railties 8.0.3 → 8.1.0.beta1

data/lib/rails/generators/rails/devcontainer/templates/devcontainer/compose.yaml.tt

@@ -7,7 +7,7 @@ services:
       dockerfile: .devcontainer/Dockerfile
 
     volumes:
-    - ../..:/workspaces:cached
+    - ../../<%= options[:app_name] %>:/workspaces/<%= options[:app_name] %>:cached
 
     # Overrides default command so things don't shut down after the process ends.
     command: sleep infinity
@@ -32,7 +32,7 @@ services:
 
 <%- if options[:redis] -%>
   redis:
-    image: redis:7.2
+    image: valkey/valkey:8
     restart: unless-stopped
     volumes:
     - redis-data:/data

data/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb

@@ -21,18 +21,20 @@ module Rails
 
           log ""
           add_key_file_silently(key_path, key)
+          ensure_key_files_are_ignored(key_path)
           log ""
         end
       end
 
       def add_key_file_silently(key_path, key = nil)
         create_file key_path, key || ActiveSupport::EncryptedFile.generate_key, perm: 0600
+        ensure_key_files_are_ignored_silently(key_path)
       end
 
-      def ignore_key_file(key_path, ignore: key_ignore(key_path))
+      def ensure_key_files_are_ignored(key_path, ignore: key_ignore(key_path))
         if File.exist?(".gitignore")
           unless File.read(".gitignore").include?(ignore)
-            log "Ignoring #{key_path} so it won't end up in Git history:"
+            log "Ignoring #{ignore} so it won't end up in Git history:"
             log ""
             append_to_file ".gitignore", ignore
             log ""
@@ -44,13 +46,23 @@ module Rails
         end
       end
 
-      def ignore_key_file_silently(key_path, ignore: key_ignore(key_path))
-        append_to_file ".gitignore", ignore if File.exist?(".gitignore")
+      def ensure_key_files_are_ignored_silently(key_path, ignore: key_ignore(key_path))
+        if File.exist?(".gitignore")
+          unless File.read(".gitignore").include?(ignore)
+            append_to_file ".gitignore", ignore
+          end
+        end
       end
 
       private
         def key_ignore(key_path)
-          [ "", "/#{key_path}", "" ].join("\n")
+          key_path = Pathname.new(key_path) unless key_path.is_a?(Pathname)
+          <<~IGNORE
+
+            # Ignore key files for decrypting credentials and more.
+            /#{key_path.dirname.join("*.key")}
+
+          IGNORE
         end
     end
   end

data/lib/rails/generators/rails/master_key/master_key_generator.rb

@@ -32,22 +32,10 @@ module Rails
         end
       end
 
-      def ignore_master_key_file
-        key_file_generator.ignore_key_file(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
-      def ignore_master_key_file_silently
-        key_file_generator.ignore_key_file_silently(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
       private
         def key_file_generator
           EncryptionKeyFileGenerator.new([], options)
         end
-
-        def key_ignore
-          [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n")
-        end
     end
   end
 end

data/lib/rails/generators/rails/plugin/templates/github/ci.yml.tt

@@ -3,22 +3,35 @@ name: CI
 on:
   pull_request:
   push:
-    branches: [ main ]
+    branches: [ <%= user_default_branch %> ]
 
 jobs:
 <%- unless skip_rubocop? -%>
   lint:
     runs-on: ubuntu-latest
+    env:
+      RUBY_VERSION: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+      RUBOCOP_CACHE_ROOT: tmp/rubocop
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true
 
+      - name: Prepare RuboCop cache
+        uses: actions/cache@v4
+        env:
+          DEPENDENCIES_HASH: ${{ hashFiles('**/.rubocop.yml', '**/.rubocop_todo.yml', 'Gemfile.lock') }}
+        with:
+          path: ${{ env.RUBOCOP_CACHE_ROOT }}
+          key: rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-${{ github.ref_name == github.event.repository.default_branch && github.run_id || 'default' }}
+          restore-keys: |
+            rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-
+
       - name: Lint code for consistent style
         run: bin/rubocop -f github
 
@@ -30,7 +43,7 @@ jobs:
     <%- if options[:database] == "sqlite3" -%>
     # services:
     #  redis:
-    #    image: redis
+    #    image: valkey/valkey:8
     #    ports:
     #      - 6379:6379
     #    options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
@@ -56,18 +69,15 @@ jobs:
       <%- end -%>
 
       # redis:
-      #   image: redis
+      #   image: valkey/valkey:8
       #   ports:
       #     - 6379:6379
       #   options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
 
     <%- end -%>
     steps:
-      - name: Install packages
-        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y <%= ci_packages.join(" ") %>
-
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
@@ -91,6 +101,7 @@ jobs:
           <%- elsif options[:database] == "postgresql" -%>
           DATABASE_URL: postgres://postgres:postgres@localhost:5432
           <%- end -%>
+          # RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
           # REDIS_URL: redis://localhost:6379/0
         run: <%= test_command %>
 

data/lib/rails/generators/rails/plugin/templates/github/dependabot.yml

@@ -3,10 +3,10 @@ updates:
 - package-ecosystem: bundler
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10
 - package-ecosystem: github-actions
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10

data/lib/rails/generators/rails/script/USAGE

@@ -9,7 +9,7 @@ Example:
         script/my_script.rb
 
     You can run the script using:
-        `ruby script/my_script.rb`
+        `bin/rails runner script/my_script.rb`
 
     You can specify a folder:
         `bin/rails generate script cleanup/my_script`

data/lib/rails/generators/test_unit/authentication/authentication_generator.rb

@@ -10,8 +10,9 @@ module TestUnit # :nodoc:
         template "test/models/user_test.rb"
       end
 
-      def create_mailer_preview_files
-        template "test/mailers/previews/passwords_mailer_preview.rb" if defined?(ActionMailer::Railtie)
+      def create_controller_test_files
+        template "test/controllers/sessions_controller_test.rb"
+        template "test/controllers/passwords_controller_test.rb"
       end
     end
   end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/passwords_controller_test.rb.tt

@@ -0,0 +1,67 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_password_path
+    assert_response :success
+  end
+
+  test "create" do
+    post passwords_path, params: { email_address: @user.email_address }
+    assert_enqueued_email_with PasswordsMailer, :reset, args: [ @user ]
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "create for an unknown user redirects but sends no mail" do
+    post passwords_path, params: { email_address: "missing-user@example.com" }
+    assert_enqueued_emails 0
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "edit" do
+    get edit_password_path(@user.password_reset_token)
+    assert_response :success
+  end
+
+  test "edit with invalid password reset token" do
+    get edit_password_path("invalid token")
+    assert_redirected_to new_password_path
+
+    follow_redirect!
+    assert_notice "reset link is invalid"
+  end
+
+  test "update" do
+    assert_changes -> { @user.reload.password_digest } do
+      put password_path(@user.password_reset_token), params: { password: "new", password_confirmation: "new" }
+      assert_redirected_to new_session_path
+    end
+
+    follow_redirect!
+    assert_notice "Password has been reset"
+  end
+
+  test "update with non matching passwords" do
+    token = @user.password_reset_token
+    assert_no_changes -> { @user.reload.password_digest } do
+      put password_path(token), params: { password: "no", password_confirmation: "match" }
+      assert_redirected_to edit_password_path(token)
+    end
+
+    follow_redirect!
+    assert_notice "Passwords did not match"
+  end
+
+  private
+    def assert_notice(text)
+      assert_select "div", /#{text}/
+    end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_session_path
+    assert_response :success
+  end
+
+  test "create with valid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    assert_redirected_to root_path
+    assert cookies[:session_id]
+  end
+
+  test "create with invalid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "wrong" }
+
+    assert_redirected_to new_session_path
+    assert_nil cookies[:session_id]
+  end
+
+  test "destroy" do
+    sign_in_as(User.take)
+
+    delete session_path
+
+    assert_redirected_to new_session_path
+    assert_empty cookies[:session_id]
+  end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/models/user_test.rb.tt

@@ -1,7 +1,8 @@
 require "test_helper"
 
 class UserTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  test "downcases and strips email_address" do
+    user = User.new(email_address: " DOWNCASED@EXAMPLE.COM ")
+    assert_equal("downcased@example.com", user.email_address)
+  end
 end

data/lib/rails/generators/test_unit/model/templates/fixtures.yml.tt

@@ -4,7 +4,7 @@
 <%= name %>:
 <% attributes.each do |attribute| -%>
   <%- if attribute.password_digest? -%>
-  password_digest: <%%= BCrypt::Password.create("secret") %>
+  password_digest: <%= BCrypt::Password.create("secret") %>  # Generated with BCrypt::Password.create("secret")
   <%- elsif attribute.reference? -%>
   <%= yaml_key_value(attribute.column_name.delete_suffix("_id"), attribute.default || name) %>
   <%- elsif !attribute.virtual? -%>

data/lib/rails/generators/testing/behavior.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/class/attribute"
-require "active_support/core_ext/module/delegation"
 require "active_support/core_ext/hash/reverse_merge"
 require "active_support/core_ext/kernel/reporting"
 require "active_support/testing/stream"
-require "active_support/concern"
 require "rails/generators"
 
 module Rails

data/lib/rails/generators.rb

@@ -157,7 +157,9 @@ module Rails
             "action_text:install",
             "action_mailbox:install",
             "devcontainer"
-          ]
+          ].tap do |h|
+            h << "test_unit" if test.to_s != "test_unit"
+          end
         end
       end
 

data/lib/rails/health_controller.rb

@@ -43,11 +43,17 @@ module Rails
 
     private
       def render_up
-        render html: html_status(color: "green")
+        respond_to do |format|
+          format.html { render html: html_status(color: "green") }
+          format.json { render json: { status: "up", timestamp: Time.current.iso8601 } }
+        end
       end
 
       def render_down
-        render html: html_status(color: "red"), status: 500
+        respond_to do |format|
+          format.html { render html: html_status(color: "red"), status: 500 }
+          format.json { render json: { status: "down", timestamp: Time.current.iso8601 }, status: 500 }
+        end
       end
 
       def html_status(color:)

data/lib/rails/info.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-require "cgi/escape"
-require "cgi/util" if RUBY_VERSION < "3.5"
+require "active_support/core_ext/erb/util"
 
 module Rails
   # This module helps build the runtime properties that are displayed in
@@ -44,11 +43,11 @@ module Rails
       def to_html
         (+"<table>").tap do |table|
           properties.each do |(name, value)|
-            table << %(<tr><td class="name">#{CGI.escapeHTML(name.to_s)}</td>)
+            table << %(<tr><td class="name">#{ERB::Util.html_escape(name.to_s)}</td>)
             formatted_value = if value.kind_of?(Array)
-              "<ul>" + value.map { |v| "<li>#{CGI.escapeHTML(v.to_s)}</li>" }.join + "</ul>"
+              "<ul>" + value.map { |v| "<li>#{ERB::Util.html_escape(v.to_s)}</li>" }.join + "</ul>"
             else
-              CGI.escapeHTML(value.to_s)
+              ERB::Util.html_escape(value.to_s)
             end
             table << %(<td class="value">#{formatted_value}</td></tr>)
           end

data/lib/rails/info_controller.rb

@@ -33,9 +33,8 @@ class Rails::InfoController < Rails::ApplicationController # :nodoc:
   end
 
   def notes
-    @annotations = Rails::SourceAnnotationExtractor.new(
-      Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
-    ).find(
+    tags = params[:tag].presence || Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
+    @annotations = Rails::SourceAnnotationExtractor.new(tags).find(
       Rails::SourceAnnotationExtractor::Annotation.directories
     )
   end

data/lib/rails/initializable.rb

@@ -9,23 +9,15 @@ module Rails
     end
 
     class Initializer
-      attr_reader :name, :block
+      attr_reader :name, :block, :before, :after
 
-      def initialize(name, context, options, &block)
-        options[:group] ||= :default
-        @name, @context, @options, @block = name, context, options, block
-      end
-
-      def before
-        @options[:before]
-      end
-
-      def after
-        @options[:after]
+      def initialize(name, context, before:, after:, group: nil, &block)
+        @group = group || :default
+        @name, @before, @after, @context, @block = name, before, after, context, block
       end
 
       def belongs_to?(group)
-        @options[:group] == group || @options[:group] == :all
+        @group == group || @group == :all
       end
 
       def run(*args)
@@ -34,7 +26,7 @@ module Rails
 
       def bind(context)
         return self if @context
-        Initializer.new(@name, context, @options, &block)
+        Initializer.new(@name, context, before:, after:, group: @group, &block)
       end
 
       def context_class
@@ -42,16 +34,66 @@ module Rails
       end
     end
 
-    class Collection < Array
+    class Collection
+      include Enumerable
       include TSort
 
+      delegate_missing_to :@collection
+
+      def initialize(initializers = nil)
+        @order = Hash.new { |hash, key| hash[key] = Set.new }
+        @resolve = Hash.new { |hash, key| hash[key] = Set.new }
+        @collection = []
+        concat(initializers) if initializers
+      end
+
+      def to_a
+        @collection
+      end
+
+      def last
+        @collection.last
+      end
+
+      def each(&block)
+        @collection.each(&block)
+      end
+
       alias :tsort_each_node :each
       def tsort_each_child(initializer, &block)
-        select { |i| i.before == initializer.name || i.name == initializer.after }.each(&block)
+        @order[initializer.name].each do |name|
+          @resolve[name].each(&block)
+        end
       end
 
       def +(other)
-        Collection.new(to_a + other.to_a)
+        dup.concat(other.to_a)
+      end
+
+      def <<(initializer)
+        @collection << initializer
+        @order[initializer.before] << initializer.name if initializer.before
+        @order[initializer.name] << initializer.after if initializer.after
+        @resolve[initializer.name] << initializer
+        self
+      end
+
+      def push(*initializers)
+        initializers.each(&method(:<<))
+        self
+      end
+
+      alias_method(:append, :push)
+
+      def concat(*initializer_collections)
+        initializer_collections.each do |initializers|
+          initializers.each(&method(:<<))
+        end
+        self
+      end
+
+      def has?(name)
+        @resolve.key?(name)
       end
     end
 
@@ -87,8 +129,10 @@ module Rails
 
       def initializer(name, opts = {}, &blk)
         raise ArgumentError, "A block must be passed when defining an initializer" unless blk
-        opts[:after] ||= initializers.last.name unless initializers.empty? || initializers.find { |i| i.name == opts[:before] }
-        initializers << Initializer.new(name, nil, opts, &blk)
+        opts[:after] ||= initializers.last&.name unless initializers.has?(opts[:before])
+        initializers << Initializer.new(
+          name, nil, before: opts[:before], after: opts[:after], group: opts[:group], &blk
+        )
       end
     end
   end

data/lib/rails/rack/silence_request.rb

@@ -10,11 +10,14 @@ module Rails
     # This is useful for preventing recurring requests like health checks from clogging the logging.
     # This middleware is used to do just that against the path /up in production by default.
     #
-    # Example:
+    # Examples:
     #
     #   config.middleware.insert_before \
     #     Rails::Rack::Logger, Rails::Rack::SilenceRequest, path: "/up"
     #
+    #   config.middleware.insert_before \
+    #     Rails::Rack::Logger, Rails::Rack::SilenceRequest, path: /test$/
+    #
     # This middleware can also be configured using `config.silence_healthcheck_path = "/up"` in Rails.
     class SilenceRequest
       def initialize(app, path:)
@@ -22,7 +25,7 @@ module Rails
       end
 
       def call(env)
-        if env["PATH_INFO"] == @path
+        if @path === env["PATH_INFO"]
           Rails.logger.silence { @app.call(env) }
         else
           @app.call(env)

data/lib/rails/railtie/configurable.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/concern"
 
 module Rails
   class Railtie

data/lib/rails/railtie.rb

@@ -4,7 +4,6 @@ require "rails/initializable"
 require "active_support/descendants_tracker"
 require "active_support/inflector"
 require "active_support/core_ext/module/introspection"
-require "active_support/core_ext/module/delegation"
 
 module Rails
   # +Rails::Railtie+ is the core of the \Rails framework and provides

data/lib/rails/templates/rails/info/notes.html.erb

@@ -33,12 +33,35 @@
       background: #282828;
     }
   }
+
+  .filter {
+    display: flex;
+    width: 100%;
+    justify-content: flex-end;
+    align-items: center;
+  }
+
+  .filter label[for="tag"] {
+    margin-right: 10px;
+  }
+
+  .filter select[name="tag"] {
+    border-radius: 8px;
+    padding: 0.25em;
+  }
 </style>
 
 <h2>
   Notes
 </h2>
 
+<div class="filter">
+  <%= form_tag("/rails/info/notes", method: :get) do %>
+    <%= label_tag :tag, "Filter by Tag:" %>
+    <%= select_tag(:tag, options_for_select(Rails::SourceAnnotationExtractor::Annotation.tags, params[:tag]), { include_blank: "All", onchange: "this.form.submit();" }) %>
+  <% end %>
+</div>
+
 <table id="route_table" class="table">
   <thead>
     <th>File Name</th>

data/lib/rails/templates/rails/mailers/email.html.erb

@@ -9,6 +9,8 @@
 
   body {
     margin: 0;
+    display: flex;
+    flex-direction: column;
   }
 
   header {
@@ -18,7 +20,6 @@
     background: white;
     font: 12px "Lucida Grande", sans-serif;
     border-bottom: 1px solid #dedede;
-    overflow: hidden;
   }
 
   dl {
@@ -155,7 +156,7 @@
     <% end %>
 
     <dt>EML File:</dt>
-    <dd><%= link_to "Download", action: :download, locale: params[:locale] %></dd>
+    <dd><%= link_to "Download", action: :download %></dd>
   </dl>
 </header>