railties 5.2.2 → 5.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fc6d0a9549676d109f5863192e512326bd2ac07df40c06161ce9a45b929b64f8
-  data.tar.gz: f7ab90b6813852496920d79d977bb819b6e58c32e51a07c82b3c4f2d51f4fe54
+  metadata.gz: d29e86115edab9c724ecc2189e576d536126a9b3cf39998b757d34f8e8814ba0
+  data.tar.gz: 65762e159387158b43097135022127ef0f1941d30468aec108dc3768258e4cf6
 SHA512:
-  metadata.gz: 8ad61f17fc22e112c23fbfd0448fcbac10251087f65340b1f171faae50eef8bc93d9e1cab5bc0fe366a211d8971e107e6d47a9febc913db5d8e10b05d3609dc2
-  data.tar.gz: edbad6cda49e8242bf8c5be9c40369b20859bee4c595b2a7b4b4634d40b0efe984c9a0a0b0f82a54d5f8aa290075a29d968fb63daed7c4e9d7e675f616e7f3d8
+  metadata.gz: fd08ee427f2b6b305de5c3cc07d553569861687395e18364488e70e0dc6e03c59a097f657f97838f5f1cd8db4a8babd405872a5a89b2ed9e1bcb67beeaddb959
+  data.tar.gz: 6bc043ce2a55cb46e2b0643e8f6826fbcd7ec172684847ca1097b3c65de3bc5b65d53685908b70a05ebafba33169ef611a2f7d598e6a76675282bb1bca90949f

data/CHANGELOG.md

@@ -1,3 +1,45 @@
+## Rails 5.2.4 (November 27, 2019) ##
+
+*   Use original `bundler` environment variables during the process of generating a new rails project.
+
+    *Marco Costa*
+
+*   Allow loading seeds without ActiveJob.
+
+    Fixes #35782
+
+    *Jeremy Weathers*
+
+*   Only force `:async` ActiveJob adapter to `:inline` during seeding.
+
+    *BatedUrGonnaDie*
+
+
+## Rails 5.2.3 (March 27, 2019) ##
+
+*   Seed database with inline ActiveJob job adapter.
+
+    *Gannon McGibbon*
+
+*   Fix boolean interaction in scaffold system tests.
+
+    *Gannon McGibbon*
+
+
+## Rails 5.2.2.1 (March 11, 2019) ##
+
+*   Generate random development secrets
+
+    A random development secret is now generated to tmp/development_secret.txt
+
+    This avoids an issue where development mode servers were vulnerable to
+    remote code execution.
+
+    Fixes CVE-2019-5420
+
+    *Eileen M. Uchitelle*, *Aaron Patterson*, *John Hawthorn*
+
+
 ## Rails 5.2.2 (December 04, 2018) ##
 
 *   Disable content security policy for mailer previews.

data/lib/rails/application.rb

@@ -426,8 +426,8 @@ module Rails
     # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,
     # the correct place to store it is in the encrypted credentials file.
     def secret_key_base
-      if Rails.env.test? || Rails.env.development?
-        secrets.secret_key_base || Digest::MD5.hexdigest(self.class.name)
+      if Rails.env.development? || Rails.env.test?
+        secrets.secret_key_base ||= generate_development_secret
       else
         validate_secret_key_base(
           ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
@@ -588,6 +588,22 @@ module Rails
 
     private
 
+      def generate_development_secret
+        if secrets.secret_key_base.nil?
+          key_file = Rails.root.join("tmp/development_secret.txt")
+
+          if !File.exist?(key_file)
+            random_key = SecureRandom.hex(64)
+            FileUtils.mkdir_p(key_file.dirname)
+            File.binwrite(key_file, random_key)
+          end
+
+          secrets.secret_key_base = File.binread(key_file)
+        end
+
+        secrets.secret_key_base
+      end
+
       def build_request(env)
         req = super
         env["ORIGINAL_FULLPATH"] = req.fullpath

data/lib/rails/command/actions.rb

@@ -11,10 +11,20 @@ module Rails
       end
 
       def require_application_and_environment!
+        require_application!
+        require_environment!
+      end
+
+      def require_application!
         require ENGINE_PATH if defined?(ENGINE_PATH)
 
         if defined?(APP_PATH)
           require APP_PATH
+        end
+      end
+
+      def require_environment!
+        if defined?(APP_PATH)
           Rails.application.require_environment!
         end
       end

data/lib/rails/command/base.rb

@@ -17,6 +17,10 @@ module Rails
       include Actions
 
       class << self
+        def exit_on_failure? # :nodoc:
+          false
+        end
+
         # Returns true when the app is a Rails engine.
         def engine?
           defined?(ENGINE_ROOT)

data/lib/rails/commands/credentials/credentials_command.rb

@@ -17,7 +17,7 @@ module Rails
       end
 
       def edit
-        require_application_and_environment!
+        require_application!
 
         ensure_editor_available(command: "bin/rails credentials:edit") || (return)
         ensure_master_key_has_been_added if Rails.application.credentials.key.nil?
@@ -31,7 +31,7 @@ module Rails
       end
 
       def show
-        require_application_and_environment!
+        require_application!
 
         say Rails.application.credentials.read.presence || missing_credentials_message
       end

data/lib/rails/commands/encrypted/USAGE

@@ -0,0 +1,28 @@
+=== Storing Encrypted Files in Source Control
+
+The Rails `encrypted` commands provide access to encrypted files or configurations.
+See the `Rails.application.encrypted` documentation for using them in your app.
+
+=== Encryption Keys
+
+By default, Rails looks for the encryption key in `config/master.key` or
+`ENV["RAILS_MASTER_KEY"]`, but that lookup can be overriden with `--key`:
+
+   rails encrypted:edit config/encrypted_file.yml.enc --key config/encrypted_file.key
+
+Don't commit the key! Add it to your source control's ignore file. If you use
+Git, Rails handles this for you.
+
+=== Editing Files
+
+To edit or create an encrypted file use:
+
+   rails encrypted:edit config/encrypted_file.yml.enc
+
+This opens a temporary file in `$EDITOR` with the decrypted contents for editing.
+
+=== Viewing Files
+
+To print the decrypted contents of an encrypted file use:
+
+   rails encrypted:show config/encrypted_file.yml.enc

data/lib/rails/commands/encrypted/encrypted_command.rb

@@ -16,6 +16,7 @@ module Rails
         def help
           say "Usage:\n  #{self.class.banner}"
           say ""
+          say self.class.desc
         end
       end
 

data/lib/rails/engine.rb

@@ -531,9 +531,9 @@ module Rails
 
     # Defines the routes for this engine. If a block is given to
     # routes, it is appended to the engine.
-    def routes
+    def routes(&block)
       @routes ||= ActionDispatch::Routing::RouteSet.new_with_config(config)
-      @routes.append(&Proc.new) if block_given?
+      @routes.append(&block) if block_given?
       @routes
     end
 
@@ -548,7 +548,13 @@ module Rails
     # Blog::Engine.load_seed
     def load_seed
       seed_file = paths["db/seeds.rb"].existent.first
-      load(seed_file) if seed_file
+      return unless seed_file
+
+      if config.try(:active_job).try!(:queue_adapter) == :async
+        with_inline_jobs { load(seed_file) }
+      else
+        load(seed_file)
+      end
     end
 
     # Add configured load paths to Ruby's load path, and remove duplicate entries.
@@ -658,6 +664,18 @@ module Rails
         end
       end
 
+      def with_inline_jobs
+        queue_adapter = config.active_job.queue_adapter
+        ActiveSupport.on_load(:active_job) do
+          self.queue_adapter = :inline
+        end
+        yield
+      ensure
+        ActiveSupport.on_load(:active_job) do
+          self.queue_adapter = queue_adapter
+        end
+      end
+
       def has_migrations?
         paths["db/migrate"].existent.any?
       end

data/lib/rails/gem_version.rb

@@ -9,7 +9,7 @@ module Rails
   module VERSION
     MAJOR = 5
     MINOR = 2
-    TINY  = 2
+    TINY  = 4
     PRE   = nil
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")

data/lib/rails/generators/app_base.rb

@@ -408,19 +408,21 @@ module Rails
         # its own vendored Thor, which could be a different version. Running both
         # things in the same process is a recipe for a night with paracetamol.
         #
-        # We unset temporary bundler variables to load proper bundler and Gemfile.
-        #
         # Thanks to James Tucker for the Gem tricks involved in this call.
         _bundle_command = Gem.bin_path("bundler", "bundle")
 
         require "bundler"
-        Bundler.with_clean_env do
-          full_command = %Q["#{Gem.ruby}" "#{_bundle_command}" #{command}]
-          if options[:quiet]
-            system(full_command, out: File::NULL)
-          else
-            system(full_command)
-          end
+        Bundler.with_original_env do
+          exec_bundle_command(_bundle_command, command)
+        end
+      end
+
+      def exec_bundle_command(bundle_command, command)
+        full_command = %Q["#{Gem.ruby}" "#{bundle_command}" #{command}]
+        if options[:quiet]
+          system(full_command, out: File::NULL)
+        else
+          system(full_command)
         end
       end
 

data/lib/rails/generators/base.rb

@@ -24,6 +24,10 @@ module Rails
       add_runtime_options!
       strict_args_position!
 
+      def self.exit_on_failure? # :nodoc:
+        false
+      end
+
       # Returns the source root for this generator using default_source_root as default.
       def self.source_root(path = nil)
         @_source_root = path if path

data/lib/rails/generators/rails/app/app_generator.rb

@@ -232,6 +232,7 @@ module Rails
 
     def tmp
       empty_directory_with_keep_file "tmp"
+      empty_directory_with_keep_file "tmp/pids"
       empty_directory "tmp/cache"
       empty_directory "tmp/cache/assets"
     end

data/lib/rails/generators/rails/app/templates/Gemfile.tt

@@ -45,6 +45,7 @@ group :development, :test do
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
 end
 
+<% end -%>
 group :development do
 <%- unless options.api? -%>
   # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
@@ -75,7 +76,6 @@ group :test do
   gem 'chromedriver-helper'
 end
 <%- end -%>
-<% end -%>
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

data/lib/rails/generators/rails/app/templates/config/puma.rb.tt

@@ -15,6 +15,9 @@ port        ENV.fetch("PORT") { 3000 }
 #
 environment ENV.fetch("RAILS_ENV") { "development" }
 
+# Specifies the `pidfile` that Puma will use.
+pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" }
+
 # Specifies the number of `workers` to boot in clustered mode.
 # Workers are forked webserver processes. If using threads and workers together
 # the concurrency of the application would be max `threads` * `workers`.

data/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb

@@ -54,6 +54,11 @@ module TestUnit # :nodoc:
             end
           end.sort.to_h
         end
+
+        def boolean?(name)
+          attribute = attributes.find { |attr| attr.name == name }
+          attribute && attribute.type == :boolean
+        end
     end
   end
 end

data/lib/rails/generators/test_unit/scaffold/templates/system_test.rb.tt

@@ -16,8 +16,12 @@ class <%= class_name.pluralize %>Test < ApplicationSystemTestCase
     click_on "New <%= class_name.titleize %>"
 
     <%- attributes_hash.each do |attr, value| -%>
+    <%- if boolean?(attr) -%>
+    check "<%= attr.humanize %>" if <%= value %>
+    <%- else -%>
     fill_in "<%= attr.humanize %>", with: <%= value %>
     <%- end -%>
+    <%- end -%>
     click_on "Create <%= human_name %>"
 
     assert_text "<%= human_name %> was successfully created"
@@ -29,8 +33,12 @@ class <%= class_name.pluralize %>Test < ApplicationSystemTestCase
     click_on "Edit", match: :first
 
     <%- attributes_hash.each do |attr, value| -%>
+    <%- if boolean?(attr) -%>
+    check "<%= attr.humanize %>" if <%= value %>
+    <%- else -%>
     fill_in "<%= attr.humanize %>", with: <%= value %>
     <%- end -%>
+    <%- end -%>
     click_on "Update <%= human_name %>"
 
     assert_text "<%= human_name %> was successfully updated"

data/lib/rails/tasks/yarn.rake

@@ -6,8 +6,7 @@ namespace :yarn do
     # Install only production deps when for not usual envs.
     valid_node_envs = %w[test development production]
     node_env = ENV.fetch("NODE_ENV") do
-      rails_env = ENV["RAILS_ENV"]
-      valid_node_envs.include?(rails_env) ? rails_env : "production"
+      valid_node_envs.include?(Rails.env) ? Rails.env : "production"
     end
     system({ "NODE_ENV" => node_env }, "./bin/yarn install --no-progress")
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: railties
 version: !ruby/object:Gem::Version
-  version: 5.2.2
+  version: 5.2.4
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-12-04 00:00:00.000000000 Z
+date: 2019-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -92,14 +92,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.2.2
+        version: 5.2.4
 description: 'Rails internals: application bootup, plugins, generators, and rake tasks.'
 email: david@loudthinking.com
 executables:
@@ -143,6 +143,7 @@ files:
 - lib/rails/commands/credentials/credentials_command.rb
 - lib/rails/commands/dbconsole/dbconsole_command.rb
 - lib/rails/commands/destroy/destroy_command.rb
+- lib/rails/commands/encrypted/USAGE
 - lib/rails/commands/encrypted/encrypted_command.rb
 - lib/rails/commands/generate/generate_command.rb
 - lib/rails/commands/help/USAGE
@@ -421,8 +422,8 @@ homepage: http://rubyonrails.org
 licenses:
 - MIT
 metadata:
-  source_code_uri: https://github.com/rails/rails/tree/v5.2.2/railties
-  changelog_uri: https://github.com/rails/rails/blob/v5.2.2/railties/CHANGELOG.md
+  source_code_uri: https://github.com/rails/rails/tree/v5.2.4/railties
+  changelog_uri: https://github.com/rails/rails/blob/v5.2.4/railties/CHANGELOG.md
 post_install_message: 
 rdoc_options:
 - "--exclude"
@@ -440,8 +441,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Tools for creating, working with, and running Rails applications.