diff options
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/CHANGELOG.md | 21 | ||||
| -rw-r--r-- | railties/lib/rails/generators/erb.rb | 4 | ||||
| -rw-r--r-- | railties/lib/rails/secrets.rb | 21 | ||||
| -rw-r--r-- | railties/lib/rails/test_help.rb | 13 | ||||
| -rw-r--r-- | railties/lib/rails/test_unit/minitest_plugin.rb | 12 | ||||
| -rw-r--r-- | railties/lib/rails/test_unit/test_requirer.rb | 7 | ||||
| -rw-r--r-- | railties/lib/rails/test_unit/testing.rake | 10 | ||||
| -rw-r--r-- | railties/test/application/test_runner_test.rb | 74 | ||||
| -rw-r--r-- | railties/test/secrets_test.rb | 4 |
9 files changed, 126 insertions, 40 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 54bf0ec65e..a483535df1 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,24 @@ +* Avoid running system tests by default with the `bin/rails test` + and `bin/rake test` commands since they may be expansive. + + *Robin Dupret* (#28286) + +* Improve encryption for encrypted secrets. + + Switch to aes-128-gcm authenticated encryption. Also generate a random + initialization vector for each encryption so the same input and key can + generate different encrypted data. + + Double the encryption key entropy by properly extracting the underlying + bytes from the hexadecimal seed key. + + NOTE: Since the encryption mechanism has been switched, you need to run + this script to upgrade: + + https://gist.github.com/kaspth/bc37989c2f39a5642112f28b1d93f343 + + *Stephen Touset* + ## Rails 5.1.0.beta1 (February 23, 2017) ## * Add encrypted secrets in `config/secrets.yml.enc`. diff --git a/railties/lib/rails/generators/erb.rb b/railties/lib/rails/generators/erb.rb index d5e326d6ee..97d9ab29d4 100644 --- a/railties/lib/rails/generators/erb.rb +++ b/railties/lib/rails/generators/erb.rb @@ -17,8 +17,8 @@ module Erb # :nodoc: :erb end - def filename_with_extensions(name, format = self.format) - [name, format, handler].compact.join(".") + def filename_with_extensions(name, file_format = format) + [name, file_format, handler].compact.join(".") end end end diff --git a/railties/lib/rails/secrets.rb b/railties/lib/rails/secrets.rb index a083914109..2a95712cd9 100644 --- a/railties/lib/rails/secrets.rb +++ b/railties/lib/rails/secrets.rb @@ -1,4 +1,5 @@ require "yaml" +require "active_support/message_encryptor" module Rails # Greatly inspired by Ara T. Howard's magnificent sekrets gem. 😘 @@ -12,6 +13,7 @@ module Rails end end + @cipher = "aes-128-gcm" @read_encrypted_secrets = false @root = File # Wonky, but ensures `join` uses the current directory. @@ -30,20 +32,19 @@ module Rails end def generate_key - cipher = new_cipher - SecureRandom.hex(cipher.key_len)[0, cipher.key_len] + SecureRandom.hex(OpenSSL::Cipher.new(@cipher).key_len) end def key ENV["RAILS_MASTER_KEY"] || read_key_file || handle_missing_key end - def encrypt(text) - cipher(:encrypt, text) + def encrypt(data) + encryptor.encrypt_and_sign(data) end def decrypt(data) - cipher(:decrypt, data) + encryptor.decrypt_and_verify(data) end def read @@ -97,14 +98,8 @@ module Rails end end - def new_cipher - OpenSSL::Cipher.new("aes-256-cbc") - end - - def cipher(mode, data) - cipher = new_cipher.public_send(mode) - cipher.key = key - cipher.update(data) << cipher.final + def encryptor + @encryptor ||= ActiveSupport::MessageEncryptor.new([ key ].pack("H*"), cipher: @cipher) end end end diff --git a/railties/lib/rails/test_help.rb b/railties/lib/rails/test_help.rb index 8e290239bd..0f9bf98737 100644 --- a/railties/lib/rails/test_help.rb +++ b/railties/lib/rails/test_help.rb @@ -11,10 +11,6 @@ require "rails/generators/test_case" require "active_support/testing/autorun" -if defined?(Capybara) && defined?(Puma) - require "action_dispatch/system_test_case" -end - if defined?(ActiveRecord::Base) ActiveRecord::Migration.maintain_test_schema! @@ -48,12 +44,3 @@ class ActionDispatch::IntegrationTest super end end - -if defined?(Capybara) && defined?(Puma) - class ActionDispatch::SystemTestCase - def before_setup # :nodoc: - @routes = Rails.application.routes - super - end - end -end diff --git a/railties/lib/rails/test_unit/minitest_plugin.rb b/railties/lib/rails/test_unit/minitest_plugin.rb index e44fe78bbd..8decdb0f4f 100644 --- a/railties/lib/rails/test_unit/minitest_plugin.rb +++ b/railties/lib/rails/test_unit/minitest_plugin.rb @@ -62,9 +62,9 @@ module Minitest options[:patterns] = opts.order! unless run_via.rake? end - def self.rake_run(patterns) # :nodoc: + def self.rake_run(patterns, exclude_patterns = []) # :nodoc: self.run_via = :rake unless run_via.set? - ::Rails::TestRequirer.require_files(patterns) + ::Rails::TestRequirer.require_files(patterns, exclude_patterns) autorun end @@ -88,7 +88,13 @@ module Minitest # If run via `ruby` we've been passed the files to run directly, or if run # via `rake` then they have already been eagerly required. unless run_via.ruby? || run_via.rake? - ::Rails::TestRequirer.require_files(options[:patterns]) + # If there are no given patterns, we can assume that the user + # simply runs the `bin/rails test` command without extra arguments. + if options[:patterns].empty? + ::Rails::TestRequirer.require_files(options[:patterns], ["test/system/**/*"]) + else + ::Rails::TestRequirer.require_files(options[:patterns]) + end end unless options[:full_backtrace] || ENV["BACKTRACE"] diff --git a/railties/lib/rails/test_unit/test_requirer.rb b/railties/lib/rails/test_unit/test_requirer.rb index fe35934abc..92e5fcf0bc 100644 --- a/railties/lib/rails/test_unit/test_requirer.rb +++ b/railties/lib/rails/test_unit/test_requirer.rb @@ -4,10 +4,13 @@ require "rake/file_list" module Rails class TestRequirer # :nodoc: class << self - def require_files(patterns) + def require_files(patterns, exclude_patterns = []) patterns = expand_patterns(patterns) - Rake::FileList[patterns.compact.presence || "test/**/*_test.rb"].to_a.each do |file| + file_list = Rake::FileList[patterns.compact.presence || "test/**/*_test.rb"] + file_list.exclude(exclude_patterns) + + file_list.to_a.each do |file| require File.expand_path(file) end end diff --git a/railties/lib/rails/test_unit/testing.rake b/railties/lib/rails/test_unit/testing.rake index 4dde3d3c97..ef19bd7626 100644 --- a/railties/lib/rails/test_unit/testing.rake +++ b/railties/lib/rails/test_unit/testing.rake @@ -4,15 +4,15 @@ require "rails/test_unit/minitest_plugin" task default: :test -desc "Runs all tests in test folder" +desc "Runs all tests in test folder except system ones" task :test do $: << "test" - pattern = if ENV.key?("TEST") - ENV["TEST"] + + if ENV.key?("TEST") + Minitest.rake_run([ENV["TEST"]]) else - "test" + Minitest.rake_run(["test"], ["test/system/**/*"]) end - Minitest.rake_run([pattern]) end namespace :test do diff --git a/railties/test/application/test_runner_test.rb b/railties/test/application/test_runner_test.rb index e773b52dbb..a8e3a7ec5b 100644 --- a/railties/test/application/test_runner_test.rb +++ b/railties/test/application/test_runner_test.rb @@ -576,6 +576,80 @@ module ApplicationTests capture(:stderr) { run_test_command("test/models/warnings_test.rb -w") }) end + def test_reset_sessions_before_rollback_on_system_tests + app_file "test/system/reset_session_before_rollback_test.rb", <<-RUBY + require "application_system_test_case" + + class ResetSessionBeforeRollbackTest < ApplicationSystemTestCase + def teardown_fixtures + puts "rollback" + super + end + + Capybara.singleton_class.prepend(Module.new do + def reset_sessions! + puts "reset sessions" + super + end + end) + + test "dummy" do + end + end + RUBY + + run_test_command("test/system/reset_session_before_rollback_test.rb").tap do |output| + assert_match "reset sessions\nrollback", output + assert_match "1 runs, 0 assertions, 0 failures, 0 errors, 0 skips", output + end + end + + def test_system_tests_are_not_run_with_the_default_test_command + app_file "test/system/dummy_test.rb", <<-RUBY + require "application_system_test_case" + + class DummyTest < ApplicationSystemTestCase + test "something" do + assert true + end + end + RUBY + + run_test_command("").tap do |output| + assert_match "0 runs, 0 assertions, 0 failures, 0 errors, 0 skips", output + end + end + + def test_system_tests_are_not_run_through_rake_test + app_file "test/system/dummy_test.rb", <<-RUBY + require "application_system_test_case" + + class DummyTest < ApplicationSystemTestCase + test "something" do + assert true + end + end + RUBY + + output = Dir.chdir(app_path) { `bin/rake test` } + assert_match "0 runs, 0 assertions, 0 failures, 0 errors, 0 skips", output + end + + def test_system_tests_are_run_through_rake_test_when_given_in_TEST + app_file "test/system/dummy_test.rb", <<-RUBY + require "application_system_test_case" + + class DummyTest < ApplicationSystemTestCase + test "something" do + assert true + end + end + RUBY + + output = Dir.chdir(app_path) { `bin/rake test TEST=test/system/dummy_test.rb` } + assert_match "1 runs, 1 assertions, 0 failures, 0 errors, 0 skips", output + end + private def run_test_command(arguments = "test/unit/test_test.rb") Dir.chdir(app_path) { `bin/rails t #{arguments}` } diff --git a/railties/test/secrets_test.rb b/railties/test/secrets_test.rb index 36e42cf1f9..953408f0b4 100644 --- a/railties/test/secrets_test.rb +++ b/railties/test/secrets_test.rb @@ -54,9 +54,9 @@ class Rails::SecretsTest < ActiveSupport::TestCase test "reading from key file" do run_secrets_generator do - File.binwrite("config/secrets.yml.key", "How do I know you feel it?") + File.binwrite("config/secrets.yml.key", "00112233445566778899aabbccddeeff") - assert_equal "How do I know you feel it?", Rails::Secrets.key + assert_equal "00112233445566778899aabbccddeeff", Rails::Secrets.key end end |