activerecord 7.0.8.6 → 7.1.0.beta1

data/lib/active_record/schema_migration.rb

@@ -1,54 +1,89 @@
 # frozen_string_literal: true
 
-require "active_record/scoping/default"
-require "active_record/scoping/named"
-
 module ActiveRecord
   # This class is used to create a table that keeps track of which migrations
   # have been applied to a given database. When a migration is run, its schema
-  # number is inserted in to the `SchemaMigration.table_name` so it doesn't need
+  # number is inserted in to the schema migrations table so it doesn't need
   # to be executed the next time.
-  class SchemaMigration < ActiveRecord::Base # :nodoc:
-    class << self
-      def primary_key
-        "version"
-      end
+  class SchemaMigration # :nodoc:
+    class NullSchemaMigration
+    end
+
+    attr_reader :connection, :arel_table
+
+    def initialize(connection)
+      @connection = connection
+      @arel_table = Arel::Table.new(table_name)
+    end
+
+    def create_version(version)
+      im = Arel::InsertManager.new(arel_table)
+      im.insert(arel_table[primary_key] => version)
+      connection.insert(im, "#{self.class} Create", primary_key, version)
+    end
 
-      def table_name
-        "#{table_name_prefix}#{schema_migrations_table_name}#{table_name_suffix}"
+    def delete_version(version)
+      dm = Arel::DeleteManager.new(arel_table)
+      dm.wheres = [arel_table[primary_key].eq(version)]
+
+      connection.delete(dm, "#{self.class} Destroy")
+    end
+
+    def delete_all_versions
+      versions.each do |version|
+        delete_version(version)
       end
+    end
+
+    def primary_key
+      "version"
+    end
+
+    def table_name
+      "#{ActiveRecord::Base.table_name_prefix}#{ActiveRecord::Base.schema_migrations_table_name}#{ActiveRecord::Base.table_name_suffix}"
+    end
 
-      def create_table
-        unless connection.table_exists?(table_name)
-          connection.create_table(table_name, id: false) do |t|
-            t.string :version, **connection.internal_string_options_for_primary_key
-          end
+    def create_table
+      unless connection.table_exists?(table_name)
+        connection.create_table(table_name, id: false) do |t|
+          t.string :version, **connection.internal_string_options_for_primary_key
         end
       end
+    end
 
-      def drop_table
-        connection.drop_table table_name, if_exists: true
-      end
+    def drop_table
+      connection.drop_table table_name, if_exists: true
+    end
 
-      def normalize_migration_number(number)
-        "%.3d" % number.to_i
-      end
+    def normalize_migration_number(number)
+      "%.3d" % number.to_i
+    end
 
-      def normalized_versions
-        all_versions.map { |v| normalize_migration_number v }
-      end
+    def normalized_versions
+      versions.map { |v| normalize_migration_number v }
+    end
 
-      def all_versions
-        order(:version).pluck(:version)
-      end
+    def versions
+      sm = Arel::SelectManager.new(arel_table)
+      sm.project(arel_table[primary_key])
+      sm.order(arel_table[primary_key].asc)
 
-      def table_exists?
-        connection.data_source_exists?(table_name)
-      end
+      connection.select_values(sm, "#{self.class} Load")
+    end
+
+    def integer_versions
+      versions.map(&:to_i)
+    end
+
+    def count
+      sm = Arel::SelectManager.new(arel_table)
+      sm.project(*Arel::Nodes::Count.new([Arel.star]))
+
+      connection.select_values(sm, "#{self.class} Count").first
     end
 
-    def version
-      super.to_i
+    def table_exists?
+      connection.data_source_exists?(table_name)
     end
   end
 end

data/lib/active_record/scoping/default.rb

@@ -24,14 +24,22 @@ module ActiveRecord
         # Returns a scope for the model without the previously set scopes.
         #
         #   class Post < ActiveRecord::Base
+        #     belongs_to :user
+        #
         #     def self.default_scope
         #       where(published: true)
         #     end
         #   end
         #
+        #   class User < ActiveRecord::Base
+        #     has_many :posts
+        #   end
+        #
         #   Post.all                                  # Fires "SELECT * FROM posts WHERE published = true"
         #   Post.unscoped.all                         # Fires "SELECT * FROM posts"
         #   Post.where(published: false).unscoped.all # Fires "SELECT * FROM posts"
+        #   User.find(1).posts                        # Fires "SELECT * FROM posts WHERE published = true AND posts.user_id = 1"
+        #   User.find(1).posts.unscoped               # Fires "SELECT * FROM posts"
         #
         # This method also accepts a block. All queries inside the block will
         # not use the previously set scopes.
@@ -67,7 +75,8 @@ module ActiveRecord
           #     default_scope { where(published: true) }
           #   end
           #
-          #   Article.all # => SELECT * FROM articles WHERE published = true
+          #   Article.all
+          #   # SELECT * FROM articles WHERE published = true
           #
           # The #default_scope is also applied while creating/building a record.
           # It is not applied while updating or deleting a record.
@@ -88,7 +97,7 @@ module ActiveRecord
           # queries that return a single object by primary key.
           #
           #   Article.find(1).destroy
-          #   => DELETE ... FROM `articles` where ID = 1 AND blog_id = 1;
+          #   # DELETE ... FROM `articles` where ID = 1 AND blog_id = 1;
           #
           # (You can also pass any object which responds to +call+ to the
           # +default_scope+ macro, and it will be called when building the
@@ -102,7 +111,8 @@ module ActiveRecord
           #     default_scope { where(rating: 'G') }
           #   end
           #
-          #   Article.all # => SELECT * FROM articles WHERE published = true AND rating = 'G'
+          #   Article.all
+          #   # SELECT * FROM articles WHERE published = true AND rating = 'G'
           #
           # This is also the case with inheritance and module includes where the
           # parent or module defines a #default_scope and the child or including
@@ -162,8 +172,8 @@ module ActiveRecord
           # If all_queries is nil, only execute on select and insert queries.
           #
           # If all_queries is true, check if the default_scope object has
-          # all_queries set, then execute on all queries; select, insert, update
-          # and delete.
+          # all_queries set, then execute on all queries; select, insert, update,
+          # delete, and reload.
           def execute_scope?(all_queries, default_scope_obj)
             all_queries.nil? || all_queries && default_scope_obj.all_queries
           end

data/lib/active_record/scoping/named.rb

@@ -19,7 +19,7 @@ module ActiveRecord
         #
         # You can define a scope that applies to all finders using
         # {default_scope}[rdoc-ref:Scoping::Default::ClassMethods#default_scope].
-        def all
+        def all(all_queries: nil)
           scope = current_scope
 
           if scope
@@ -29,7 +29,7 @@ module ActiveRecord
               relation.merge!(scope)
             end
           else
-            default_scoped
+            default_scoped(all_queries: all_queries)
           end
         end
 

data/lib/active_record/scoping.rb

@@ -119,11 +119,12 @@ module ActiveRecord
           return scope_type[model.name] if skip_inherited_scope
           klass = model
           base = model.base_class
-          while klass <= base
+          while klass != base
             value = scope_type[klass.name]
             return value if value
             klass = klass.superclass
           end
+          scope_type[klass.name]
         end
 
         # Sets the +value+ for a given +scope_type+ and +model+.

data/lib/active_record/secure_password.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+module ActiveRecord
+  module SecurePassword
+    extend ActiveSupport::Concern
+
+    include ActiveModel::SecurePassword
+
+    module ClassMethods
+      # Given a set of attributes, finds a record using the non-password
+      # attributes, and then authenticates that record using the password
+      # attributes. Returns the record if authentication succeeds; otherwise,
+      # returns +nil+.
+      #
+      # Regardless of whether a record is found, +authenticate_by+ will
+      # cryptographically digest the given password attributes. This behavior
+      # helps mitigate timing-based enumeration attacks, wherein an attacker can
+      # determine if a passworded record exists even without knowing the
+      # password.
+      #
+      # Raises an ArgumentError if the set of attributes doesn't contain at
+      # least one password and one non-password attribute.
+      #
+      # ==== Examples
+      #
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #   end
+      #
+      #   User.create(name: "John Doe", email: "jdoe@example.com", password: "abc123")
+      #
+      #   User.authenticate_by(email: "jdoe@example.com", password: "abc123").name # => "John Doe" (in 373.4ms)
+      #   User.authenticate_by(email: "jdoe@example.com", password: "wrong")       # => nil (in 373.9ms)
+      #   User.authenticate_by(email: "wrong@example.com", password: "abc123")     # => nil (in 373.6ms)
+      #
+      #   User.authenticate_by(email: "jdoe@example.com", password: nil) # => nil (no queries executed)
+      #   User.authenticate_by(email: "jdoe@example.com", password: "")  # => nil (no queries executed)
+      #
+      #   User.authenticate_by(email: "jdoe@example.com") # => ArgumentError
+      #   User.authenticate_by(password: "abc123")        # => ArgumentError
+      def authenticate_by(attributes)
+        passwords, identifiers = attributes.to_h.partition do |name, value|
+          !has_attribute?(name) && has_attribute?("#{name}_digest")
+        end.map(&:to_h)
+
+        raise ArgumentError, "One or more password arguments are required" if passwords.empty?
+        raise ArgumentError, "One or more finder arguments are required" if identifiers.empty?
+
+        return if passwords.any? { |name, value| value.nil? || value.empty? }
+
+        if record = find_by(identifiers)
+          record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size
+        else
+          new(passwords)
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/active_record/secure_token.rb

@@ -24,12 +24,26 @@ module ActiveRecord
       #   user.regenerate_token # => true
       #   user.regenerate_auth_token # => true
       #
-      # <tt>SecureRandom::base58</tt> is used to generate at minimum a 24-character unique token, so collisions are highly unlikely.
+      # +SecureRandom::base58+ is used to generate at minimum a 24-character unique token, so collisions are highly unlikely.
       #
       # Note that it's still possible to generate a race condition in the database in the same way that
       # {validates_uniqueness_of}[rdoc-ref:Validations::ClassMethods#validates_uniqueness_of] can.
       # You're encouraged to add a unique index in the database to deal with this even more unlikely scenario.
-      def has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH)
+      #
+      # === Options
+      #
+      # [:length]
+      #   Length of the Secure Random, with a minimum of 24 characters. It will
+      #   default to 24.
+      #
+      # [:on]
+      #   The callback when the value is generated. When called with <tt>on:
+      #   :initialize</tt>, the value is generated in an
+      #   <tt>after_initialize</tt> callback, otherwise the value will be used
+      #   in a <tt>before_</tt> callback. When not specified, +:on+ will use the value of
+      #   <tt>config.active_record.generate_secure_token_on</tt>, which defaults to +:initialize+
+      #   starting in \Rails 7.1.
+      def has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH, on: ActiveRecord.generate_secure_token_on)
         if length < MINIMUM_TOKEN_LENGTH
           raise MinimumLengthError, "Token requires a minimum length of #{MINIMUM_TOKEN_LENGTH} characters."
         end
@@ -37,7 +51,11 @@ module ActiveRecord
         # Load securerandom only when has_secure_token is used.
         require "active_support/core_ext/securerandom"
         define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token(length: length) }
-        before_create { send("#{attribute}=", self.class.generate_unique_secure_token(length: length)) unless send("#{attribute}?") }
+        set_callback on, on == :initialize ? :after : :before do
+          if new_record? && !query_attribute(attribute)
+            write_attribute(attribute, self.class.generate_unique_secure_token(length: length))
+          end
+        end
       end
 
       def generate_unique_secure_token(length: MINIMUM_TOKEN_LENGTH)

data/lib/active_record/signed_id.rb

@@ -8,8 +8,8 @@ module ActiveRecord
     included do
       ##
       # :singleton-method:
-      # Set the secret used for the signed id verifier instance when using Active Record outside of Rails.
-      # Within Rails, this is automatically set using the Rails application key generator.
+      # Set the secret used for the signed id verifier instance when using Active Record outside of \Rails.
+      # Within \Rails, this is automatically set using the \Rails application key generator.
       class_attribute :signed_id_verifier_secret, instance_writer: false
     end
 
@@ -66,7 +66,7 @@ module ActiveRecord
       end
 
       # The verifier instance that all signed ids are generated and verified from. By default, it'll be initialized
-      # with the class-level +signed_id_verifier_secret+, which within Rails comes from the
+      # with the class-level +signed_id_verifier_secret+, which within \Rails comes from the
       # Rails.application.key_generator. By default, it's SHA256 for the digest and JSON for the serialization.
       def signed_id_verifier
         @signed_id_verifier ||= begin
@@ -109,8 +109,10 @@ module ActiveRecord
     #
     # And you then change your +find_signed+ calls to require this new purpose. Any old signed ids that were not
     # created with the purpose will no longer find the record.
-    def signed_id(expires_in: nil, purpose: nil)
-      self.class.signed_id_verifier.generate id, expires_in: expires_in, purpose: self.class.combine_signed_id_purposes(purpose)
+    def signed_id(expires_in: nil, expires_at: nil, purpose: nil)
+      raise ArgumentError, "Cannot get a signed_id for a new record" if new_record?
+
+      self.class.signed_id_verifier.generate id, expires_in: expires_in, expires_at: expires_at, purpose: self.class.combine_signed_id_purposes(purpose)
     end
   end
 end

data/lib/active_record/store.rb

@@ -3,6 +3,8 @@
 require "active_support/core_ext/hash/indifferent_access"
 
 module ActiveRecord
+  # = Active Record \Store
+  #
   # Store gives you a thin wrapper around serialize for the purpose of storing hashes in a single column.
   # It's like a simple key/value store baked into your record when you don't care about being able to
   # query that store outside the context of a single record.
@@ -102,7 +104,8 @@ module ActiveRecord
 
     module ClassMethods
       def store(store_attribute, options = {})
-        serialize store_attribute, IndifferentCoder.new(store_attribute, options[:coder])
+        coder = build_column_serializer(store_attribute, options[:coder], Object, options[:yaml])
+        serialize store_attribute, coder: IndifferentCoder.new(store_attribute, coder)
         store_accessor(store_attribute, options[:accessors], **options.slice(:prefix, :suffix)) if options.has_key? :accessors
       end
 
@@ -160,19 +163,19 @@ module ActiveRecord
 
             define_method("saved_change_to_#{accessor_key}?") do
               return false unless saved_change_to_attribute?(store_attribute)
-              prev_store, new_store = saved_change_to_attribute(store_attribute)
+              prev_store, new_store = saved_changes[store_attribute]
               prev_store&.dig(key) != new_store&.dig(key)
             end
 
             define_method("saved_change_to_#{accessor_key}") do
               return unless saved_change_to_attribute?(store_attribute)
-              prev_store, new_store = saved_change_to_attribute(store_attribute)
+              prev_store, new_store = saved_changes[store_attribute]
               [prev_store&.dig(key), new_store&.dig(key)]
             end
 
             define_method("#{accessor_key}_before_last_save") do
               return unless saved_change_to_attribute?(store_attribute)
-              prev_store, _new_store = saved_change_to_attribute(store_attribute)
+              prev_store, _new_store = saved_changes[store_attribute]
               prev_store&.dig(key)
             end
           end
@@ -225,10 +228,7 @@ module ActiveRecord
 
         def self.write(object, attribute, key, value)
           prepare(object, attribute)
-          if value != read(object, attribute, key)
-            object.public_send :"#{attribute}_will_change!"
-            object.public_send(attribute)[key] = value
-          end
+          object.public_send(attribute)[key] = value if value != read(object, attribute, key)
         end
 
         def self.prepare(object, attribute)

data/lib/active_record/suppressor.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module ActiveRecord
+  # = Active Record \Suppressor
+  #
   # ActiveRecord::Suppressor prevents the receiver from being saved during
   # a given block.
   #
@@ -32,7 +34,7 @@ module ActiveRecord
 
     class << self
       def registry # :nodoc:
-        ActiveSupport::IsolatedExecutionState[:active_record_suppresor_registry] ||= {}
+        ActiveSupport::IsolatedExecutionState[:active_record_suppressor_registry] ||= {}
       end
     end
 

data/lib/active_record/table_metadata.rb

@@ -23,7 +23,16 @@ module ActiveRecord
     end
 
     def associated_with?(table_name)
-      klass&._reflect_on_association(table_name) || klass&._reflect_on_association(table_name.singularize)
+      if reflection = klass&._reflect_on_association(table_name)
+        reflection
+      elsif ActiveRecord.allow_deprecated_singular_associations_name && reflection = klass&._reflect_on_association(table_name.singularize)
+        ActiveRecord.deprecator.warn(<<~MSG)
+          Referring to a singular association (e.g. `#{reflection.name}`) by its plural name (e.g. `#{reflection.plural_name}`) is deprecated.
+
+          To convert this deprecation warning to an error and enable more performant behavior, set config.active_record.allow_deprecated_singular_associations_name = false.
+        MSG
+        reflection
+      end
     end
 
     def associated_table(table_name)