railties 8.0.2 → 8.1.0.beta1

data/lib/rails/generators/rails/app/templates/public/500.html

@@ -4,7 +4,7 @@
 
   <head>
 
-    <title>We’re sorry, but something went wrong (500 Internal Server Error)</title>
+    <title>We're sorry, but something went wrong (500 Internal Server Error)</title>
 
     <meta charset="utf-8">
     <meta name="viewport" content="initial-scale=1, width=device-width">
@@ -105,7 +105,7 @@
         <svg height="172" viewBox="0 0 480 172" width="480" xmlns="http://www.w3.org/2000/svg"><path d="m101.23 93.8427c-8.1103 0-15.4098 3.7849-19.7354 8.3813h-36.2269v-99.21891h103.8143v37.03791h-68.3984v24.8722c5.1366-2.7035 15.1396-5.9477 24.6014-5.9477 35.146 0 56.233 22.7094 56.233 55.4215 0 34.605-23.791 57.315-60.558 57.315-37.8492 0-61.64-22.169-63.8028-55.963h42.9857c1.0814 10.814 9.1919 19.195 21.6281 19.195 11.355 0 19.465-8.381 19.465-20.547 0-11.625-7.299-20.5463-20.006-20.5463zm138.833 77.8613c-40.822 0-64.884-35.146-64.884-85.7015 0-50.5554 24.062-85.700907 64.884-85.700907 40.823 0 64.884 35.145507 64.884 85.700907 0 50.5555-24.061 85.7015-64.884 85.7015zm0-133.2831c-17.572 0-22.709 21.8984-22.709 47.5816 0 25.6835 5.137 47.5815 22.709 47.5815 17.303 0 22.71-21.898 22.71-47.5815 0-25.6832-5.407-47.5816-22.71-47.5816zm140.456 133.2831c-40.823 0-64.884-35.146-64.884-85.7015 0-50.5554 24.061-85.700907 64.884-85.700907 40.822 0 64.884 35.145507 64.884 85.700907 0 50.5555-24.062 85.7015-64.884 85.7015zm0-133.2831c-17.573 0-22.71 21.8984-22.71 47.5816 0 25.6835 5.137 47.5815 22.71 47.5815 17.302 0 22.709-21.898 22.709-47.5815 0-25.6832-5.407-47.5816-22.709-47.5816z" fill="#f0eff0"/><path d="m23.1377 68.9967v34.0033h-8.9162v-34.0033zm4.3157 34.0033v-24.921h8.6947v2.1598c1.3845-1.5506 3.8212-2.7136 6.701-2.7136 5.538 0 8.8054 3.5997 8.8054 9.1377v16.3371h-8.6393v-14.2327c0-2.049-1.0522-3.5443-3.2674-3.5443-1.7168 0-3.1567.9969-3.5997 2.7136v15.0634zm29.9913-8.5839v-9.5807h-3.655v-6.7564h3.655v-6.8671h8.5839v6.8671h5.2058v6.7564h-5.2058v8.307c0 1.9383.9415 2.769 2.6583 2.769.9414 0 1.9937-.2216 2.769-.5538v7.3654c-.9969.443-2.8798.775-4.8181.775-5.8703 0-9.1931-2.769-9.1931-9.0819zm32.3666-.1108h8.0301c-.8861 5.7597-5.2057 9.2487-11.6852 9.2487-7.6424 0-12.682-5.2613-12.682-13.0145 0-7.6978 5.3165-13.0143 12.5159-13.0143 7.6424 0 11.9621 5.095 11.9621 12.5159v2.1598h-16.1156c.2769 2.9905 1.8275 4.5965 4.3196 4.5965 1.7722 0 3.1567-.7753 3.6551-2.4921zm-3.8212-10.0237c-2.0491 0-3.4336 1.2737-3.9874 3.5997h7.5317c-.1107-2.0491-1.3845-3.5997-3.5443-3.5997zm31.4299-6.3134v8.3624c-1.052-.5538-2.215-.7753-3.599-.7753-2.382 0-3.988 1.0522-4.431 2.8244v14.6203h-8.694v-24.921h8.694v2.2152c1.219-1.6614 3.157-2.769 5.649-2.769 1.108 0 1.994.2215 2.381.443zm2.949 25.0318v-24.921h8.694v2.1598c1.385-1.5506 3.821-2.7136 6.701-2.7136 5.538 0 8.806 3.5997 8.806 9.1377v16.3371h-8.64v-14.2327c0-2.049-1.052-3.5443-3.267-3.5443-1.717 0-3.157.9969-3.6 2.7136v15.0634zm50.371 0h-8.363v-1.274c-.83.831-3.323 1.717-5.981 1.717-4.929 0-9.082-2.769-9.082-8.0301 0-4.818 4.153-7.9193 9.581-7.9193 2.049 0 4.485.6646 5.482 1.3845v-1.606c0-1.606-.941-2.9905-3.046-2.9905-1.606 0-2.547.7199-2.935 1.8275h-8.196c.72-4.8181 4.984-8.6393 11.408-8.6393 7.089 0 11.132 3.7659 11.132 10.2453zm-8.363-6.9779v-1.4399c-.554-1.0522-2.049-1.7167-3.655-1.7167-1.717 0-3.433.7199-3.433 2.3813 0 1.7168 1.716 2.4367 3.433 2.4367 1.606 0 3.101-.6645 3.655-1.6614zm20.742-29.0191v35.997h-8.694v-35.997zm13.036 25.9178h9.248c.72 2.326 2.714 3.489 5.483 3.489 2.713 0 4.596-1.163 4.596-3.2674 0-1.6061-1.052-2.326-3.212-2.8244l-6.534-1.3845c-4.985-1.1076-8.751-3.7105-8.751-9.47 0-6.6456 5.538-11.0206 13.07-11.0206 8.307 0 13.014 4.5411 13.956 10.4114h-8.695c-.72-1.8829-2.27-3.3228-5.205-3.3228-2.548 0-4.265 1.1076-4.265 2.9905 0 1.4953 1.052 2.326 2.825 2.7137l6.645 1.5506c5.815 1.3845 9.027 4.5412 9.027 9.8023 0 6.9778-5.87 10.9654-13.291 10.9654-8.141 0-13.679-3.9322-14.897-10.6332zm46.509 1.3845h8.031c-.887 5.7597-5.206 9.2487-11.686 9.2487-7.642 0-12.682-5.2613-12.682-13.0145 0-7.6978 5.317-13.0143 12.516-13.0143 7.643 0 11.962 5.095 11.962 12.5159v2.1598h-16.115c.277 2.9905 1.827 4.5965 4.319 4.5965 1.773 0 3.157-.7753 3.655-2.4921zm-3.821-10.0237c-2.049 0-3.433 1.2737-3.987 3.5997h7.532c-.111-2.0491-1.385-3.5997-3.545-3.5997zm31.431-6.3134v8.3624c-1.053-.5538-2.216-.7753-3.6-.7753-2.381 0-3.988 1.0522-4.431 2.8244v14.6203h-8.694v-24.921h8.694v2.2152c1.219-1.6614 3.157-2.769 5.649-2.769 1.108 0 1.994.2215 2.382.443zm18.288 25.0318h-7.809l-9.47-24.921h8.861l4.763 14.288 4.652-14.288h8.528zm25.614-8.6947h8.03c-.886 5.7597-5.206 9.2487-11.685 9.2487-7.642 0-12.682-5.2613-12.682-13.0145 0-7.6978 5.316-13.0143 12.516-13.0143 7.642 0 11.962 5.095 11.962 12.5159v2.1598h-16.116c.277 2.9905 1.828 4.5965 4.32 4.5965 1.772 0 3.157-.7753 3.655-2.4921zm-3.821-10.0237c-2.049 0-3.434 1.2737-3.988 3.5997h7.532c-.111-2.0491-1.384-3.5997-3.544-3.5997zm31.43-6.3134v8.3624c-1.052-.5538-2.215-.7753-3.6-.7753-2.381 0-3.987 1.0522-4.43 2.8244v14.6203h-8.695v-24.921h8.695v2.2152c1.218-1.6614 3.157-2.769 5.649-2.769 1.107 0 1.993.2215 2.381.443zm13.703-8.9715h24.312v7.6424h-15.562v5.3165h14.232v7.4763h-14.232v5.8703h15.562v7.6978h-24.312zm44.667 8.9715v8.3624c-1.052-.5538-2.215-.7753-3.6-.7753-2.381 0-3.987 1.0522-4.43 2.8244v14.6203h-8.695v-24.921h8.695v2.2152c1.218-1.6614 3.156-2.769 5.648-2.769 1.108 0 1.994.2215 2.382.443zm19.673 0v8.3624c-1.053-.5538-2.216-.7753-3.6-.7753-2.381 0-3.987 1.0522-4.43 2.8244v14.6203h-8.695v-24.921h8.695v2.2152c1.218-1.6614 3.156-2.769 5.648-2.769 1.108 0 1.994.2215 2.382.443zm26.769 12.5713c0 7.6978-5.15 13.0145-12.737 13.0145-7.532 0-12.738-5.3167-12.738-13.0145s5.206-13.0143 12.738-13.0143c7.587 0 12.737 5.3165 12.737 13.0143zm-8.529 0c0-3.4336-1.495-5.8703-4.208-5.8703-2.659 0-4.154 2.4367-4.154 5.8703s1.495 5.8149 4.154 5.8149c2.713 0 4.208-2.3813 4.208-5.8149zm28.082-12.5713v8.3624c-1.052-.5538-2.215-.7753-3.6-.7753-2.381 0-3.987 1.0522-4.43 2.8244v14.6203h-8.695v-24.921h8.695v2.2152c1.218-1.6614 3.157-2.769 5.649-2.769 1.107 0 1.993.2215 2.381.443z" fill="#d30001"/></svg>
       </header>
       <article>
-        <p><strong>We’re sorry, but something went wrong.</strong><br> If you’re the application owner check the logs for more information.</p>
+        <p><strong>We're sorry, but something went wrong.</strong><br> If you're the application owner check the logs for more information.</p>
       </article>
     </main>
 

data/lib/rails/generators/rails/authentication/authentication_generator.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
+require "rails/generators/bundle_helper"
+
 module Rails
   module Generators
     class AuthenticationGenerator < Base # :nodoc:
+      include BundleHelper
+
       class_option :api, type: :boolean,
         desc: "Generate API-only controllers and models, with no view templates"
 
@@ -21,12 +25,16 @@ module Rails
 
         template "app/channels/application_cable/connection.rb" if defined?(ActionCable::Engine)
 
-        template "app/mailers/passwords_mailer.rb"
+        if defined?(ActionMailer::Railtie)
+          template "app/mailers/passwords_mailer.rb"
+
+          template "app/views/passwords_mailer/reset.html.erb"
+          template "app/views/passwords_mailer/reset.text.erb"
 
-        template "app/views/passwords_mailer/reset.html.erb"
-        template "app/views/passwords_mailer/reset.text.erb"
+          template "test/mailers/previews/passwords_mailer_preview.rb"
+        end
 
-        template "test/mailers/previews/passwords_mailer_preview.rb"
+        template "test/test_helpers/session_test_helper.rb"
       end
 
       def configure_application_controller
@@ -39,17 +47,22 @@ module Rails
       end
 
       def enable_bcrypt
-        if File.read("Gemfile").include?('gem "bcrypt"')
+        if File.read(File.expand_path("Gemfile", destination_root)).include?('gem "bcrypt"')
           uncomment_lines "Gemfile", /gem "bcrypt"/
-          Bundler.with_original_env { execute_command :bundle, "install --quiet" }
+          bundle_command("install --quiet")
         else
-          Bundler.with_original_env { execute_command :bundle, "add bcrypt", capture: true }
+          bundle_command("add bcrypt", {}, quiet: true)
         end
       end
 
       def add_migrations
-        generate "migration CreateUsers email_address:string!:uniq password_digest:string! --force"
-        generate "migration CreateSessions user:references ip_address:string user_agent:string --force"
+        generate "migration", "CreateUsers", "email_address:string!:uniq password_digest:string!", "--force"
+        generate "migration", "CreateSessions", "user:references ip_address:string user_agent:string", "--force"
+      end
+
+      def configure_test_helper
+        inject_into_file "test/test_helper.rb", "require_relative \"test_helpers/session_test_helper\"\n", after: "require \"rails/test_help\"\n"
+        inject_into_class "test/test_helper.rb", "TestCase", "    include SessionTestHelper\n"
       end
 
       hook_for :test_framework

data/lib/rails/generators/rails/authentication/templates/app/controllers/passwords_controller.rb.tt

@@ -1,9 +1,13 @@
 class PasswordsController < ApplicationController
   allow_unauthenticated_access
   before_action :set_user_by_token, only: %i[ edit update ]
+  <%- if defined?(ActionMailer::Railtie) -%>
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_password_path, alert: "Try again later." }
+  <%- end -%>
 
   def new
   end
+  <%- if defined?(ActionMailer::Railtie) -%>
 
   def create
     if user = User.find_by(email_address: params[:email_address])
@@ -12,12 +16,14 @@ class PasswordsController < ApplicationController
 
     redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
   end
+  <%- end -%>
 
   def edit
   end
 
   def update
     if @user.update(params.permit(:password, :password_confirmation))
+      @user.sessions.destroy_all
       redirect_to new_session_path, notice: "Password has been reset."
     else
       redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."

data/lib/rails/generators/rails/authentication/templates/app/controllers/sessions_controller.rb.tt

@@ -1,6 +1,6 @@
 class SessionsController < ApplicationController
   allow_unauthenticated_access only: %i[ new create ]
-  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_url, alert: "Try again later." }
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
 
   def new
   end
@@ -16,6 +16,6 @@ class SessionsController < ApplicationController
 
   def destroy
     terminate_session
-    redirect_to new_session_path
+    redirect_to new_session_path, status: :see_other
   end
 end

data/lib/rails/generators/rails/authentication/templates/test/test_helpers/session_test_helper.rb.tt

@@ -0,0 +1,15 @@
+module SessionTestHelper
+  def sign_in_as(user)
+    Current.session = user.sessions.create!
+
+    ActionDispatch::TestRequest.create.cookie_jar.tap do |cookie_jar|
+      cookie_jar.signed[:session_id] = Current.session.id
+      cookies[:session_id] = cookie_jar[:session_id]
+    end
+  end
+
+  def sign_out
+    Current.session&.destroy!
+    cookies.delete(:session_id)
+  end
+end

data/lib/rails/generators/rails/benchmark/USAGE

@@ -13,7 +13,7 @@ Example:
         script/benchmarks/opt_compare.rb
 
     You can run the generated benchmark file using:
-        `ruby script/benchmarks/opt_compare.rb`
+        `bin/rails runner script/benchmarks/opt_compare.rb`
 
     You can specify different reports:
         `bin/rails generate benchmark opt_compare patch1 patch2 patch3`

data/lib/rails/generators/rails/benchmark/templates/benchmark.rb.tt

@@ -4,8 +4,6 @@ require_relative "../../config/environment"
 
 # Any benchmarking setup goes here...
 
-
-
 Benchmark.ips do |x|
 <%- reports.each do |report| -%>
   x.report("<%= report %>") { }

data/lib/rails/generators/rails/devcontainer/templates/devcontainer/Dockerfile.tt

@@ -1,3 +1,7 @@
 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version
 ARG RUBY_VERSION=<%= Gem.ruby_version %>
 FROM ghcr.io/rails/devcontainer/images/ruby:$RUBY_VERSION
+
+# Ensure binding is always 0.0.0.0
+# Binds the server to all IP addresses of the container, so it can be accessed from outside the container.
+ENV BINDING="0.0.0.0"

data/lib/rails/generators/rails/devcontainer/templates/devcontainer/compose.yaml.tt

@@ -7,7 +7,7 @@ services:
       dockerfile: .devcontainer/Dockerfile
 
     volumes:
-    - ../..:/workspaces:cached
+    - ../../<%= options[:app_name] %>:/workspaces/<%= options[:app_name] %>:cached
 
     # Overrides default command so things don't shut down after the process ends.
     command: sleep infinity
@@ -32,7 +32,7 @@ services:
 
 <%- if options[:redis] -%>
   redis:
-    image: redis:7.2
+    image: valkey/valkey:8
     restart: unless-stopped
     volumes:
     - redis-data:/data

data/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb

@@ -21,18 +21,20 @@ module Rails
 
           log ""
           add_key_file_silently(key_path, key)
+          ensure_key_files_are_ignored(key_path)
           log ""
         end
       end
 
       def add_key_file_silently(key_path, key = nil)
         create_file key_path, key || ActiveSupport::EncryptedFile.generate_key, perm: 0600
+        ensure_key_files_are_ignored_silently(key_path)
       end
 
-      def ignore_key_file(key_path, ignore: key_ignore(key_path))
+      def ensure_key_files_are_ignored(key_path, ignore: key_ignore(key_path))
         if File.exist?(".gitignore")
           unless File.read(".gitignore").include?(ignore)
-            log "Ignoring #{key_path} so it won't end up in Git history:"
+            log "Ignoring #{ignore} so it won't end up in Git history:"
             log ""
             append_to_file ".gitignore", ignore
             log ""
@@ -44,13 +46,23 @@ module Rails
         end
       end
 
-      def ignore_key_file_silently(key_path, ignore: key_ignore(key_path))
-        append_to_file ".gitignore", ignore if File.exist?(".gitignore")
+      def ensure_key_files_are_ignored_silently(key_path, ignore: key_ignore(key_path))
+        if File.exist?(".gitignore")
+          unless File.read(".gitignore").include?(ignore)
+            append_to_file ".gitignore", ignore
+          end
+        end
       end
 
       private
         def key_ignore(key_path)
-          [ "", "/#{key_path}", "" ].join("\n")
+          key_path = Pathname.new(key_path) unless key_path.is_a?(Pathname)
+          <<~IGNORE
+
+            # Ignore key files for decrypting credentials and more.
+            /#{key_path.dirname.join("*.key")}
+
+          IGNORE
         end
     end
   end

data/lib/rails/generators/rails/master_key/master_key_generator.rb

@@ -32,22 +32,10 @@ module Rails
         end
       end
 
-      def ignore_master_key_file
-        key_file_generator.ignore_key_file(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
-      def ignore_master_key_file_silently
-        key_file_generator.ignore_key_file_silently(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
       private
         def key_file_generator
           EncryptionKeyFileGenerator.new([], options)
         end
-
-        def key_ignore
-          [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n")
-        end
     end
   end
 end

data/lib/rails/generators/rails/plugin/templates/github/ci.yml.tt

@@ -3,22 +3,35 @@ name: CI
 on:
   pull_request:
   push:
-    branches: [ main ]
+    branches: [ <%= user_default_branch %> ]
 
 jobs:
 <%- unless skip_rubocop? -%>
   lint:
     runs-on: ubuntu-latest
+    env:
+      RUBY_VERSION: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+      RUBOCOP_CACHE_ROOT: tmp/rubocop
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true
 
+      - name: Prepare RuboCop cache
+        uses: actions/cache@v4
+        env:
+          DEPENDENCIES_HASH: ${{ hashFiles('**/.rubocop.yml', '**/.rubocop_todo.yml', 'Gemfile.lock') }}
+        with:
+          path: ${{ env.RUBOCOP_CACHE_ROOT }}
+          key: rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-${{ github.ref_name == github.event.repository.default_branch && github.run_id || 'default' }}
+          restore-keys: |
+            rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-
+
       - name: Lint code for consistent style
         run: bin/rubocop -f github
 
@@ -30,7 +43,7 @@ jobs:
     <%- if options[:database] == "sqlite3" -%>
     # services:
     #  redis:
-    #    image: redis
+    #    image: valkey/valkey:8
     #    ports:
     #      - 6379:6379
     #    options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
@@ -56,18 +69,15 @@ jobs:
       <%- end -%>
 
       # redis:
-      #   image: redis
+      #   image: valkey/valkey:8
       #   ports:
       #     - 6379:6379
       #   options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
 
     <%- end -%>
     steps:
-      - name: Install packages
-        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y <%= ci_packages.join(" ") %>
-
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
@@ -91,6 +101,7 @@ jobs:
           <%- elsif options[:database] == "postgresql" -%>
           DATABASE_URL: postgres://postgres:postgres@localhost:5432
           <%- end -%>
+          # RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
           # REDIS_URL: redis://localhost:6379/0
         run: <%= test_command %>
 

data/lib/rails/generators/rails/plugin/templates/github/dependabot.yml

@@ -3,10 +3,10 @@ updates:
 - package-ecosystem: bundler
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10
 - package-ecosystem: github-actions
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10

data/lib/rails/generators/rails/scaffold_controller/templates/api_controller.rb.tt

@@ -21,7 +21,7 @@ class <%= controller_class_name %>Controller < ApplicationController
     if @<%= orm_instance.save %>
       render json: <%= "@#{singular_table_name}" %>, status: :created, location: <%= "@#{singular_table_name}" %>
     else
-      render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity
+      render json: <%= "@#{orm_instance.errors}" %>, status: <%= ActionDispatch::Constants::UNPROCESSABLE_CONTENT.inspect %>
     end
   end
 
@@ -30,7 +30,7 @@ class <%= controller_class_name %>Controller < ApplicationController
     if @<%= orm_instance.update("#{singular_table_name}_params") %>
       render json: <%= "@#{singular_table_name}" %>
     else
-      render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity
+      render json: <%= "@#{orm_instance.errors}" %>, status: <%= ActionDispatch::Constants::UNPROCESSABLE_CONTENT.inspect %>
     end
   end
 

data/lib/rails/generators/rails/scaffold_controller/templates/controller.rb.tt

@@ -27,7 +27,7 @@ class <%= controller_class_name %>Controller < ApplicationController
     if @<%= orm_instance.save %>
       redirect_to <%= redirect_resource_name %>, notice: <%= %("#{human_name} was successfully created.") %>
     else
-      render :new, status: :unprocessable_entity
+      render :new, status: <%= ActionDispatch::Constants::UNPROCESSABLE_CONTENT.inspect %>
     end
   end
 
@@ -36,7 +36,7 @@ class <%= controller_class_name %>Controller < ApplicationController
     if @<%= orm_instance.update("#{singular_table_name}_params") %>
       redirect_to <%= redirect_resource_name %>, notice: <%= %("#{human_name} was successfully updated.") %>, status: :see_other
     else
-      render :edit, status: :unprocessable_entity
+      render :edit, status: <%= ActionDispatch::Constants::UNPROCESSABLE_CONTENT.inspect %>
     end
   end
 

data/lib/rails/generators/rails/script/USAGE

@@ -9,7 +9,7 @@ Example:
         script/my_script.rb
 
     You can run the script using:
-        `ruby script/my_script.rb`
+        `bin/rails runner script/my_script.rb`
 
     You can specify a folder:
         `bin/rails generate script cleanup/my_script`

data/lib/rails/generators/test_unit/authentication/authentication_generator.rb

@@ -9,6 +9,11 @@ module TestUnit # :nodoc:
         template "test/fixtures/users.yml"
         template "test/models/user_test.rb"
       end
+
+      def create_controller_test_files
+        template "test/controllers/sessions_controller_test.rb"
+        template "test/controllers/passwords_controller_test.rb"
+      end
     end
   end
 end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/passwords_controller_test.rb.tt

@@ -0,0 +1,67 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_password_path
+    assert_response :success
+  end
+
+  test "create" do
+    post passwords_path, params: { email_address: @user.email_address }
+    assert_enqueued_email_with PasswordsMailer, :reset, args: [ @user ]
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "create for an unknown user redirects but sends no mail" do
+    post passwords_path, params: { email_address: "missing-user@example.com" }
+    assert_enqueued_emails 0
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "edit" do
+    get edit_password_path(@user.password_reset_token)
+    assert_response :success
+  end
+
+  test "edit with invalid password reset token" do
+    get edit_password_path("invalid token")
+    assert_redirected_to new_password_path
+
+    follow_redirect!
+    assert_notice "reset link is invalid"
+  end
+
+  test "update" do
+    assert_changes -> { @user.reload.password_digest } do
+      put password_path(@user.password_reset_token), params: { password: "new", password_confirmation: "new" }
+      assert_redirected_to new_session_path
+    end
+
+    follow_redirect!
+    assert_notice "Password has been reset"
+  end
+
+  test "update with non matching passwords" do
+    token = @user.password_reset_token
+    assert_no_changes -> { @user.reload.password_digest } do
+      put password_path(token), params: { password: "no", password_confirmation: "match" }
+      assert_redirected_to edit_password_path(token)
+    end
+
+    follow_redirect!
+    assert_notice "Passwords did not match"
+  end
+
+  private
+    def assert_notice(text)
+      assert_select "div", /#{text}/
+    end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_session_path
+    assert_response :success
+  end
+
+  test "create with valid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    assert_redirected_to root_path
+    assert cookies[:session_id]
+  end
+
+  test "create with invalid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "wrong" }
+
+    assert_redirected_to new_session_path
+    assert_nil cookies[:session_id]
+  end
+
+  test "destroy" do
+    sign_in_as(User.take)
+
+    delete session_path
+
+    assert_redirected_to new_session_path
+    assert_empty cookies[:session_id]
+  end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/models/user_test.rb.tt

@@ -1,7 +1,8 @@
 require "test_helper"
 
 class UserTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  test "downcases and strips email_address" do
+    user = User.new(email_address: " DOWNCASED@EXAMPLE.COM ")
+    assert_equal("downcased@example.com", user.email_address)
+  end
 end

data/lib/rails/generators/test_unit/model/templates/fixtures.yml.tt

@@ -4,7 +4,7 @@
 <%= name %>:
 <% attributes.each do |attribute| -%>
   <%- if attribute.password_digest? -%>
-  password_digest: <%%= BCrypt::Password.create("secret") %>
+  password_digest: <%= BCrypt::Password.create("secret") %>  # Generated with BCrypt::Password.create("secret")
   <%- elsif attribute.reference? -%>
   <%= yaml_key_value(attribute.column_name.delete_suffix("_id"), attribute.default || name) %>
   <%- elsif !attribute.virtual? -%>

data/lib/rails/generators/testing/behavior.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/class/attribute"
-require "active_support/core_ext/module/delegation"
 require "active_support/core_ext/hash/reverse_merge"
 require "active_support/core_ext/kernel/reporting"
 require "active_support/testing/stream"
-require "active_support/concern"
 require "rails/generators"
 
 module Rails

data/lib/rails/generators.rb

@@ -157,7 +157,9 @@ module Rails
             "action_text:install",
             "action_mailbox:install",
             "devcontainer"
-          ]
+          ].tap do |h|
+            h << "test_unit" if test.to_s != "test_unit"
+          end
         end
       end
 

data/lib/rails/health_controller.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "action_controller"
+
 module Rails
   # Built-in Health Check Endpoint
   #
@@ -41,11 +43,17 @@ module Rails
 
     private
       def render_up
-        render html: html_status(color: "green")
+        respond_to do |format|
+          format.html { render html: html_status(color: "green") }
+          format.json { render json: { status: "up", timestamp: Time.current.iso8601 } }
+        end
       end
 
       def render_down
-        render html: html_status(color: "red"), status: 500
+        respond_to do |format|
+          format.html { render html: html_status(color: "red"), status: 500 }
+          format.json { render json: { status: "down", timestamp: Time.current.iso8601 }, status: 500 }
+        end
       end
 
       def html_status(color:)

data/lib/rails/info.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require "cgi"
+require "active_support/core_ext/erb/util"
 
 module Rails
   # This module helps build the runtime properties that are displayed in
@@ -43,11 +43,11 @@ module Rails
       def to_html
         (+"<table>").tap do |table|
           properties.each do |(name, value)|
-            table << %(<tr><td class="name">#{CGI.escapeHTML(name.to_s)}</td>)
+            table << %(<tr><td class="name">#{ERB::Util.html_escape(name.to_s)}</td>)
             formatted_value = if value.kind_of?(Array)
-              "<ul>" + value.map { |v| "<li>#{CGI.escapeHTML(v.to_s)}</li>" }.join + "</ul>"
+              "<ul>" + value.map { |v| "<li>#{ERB::Util.html_escape(v.to_s)}</li>" }.join + "</ul>"
             else
-              CGI.escapeHTML(value.to_s)
+              ERB::Util.html_escape(value.to_s)
             end
             table << %(<td class="value">#{formatted_value}</td></tr>)
           end

data/lib/rails/info_controller.rb

@@ -33,9 +33,8 @@ class Rails::InfoController < Rails::ApplicationController # :nodoc:
   end
 
   def notes
-    @annotations = Rails::SourceAnnotationExtractor.new(
-      Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
-    ).find(
+    tags = params[:tag].presence || Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
+    @annotations = Rails::SourceAnnotationExtractor.new(tags).find(
       Rails::SourceAnnotationExtractor::Annotation.directories
     )
   end