activemodel 7.2.3 → 8.1.3

data/lib/active_model/secure_password.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/numeric/time"
+
 module ActiveModel
   module SecurePassword
     extend ActiveSupport::Concern
@@ -9,6 +11,8 @@ module ActiveModel
     # Hence need to put a restriction on password length.
     MAX_PASSWORD_LENGTH_ALLOWED = 72
 
+    DEFAULT_RESET_TOKEN_EXPIRES_IN = 15.minutes
+
     class << self
       attr_accessor :min_cost # :nodoc:
     end
@@ -39,6 +43,15 @@ module ActiveModel
       # <tt>validations: false</tt> as an argument. This allows complete
       # customizability of validation behavior.
       #
+      # A password reset token (valid for 15 minutes by default) is automatically
+      # configured when +reset_token+ is set to true (which it is by default)
+      # and the object responds to +generates_token_for+ (which Active Records do).
+      #
+      # Finally, the reset token expiry can be customized by passing a hash to
+      # +has_secure_password+:
+      #
+      #   has_secure_password reset_token: { expires_in: 1.hour }
+      #
       # To use +has_secure_password+, add bcrypt (~> 3.1.7) to your Gemfile:
       #
       #   gem "bcrypt", "~> 3.1.7"
@@ -98,7 +111,18 @@ module ActiveModel
       #   account.is_guest = true
       #   account.valid? # => true
       #
-      def has_secure_password(attribute = :password, validations: true)
+      # ===== Using the password reset token
+      #
+      #   user = User.create!(name: "david", password: "123", password_confirmation: "123")
+      #   token = user.password_reset_token
+      #   User.find_by_password_reset_token(token) # returns user
+      #
+      #   # 16 minutes later...
+      #   User.find_by_password_reset_token(token) # returns nil
+      #
+      #   # raises ActiveSupport::MessageVerifier::InvalidSignature since the token is expired
+      #   User.find_by_password_reset_token!(token)
+      def has_secure_password(attribute = :password, validations: true, reset_token: true)
         # Load bcrypt gem only when has_secure_password is used.
         # This is to avoid ActiveModel (and by extension the entire framework)
         # being dependent on a binary library.
@@ -109,7 +133,7 @@ module ActiveModel
           raise
         end
 
-        include InstanceMethodsOnActivation.new(attribute)
+        include InstanceMethodsOnActivation.new(attribute, reset_token: reset_token)
 
         if validations
           include ActiveModel::Validations
@@ -142,11 +166,35 @@ module ActiveModel
 
           validates_confirmation_of attribute, allow_nil: true
         end
+
+        # Only generate tokens for records that are capable of doing so (Active Records, not vanilla Active Models)
+        if reset_token && respond_to?(:generates_token_for)
+          reset_token_expires_in = reset_token.is_a?(Hash) ? reset_token[:expires_in] : DEFAULT_RESET_TOKEN_EXPIRES_IN
+
+          silence_redefinition_of_method(:"#{attribute}_reset_token_expires_in")
+          define_method(:"#{attribute}_reset_token_expires_in") { reset_token_expires_in }
+
+          generates_token_for :"#{attribute}_reset", expires_in: reset_token_expires_in do
+            public_send(:"#{attribute}_salt")&.last(10)
+          end
+
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            silence_redefinition_of_method :find_by_#{attribute}_reset_token
+            def self.find_by_#{attribute}_reset_token(token)
+              find_by_token_for(:#{attribute}_reset, token)
+            end
+
+            silence_redefinition_of_method :find_by_#{attribute}_reset_token!
+            def self.find_by_#{attribute}_reset_token!(token)
+              find_by_token_for!(:#{attribute}_reset, token)
+            end
+          RUBY
+        end
       end
     end
 
     class InstanceMethodsOnActivation < Module
-      def initialize(attribute)
+      def initialize(attribute, reset_token:)
         attr_reader attribute
 
         define_method("#{attribute}=") do |unencrypted_password|
@@ -184,7 +232,16 @@ module ActiveModel
         end
 
         alias_method :authenticate, :authenticate_password if attribute == :password
+
+        if reset_token
+          # Returns the class-level configured reset token for the password.
+          define_method("#{attribute}_reset_token") do
+            generate_token_for(:"#{attribute}_reset")
+          end
+        end
       end
     end
   end
+
+  ActiveSupport.run_load_hooks(:active_model_secure_password, SecurePassword)
 end

data/lib/active_model/serialization.rb

@@ -29,8 +29,8 @@ module ActiveModel
   # An +attributes+ hash must be defined and should contain any attributes you
   # need to be serialized. Attributes must be strings, not symbols.
   # When called, serializable hash will use instance methods that match the name
-  # of the attributes hash's keys. In order to override this behavior, take a look
-  # at the private method +read_attribute_for_serialization+.
+  # of the attributes hash's keys. In order to override this behavior, override
+  # the +read_attribute_for_serialization+ method.
   #
   # ActiveModel::Serializers::JSON module automatically includes
   # the +ActiveModel::Serialization+ module, so there is no need to
@@ -128,7 +128,7 @@ module ActiveModel
       return serializable_attributes(attribute_names) if options.blank?
 
       if only = options[:only]
-        attribute_names &= Array(only).map(&:to_s)
+        attribute_names = Array(only).map(&:to_s) & attribute_names
       elsif except = options[:except]
         attribute_names -= Array(except).map(&:to_s)
       end
@@ -148,29 +148,29 @@ module ActiveModel
       hash
     end
 
+    # Hook method defining how an attribute value should be retrieved for
+    # serialization. By default this is assumed to be an instance named after
+    # the attribute. Override this method in subclasses should you need to
+    # retrieve the value for a given attribute differently:
+    #
+    #   class MyClass
+    #     include ActiveModel::Serialization
+    #
+    #     def initialize(data = {})
+    #       @data = data
+    #     end
+    #
+    #     def read_attribute_for_serialization(key)
+    #       @data[key]
+    #     end
+    #   end
+    alias :read_attribute_for_serialization :send
+
     private
       def attribute_names_for_serialization
         attributes.keys
       end
 
-      # Hook method defining how an attribute value should be retrieved for
-      # serialization. By default this is assumed to be an instance named after
-      # the attribute. Override this method in subclasses should you need to
-      # retrieve the value for a given attribute differently:
-      #
-      #   class MyClass
-      #     include ActiveModel::Serialization
-      #
-      #     def initialize(data = {})
-      #       @data = data
-      #     end
-      #
-      #     def read_attribute_for_serialization(key)
-      #       @data[key]
-      #     end
-      #   end
-      alias :read_attribute_for_serialization :send
-
       def serializable_attributes(attribute_names)
         attribute_names.index_with { |n| read_attribute_for_serialization(n) }
       end

data/lib/active_model/translation.rb

@@ -22,6 +22,8 @@ module ActiveModel
   module Translation
     include ActiveModel::Naming
 
+    singleton_class.attr_accessor :raise_on_missing_translations
+
     # Returns the +i18n_scope+ for the class. Override if you want custom lookup.
     def i18n_scope
       :activemodel
@@ -69,16 +71,19 @@ module ActiveModel
         end
       end
 
+      raise_on_missing = options.fetch(:raise, Translation.raise_on_missing_translations)
+
       defaults << :"attributes.#{attribute}"
       defaults << options[:default] if options[:default]
-      defaults << MISSING_TRANSLATION
+      defaults << MISSING_TRANSLATION unless raise_on_missing
 
-      translation = I18n.translate(defaults.shift, count: 1, **options, default: defaults)
+      translation = I18n.translate(defaults.shift, count: 1, raise: raise_on_missing, **options, default: defaults)
       if translation == MISSING_TRANSLATION
         translation = attribute.present? ? attribute.humanize : namespace.humanize
       end
-
       translation
     end
   end
+
+  ActiveSupport.run_load_hooks(:active_model_translation, Translation)
 end

data/lib/active_model/type/big_integer.rb

@@ -23,10 +23,31 @@ module ActiveModel
     # All casting and serialization are performed in the same way as the
     # standard ActiveModel::Type::Integer type.
     class BigInteger < Integer
+      def serialize(value) # :nodoc:
+        case value
+        when ::Integer
+          # noop
+        when ::String
+          int = value.to_i
+          if int.zero? && value != "0"
+            return if non_numeric_string?(value)
+          end
+          value = int
+        else
+          value = super
+        end
+
+        value
+      end
+
       def serialize_cast_value(value) # :nodoc:
         value
       end
 
+      def serializable?(value, &)
+        true
+      end
+
       private
         def max_value
           ::Float::INFINITY

data/lib/active_model/type/boolean.rb

@@ -12,6 +12,7 @@ module ActiveModel
     # - Empty strings are coerced to +nil+.
     # - All other values will be coerced to +true+.
     class Boolean < Value
+      include Helpers::Immutable
       FALSE_VALUES = [
         false, 0,
         "0", :"0",

data/lib/active_model/type/date.rb

@@ -24,6 +24,7 @@ module ActiveModel
     # String values are parsed using the ISO 8601 date format. Any other values
     # are cast using their +to_date+ method, if it exists.
     class Date < Value
+      include Helpers::Immutable
       include Helpers::Timezone
       include Helpers::AcceptsMultiparameterTime.new
 

data/lib/active_model/type/date_time.rb

@@ -50,6 +50,14 @@ module ActiveModel
         :datetime
       end
 
+      def mutable? # :nodoc:
+        # Time#zone can be mutated by #utc or #localtime
+        # However when serializing the time zone will always
+        # be coerced and even if the zone was mutated Time instances
+        # remain equal, so we don't need to implement `#changed_in_place?`
+        true
+      end
+
       private
         def cast_value(value)
           return apply_seconds_precision(value) unless value.is_a?(::String)

data/lib/active_model/type/decimal.rb

@@ -43,6 +43,7 @@ module ActiveModel
     #     attribute :weight, :decimal, precision: 24
     #   end
     class Decimal < Value
+      include Helpers::Immutable
       include Helpers::Numeric
       BIGDECIMAL_PRECISION = 18
 

data/lib/active_model/type/float.rb

@@ -34,6 +34,7 @@ module ActiveModel
     # - <tt>"-Infinity"</tt> is cast to <tt>-Float::INFINITY</tt>.
     # - <tt>"NaN"</tt> is cast to +Float::NAN+.
     class Float < Value
+      include Helpers::Immutable
       include Helpers::Numeric
 
       def type

data/lib/active_model/type/helpers/immutable.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module ActiveModel
+  module Type
+    module Helpers # :nodoc: all
+      module Immutable
+        def mutable? # :nodoc:
+          false
+        end
+      end
+    end
+  end
+end

data/lib/active_model/type/helpers/time_value.rb

@@ -69,56 +69,32 @@ module ActiveModel
             \z
           /x
 
-          if RUBY_VERSION >= "3.2"
-            if Time.new(2000, 1, 1, 0, 0, 0, "-00:00").yday != 1 # Early 3.2.x had a bug
-              # BUG: Wrapping the Time object with Time.at because Time.new with `in:` in Ruby 3.2.0
-              # used to return an invalid Time object
-              # see: https://bugs.ruby-lang.org/issues/19292
-              def fast_string_to_time(string)
-                return unless string.include?("-") #  Time.new("1234") # => 1234-01-01 00:00:00
-
-                if is_utc?
-                  ::Time.at(::Time.new(string, in: "UTC"))
-                else
-                  ::Time.new(string)
-                end
-              rescue ArgumentError
-                nil
-              end
-            else
-              def fast_string_to_time(string)
-                return unless string.include?("-") #  Time.new("1234") # => 1234-01-01 00:00:00
-
-                if is_utc?
-                  ::Time.new(string, in: "UTC")
-                else
-                  ::Time.new(string)
-                end
-              rescue ArgumentError
-                nil
+          if Time.new(2000, 1, 1, 0, 0, 0, "-00:00").yday != 1 # Early 3.2.x had a bug
+            # BUG: Wrapping the Time object with Time.at because Time.new with `in:` in Ruby 3.2.0
+            # used to return an invalid Time object
+            # see: https://bugs.ruby-lang.org/issues/19292
+            def fast_string_to_time(string)
+              return unless string.include?("-") #  Time.new("1234") # => 1234-01-01 00:00:00
+
+              if is_utc?
+                ::Time.at(::Time.new(string, in: "UTC"))
+              else
+                ::Time.new(string)
               end
+            rescue ArgumentError
+              nil
             end
           else
             def fast_string_to_time(string)
-              return unless ISO_DATETIME =~ string
+              return unless string.include?("-") #  Time.new("1234") # => 1234-01-01 00:00:00
 
-              usec = $7.to_i
-              usec_len = $7&.length
-              if usec_len&.< 6
-                usec *= 10**(6 - usec_len)
+              if is_utc?
+                ::Time.new(string, in: "UTC")
+              else
+                ::Time.new(string)
               end
-
-              if $8
-                offset = \
-                  if $8 == "Z"
-                    0
-                  else
-                    offset_h, offset_m = $8.to_i, $9.to_i
-                    offset_h.to_i * 3600 + (offset_h.negative? ? -1 : 1) * offset_m * 60
-                  end
-              end
-
-              new_time($1.to_i, $2.to_i, $3.to_i, $4.to_i, $5.to_i, $6.to_i, usec, offset)
+            rescue ArgumentError
+              nil
             end
           end
       end

data/lib/active_model/type/helpers.rb

@@ -3,5 +3,6 @@
 require "active_model/type/helpers/accepts_multiparameter_time"
 require "active_model/type/helpers/numeric"
 require "active_model/type/helpers/mutable"
+require "active_model/type/helpers/immutable"
 require "active_model/type/helpers/time_value"
 require "active_model/type/helpers/timezone"

data/lib/active_model/type/immutable_string.rb

@@ -35,6 +35,8 @@ module ActiveModel
     #
     #   person.active # => "aye"
     class ImmutableString < Value
+      include Helpers::Immutable
+
       def initialize(**args)
         @true  = -(args.delete(:true)&.to_s  || "t")
         @false = -(args.delete(:false)&.to_s || "f")

data/lib/active_model/type/integer.rb

@@ -42,6 +42,7 @@ module ActiveModel
     #     attribute :age, :integer, limit: 6
     #   end
     class Integer < Value
+      include Helpers::Immutable
       include Helpers::Numeric
 
       # Column storage size in bytes.
@@ -50,7 +51,8 @@ module ActiveModel
 
       def initialize(**)
         super
-        @range = min_value...max_value
+        @max = max_value
+        @min = min_value
       end
 
       def type
@@ -63,40 +65,54 @@ module ActiveModel
       end
 
       def serialize(value)
-        return if value.is_a?(::String) && non_numeric_string?(value)
-        ensure_in_range(super)
+        case value
+        when ::Integer
+          # noop
+        when ::String
+          int = value.to_i
+          if int.zero? && value != "0"
+            return if non_numeric_string?(value)
+          end
+          value = int
+        else
+          value = super
+        end
+
+        if out_of_range?(value)
+          raise ActiveModel::RangeError, "#{value} is out of range for #{self.class} with limit #{_limit} bytes"
+        end
+
+        value
       end
 
       def serialize_cast_value(value) # :nodoc:
-        ensure_in_range(value)
+        if out_of_range?(value)
+          raise ActiveModel::RangeError, "#{value} is out of range for #{self.class} with limit #{_limit} bytes"
+        end
+
+        value
       end
 
       def serializable?(value)
         cast_value = cast(value)
-        in_range?(cast_value) || begin
-          yield cast_value if block_given?
-          false
-        end
+        return true unless out_of_range?(cast_value)
+        yield cast_value if block_given?
+        false
       end
 
       private
-        attr_reader :range
-
-        def in_range?(value)
-          !value || range.member?(value)
+        def out_of_range?(value)
+          if @max.nil?
+            @max = max_value
+            @min = min_value
+          end
+          value && (@max <= value || @min > value)
         end
 
         def cast_value(value)
           value.to_i rescue nil
         end
 
-        def ensure_in_range(value)
-          unless in_range?(value)
-            raise ActiveModel::RangeError, "#{value} is out of range for #{self.class} with limit #{_limit} bytes"
-          end
-          value
-        end
-
         def max_value
           1 << (_limit * 8 - 1) # 8 bits per byte with one bit for sign
         end

data/lib/active_model/type/string.rb

@@ -19,6 +19,10 @@ module ActiveModel
         end
       end
 
+      def mutable? # :nodoc:
+        true
+      end
+
       def to_immutable_string
         ImmutableString.new(
           true: @true,

data/lib/active_model/type/value.rb

@@ -25,7 +25,7 @@ module ActiveModel
       # by the database.  For example a boolean type can return +true+ if the
       # value parameter is a Ruby boolean, but may return +false+ if the value
       # parameter is some other object.
-      def serializable?(value)
+      def serializable?(value, &)
         true
       end
 
@@ -114,8 +114,8 @@ module ActiveModel
         false
       end
 
-      def map(value) # :nodoc:
-        yield value
+      def map(value, &) # :nodoc:
+        value
       end
 
       def ==(other)
@@ -138,7 +138,7 @@ module ActiveModel
       end
 
       def mutable? # :nodoc:
-        false
+        true
       end
 
       def as_json(*)

data/lib/active_model/validations/acceptance.rb

@@ -24,7 +24,7 @@ module ActiveModel
           Array(options[:accept]).include?(value)
         end
 
-        class LazilyDefineAttributes < Module
+        class LazilyDefineAttributes < Module # :nodoc:
           def initialize(attributes)
             @attributes = attributes.map(&:to_s)
           end

data/lib/active_model/validations/callbacks.rb

@@ -106,6 +106,16 @@ module ActiveModel
                 *options[:if]
               ]
             end
+
+            if options.key?(:except_on)
+              options[:except_on] = Array(options[:except_on])
+              options[:unless] = [
+                ->(o) {
+                  options[:except_on].intersect?(Array(o.validation_context))
+                },
+                *options[:unless]
+              ]
+            end
           end
       end
 

data/lib/active_model/validations/validates.rb

@@ -78,7 +78,12 @@ module ActiveModel
       #   or an array of symbols. (e.g. <tt>on: :create</tt> or
       #   <tt>on: :custom_validation_context</tt> or
       #   <tt>on: [:create, :custom_validation_context]</tt>)
-      # * <tt>:if</tt> - Specifies a method, proc, or string to call to determine
+      # * <tt>:except_on</tt> - Specifies the contexts where this validation is not active.
+      #   Runs in all validation contexts by default +nil+. You can pass a symbol
+      #   or an array of symbols. (e.g. <tt>except: :create</tt> or
+      #   <tt>except_on: :custom_validation_context</tt> or
+      #   <tt>except_on: [:create, :custom_validation_context]</tt>)
+      # * <tt>:if</tt> - Specifies a method, proc or string to call to determine
       #   if the validation should occur (e.g. <tt>if: :allow_validation</tt>,
       #   or <tt>if: Proc.new { |user| user.signup_step > 2 }</tt>). The method,
       #   proc or string should return or evaluate to a +true+ or +false+ value.
@@ -155,7 +160,7 @@ module ActiveModel
       # When creating custom validators, it might be useful to be able to specify
       # additional default keys. This can be done by overwriting this method.
       def _validates_default_keys
-        [:if, :unless, :on, :allow_blank, :allow_nil, :strict]
+        [:if, :unless, :on, :allow_blank, :allow_nil, :strict, :except_on]
       end
 
       def _parse_validates_options(options)