activesupport 6.0.6.1 → 6.1.0.rc1

data/lib/active_support/number_helper.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/dependencies/autoload"
-
 module ActiveSupport
   module NumberHelper
     extend ActiveSupport::Autoload
@@ -73,6 +71,8 @@ module ActiveSupport
     #   (defaults to current locale).
     # * <tt>:precision</tt> - Sets the level of precision (defaults
     #   to 2).
+    # * <tt>:round_mode</tt> - Determine how rounding is performed
+    #   (defaults to :default. See BigDecimal::mode)
     # * <tt>:unit</tt> - Sets the denomination of the currency
     #   (defaults to "$").
     # * <tt>:separator</tt> - Sets the separator between the units
@@ -111,6 +111,8 @@ module ActiveSupport
     #   # => "1234567890,50 &pound;"
     #   number_to_currency(1234567890.50, strip_insignificant_zeros: true)
     #   # => "$1,234,567,890.5"
+    #   number_to_currency(1234567890.50, precision: 0, round_mode: :up)
+    #   # => "$1,234,567,891"
     def number_to_currency(number, options = {})
       NumberToCurrencyConverter.convert(number, options)
     end
@@ -124,6 +126,8 @@ module ActiveSupport
     #   (defaults to current locale).
     # * <tt>:precision</tt> - Sets the precision of the number
     #   (defaults to 3). Keeps the number's precision if +nil+.
+    # * <tt>:round_mode</tt> - Determine how rounding is performed
+    #   (defaults to :default. See BigDecimal::mode)
     # * <tt>:significant</tt> - If +true+, precision will be the number
     #   of significant_digits. If +false+, the number of fractional
     #   digits (defaults to +false+).
@@ -139,15 +143,16 @@ module ActiveSupport
     #
     # ==== Examples
     #
-    #   number_to_percentage(100)                                  # => "100.000%"
-    #   number_to_percentage('98')                                 # => "98.000%"
-    #   number_to_percentage(100, precision: 0)                    # => "100%"
-    #   number_to_percentage(1000, delimiter: '.', separator: ',') # => "1.000,000%"
-    #   number_to_percentage(302.24398923423, precision: 5)        # => "302.24399%"
-    #   number_to_percentage(1000, locale: :fr)                    # => "1000,000%"
-    #   number_to_percentage(1000, precision: nil)                 # => "1000%"
-    #   number_to_percentage('98a')                                # => "98a%"
-    #   number_to_percentage(100, format: '%n  %')                 # => "100.000  %"
+    #   number_to_percentage(100)                                              # => "100.000%"
+    #   number_to_percentage('98')                                             # => "98.000%"
+    #   number_to_percentage(100, precision: 0)                                # => "100%"
+    #   number_to_percentage(1000, delimiter: '.', separator: ',')             # => "1.000,000%"
+    #   number_to_percentage(302.24398923423, precision: 5)                    # => "302.24399%"
+    #   number_to_percentage(1000, locale: :fr)                                # => "1000,000%"
+    #   number_to_percentage(1000, precision: nil)                             # => "1000%"
+    #   number_to_percentage('98a')                                            # => "98a%"
+    #   number_to_percentage(100, format: '%n  %')                             # => "100.000  %"
+    #   number_to_percentage(302.24398923423, precision: 5, round_mode: :down) # => "302.24398%"
     def number_to_percentage(number, options = {})
       NumberToPercentageConverter.convert(number, options)
     end
@@ -198,6 +203,8 @@ module ActiveSupport
     #   (defaults to current locale).
     # * <tt>:precision</tt> - Sets the precision of the number
     #   (defaults to 3). Keeps the number's precision if +nil+.
+    # * <tt>:round_mode</tt> - Determine how rounding is performed
+    #   (defaults to :default. See BigDecimal::mode)
     # * <tt>:significant</tt> - If +true+, precision will be the number
     #   of significant_digits. If +false+, the number of fractional
     #   digits (defaults to +false+).
@@ -219,6 +226,7 @@ module ActiveSupport
     #   number_to_rounded(111.2345, precision: 1, significant: true) # => "100"
     #   number_to_rounded(13, precision: 5, significant: true)       # => "13.000"
     #   number_to_rounded(13, precision: nil)                        # => "13"
+    #   number_to_rounded(389.32314, precision: 0, round_mode: :up)  # => "390"
     #   number_to_rounded(111.234, locale: :fr)                      # => "111,234"
     #
     #   number_to_rounded(13, precision: 5, significant: true, strip_insignificant_zeros: true)
@@ -232,7 +240,7 @@ module ActiveSupport
     end
 
     # Formats the bytes in +number+ into a more understandable
-    # representation (e.g., giving it 1500 yields 1.5 KB). This
+    # representation (e.g., giving it 1500 yields 1.46 KB). This
     # method is useful for reporting file sizes to users. You can
     # customize the format in the +options+ hash.
     #
@@ -245,6 +253,8 @@ module ActiveSupport
     #   (defaults to current locale).
     # * <tt>:precision</tt> - Sets the precision of the number
     #   (defaults to 3).
+    # * <tt>:round_mode</tt> - Determine how rounding is performed
+    #   (defaults to :default. See BigDecimal::mode)
     # * <tt>:significant</tt> - If +true+, precision will be the number
     #   of significant_digits. If +false+, the number of fractional
     #   digits (defaults to +true+)
@@ -268,6 +278,7 @@ module ActiveSupport
     #   number_to_human_size(1234567890123456789)                    # => "1.07 EB"
     #   number_to_human_size(1234567, precision: 2)                  # => "1.2 MB"
     #   number_to_human_size(483989, precision: 2)                   # => "470 KB"
+    #   number_to_human_size(483989, precision: 2, round_mode: :up)  # => "480 KB"
     #   number_to_human_size(1234567, precision: 2, separator: ',')  # => "1,2 MB"
     #   number_to_human_size(1234567890123, precision: 5)            # => "1.1228 TB"
     #   number_to_human_size(524288000, precision: 5)                # => "500 MB"
@@ -276,7 +287,7 @@ module ActiveSupport
     end
 
     # Pretty prints (formats and approximates) a number in a way it
-    # is more readable by humans (eg.: 1200000000 becomes "1.2
+    # is more readable by humans (e.g.: 1200000000 becomes "1.2
     # Billion"). This is useful for numbers that can get very large
     # (and too hard to read).
     #
@@ -284,7 +295,7 @@ module ActiveSupport
     # size.
     #
     # You can also define your own unit-quantifier names if you want
-    # to use other decimal units (eg.: 1500 becomes "1.5
+    # to use other decimal units (e.g.: 1500 becomes "1.5
     # kilometers", 0.150 becomes "150 milliliters", etc). You may
     # define a wide range of unit quantifiers, even fractional ones
     # (centi, deci, mili, etc).
@@ -295,6 +306,8 @@ module ActiveSupport
     #   (defaults to current locale).
     # * <tt>:precision</tt> - Sets the precision of the number
     #   (defaults to 3).
+    # * <tt>:round_mode</tt> - Determine how rounding is performed
+    #   (defaults to :default. See BigDecimal::mode)
     # * <tt>:significant</tt> - If +true+, precision will be the number
     #   of significant_digits. If +false+, the number of fractional
     #   digits (defaults to +true+)
@@ -332,6 +345,8 @@ module ActiveSupport
     #   number_to_human(1234567890123456789)         # => "1230 Quadrillion"
     #   number_to_human(489939, precision: 2)        # => "490 Thousand"
     #   number_to_human(489939, precision: 4)        # => "489.9 Thousand"
+    #   number_to_human(489939, precision: 2
+    #                         , round_mode: :down)   # => "480 Thousand"
     #   number_to_human(1234567, precision: 4,
     #                            significant: false) # => "1.2346 Million"
     #   number_to_human(1234567, precision: 1,

data/lib/active_support/option_merger.rb

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/hash/deep_merge"
+require "active_support/core_ext/symbol/starts_ends_with"
 
 module ActiveSupport
   class OptionMerger #:nodoc:
     instance_methods.each do |method|
-      undef_method(method) if !/^(__|instance_eval|class|object_id)/.match?(method)
+      undef_method(method) unless method.start_with?("__", "instance_eval", "class", "object_id")
     end
 
     def initialize(context, options)

data/lib/active_support/ordered_options.rb

@@ -3,7 +3,9 @@
 require "active_support/core_ext/object/blank"
 
 module ActiveSupport
-  # Usually key value pairs are handled something like this:
+  # +OrderedOptions+ inherits from +Hash+ and provides dynamic accessor methods.
+  #
+  # With a +Hash+, key-value pairs are typically managed like this:
   #
   #   h = {}
   #   h[:boy] = 'John'
@@ -12,7 +14,7 @@ module ActiveSupport
   #   h[:girl] # => 'Mary'
   #   h[:dog]  # => nil
   #
-  # Using +OrderedOptions+, the above code could be reduced to:
+  # Using +OrderedOptions+, the above code can be written as:
   #
   #   h = ActiveSupport::OrderedOptions.new
   #   h.boy = 'John'
@@ -60,6 +62,10 @@ module ActiveSupport
     def extractable_options?
       true
     end
+
+    def inspect
+      "#<#{self.class.name} #{super}>"
+    end
   end
 
   # +InheritableOptions+ provides a constructor to build an +OrderedOptions+

data/lib/active_support/parameter_filter.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "active_support/core_ext/object/duplicable"
-require "active_support/core_ext/array/extract"
 
 module ActiveSupport
   # +ParameterFilter+ allows you to specify keys for sensitive data from
@@ -22,7 +21,7 @@ module ActiveSupport
   #   change { file: { code: "xxxx"} }
   #
   #   ActiveSupport::ParameterFilter.new([-> (k, v) do
-  #     v.reverse! if k =~ /secret/i
+  #     v.reverse! if /secret/i.match?(k)
   #   end])
   #   => reverses the value to all keys matching /secret/i
   class ParameterFilter
@@ -59,24 +58,30 @@ module ActiveSupport
       def self.compile(filters, mask:)
         return lambda { |params| params.dup } if filters.empty?
 
-        strings, regexps, blocks = [], [], []
+        strings, regexps, blocks, deep_regexps, deep_strings = [], [], [], nil, nil
 
         filters.each do |item|
           case item
           when Proc
             blocks << item
           when Regexp
-            regexps << item
+            if item.to_s.include?("\\.")
+              (deep_regexps ||= []) << item
+            else
+              regexps << item
+            end
           else
-            strings << Regexp.escape(item.to_s)
+            s = Regexp.escape(item.to_s)
+            if s.include?("\\.")
+              (deep_strings ||= []) << s
+            else
+              strings << s
+            end
           end
         end
 
-        deep_regexps = regexps.extract! { |r| r.to_s.include?("\\.") }
-        deep_strings = strings.extract! { |s| s.include?("\\.") }
-
         regexps << Regexp.new(strings.join("|"), true) unless strings.empty?
-        deep_regexps << Regexp.new(deep_strings.join("|"), true) unless deep_strings.empty?
+        (deep_regexps ||= []) << Regexp.new(deep_strings.join("|"), true) if deep_strings&.any?
 
         new regexps, deep_regexps, blocks, mask: mask
       end
@@ -85,7 +90,7 @@ module ActiveSupport
 
       def initialize(regexps, deep_regexps, blocks, mask:)
         @regexps = regexps
-        @deep_regexps = deep_regexps.any? ? deep_regexps : nil
+        @deep_regexps = deep_regexps&.any? ? deep_regexps : nil
         @blocks = blocks
         @mask = mask
       end

data/lib/active_support/per_thread_registry.rb

@@ -40,7 +40,7 @@ module ActiveSupport
   # If the class has an initializer, it must accept no arguments.
   module PerThreadRegistry
     def self.extended(object)
-      object.instance_variable_set "@per_thread_registry_key", object.name.freeze
+      object.instance_variable_set :@per_thread_registry_key, object.name.freeze
     end
 
     def instance

data/lib/active_support/rails.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# This is private interface.
+# This is a private interface.
 #
 # Rails components cherry pick from Active Support as needed, but there are a
 # few features that are used for sure in some way or another and it is not worth
@@ -13,9 +13,6 @@
 # Defines Object#blank? and Object#present?.
 require "active_support/core_ext/object/blank"
 
-# Rails own autoload, eager_load, etc.
-require "active_support/dependencies/autoload"
-
 # Support for ClassMethods and the included macro.
 require "active_support/concern"
 

data/lib/active_support/railtie.rb

@@ -22,12 +22,25 @@ module ActiveSupport
       app.reloader.before_class_unload { ActiveSupport::CurrentAttributes.clear_all }
       app.executor.to_run              { ActiveSupport::CurrentAttributes.reset_all }
       app.executor.to_complete         { ActiveSupport::CurrentAttributes.reset_all }
+
+      ActiveSupport.on_load(:active_support_test_case) do
+        require "active_support/current_attributes/test_helper"
+        include ActiveSupport::CurrentAttributes::TestHelper
+      end
     end
 
     initializer "active_support.deprecation_behavior" do |app|
       if deprecation = app.config.active_support.deprecation
         ActiveSupport::Deprecation.behavior = deprecation
       end
+
+      if disallowed_deprecation = app.config.active_support.disallowed_deprecation
+        ActiveSupport::Deprecation.disallowed_behavior = disallowed_deprecation
+      end
+
+      if disallowed_warnings = app.config.active_support.disallowed_deprecation_warnings
+        ActiveSupport::Deprecation.disallowed_warnings = disallowed_warnings
+      end
     end
 
     # Sets the default value for Time.zone
@@ -65,15 +78,24 @@ module ActiveSupport
     initializer "active_support.set_configs" do |app|
       app.config.active_support.each do |k, v|
         k = "#{k}="
-        ActiveSupport.send(k, v) if ActiveSupport.respond_to? k
+        ActiveSupport.public_send(k, v) if ActiveSupport.respond_to? k
       end
     end
 
     initializer "active_support.set_hash_digest_class" do |app|
       config.after_initialize do
         if app.config.active_support.use_sha1_digests
+          ActiveSupport::Deprecation.warn(<<-MSG.squish)
+            config.active_support.use_sha1_digests is deprecated and will
+            be removed from Rails 6.2. Use
+            config.active_support.hash_digest_class = ::Digest::SHA1 instead.
+          MSG
           ActiveSupport::Digest.hash_digest_class = ::Digest::SHA1
         end
+
+        if klass = app.config.active_support.hash_digest_class
+          ActiveSupport::Digest.hash_digest_class = klass
+        end
       end
     end
   end

data/lib/active_support/reloader.rb

@@ -58,7 +58,7 @@ module ActiveSupport
       prepare!
     end
 
-    def self.run!(reset: false) # :nodoc:
+    def self.run! # :nodoc:
       if check!
         super
       else

data/lib/active_support/secure_compare_rotator.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require "active_support/security_utils"
+require "active_support/messages/rotator"
+
+module ActiveSupport
+  # The ActiveSupport::SecureCompareRotator is a wrapper around +ActiveSupport::SecurityUtils.secure_compare+
+  # and allows you to rotate a previously defined value to a new one.
+  #
+  # It can be used as follow:
+  #
+  #   rotator = ActiveSupport::SecureCompareRotator.new('new_production_value')
+  #   rotator.rotate('previous_production_value')
+  #   rotator.secure_compare!('previous_production_value')
+  #
+  # One real use case example would be to rotate a basic auth credentials:
+  #
+  #   class MyController < ApplicationController
+  #     def authenticate_request
+  #       rotator = ActiveSupport::SecureComparerotator.new('new_password')
+  #       rotator.rotate('old_password')
+  #
+  #       authenticate_or_request_with_http_basic do |username, password|
+  #         rotator.secure_compare!(password)
+  #       rescue ActiveSupport::SecureCompareRotator::InvalidMatch
+  #         false
+  #       end
+  #     end
+  #   end
+  class SecureCompareRotator
+    include SecurityUtils
+    prepend Messages::Rotator
+
+    InvalidMatch = Class.new(StandardError)
+
+    def initialize(value, **_options)
+      @value = value
+    end
+
+    def secure_compare!(other_value, on_rotation: @on_rotation)
+      secure_compare(@value, other_value) ||
+        run_rotations(on_rotation) { |wrapper| wrapper.secure_compare!(other_value) } ||
+        raise(InvalidMatch)
+    end
+
+    private
+      def build_rotation(previous_value, _options)
+        self.class.new(previous_value)
+      end
+  end
+end

data/lib/active_support/security_utils.rb

@@ -1,30 +1,37 @@
 # frozen_string_literal: true
 
-require "digest/sha2"
-
 module ActiveSupport
   module SecurityUtils
     # Constant time string comparison, for fixed length strings.
     #
     # The values compared should be of fixed length, such as strings
     # that have already been processed by HMAC. Raises in case of length mismatch.
-    def fixed_length_secure_compare(a, b)
-      raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
 
-      l = a.unpack "C#{a.bytesize}"
+    if defined?(OpenSSL.fixed_length_secure_compare)
+      def fixed_length_secure_compare(a, b)
+        OpenSSL.fixed_length_secure_compare(a, b)
+      end
+    else
+      def fixed_length_secure_compare(a, b)
+        raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
+
+        l = a.unpack "C#{a.bytesize}"
 
-      res = 0
-      b.each_byte { |byte| res |= byte ^ l.shift }
-      res == 0
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
+      end
     end
     module_function :fixed_length_secure_compare
 
-    # Constant time string comparison, for variable length strings.
+    # Secure string comparison for strings of variable length.
     #
-    # The values are first processed by SHA256, so that we don't leak length info
-    # via timing attacks.
+    # While a timing attack would not be able to discern the content of
+    # a secret compared via secure_compare, it is possible to determine
+    # the secret length. This should be considered when using secure_compare
+    # to compare weak, short secrets to user input.
     def secure_compare(a, b)
-      fixed_length_secure_compare(::Digest::SHA256.digest(a), ::Digest::SHA256.digest(b)) && a == b
+      a.length == b.length && fixed_length_secure_compare(a, b)
     end
     module_function :secure_compare
   end

data/lib/active_support/string_inquirer.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "active_support/core_ext/symbol/starts_ends_with"
+
 module ActiveSupport
   # Wrapping a string in this class gives you a prettier way to test
   # for equality. The value returned by <tt>Rails.env</tt> is wrapped
@@ -19,11 +21,11 @@ module ActiveSupport
   class StringInquirer < String
     private
       def respond_to_missing?(method_name, include_private = false)
-        (method_name[-1] == "?") || super
+        method_name.end_with?("?") || super
       end
 
       def method_missing(method_name, *arguments)
-        if method_name[-1] == "?"
+        if method_name.end_with?("?")
           self == method_name[0..-2]
         else
           super

data/lib/active_support/subscriber.rb

@@ -31,15 +31,16 @@ module ActiveSupport
   class Subscriber
     class << self
       # Attach the subscriber to a namespace.
-      def attach_to(namespace, subscriber = new, notifier = ActiveSupport::Notifications)
+      def attach_to(namespace, subscriber = new, notifier = ActiveSupport::Notifications, inherit_all: false)
         @namespace  = namespace
         @subscriber = subscriber
         @notifier   = notifier
+        @inherit_all = inherit_all
 
         subscribers << subscriber
 
         # Add event subscribers for all existing methods on the class.
-        subscriber.public_methods(false).each do |event|
+        fetch_public_methods(subscriber, inherit_all).each do |event|
           add_event_subscriber(event)
         end
       end
@@ -55,7 +56,7 @@ module ActiveSupport
         subscribers.delete(subscriber)
 
         # Remove event subscribers of all existing methods on the class.
-        subscriber.public_methods(false).each do |event|
+        fetch_public_methods(subscriber, true).each do |event|
           remove_event_subscriber(event)
         end
 
@@ -81,18 +82,18 @@ module ActiveSupport
         attr_reader :subscriber, :notifier, :namespace
 
         def add_event_subscriber(event) # :doc:
-          return if invalid_event?(event.to_s)
+          return if invalid_event?(event)
 
           pattern = prepare_pattern(event)
 
-          # Don't add multiple subscribers (eg. if methods are redefined).
+          # Don't add multiple subscribers (e.g. if methods are redefined).
           return if pattern_subscribed?(pattern)
 
           subscriber.patterns[pattern] = notifier.subscribe(pattern, subscriber)
         end
 
         def remove_event_subscriber(event) # :doc:
-          return if invalid_event?(event.to_s)
+          return if invalid_event?(event)
 
           pattern = prepare_pattern(event)
 
@@ -107,7 +108,7 @@ module ActiveSupport
         end
 
         def invalid_event?(event)
-          %w{ start finish }.include?(event.to_s)
+          %i{ start finish }.include?(event.to_sym)
         end
 
         def prepare_pattern(event)
@@ -117,6 +118,10 @@ module ActiveSupport
         def pattern_subscribed?(pattern)
           subscriber.patterns.key?(pattern)
         end
+
+        def fetch_public_methods(subscriber, inherit_all)
+          subscriber.public_methods(inherit_all) - Subscriber.public_instance_methods(true)
+        end
     end
 
     attr_reader :patterns # :nodoc:

data/lib/active_support/tagged_logging.rb

@@ -8,11 +8,20 @@ require "active_support/logger"
 module ActiveSupport
   # Wraps any standard Logger object to provide tagging capabilities.
   #
+  # May be called with a block:
+  #
   #   logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
   #   logger.tagged('BCX') { logger.info 'Stuff' }                            # Logs "[BCX] Stuff"
   #   logger.tagged('BCX', "Jason") { logger.info 'Stuff' }                   # Logs "[BCX] [Jason] Stuff"
   #   logger.tagged('BCX') { logger.tagged('Jason') { logger.info 'Stuff' } } # Logs "[BCX] [Jason] Stuff"
   #
+  # If called without a block, a new logger will be returned with applied tags:
+  #
+  #   logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
+  #   logger.tagged("BCX").info "Stuff"                 # Logs "[BCX] Stuff"
+  #   logger.tagged("BCX", "Jason").info "Stuff"        # Logs "[BCX] [Jason] Stuff"
+  #   logger.tagged("BCX").tagged("Jason").info "Stuff" # Logs "[BCX] [Jason] Stuff"
+  #
   # This is used by the default Rails.logger as configured by Railties to make
   # it easy to stamp log lines with subdomains, request ids, and anything else
   # to aid debugging of multi-user production applications.
@@ -31,9 +40,10 @@ module ActiveSupport
       end
 
       def push_tags(*tags)
-        tags.flatten.reject(&:blank?).tap do |new_tags|
-          current_tags.concat new_tags
-        end
+        tags.flatten!
+        tags.reject!(&:blank?)
+        current_tags.concat tags
+        tags
       end
 
       def pop_tags(size = 1)
@@ -60,6 +70,14 @@ module ActiveSupport
       end
     end
 
+    module LocalTagStorage # :nodoc:
+      attr_accessor :current_tags
+
+      def self.extended(base)
+        base.current_tags = []
+      end
+    end
+
     def self.new(logger)
       logger = logger.dup
 
@@ -77,7 +95,14 @@ module ActiveSupport
     delegate :push_tags, :pop_tags, :clear_tags!, to: :formatter
 
     def tagged(*tags)
-      formatter.tagged(*tags) { yield self }
+      if block_given?
+        formatter.tagged(*tags) { yield self }
+      else
+        logger = ActiveSupport::TaggedLogging.new(self)
+        logger.formatter.extend LocalTagStorage
+        logger.push_tags(*formatter.current_tags, *tags)
+        logger
+      end
     end
 
     def flush