| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
to make it not leak length information even for variable length string.
Renamed old `ActiveSupport::SecurityUtils.secure_compare` to `fixed_length_secure_compare`,
and started raising `ArgumentError` in case of length mismatch of passed strings.
|
| | | | | | | | |
|
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Support `expires_in` in `ActiveSupport::Cache::MemCacheStore#increment`
and `#decrement`.
Closes #30716.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Prevent deadlocks with load interlock and DB lock.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This fixes an issue where competing threads deadlock each other.
- Thread A holds the load interlock but is blocked on getting the DB lock
- Thread B holds the DB lock but is blocked on getting the load interlock (for example when there is a `Model.transaction` block that needs to autoload)
This solution allows for dependency loading in other threads while a thread is waiting to acquire the DB lock.
Fixes #31019
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Make `ActiveSupport::TimeWithZone` match Ruby's handling of ambiguous
times by choosing the later period, e.g.
Ruby:
```
ENV["TZ"] = "Europe/Moscow"
Time.local(2014, 10, 26, 1, 0, 0) # => 2014-10-26 01:00:00 +0300
```
Before:
```
>> "2014-10-26 01:00:00".in_time_zone("Moscow")
TZInfo::AmbiguousTime: 26/10/2014 01:00 is an ambiguous local time.
```
After:
```
>> "2014-10-26 01:00:00".in_time_zone("Moscow")
=> Sun, 26 Oct 2014 01:00:00 MSK +03:00
```
Fixes #17395.
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Compression has long been available, but opt-in and at a 16kB threshold.
It wasn't enabled by default due to CPU cost. Today it's cheap and
typical cache data is eminently compressible, such as HTML or JSON
fragments.
Compression dramatically reduces Memcached/Redis mem usage, which means
the same cache servers can store more data, which means higher hit
rates.
To disable compression, pass `compress: false` to the initializer.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* Supports vanilla Redis, hiredis, and Redis::Distributed.
* Supports Memcached-like sharding across Redises with Redis::Distributed.
* Fault tolerant. If the Redis server is unavailable, no exceptions are
raised. Cache fetches are treated as misses and writes are dropped.
* Local cache. Hot in-memory primary cache within block/middleware scope.
* `read_/write_multi` support for Redis mget/mset. Use Redis::Distributed
4.0.1+ for distributed mget support.
* `delete_matched` support for Redis KEYS globs.
|
|\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
Cache regexps generated from acronym_regex
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
To be removed in Rails 6.0 (default for the deprecate helper). Code
moved around as well for the ActiveSupport::Deprecation modules, since
it was dependent on ActiveSupport::Inflector being loaded for it to
work. By "lazy loading" the Inflector code from within the Deprecation
code, we can require ActiveSupport::Deprecation from
ActiveSupport::Inflector and not get a circular dependency issue.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Verify credentials format before saving
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Currently, credentials does not check the format when saving. As a result,
incorrect data as yaml is also saved.
If credentials is used in config files., an error will occur in credential
yaml parsing before edit, and will not be able to edit it.
In order to prevent this, verify the format when saving.
Related: #30851
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
## Summary
RuboCop 0.51.0 was released.
https://github.com/bbatsov/rubocop/releases/tag/v0.51.0
And rubocop-0-51 channel is available in Code Climate.
https://github.com/codeclimate/codeclimate-rubocop/issues/109
This PR will bump RuboCop to 0.51.0 and fixes the following new
offenses.
```console
% bundle exec rubocop
Inspecting 2358 files
(snip)
Offenses:
actionpack/lib/action_controller/metal/http_authentication.rb:251:59: C:
Prefer double-quoted strings unless you need single quotes to avoid
extra backslashes for escaping.
[key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')]
^^^^
activesupport/test/core_ext/load_error_test.rb:8:39: C: Prefer
double-quoted strings unless you need single quotes to avoid extra
backslashes for escaping.
assert_raise(LoadError) { require 'no_this_file_don\'t_exist' }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
2358 files inspected, 2 offenses detected
```
|
|\ \ \ \ \ \ \ \ \
| |_|_|/ / / / / /
|/| | | | | | | | |
Fixed typo in test for activesupport parameterize
|
| | |_|_|/ / / /
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Allow `Range#include?` on TWZ ranges
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
In #11474 we prevented TWZ ranges being iterated over which matched
Ruby's handling of Time ranges and as a consequence `include?` stopped
working with both Time ranges and TWZ ranges. However in
ruby/ruby@b061634 support was added for `include?` to use `cover?` for
'linear' objects. Since we have no way of making Ruby consider TWZ
instances as 'linear' we have to override `Range#include?`.
Fixes #30799.
|
|/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Seeing the previously issued PRs about it, we can avoid the `nil`
comparisons that can happen in `assert_changes` by using plain `assert`
calls.
This is to avoid a deprecation warning about comparing `nil` values in
`assert_equal` for Minitest 5 and a crash in Minitest 6.
You can see the preparations done in [`assert_equal`][ae]. You can also
see that [`assert`][a] does not care about `nil`s.
[ae]: https://github.com/seattlerb/minitest/blob/ca6a71ca901016db09a5ad466b4adea4b52a504a/lib/minitest/assertions.rb#L159-L188
[a]: https://github.com/seattlerb/minitest/blob/ca6a71ca901016db09a5ad466b4adea4b52a504a/lib/minitest/assertions.rb#L131-L142
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Acronym inflections are stored with lowercase keys in the hash but
the match wasn't being lowercased before being looked up in the hash.
This shouldn't have any performance impact because before it would
fail to find the acronym and perform the `downcase` operation anyway.
Fixes #31052.
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | | |
bogdanvlviv/method_signature_prev-next-day-month-year_for_time
Mirror the API of Ruby stdlib for #prev_day, #next_day, #prev_month, #next_month, #prev_year, #next_year
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Remove redundant return statements
|
| |/ / / / / / / |
|
|/ / / / / / / |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix #to_json for IO objects, fixes #26132
|
| | |/ / / / /
| |/| | | | | |
|
|/ / / / / / |
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | | |
cleaning up the expired cache keys
|
| | | | |
| | | | |
| | | | |
| | | | | |
`new_credentials_configuration` is no longer used since 081a6ac6f7fd929798481f9ee333fb92b441356c.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Follow up of #30728.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
`HashWithIndifferentAccess`
Currently, `#transform_values`, `#select` and `#reject` return instance
of `HashWithIndifferentAccess`. But `#transform_keys` returns instance
of Hash. This behavior is a bit confusing.
I think that `HashWithIndifferentAccess#transform_keys` should also return
instance of `HashWithIndifferentAccess` as well as other methods.
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Noticed that verifiers and encryptors never once mentioned key generators
and salts but only concerned themselves with generated secrets.
Clears up the confusing naming around raw_key and secret as well. And
makes the rotation API follow the constructor signature to the letter.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Spares users from passing in non-changing values explicitly.
[ Michael Coyne & Kasper Timm Hansen ]
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Both classes now have a rotate method where new instances are added for
each call. When decryption or verification fails the next rotation
instance is tried.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Currently, bang version does not work with `InheritableOptions`.
`InheritableOptions` treats the argument Hash as the default value.
However, `Hash#fetch` does not use the default value when key is not
found, so can not get the default value.
So in bang version, should use `Hash#[]` instead of `Hash#fetch`.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* WIP: Add credentials using a generic EncryptedConfiguration class
This is sketch code so far.
* Flesh out EncryptedConfiguration and test it
* Better name
* Add command and generator for credentials
* Use the Pathnames
* Extract EncryptedFile from EncryptedConfiguration and add serializers
* Test EncryptedFile
* Extract serializer validation
* Stress the point about losing comments
* Allow encrypted configuration to be read without parsing for display
* Use credentials by default and base them on the master key
* Derive secret_key_base in test/dev, source it from credentials in other envs
And document the usage.
* Document the new credentials setup
* Stop generating the secrets.yml file now that we have credentials
* Document what we should have instead
Still need to make it happen, tho.
* [ci skip] Keep wording to `key base`; prefer defaults.
Usually we say we change defaults, not "spec" out a release.
Can't use backticks in our sdoc generated documentation either.
* Abstract away OpenSSL; prefer MessageEncryptor.
* Spare needless new when raising.
* Encrypted file test shouldn't depend on subclass.
* [ci skip] Some woordings.
* Ditch serializer future coding.
* I said flip it. Flip it good.
* [ci skip] Move require_master_key to the real production.rb.
* Add require_master_key to abort the boot process.
In case the master key is required in a certain environment
we should inspect that the key is there and abort if it isn't.
* Print missing key message and exit immediately.
Spares us a lengthy backtrace and prevents further execution.
I've verified the behavior in a test app, but couldn't figure the
test out as loading the app just exits immediately with:
```
/Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError)
from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start'
```
It's likely we need to capture and prevent the exit somehow.
Kernel.stub(:exit) didn't work. Leaving it for tomorrow.
* Fix require_master_key config test.
Loading the app would trigger the `exit 1` per require_master_key's
semantics, which then aborted the test.
Fork and wait for the child process to finish, then inspect the
exit status.
Also check we aborted because of a missing master key, so something
else didn't just abort the boot.
Much <3 to @tenderlove for the tip.
* Support reading/writing configs via methods.
* Skip needless deep symbolizing.
* Remove save; test config reader elsewhere.
* Move secret_key_base check to when we're reading it.
Otherwise we'll abort too soon since we don't assign the secret_key_base
to secrets anymore.
* Add missing string literal comments; require unneeded yaml require.
* ya ya ya, rubocop.
* Add master_key/credentials after bundle.
Then we can reuse the existing message on `rails new bc4`.
It'll look like:
```
Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb)
Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails`
Using sass-rails 5.0.6
Bundle complete! 16 Gemfile dependencies, 72 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0
Save this in a password manager your team can access.
If you lose the key, no one, including you, can access anything encrypted with it.
create config/master.key
```
And that'll be executed even if `--skip-bundle` was passed.
* Ensure test app has secret_key_base.
* Assign secret_key_base to app or omit.
* Merge noise
* Split options for dynamic delegation into its own method and use deep symbols to make it work
* Update error to point to credentials instead
* Appease Rubocop
* Validate secret_key_base when reading it.
Instead of relying on the validation in key_generator move that into
secret_key_base itself.
* Fix generator and secrets test.
Manually add config.read_encrypted_secrets since it's not there by default
anymore.
Move mentions of config/secrets.yml to config/credentials.yml.enc.
* Remove files I have no idea how they got here.
* [ci skip] swap secrets for credentials.
* [ci skip] And now, changelogs are coming.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Fixes commit 10bf93ef92a70ae511036134290bf0e2de184b5c created to solve issue #30025
|
| | | | |
| | | | |
| | | | |
| | | | | |
And enable `context_dependent` of Style/BracesAroundHashParameters cop.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Provide run_once: true option to on_load in case you want a hook only to be executed once. This may be useful in cases where executing a hook several times may have undesired side effects
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
kaspth/verifier-encryptor-null-serializer-metadata
Perform self-serialization once metadata is involved.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Adds support for metadata even when using ActiveSupport::MessageEncryptor::NullSerializer.
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Add test for the new exception of delegate_missing_to
* Add a changelog entry
* Only check for nil if NoMethodError was raised
* Make method private
* Have to pass both target name and value
* Inline the re-raise
[Rafael Mendonça França + Anton Khamets]
|