audited 4.8.0 → 4.10.0

data/spec/audited/auditor_spec.rb

@@ -1,5 +1,7 @@
 require "spec_helper"
 
+SingleCov.covered! uncovered: 13 # not testing proxy_respond_to? hack / 2 methods / deprecation of `version`
+
 describe Audited::Auditor do
 
   describe "configuration" do
@@ -210,7 +212,40 @@ describe Audited::Auditor do
       expect(user.audits.last.audited_changes.keys).to eq(%w{non_column_attr})
     end
 
-    if ActiveRecord::Base.connection.adapter_name == 'PostgreSQL' && Rails.version >= "4.2.0.0" # Postgres json and jsonb support was added in Rails 4.2
+    it "should redact columns specified in 'redacted' option" do
+      redacted = Audited::Auditor::AuditedInstanceMethods::REDACTED
+      user = Models::ActiveRecord::UserRedactedPassword.create(password: "password")
+      user.save!
+      expect(user.audits.last.audited_changes['password']).to eq(redacted)
+      user.password = "new_password"
+      user.save!
+      expect(user.audits.last.audited_changes['password']).to eq([redacted, redacted])
+    end
+
+    it "should redact columns specified in 'redacted' option when there are multiple specified" do
+      redacted = Audited::Auditor::AuditedInstanceMethods::REDACTED
+      user =
+        Models::ActiveRecord::UserMultipleRedactedAttributes.create(
+          password: "password",
+          ssn: 123456789
+        )
+      user.save!
+      expect(user.audits.last.audited_changes['password']).to eq(redacted)
+      expect(user.audits.last.audited_changes['ssn']).to eq(redacted)
+      user.password = "new_password"
+      user.ssn = 987654321
+      user.save!
+      expect(user.audits.last.audited_changes['password']).to eq([redacted, redacted])
+      expect(user.audits.last.audited_changes['ssn']).to eq([redacted, redacted])
+    end
+
+    it "should redact columns in 'redacted' column with custom option" do
+      user = Models::ActiveRecord::UserRedactedPasswordCustomRedaction.create(password: "password")
+      user.save!
+      expect(user.audits.last.audited_changes['password']).to eq(["My", "Custom", "Value", 7])
+    end
+
+    if ActiveRecord::Base.connection.adapter_name == 'PostgreSQL'
       describe "'json' and 'jsonb' audited_changes column type" do
         let(:migrations_path) { SPEC_ROOT.join("support/active_record/postgres") }
 
@@ -264,7 +299,7 @@ describe Audited::Auditor do
   end
 
   describe "on create" do
-    let( :user ) { create_user audit_comment: "Create" }
+    let( :user ) { create_user status: :reliable, audit_comment: "Create" }
 
     it "should change the audit count" do
       expect {
@@ -288,6 +323,10 @@ describe Audited::Auditor do
       expect(user.audits.first.audited_changes).to eq(user.audited_attributes)
     end
 
+    it "should store enum value" do
+      expect(user.audits.first.audited_changes["status"]).to eq(1)
+    end
+
     it "should store comment" do
       expect(user.audits.first.comment).to eq('Create')
     end
@@ -306,7 +345,7 @@ describe Audited::Auditor do
 
   describe "on update" do
     before do
-      @user = create_user( name: 'Brandon', audit_comment: 'Update' )
+      @user = create_user( name: 'Brandon', status: :active, audit_comment: 'Update' )
     end
 
     it "should save an audit" do
@@ -319,17 +358,22 @@ describe Audited::Auditor do
     end
 
     it "should set the action to 'update'" do
-      @user.update_attributes name: 'Changed'
+      @user.update! name: 'Changed'
       expect(@user.audits.last.action).to eq('update')
       expect(Audited::Audit.updates.order(:id).last).to eq(@user.audits.last)
       expect(@user.audits.updates.last).to eq(@user.audits.last)
     end
 
     it "should store the changed attributes" do
-      @user.update_attributes name: 'Changed'
+      @user.update! name: 'Changed'
       expect(@user.audits.last.audited_changes).to eq({ 'name' => ['Brandon', 'Changed'] })
     end
 
+    it "should store changed enum values" do
+      @user.update! status: 1
+      expect(@user.audits.last.audited_changes["status"]).to eq([0, 1])
+    end
+
     it "should store audit comment" do
       expect(@user.audits.last.comment).to eq('Update')
     end
@@ -337,12 +381,12 @@ describe Audited::Auditor do
     it "should not save an audit if only specified on create/destroy" do
       on_create_destroy = Models::ActiveRecord::OnCreateDestroy.create( name: 'Bart' )
       expect {
-        on_create_destroy.update_attributes name: 'Changed'
+        on_create_destroy.update! name: 'Changed'
       }.to_not change( Audited::Audit, :count )
     end
 
     it "should not save an audit if the value doesn't change after type casting" do
-      @user.update_attributes! logins: 0, activated: true
+      @user.update! logins: 0, activated: true
       expect { @user.update_attribute :logins, '0' }.to_not change( Audited::Audit, :count )
       expect { @user.update_attribute :activated, 1 }.to_not change( Audited::Audit, :count )
       expect { @user.update_attribute :activated, '1' }.to_not change( Audited::Audit, :count )
@@ -366,7 +410,7 @@ describe Audited::Auditor do
 
   describe "on destroy" do
     before do
-      @user = create_user
+      @user = create_user(status: :active)
     end
 
     it "should save an audit" do
@@ -391,6 +435,11 @@ describe Audited::Auditor do
       expect(@user.audits.last.audited_changes).to eq(@user.audited_attributes)
     end
 
+    it "should store enum value" do
+      @user.destroy
+      expect(@user.audits.last.audited_changes["status"]).to eq(0)
+    end
+
     it "should be able to reconstruct a destroyed record without history" do
       @user.audits.delete_all
       @user.destroy
@@ -492,13 +541,13 @@ describe Audited::Auditor do
     it "should delete old extra audits after introducing limit" do
       stub_global_max_audits(nil) do
         user = Models::ActiveRecord::User.create!(name: 'Brandon', username: 'brandon')
-        user.update_attributes(name: 'Foobar')
-        user.update_attributes(name: 'Awesome', username: 'keepers')
-        user.update_attributes(activated: true)
+        user.update!(name: 'Foobar')
+        user.update!(name: 'Awesome', username: 'keepers')
+        user.update!(activated: true)
 
         Audited.max_audits = 3
         Models::ActiveRecord::User.send(:normalize_audited_options)
-        user.update_attributes(favourite_device: 'Android Phone')
+        user.update!(favourite_device: 'Android Phone')
         audits = user.audits
 
         expect(audits.count).to eq(3)
@@ -549,8 +598,8 @@ describe Audited::Auditor do
 
     it "should set the attributes for each revision" do
       u = Models::ActiveRecord::User.create(name: 'Brandon', username: 'brandon')
-      u.update_attributes name: 'Foobar'
-      u.update_attributes name: 'Awesome', username: 'keepers'
+      u.update! name: 'Foobar'
+      u.update! name: 'Awesome', username: 'keepers'
 
       expect(u.revisions.size).to eql(3)
 
@@ -566,8 +615,8 @@ describe Audited::Auditor do
 
     it "access to only recent revisions" do
       u = Models::ActiveRecord::User.create(name: 'Brandon', username: 'brandon')
-      u.update_attributes name: 'Foobar'
-      u.update_attributes name: 'Awesome', username: 'keepers'
+      u.update! name: 'Foobar'
+      u.update! name: 'Awesome', username: 'keepers'
 
       expect(u.revisions(2).size).to eq(2)
 
@@ -584,7 +633,7 @@ describe Audited::Auditor do
     end
 
     it "should ignore attributes that have been deleted" do
-      user.audits.last.update_attributes audited_changes: {old_attribute: 'old value'}
+      user.audits.last.update! audited_changes: {old_attribute: 'old value'}
       expect { user.revisions }.to_not raise_error
     end
   end
@@ -633,8 +682,8 @@ describe Audited::Auditor do
 
     it "should set the attributes for each revision" do
       u = Models::ActiveRecord::User.create(name: 'Brandon', username: 'brandon')
-      u.update_attributes name: 'Foobar'
-      u.update_attributes name: 'Awesome', username: 'keepers'
+      u.update! name: 'Foobar'
+      u.update! name: 'Awesome', username: 'keepers'
 
       expect(u.revision(3).name).to eq('Awesome')
       expect(u.revision(3).username).to eq('keepers')
@@ -646,6 +695,16 @@ describe Audited::Auditor do
       expect(u.revision(1).username).to eq('brandon')
     end
 
+    it "should correctly restore revision with enum" do
+      u = Models::ActiveRecord::User.create(status: :active)
+      u.update_attribute(:status, :reliable)
+      u.update_attribute(:status, :banned)
+
+      expect(u.revision(3)).to be_banned
+      expect(u.revision(2)).to be_reliable
+      expect(u.revision(1)).to be_active
+    end
+
     it "should be able to get time for first revision" do
       suspended_at = Time.zone.now
       u = Models::ActiveRecord::User.create(suspended_at: suspended_at)
@@ -686,7 +745,7 @@ describe Audited::Auditor do
       audit = user.audits.first
       audit.created_at = 1.hour.ago
       audit.save!
-      user.update_attributes name: 'updated'
+      user.update! name: 'updated'
       expect(user.revision_at( 2.minutes.ago ).audit_version).to eq(1)
     end
 
@@ -702,7 +761,7 @@ describe Audited::Auditor do
       company.update!(name: "Collective Idea")
 
       other_owner = Models::ActiveRecord::Owner.create!
-      other_company = other_owner.companies.create!
+      other_owner.companies.create!
 
       expect(owner.own_and_associated_audits).to match_array(owner.audits + company.audits)
     end
@@ -778,8 +837,67 @@ describe Audited::Auditor do
       Audited.auditing_enabled = true
       expect(Models::ActiveRecord::User.auditing_enabled).to eq(true)
 
-      user.update_attributes(name: 'Test')
+      user.update!(name: 'Test')
       expect(user.audits.count).to eq(1)
+      Models::ActiveRecord::User.enable_auditing
+    end
+  end
+
+  describe "with auditing" do
+    it "should save an audit when calling #save_with_auditing" do
+      expect {
+        u = Models::ActiveRecord::User.new(name: 'Brandon')
+        Models::ActiveRecord::User.auditing_enabled = false
+        expect(u.save_with_auditing).to eq(true)
+        Models::ActiveRecord::User.auditing_enabled = true
+      }.to change( Audited::Audit, :count ).by(1)
+    end
+
+    it "should save an audit inside of the #with_auditing block" do
+      expect {
+        Models::ActiveRecord::User.auditing_enabled = false
+        Models::ActiveRecord::User.with_auditing { Models::ActiveRecord::User.create!( name: 'Brandon' ) }
+        Models::ActiveRecord::User.auditing_enabled = true
+      }.to change( Audited::Audit, :count ).by(1)
+    end
+
+    it "should reset auditing status even it raises an exception" do
+      Models::ActiveRecord::User.disable_auditing
+      Models::ActiveRecord::User.with_auditing { raise } rescue nil
+      expect(Models::ActiveRecord::User.auditing_enabled).to eq(false)
+      Models::ActiveRecord::User.enable_auditing
+    end
+
+    it "should be thread safe using a #with_auditing block" do
+      skip if Models::ActiveRecord::User.connection.class.name.include?("SQLite")
+
+      t1 = Thread.new do
+        Models::ActiveRecord::User.disable_auditing
+        expect(Models::ActiveRecord::User.auditing_enabled).to eq(false)
+        Models::ActiveRecord::User.with_auditing do
+          expect(Models::ActiveRecord::User.auditing_enabled).to eq(true)
+
+          Models::ActiveRecord::User.create!( name: 'Shaggy' )
+          sleep 1
+          expect(Models::ActiveRecord::User.auditing_enabled).to eq(true)
+        end
+        expect(Models::ActiveRecord::User.auditing_enabled).to eq(false)
+        Models::ActiveRecord::User.enable_auditing
+      end
+
+      t2 = Thread.new do
+        sleep 0.5
+        Models::ActiveRecord::User.disable_auditing
+        expect(Models::ActiveRecord::User.auditing_enabled).to eq(false)
+        Models::ActiveRecord::User.create!( name: 'Scooby' )
+        Models::ActiveRecord::User.enable_auditing
+      end
+      t1.join
+      t2.join
+
+      Models::ActiveRecord::User.enable_auditing
+      expect(Models::ActiveRecord::User.find_by_name('Shaggy').audits.count).to eq(1)
+      expect(Models::ActiveRecord::User.find_by_name('Scooby').audits.count).to eq(0)
     end
   end
 
@@ -816,21 +934,21 @@ describe Audited::Auditor do
       let( :on_destroy_user ) { Models::ActiveRecord::OnDestroyCommentRequiredUser.create }
 
       it "should not validate when audit_comment is not supplied" do
-        expect(user.update_attributes(name: 'Test')).to eq(false)
+        expect(user.update(name: 'Test')).to eq(false)
       end
 
       it "should validate when audit_comment is not supplied, and updating is not being audited" do
-        expect(on_create_user.update_attributes(name: 'Test')).to eq(true)
-        expect(on_destroy_user.update_attributes(name: 'Test')).to eq(true)
+        expect(on_create_user.update(name: 'Test')).to eq(true)
+        expect(on_destroy_user.update(name: 'Test')).to eq(true)
       end
 
       it "should validate when audit_comment is supplied" do
-        expect(user.update_attributes(name: 'Test', audit_comment: 'Update')).to eq(true)
+        expect(user.update(name: 'Test', audit_comment: 'Update')).to eq(true)
       end
 
       it "should validate when audit_comment is not supplied, and auditing is disabled" do
         Models::ActiveRecord::CommentRequiredUser.disable_auditing
-        expect(user.update_attributes(name: 'Test')).to eq(true)
+        expect(user.update(name: 'Test')).to eq(true)
         Models::ActiveRecord::CommentRequiredUser.enable_auditing
       end
     end
@@ -863,6 +981,16 @@ describe Audited::Auditor do
 
   end
 
+  describe "no update with comment only" do
+    let( :user ) { Models::ActiveRecord::NoUpdateWithCommentOnlyUser.create }
+
+    it "does not create an audit when only an audit_comment is present" do
+      user.audit_comment = "Comment"
+      expect { user.save! }.to_not change( Audited::Audit, :count )
+    end
+
+  end
+
   describe "attr_protected and attr_accessible" do
 
     it "should not raise error when attr_accessible is set and protected is false" do
@@ -884,7 +1012,7 @@ describe Audited::Auditor do
     it "should record user objects" do
       Models::ActiveRecord::Company.audit_as( user ) do
         company = Models::ActiveRecord::Company.create name: 'The auditors'
-        company.update_attributes name: 'The Auditors'
+        company.update! name: 'The Auditors'
 
         company.audits.each do |audit|
           expect(audit.user).to eq(user)
@@ -895,7 +1023,7 @@ describe Audited::Auditor do
     it "should record usernames" do
       Models::ActiveRecord::Company.audit_as( user.name ) do
         company = Models::ActiveRecord::Company.create name: 'The auditors'
-        company.update_attributes name: 'The Auditors'
+        company.update! name: 'The Auditors'
 
         company.audits.each do |audit|
           expect(audit.user).to eq(user.name)
@@ -905,7 +1033,7 @@ describe Audited::Auditor do
   end
 
   describe "after_audit" do
-    let( :user ) { user = Models::ActiveRecord::UserWithAfterAudit.new }
+    let( :user ) { Models::ActiveRecord::UserWithAfterAudit.new }
 
     it "should invoke after_audit callback on create" do
       expect(user.bogus_attr).to be_nil
@@ -915,7 +1043,7 @@ describe Audited::Auditor do
   end
 
   describe "around_audit" do
-    let( :user ) { user = Models::ActiveRecord::UserWithAfterAudit.new }
+    let( :user ) { Models::ActiveRecord::UserWithAfterAudit.new }
 
     it "should invoke around_audit callback on create" do
       expect(user.around_attr).to be_nil
@@ -930,7 +1058,7 @@ describe Audited::Auditor do
       expect(company.type).to eq("Models::ActiveRecord::Company::STICompany")
       expect {
         Models::ActiveRecord::Company.auditing_enabled = false
-        company.update_attributes name: 'STI auditors'
+        company.update! name: 'STI auditors'
         Models::ActiveRecord::Company.auditing_enabled = true
       }.to_not change( Audited::Audit, :count )
     end

data/spec/audited/sweeper_spec.rb

@@ -1,5 +1,7 @@
 require "spec_helper"
 
+SingleCov.covered! uncovered: 2 # 2 conditional on_load conditions
+
 class AuditsController < ActionController::Base
   before_action :populate_user
 
@@ -11,7 +13,7 @@ class AuditsController < ActionController::Base
   end
 
   def update
-    current_user.update_attributes(password: 'foo')
+    current_user.update!(password: 'foo')
     head :ok
   end
 
@@ -27,14 +29,13 @@ describe AuditsController do
   include RSpec::Rails::ControllerExampleGroup
   render_views
 
-  before(:each) do
+  before do
     Audited.current_user_method = :current_user
   end
 
   let(:user) { create_user }
 
   describe "POST audit" do
-
     it "should audit user" do
       controller.send(:current_user=, user)
       expect {
@@ -44,6 +45,15 @@ describe AuditsController do
       expect(controller.company.audits.last.user).to eq(user)
     end
 
+    it "does not audit when method is not found" do
+      controller.send(:current_user=, user)
+      Audited.current_user_method = :nope
+      expect {
+        post :create
+      }.to change( Audited::Audit, :count )
+      expect(controller.company.audits.last.user).to eq(nil)
+    end
+
     it "should support custom users for sweepers" do
       controller.send(:custom_user=, user)
       Audited.current_user_method = :custom_user
@@ -84,7 +94,6 @@ describe AuditsController do
 
       expect(controller.company.audits.last.user).to eq(user)
     end
-
   end
 
   describe "PUT update" do
@@ -92,13 +101,13 @@ describe AuditsController do
       controller.send(:current_user=, user)
 
       expect {
-        put :update, Rails::VERSION::MAJOR == 4 ? {id: 123} : {params: {id: 123}}
+        params = Rails::VERSION::MAJOR == 4 ? {id: 123} : {params: {id: 123}}
+        put :update, **params
       }.to_not change( Audited::Audit, :count )
     end
   end
 end
 
-
 describe Audited::Sweeper do
 
   it "should be thread-safe" do

data/spec/audited_spec_helpers.rb

@@ -20,8 +20,10 @@ module AuditedSpecHelpers
   def run_migrations(direction, migrations_paths, target_version = nil)
     if rails_below?('5.2.0.rc1')
       ActiveRecord::Migrator.send(direction, migrations_paths, target_version)
-    else
+    elsif rails_below?('6.0.0.rc1')
       ActiveRecord::MigrationContext.new(migrations_paths).send(direction, target_version)
+    else
+      ActiveRecord::MigrationContext.new(migrations_paths, ActiveRecord::SchemaMigration).send(direction, target_version)
     end
   end
 

data/spec/rails_app/app/assets/config/manifest.js

@@ -0,0 +1 @@
+{}

data/spec/rails_app/app/controllers/application_controller.rb

@@ -0,0 +1,2 @@
+class ApplicationController < ActionController::Base
+end

data/spec/rails_app/config/database.yml

@@ -19,6 +19,7 @@ mysql: &MYSQL
   username: root
   password:
   database: audited_test
+  charset: utf8
 
 test:
   <<: *<%= ENV['DB'] || 'SQLITE3MEM' %>

data/spec/spec_helper.rb

@@ -1,6 +1,8 @@
 ENV['RAILS_ENV'] = 'test'
+require 'bundler/setup'
+require 'single_cov'
+SingleCov.setup :rspec
 
-require 'bundler'
 if Bundler.definition.dependencies.map(&:name).include?('protected_attributes')
   require 'protected_attributes'
 end

data/spec/support/active_record/models.rb

@@ -7,6 +7,7 @@ module Models
       audited except: :password
       attribute :non_column_attr if Rails.version >= '5.1'
       attr_protected :logins if respond_to?(:attr_protected)
+      enum status: { active: 0, reliable: 1, banned: 2 }
 
       def name=(val)
         write_attribute(:name, CGI.escapeHTML(val))
@@ -24,6 +25,21 @@ module Models
       audited only: :password
     end
 
+    class UserRedactedPassword < ::ActiveRecord::Base
+      self.table_name = :users
+      audited redacted: :password
+    end
+
+    class UserMultipleRedactedAttributes < ::ActiveRecord::Base
+      self.table_name = :users
+      audited redacted: [:password, :ssn]
+    end
+
+    class UserRedactedPasswordCustomRedaction < ::ActiveRecord::Base
+      self.table_name = :users
+      audited redacted: :password, redaction_value: ["My", "Custom", "Value", 7]
+    end
+
     class CommentRequiredUser < ::ActiveRecord::Base
       self.table_name = :users
       audited comment_required: true
@@ -44,6 +60,11 @@ module Models
       audited comment_required: true, on: :destroy
     end
 
+    class NoUpdateWithCommentOnlyUser < ::ActiveRecord::Base
+      self.table_name = :users
+      audited update_with_comment_only: false
+    end
+
     class AccessibleAfterDeclarationUser < ::ActiveRecord::Base
       self.table_name = :users
       audited

data/spec/support/active_record/schema.rb

@@ -15,10 +15,10 @@ begin
       db_config[:configure_connection] = false
     end
     adapter = ActiveRecord::Base.send("#{db_type}_connection", db_config)
-    adapter.recreate_database db_name
+    adapter.recreate_database db_name, db_config.slice('charset').symbolize_keys
     adapter.disconnect!
   end
-rescue Exception => e
+rescue => e
   Kernel.warn e
 end
 
@@ -35,11 +35,13 @@ ActiveRecord::Schema.define do
     t.column :username, :string
     t.column :password, :string
     t.column :activated, :boolean
+    t.column :status, :integer, default: 0
     t.column :suspended_at, :datetime
     t.column :logins, :integer, default: 0
     t.column :created_at, :datetime
     t.column :updated_at, :datetime
     t.column :favourite_device, :string
+    t.column :ssn, :integer
   end
 
   create_table :companies do |t|