railties 8.0.3 → 8.1.0

data/lib/rails/generators/rails/master_key/master_key_generator.rb

@@ -32,22 +32,10 @@ module Rails
         end
       end
 
-      def ignore_master_key_file
-        key_file_generator.ignore_key_file(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
-      def ignore_master_key_file_silently
-        key_file_generator.ignore_key_file_silently(MASTER_KEY_PATH, ignore: key_ignore)
-      end
-
       private
         def key_file_generator
           EncryptionKeyFileGenerator.new([], options)
         end
-
-        def key_ignore
-          [ "", "# Ignore master key for decrypting credentials and more.", "/#{MASTER_KEY_PATH}", "" ].join("\n")
-        end
     end
   end
 end

data/lib/rails/generators/rails/plugin/plugin_generator.rb

@@ -124,6 +124,7 @@ module Rails
       opts[:force] = force
       opts[:skip_thruster] = true
       opts[:skip_brakeman] = true
+      opts[:skip_bundler_audit] = true
       opts[:skip_bundle] = true
       opts[:skip_ci] = true
       opts[:skip_kamal] = true

data/lib/rails/generators/rails/plugin/templates/Rakefile.tt

@@ -4,10 +4,6 @@ require "bundler/setup"
 APP_RAKEFILE = File.expand_path("<%= dummy_path -%>/Rakefile", __dir__)
 load "rails/tasks/engine.rake"
 <% end -%>
-<% if engine? -%>
-
-load "rails/tasks/statistics.rake"
-<% end -%>
 <% unless options[:skip_gemspec] -%>
 
 require "bundler/gem_tasks"

data/lib/rails/generators/rails/plugin/templates/github/ci.yml.tt

@@ -3,22 +3,35 @@ name: CI
 on:
   pull_request:
   push:
-    branches: [ main ]
+    branches: [ <%= user_default_branch %> ]
 
 jobs:
 <%- unless skip_rubocop? -%>
   lint:
     runs-on: ubuntu-latest
+    env:
+      RUBY_VERSION: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+      RUBOCOP_CACHE_ROOT: tmp/rubocop
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: <%= ENV["RBENV_VERSION"] || ENV["rvm_ruby_string"] || "#{RUBY_ENGINE}-#{RUBY_ENGINE_VERSION}" %>
+          ruby-version: ${{ env.RUBY_VERSION }}
           bundler-cache: true
 
+      - name: Prepare RuboCop cache
+        uses: actions/cache@v4
+        env:
+          DEPENDENCIES_HASH: ${{ hashFiles('**/.rubocop.yml', '**/.rubocop_todo.yml', 'Gemfile.lock') }}
+        with:
+          path: ${{ env.RUBOCOP_CACHE_ROOT }}
+          key: rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-${{ github.ref_name == github.event.repository.default_branch && github.run_id || 'default' }}
+          restore-keys: |
+            rubocop-${{ runner.os }}-${{ env.RUBY_VERSION }}-${{ env.DEPENDENCIES_HASH }}-
+
       - name: Lint code for consistent style
         run: bin/rubocop -f github
 
@@ -30,7 +43,7 @@ jobs:
     <%- if options[:database] == "sqlite3" -%>
     # services:
     #  redis:
-    #    image: redis
+    #    image: valkey/valkey:8
     #    ports:
     #      - 6379:6379
     #    options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
@@ -56,18 +69,15 @@ jobs:
       <%- end -%>
 
       # redis:
-      #   image: redis
+      #   image: valkey/valkey:8
       #   ports:
       #     - 6379:6379
       #   options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
 
     <%- end -%>
     steps:
-      - name: Install packages
-        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y <%= ci_packages.join(" ") %>
-
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
@@ -91,6 +101,7 @@ jobs:
           <%- elsif options[:database] == "postgresql" -%>
           DATABASE_URL: postgres://postgres:postgres@localhost:5432
           <%- end -%>
+          # RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
           # REDIS_URL: redis://localhost:6379/0
         run: <%= test_command %>
 

data/lib/rails/generators/rails/plugin/templates/github/dependabot.yml

@@ -3,10 +3,10 @@ updates:
 - package-ecosystem: bundler
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10
 - package-ecosystem: github-actions
   directory: "/"
   schedule:
-    interval: daily
+    interval: weekly
   open-pull-requests-limit: 10

data/lib/rails/generators/rails/script/USAGE

@@ -9,7 +9,7 @@ Example:
         script/my_script.rb
 
     You can run the script using:
-        `ruby script/my_script.rb`
+        `bin/rails runner script/my_script.rb`
 
     You can specify a folder:
         `bin/rails generate script cleanup/my_script`

data/lib/rails/generators/test_unit/authentication/authentication_generator.rb

@@ -10,9 +10,22 @@ module TestUnit # :nodoc:
         template "test/models/user_test.rb"
       end
 
+      def create_controller_test_files
+        template "test/controllers/sessions_controller_test.rb"
+        template "test/controllers/passwords_controller_test.rb"
+      end
+
       def create_mailer_preview_files
         template "test/mailers/previews/passwords_mailer_preview.rb" if defined?(ActionMailer::Railtie)
       end
+
+      def create_test_helper_files
+        template "test/test_helpers/session_test_helper.rb"
+      end
+
+      def configure_test_helper
+        inject_into_file "test/test_helper.rb", "require_relative \"test_helpers/session_test_helper\"\n", after: "require \"rails/test_help\"\n"
+      end
     end
   end
 end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/passwords_controller_test.rb.tt

@@ -0,0 +1,67 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_password_path
+    assert_response :success
+  end
+
+  test "create" do
+    post passwords_path, params: { email_address: @user.email_address }
+    assert_enqueued_email_with PasswordsMailer, :reset, args: [ @user ]
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "create for an unknown user redirects but sends no mail" do
+    post passwords_path, params: { email_address: "missing-user@example.com" }
+    assert_enqueued_emails 0
+    assert_redirected_to new_session_path
+
+    follow_redirect!
+    assert_notice "reset instructions sent"
+  end
+
+  test "edit" do
+    get edit_password_path(@user.password_reset_token)
+    assert_response :success
+  end
+
+  test "edit with invalid password reset token" do
+    get edit_password_path("invalid token")
+    assert_redirected_to new_password_path
+
+    follow_redirect!
+    assert_notice "reset link is invalid"
+  end
+
+  test "update" do
+    assert_changes -> { @user.reload.password_digest } do
+      put password_path(@user.password_reset_token), params: { password: "new", password_confirmation: "new" }
+      assert_redirected_to new_session_path
+    end
+
+    follow_redirect!
+    assert_notice "Password has been reset"
+  end
+
+  test "update with non matching passwords" do
+    token = @user.password_reset_token
+    assert_no_changes -> { @user.reload.password_digest } do
+      put password_path(token), params: { password: "no", password_confirmation: "match" }
+      assert_redirected_to edit_password_path(token)
+    end
+
+    follow_redirect!
+    assert_notice "Passwords did not match"
+  end
+
+  private
+    def assert_notice(text)
+      assert_select "div", /#{text}/
+    end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/controllers/sessions_controller_test.rb

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup { @user = User.take }
+
+  test "new" do
+    get new_session_path
+    assert_response :success
+  end
+
+  test "create with valid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "password" }
+
+    assert_redirected_to root_path
+    assert cookies[:session_id]
+  end
+
+  test "create with invalid credentials" do
+    post session_path, params: { email_address: @user.email_address, password: "wrong" }
+
+    assert_redirected_to new_session_path
+    assert_nil cookies[:session_id]
+  end
+
+  test "destroy" do
+    sign_in_as(User.take)
+
+    delete session_path
+
+    assert_redirected_to new_session_path
+    assert_empty cookies[:session_id]
+  end
+end

data/lib/rails/generators/test_unit/authentication/templates/test/models/user_test.rb.tt

@@ -1,7 +1,8 @@
 require "test_helper"
 
 class UserTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  test "downcases and strips email_address" do
+    user = User.new(email_address: " DOWNCASED@EXAMPLE.COM ")
+    assert_equal("downcased@example.com", user.email_address)
+  end
 end

data/lib/rails/generators/test_unit/authentication/templates/test/test_helpers/session_test_helper.rb.tt

@@ -0,0 +1,19 @@
+module SessionTestHelper
+  def sign_in_as(user)
+    Current.session = user.sessions.create!
+
+    ActionDispatch::TestRequest.create.cookie_jar.tap do |cookie_jar|
+      cookie_jar.signed[:session_id] = Current.session.id
+      cookies["session_id"] = cookie_jar[:session_id]
+    end
+  end
+
+  def sign_out
+    Current.session&.destroy!
+    cookies.delete("session_id")
+  end
+end
+
+ActiveSupport.on_load(:action_dispatch_integration_test) do
+  include SessionTestHelper
+end

data/lib/rails/generators/test_unit/model/templates/fixtures.yml.tt

@@ -4,7 +4,7 @@
 <%= name %>:
 <% attributes.each do |attribute| -%>
   <%- if attribute.password_digest? -%>
-  password_digest: <%%= BCrypt::Password.create("secret") %>
+  password_digest: <%= BCrypt::Password.create("secret") %>  # Generated with BCrypt::Password.create("secret")
   <%- elsif attribute.reference? -%>
   <%= yaml_key_value(attribute.column_name.delete_suffix("_id"), attribute.default || name) %>
   <%- elsif !attribute.virtual? -%>

data/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb

@@ -14,7 +14,7 @@ module TestUnit # :nodoc:
                          desc: "Generate API functional tests"
 
       class_option :system_tests, type: :string,
-                         desc: "Skip system test files"
+                         desc: "Generate system test files (set to 'true' to enable)"
 
       argument :attributes, type: :array, default: [], banner: "field:type field:type"
 
@@ -23,7 +23,9 @@ module TestUnit # :nodoc:
         template template_file,
                  File.join("test/controllers", controller_class_path, "#{controller_file_name}_controller_test.rb")
 
-        if !options.api? && options[:system_tests]
+        # Generate system tests if this isn't an API only app and the system
+        # tests option is true
+        if !options.api? && options[:system_tests] == "true"
           template "system_test.rb", File.join("test/system", class_path, "#{file_name.pluralize}_test.rb")
         end
       end

data/lib/rails/generators/testing/behavior.rb

@@ -1,11 +1,8 @@
 # frozen_string_literal: true
 
-require "active_support/core_ext/class/attribute"
-require "active_support/core_ext/module/delegation"
 require "active_support/core_ext/hash/reverse_merge"
 require "active_support/core_ext/kernel/reporting"
 require "active_support/testing/stream"
-require "active_support/concern"
 require "rails/generators"
 
 module Rails

data/lib/rails/generators.rb

@@ -157,7 +157,9 @@ module Rails
             "action_text:install",
             "action_mailbox:install",
             "devcontainer"
-          ]
+          ].tap do |h|
+            h << "test_unit" if test.to_s != "test_unit"
+          end
         end
       end
 

data/lib/rails/health_controller.rb

@@ -43,11 +43,17 @@ module Rails
 
     private
       def render_up
-        render html: html_status(color: "green")
+        respond_to do |format|
+          format.html { render html: html_status(color: "green") }
+          format.json { render json: { status: "up", timestamp: Time.current.iso8601 } }
+        end
       end
 
       def render_down
-        render html: html_status(color: "red"), status: 500
+        respond_to do |format|
+          format.html { render html: html_status(color: "red"), status: 500 }
+          format.json { render json: { status: "down", timestamp: Time.current.iso8601 }, status: 500 }
+        end
       end
 
       def html_status(color:)

data/lib/rails/info.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-require "cgi/escape"
-require "cgi/util" if RUBY_VERSION < "3.5"
+require "active_support/core_ext/erb/util"
 
 module Rails
   # This module helps build the runtime properties that are displayed in
@@ -44,11 +43,11 @@ module Rails
       def to_html
         (+"<table>").tap do |table|
           properties.each do |(name, value)|
-            table << %(<tr><td class="name">#{CGI.escapeHTML(name.to_s)}</td>)
+            table << %(<tr><td class="name">#{ERB::Util.html_escape(name.to_s)}</td>)
             formatted_value = if value.kind_of?(Array)
-              "<ul>" + value.map { |v| "<li>#{CGI.escapeHTML(v.to_s)}</li>" }.join + "</ul>"
+              "<ul>" + value.map { |v| "<li>#{ERB::Util.html_escape(v.to_s)}</li>" }.join + "</ul>"
             else
-              CGI.escapeHTML(value.to_s)
+              ERB::Util.html_escape(value.to_s)
             end
             table << %(<td class="value">#{formatted_value}</td></tr>)
           end

data/lib/rails/info_controller.rb

@@ -27,15 +27,14 @@ class Rails::InfoController < Rails::ApplicationController # :nodoc:
         fuzzy: matching_routes(query: query, exact_match: false)
       }
     else
-      @routes_inspector = ActionDispatch::Routing::RoutesInspector.new(_routes.routes)
+      @routes_inspector = ActionDispatch::Routing::RoutesInspector.new(Rails.application.routes.routes)
       @page_title = "Routes"
     end
   end
 
   def notes
-    @annotations = Rails::SourceAnnotationExtractor.new(
-      Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
-    ).find(
+    tags = params[:tag].presence || Rails::SourceAnnotationExtractor::Annotation.tags.join("|")
+    @annotations = Rails::SourceAnnotationExtractor.new(tags).find(
       Rails::SourceAnnotationExtractor::Annotation.directories
     )
   end
@@ -47,7 +46,7 @@ class Rails::InfoController < Rails::ApplicationController # :nodoc:
       normalized_path = ("/" + query).squeeze("/")
       query_without_url_or_path_suffix = query.gsub(/(\w)(_path$)/, '\1').gsub(/(\w)(_url$)/, '\1')
 
-      _routes.routes.filter_map do |route|
+      Rails.application.routes.routes.filter_map do |route|
         route_wrapper = ActionDispatch::Routing::RouteWrapper.new(route)
 
         if exact_match

data/lib/rails/initializable.rb

@@ -9,23 +9,15 @@ module Rails
     end
 
     class Initializer
-      attr_reader :name, :block
+      attr_reader :name, :block, :before, :after
 
-      def initialize(name, context, options, &block)
-        options[:group] ||= :default
-        @name, @context, @options, @block = name, context, options, block
-      end
-
-      def before
-        @options[:before]
-      end
-
-      def after
-        @options[:after]
+      def initialize(name, context, before:, after:, group: nil, &block)
+        @group = group || :default
+        @name, @before, @after, @context, @block = name, before, after, context, block
       end
 
       def belongs_to?(group)
-        @options[:group] == group || @options[:group] == :all
+        @group == group || @group == :all
       end
 
       def run(*args)
@@ -34,7 +26,7 @@ module Rails
 
       def bind(context)
         return self if @context
-        Initializer.new(@name, context, @options, &block)
+        Initializer.new(@name, context, before:, after:, group: @group, &block)
       end
 
       def context_class
@@ -42,16 +34,66 @@ module Rails
       end
     end
 
-    class Collection < Array
+    class Collection
+      include Enumerable
       include TSort
 
+      delegate_missing_to :@collection
+
+      def initialize(initializers = nil)
+        @order = Hash.new { |hash, key| hash[key] = Set.new }
+        @resolve = Hash.new { |hash, key| hash[key] = Set.new }
+        @collection = []
+        concat(initializers) if initializers
+      end
+
+      def to_a
+        @collection
+      end
+
+      def last
+        @collection.last
+      end
+
+      def each(&block)
+        @collection.each(&block)
+      end
+
       alias :tsort_each_node :each
       def tsort_each_child(initializer, &block)
-        select { |i| i.before == initializer.name || i.name == initializer.after }.each(&block)
+        @order[initializer.name].each do |name|
+          @resolve[name].each(&block)
+        end
       end
 
       def +(other)
-        Collection.new(to_a + other.to_a)
+        dup.concat(other.to_a)
+      end
+
+      def <<(initializer)
+        @collection << initializer
+        @order[initializer.before] << initializer.name if initializer.before
+        @order[initializer.name] << initializer.after if initializer.after
+        @resolve[initializer.name] << initializer
+        self
+      end
+
+      def push(*initializers)
+        initializers.each(&method(:<<))
+        self
+      end
+
+      alias_method(:append, :push)
+
+      def concat(*initializer_collections)
+        initializer_collections.each do |initializers|
+          initializers.each(&method(:<<))
+        end
+        self
+      end
+
+      def has?(name)
+        @resolve.key?(name)
       end
     end
 
@@ -87,8 +129,10 @@ module Rails
 
       def initializer(name, opts = {}, &blk)
         raise ArgumentError, "A block must be passed when defining an initializer" unless blk
-        opts[:after] ||= initializers.last.name unless initializers.empty? || initializers.find { |i| i.name == opts[:before] }
-        initializers << Initializer.new(name, nil, opts, &blk)
+        opts[:after] ||= initializers.last&.name unless initializers.has?(opts[:before])
+        initializers << Initializer.new(
+          name, nil, before: opts[:before], after: opts[:after], group: opts[:group], &blk
+        )
       end
     end
   end

data/lib/rails/rack/silence_request.rb

@@ -10,11 +10,14 @@ module Rails
     # This is useful for preventing recurring requests like health checks from clogging the logging.
     # This middleware is used to do just that against the path /up in production by default.
     #
-    # Example:
+    # Examples:
     #
     #   config.middleware.insert_before \
     #     Rails::Rack::Logger, Rails::Rack::SilenceRequest, path: "/up"
     #
+    #   config.middleware.insert_before \
+    #     Rails::Rack::Logger, Rails::Rack::SilenceRequest, path: /test$/
+    #
     # This middleware can also be configured using `config.silence_healthcheck_path = "/up"` in Rails.
     class SilenceRequest
       def initialize(app, path:)
@@ -22,7 +25,7 @@ module Rails
       end
 
       def call(env)
-        if env["PATH_INFO"] == @path
+        if @path === env["PATH_INFO"]
           Rails.logger.silence { @app.call(env) }
         else
           @app.call(env)

data/lib/rails/railtie/configurable.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "active_support/concern"
 
 module Rails
   class Railtie

data/lib/rails/railtie.rb

@@ -4,7 +4,6 @@ require "rails/initializable"
 require "active_support/descendants_tracker"
 require "active_support/inflector"
 require "active_support/core_ext/module/introspection"
-require "active_support/core_ext/module/delegation"
 
 module Rails
   # +Rails::Railtie+ is the core of the \Rails framework and provides

data/lib/rails/tasks/statistics.rake

@@ -1,23 +1,5 @@
 # frozen_string_literal: true
 
-require "rails/code_statistics"
-STATS_DIRECTORIES = ActiveSupport::Deprecation::DeprecatedObjectProxy.new(
-  Rails::CodeStatistics::DIRECTORIES,
-  "`STATS_DIRECTORIES` is deprecated and will be removed in Rails 8.1! Use `Rails::CodeStatistics.register_directory('My Directory', 'path/to/dir)` instead.",
-  Rails.deprecator
-)
-
-desc "Report code statistics (KLOCs, etc) from the application or engine"
-task :stats do
-  require "rails/code_statistics"
-  stat_directories = STATS_DIRECTORIES.collect do |name, dir|
-    [ name, "#{File.dirname(Rake.application.rakefile_location)}/#{dir}" ]
-  end.select { |name, dir| File.directory?(dir) }
-
-  $stderr.puts Rails.deprecator.warn(<<~MSG, caller_locations(0..1))
-  `bin/rake stats` has been deprecated and will be removed in Rails 8.1.
-  Please use `bin/rails stats` as Rails command instead.\n
-  MSG
-
-  Rails::CodeStatistics.new(*stat_directories).to_s
-end
+Rails.deprecator.warn <<~TEXT
+  rails/tasks/statistics.rake is deprecated and will be removed in Rails 8.2 without replacement.
+TEXT

data/lib/rails/tasks.rb

@@ -10,8 +10,6 @@ require "rake"
   tmp
   yarn
   zeitwerk
-).tap { |arr|
-  arr << "statistics" if Rake.application.current_scope.empty?
-}.each do |task|
+).each do |task|
   load "rails/tasks/#{task}.rake"
 end

data/lib/rails/templates/rails/info/notes.html.erb

@@ -33,12 +33,35 @@
       background: #282828;
     }
   }
+
+  .filter {
+    display: flex;
+    width: 100%;
+    justify-content: flex-end;
+    align-items: center;
+  }
+
+  .filter label[for="tag"] {
+    margin-right: 10px;
+  }
+
+  .filter select[name="tag"] {
+    border-radius: 8px;
+    padding: 0.25em;
+  }
 </style>
 
 <h2>
   Notes
 </h2>
 
+<div class="filter">
+  <%= form_tag("/rails/info/notes", method: :get) do %>
+    <%= label_tag :tag, "Filter by Tag:" %>
+    <%= select_tag(:tag, options_for_select(Rails::SourceAnnotationExtractor::Annotation.tags, params[:tag]), { include_blank: "All", onchange: "this.form.submit();" }) %>
+  <% end %>
+</div>
+
 <table id="route_table" class="table">
   <thead>
     <th>File Name</th>