aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib
Commit message (Collapse)AuthorAgeFilesLines
* Use `did_you_mean` spell checker for option suggestionsGenadi Samokovarov2018-03-233-52/+9
| | | | | | | | | | | Now that we require Ruby over `2.3`, we can replace the current suggestion methods we have with tooling from the `did_you_mean` gem. There is a small user visible change and this is that we now offer a single suggestion for misspelled options. We are suggesting fixes during generator invocation and during a mistyped rails server rack handler. In both cases, if we don't make a proper prediction on the first match, we won't do so in the second or third one, so in my mind, this is okay.
* Merge pull request #32271 from eileencodes/fix-three-tier-default-connectionEileen M. Uchitelle2018-03-161-1/+1
|\ | | | | Fix default connection handling with three-tier config
| * Switch dbconsole config loader checkeileencodes2018-03-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | In a three-tier config environment `configurations[environment].presence` will return `{ :primary => { :key => value, :key => value }, :secondary => { :key => value, :key => value} }, which means it's not given a single config to connect to. If we flip these however it will connect to primary because that's the default connection, and on a two tier it will be `nil` so the code will select the connection from the configurations rather than the connection.
* | Rely on Rails::Command's help output.Kasper Timm Hansen2018-03-131-15/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We end up with: ``` Usage: bin/rails routes [options] Options: -c, [--controller=CONTROLLER] # Filter by a specific controller, e.g. PostsController or Admin::PostsController. -g, [--grep=GREP] # Grep routes by a specific pattern. -E, [--expanded], [--no-expanded] # Print routes expanded vertically with parts explained. ``` which does miss the bit about routes being printed in order. Also: * Renames options to ease help output readability, then clarifies each option. * Fixes a bunch of indentation.
* | Extract details to methods to clarify command.Kasper Timm Hansen2018-03-131-8/+12
| |
* | Introduce `ActionDispatch::Routing::ConsoleFormatter::Base`bogdanvlviv2018-03-131-7/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Create `Base` and inherit `Sheet` and `Expanded` in order to - prevent code duplication. - Remove trailing "\n" for components of `Expanded`. - There is no need for `Expanded#header` to return `@buffer` so return `nil` instead. - Change `no_routes` message "No routes were found for this controller" since if use `-g`, it sounds incorrect. - Display `No routes were found for this controller.` if apply `-c`. - Display `No routes were found for this grep pattern.` if apply `-g`. Related to #32130
* | Remove path option from AzureStorage configYuji Yaginuma2018-03-131-1/+0
| | | | | | | | Follow up of 309bb6c4d068b0d480681cf4ef1b90158527dfe5
* | Do not show unnecessary message during server startupyuuji.yaginuma2018-03-101-6/+5
|/ | | | | | | | | | | | | | | | | | | | Currently, `Exiting` is showed during server startup. ``` ./bin/rails s => Booting Puma => Rails 6.0.0.alpha application starting in development => Run `rails server --help` for more startup options Exiting Puma starting in single mode... * Version 3.11.2 (ruby 2.5.0-p0), codename: Love Song ``` This is because processing at server stop is passed as a block, and `Rack::Serve#start` receives a block and executes it during startup processing. https://github.com/rack/rack/blob/50db1ffdf8b98503fb7c6e6648622b5d7d78d58e/lib/rack/server.rb#L258 In order to avoid this, stop processing is passed as argument.
* Always yield a CSP policy instanceAndrew White2018-03-081-4/+2
| | | | | If the app has the CSP disabled globally allow a controller action to enable the policy for that request.
* Allow using inline style and script in the internal controllersyuuji.yaginuma2018-03-081-0/+13
| | | | | | | | | | We use inline style and script for the view held inside Rails like welcome page and mailer preview. Therefore, if inline is prohibited by CSP, they will not work properly. I think that this is not as expected.   For that reason, I have made it possible to use inline style and script regardless of application settings.
* Allow Capybara 3.x (#32151)Thomas Walpole2018-03-051-1/+1
|
* Merge pull request #32170 from koic/deprecate_safe_level_of_erb_new_in_ruby_2_6Ryuta Kamizono2018-03-051-1/+6
|\ | | | | Deprecate safe_level of `ERB.new` in Ruby 2.6
| * Deprecate safe_level of `ERB.new` in Ruby 2.6Koichi ITO2018-03-051-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ### Summary In a Rails application using Ruby 2.6.0-dev, when running `bin/rails g migration` with `RUBYOPT=-w`, an ERB deprecation warnings will be displayed. ```console % ruby -v ruby 2.6.0dev (2018-03-03 trunk 62644) [x86_64-darwin17] % bin/rails -v Rails 6.0.0.alpha % RUBYOPT=-w bin/rails g migration create_foos (snip) /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing safe_level with the 2nd argument of ERB.new is deprecated. Do not use it, and specify other arguments as keyword arguments. /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing trim_mode with the 3rd argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, trim_mode: ...) instead. /Users/koic/src/github.com/rails/rails/railties/lib/rails/generators/migration.rb:66: warning: Passing eoutvar with the 4th argument of ERB.new is deprecated. Use keyword argument like ERB.new(str, eoutvar: ...) instead. create db/migrate/20180304002144_create_foos.rb ``` This PR suppresses the above deprecation warnings in Ruby 2.6.0-dev. This warning is due to the interface of `ERB.new` will change from Ruby 2.6. > Add :trim_mode and :eoutvar keyword arguments to ERB.new. > Now non-keyword arguments other than first one are softly deprecated > and will be removed when Ruby 2.5 becomes EOL. [Feature #14256] https://github.com/ruby/ruby/blob/2311087b685e8dc0f21f4a89875f25c22f5c39a9/NEWS#stdlib-updates-outstanding-ones-only The following addresses are related Ruby's commit. https://github.com/ruby/ruby/commit/cc777d0 Also this PR will change `ERB.new` used in `tasks/release.rb`. ### Other Information This PR uses `ERB.version` to switch `ERB.new` interface. Because Rails 6 supports multiple Ruby versions (Ruby 2.4.1 or higher), it need to use the appropriate interface. Using `ERB.version` instead of `RUBY_VERSON` is based on the following patch. https://github.com/ruby/ruby/pull/1826 This patch is built into Ruby. https://github.com/ruby/ruby/commit/40db89c0934c23d7464d47946bb682b9035411f9
* | Fix "NameError: undefined local variable or method `host'"yuuji.yaginuma2018-03-051-1/+1
| | | | | | | | The `host` and `port` can't use this context.
* | Extract Rails::Command::SpellcheckerGenadi Samokovarov2018-03-044-41/+55
| |
* | Introduce explicit rails server handler optionGenadi Samokovarov2018-03-041-16/+72
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I mistype `rails server production` instead of `rails server -e production` expecting to lunch a server in the production environment all the time. However, the signature of `rails server --help` is: ``` Usage: rails server [puma, thin etc] [options] ``` This means that the `production` argument is being interpreted as a Rack server handler like Puma, Thin or Unicorn. Should we argue for the `rails server production`? I'm not sure of the reasons, but the `rails console production` behavior was deprecated in: https://github.com/rails/rails/pull/29358, so parity with the existing `rails console production` usage may not hold anymore. In any case, this PR introduces an explicit option for the Rack servers configuration. The option is called `--using` (or `-u` for short) to avoid the `rails server --server` tantrum. The new interface of `rails server` is: ``` Usage: rails server [using] [options] Options: -p, [--port=port] # Runs Rails on the specified port - defaults to 3000. -b, [--binding=IP] # Binds Rails to the specified IP - defaults to 'localhost' in development and '0.0.0.0' in other environments'. -c, [--config=file] # Uses a custom rackup configuration. # Default: config.ru -d, [--daemon], [--no-daemon] # Runs server as a Daemon. -e, [--environment=name] # Specifies the environment to run this server under (development/test/production). -u, [--using=name] # Specifies the Rack server used to run the application (thin/puma/webrick). -P, [--pid=PID] # Specifies the PID file. # Default: tmp/pids/server.pid -C, [--dev-caching], [--no-dev-caching] # Specifies whether to perform caching in development. [--early-hints], [--no-early-hints] # Enables HTTP/2 early hints. ``` As a bonus, if you mistype the server to use, you'll get an auto-correction message: ``` $ rails s tin Could not find handler "tin". Maybe you meant "thin" or "cgi"? Run `rails server --help` for more options. ```
* Merge pull request #32130 from benoittgt/rake-routes-compact-modeRafael França2018-02-281-1/+7
|\ | | | | Add "rails routes --expanded" mode
| * Add --expanded option to "rails routes"Benoit Tigeot2018-02-281-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When using rails routes with small terminal or complicated routes it can be very difficult to understand where is the element listed in header. psql had the same issue, that's why they created "expanded mode" you can switch using `\x` or by starting psql with ``` -x --expanded Turn on the expanded table formatting mode. This is equivalent to the \x command. ``` The output is similar to one implemented here for rails routes: db_user-# \du List of roles -[ RECORD 1 ]---------------------------------------------- Role name | super Attributes | Superuser, Create role, Create DB Member of | {} -[ RECORD 2 ]---------------------------------------------- Role name | role Attributes | Superuser, Create role, Create DB, Replication Member of | {}
* | Fix `new_framework_defaults_6_0.rb`bogdanvlviv2018-02-271-1/+1
|/ | | | | | | | | `default_enforce_utf8` belongs to `config.action_view` Update info about `:skip_enforcing_utf8` since we can change default behavior via `config.action_controller.default_enforce_utf8` Related to #32125
* Merge pull request #32121 from benoittgt/move-rails-routes-to-rails-commandRafael França2018-02-273-32/+43
|\ | | | | Move rake routes task to rails command
| * Move rake routes task to rails commandBenoit Tigeot2018-02-273-32/+43
| | | | | | | | | | | | After a discussion with matthewd. It was mentioned that rake tasks need to be moved to rails command. See: https://github.com/rails/rails/issues/32117
* | Don't enforce UTF-8 by defaultAndrew White2018-02-274-31/+14
|/ | | | | | With the disabling of TLS 1.0 by most major websites, continuing to run IE8 or lower becomes increasingly difficult so default to not enforcing UTF-8 encoding as it's not relevant to other browsers.
* [ci skip] Spell out the full variable in generated code.Kasper Timm Hansen2018-02-241-1/+1
|
* Correctly set `content_security_policy_nonce_generator`yuuji.yaginuma2018-02-241-1/+1
| | | | | | | `content_security_policy_nonce_generator` specifies request as an argument when calling. https://github.com/rails/rails/blob/ddb7da8535b07f51b7a8f5e3062cc8ffbd4ff23b/actionpack/lib/action_dispatch/http/content_security_policy.rb#L100 So without this fix, will raise `ArgumentError` when start server.
* Improve generated file `app/assets/javascripts/application.js` of pluginbogdanvlviv2018-02-231-0/+1
| | | | | | Add `//= require rails-ujs` Closes #32094
* Merge pull request #32089 from bogdanvlviv/fix-plugin-generated-filesRafael França2018-02-222-2/+6
|\ | | | | Fix plugin generated files
| * Improve generated file `app/views/application.html.erb` of pluginbogdanvlviv2018-02-231-1/+5
| | | | | | | | | | - Do not generate `javascript_include_tag` if `--skip-javascript` - Generate `<%= csp_meta_tag %>`. Related to #32018.
| * Comment `require "active_storage/engine"` in `bin/rails` of plugin if ↵bogdanvlviv2018-02-231-1/+1
| | | | | | | | `--skip-active-storage`
* | Revert "Merge pull request #32075 from eileencodes/delete-default-configuration"eileencodes2018-02-221-1/+0
| | | | | | | | | | | | | | | | | | | | This reverts commit 16f279ebd474626577ced858e3626ac4535a33df, reversing changes made to 6c6a30a7c357ce1eafa093d77d2b08684fe50887. The config can be named anything, not just default (although all generated apps will be named default). We can't just delete configs that don't have a database because that will break three-tier configs. Oh well.
* | Revert "Reject empty database yamls"eileencodes2018-02-221-1/+1
|/ | | | | | | | | | | | This reverts commit 0979713abe2e22083e1beca01a1d113408c9ab36. I originally wanted to delete the default config but found out it can be called anything which means the code would blow up in unexpected ways. I thought "cool ill just delete the configs without dbs" and realized that totally 100% breaks the three-tier config. So I'm reverting this and the other commit.
* Merge pull request #32018 from rails/add-nonce-support-to-cspAndrew White2018-02-224-39/+45
|\ | | | | Add support for automatic nonce generation for Rails UJS
| * Add support for automatic nonce generation for Rails UJSAndrew White2018-02-194-39/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
* | Reject empty database yamlseileencodes2018-02-221-1/+1
| | | | | | | | | | | | | | | | In #32075 I deleted the default configuration since that's what's generated with the Rails app. Since someone could change the default name instead delete any config that doesn't have a database so we can avoid peppering our Rails tasks with conditionals to deal with invalid database configs.
* | Do not add routes when actions are not specifiedYuji Yaginuma2018-02-221-0/+1
| | | | | | | | | | | | | | | | | | | | Since #30241, if namepsace is specified, routes will be generated even if there is no actions. However, it seems that this behavior is not intentionally added behavior. As with 5.1, routes should not be generated if actions are not specified. Fixes #32072.
* | Merge pull request #32075 from eileencodes/delete-default-configurationEileen M. Uchitelle2018-02-211-0/+1
|\ \ | |/ |/| Delete default configuration
| * Delete default configurationeileencodes2018-02-211-0/+1
| | | | | | | | | | | | | | Because of this default configuration we're constantly checking if the database exists when looping through configurations. This is unnecessary and we should just delete it before we need to loop through configurations.
* | Don't accidentally create an empty CSPAndrew White2018-02-191-1/+5
| | | | | | | | | | | | Setting up the request environment was accidentally creating a CSP as a consequence of accessing the option - only set the instance variable if a block is passed.
* | Add stimulus to list of supported options for --webpackGuillermo Iguaran2018-02-181-1/+1
| |
* | Don't generate empty app/views folder when --api and --skip-action-mailer ↵Guillermo Iguaran2018-02-181-2/+6
| | | | | | | | | | | | | | are used together The purpose of keeping app/views folder in API apps is that it's used for mailer views so doesn't makes sense to keep it when Action Mailer is skipped.
* | Clean up reporter replacement a bit.Kasper Timm Hansen2018-02-181-10/+6
| | | | | | | | | | | | | | | | | | | | | | | | * Don't use :: for class methods, we don't do that elsewhere. * Don't install a needless method on minitest. Prefer assigning the reporter anyway as that's what minitest does internally. * Don't bother opting out when the reporter ain't a Minitest::CompositeReporter. It's hardcoded: https://github.com/seattlerb/minitest/blob/005a3ba42c07d04797e2d00ac2c53e3be127c12f/lib/minitest.rb#L125 And overrides have to create delegate reporters: https://github.com/kern/minitest-reporters/blob/1018b1b42f34b01d4de179c8aad2fa06771fe9b0/lib/minitest/minitest_reporter_plugin.rb#L72
* | Rails 6 requires Ruby 2.4.1+Jeremy Daer2018-02-172-4/+3
| | | | | | | | | | | | Skipping over 2.4.0 to sidestep the `"symbol_from_string".to_sym.dup` bug. References #32028
* | Multipart file uploads are very rare in API only apps so don't include ↵Guillermo Iguaran2018-02-171-1/+2
| | | | | | | | Rack::TemfileReaper in default middleware stack for API only apps
* | Rails 6 requires Ruby 2.3+Jeremy Daer2018-02-173-14/+5
| |
* | Merge pull request #31901 from Kevinrob/patch-1Rafael França2018-02-161-3/+12
|\ \ | | | | | | Use SuppressedSummaryReporter and Rails::TestUnitReporter only if needed
| * | Add SuppressedSummaryReporter and TestUnitReporter only if necessaryKevin Robatel2018-02-151-3/+12
| |/
* | Remove needless requiring 'active_support/core_ext/string/strip'Yoshiyuki Hirano2018-02-171-1/+0
| |
* | Remove usage of strip_heredoc in the framework in favor of <<~Rafael Mendonça França2018-02-1612-20/+19
| | | | | | | | | | Some places we can't remove because Ruby still don't have a method equivalent to strip_heredoc to be called in an already existent string.
* | Add test parallelization to Railseileencodes2018-02-152-0/+8
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Provides both a forked process and threaded parallelization options. To use add `parallelize` to your test suite. Takes a `workers` argument that controls how many times the process is forked. For each process a new database will be created suffixed with the worker number; test-database-0 and test-database-1 respectively. If `ENV["PARALLEL_WORKERS"]` is set the workers argument will be ignored and the environment variable will be used instead. This is useful for CI environments, or other environments where you may need more workers than you do for local testing. If the number of workers is set to `1` or fewer, the tests will not be parallelized. The default parallelization method is to fork processes. If you'd like to use threads instead you can pass `with: :threads` to the `parallelize` method. Note the threaded parallelization does not create multiple database and will not work with system tests at this time. parallelize(workers: 2, with: :threads) The threaded parallelization uses Minitest's parallel exector directly. The processes paralleliztion uses a Ruby Drb server. For parallelization via threads a setup hook and cleanup hook are provided. ``` class ActiveSupport::TestCase parallelize_setup do |worker| # setup databases end parallelize_teardown do |worker| # cleanup database end parallelize(workers: 2) end ``` [Eileen M. Uchitelle, Aaron Patterson]
* Don't overwrite config/master.key even on --forceclaudiob2018-02-121-1/+3
| | | | | | | | | | | | See https://github.com/rails/rails/pull/31957#issuecomment-364817423 The purpose of `--force` is not to have any prompt whether a file should be kept or overwritten. In general, all existing files should be overwritten. However, `config/master.key` is special because it is git-ignored, and overwriting it will cause the app not to run (since there won't be a way to decrypt the credentials). As a result, it's probably better to keep the existing config/master.key.
* Do not update `load_defaults` version when running `app:update` (#31951)Yuji Yaginuma2018-02-133-2/+11
| | | | | Incompatible settings are included in the settings set by `load_defaults`. So, I think that target version should be updated by a user when becomes available, and should not be updated with `app:update`.