activerecord 6.0.0 → 7.2.3

data/lib/active_record/scoping/named.rb

@@ -1,9 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/array"
-require "active_support/core_ext/hash/except"
-require "active_support/core_ext/kernel/singleton_class"
-
 module ActiveRecord
   # = Active Record \Named \Scopes
   module Scoping
@@ -23,25 +19,17 @@ module ActiveRecord
         #
         # You can define a scope that applies to all finders using
         # {default_scope}[rdoc-ref:Scoping::Default::ClassMethods#default_scope].
-        def all
+        def all(all_queries: nil)
           scope = current_scope
 
           if scope
-            if scope._deprecated_scope_source
-              ActiveSupport::Deprecation.warn(<<~MSG.squish)
-                Class level methods will no longer inherit scoping from `#{scope._deprecated_scope_source}`
-                in Rails 6.1. To continue using the scoped relation, pass it into the block directly.
-                To instead access the full set of models, as Rails 6.1 will, use `#{name}.unscoped`.
-              MSG
-            end
-
             if self == scope.klass
               scope.clone
             else
               relation.merge!(scope)
             end
           else
-            default_scoped
+            default_scoped(all_queries: all_queries)
           end
         end
 
@@ -53,8 +41,9 @@ module ActiveRecord
           end
         end
 
-        def default_scoped(scope = relation) # :nodoc:
-          build_default_scope(scope) || scope
+        # Returns a scope for the model with default scopes.
+        def default_scoped(scope = relation, all_queries: nil)
+          build_default_scope(scope, all_queries: all_queries) || scope
         end
 
         def default_extensions # :nodoc:
@@ -83,10 +72,6 @@ module ActiveRecord
         # <tt>Shirt.dry_clean_only</tt>. <tt>Shirt.red</tt>, in effect,
         # represents the query <tt>Shirt.where(color: 'red')</tt>.
         #
-        # You should always pass a callable object to the scopes defined
-        # with #scope. This ensures that the scope is re-evaluated each
-        # time it is called.
-        #
         # Note that this is simply 'syntactic sugar' for defining an actual
         # class method:
         #
@@ -183,12 +168,11 @@ module ActiveRecord
               "an instance method with the same name."
           end
 
-          valid_scope_name?(name)
           extension = Module.new(&block) if block
 
           if body.respond_to?(:to_proc)
             singleton_class.define_method(name) do |*args|
-              scope = all._exec_scope(name, *args, &body)
+              scope = all._exec_scope(*args, &body)
               scope = scope.extending(extension) if extension
               scope
             end
@@ -199,17 +183,15 @@ module ActiveRecord
               scope
             end
           end
+          singleton_class.send(:ruby2_keywords, name)
 
           generate_relation_method(name)
         end
 
         private
-
-          def valid_scope_name?(name)
-            if respond_to?(name, true) && logger
-              logger.warn "Creating scope :#{name}. " \
-                "Overwriting existing method #{self.name}.#{name}."
-            end
+          def singleton_method_added(name)
+            super
+            generate_relation_method(name) if Kernel.respond_to?(name) && !ActiveRecord::Relation.method_defined?(name)
           end
       end
     end

data/lib/active_record/scoping.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "active_support/per_thread_registry"
+require "active_support/core_ext/module/delegation"
 
 module ActiveRecord
   module Scoping
@@ -24,11 +24,23 @@ module ActiveRecord
       end
 
       def current_scope(skip_inherited_scope = false)
-        ScopeRegistry.value_for(:current_scope, self, skip_inherited_scope)
+        ScopeRegistry.current_scope(self, skip_inherited_scope)
       end
 
       def current_scope=(scope)
-        ScopeRegistry.set_value_for(:current_scope, self, scope)
+        ScopeRegistry.set_current_scope(self, scope)
+      end
+
+      def global_current_scope(skip_inherited_scope = false)
+        ScopeRegistry.global_current_scope(self, skip_inherited_scope)
+      end
+
+      def global_current_scope=(scope)
+        ScopeRegistry.set_global_current_scope(self, scope)
+      end
+
+      def scope_registry
+        ScopeRegistry.instance
       end
     end
 
@@ -45,8 +57,8 @@ module ActiveRecord
     end
 
     # This class stores the +:current_scope+ and +:ignore_default_scope+ values
-    # for different classes. The registry is stored as a thread local, which is
-    # accessed through +ScopeRegistry.current+.
+    # for different classes. The registry is stored as either a thread or fiber
+    # local depending on the application configuration.
     #
     # This class allows you to store and get the scope values on different
     # classes and different types of scopes. For example, if you are attempting
@@ -54,52 +66,70 @@ module ActiveRecord
     # following code:
     #
     #   registry = ActiveRecord::Scoping::ScopeRegistry
-    #   registry.set_value_for(:current_scope, Board, some_new_scope)
+    #   registry.set_current_scope(Board, some_new_scope)
     #
     # Now when you run:
     #
-    #   registry.value_for(:current_scope, Board)
+    #   registry.current_scope(Board)
     #
-    # You will obtain whatever was defined in +some_new_scope+. The #value_for
-    # and #set_value_for methods are delegated to the current ScopeRegistry
-    # object, so the above example code can also be called as:
-    #
-    #   ActiveRecord::Scoping::ScopeRegistry.set_value_for(:current_scope,
-    #       Board, some_new_scope)
+    # You will obtain whatever was defined in +some_new_scope+.
     class ScopeRegistry # :nodoc:
-      extend ActiveSupport::PerThreadRegistry
+      class << self
+        delegate :current_scope, :set_current_scope, :ignore_default_scope, :set_ignore_default_scope,
+          :global_current_scope, :set_global_current_scope, to: :instance
 
-      VALID_SCOPE_TYPES = [:current_scope, :ignore_default_scope]
+        def instance
+          ActiveSupport::IsolatedExecutionState[:active_record_scope_registry] ||= new
+        end
+      end
 
       def initialize
-        @registry = Hash.new { |hash, key| hash[key] = {} }
+        @current_scope        = {}
+        @ignore_default_scope = {}
+        @global_current_scope = {}
       end
 
-      # Obtains the value for a given +scope_type+ and +model+.
-      def value_for(scope_type, model, skip_inherited_scope = false)
-        raise_invalid_scope_type!(scope_type)
-        return @registry[scope_type][model.name] if skip_inherited_scope
-        klass = model
-        base = model.base_class
-        while klass <= base
-          value = @registry[scope_type][klass.name]
-          return value if value
-          klass = klass.superclass
-        end
+      def current_scope(model, skip_inherited_scope = false)
+        value_for(@current_scope, model, skip_inherited_scope)
       end
 
-      # Sets the +value+ for a given +scope_type+ and +model+.
-      def set_value_for(scope_type, model, value)
-        raise_invalid_scope_type!(scope_type)
-        @registry[scope_type][model.name] = value
+      def set_current_scope(model, value)
+        set_value_for(@current_scope, model, value)
       end
 
-      private
+      def ignore_default_scope(model, skip_inherited_scope = false)
+        value_for(@ignore_default_scope, model, skip_inherited_scope)
+      end
+
+      def set_ignore_default_scope(model, value)
+        set_value_for(@ignore_default_scope, model, value)
+      end
+
+      def global_current_scope(model, skip_inherited_scope = false)
+        value_for(@global_current_scope, model, skip_inherited_scope)
+      end
 
-        def raise_invalid_scope_type!(scope_type)
-          if !VALID_SCOPE_TYPES.include?(scope_type)
-            raise ArgumentError, "Invalid scope type '#{scope_type}' sent to the registry. Scope types must be included in VALID_SCOPE_TYPES"
+      def set_global_current_scope(model, value)
+        set_value_for(@global_current_scope, model, value)
+      end
+
+      private
+        # Obtains the value for a given +scope_type+ and +model+.
+        def value_for(scope_type, model, skip_inherited_scope = false)
+          return scope_type[model.name] if skip_inherited_scope
+          klass = model
+          base = model.base_class
+          while klass != base
+            value = scope_type[klass.name]
+            return value if value
+            klass = klass.superclass
           end
+          scope_type[klass.name]
+        end
+
+        # Sets the +value+ for a given +scope_type+ and +model+.
+        def set_value_for(scope_type, model, value)
+          scope_type[model.name] = value
         end
     end
   end

data/lib/active_record/secure_password.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module SecurePassword
+    extend ActiveSupport::Concern
+
+    include ActiveModel::SecurePassword
+
+    module ClassMethods
+      # Given a set of attributes, finds a record using the non-password
+      # attributes, and then authenticates that record using the password
+      # attributes. Returns the record if authentication succeeds; otherwise,
+      # returns +nil+.
+      #
+      # Regardless of whether a record is found, +authenticate_by+ will
+      # cryptographically digest the given password attributes. This behavior
+      # helps mitigate timing-based enumeration attacks, wherein an attacker can
+      # determine if a passworded record exists even without knowing the
+      # password.
+      #
+      # Raises an ArgumentError if the set of attributes doesn't contain at
+      # least one password and one non-password attribute.
+      #
+      # ==== Examples
+      #
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #   end
+      #
+      #   User.create(name: "John Doe", email: "jdoe@example.com", password: "abc123")
+      #
+      #   User.authenticate_by(email: "jdoe@example.com", password: "abc123").name # => "John Doe" (in 373.4ms)
+      #   User.authenticate_by(email: "jdoe@example.com", password: "wrong")       # => nil (in 373.9ms)
+      #   User.authenticate_by(email: "wrong@example.com", password: "abc123")     # => nil (in 373.6ms)
+      #
+      #   User.authenticate_by(email: "jdoe@example.com", password: nil) # => nil (no queries executed)
+      #   User.authenticate_by(email: "jdoe@example.com", password: "")  # => nil (no queries executed)
+      #
+      #   User.authenticate_by(email: "jdoe@example.com") # => ArgumentError
+      #   User.authenticate_by(password: "abc123")        # => ArgumentError
+      def authenticate_by(attributes)
+        passwords, identifiers = attributes.to_h.partition do |name, value|
+          !has_attribute?(name) && has_attribute?("#{name}_digest")
+        end.map(&:to_h)
+
+        raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+        raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+
+        return if passwords.any? { |name, value| value.nil? || value.empty? }
+
+        if record = find_by(identifiers)
+          record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size
+        else
+          new(passwords)
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/active_record/secure_token.rb

@@ -2,6 +2,10 @@
 
 module ActiveRecord
   module SecureToken
+    class MinimumLengthError < StandardError; end
+
+    MINIMUM_TOKEN_LENGTH = 24
+
     extend ActiveSupport::Concern
 
     module ClassMethods
@@ -10,30 +14,52 @@ module ActiveRecord
       #   # Schema: User(token:string, auth_token:string)
       #   class User < ActiveRecord::Base
       #     has_secure_token
-      #     has_secure_token :auth_token
+      #     has_secure_token :auth_token, length: 36
       #   end
       #
       #   user = User.new
       #   user.save
       #   user.token # => "pX27zsMN2ViQKta1bGfLmVJE"
-      #   user.auth_token # => "77TMHrHJFvFDwodq8w7Ev2m7"
+      #   user.auth_token # => "tU9bLuZseefXQ4yQxQo8wjtBvsAfPc78os6R"
       #   user.regenerate_token # => true
       #   user.regenerate_auth_token # => true
       #
-      # <tt>SecureRandom::base58</tt> is used to generate the 24-character unique token, so collisions are highly unlikely.
+      # +SecureRandom::base58+ is used to generate at minimum a 24-character unique token, so collisions are highly unlikely.
       #
       # Note that it's still possible to generate a race condition in the database in the same way that
       # {validates_uniqueness_of}[rdoc-ref:Validations::ClassMethods#validates_uniqueness_of] can.
       # You're encouraged to add a unique index in the database to deal with this even more unlikely scenario.
-      def has_secure_token(attribute = :token)
+      #
+      # ==== Options
+      #
+      # [+:length+]
+      #   Length of the Secure Random, with a minimum of 24 characters. It will
+      #   default to 24.
+      #
+      # [+:on+]
+      #   The callback when the value is generated. When called with <tt>on:
+      #   :initialize</tt>, the value is generated in an
+      #   <tt>after_initialize</tt> callback, otherwise the value will be used
+      #   in a <tt>before_</tt> callback. When not specified, +:on+ will use the value of
+      #   <tt>config.active_record.generate_secure_token_on</tt>, which defaults to +:initialize+
+      #   starting in \Rails 7.1.
+      def has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH, on: ActiveRecord.generate_secure_token_on)
+        if length < MINIMUM_TOKEN_LENGTH
+          raise MinimumLengthError, "Token requires a minimum length of #{MINIMUM_TOKEN_LENGTH} characters."
+        end
+
         # Load securerandom only when has_secure_token is used.
         require "active_support/core_ext/securerandom"
-        define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token }
-        before_create { send("#{attribute}=", self.class.generate_unique_secure_token) unless send("#{attribute}?") }
+        define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token(length: length) }
+        set_callback on, on == :initialize ? :after : :before do
+          if new_record? && !query_attribute(attribute)
+            send("#{attribute}=", self.class.generate_unique_secure_token(length: length))
+          end
+        end
       end
 
-      def generate_unique_secure_token
-        SecureRandom.base58(24)
+      def generate_unique_secure_token(length: MINIMUM_TOKEN_LENGTH)
+        SecureRandom.base58(length)
       end
     end
   end

data/lib/active_record/serialization.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-module ActiveRecord #:nodoc:
+module ActiveRecord # :nodoc:
   # = Active Record \Serialization
   module Serialization
     extend ActiveSupport::Concern
@@ -11,12 +11,19 @@ module ActiveRecord #:nodoc:
     end
 
     def serializable_hash(options = nil)
-      options = options.try(:dup) || {}
+      if self.class._has_attribute?(self.class.inheritance_column)
+        options = options ? options.dup : {}
 
-      options[:except] = Array(options[:except]).map(&:to_s)
-      options[:except] |= Array(self.class.inheritance_column)
+        options[:except] = Array(options[:except]).map(&:to_s)
+        options[:except] |= Array(self.class.inheritance_column)
+      end
 
       super(options)
     end
+
+    private
+      def attribute_names_for_serialization
+        attribute_names
+      end
   end
 end

data/lib/active_record/signed_id.rb

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  # = Active Record Signed Id
+  module SignedId
+    extend ActiveSupport::Concern
+
+    included do
+      ##
+      # :singleton-method:
+      # Set the secret used for the signed id verifier instance when using Active Record outside of \Rails.
+      # Within \Rails, this is automatically set using the \Rails application key generator.
+      class_attribute :signed_id_verifier_secret, instance_writer: false
+    end
+
+    module RelationMethods # :nodoc:
+      def find_signed(...)
+        scoping { model.find_signed(...) }
+      end
+
+      def find_signed!(...)
+        scoping { model.find_signed!(...) }
+      end
+    end
+
+    module ClassMethods
+      # Lets you find a record based on a signed id that's safe to put into the world without risk of tampering.
+      # This is particularly useful for things like password reset or email verification, where you want
+      # the bearer of the signed id to be able to interact with the underlying record, but usually only within
+      # a certain time period.
+      #
+      # You set the time period that the signed id is valid for during generation, using the instance method
+      # <tt>signed_id(expires_in: 15.minutes)</tt>. If the time has elapsed before a signed find is attempted,
+      # the signed id will no longer be valid, and nil is returned.
+      #
+      # It's possible to further restrict the use of a signed id with a purpose. This helps when you have a
+      # general base model, like a User, which might have signed ids for several things, like password reset
+      # or email verification. The purpose that was set during generation must match the purpose set when
+      # finding. If there's a mismatch, nil is again returned.
+      #
+      # ==== Examples
+      #
+      #   signed_id = User.first.signed_id expires_in: 15.minutes, purpose: :password_reset
+      #
+      #   User.find_signed signed_id # => nil, since the purpose does not match
+      #
+      #   travel 16.minutes
+      #   User.find_signed signed_id, purpose: :password_reset # => nil, since the signed id has expired
+      #
+      #   travel_back
+      #   User.find_signed signed_id, purpose: :password_reset # => User.first
+      def find_signed(signed_id, purpose: nil)
+        raise UnknownPrimaryKey.new(self) if primary_key.nil?
+
+        if id = signed_id_verifier.verified(signed_id, purpose: combine_signed_id_purposes(purpose))
+          find_by primary_key => id
+        end
+      end
+
+      # Works like find_signed, but will raise an ActiveSupport::MessageVerifier::InvalidSignature
+      # exception if the +signed_id+ has either expired, has a purpose mismatch, is for another record,
+      # or has been tampered with. It will also raise an ActiveRecord::RecordNotFound exception if
+      # the valid signed id can't find a record.
+      #
+      # ==== Examples
+      #
+      #   User.find_signed! "bad data" # => ActiveSupport::MessageVerifier::InvalidSignature
+      #
+      #   signed_id = User.first.signed_id
+      #   User.first.destroy
+      #   User.find_signed! signed_id # => ActiveRecord::RecordNotFound
+      def find_signed!(signed_id, purpose: nil)
+        if id = signed_id_verifier.verify(signed_id, purpose: combine_signed_id_purposes(purpose))
+          find(id)
+        end
+      end
+
+      # The verifier instance that all signed ids are generated and verified from. By default, it'll be initialized
+      # with the class-level +signed_id_verifier_secret+, which within Rails comes from
+      # {Rails.application.key_generator}[rdoc-ref:Rails::Application#key_generator].
+      # By default, it's SHA256 for the digest and JSON for the serialization.
+      def signed_id_verifier
+        @signed_id_verifier ||= begin
+          secret = signed_id_verifier_secret
+          secret = secret.call if secret.respond_to?(:call)
+
+          if secret.nil?
+            raise ArgumentError, "You must set ActiveRecord::Base.signed_id_verifier_secret to use signed ids"
+          else
+            ActiveSupport::MessageVerifier.new secret, digest: "SHA256", serializer: JSON, url_safe: true
+          end
+        end
+      end
+
+      # Allows you to pass in a custom verifier used for the signed ids. This also allows you to use different
+      # verifiers for different classes. This is also helpful if you need to rotate keys, as you can prepare
+      # your custom verifier for that in advance. See ActiveSupport::MessageVerifier for details.
+      def signed_id_verifier=(verifier)
+        @signed_id_verifier = verifier
+      end
+
+      # :nodoc:
+      def combine_signed_id_purposes(purpose)
+        [ base_class.name.underscore, purpose.to_s ].compact_blank.join("/")
+      end
+    end
+
+
+    # Returns a signed id that's generated using a preconfigured +ActiveSupport::MessageVerifier+ instance.
+    #
+    # This signed id is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
+    # However, as with any message signed with a +ActiveSupport::MessageVerifier+,
+    # {the signed id is not encrypted}[link:classes/ActiveSupport/MessageVerifier.html#class-ActiveSupport::MessageVerifier-label-Signing+is+not+encryption].
+    # It's just encoded and protected against tampering.
+    #
+    # This means that the ID can be decoded by anyone; however, if tampered with (so to point to a different ID),
+    # the cryptographic signature will no longer match, and the signed id will be considered invalid and return nil
+    # when passed to +find_signed+ (or raise with +find_signed!+).
+    #
+    # It can furthermore be set to expire (the default is not to expire), and scoped down with a specific purpose.
+    # If the expiration date has been exceeded before +find_signed+ is called, the id won't find the designated
+    # record. If a purpose is set, this too must match.
+    #
+    # If you accidentally let a signed id out in the wild that you wish to retract sooner than its expiration date
+    # (or maybe you forgot to set an expiration date while meaning to!), you can use the purpose to essentially
+    # version the signed_id, like so:
+    #
+    #   user.signed_id purpose: :v2
+    #
+    # And you then change your +find_signed+ calls to require this new purpose. Any old signed ids that were not
+    # created with the purpose will no longer find the record.
+    def signed_id(expires_in: nil, expires_at: nil, purpose: nil)
+      raise ArgumentError, "Cannot get a signed_id for a new record" if new_record?
+
+      self.class.signed_id_verifier.generate id, expires_in: expires_in, expires_at: expires_at, purpose: self.class.combine_signed_id_purposes(purpose)
+    end
+  end
+end

data/lib/active_record/statement_cache.rb

@@ -4,14 +4,14 @@ module ActiveRecord
   # Statement cache is used to cache a single statement in order to avoid creating the AST again.
   # Initializing the cache is done by passing the statement in the create block:
   #
-  #   cache = StatementCache.create(Book.connection) do |params|
+  #   cache = StatementCache.create(ClothingItem.lease_connection) do |params|
   #     Book.where(name: "my book").where("author_id > 3")
   #   end
   #
   # The cached statement is executed by using the
   # {connection.execute}[rdoc-ref:ConnectionAdapters::DatabaseStatements#execute] method:
   #
-  #   cache.execute([], Book.connection)
+  #   cache.execute([], ClothingItem.lease_connection)
   #
   # The relation returned by the block is cached, and for each
   # {execute}[rdoc-ref:ConnectionAdapters::DatabaseStatements#execute]
@@ -20,13 +20,13 @@ module ActiveRecord
   # If you want to cache the statement without the values you can use the +bind+ method of the
   # block parameter.
   #
-  #   cache = StatementCache.create(Book.connection) do |params|
+  #   cache = StatementCache.create(ClothingItem.lease_connection) do |params|
   #     Book.where(name: params.bind)
   #   end
   #
   # And pass the bind values as the first argument of +execute+ call.
   #
-  #   cache.execute(["my book"], Book.connection)
+  #   cache.execute(["my book"], ClothingItem.lease_connection)
   class StatementCache # :nodoc:
     class Substitute; end # :nodoc:
 
@@ -50,13 +50,20 @@ module ActiveRecord
 
       def sql_for(binds, connection)
         val = @values.dup
-        casted_binds = binds.map(&:value_for_database)
-        @indexes.each { |i| val[i] = connection.quote(casted_binds.shift) }
+        @indexes.each do |i|
+          value = binds.shift
+          if ActiveModel::Attribute === value
+            value = value.value_for_database
+          end
+          val[i] = connection.quote(value)
+        end
         val.join
       end
     end
 
     class PartialQueryCollector
+      attr_accessor :preparable, :retryable
+
       def initialize
         @parts = []
         @binds = []
@@ -73,6 +80,15 @@ module ActiveRecord
         self
       end
 
+      def add_binds(binds, proc_for_binds = nil)
+        @binds.concat proc_for_binds ? binds.map(&proc_for_binds) : binds
+        binds.size.times do |i|
+          @parts << ", " unless i == 0
+          @parts << Substitute.new
+        end
+        self
+      end
+
       def value
         [@parts, @binds]
       end
@@ -100,7 +116,7 @@ module ActiveRecord
         @bound_attributes = bound_attributes
 
         bound_attributes.each_with_index do |attr, i|
-          if Substitute === attr.value
+          if ActiveModel::Attribute === attr && Substitute === attr.value
             @indexes << i
           end
         end
@@ -126,14 +142,14 @@ module ActiveRecord
       @klass = klass
     end
 
-    def execute(params, connection, &block)
+    def execute(params, connection, allow_retry: false, &block)
       bind_values = bind_map.bind params
 
       sql = query_builder.sql_for bind_values, connection
 
-      klass.find_by_sql(sql, bind_values, preparable: true, &block)
+      klass.find_by_sql(sql, bind_values, preparable: true, allow_retry: allow_retry, &block)
     rescue ::RangeError
-      nil
+      []
     end
 
     def self.unsupported_value?(value)