| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
sensitive value of database column when call `#inspect`
* Why
Some sensitive data will be exposed in log accidentally by calling `#inspect`, e.g.
```ruby
@account = Account.find params[:id]
payload = { account: @account }
logger.info "payload will be #{ payload }"
```
All the information of `@account` will be exposed in log.
* Solution
Add a class attribute filter_attributes to specify which values of columns shouldn't be exposed.
This attribute equals to `Rails.application.config.filter_parameters` by default.
```ruby
Rails.application.config.filter_parameters += [:credit_card_number]
Account.last.insepct # => #<Account id: 123, credit_card_number: [FILTERED] ...>
```
|
| | | |
| | |
| | |
| | | |
Fixing code block rendering, indentation, backticks, etc.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`spec` is the same variable name as gemspec generated by bundler, and its
intention is easier to understand than a one-letter variable.
https://github.com/bundler/bundler/blob/00fd58eaa69015092ee272c4cb5aa92a5e7ee45c/lib/bundler/templates/newgem/newgem.gemspec.tt#L11
This is follow up on 1c59b4840c58097186022f68427c46e0046c5d0d. `spec` is already in use there.
|
| | | |
| | |
| | |
| | |
| | | |
This will avoid gems that are made to be private to be pushed to public
repositories.
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
The rake tasks which became deprecate now does not load the environment.
Therefore, even if the application specifies the behavior of deprecating,
the message is output to stderr ignoring the specification.
It seems that this is not the expected behavior.
We should respect the setting even in the rake tasks.
|
| | |
| |
| |
| | |
[ci skip]
|
| |\ \
| | |
| | | |
Make null_store the default cache store in test environment config
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Part 3: Multi-db Improvements, identifying replica configurations
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes the `configs_for` method from using traditional arguments to
using kwargs. This is so I can add the `include_replicas` kwarg without
having to always include `env_name` and `spec_name` in the method call.
`include_replicas` defaults to false because everywhere internally in
Rails we don't want replicas. `configs_for` is for iterating over
configurations to create / run rake tasks, so we really don't ever need
replicas in that case.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
These were added for avoiding warnings and for testing in
e4c529ea1d94ef548975e45b91a7fec045aeefbc and 6ea7065a18671872f1486cff3fdaeb4f78fa6332.
Now the default is `:random`, and since the tests added with it are
removed. That config is unnecessary.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
steakknife/steakknife/improve-template-generator-actions
add github to template actions, template actions minor refactor
|
| | | | | | |
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
For words like "abuse", Rails cannot derive its singular form from
plural form "abuses" without defining custom inflection rule.
`rails generate model` and its families now emit warning for this case.
|
| |\ \ \ \
| | | | |
| | | | | |
Refactor Active Record configurations
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
While the three-tier config makes it easier to define databases for
multiple database applications, it quickly became clear to offer full
support for multiple databases we need to change the way the connections
hash was handled.
A three-tier config means that when Rails needed to choose a default
configuration (in the case a user doesn't ask for a specific
configuration) it wasn't clear to Rails which the default was. I
[bandaid fixed this so the rake tasks could work](#32271) but that fix
wasn't correct because it actually doubled up the configuration hashes.
Instead of attemping to manipulate the hashes @tenderlove and I decided
that it made more sense if we converted the hashes to objects so we can
easily ask those object questions. In a three tier config like this:
```
development:
primary:
database: "my_primary_db"
animals:
database; "my_animals_db"
```
We end up with an object like this:
```
@configurations=[
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10
@env_name="development",@spec_name="primary",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>,
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90
@env_name="development",@spec_name="animals",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>
]>
```
The configurations setter takes the database configuration set by your
application and turns them into an
`ActiveRecord::DatabaseConfigurations` object that has one getter -
`@configurations` which is an array of all the database objects.
The configurations getter returns this object by default since it acts
like a hash in most of the cases we need. For example if you need to
access the default `development` database we can simply request it as we
did before:
```
ActiveRecord::Base.configurations["development"]
```
This will return primary development database configuration hash:
```
{ "database" => "my_primary_db" }
```
Internally all of Active Record has been converted to use the new
objects. I've built this to be backwards compatible but allow for
accessing the hash if needed for a deprecation period. To get the
original hash instead of the object you can either add `to_h` on the
configurations call or pass `legacy: true` to `configurations.
```
ActiveRecord::Base.configurations.to_h
=> { "development => { "database" => "my_primary_db" } }
ActiveRecord::Base.configurations(legacy: true)
=> { "development => { "database" => "my_primary_db" } }
```
The new configurations object allows us to iterate over the Active
Record configurations without losing the known environment or
specification name for that configuration. You can also select all the
configs for an env or env and spec. With this we can always ask
any object what environment it belongs to:
```
db_configs = ActiveRecord::Base.configurations.configurations_for("development")
=> #<ActiveRecord::DatabaseConfigurations:0x00007fd1acbdf800
@configurations=[
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbded10
@env_name="development",@spec_name="primary",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>,
#<ActiveRecord::DatabaseConfigurations::HashConfig:0x00007fd1acbdea90
@env_name="development",@spec_name="animals",
@config={"adapter"=>"sqlite3", "database"=>"db/development.sqlite3"}>
]>
db_config.env_name
=> "development"
db_config.spec_name
=> "primary"
db_config.config
=> { "adapter"=>"sqlite3", "database"=>"db/development.sqlite3" }
```
The configurations object is more flexible than the configurations hash
and will allow us to build on top of the connection management in order
to add support for primary/replica connections, sharding, and
constructing queries for associations that live in multiple databases.
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds an option to the migration generator to allow setting the
migrations paths for that migration. This is useful for applications
that use multiple databases and put migrations per database in their own
directories.
```
bin/rails g migration CreateHouses address:string --migrations-paths=db/kingston_migrate
invoke active_record
create db/kingston_migrate/20180830151055_create_houses.rb
```
|
| |\ \ \ \
| | | | |
| | | | | |
Prevent leaking of user's DB credentials on `rails db:create` failure
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Issue #27852 reports that when `rails db:create` fails, it causes
leaking of user's DB credentials to $stderr.
We print a DB's configuration hash in order to help users more quickly
to figure out what could be wrong with his configuration.
This commit changes message from
"Couldn't create database for #{configuration.inspect}" to
"Couldn't create '#{configuration['database']}' database. Please check your configuration.".
There are two PRs that fixing it #27878, #27879, but they need a bit more work.
I decided help to finish this and added Author of those PRs credit in this commit.
Since it is a security issue, I think we should backport it to
`5-2-stable`, and `5-1-stable`.
Guided by https://edgeguides.rubyonrails.org/maintenance_policy.html#security-issues
Fixes #27852
Closes #27879
Related to #27878
[Alexander Marrs & bogdanvlviv]
|
| | | | | |
| | | | |
| | | | |
| | | | | |
I removed the argument so I should remove the conditional too.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
The test that used this was updated and it's no longer needed.
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
Drop load_database_yaml and fix test
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We originally did the whole `load_database_yaml` thing because this test
wasn't cooperating and we needed to finish the namespaced rake tasks for
multiple databases.
However, it turns out that YAML can't eval ERB if you don't tell it it's
ERB so you get Pysch parse errors if you're using multi-line ERB or
ERB with conditionals. It's a hot mess.
After trying a few things and thinking it over we decided that it wasn't
worth bandaiding over, the test needed to be improved. The test was
added in #31135 to test that the env is loaded in these tasks. But it
was blowing up because we were trying to read a database name out of the
configuration - however that's not the purpose of this change. We want
to read environment files in the rake tasks, but not in the config
file.
In this PR we changed the test to test what the PR was actually fixing.
We've also deleted the `load_database_yaml` because it caused more
problems than it was worth. This should fix the issues described in
https://github.com/rails/rails/pull/32274#issuecomment-384161057. We
also had these problems at GitHub.
Co-authored-by: alimi <aibrahim2k2@gmail.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
Finish converting whitelist and blacklist references
|
| | | | | | |
|
| | |/ / / |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the system test template, enter a value based on label.
However, since `label` method does not use `titleize` by default.
If generate a value including underscore, cannot find a label and the test
will fail.
```
$ ./bin/rails g scaffold user name:string phone_number:string
$ ./bin/rails t test/system/users_test.rb
E
Error:
UsersTest#test_creating_a_User:
Capybara::ElementNotFound: Unable to find field "Phone Number"
test/system/users_test.rb:18:in `block in <class:UsersTest>'
```
This removes unnecessary `titleize` so that the generated file will pass
even if the attribute contains an underscore.
|
| |\ \ \
| | | |
| | | | |
Follow up #33659
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
Use `say`/`error` instead of `puts`/`$stderr.puts`
|
| | | | |
| | | |
| | | |
| | | | |
Follow up 44007c07098a3c633180881cae9285da4622e63f
|
| |\ \ \ \
| | | | |
| | | | | |
Fix `rails initializers --help` and `rails dev:cache --help`
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- `rails initializers --help` should show description set by `desc`
See railties/lib/rails/command/base.rb:27
- Fix `rails dev:cache --help`
```
Traceback (most recent call last):
10: from bin/rails:4:in `<main>'
9: from bin/rails:4:in `require'
8: from /work/rails/railties/lib/rails/commands.rb:18:in `<top (required)>'
7: from /work/rails/railties/lib/rails/command.rb:46:in `invoke'
6: from /work/rails/railties/lib/rails/command/base.rb:65:in `perform'
5: from /home/vagrant/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/thor-0.20.0/lib/thor.rb:387:in `dispatch'
4: from /home/vagrant/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/thor-0.20.0/lib/thor/invocation.rb:126:in `invoke_command'
3: from /home/vagrant/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/thor-0.20.0/lib/thor/command.rb:27:in `run'
2: from /work/rails/railties/lib/rails/command/base.rb:150:in `help'
1: from /home/vagrant/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/thor-0.20.0/lib/thor.rb:170:in `command_help'
/home/vagrant/.rbenv/versions/2.5.1/lib/ruby/gems/2.5.0/gems/thor-0.20.0/lib/thor/base.rb:497:in `handle_no_command_error': Could not find command "dev". (Thor::UndefinedCommandError)
```
Context https://github.com/rails/rails/pull/33694#issuecomment-415127304
Would be great to set a description to other commands.
|
| |/ / /
| | |
| | |
| | | |
Context https://github.com/rails/rails/pull/33631#discussion_r210732565
|
| |\ \ \
| | | |
| | | | |
Make `rake routes` deprecate before deleting
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`rake routes` was a public task. Therefore, I think that we should deprecate
it before deleting it.
Related to #32121.
|
| |/ / / |
|
| | | |
| | |
| | |
| | | |
Commands generally prefer say to puts.
|
| |\ \ \
| | | |
| | | | |
Move the initializers rake task to Rails::Command
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Invoke Rails::Command within the rake task
* Adds test for calling initializers with 'bin/rake'
* Adds deprecation warning to the rake task
|
| | | | | |
|
| | | | | |
|
| |/ / /
| | |
| | |
| | | |
To prevent style check in review like https://github.com/rails/rails/pull/33608#discussion_r211087605.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
use BacktraceCleaner for ActiveRecord verbose logging
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Move `dev:cache` rake task to use Rails::Command
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Call the Rails::Command::DevCommand in the rake task for dev:cache
* Add deprecation for using `bin/rake` in favor of `bin/rails`
|
| | | | | | |
|
| | |/ / / |
|
