railties 7.0.8.7 → 7.2.2.1

data/lib/rails/commands/console/console_command.rb

@@ -1,20 +1,9 @@
 # frozen_string_literal: true
 
-require "irb"
-require "irb/completion"
-
 require "rails/command/environment_argument"
 
 module Rails
   class Console
-    module BacktraceCleaner
-      def filter_backtrace(bt)
-        if result = super
-          Rails.backtrace_cleaner.filter([result]).first
-        end
-      end
-    end
-
     def self.start(*args)
       new(*args).start
     end
@@ -34,19 +23,18 @@ module Rails
 
       app.load_console
 
-      @console = app.config.console || IRB
-
-      if @console == IRB
-        IRB::WorkSpace.prepend(BacktraceCleaner)
-
-        if Rails.env.production?
-          ENV["IRB_USE_AUTOCOMPLETE"] ||= "false"
-        end
+      @console = app.config.console || begin
+        require "rails/commands/console/irb_console"
+        IRBConsole.new(app)
       end
     end
 
     def sandbox?
-      options[:sandbox]
+      return options[:sandbox] if !options[:sandbox].nil?
+
+      return false if Rails.env.local?
+
+      app.config.sandbox_by_default
     end
 
     def environment
@@ -68,9 +56,6 @@ module Rails
         puts "Loading #{Rails.env} environment (Rails #{Rails.version})"
       end
 
-      if defined?(console::ExtendCommandBundle)
-        console::ExtendCommandBundle.include(Rails::ConsoleMethods)
-      end
       console.start
     end
   end
@@ -79,7 +64,7 @@ module Rails
     class ConsoleCommand < Base # :nodoc:
       include EnvironmentArgument
 
-      class_option :sandbox, aliases: "-s", type: :boolean, default: false,
+      class_option :sandbox, aliases: "-s", type: :boolean, default: nil,
         desc: "Rollback database modifications on exit."
 
       def initialize(args = [], local_options = {}, config = {})
@@ -96,13 +81,9 @@ module Rails
         super(args, local_options, config)
       end
 
+      desc "console", "Start the Rails console"
       def perform
-        extract_environment_option_from_argument
-
-        # RAILS_ENV needs to be set before config/application is required.
-        ENV["RAILS_ENV"] = options[:environment]
-
-        require_application_and_environment!
+        boot_application!
         Rails::Console.start(Rails.application, options)
       end
     end

data/lib/rails/commands/console/irb_console.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+require "irb/helper_method"
+require "irb/command"
+
+module Rails
+  class Console
+    class RailsHelperBase < IRB::HelperMethod::Base
+      include ConsoleMethods
+    end
+
+    class ControllerHelper < RailsHelperBase
+      description "Gets helper methods available to ApplicationController."
+
+      # This method assumes an +ApplicationController+ exists, and that it extends ActionController::Base.
+      def execute
+        ApplicationController.helpers
+      end
+    end
+
+    class ControllerInstance < RailsHelperBase
+      description "Gets a new instance of ApplicationController."
+
+      # This method assumes an +ApplicationController+ exists, and that it extends ActionController::Base.
+      def execute
+        @controller ||= ApplicationController.new
+      end
+    end
+
+    class NewSession < RailsHelperBase
+      description "[Deprecated] Please use `app(true)` instead."
+
+      def execute(*)
+        app = Rails.application
+        session = ActionDispatch::Integration::Session.new(app)
+
+        # This makes app.url_for and app.foo_path available in the console
+        session.extend(app.routes.url_helpers)
+        session.extend(app.routes.mounted_helpers)
+
+        session
+      end
+    end
+
+    class AppInstance < NewSession
+      description "Creates a new ActionDispatch::Integration::Session and memoizes it. Use `app(true)` to create a new instance."
+
+      def execute(create = false)
+        @app_integration_instance = nil if create
+        @app_integration_instance ||= super
+      end
+    end
+
+    class ReloadHelper < RailsHelperBase
+      description "Reloads the Rails application."
+
+      def execute
+        puts "Reloading..."
+        Rails.application.reloader.reload!
+      end
+    end
+
+    class ReloadCommand < IRB::Command::Base
+      include ConsoleMethods
+
+      category "Rails console"
+      description "Reloads the Rails application."
+
+      def execute(*)
+        puts "Reloading..."
+        Rails.application.reloader.reload!
+      end
+    end
+
+    IRB::HelperMethod.register(:helper, ControllerHelper)
+    IRB::HelperMethod.register(:controller, ControllerInstance)
+    IRB::HelperMethod.register(:new_session, NewSession)
+    IRB::HelperMethod.register(:app, AppInstance)
+    IRB::HelperMethod.register(:reload!, ReloadHelper)
+    IRB::Command.register(:reload!, ReloadCommand)
+
+    class IRBConsole
+      def initialize(app)
+        @app = app
+
+        require "irb"
+        require "irb/completion"
+      end
+
+      def name
+        "IRB"
+      end
+
+      def start
+        IRB.setup(nil)
+
+        if !Rails.env.local? && !ENV.key?("IRB_USE_AUTOCOMPLETE")
+          IRB.conf[:USE_AUTOCOMPLETE] = false
+        end
+
+        env = colorized_env
+        prompt_prefix = "%N(#{env})"
+        IRB.conf[:IRB_NAME] = @app.name
+
+        IRB.conf[:PROMPT][:RAILS_PROMPT] = {
+          PROMPT_I: "#{prompt_prefix}> ",
+          PROMPT_S: "#{prompt_prefix}%l ",
+          PROMPT_C: "#{prompt_prefix}* ",
+          RETURN: "=> %s\n"
+        }
+
+        if current_filter = IRB.conf[:BACKTRACE_FILTER]
+          IRB.conf[:BACKTRACE_FILTER] = -> (backtrace) do
+            backtrace = current_filter.call(backtrace)
+            Rails.backtrace_cleaner.filter(backtrace)
+          end
+        else
+          IRB.conf[:BACKTRACE_FILTER] = -> (backtrace) do
+            Rails.backtrace_cleaner.filter(backtrace)
+          end
+        end
+
+        # Because some users/libs use Rails::ConsoleMethods to extend Rails console,
+        # we still include it for backward compatibility.
+        IRB::ExtendCommandBundle.include ConsoleMethods
+
+        # Respect user's choice of prompt mode.
+        IRB.conf[:PROMPT_MODE] = :RAILS_PROMPT if IRB.conf[:PROMPT_MODE] == :DEFAULT
+        IRB::Irb.new.run(IRB.conf)
+      end
+
+      def colorized_env
+        case Rails.env
+        when "development"
+          IRB::Color.colorize("dev", [:BLUE])
+        when "test"
+          IRB::Color.colorize("test", [:BLUE])
+        when "production"
+          IRB::Color.colorize("prod", [:RED])
+        else
+          Rails.env
+        end
+      end
+    end
+  end
+end

data/lib/rails/commands/credentials/USAGE

@@ -1,75 +1,73 @@
-=== Storing Encrypted Credentials in Source Control
+Description:
+    The Rails `credentials` commands provide access to encrypted credentials,
+    so you can safely store access tokens, database passwords, and the like
+    safely inside the app without relying on a mess of ENVs.
 
-The Rails `credentials` commands provide access to encrypted credentials,
-so you can safely store access tokens, database passwords, and the like
-safely inside the app without relying on a mess of ENVs.
+    This also allows for atomic deploys: no need to coordinate key changes
+    to get everything working as the keys are shipped with the code.
 
-This also allows for atomic deploys: no need to coordinate key changes
-to get everything working as the keys are shipped with the code.
+Setup:
+    Applications after Rails 5.2 automatically have a basic credentials file generated
+    that just contains the secret_key_base used by MessageVerifiers/MessageEncryptors, like the ones
+    signing and encrypting cookies.
 
-=== Setup
+    For applications created prior to Rails 5.2, we'll automatically generate a new
+    credentials file in `config/credentials.yml.enc` the first time you run `<%= executable(:edit) %>`.
+    If you didn't have a master key saved in `config/master.key`, that'll be created too.
 
-Applications after Rails 5.2 automatically have a basic credentials file generated
-that just contains the secret_key_base used by MessageVerifiers/MessageEncryptors, like the ones
-signing and encrypting cookies.
+    Don't lose this master key! Put it in a password manager your team can access.
+    Should you lose it no one, including you, will be able to access any encrypted
+    credentials.
 
-For applications created prior to Rails 5.2, we'll automatically generate a new
-credentials file in `config/credentials.yml.enc` the first time you run `bin/rails credentials:edit`.
-If you didn't have a master key saved in `config/master.key`, that'll be created too.
+    Don't commit the key! Add `config/master.key` to your source control's
+    ignore file. If you use Git, Rails handles this for you.
 
-Don't lose this master key! Put it in a password manager your team can access.
-Should you lose it no one, including you, will be able to access any encrypted
-credentials.
+    Rails also looks for the master key in `ENV["RAILS_MASTER_KEY"]`, in case that
+    is easier to manage. You could set `RAILS_MASTER_KEY` in a deployment
+    configuration, or you could prepend it to your server's start command like so:
 
-Don't commit the key! Add `config/master.key` to your source control's
-ignore file. If you use Git, Rails handles this for you.
+        RAILS_MASTER_KEY="very-secret-and-secure" bin/rails server
 
-Rails also looks for the master key in `ENV["RAILS_MASTER_KEY"]`, if that's easier to manage.
+    If `ENV["RAILS_MASTER_KEY"]` is present, it takes precedence over
+    `config/master.key`.
 
-You could prepend that to your server's start command like this:
+Set up Git to Diff Credentials:
+    Rails provides `<%= executable(:diff) %> --enroll` to instruct Git to call
+    `<%= executable(:diff) %>` when `git diff` is run on a credentials file.
 
-   RAILS_MASTER_KEY="very-secret-and-secure" server.start
+    Running the command enrolls the project such that all credentials files use the
+    "rails_credentials" diff driver in .gitattributes.
 
-=== Set up Git to Diff Credentials
+    Additionally since Git requires the driver itself to be set up in a config file
+    that isn't tracked Rails automatically ensures it's configured when running
+    `<%= executable(:edit) %>`.
 
-Rails provides `bin/rails credentials:diff --enroll` to instruct Git to call
-`bin/rails credentials:diff` when `git diff` is run on a credentials file.
+    Otherwise each co-worker would have to run enable manually, including on each new
+    repo clone.
 
-Running the command enrolls the project such that all credentials files use the
-"rails_credentials" diff driver in .gitattributes.
+    To disenroll from this feature, run `<%= executable(:diff) %> --disenroll`.
 
-Additionally since Git requires the driver itself to be set up in a config file
-that isn't tracked Rails automatically ensures it's configured when running
-`credentials:edit`.
+Editing Credentials:
+    This will open a temporary file in `$VISUAL` or `$EDITOR` with the decrypted
+    contents to edit the encrypted credentials.
 
-Otherwise each co-worker would have to run enable manually, including on each new
-repo clone.
+    When the temporary file is next saved the contents are encrypted and written to
+    `config/credentials.yml.enc` while the file itself is destroyed to prevent credentials
+    from leaking.
 
-To disenroll from this feature, run `bin/rails credentials:diff --disenroll`.
+Environment Specific Credentials:
+    The `credentials` command supports passing an `--environment` option to create an
+    environment specific override. That override will take precedence over the
+    global `config/credentials.yml.enc` file when running in that environment. So:
 
-=== Editing Credentials
+        <%= executable(:edit) %> --environment development
 
-This will open a temporary file in `$EDITOR` with the decrypted contents to edit
-the encrypted credentials.
+    will create `config/credentials/development.yml.enc` with the corresponding
+    encryption key in `config/credentials/development.key` if the credentials file
+    doesn't exist.
 
-When the temporary file is next saved the contents are encrypted and written to
-`config/credentials.yml.enc` while the file itself is destroyed to prevent credentials
-from leaking.
+    In addition to that, the default credentials lookup paths can be overridden through
+    `config.credentials.content_path` and `config.credentials.key_path`.
 
-=== Environment Specific Credentials
-
-The `credentials` command supports passing an `--environment` option to create an
-environment specific override. That override will take precedence over the
-global `config/credentials.yml.enc` file when running in that environment. So:
-
-   bin/rails credentials:edit --environment development
-
-will create `config/credentials/development.yml.enc` with the corresponding
-encryption key in `config/credentials/development.key` if the credentials file
-doesn't exist.
-
-The encryption key can also be put in `ENV["RAILS_MASTER_KEY"]`, which takes
-precedence over the file encryption key.
-
-In addition to that, the default credentials lookup paths can be overridden through
-`config.credentials.content_path` and `config.credentials.key_path`.
+    Just as with `config/master.key`, `ENV["RAILS_MASTER_KEY"]` takes precedence
+    over any environment specific or specially configured key files.

data/lib/rails/commands/credentials/credentials_command/diffing.rb

@@ -13,7 +13,8 @@ module Rails::Command::CredentialsCommand::Diffing # :nodoc:
       gitattributes.write(GITATTRIBUTES_ENTRY, mode: "a")
 
       say "Enrolled project in credentials file diffing!"
-      say "Rails ensures the rails_credentials diff driver is set when running `credentials:edit`. See `credentials:help` for more."
+      say ""
+      say "Rails will configure the Git diff driver for credentials when running `#{executable(:edit)}`. See `#{executable(:help)}` for more information."
     end
   end
 
@@ -42,10 +43,11 @@ module Rails::Command::CredentialsCommand::Diffing # :nodoc:
     end
 
     def configure_diffing_driver
-      system "git config diff.rails_credentials.textconv 'bin/rails credentials:diff'"
+      system "git config diff.rails_credentials.textconv '#{executable(:diff)}'"
+      say "Configured Git diff driver for credentials."
     end
 
     def gitattributes
-      Rails.root.join(".gitattributes")
+      @gitattributes ||= (Rails::Command.root || Pathname.pwd).join(".gitattributes")
     end
 end

data/lib/rails/commands/credentials/credentials_command.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "pathname"
-require "shellwords"
 require "active_support"
 require "rails/command/helpers/editor"
 require "rails/command/environment_argument"
@@ -15,56 +14,42 @@ module Rails
       require_relative "credentials_command/diffing"
       include Diffing
 
-      self.environment_desc = "Uses credentials from config/credentials/:environment.yml.enc encrypted by config/credentials/:environment.key key"
-
-      no_commands do
-        def help
-          say "Usage:\n  #{self.class.banner}"
-          say ""
-          say self.class.desc
-        end
-      end
-
+      desc "edit", "Open the decrypted credentials in `$VISUAL` or `$EDITOR` for editing"
       def edit
-        extract_environment_option_from_argument(default_environment: nil)
-        require_application!
+        load_environment_config!
+        load_generators
 
-        ensure_editor_available(command: "bin/rails credentials:edit") || (return)
+        if environment_specified?
+          @content_path = "config/credentials/#{environment}.yml.enc" unless config.overridden?(:content_path)
+          @key_path = "config/credentials/#{environment}.key" unless config.overridden?(:key_path)
+        end
 
-        ensure_encryption_key_has_been_added if credentials.key.nil?
+        ensure_encryption_key_has_been_added
         ensure_credentials_have_been_added
         ensure_diffing_driver_is_configured
 
-        catch_editing_exceptions do
-          change_credentials_in_system_editor
-        end
-
-        say "File encrypted and saved."
-      rescue ActiveSupport::MessageEncryptor::InvalidMessage
-        say "Couldn't decrypt #{content_path}. Perhaps you passed the wrong key?"
+        change_credentials_in_system_editor
       end
 
+      desc "show", "Show the decrypted credentials"
       def show
-        extract_environment_option_from_argument(default_environment: nil)
-        require_application!
+        load_environment_config!
 
         say credentials.read.presence || missing_credentials_message
       end
 
+      desc "diff", "Enroll/disenroll in decrypted diffs of credentials using git"
       option :enroll, type: :boolean, default: false,
-        desc: "Enrolls project in credentials file diffing with `git diff`"
-
+        desc: "Enroll project in credentials file diffing with `git diff`"
       option :disenroll, type: :boolean, default: false,
-        desc: "Disenrolls project from credentials file diffing"
-
+        desc: "Disenroll project from credentials file diffing"
       def diff(content_path = nil)
         if @content_path = content_path
-          extract_environment_option_from_argument(default_environment: extract_environment_from_path(content_path))
-          require_application!
+          self.environment = extract_environment_from_path(content_path)
+          load_environment_config!
 
           say credentials.read.presence || credentials.content_path.read
         else
-          require_application!
           disenroll_project_from_credentials_diffing if options[:disenroll]
           enroll_project_in_credentials_diffing if options[:enroll]
         end
@@ -73,68 +58,77 @@ module Rails
       end
 
       private
+        def config
+          Rails.application.config.credentials
+        end
+
+        def content_path
+          @content_path ||= relative_path(config.content_path)
+        end
+
+        def key_path
+          @key_path ||= relative_path(config.key_path)
+        end
+
         def credentials
-          Rails.application.encrypted(content_path, key_path: key_path)
+          @credentials ||= Rails.application.encrypted(content_path, key_path: key_path)
         end
 
         def ensure_encryption_key_has_been_added
+          return if credentials.key?
+
+          require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
+
+          encryption_key_file_generator = Rails::Generators::EncryptionKeyFileGenerator.new
           encryption_key_file_generator.add_key_file(key_path)
           encryption_key_file_generator.ignore_key_file(key_path)
         end
 
         def ensure_credentials_have_been_added
-          if options[:environment]
-            encrypted_file_generator.add_encrypted_file_silently(content_path, key_path)
-          else
-            credentials_generator.add_credentials_file_silently
-          end
+          require "rails/generators/rails/credentials/credentials_generator"
+
+          Rails::Generators::CredentialsGenerator.new(
+            [content_path, key_path],
+            skip_secret_key_base: environment_specified? && %w[development test].include?(environment),
+            quiet: true
+          ).invoke_all
         end
 
         def change_credentials_in_system_editor
-          credentials.change do |tmp_path|
-            system(*Shellwords.split(ENV["EDITOR"]), tmp_path.to_s)
+          using_system_editor do
+            say "Editing #{content_path}..."
+            credentials.change { |tmp_path| system_editor(tmp_path) }
+            say "File encrypted and saved."
+            warn_if_credentials_are_invalid
           end
+        rescue ActiveSupport::EncryptedFile::MissingKeyError => error
+          say error.message
+        rescue ActiveSupport::MessageEncryptor::InvalidMessage
+          say "Couldn't decrypt #{content_path}. Perhaps you passed the wrong key?"
+        end
+
+        def warn_if_credentials_are_invalid
+          credentials.validate!
+        rescue ActiveSupport::EncryptedConfiguration::InvalidContentError => error
+          say "WARNING: #{error.message}", :red
+          say ""
+          say "Your application will not be able to load '#{content_path}' until the error has been fixed.", :red
         end
 
         def missing_credentials_message
-          if credentials.key.nil?
-            "Missing '#{key_path}' to decrypt credentials. See `bin/rails credentials:help`"
+          if !credentials.key?
+            "Missing '#{key_path}' to decrypt credentials. See `#{executable(:help)}`."
           else
-            "File '#{content_path}' does not exist. Use `bin/rails credentials:edit` to change that."
+            "File '#{content_path}' does not exist. Use `#{executable(:edit)}` to change that."
           end
         end
 
-        def content_path
-          @content_path ||= options[:environment] ? "config/credentials/#{options[:environment]}.yml.enc" : "config/credentials.yml.enc"
-        end
-
-        def key_path
-          options[:environment] ? "config/credentials/#{options[:environment]}.key" : "config/master.key"
+        def relative_path(path)
+          Rails.root.join(path).relative_path_from(Rails.root).to_s
         end
 
         def extract_environment_from_path(path)
-          available_environments.find { |env| path.include? env } if path.end_with?(".yml.enc")
-        end
-
-        def encryption_key_file_generator
-          require "rails/generators"
-          require "rails/generators/rails/encryption_key_file/encryption_key_file_generator"
-
-          Rails::Generators::EncryptionKeyFileGenerator.new
-        end
-
-        def encrypted_file_generator
-          require "rails/generators"
-          require "rails/generators/rails/encrypted_file/encrypted_file_generator"
-
-          Rails::Generators::EncryptedFileGenerator.new
-        end
-
-        def credentials_generator
-          require "rails/generators"
-          require "rails/generators/rails/credentials/credentials_generator"
-
-          Rails::Generators::CredentialsGenerator.new
+          available_environments.find { |env| path.end_with?("#{env}.yml.enc") }
         end
     end
   end

data/lib/rails/commands/db/system/change/change_command.rb

@@ -15,7 +15,8 @@ module Rails
             super
           end
 
-          def perform
+          desc "change", "Change `config/database.yml` and your database gem to the target database"
+          def perform(*)
             Rails::Generators::Db::System::ChangeGenerator.start(@argv)
           end
         end