| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
To prevent errors from being raise in environments where credentials
is unnecessary.
Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489
Fixes #31283
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To edit/show encrypted file:
```
bin/rails encrypted:edit config/staging_tokens.yml.enc
bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key
bin/rails encrypted:show config/staging_tokens.yml.enc
```
Also provides a backing Rails.application.encrypted API for Ruby access:
```ruby
Rails.application.encrypted("config/staging_tokens.yml.enc").read
Rails.application.encrypted("config/staging_tokens.yml.enc").config
Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key")
```
|
| |
|
|
|
| |
It's already a default for new apps, like so many others, so
no need to flaunt it.
|
| |
|
|
|
|
|
|
| |
Allow edits of existing encrypted secrets generated on Rails 5.1,
but refer to credentials when attempting to setup.
This also removes the need for any of the setup code, so the
generator can be ripped out altogether.
|
| |
|
|
| |
This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When puma/puma#1403 is merged Puma will support the Early Hints status
code for sending assets before a request has finished.
While the Early Hints spec is still in draft, this PR prepares Rails to
allowing this status code.
If the proxy server supports Early Hints, it will send H2 pushes to the
client.
This PR adds a method for setting Early Hints Link headers via Rails,
and also automatically sends Early Hints if supported from the
`stylesheet_link_tag` and the `javascript_include_tag`.
Once puma supports Early Hints the `--early-hints` argument can be
passed to the server to enable this or set in the puma config with
`early_hints(true)`. Note that for Early Hints to work
in the browser the requirements are 1) a proxy that can handle H2,
and 2) HTTPS.
To start the server with Early Hints enabled pass `--early-hints` to
`rails s`.
This has been verified to work with h2o, Puma, and Rails with Chrome.
The commit adds a new option to the rails server to enable early hints
for Puma.
Early Hints spec:
https://tools.ietf.org/html/draft-ietf-httpbis-early-hints-04
[Eileen M. Uchitelle, Aaron Patterson]
|
| |
|
|
|
|
|
|
|
| |
Binding to capture the local scope. This means that if a constant with same
name as constant specified by the user exists in local scope, constant
defined in local will use. This is different from what the user expects.
Therefore, fixed to use top-level binding instead of local scope.
Fixes #30644
|
| |\
| |
| | |
Make master key added to gitignore the same value as when creating appplication
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For gitignore generated by `rails new`, key with a leading slash is specified.
https://github.com/rails/rails/blob/69f976b859cae7f9d050152103da018b7f5dda6d/railties/lib/rails/generators/rails/app/templates/gitignore#L11
Therefore, when executing `credentials:edit`, also need leading slack.
In order to avoid such a difference, fixed to use same method for
`rails new` and `credentials:edit`.
|
| |/
|
|
|
|
|
| |
Removes most mentions of secrets.secret_key_base and explains
credentials instead.
Also removes some very stale upgrade notices about Rails 3/4.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* WIP: Add credentials using a generic EncryptedConfiguration class
This is sketch code so far.
* Flesh out EncryptedConfiguration and test it
* Better name
* Add command and generator for credentials
* Use the Pathnames
* Extract EncryptedFile from EncryptedConfiguration and add serializers
* Test EncryptedFile
* Extract serializer validation
* Stress the point about losing comments
* Allow encrypted configuration to be read without parsing for display
* Use credentials by default and base them on the master key
* Derive secret_key_base in test/dev, source it from credentials in other envs
And document the usage.
* Document the new credentials setup
* Stop generating the secrets.yml file now that we have credentials
* Document what we should have instead
Still need to make it happen, tho.
* [ci skip] Keep wording to `key base`; prefer defaults.
Usually we say we change defaults, not "spec" out a release.
Can't use backticks in our sdoc generated documentation either.
* Abstract away OpenSSL; prefer MessageEncryptor.
* Spare needless new when raising.
* Encrypted file test shouldn't depend on subclass.
* [ci skip] Some woordings.
* Ditch serializer future coding.
* I said flip it. Flip it good.
* [ci skip] Move require_master_key to the real production.rb.
* Add require_master_key to abort the boot process.
In case the master key is required in a certain environment
we should inspect that the key is there and abort if it isn't.
* Print missing key message and exit immediately.
Spares us a lengthy backtrace and prevents further execution.
I've verified the behavior in a test app, but couldn't figure the
test out as loading the app just exits immediately with:
```
/Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError)
from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method'
from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start'
```
It's likely we need to capture and prevent the exit somehow.
Kernel.stub(:exit) didn't work. Leaving it for tomorrow.
* Fix require_master_key config test.
Loading the app would trigger the `exit 1` per require_master_key's
semantics, which then aborted the test.
Fork and wait for the child process to finish, then inspect the
exit status.
Also check we aborted because of a missing master key, so something
else didn't just abort the boot.
Much <3 to @tenderlove for the tip.
* Support reading/writing configs via methods.
* Skip needless deep symbolizing.
* Remove save; test config reader elsewhere.
* Move secret_key_base check to when we're reading it.
Otherwise we'll abort too soon since we don't assign the secret_key_base
to secrets anymore.
* Add missing string literal comments; require unneeded yaml require.
* ya ya ya, rubocop.
* Add master_key/credentials after bundle.
Then we can reuse the existing message on `rails new bc4`.
It'll look like:
```
Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb)
Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails`
Using sass-rails 5.0.6
Bundle complete! 16 Gemfile dependencies, 72 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0
Save this in a password manager your team can access.
If you lose the key, no one, including you, can access anything encrypted with it.
create config/master.key
```
And that'll be executed even if `--skip-bundle` was passed.
* Ensure test app has secret_key_base.
* Assign secret_key_base to app or omit.
* Merge noise
* Split options for dynamic delegation into its own method and use deep symbols to make it work
* Update error to point to credentials instead
* Appease Rubocop
* Validate secret_key_base when reading it.
Instead of relying on the validation in key_generator move that into
secret_key_base itself.
* Fix generator and secrets test.
Manually add config.read_encrypted_secrets since it's not there by default
anymore.
Move mentions of config/secrets.yml to config/credentials.yml.enc.
* Remove files I have no idea how they got here.
* [ci skip] swap secrets for credentials.
* [ci skip] And now, changelogs are coming.
|
| |
|
|
|
|
|
|
|
| |
Without this, `dbconsole` raises an error as follwing:
```
RuntimeError: can't modify frozen String
railties/lib/rails/commands/dbconsole/dbconsole_command.rb:79:in `start'
```
|
| |
|
|
|
|
|
|
|
|
| |
Originally, it hard-coded pid file path. It can not be removed when customizing
pid file path.
But rake task can not get pid file path. Therefore, do not remove file in rake
task, makes it possible to judge whether it is restart from the argument of the
command and removes the file in server command.
Fixes #29306
|
| |\
| |
| | |
Railties updates for frozen string literals.
|
| | | |
|
| | | |
|
| |\ \
| |/
|/| |
Show minitest options in test runner help
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since #29572, minitest options are available but are no longer showed
in help.
This fixed to show minitest option in help as with Rails 5.1.2.
**before**
```
./bin/rails t --help
You can run a single test by appending a line number to a filename:
bin/rails test test/models/user_test.rb:27
You can run multiple files and directories at the same time:
bin/rails test test/controllers test/integration/login_test.rb
By default test failures and errors are reported inline during a run.
Rails options:
-w, --warnings Run with Ruby warnings enabled
-e, --environment Run tests in the ENV environment
-b, --backtrace Show the complete backtrace
-d, --defer-output Output test failures and errors after the test run
-f, --fail-fast Abort test run on first failure or error
-c, --[no-]color Enable color in the output
```
**after**
```
./bin/rails t --help
You can run a single test by appending a line number to a filename:
bin/rails test test/models/user_test.rb:27
You can run multiple files and directories at the same time:
bin/rails test test/controllers test/integration/login_test.rb
By default test failures and errors are reported inline during a run.
minitest options:
-h, --help Display this help.
-s, --seed SEED Sets random seed. Also via env. Eg: SEED=n rake
-v, --verbose Verbose. Show progress processing files.
-n, --name PATTERN Filter run on /regexp/ or string.
--exclude PATTERN Exclude /regexp/ or string from run.
Known extensions: rails, pride
-w, --warnings Run with Ruby warnings enabled
-e, --environment Run tests in the ENV environment
-b, --backtrace Show the complete backtrace
-d, --defer-output Output test failures and errors after the test run
-f, --fail-fast Abort test run on first failure or error
-c, --[no-]color Enable color in the output
-p, --pride Pride. Show your testing pride!
```
|
| |/
|
|
|
|
|
|
| |
Since Rails 4.0, `config.ru` generated by default uses instances of
`Rails.application`. Therefore, I think that it is good to deprecate
the old behavior.
Related: #9669
|
| |
|
|
|
|
|
|
|
|
|
| |
Puma has its own configuration file(e.g. `config/puma.rb`).
Can define a port and a URL to bind in the configuration file. Therefore,
on Rails side, can not grasp which URI to bind finally.
Because of that, it may show a URL different from the actually bound
URL, so I think that it is better not to show it.
Fixes #29880
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
in Rails 4.0, you could use `/dev/stdin` on both Linux and Mac, but with
the switch to Kernel.load in Rails 4.1, this broke on Linux (you get
a LoadError). Instead, explicitly detect `-` as meaning stdin, then
read from stdin explicitly, instead of performing file gymnastics. This
should now work on any platform uniformly.
Passing a script via stdin is useful when you're sshing to a server,
and the script you want to run is stored locally. You could theoretically
pass the entire script on the command line, but in reality you'll run
into problems with the command being too long.
|
| |
|
|
|
|
|
| |
Since #29725, load application file when `dbconsole` command is executed.
However, if do not set `RAILS_ENV` before reading the application file,
can not connect to the env specified in option, so added the setting
of `RAILS_ENV`.
|
| |
|
|
|
|
|
|
|
| |
Running the `console` and `dbconsole` commands with a regular argument
as the environment's name automatically expand it to match an existing
environment (e.g. dev for development).
This feature wasn't available using the `--environment` (a.k.a `-e`)
option.
|
| |
|
|
|
|
|
|
|
|
|
| |
Since 0a4f6009, it's possible to specify a 3-level database
configuration to gather connections by environment.
The `dbconsole` command will try to look for a database configuration
which points to the current environment but with such flavour, the
environment key is flushed out so let's add the ability to specify
the connection and pick `primary` by default to be consistent with
Active Record.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By making the Rails minitest behave like a standard minitest plugin
we're much more likely to not break when people use other minitest
plugins. Like minitest-focus and pride.
To do this, we need to behave like minitest: require files up front
and then perform the plugin behavior via the at_exit hook.
This also saves us a fair bit of wrangling with test file loading.
Finally, since the environment and warnings options have to be applied
as early as possible, and since minitest loads plugins at_exit, they
have to be moved to the test command.
* Don't expect the root method.
It's likely this worked because we eagerly loaded the Rails minitest plugin
and that somehow defined a root method on `Rails`.
* Assign a backtrace to failed exceptions.
Otherwise Minitest pukes when attempting to filter the backtrace (which
Rails' backtrace cleaner then removes).
Means the exception message test has to be revised too.
This is likely caused by the rails minitest plugin now being loaded for
these tests and assigning a default backtrace cleaner.
|
| |
|
|
|
|
|
|
|
| |
Currently the environment file is not loaded in `dbconsole` command.
Therefore, for example, if use encrypted secrets values in database.yml,
`read_encrypted_secrets` will not be true, so the value can not be
used correctly.
Fixes #29717
|
| |
|
|
|
|
|
|
|
|
|
| |
When secrets confirmed with the `secrets:edit` command, `secrets.yml.enc`
will change without updating the secrets.
Therefore, even if only want to check secrets, the difference will come
out. This is a little inconvenient.
In order to solve this problem, added the `secrets:show` command.
If just want to check secrets, no difference will occur use this command.
|
| | |
|
| |
|
|
| |
- [Rails <= 5.0](https://github.com/rails/rails/blob/5-0-stable/railties/lib/rails/commands/test.rb#L6) used to add the `<app_root>/test` as a string; this behaviour changed in rails 5.1, it's appending a `Pathname` object
|
| |
|
|
|
| |
Fix the mistake of not using Ruby's ENV hash from the get go and get
windows support.
|
| |\
| |
| | |
Correctly set user_supplied_options when there is no whitespace in option specification
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
specification
Current `user_supplied_options` method can not set the value correctly
if there is no space between option and value (e.g., `-p9000`).
This makes it possible to set the value correctly in the case like the above.
Fixes #29138
|
| | |
| |
| |
| |
| |
| | |
Setup config/secrets.yml.enc with template contents for people to edit.
Then generate encryption key and encrypt the initial secrets.
|
| |/
|
|
|
| |
Needed back when we attempted to wait for editors, but now we expect
users to pass a -w flag to their $EDITOR.
|
| |
|
|
|
|
|
|
|
| |
It wasn't clear that system tests don't run with the rest of the test
suite and are part of a separate command.
This documents the `test:system` command as well as update the Rails
runner help documentation to make it clearer that system tests are run
via their own command by default.
|
| |
|
|
| |
Fixes #28988
|
| | |
|
| |
|
|
|
| |
The `header` option checks only whether it is specified or not.
https://github.com/rails/rails/blob/e8c33349bfabca28996ac74d344d69c7aaffec50/railties/lib/rails/commands/dbconsole/dbconsole_command.rb#L52
|
| | |
|
| |\
| |
| | |
Correctly reset ARGV for "rails runner `CODE' arg arg arg..."
|
| | |
| |
| |
| |
| |
| | |
The code itself should not be in the ARGV vector.
Fixes #28515
|
| |/
|
|
|
|
|
| |
This is a regression from when the server command switched to its own
argument parser, as opposed to Rack's. Rack's argument parser, when
provided with a "host" argument, gives that value precedence over
environment variables.
|
| |
|
|
|
| |
Instead of calling methods of Rails.application directly, we need to
use a method that is considered for the rails engine.
|
| |\
| |
| | |
Show correct commands in help
|
| | |
| |
| |
| |
| | |
Currently rails' help shows only namespace. However, the secrets command
needs to specify command. Therefore, I fixed the command to display in help.
|
| | |
| |
| |
| |
| |
| | |
Mostly just that it's there.
Closes #28193.
|
| | |
| |
| |
| |
| |
| | |
In order to avoid `NoMethodError` when it is nil.
Follow up to 82f7dc6178f86e5e2dd82f9e528475a6acee6cd8
|
| | |
| |
| |
| | |
Prefer Thor's say method to Kernel's plain puts.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In case there's no $EDITOR assigned users would see a cryptic:
```
% EDITOR= bin/rails secrets:edit
Waiting for secrets file to be saved. Abort with Ctrl-C.
sh: /var/folders/wd/xnncwqp96rj0v1y2nms64mq80000gn/T/secrets.yml.enc: Permission denied
New secrets encrypted and saved.
```
That error is misleading, so give a hint in this easily detectable case.
Fixes #28143.
|
