytes - # * Confirmation of password (using a +password_confirmation+ attribute) + # * Confirmation of password (using a +XXX_confirmation+ attribute) # - # If password confirmation validation is not needed, simply leave out the - # value for +password_confirmation+ (i.e. don't provide a form field for + # If confirmation validation is not needed, simply leave out the + # value for +XXX_confirmation+ (i.e. don't provide a form field for # it). When this attribute has a +nil+ value, the validation will not be # triggered. # @@ -37,9 +38,10 @@ module ActiveModel # # Example using Active Record (which automatically includes ActiveModel::SecurePassword): # - # # Schema: User(name:string, password_digest:string) + # # Schema: User(name:string, password_digest:string, activation_token_digest:string) # class User < ActiveRecord::Base # has_secure_password + # has_secure_password :activation_token, validations: false # end # # user = User.new(name: 'david', password: '', password_confirmation: 'nomatch') @@ -48,11 +50,15 @@ module ActiveModel # user.save # => false, confirmation doesn't match # user.password_confirmation = 'mUc3m00RsqyRe' # user.save # => true + # user.activation_token = "a_new_token" + # user.activation_token_digest # => "$2a$10$0Budk0Fi/k2CDm2PEwa3BeXO5tPOA85b6xazE9rp8nF2MIJlsUik." + # user.save # => true # user.authenticate('notright') # => false # user.authenticate('mUc3m00RsqyRe') # => user + # user.authenticate_activation_token('a_new_token') # => user # User.find_by(name: 'david').try(:authenticate, 'notright') # => false # User.find_by(name: 'david').try(:authenticate, 'mUc3m00RsqyRe') # => user - def has_secure_password(options = {}) + def has_secure_password(attribute = :password, validations: true) # Load bcrypt gem only when has_secure_password is used. # This is to avoid ActiveModel (and by extension the entire framework) # being dependent on a binary library. @@ -63,9 +69,40 @@ module ActiveModel raise end - include InstanceMethodsOnActivation + attr_reader attribute + + define_method("#{attribute}=") do |unencrypted_password| + if unencrypted_password.nil? + self.send("#{attribute}_digest=", nil) + elsif !unencrypted_password.empty? + instance_variable_set("@#{attribute}", unencrypted_password) + cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost + self.send("#{attribute}_digest=", BCrypt::Password.create(unencrypted_password, cost: cost)) + end + end + + define_method("#{attribute}_confirmation=") do |unencrypted_password| + instance_variable_set("@#{attribute}_confirmation", unencrypted_password) + end + + # Returns +self+ if the password is correct, otherwise +false+. + # + # class User < ActiveRecord::Base + # has_secure_password validations: false + # end + # + # user = User.new(name: 'david', password: 'mUc3m00RsqyRe') + # user.save + # user.authenticate_password('notright') # => false + # user.authenticate_password('mUc3m00RsqyRe') # => user + define_method("authenticate_#{attribute}") do |unencrypted_password| + attribute_digest = send("#{attribute}_digest") + BCrypt::Password.new(attribute_digest).is_password?(unencrypted_password) && self + end + + alias_method :authenticate, :authenticate_password if attribute == :password - if options.fetch(:validations, true) + if validations include ActiveModel::Validations # This ensures the model has a password by checking whether the password_digest @@ -73,57 +110,13 @@ module ActiveModel # when there is an error, the message is added to the password attribute instead # so that the error message will make sense to the end-user. validate do |record| - record.errors.add(:password, :blank) unless record.password_digest.present? + record.errors.add(attribute, :blank) unless record.send("#{attribute}_digest").present? end - validates_length_of :password, maximum: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED - validates_confirmation_of :password, allow_blank: true + validates_length_of attribute, maximum: ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED + validates_confirmation_of attribute, allow_blank: true end end end - - module InstanceMethodsOnActivation - # Returns +self+ if the password is correct, otherwise +false+. - # - # class User < ActiveRecord::Base - # has_secure_password validations: false - # end - # - # user = User.new(name: 'david', password: 'mUc3m00RsqyRe') - # user.save - # user.authenticate('notright') # => false - # user.authenticate('mUc3m00RsqyRe') # => user - def authenticate(unencrypted_password) - BCrypt::Password.new(password_digest).is_password?(unencrypted_password) && self - end - - attr_reader :password - - # Encrypts the password into the +password_digest+ attribute, only if the - # new password is not empty. - # - # class User < ActiveRecord::Base - # has_secure_password validations: false - # end - # - # user = User.new - # user.password = nil - # user.password_digest # => nil - # user.password = 'mUc3m00RsqyRe' - # user.password_digest # => "$2a$10$4LEA7r4YmNHtvlAvHhsYAeZmk/xeUVtMTYqwIvYY76EW5GUqDiP4." - def password=(unencrypted_password) - if unencrypted_password.nil? - self.password_digest = nil - elsif !unencrypted_password.empty? - @password = unencrypted_password - cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost - self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost) - end - end - - def password_confirmation=(unencrypted_password) - @password_confirmation = unencrypted_password - end - end end end diff --git a/activemodel/test/cases/secure_password_test.rb b/activemodel/test/cases/secure_password_test.rb index c347aa9b24..bc23316ad5 100644 --- a/activemodel/test/cases/secure_password_test.rb +++ b/activemodel/test/cases/secure_password_test.rb @@ -186,9 +186,13 @@ class SecurePasswordTest < ActiveModel::TestCase test "authenticate" do @user.password = "secret" + @user.activation_token = "new_token" assert_not @user.authenticate("wrong") assert @user.authenticate("secret") + + assert !@user.authenticate_activation_token("wrong") + assert @user.authenticate_activation_token("new_token") end test "Password digest cost defaults to bcrypt default cost when min_cost is false" do diff --git a/activemodel/test/models/user.rb b/activemodel/test/models/user.rb index e98fd8a0a1..1ff3379153 100644 --- a/activemodel/test/models/user.rb +++ b/activemodel/test/models/user.rb @@ -7,6 +7,7 @@ class User define_model_callbacks :create has_secure_password + has_secure_password :activation_token, validations: false - attr_accessor :password_digest + attr_accessor :password_digest, :activation_token_digest end diff --git a/activestorage/lib/active_storage/previewer/poppler_pdf_previewer.rb b/activestorage/lib/active_storage/previewer/poppler_pdf_previewer.rb index 2a787362cf..69eb617d7b 100644 --- a/activestorage/lib/active_storage/previewer/poppler_pdf_previewer.rb +++ b/activestorage/lib/active_storage/previewer/poppler_pdf_previewer.rb @@ -12,7 +12,7 @@ module ActiveStorage end def pdftoppm_exists? - return @pdftoppm_exists unless @pdftoppm_exists.nil? + return @pdftoppm_exists if defined?(@pdftoppm_exists) @pdftoppm_exists = system(pdftoppm_path, "-v", out: File::NULL, err: File::NULL) end diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 100d57aa16..8031d351a9 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -131,5 +131,16 @@ *Eileen M. Uchitelle*, *Aaron Patterson* +* RedisCacheStore: Support expiring counters. + Pass `expires_in: [seconds]` to `#increment` and `#decrement` options + to set the Redis EXPIRE if the counter doesn't exist. + If the counter exists, Redis doesn't extend its expiry when it's exist. + + ``` + Rails.cache.increment("my_counter", 1, expires_in: 2.minutes) + ``` + + *Jason Lee* + Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/activesupport/CHANGELOG.md) for previous changes. diff --git a/activesupport/lib/active_support/cache/redis_cache_store.rb b/activesupport/lib/active_support/cache/redis_cache_store.rb index 11c574258f..95f8f639e8 100644 --- a/activesupport/lib/active_support/cache/redis_cache_store.rb +++ b/activesupport/lib/active_support/cache/redis_cache_store.rb @@ -256,9 +256,19 @@ module ActiveSupport # # Failsafe: Raises errors. def increment(name, amount = 1, options = nil) + options = merged_options(options) + key = normalize_key(name, options) + expires_in = options[:expires_in].to_i + instrument :increment, name, amount: amount do failsafe :increment do - redis.with { |c| c.incrby normalize_key(name, options), amount } + redis.with do |c| + val = c.incrby key, amount + if expires_in > 0 && c.ttl(key) == -2 + c.expire key, expires_in + end + val + end end end end @@ -272,9 +282,19 @@ module ActiveSupport # # Failsafe: Raises errors. def decrement(name, amount = 1, options = nil) + options = merged_options(options) + key = normalize_key(name, options) + expires_in = options[:expires_in].to_i + instrument :decrement, name, amount: amount do failsafe :decrement do - redis.with { |c| c.decrby normalize_key(name, options), amount } + redis.with do |c| + val = c.decrby key, amount + if expires_in > 0 && c.ttl(key) == -2 + c.expire key, expires_in + end + val + end end end end diff --git a/activesupport/test/cache/stores/redis_cache_store_test.rb b/activesupport/test/cache/stores/redis_cache_store_test.rb index 24c4c5c481..a2165e1978 100644 --- a/activesupport/test/cache/stores/redis_cache_store_test.rb +++ b/activesupport/test/cache/stores/redis_cache_store_test.rb @@ -141,6 +141,30 @@ module ActiveSupport::Cache::RedisCacheStoreTests end end end + + def test_increment_expires_in + assert_called_with @cache.redis, :incrby, [ "#{@namespace}:foo", 1 ] do + assert_called_with @cache.redis, :expire, [ "#{@namespace}:foo", 60 ] do + @cache.increment("foo", 1, expires_in: 60) + end + end + + assert_not_called @cache.redis, :expire do + @cache.decrement("foo", 1, expires_in: 60) + end + end + + def test_decrement_expires_in + assert_called_with @cache.redis, :decrby, [ "#{@namespace}:foo", 1 ] do + assert_called_with @cache.redis, :expire, [ "#{@namespace}:foo", 60 ] do + @cache.decrement("foo", 1, expires_in: 60) + end + end + + assert_not_called @cache.redis, :expire do + @cache.decrement("foo", 1, expires_in: 60) + end + end end class ConnectionPoolBehaviourTest < StoreTest diff --git a/activesupport/test/core_ext/duration_test.rb b/activesupport/test/core_ext/duration_test.rb index 240ae3bde0..63934e2433 100644 --- a/activesupport/test/core_ext/duration_test.rb +++ b/activesupport/test/core_ext/duration_test.rb @@ -158,6 +158,18 @@ class DurationTest < ActiveSupport::TestCase assert_equal Date.civil(2017, 1, 3), Date.civil(2017, 1, 1) + 1.day * 2 end + def test_date_added_with_multiplied_duration_larger_than_one_month + assert_equal Date.civil(2017, 2, 15), Date.civil(2017, 1, 1) + 1.day * 45 + end + + def test_date_added_with_divided_duration + assert_equal Date.civil(2017, 1, 3), Date.civil(2017, 1, 1) + 4.days / 2 + end + + def test_date_added_with_divided_duration_larger_than_one_month + assert_equal Date.civil(2017, 2, 15), Date.civil(2017, 1, 1) + 90.days / 2 + end + def test_plus_with_time assert_equal 1 + 1.second, 1.second + 1, "Duration + Numeric should == Numeric + Duration" end diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md index 9fabc011c8..e6c8b503a8 100644 --- a/guides/source/active_storage_overview.md +++ b/guides/source/active_storage_overview.md @@ -211,6 +211,8 @@ production: NOTE: Files are served from the primary service. +NOTE: This is not compatible with the [direct uploads](#direct-uploads) feature. + Attaching Files to Records -------------------------- diff --git a/guides/source/documents.yaml b/guides/source/documents.yaml index 5cddf79eeb..4dee34b1e7 100644 --- a/guides/source/documents.yaml +++ b/guides/source/documents.yaml @@ -65,17 +65,13 @@ url: routing.html description: This guide covers the user-facing features of Rails routing. If you want to understand how to use routing in your own Rails applications, start here. - - name: Digging Deeper + name: Other Components documents: - name: Active Support Core Extensions url: active_support_core_extensions.html description: This guide documents the Ruby core extensions defined in Active Support. - - name: Rails Internationalization (I18n) API - url: i18n.html - description: This guide covers how to add internationalization to your applications. Your application will be able to translate content to different languages, change pluralization rules, use correct date formats for each country, and so on. - - name: Action Mailer Basics url: action_mailer_basics.html description: This guide describes how to use Action Mailer to send and receive emails. @@ -88,6 +84,18 @@ url: active_storage_overview.html description: This guide covers how to attach files to your Active Record models. - + name: Action Cable Overview + url: action_cable_overview.html + description: This guide explains how Action Cable works, and how to use WebSockets to create real-time features. + +- + name: Digging Deeper + documents: + - + name: Rails Internationalization (I18n) API + url: i18n.html + description: This guide covers how to add internationalization to your applications. Your application will be able to translate content to different languages, change pluralization rules, use correct date formats for each country, and so on. + - name: Testing Rails Applications url: testing.html description: This is a rather comprehensive guide to the various testing facilities in Rails. It covers everything from 'What is a test?' to Integration Testing. Enjoy. @@ -137,10 +145,6 @@ name: Using Rails for API-only Applications url: api_app.html description: This guide explains how to effectively use Rails to develop a JSON API application. - - - name: Action Cable Overview - url: action_cable_overview.html - description: This guide explains how Action Cable works, and how to use WebSockets to create real-time features. - name: Extending Rails diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md index de2c459cff..61658cdfc9 100644 --- a/guides/source/getting_started.md +++ b/guides/source/getting_started.md @@ -1203,14 +1203,15 @@ it look as follows: This time we point the form to the `update` action, which is not defined yet but will be very soon. -Passing the article object to the method will automatically set the URL for +Passing the article object to the `form_with` method will automatically set the URL for submitting the edited article form. This option tells Rails that we want this form to be submitted via the `PATCH` HTTP method, which is the HTTP method you're expected to use to **update** resources according to the REST protocol. -The arguments to `form_with` could be model objects, say, `model: @article` which would -cause the helper to fill in the form with the fields of the object. Passing in a -symbol scope (`scope: :article`) just creates the fields but without anything filled into them. +Also, passing a model object to `form_with`, like `model: @article` in the edit +view above, will cause form helpers to fill in form fields with the corresponding +values of the object. Passing in a symbol scope such as `scope: :article`, as +was done in the new view, only creates empty form fields. More details can be found in [form_with documentation] (http://api.rubyonrails.org/classes/ActionView/Helpers/FormHelper.html#method-i-form_with). |