activesupport 6.0.0

data/lib/active_support/log_subscriber.rb

@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/core_ext/class/attribute"
+require "active_support/subscriber"
+
+module ActiveSupport
+  # <tt>ActiveSupport::LogSubscriber</tt> is an object set to consume
+  # <tt>ActiveSupport::Notifications</tt> with the sole purpose of logging them.
+  # The log subscriber dispatches notifications to a registered object based
+  # on its given namespace.
+  #
+  # An example would be Active Record log subscriber responsible for logging
+  # queries:
+  #
+  #   module ActiveRecord
+  #     class LogSubscriber < ActiveSupport::LogSubscriber
+  #       def sql(event)
+  #         info "#{event.payload[:name]} (#{event.duration}) #{event.payload[:sql]}"
+  #       end
+  #     end
+  #   end
+  #
+  # And it's finally registered as:
+  #
+  #   ActiveRecord::LogSubscriber.attach_to :active_record
+  #
+  # Since we need to know all instance methods before attaching the log
+  # subscriber, the line above should be called after your
+  # <tt>ActiveRecord::LogSubscriber</tt> definition.
+  #
+  # After configured, whenever a <tt>"sql.active_record"</tt> notification is published,
+  # it will properly dispatch the event
+  # (<tt>ActiveSupport::Notifications::Event</tt>) to the sql method.
+  #
+  # Being an <tt>ActiveSupport::Notifications</tt> consumer,
+  # <tt>ActiveSupport::LogSubscriber</tt> exposes a simple interface to check if
+  # instrumented code raises an exception. It is common to log a different
+  # message in case of an error, and this can be achieved by extending
+  # the previous example:
+  #
+  #   module ActiveRecord
+  #     class LogSubscriber < ActiveSupport::LogSubscriber
+  #       def sql(event)
+  #         exception = event.payload[:exception]
+  #
+  #         if exception
+  #           exception_object = event.payload[:exception_object]
+  #
+  #           error "[ERROR] #{event.payload[:name]}: #{exception.join(', ')} " \
+  #                 "(#{exception_object.backtrace.first})"
+  #         else
+  #           # standard logger code
+  #         end
+  #       end
+  #     end
+  #   end
+  #
+  # Log subscriber also has some helpers to deal with logging and automatically
+  # flushes all logs when the request finishes
+  # (via <tt>action_dispatch.callback</tt> notification) in a Rails environment.
+  class LogSubscriber < Subscriber
+    # Embed in a String to clear all previous ANSI sequences.
+    CLEAR   = "\e[0m"
+    BOLD    = "\e[1m"
+
+    # Colors
+    BLACK   = "\e[30m"
+    RED     = "\e[31m"
+    GREEN   = "\e[32m"
+    YELLOW  = "\e[33m"
+    BLUE    = "\e[34m"
+    MAGENTA = "\e[35m"
+    CYAN    = "\e[36m"
+    WHITE   = "\e[37m"
+
+    mattr_accessor :colorize_logging, default: true
+
+    class << self
+      def logger
+        @logger ||= if defined?(Rails) && Rails.respond_to?(:logger)
+          Rails.logger
+        end
+      end
+
+      attr_writer :logger
+
+      def log_subscribers
+        subscribers
+      end
+
+      # Flush all log_subscribers' logger.
+      def flush_all!
+        logger.flush if logger.respond_to?(:flush)
+      end
+    end
+
+    def logger
+      LogSubscriber.logger
+    end
+
+    def start(name, id, payload)
+      super if logger
+    end
+
+    def finish(name, id, payload)
+      super if logger
+    rescue => e
+      if logger
+        logger.error "Could not log #{name.inspect} event. #{e.class}: #{e.message} #{e.backtrace}"
+      end
+    end
+
+  private
+
+    %w(info debug warn error fatal unknown).each do |level|
+      class_eval <<-METHOD, __FILE__, __LINE__ + 1
+        def #{level}(progname = nil, &block)
+          logger.#{level}(progname, &block) if logger
+        end
+      METHOD
+    end
+
+    # Set color by using a symbol or one of the defined constants. If a third
+    # option is set to +true+, it also adds bold to the string. This is based
+    # on the Highline implementation and will automatically append CLEAR to the
+    # end of the returned String.
+    def color(text, color, bold = false) # :doc:
+      return text unless colorize_logging
+      color = self.class.const_get(color.upcase) if color.is_a?(Symbol)
+      bold  = bold ? BOLD : ""
+      "#{bold}#{color}#{text}#{CLEAR}"
+    end
+  end
+end

data/lib/active_support/log_subscriber/test_helper.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+require "active_support/log_subscriber"
+require "active_support/logger"
+require "active_support/notifications"
+
+module ActiveSupport
+  class LogSubscriber
+    # Provides some helpers to deal with testing log subscribers by setting up
+    # notifications. Take for instance Active Record subscriber tests:
+    #
+    #   class SyncLogSubscriberTest < ActiveSupport::TestCase
+    #     include ActiveSupport::LogSubscriber::TestHelper
+    #
+    #     setup do
+    #       ActiveRecord::LogSubscriber.attach_to(:active_record)
+    #     end
+    #
+    #     def test_basic_query_logging
+    #       Developer.all.to_a
+    #       wait
+    #       assert_equal 1, @logger.logged(:debug).size
+    #       assert_match(/Developer Load/, @logger.logged(:debug).last)
+    #       assert_match(/SELECT \* FROM "developers"/, @logger.logged(:debug).last)
+    #     end
+    #   end
+    #
+    # All you need to do is to ensure that your log subscriber is added to
+    # Rails::Subscriber, as in the second line of the code above. The test
+    # helpers are responsible for setting up the queue, subscriptions and
+    # turning colors in logs off.
+    #
+    # The messages are available in the @logger instance, which is a logger with
+    # limited powers (it actually does not send anything to your output), and
+    # you can collect them doing @logger.logged(level), where level is the level
+    # used in logging, like info, debug, warn and so on.
+    module TestHelper
+      def setup # :nodoc:
+        @logger   = MockLogger.new
+        @notifier = ActiveSupport::Notifications::Fanout.new
+
+        ActiveSupport::LogSubscriber.colorize_logging = false
+
+        @old_notifier = ActiveSupport::Notifications.notifier
+        set_logger(@logger)
+        ActiveSupport::Notifications.notifier = @notifier
+      end
+
+      def teardown # :nodoc:
+        set_logger(nil)
+        ActiveSupport::Notifications.notifier = @old_notifier
+      end
+
+      class MockLogger
+        include ActiveSupport::Logger::Severity
+
+        attr_reader :flush_count
+        attr_accessor :level
+
+        def initialize(level = DEBUG)
+          @flush_count = 0
+          @level = level
+          @logged = Hash.new { |h, k| h[k] = [] }
+        end
+
+        def method_missing(level, message = nil)
+          if block_given?
+            @logged[level] << yield
+          else
+            @logged[level] << message
+          end
+        end
+
+        def logged(level)
+          @logged[level].compact.map { |l| l.to_s.strip }
+        end
+
+        def flush
+          @flush_count += 1
+        end
+
+        ActiveSupport::Logger::Severity.constants.each do |severity|
+          class_eval <<-EOT, __FILE__, __LINE__ + 1
+            def #{severity.downcase}?
+              #{severity} >= @level
+            end
+          EOT
+        end
+      end
+
+      # Wait notifications to be published.
+      def wait
+        @notifier.wait
+      end
+
+      # Overwrite if you use another logger in your log subscriber.
+      #
+      #   def logger
+      #     ActiveRecord::Base.logger = @logger
+      #   end
+      def set_logger(logger)
+        ActiveSupport::LogSubscriber.logger = logger
+      end
+    end
+  end
+end

data/lib/active_support/logger.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require "active_support/logger_silence"
+require "active_support/logger_thread_safe_level"
+require "logger"
+
+module ActiveSupport
+  class Logger < ::Logger
+    include LoggerSilence
+
+    # Returns true if the logger destination matches one of the sources
+    #
+    #   logger = Logger.new(STDOUT)
+    #   ActiveSupport::Logger.logger_outputs_to?(logger, STDOUT)
+    #   # => true
+    def self.logger_outputs_to?(logger, *sources)
+      logdev = logger.instance_variable_get("@logdev")
+      logger_source = logdev.dev if logdev.respond_to?(:dev)
+      sources.any? { |source| source == logger_source }
+    end
+
+    # Broadcasts logs to multiple loggers.
+    def self.broadcast(logger) # :nodoc:
+      Module.new do
+        define_method(:add) do |*args, &block|
+          logger.add(*args, &block)
+          super(*args, &block)
+        end
+
+        define_method(:<<) do |x|
+          logger << x
+          super(x)
+        end
+
+        define_method(:close) do
+          logger.close
+          super()
+        end
+
+        define_method(:progname=) do |name|
+          logger.progname = name
+          super(name)
+        end
+
+        define_method(:formatter=) do |formatter|
+          logger.formatter = formatter
+          super(formatter)
+        end
+
+        define_method(:level=) do |level|
+          logger.level = level
+          super(level)
+        end
+
+        define_method(:local_level=) do |level|
+          logger.local_level = level if logger.respond_to?(:local_level=)
+          super(level) if respond_to?(:local_level=)
+        end
+
+        define_method(:silence) do |level = Logger::ERROR, &block|
+          if logger.respond_to?(:silence)
+            logger.silence(level) do
+              if defined?(super)
+                super(level, &block)
+              else
+                block.call(self)
+              end
+            end
+          else
+            if defined?(super)
+              super(level, &block)
+            else
+              block.call(self)
+            end
+          end
+        end
+      end
+    end
+
+    def initialize(*args)
+      super
+      @formatter = SimpleFormatter.new
+    end
+
+    # Simple formatter which only displays the message.
+    class SimpleFormatter < ::Logger::Formatter
+      # This method is invoked when a log event occurs
+      def call(severity, timestamp, progname, msg)
+        "#{String === msg ? msg : msg.inspect}\n"
+      end
+    end
+  end
+end

data/lib/active_support/logger_silence.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/logger_thread_safe_level"
+
+module LoggerSilence
+  extend ActiveSupport::Concern
+
+  included do
+    ActiveSupport::Deprecation.warn(
+      "Including LoggerSilence is deprecated and will be removed in Rails 6.1. " \
+      "Please use `ActiveSupport::LoggerSilence` instead"
+    )
+
+    include ActiveSupport::LoggerSilence
+  end
+end
+
+module ActiveSupport
+  module LoggerSilence
+    extend ActiveSupport::Concern
+
+    included do
+      cattr_accessor :silencer, default: true
+      include ActiveSupport::LoggerThreadSafeLevel
+    end
+
+    # Silences the logger for the duration of the block.
+    def silence(temporary_level = Logger::ERROR)
+      if silencer
+        begin
+          old_local_level            = local_level
+          self.local_level           = temporary_level
+
+          yield self
+        ensure
+          self.local_level = old_local_level
+        end
+      else
+        yield self
+      end
+    end
+  end
+end

data/lib/active_support/logger_thread_safe_level.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+require "active_support/core_ext/module/attribute_accessors"
+require "concurrent"
+require "fiber"
+
+module ActiveSupport
+  module LoggerThreadSafeLevel # :nodoc:
+    extend ActiveSupport::Concern
+
+    included do
+      cattr_accessor :local_levels, default: Concurrent::Map.new(initial_capacity: 2), instance_accessor: false
+    end
+
+    Logger::Severity.constants.each do |severity|
+      class_eval(<<-EOT, __FILE__, __LINE__ + 1)
+        def #{severity.downcase}?                # def debug?
+          Logger::#{severity} >= level           #   DEBUG >= level
+        end                                      # end
+      EOT
+    end
+
+    def after_initialize
+      ActiveSupport::Deprecation.warn(
+        "Logger don't need to call #after_initialize directly anymore. It will be deprecated without replacement in " \
+        "Rails 6.1."
+      )
+    end
+
+    def local_log_id
+      Fiber.current.__id__
+    end
+
+    def local_level
+      self.class.local_levels[local_log_id]
+    end
+
+    def local_level=(level)
+      if level
+        self.class.local_levels[local_log_id] = level
+      else
+        self.class.local_levels.delete(local_log_id)
+      end
+    end
+
+    def level
+      local_level || super
+    end
+
+    def add(severity, message = nil, progname = nil, &block) # :nodoc:
+      return true if @logdev.nil? || (severity || UNKNOWN) < level
+      super
+    end
+  end
+end

data/lib/active_support/message_encryptor.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+require "openssl"
+require "base64"
+require "active_support/core_ext/array/extract_options"
+require "active_support/core_ext/module/attribute_accessors"
+require "active_support/message_verifier"
+require "active_support/messages/metadata"
+
+module ActiveSupport
+  # MessageEncryptor is a simple way to encrypt values which get stored
+  # somewhere you don't trust.
+  #
+  # The cipher text and initialization vector are base64 encoded and returned
+  # to you.
+  #
+  # This can be used in situations similar to the <tt>MessageVerifier</tt>, but
+  # where you don't want users to be able to determine the value of the payload.
+  #
+  #   len   = ActiveSupport::MessageEncryptor.key_len
+  #   salt  = SecureRandom.random_bytes(len)
+  #   key   = ActiveSupport::KeyGenerator.new('password').generate_key(salt, len) # => "\x89\xE0\x156\xAC..."
+  #   crypt = ActiveSupport::MessageEncryptor.new(key)                            # => #<ActiveSupport::MessageEncryptor ...>
+  #   encrypted_data = crypt.encrypt_and_sign('my secret data')                   # => "NlFBTTMwOUV5UlA1QlNEN2xkY2d6eThYWWh..."
+  #   crypt.decrypt_and_verify(encrypted_data)                                    # => "my secret data"
+  #
+  # === Confining messages to a specific purpose
+  #
+  # By default any message can be used throughout your app. But they can also be
+  # confined to a specific +:purpose+.
+  #
+  #   token = crypt.encrypt_and_sign("this is the chair", purpose: :login)
+  #
+  # Then that same purpose must be passed when verifying to get the data back out:
+  #
+  #   crypt.decrypt_and_verify(token, purpose: :login)    # => "this is the chair"
+  #   crypt.decrypt_and_verify(token, purpose: :shipping) # => nil
+  #   crypt.decrypt_and_verify(token)                     # => nil
+  #
+  # Likewise, if a message has no purpose it won't be returned when verifying with
+  # a specific purpose.
+  #
+  #   token = crypt.encrypt_and_sign("the conversation is lively")
+  #   crypt.decrypt_and_verify(token, purpose: :scare_tactics) # => nil
+  #   crypt.decrypt_and_verify(token)                          # => "the conversation is lively"
+  #
+  # === Making messages expire
+  #
+  # By default messages last forever and verifying one year from now will still
+  # return the original value. But messages can be set to expire at a given
+  # time with +:expires_in+ or +:expires_at+.
+  #
+  #   crypt.encrypt_and_sign(parcel, expires_in: 1.month)
+  #   crypt.encrypt_and_sign(doowad, expires_at: Time.now.end_of_year)
+  #
+  # Then the messages can be verified and returned up to the expire time.
+  # Thereafter, verifying returns +nil+.
+  #
+  # === Rotating keys
+  #
+  # MessageEncryptor also supports rotating out old configurations by falling
+  # back to a stack of encryptors. Call +rotate+ to build and add an encryptor
+  # so +decrypt_and_verify+ will also try the fallback.
+  #
+  # By default any rotated encryptors use the values of the primary
+  # encryptor unless specified otherwise.
+  #
+  # You'd give your encryptor the new defaults:
+  #
+  #   crypt = ActiveSupport::MessageEncryptor.new(@secret, cipher: "aes-256-gcm")
+  #
+  # Then gradually rotate the old values out by adding them as fallbacks. Any message
+  # generated with the old values will then work until the rotation is removed.
+  #
+  #   crypt.rotate old_secret            # Fallback to an old secret instead of @secret.
+  #   crypt.rotate cipher: "aes-256-cbc" # Fallback to an old cipher instead of aes-256-gcm.
+  #
+  # Though if both the secret and the cipher was changed at the same time,
+  # the above should be combined into:
+  #
+  #   crypt.rotate old_secret, cipher: "aes-256-cbc"
+  class MessageEncryptor
+    prepend Messages::Rotator::Encryptor
+
+    cattr_accessor :use_authenticated_message_encryption, instance_accessor: false, default: false
+
+    class << self
+      def default_cipher #:nodoc:
+        if use_authenticated_message_encryption
+          "aes-256-gcm"
+        else
+          "aes-256-cbc"
+        end
+      end
+    end
+
+    module NullSerializer #:nodoc:
+      def self.load(value)
+        value
+      end
+
+      def self.dump(value)
+        value
+      end
+    end
+
+    module NullVerifier #:nodoc:
+      def self.verify(value)
+        value
+      end
+
+      def self.generate(value)
+        value
+      end
+    end
+
+    class InvalidMessage < StandardError; end
+    OpenSSLCipherError = OpenSSL::Cipher::CipherError
+
+    # Initialize a new MessageEncryptor. +secret+ must be at least as long as
+    # the cipher key size. For the default 'aes-256-gcm' cipher, this is 256
+    # bits. If you are using a user-entered secret, you can generate a suitable
+    # key by using <tt>ActiveSupport::KeyGenerator</tt> or a similar key
+    # derivation function.
+    #
+    # First additional parameter is used as the signature key for +MessageVerifier+.
+    # This allows you to specify keys to encrypt and sign data.
+    #
+    #    ActiveSupport::MessageEncryptor.new('secret', 'signature_secret')
+    #
+    # Options:
+    # * <tt>:cipher</tt>     - Cipher to use. Can be any cipher returned by
+    #   <tt>OpenSSL::Cipher.ciphers</tt>. Default is 'aes-256-gcm'.
+    # * <tt>:digest</tt> - String of digest to use for signing. Default is
+    #   +SHA1+. Ignored when using an AEAD cipher like 'aes-256-gcm'.
+    # * <tt>:serializer</tt> - Object serializer to use. Default is +Marshal+.
+    def initialize(secret, *signature_key_or_options)
+      options = signature_key_or_options.extract_options!
+      sign_secret = signature_key_or_options.first
+      @secret = secret
+      @sign_secret = sign_secret
+      @cipher = options[:cipher] || self.class.default_cipher
+      @digest = options[:digest] || "SHA1" unless aead_mode?
+      @verifier = resolve_verifier
+      @serializer = options[:serializer] || Marshal
+    end
+
+    # Encrypt and sign a message. We need to sign the message in order to avoid
+    # padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
+    def encrypt_and_sign(value, expires_at: nil, expires_in: nil, purpose: nil)
+      verifier.generate(_encrypt(value, expires_at: expires_at, expires_in: expires_in, purpose: purpose))
+    end
+
+    # Decrypt and verify a message. We need to verify the message in order to
+    # avoid padding attacks. Reference: https://www.limited-entropy.com/padding-oracle-attacks/.
+    def decrypt_and_verify(data, purpose: nil, **)
+      _decrypt(verifier.verify(data), purpose)
+    end
+
+    # Given a cipher, returns the key length of the cipher to help generate the key of desired size
+    def self.key_len(cipher = default_cipher)
+      OpenSSL::Cipher.new(cipher).key_len
+    end
+
+    private
+      def _encrypt(value, **metadata_options)
+        cipher = new_cipher
+        cipher.encrypt
+        cipher.key = @secret
+
+        # Rely on OpenSSL for the initialization vector
+        iv = cipher.random_iv
+        cipher.auth_data = "" if aead_mode?
+
+        encrypted_data = cipher.update(Messages::Metadata.wrap(@serializer.dump(value), metadata_options))
+        encrypted_data << cipher.final
+
+        blob = "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
+        blob = "#{blob}--#{::Base64.strict_encode64 cipher.auth_tag}" if aead_mode?
+        blob
+      end
+
+      def _decrypt(encrypted_message, purpose)
+        cipher = new_cipher
+        encrypted_data, iv, auth_tag = encrypted_message.split("--").map { |v| ::Base64.strict_decode64(v) }
+
+        # Currently the OpenSSL bindings do not raise an error if auth_tag is
+        # truncated, which would allow an attacker to easily forge it. See
+        # https://github.com/ruby/openssl/issues/63
+        raise InvalidMessage if aead_mode? && (auth_tag.nil? || auth_tag.bytes.length != 16)
+
+        cipher.decrypt
+        cipher.key = @secret
+        cipher.iv  = iv
+        if aead_mode?
+          cipher.auth_tag = auth_tag
+          cipher.auth_data = ""
+        end
+
+        decrypted_data = cipher.update(encrypted_data)
+        decrypted_data << cipher.final
+
+        message = Messages::Metadata.verify(decrypted_data, purpose)
+        @serializer.load(message) if message
+      rescue OpenSSLCipherError, TypeError, ArgumentError
+        raise InvalidMessage
+      end
+
+      def new_cipher
+        OpenSSL::Cipher.new(@cipher)
+      end
+
+      attr_reader :verifier
+
+      def aead_mode?
+        @aead_mode ||= new_cipher.authenticated?
+      end
+
+      def resolve_verifier
+        if aead_mode?
+          NullVerifier
+        else
+          MessageVerifier.new(@sign_secret || @secret, digest: @digest, serializer: NullSerializer)
+        end
+      end
+  end
+end