omg-activemodel 8.0.0.alpha1

data/lib/active_model/secure_password.rb

@@ -0,0 +1,231 @@
+# frozen_string_literal: true
+
+module ActiveModel
+  module SecurePassword
+    extend ActiveSupport::Concern
+
+    # BCrypt hash function can handle maximum 72 bytes, and if we pass
+    # password of length more than 72 bytes it ignores extra characters.
+    # Hence need to put a restriction on password length.
+    MAX_PASSWORD_LENGTH_ALLOWED = 72
+
+    class << self
+      attr_accessor :min_cost # :nodoc:
+    end
+    self.min_cost = false
+
+    module ClassMethods
+      # Adds methods to set and authenticate against a BCrypt password.
+      # This mechanism requires you to have a +XXX_digest+ attribute,
+      # where +XXX+ is the attribute name of your desired password.
+      #
+      # The following validations are added automatically:
+      # * Password must be present on creation
+      # * Password length should be less than or equal to 72 bytes
+      # * Confirmation of password (using a +XXX_confirmation+ attribute)
+      #
+      # If confirmation validation is not needed, simply leave out the
+      # value for +XXX_confirmation+ (i.e. don't provide a form field for
+      # it). When this attribute has a +nil+ value, the validation will not be
+      # triggered.
+      #
+      # Additionally, a +XXX_challenge+ attribute is created. When set to a
+      # value other than +nil+, it will validate against the currently persisted
+      # password. This validation relies on dirty tracking, as provided by
+      # ActiveModel::Dirty; if dirty tracking methods are not defined, this
+      # validation will fail.
+      #
+      # All of the above validations can be omitted by passing
+      # <tt>validations: false</tt> as an argument. This allows complete
+      # customizability of validation behavior.
+      #
+      # Finally, a password reset token that's valid for 15 minutes after issue
+      # is automatically configured when +reset_token+ is set to true (which it is by default)
+      # and the object reponds to +generates_token_for+ (which Active Records do).
+      #
+      # To use +has_secure_password+, add bcrypt (~> 3.1.7) to your Gemfile:
+      #
+      #   gem "bcrypt", "~> 3.1.7"
+      #
+      # ==== Examples
+      #
+      # ===== Using Active Record (which automatically includes ActiveModel::SecurePassword)
+      #
+      #   # Schema: User(name:string, password_digest:string, recovery_password_digest:string)
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #     has_secure_password :recovery_password, validations: false
+      #   end
+      #
+      #   user = User.new(name: "david", password: "", password_confirmation: "nomatch")
+      #
+      #   user.save                                                      # => false, password required
+      #   user.password = "vr00m"
+      #   user.save                                                      # => false, confirmation doesn't match
+      #   user.password_confirmation = "vr00m"
+      #   user.save                                                      # => true
+      #
+      #   user.authenticate("notright")                                  # => false
+      #   user.authenticate("vr00m")                                     # => user
+      #   User.find_by(name: "david")&.authenticate("notright")          # => false
+      #   User.find_by(name: "david")&.authenticate("vr00m")             # => user
+      #
+      #   user.recovery_password = "42password"
+      #   user.recovery_password_digest                                  # => "$2a$04$iOfhwahFymCs5weB3BNH/uXkTG65HR.qpW.bNhEjFP3ftli3o5DQC"
+      #   user.save                                                      # => true
+      #
+      #   user.authenticate_recovery_password("42password")              # => user
+      #
+      #   user.update(password: "pwn3d", password_challenge: "")         # => false, challenge doesn't authenticate
+      #   user.update(password: "nohack4u", password_challenge: "vr00m") # => true
+      #
+      #   user.authenticate("vr00m")                                     # => false, old password
+      #   user.authenticate("nohack4u")                                  # => user
+      #
+      # ===== Conditionally requiring a password
+      #
+      #   class Account
+      #     include ActiveModel::SecurePassword
+      #
+      #     attr_accessor :is_guest, :password_digest
+      #
+      #     has_secure_password
+      #
+      #     def errors
+      #       super.tap { |errors| errors.delete(:password, :blank) if is_guest }
+      #     end
+      #   end
+      #
+      #   account = Account.new
+      #   account.valid? # => false, password required
+      #
+      #   account.is_guest = true
+      #   account.valid? # => true
+      #
+      # ===== Using the password reset token
+      #
+      #   user = User.create!(name: "david", password: "123", password_confirmation: "123")
+      #   token = user.password_reset_token
+      #   User.find_by_password_reset_token(token) # returns user
+      #
+      #   # 16 minutes later...
+      #   User.find_by_password_reset_token(token) # returns nil
+      #
+      #   # raises ActiveSupport::MessageVerifier::InvalidSignature since the token is expired
+      #   User.find_by_password_reset_token!(token)
+      def has_secure_password(attribute = :password, validations: true, reset_token: true)
+        # Load bcrypt gem only when has_secure_password is used.
+        # This is to avoid ActiveModel (and by extension the entire framework)
+        # being dependent on a binary library.
+        begin
+          require "bcrypt"
+        rescue LoadError
+          warn "You don't have bcrypt installed in your application. Please add it to your Gemfile and run bundle install."
+          raise
+        end
+
+        include InstanceMethodsOnActivation.new(attribute, reset_token: reset_token)
+
+        if validations
+          include ActiveModel::Validations
+
+          # This ensures the model has a password by checking whether the password_digest
+          # is present, so that this works with both new and existing records. However,
+          # when there is an error, the message is added to the password attribute instead
+          # so that the error message will make sense to the end-user.
+          validate do |record|
+            record.errors.add(attribute, :blank) unless record.public_send("#{attribute}_digest").present?
+          end
+
+          validate do |record|
+            if challenge = record.public_send(:"#{attribute}_challenge")
+              digest_was = record.public_send(:"#{attribute}_digest_was") if record.respond_to?(:"#{attribute}_digest_was")
+
+              unless digest_was.present? && BCrypt::Password.new(digest_was).is_password?(challenge)
+                record.errors.add(:"#{attribute}_challenge")
+              end
+            end
+          end
+
+          # Validates that the password does not exceed the maximum allowed bytes for BCrypt (72 bytes).
+          validate do |record|
+            password_value = record.public_send(attribute)
+            if password_value.present? && password_value.bytesize > ActiveModel::SecurePassword::MAX_PASSWORD_LENGTH_ALLOWED
+              record.errors.add(attribute, :password_too_long)
+            end
+          end
+
+          validates_confirmation_of attribute, allow_blank: true
+        end
+
+        # Only generate tokens for records that are capable of doing so (Active Records, not vanilla Active Models)
+        if reset_token && respond_to?(:generates_token_for)
+          generates_token_for :"#{attribute}_reset", expires_in: 15.minutes do
+            public_send(:"#{attribute}_salt")&.last(10)
+          end
+
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            silence_redefinition_of_method :find_by_#{attribute}_reset_token
+            def self.find_by_#{attribute}_reset_token(token)
+              find_by_token_for(:#{attribute}_reset, token)
+            end
+
+            silence_redefinition_of_method :find_by_#{attribute}_reset_token!
+            def self.find_by_#{attribute}_reset_token!(token)
+              find_by_token_for!(:#{attribute}_reset, token)
+            end
+          RUBY
+        end
+      end
+    end
+
+    class InstanceMethodsOnActivation < Module
+      def initialize(attribute, reset_token:)
+        attr_reader attribute
+
+        define_method("#{attribute}=") do |unencrypted_password|
+          if unencrypted_password.nil?
+            instance_variable_set("@#{attribute}", nil)
+            self.public_send("#{attribute}_digest=", nil)
+          elsif !unencrypted_password.empty?
+            instance_variable_set("@#{attribute}", unencrypted_password)
+            cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
+            self.public_send("#{attribute}_digest=", BCrypt::Password.create(unencrypted_password, cost: cost))
+          end
+        end
+
+        attr_accessor :"#{attribute}_confirmation", :"#{attribute}_challenge"
+
+        # Returns +self+ if the password is correct, otherwise +false+.
+        #
+        #   class User < ActiveRecord::Base
+        #     has_secure_password validations: false
+        #   end
+        #
+        #   user = User.new(name: 'david', password: 'mUc3m00RsqyRe')
+        #   user.save
+        #   user.authenticate_password('notright')      # => false
+        #   user.authenticate_password('mUc3m00RsqyRe') # => user
+        define_method("authenticate_#{attribute}") do |unencrypted_password|
+          attribute_digest = public_send("#{attribute}_digest")
+          attribute_digest.present? && BCrypt::Password.new(attribute_digest).is_password?(unencrypted_password) && self
+        end
+
+        # Returns the salt, a small chunk of random data added to the password before it's hashed.
+        define_method("#{attribute}_salt") do
+          attribute_digest = public_send("#{attribute}_digest")
+          attribute_digest.present? ? BCrypt::Password.new(attribute_digest).salt : nil
+        end
+
+        alias_method :authenticate, :authenticate_password if attribute == :password
+
+        if reset_token
+          # Returns the class-level configured reset token for the password.
+          define_method("#{attribute}_reset_token") do
+            generate_token_for(:"#{attribute}_reset")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_model/serialization.rb

@@ -0,0 +1,198 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/enumerable"
+
+module ActiveModel
+  # = Active \Model \Serialization
+  #
+  # Provides a basic serialization to a serializable_hash for your objects.
+  #
+  # A minimal implementation could be:
+  #
+  #   class Person
+  #     include ActiveModel::Serialization
+  #
+  #     attr_accessor :name
+  #
+  #     def attributes
+  #       {'name' => nil}
+  #     end
+  #   end
+  #
+  # Which would provide you with:
+  #
+  #   person = Person.new
+  #   person.serializable_hash   # => {"name"=>nil}
+  #   person.name = "Bob"
+  #   person.serializable_hash   # => {"name"=>"Bob"}
+  #
+  # An +attributes+ hash must be defined and should contain any attributes you
+  # need to be serialized. Attributes must be strings, not symbols.
+  # When called, serializable hash will use instance methods that match the name
+  # of the attributes hash's keys. In order to override this behavior, take a look
+  # at the private method +read_attribute_for_serialization+.
+  #
+  # ActiveModel::Serializers::JSON module automatically includes
+  # the +ActiveModel::Serialization+ module, so there is no need to
+  # explicitly include +ActiveModel::Serialization+.
+  #
+  # A minimal implementation including JSON would be:
+  #
+  #   class Person
+  #     include ActiveModel::Serializers::JSON
+  #
+  #     attr_accessor :name
+  #
+  #     def attributes
+  #       {'name' => nil}
+  #     end
+  #   end
+  #
+  # Which would provide you with:
+  #
+  #   person = Person.new
+  #   person.serializable_hash   # => {"name"=>nil}
+  #   person.as_json             # => {"name"=>nil}
+  #   person.to_json             # => "{\"name\":null}"
+  #
+  #   person.name = "Bob"
+  #   person.serializable_hash   # => {"name"=>"Bob"}
+  #   person.as_json             # => {"name"=>"Bob"}
+  #   person.to_json             # => "{\"name\":\"Bob\"}"
+  #
+  # Valid options are <tt>:only</tt>, <tt>:except</tt>, <tt>:methods</tt> and
+  # <tt>:include</tt>. The following are all valid examples:
+  #
+  #   person.serializable_hash(only: 'name')
+  #   person.serializable_hash(include: :address)
+  #   person.serializable_hash(include: { address: { only: 'city' }})
+  module Serialization
+    # Returns a serialized hash of your object.
+    #
+    #   class Person
+    #     include ActiveModel::Serialization
+    #
+    #     attr_accessor :name, :age
+    #
+    #     def attributes
+    #       {'name' => nil, 'age' => nil}
+    #     end
+    #
+    #     def capitalized_name
+    #       name.capitalize
+    #     end
+    #   end
+    #
+    #   person = Person.new
+    #   person.name = 'bob'
+    #   person.age  = 22
+    #   person.serializable_hash                # => {"name"=>"bob", "age"=>22}
+    #   person.serializable_hash(only: :name)   # => {"name"=>"bob"}
+    #   person.serializable_hash(except: :name) # => {"age"=>22}
+    #   person.serializable_hash(methods: :capitalized_name)
+    #   # => {"name"=>"bob", "age"=>22, "capitalized_name"=>"Bob"}
+    #
+    # Example with <tt>:include</tt> option
+    #
+    #   class User
+    #     include ActiveModel::Serializers::JSON
+    #     attr_accessor :name, :notes # Emulate has_many :notes
+    #     def attributes
+    #       {'name' => nil}
+    #     end
+    #   end
+    #
+    #   class Note
+    #     include ActiveModel::Serializers::JSON
+    #     attr_accessor :title, :text
+    #     def attributes
+    #       {'title' => nil, 'text' => nil}
+    #     end
+    #   end
+    #
+    #   note = Note.new
+    #   note.title = 'Battle of Austerlitz'
+    #   note.text = 'Some text here'
+    #
+    #   user = User.new
+    #   user.name = 'Napoleon'
+    #   user.notes = [note]
+    #
+    #   user.serializable_hash
+    #   # => {"name" => "Napoleon"}
+    #   user.serializable_hash(include: { notes: { only: 'title' }})
+    #   # => {"name" => "Napoleon", "notes" => [{"title"=>"Battle of Austerlitz"}]}
+    def serializable_hash(options = nil)
+      attribute_names = attribute_names_for_serialization
+
+      return serializable_attributes(attribute_names) if options.blank?
+
+      if only = options[:only]
+        attribute_names &= Array(only).map(&:to_s)
+      elsif except = options[:except]
+        attribute_names -= Array(except).map(&:to_s)
+      end
+
+      hash = serializable_attributes(attribute_names)
+
+      Array(options[:methods]).each { |m| hash[m.to_s] = send(m) }
+
+      serializable_add_includes(options) do |association, records, opts|
+        hash[association.to_s] = if records.respond_to?(:to_ary)
+          records.to_ary.map { |a| a.serializable_hash(opts) }
+        else
+          records.serializable_hash(opts)
+        end
+      end
+
+      hash
+    end
+
+    private
+      def attribute_names_for_serialization
+        attributes.keys
+      end
+
+      # Hook method defining how an attribute value should be retrieved for
+      # serialization. By default this is assumed to be an instance named after
+      # the attribute. Override this method in subclasses should you need to
+      # retrieve the value for a given attribute differently:
+      #
+      #   class MyClass
+      #     include ActiveModel::Serialization
+      #
+      #     def initialize(data = {})
+      #       @data = data
+      #     end
+      #
+      #     def read_attribute_for_serialization(key)
+      #       @data[key]
+      #     end
+      #   end
+      alias :read_attribute_for_serialization :send
+
+      def serializable_attributes(attribute_names)
+        attribute_names.index_with { |n| read_attribute_for_serialization(n) }
+      end
+
+      # Add associations specified via the <tt>:include</tt> option.
+      #
+      # Expects a block that takes as arguments:
+      #   +association+ - name of the association
+      #   +records+     - the association record(s) to be serialized
+      #   +opts+        - options for the association records
+      def serializable_add_includes(options = {}) # :nodoc:
+        return unless includes = options[:include]
+
+        unless includes.is_a?(Hash)
+          includes = Hash[Array(includes).flat_map { |n| n.is_a?(Hash) ? n.to_a : [[n, {}]] }]
+        end
+
+        includes.each do |association, opts|
+          if records = send(association)
+            yield association, records, opts
+          end
+        end
+      end
+  end
+end

data/lib/active_model/serializers/json.rb

@@ -0,0 +1,154 @@
+# frozen_string_literal: true
+
+require "active_support/json"
+
+module ActiveModel
+  module Serializers
+    # = Active \Model \JSON \Serializer
+    module JSON
+      extend ActiveSupport::Concern
+      include ActiveModel::Serialization
+
+      included do
+        extend ActiveModel::Naming
+
+        class_attribute :include_root_in_json, instance_writer: false, default: false
+      end
+
+      # Returns a hash representing the model. Some configuration can be
+      # passed through +options+.
+      #
+      # The option <tt>include_root_in_json</tt> controls the top-level behavior
+      # of +as_json+. If +true+, +as_json+ will emit a single root node named
+      # after the object's type. The default value for <tt>include_root_in_json</tt>
+      # option is +false+.
+      #
+      #   user = User.find(1)
+      #   user.as_json
+      #   # => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #     "created_at" => "2006-08-01T17:27:133.000Z", "awesome" => true}
+      #
+      #   ActiveRecord::Base.include_root_in_json = true
+      #
+      #   user.as_json
+      #   # => { "user" => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #                  "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true } }
+      #
+      # This behavior can also be achieved by setting the <tt>:root</tt> option
+      # to +true+ as in:
+      #
+      #   user = User.find(1)
+      #   user.as_json(root: true)
+      #   # => { "user" => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #                  "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true } }
+      #
+      # If you prefer, <tt>:root</tt> may also be set to a custom string key instead as in:
+      #
+      #   user = User.find(1)
+      #   user.as_json(root: "author")
+      #   # => { "author" => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #                  "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true } }
+      #
+      # Without any +options+, the returned Hash will include all the model's
+      # attributes.
+      #
+      #   user = User.find(1)
+      #   user.as_json
+      #   # => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #      "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true}
+      #
+      # The <tt>:only</tt> and <tt>:except</tt> options can be used to limit
+      # the attributes included, and work similar to the +attributes+ method.
+      #
+      #   user.as_json(only: [:id, :name])
+      #   # => { "id" => 1, "name" => "Konata Izumi" }
+      #
+      #   user.as_json(except: [:id, :created_at, :age])
+      #   # => { "name" => "Konata Izumi", "awesome" => true }
+      #
+      # To include the result of some method calls on the model use <tt>:methods</tt>:
+      #
+      #   user.as_json(methods: :permalink)
+      #   # => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #      "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true,
+      #   #      "permalink" => "1-konata-izumi" }
+      #
+      # To include associations use <tt>:include</tt>:
+      #
+      #   user.as_json(include: :posts)
+      #   # => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #      "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true,
+      #   #      "posts" => [ { "id" => 1, "author_id" => 1, "title" => "Welcome to the weblog" },
+      #   #                   { "id" => 2, "author_id" => 1, "title" => "So I was thinking" } ] }
+      #
+      # Second level and higher order associations work as well:
+      #
+      #   user.as_json(include: { posts: {
+      #                              include: { comments: {
+      #                                             only: :body } },
+      #                              only: :title } })
+      #   # => { "id" => 1, "name" => "Konata Izumi", "age" => 16,
+      #   #      "created_at" => "2006-08-01T17:27:13.000Z", "awesome" => true,
+      #   #      "posts" => [ { "comments" => [ { "body" => "1st post!" }, { "body" => "Second!" } ],
+      #   #                     "title" => "Welcome to the weblog" },
+      #   #                   { "comments" => [ { "body" => "Don't think too hard" } ],
+      #   #                     "title" => "So I was thinking" } ] }
+      def as_json(options = nil)
+        root = if options && options.key?(:root)
+          options[:root]
+        else
+          include_root_in_json
+        end
+
+        hash = serializable_hash(options).as_json
+        if root
+          root = model_name.element if root == true
+          { root => hash }
+        else
+          hash
+        end
+      end
+
+      # Sets the model +attributes+ from a JSON string. Returns +self+.
+      #
+      #   class Person
+      #     include ActiveModel::Serializers::JSON
+      #
+      #     attr_accessor :name, :age, :awesome
+      #
+      #     def attributes=(hash)
+      #       hash.each do |key, value|
+      #         send("#{key}=", value)
+      #       end
+      #     end
+      #
+      #     def attributes
+      #       instance_values
+      #     end
+      #   end
+      #
+      #   json = { name: 'bob', age: 22, awesome:true }.to_json
+      #   person = Person.new
+      #   person.from_json(json) # => #<Person:0x007fec5e7a0088 @age=22, @awesome=true, @name="bob">
+      #   person.name            # => "bob"
+      #   person.age             # => 22
+      #   person.awesome         # => true
+      #
+      # The default value for +include_root+ is +false+. You can change it to
+      # +true+ if the given JSON string includes a single root node.
+      #
+      #   json = { person: { name: 'bob', age: 22, awesome:true } }.to_json
+      #   person = Person.new
+      #   person.from_json(json, true) # => #<Person:0x007fec5e7a0088 @age=22, @awesome=true, @name="bob">
+      #   person.name                  # => "bob"
+      #   person.age                   # => 22
+      #   person.awesome               # => true
+      def from_json(json, include_root = include_root_in_json)
+        hash = ActiveSupport::JSON.decode(json)
+        hash = hash.values.first if include_root
+        self.attributes = hash
+        self
+      end
+    end
+  end
+end

data/lib/active_model/translation.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module ActiveModel
+  # = Active \Model \Translation
+  #
+  # Provides integration between your object and the \Rails internationalization
+  # (i18n) framework.
+  #
+  # A minimal implementation could be:
+  #
+  #   class TranslatedPerson
+  #     extend ActiveModel::Translation
+  #   end
+  #
+  #   TranslatedPerson.human_attribute_name('my_attribute')
+  #   # => "My attribute"
+  #
+  # This also provides the required class methods for hooking into the
+  # \Rails internationalization API, including being able to define a
+  # class-based +i18n_scope+ and +lookup_ancestors+ to find translations in
+  # parent classes.
+  module Translation
+    include ActiveModel::Naming
+
+    singleton_class.attr_accessor :raise_on_missing_translations
+
+    # Returns the +i18n_scope+ for the class. Override if you want custom lookup.
+    def i18n_scope
+      :activemodel
+    end
+
+    # When localizing a string, it goes through the lookup returned by this
+    # method, which is used in ActiveModel::Name#human,
+    # ActiveModel::Errors#full_messages and
+    # ActiveModel::Translation#human_attribute_name.
+    def lookup_ancestors
+      ancestors.select { |x| x.respond_to?(:model_name) }
+    end
+
+    MISSING_TRANSLATION = -(2**60) # :nodoc:
+
+    # Transforms attribute names into a more human format, such as "First name"
+    # instead of "first_name".
+    #
+    #   Person.human_attribute_name("first_name") # => "First name"
+    #
+    # Specify +options+ with additional translating options.
+    def human_attribute_name(attribute, options = {})
+      attribute = attribute.to_s
+
+      if attribute.include?(".")
+        namespace, _, attribute = attribute.rpartition(".")
+        namespace.tr!(".", "/")
+
+        defaults = lookup_ancestors.map do |klass|
+          :"#{i18n_scope}.attributes.#{klass.model_name.i18n_key}/#{namespace}.#{attribute}"
+        end
+        defaults << :"#{i18n_scope}.attributes.#{namespace}.#{attribute}"
+      else
+        defaults = lookup_ancestors.map do |klass|
+          :"#{i18n_scope}.attributes.#{klass.model_name.i18n_key}.#{attribute}"
+        end
+      end
+
+      raise_on_missing = options.fetch(:raise, Translation.raise_on_missing_translations)
+
+      defaults << :"attributes.#{attribute}"
+      defaults << options[:default] if options[:default]
+      defaults << MISSING_TRANSLATION unless raise_on_missing
+
+      translation = I18n.translate(defaults.shift, count: 1, raise: raise_on_missing, **options, default: defaults)
+      translation = attribute.humanize if translation == MISSING_TRANSLATION
+      translation
+    end
+  end
+
+  ActiveSupport.run_load_hooks(:active_model_translation, Translation)
+end