From 6aa0e242aa571117f0fbef58ceacd1193a2b7c06 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 13 Feb 2022 10:25:06 +0100 Subject: [PATCH] Upgrade to Rails 6.1 --- Gemfile | 4 +- Gemfile.lock | 138 +++++++++--------- bin/rails | 5 +- bin/rake | 5 +- bin/setup | 8 +- bin/spring | 21 ++- bin/yarn | 12 +- config.ru | 1 + config/application.rb | 35 +++-- config/boot.rb | 4 +- config/environment.rb | 2 +- config/environments/development.rb | 24 ++- config/environments/production.rb | 24 ++- config/environments/staging.rb | 52 +++++-- config/environments/test.rb | 21 ++- config/initializers/backtrace_silencers.rb | 7 +- config/initializers/devise.rb | 41 +++++- .../initializers/filter_parameter_logging.rb | 4 +- .../new_framework_defaults_6_1.rb | 67 +++++++++ config/initializers/permissions_policy.rb | 11 ++ db/schema.rb | 14 +- test/services/ssl_test.rb | 6 +- test/services/whois_test.rb | 6 +- yarn.lock | 6 +- 24 files changed, 354 insertions(+), 164 deletions(-) create mode 100644 config/initializers/new_framework_defaults_6_1.rb create mode 100644 config/initializers/permissions_policy.rb diff --git a/Gemfile b/Gemfile index 3b1c1f0..3038e80 100644 --- a/Gemfile +++ b/Gemfile @@ -4,8 +4,8 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" } ruby '>= 2.5.4' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.0.3' -gem 'rails-i18n', '~> 6.0.0' +gem 'rails', '~> 6.1' +gem 'rails-i18n', '~> 6.0' # Use mysql as the database for Active Record gem 'mysql2', '>= 0.4.4', '< 0.6.0' # Use Puma as the app server diff --git a/Gemfile.lock b/Gemfile.lock index 057862d..9869443 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,61 +1,65 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.0.4.6) - actionpack (= 6.0.4.6) + actioncable (6.1.4.6) + actionpack (= 6.1.4.6) + activesupport (= 6.1.4.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.4.6) - actionpack (= 6.0.4.6) - activejob (= 6.0.4.6) - activerecord (= 6.0.4.6) - activestorage (= 6.0.4.6) - activesupport (= 6.0.4.6) + actionmailbox (6.1.4.6) + actionpack (= 6.1.4.6) + activejob (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) mail (>= 2.7.1) - actionmailer (6.0.4.6) - actionpack (= 6.0.4.6) - actionview (= 6.0.4.6) - activejob (= 6.0.4.6) + actionmailer (6.1.4.6) + actionpack (= 6.1.4.6) + actionview (= 6.1.4.6) + activejob (= 6.1.4.6) + activesupport (= 6.1.4.6) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.4.6) - actionview (= 6.0.4.6) - activesupport (= 6.0.4.6) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.4.6) + actionview (= 6.1.4.6) + activesupport (= 6.1.4.6) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.4.6) - actionpack (= 6.0.4.6) - activerecord (= 6.0.4.6) - activestorage (= 6.0.4.6) - activesupport (= 6.0.4.6) + actiontext (6.1.4.6) + actionpack (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) nokogiri (>= 1.8.5) - actionview (6.0.4.6) - activesupport (= 6.0.4.6) + actionview (6.1.4.6) + activesupport (= 6.1.4.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.4.6) - activesupport (= 6.0.4.6) + activejob (6.1.4.6) + activesupport (= 6.1.4.6) globalid (>= 0.3.6) - activemodel (6.0.4.6) - activesupport (= 6.0.4.6) - activerecord (6.0.4.6) - activemodel (= 6.0.4.6) - activesupport (= 6.0.4.6) - activestorage (6.0.4.6) - actionpack (= 6.0.4.6) - activejob (= 6.0.4.6) - activerecord (= 6.0.4.6) + activemodel (6.1.4.6) + activesupport (= 6.1.4.6) + activerecord (6.1.4.6) + activemodel (= 6.1.4.6) + activesupport (= 6.1.4.6) + activestorage (6.1.4.6) + actionpack (= 6.1.4.6) + activejob (= 6.1.4.6) + activerecord (= 6.1.4.6) + activesupport (= 6.1.4.6) marcel (~> 1.0.0) - activesupport (6.0.4.6) + mini_mime (>= 1.1.0) + activesupport (6.1.4.6) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) airbrussh (1.4.0) @@ -173,10 +177,11 @@ GEM addressable (~> 2.7) letter_opener (1.7.0) launchy (~> 2.2) - letter_opener_web (1.4.1) - actionmailer (>= 3.2) - letter_opener (~> 1.0) - railties (>= 3.2) + letter_opener_web (2.0.0) + actionmailer (>= 5.2) + letter_opener (~> 1.7) + railties (>= 5.2) + rexml listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -241,20 +246,20 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (6.0.4.6) - actioncable (= 6.0.4.6) - actionmailbox (= 6.0.4.6) - actionmailer (= 6.0.4.6) - actionpack (= 6.0.4.6) - actiontext (= 6.0.4.6) - actionview (= 6.0.4.6) - activejob (= 6.0.4.6) - activemodel (= 6.0.4.6) - activerecord (= 6.0.4.6) - activestorage (= 6.0.4.6) - activesupport (= 6.0.4.6) - bundler (>= 1.3.0) - railties (= 6.0.4.6) + rails (6.1.4.6) + actioncable (= 6.1.4.6) + actionmailbox (= 6.1.4.6) + actionmailer (= 6.1.4.6) + actionpack (= 6.1.4.6) + actiontext (= 6.1.4.6) + actionview (= 6.1.4.6) + activejob (= 6.1.4.6) + activemodel (= 6.1.4.6) + activerecord (= 6.1.4.6) + activestorage (= 6.1.4.6) + activesupport (= 6.1.4.6) + bundler (>= 1.15.0) + railties (= 6.1.4.6) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -264,12 +269,12 @@ GEM rails-i18n (6.0.0) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 7) - railties (6.0.4.6) - actionpack (= 6.0.4.6) - activesupport (= 6.0.4.6) + railties (6.1.4.6) + actionpack (= 6.1.4.6) + activesupport (= 6.1.4.6) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 0.13) + thor (~> 1.0) rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.11.1) @@ -340,13 +345,12 @@ GEM net-scp (>= 1.1.2) net-ssh (>= 2.8.0) thor (1.2.1) - thread_safe (0.3.6) tilt (2.0.10) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (1.2.9) - thread_safe (~> 0.1) + tzinfo (2.0.4) + concurrent-ruby (~> 1.0) unicode-display_width (1.8.0) warden (1.2.9) rack (>= 2.0.9) @@ -411,8 +415,8 @@ DEPENDENCIES puma (~> 5.0) pundit (~> 1.1) rack-contrib - rails (~> 6.0.3) - rails-i18n (~> 6.0.0) + rails (~> 6.1) + rails-i18n (~> 6.0) rbnacl (>= 3.2, < 5.0) rubocop (~> 0.56.0) sass-rails (~> 5) diff --git a/bin/rails b/bin/rails index 0739660..21d3e02 100755 --- a/bin/rails +++ b/bin/rails @@ -1,4 +1,5 @@ #!/usr/bin/env ruby +load File.expand_path("spring", __dir__) APP_PATH = File.expand_path('../config/application', __dir__) -require_relative '../config/boot' -require 'rails/commands' +require_relative "../config/boot" +require "rails/commands" diff --git a/bin/rake b/bin/rake index 1724048..7327f47 100755 --- a/bin/rake +++ b/bin/rake @@ -1,4 +1,5 @@ #!/usr/bin/env ruby -require_relative '../config/boot' -require 'rake' +load File.expand_path("spring", __dir__) +require_relative "../config/boot" +require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 5853b5e..90700ac 100755 --- a/bin/setup +++ b/bin/setup @@ -1,5 +1,5 @@ #!/usr/bin/env ruby -require 'fileutils' +require "fileutils" # path to your application root. APP_ROOT = File.expand_path('..', __dir__) @@ -9,8 +9,8 @@ def system!(*args) end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' @@ -18,7 +18,7 @@ FileUtils.chdir APP_ROOT do system('bundle check') || system!('bundle install') # Install JavaScript dependencies - # system('bin/yarn') + system! 'bin/yarn' # puts "\n== Copying sample files ==" # unless File.exist?('config/database.yml') diff --git a/bin/spring b/bin/spring index fb2ec2e..b4147e8 100755 --- a/bin/spring +++ b/bin/spring @@ -1,17 +1,14 @@ #!/usr/bin/env ruby +if !defined?(Spring) && [nil, "development", "test"].include?(ENV["RAILS_ENV"]) + gem "bundler" + require "bundler" -# This file loads spring without using Bundler, in order to be fast. -# It gets overwritten when you run the `spring binstub` command. - -unless defined?(Spring) - require 'rubygems' - require 'bundler' - - lockfile = Bundler::LockfileParser.new(Bundler.default_lockfile.read) - spring = lockfile.specs.detect { |spec| spec.name == "spring" } - if spring + # Load Spring without loading other gems in the Gemfile, for speed. + Bundler.locked_gems&.specs&.find { |spec| spec.name == "spring" }&.tap do |spring| Gem.use_paths Gem.dir, Bundler.bundle_path.to_s, *Gem.path - gem 'spring', spring.version - require 'spring/binstub' + gem "spring", spring.version + require "spring/binstub" + rescue Gem::LoadError + # Ignore when Spring is not installed. end end diff --git a/bin/yarn b/bin/yarn index 460dd56..9fab2c3 100755 --- a/bin/yarn +++ b/bin/yarn @@ -1,9 +1,15 @@ #!/usr/bin/env ruby APP_ROOT = File.expand_path('..', __dir__) Dir.chdir(APP_ROOT) do - begin - exec "yarnpkg", *ARGV - rescue Errno::ENOENT + yarn = ENV["PATH"].split(File::PATH_SEPARATOR). + select { |dir| File.expand_path(dir) != __dir__ }. + product(["yarn", "yarn.cmd", "yarn.ps1"]). + map { |dir, file| File.expand_path(file, dir) }. + find { |file| File.executable?(file) } + + if yarn + exec yarn, *ARGV + else $stderr.puts "Yarn executable was not detected in the system." $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" exit 1 diff --git a/config.ru b/config.ru index 363528a..df4cf17 100644 --- a/config.ru +++ b/config.ru @@ -5,3 +5,4 @@ require_relative "config/environment" use Rack::Locale run Rails.application +Rails.application.load_server diff --git a/config/application.rb b/config/application.rb index 192964b..654915c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,4 +1,4 @@ -require_relative 'boot' +require_relative "boot" require "rails" # Pick the frameworks you want: @@ -7,9 +7,9 @@ require "active_job/railtie" require "active_record/railtie" require "active_storage/engine" require "action_controller/railtie" -# require "action_mailbox/engine" -# require "action_text/engine" require "action_mailer/railtie" +require "action_mailbox/engine" +require "action_text/engine" require "action_view/railtie" # require "action_cable/engine" require "sprockets/railtie" @@ -24,25 +24,32 @@ module Chexpire # Initialize configuration defaults for originally generated Rails version. config.load_defaults 6.0 - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") + + config.time_zone = "Europe/Paris" + config.generators do |g| g.assets false end - config.time_zone = "Europe/Paris" - - unless Rails.root.join("config", "chexpire.yml").readable? + unless Rails.root.join("config/chexpire.yml").readable? fail "Missing Chexpire configuration file. You have to create the config/chexpire.yml file and set at least the required values. Look at config/chexpire.defaults.yml and INSTALL.md for more information" end - config.chexpire = Hashie::Mash.new(config_for(:"chexpire.defaults").deep_merge(config_for(:chexpire))) + default_config = Rails.application.config_for(:"chexpire.defaults") + custom_config = Rails.application.config_for(:chexpire) + custom_config ||= ActiveSupport::OrderedOptions.new + + merged_config = Hashie::Mash.new(default_config.deep_merge(custom_config)) + + config.chexpire = merged_config end end - -### Uncomment this to have zeitwerk debug log printed in stdout. -# Rails.autoloaders.logger = method(:puts) diff --git a/config/boot.rb b/config/boot.rb index b9e460c..3cda23b 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,4 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. -require 'bootsnap/setup' # Speed up boot time by caching expensive operations. +require "bundler/setup" # Set up gems listed in the Gemfile. +require "bootsnap/setup" # Speed up boot time by caching expensive operations. diff --git a/config/environment.rb b/config/environment.rb index 426333b..cac5315 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index 9e5db26..a7e234f 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,10 +1,12 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Verifies that versions and hashed value of the package contents in the project's package.json config.webpacker.check_yarn_integrity = true # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -43,15 +45,21 @@ Rails.application.configure do config.action_mailer.perform_caching = false - config.action_mailer.default_url_options = { host: config.chexpire.fetch("host"), port: 3000 } + config.action_mailer.default_url_options = { host: config.chexpire.fetch(:host), port: 3000 } - config.chexpire.fetch("action_mailer_config", {}).each_pair do |key, value| + config.chexpire.fetch(:action_mailer_config, {}).each_pair do |key, value| config.action_mailer[key] = value end # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load @@ -67,9 +75,15 @@ Rails.application.configure do config.assets.quiet = true # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + config.action_view.annotate_rendered_view_with_filenames = true # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/production.rb b/config/environments/production.rb index 198e551..5df8b71 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Verifies that versions and hashed value of the package contents in the project's package.json config.webpacker.check_yarn_integrity = false @@ -31,7 +33,7 @@ Rails.application.configure do config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache @@ -43,9 +45,9 @@ Rails.application.configure do # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = :info # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] @@ -55,16 +57,16 @@ Rails.application.configure do # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "chexpire_production" + # config.active_job.queue_name_prefix = "chexpire_#{Rails.env}" config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - config.action_mailer.default_url_options = { host: config.chexpire.fetch("host") } + config.action_mailer.default_url_options = { host: config.chexpire.fetch(:host) } - config.chexpire.fetch("action_mailer_config", {}).each_pair do |key, value| + config.chexpire.fetch(:action_mailer_config, {}).each_pair do |key, value| config.action_mailer[key] = value end @@ -75,11 +77,17 @@ Rails.application.configure do # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' + # require "syslog/logger" # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') if ENV["RAILS_LOG_TO_STDOUT"].present? diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 710e2cc..5df8b71 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Verifies that versions and hashed value of the package contents in the project's package.json config.webpacker.check_yarn_integrity = false @@ -24,31 +26,28 @@ Rails.application.configure do # Apache or NGINX already handles this. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? - # Compress JavaScripts and CSS. - config.assets.js_compressor = :uglifier + # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = 'http://assets.example.com' # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - # Store uploaded files on the local file system (see config/storage.yml for options) + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - config.log_level = :debug + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = :info # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] @@ -56,7 +55,7 @@ Rails.application.configure do # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment) + # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "chexpire_#{Rails.env}" @@ -65,9 +64,9 @@ Rails.application.configure do # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false + config.action_mailer.default_url_options = { host: config.chexpire.fetch(:host) } - config.action_mailer.default_url_options = { host: config.chexpire.fetch("host") } - config.chexpire.fetch("action_mailer_config", {}).each_pair do |key, value| + config.chexpire.fetch(:action_mailer_config, {}).each_pair do |key, value| config.action_mailer[key] = value end @@ -78,11 +77,17 @@ Rails.application.configure do # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' + # require "syslog/logger" # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') if ENV["RAILS_LOG_TO_STDOUT"].present? @@ -93,4 +98,25 @@ Rails.application.configure do # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + # Inserts middleware to perform automatic connection switching. + # The `database_selector` hash is used to pass options to the DatabaseSelector + # middleware. The `delay` is used to determine how long to wait after a write + # to send a subsequent read to the primary. + # + # The `database_resolver` class is used by the middleware to determine which + # database is appropriate to use based on the time delay. + # + # The `database_resolver_context` class is used by the middleware to set + # timestamps for the last write to the primary. The resolver uses the context + # class timestamps to determine how long to wait before reading from the + # replica. + # + # By default Rails will store a last write timestamp in the session. The + # DatabaseSelector middleware is designed as such you can define your own + # strategy for connection switching and pass that into the middleware through + # these configuration options. + # config.active_record.database_selector = { delay: 2.seconds } + # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver + # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session end diff --git a/config/environments/test.rb b/config/environments/test.rb index 3edbd0b..1c7870b 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,7 +1,15 @@ +require "active_support/core_ext/integer/time" + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. config.cache_classes = false + config.action_view.cache_template_loading = true # Do not eager load code on boot. This avoids loading your whole application # just for the purpose of running a single test. If you are using a tool that @@ -37,11 +45,20 @@ Rails.application.configure do # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - config.action_mailer.default_url_options = { host: config.chexpire.fetch("host"), port: 3000 } + config.action_mailer.default_url_options = { host: config.chexpire.fetch(:host), port: 3000 } # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true end diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index 59385cd..33699c3 100644 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -1,7 +1,8 @@ # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. -# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } +# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) } -# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. -# Rails.backtrace_cleaner.remove_silencers! +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code +# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'". +Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"] diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d2772c4..6fbd342 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,5 +1,11 @@ # frozen_string_literal: true +# Assuming you have not yet modified this file, each configuration option below +# is set to its default value. Note that some are commented out while others +# are not: uncommented lines are intended to protect your configuration from +# breaking changes in upgrades (i.e., in the event that future versions of +# Devise change the default values for those options). +# # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| @@ -8,7 +14,7 @@ Devise.setup do |config| # confirmation, reset password and unlock tokens in the database. # Devise will use the `secret_key_base` as its `secret_key` # by default. You can change it below and use your own secret key. - # config.secret_key = '8f549ec39958c29ca197dac83983a245702b03dc82b42a253ce8efadbb92fb239bdaf5c35e38701a8daae56a20ffed8ad60b1d00d55d63547fb238f9c76a04d8' + # config.secret_key = '<%= SecureRandom.hex(64) %>' # ==> Controller configuration # Configure the parent class to the devise controllers. @@ -68,7 +74,10 @@ Devise.setup do |config| # Tell if authentication through HTTP Auth is enabled. False by default. # It can be set to an array that will enable http authentication only for the # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: + # enable it only for database authentication. + # For API-only applications to support authentication "out-of-the-box", you will likely want to + # enable this with :database unless you are using a custom strategy. + # The supported strategies are: # :database = Support basic authentication with authentication key + password # config.http_authenticatable = false @@ -103,18 +112,21 @@ Devise.setup do |config| # config.reload_routes = true # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # For bcrypt, this is the cost for hashing the password and defaults to 12. If # using other algorithms, it sets how many times you want the password to be hashed. + # The number of stretches used for generating the hashed password are stored + # with the hashed password. This allows you to change the stretches without + # invalidating existing passwords. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use # a value less than 10 in other environments. Note that, for bcrypt (the default # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 11 + config.stretches = Rails.env.test? ? 1 : 12 # Set up a pepper to generate the hashed password. - # config.pepper = '45748e62356c886e2e25a8d4ca2f75324f7a658be0900136868e08784b820449d94913dea5f68336732ed1339939f1c996aebe0913b78d7ed179be600055ab0d' + # config.pepper = '<%= SecureRandom.hex(64) %>' # Send a notification to the original email when the user's email is changed. # config.send_email_changed_notification = false @@ -126,8 +138,11 @@ Devise.setup do |config| # A period that the user is allowed to access the website even without # confirming their account. For instance, if set to 2.days, the user will be # able to access the website for two days without confirming their account, - # access will be blocked just in the third day. Default is 0.days, meaning - # the user cannot access the website without confirming their account. + # access will be blocked just in the third day. + # You can also set it to nil, which will allow the user to access the website + # without confirming their account. + # Default is 0.days, meaning the user cannot access the website without + # confirming their account. # config.allow_unconfirmed_access_for = 2.days # A period that the user is allowed to confirm their account before their @@ -280,4 +295,16 @@ Devise.setup do |config| # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # ==> Turbolinks configuration + # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly: + # + # ActiveSupport.on_load(:devise_failure_app) do + # include Turbolinks::Controller + # end + + + # When set to false, does not sign a user in automatically after their password is + # changed. Defaults to true, so a user is signed in automatically after changing a password. + # config.sign_in_after_change_password = true end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1..4b34a03 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb new file mode 100644 index 0000000..9526b83 --- /dev/null +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -0,0 +1,67 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 6.1 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Support for inversing belongs_to -> has_many Active Record associations. +# Rails.application.config.active_record.has_many_inversing = true + +# Track Active Storage variants in the database. +# Rails.application.config.active_storage.track_variants = true + +# Apply random variation to the delay when retrying failed jobs. +# Rails.application.config.active_job.retry_jitter = 0.15 + +# Stop executing `after_enqueue`/`after_perform` callbacks if +# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. +# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true + +# Specify cookies SameSite protection level: either :none, :lax, or :strict. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax + +# Generate CSRF tokens that are encoded in URL-safe Base64. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_controller.urlsafe_csrf_tokens = true + +# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an +# UTC offset or a UTC time. +# ActiveSupport.utc_to_local_returns_utc_offset_times = true + +# Change the default HTTP status code to `308` when redirecting non-GET/HEAD +# requests to HTTPS in `ActionDispatch::SSL` middleware. +# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 + +# Use new connection handling API. For most applications this won't have any +# effect. For applications using multiple databases, this new API provides +# support for granular connection swapping. +# Rails.application.config.active_record.legacy_connection_handling = false + +# Make `form_with` generate non-remote forms by default. +# Rails.application.config.action_view.form_with_generates_remote_forms = false + +# Set the default queue name for the analysis job to the queue adapter default. +# Rails.application.config.active_storage.queues.analysis = nil + +# Set the default queue name for the purge job to the queue adapter default. +# Rails.application.config.active_storage.queues.purge = nil + +# Set the default queue name for the incineration job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.incineration = nil + +# Set the default queue name for the routing job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.routing = nil + +# Set the default queue name for the mail deliver job to the queue adapter default. +# Rails.application.config.action_mailer.deliver_later_queue_name = nil + +# Generate a `Link` header that gives a hint to modern browsers about +# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. +# Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 0000000..00f64d7 --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,11 @@ +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/db/schema.rb b/db/schema.rb index 13cafc7..cfc17f8 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,8 +2,8 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# This file is the source Rails uses to define your schema when running `rails -# db:schema:load`. When creating a new database, `rails db:schema:load` tends to +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to # be faster and is potentially less error prone than running all of your # migrations from scratch. Old migrations may fail to apply correctly if those # migrations use external dependencies or application code. @@ -12,7 +12,7 @@ ActiveRecord::Schema.define(version: 2019_08_16_223645) do - create_table "check_logs", options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "check_logs", charset: "utf8", force: :cascade do |t| t.bigint "check_id" t.text "raw_response" t.integer "exit_status" @@ -24,7 +24,7 @@ ActiveRecord::Schema.define(version: 2019_08_16_223645) do t.index ["check_id"], name: "index_check_logs_on_check_id" end - create_table "check_notifications", options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "check_notifications", charset: "utf8", force: :cascade do |t| t.bigint "check_id" t.bigint "notification_id" t.integer "status", limit: 1, default: 0, null: false @@ -35,7 +35,7 @@ ActiveRecord::Schema.define(version: 2019_08_16_223645) do t.index ["notification_id"], name: "index_check_notifications_on_notification_id" end - create_table "checks", options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "checks", charset: "utf8", force: :cascade do |t| t.bigint "user_id" t.integer "kind", null: false t.string "domain", null: false @@ -55,7 +55,7 @@ ActiveRecord::Schema.define(version: 2019_08_16_223645) do t.index ["user_id"], name: "index_checks_on_user_id" end - create_table "notifications", options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "notifications", charset: "utf8", force: :cascade do |t| t.bigint "check_id" t.integer "channel", default: 0, null: false t.string "recipient", null: false @@ -69,7 +69,7 @@ ActiveRecord::Schema.define(version: 2019_08_16_223645) do t.index ["user_id"], name: "index_notifications_on_user_id" end - create_table "users", options: "ENGINE=InnoDB DEFAULT CHARSET=utf8", force: :cascade do |t| + create_table "users", charset: "utf8", force: :cascade do |t| t.string "email", default: "", null: false t.string "encrypted_password", default: "", null: false t.string "reset_password_token" diff --git a/test/services/ssl_test.rb b/test/services/ssl_test.rb index d742643..160fe07 100644 --- a/test/services/ssl_test.rb +++ b/test/services/ssl_test.rb @@ -76,10 +76,10 @@ module SSL def mock_system_klass(program, command_args, result) system_klass = Minitest::Mock.new system_command = Minitest::Mock.new.expect(:execute, result) - system_klass.expect(:new, system_command) do |arg1, arg2, logger:| + system_klass.expect(:new, system_command) do |arg1, arg2, options| arg1 == program && - arg2 == command_args && - logger.class == NullLogger + arg2 == command_args && + options.fetch(:logger).class == NullLogger end yield system_klass diff --git a/test/services/whois_test.rb b/test/services/whois_test.rb index 6ac3c58..dfaf115 100644 --- a/test/services/whois_test.rb +++ b/test/services/whois_test.rb @@ -39,10 +39,10 @@ module Whois def mock_system_klass(program, command_args, result) system_klass = Minitest::Mock.new system_command = Minitest::Mock.new.expect(:execute, result) - system_klass.expect(:new, system_command) do |arg1, arg2, logger:| + system_klass.expect(:new, system_command) do |arg1, arg2, options| arg1 == program && - arg2 == command_args && - logger.class == NullLogger + arg2 == command_args && + options.fetch(:logger).class == NullLogger end yield system_klass diff --git a/yarn.lock b/yarn.lock index 2c94a43..29d315f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1784,9 +1784,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30000981, caniuse-lite@^1.0.30001109, caniuse-lite@^1.0.30001111: - version "1.0.30001123" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001123.tgz#7b981d81382ab2c8fd062f3e6439215e8c503c22" - integrity sha512-03dJDoa4YC4332jq0rqwiM+Hw6tA5RJtrnZKvOQy7ASoIUv8CinkcmGhYpCvCjedvkBQrrKnkcELxrUSW/XwNQ== + version "1.0.30001312" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001312.tgz" + integrity sha512-Wiz1Psk2MEK0pX3rUzWaunLTZzqS2JYZFzNKqAiJGiuxIjRPLgV6+VDPOg6lQOUxmDwhTlh198JsTTi8Hzw6aQ== case-sensitive-paths-webpack-plugin@^2.2.0: version "2.3.0"