Fix minor regression about old apps not getting per_form_csrf and...

Fix minor regression about old apps not getting per_form_csrf and request_forgery_protection configs

- Earlier per_form_csrf_tokens and request_forgery_protection config
  files were generated for old apps upgraded to Rails 5.
- But when we collapsed all initializers into one file, the entire file
  does not get created for old apps.
- This commit fixes it and also changes values for all new defaults for
  old apps so that they will not break.
- Also added a test for `rails app:update`.

railties/lib/rails/generators/rails/app/app_generator.rb

@@ -90,7 +90,6 @@ def config
 
     def config_when_updating
       cookie_serializer_config_exist = File.exist?('config/initializers/cookies_serializer.rb')
-      new_framework_defaults_config_exist = File.exist?('config/initializers/new_framework_defaults.rb')
       action_cable_config_exist = File.exist?('config/cable.yml')
       rack_cors_config_exist = File.exist?('config/initializers/cors.rb')
 
@@ -102,10 +101,6 @@ def config_when_updating
         gsub_file 'config/initializers/cookies_serializer.rb', /json(?!,)/, 'marshal'
       end
 
-      unless new_framework_defaults_config_exist
-        remove_file 'config/initializers/new_framework_defaults.rb'
-      end
-
       unless action_cable_config_exist
         template 'config/cable.yml'
       end

railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt

@@ -15,14 +15,16 @@ Rails.application.config.action_controller.forgery_protection_origin_check = tru
 <%- unless options[:skip_active_record] -%>
 
 # Require `belongs_to` associations by default.
-Rails.application.config.active_record.belongs_to_required_by_default = true
+Rails.application.config.active_record.belongs_to_required_by_default = <%= options[:update] ? false : true %>
 <%- end -%>
 
 # Do not halt callback chains when a callback returns false.
-ActiveSupport.halt_callback_chains_on_return_false = false
+ActiveSupport.halt_callback_chains_on_return_false = <%= options[:update] ? true : false %>
+<%- unless options[:update] -%>
 
 # Configure SSL options to enable HSTS with subdomains.
 Rails.application.config.ssl_options = { hsts: { subdomains: true } }
+<%- end -%>
 
 # Preserve the timezone of the receiver when calling to `to_time`.
 # Ruby 2.4 will change the behavior of `to_time` to preserve the timezone

railties/lib/rails/tasks/framework.rake

@@ -48,7 +48,7 @@ namespace :app do
           require 'rails/generators'
           require 'rails/generators/rails/app/app_generator'
           gen = Rails::Generators::AppGenerator.new ["rails"],
-                                                    { api: !!Rails.application.config.api_only },
+                                                    { api: !!Rails.application.config.api_only, update: true, force: ENV['FORCE'] },
                                                     destination_root: Rails.root
           File.exist?(Rails.root.join("config", "application.rb")) ?
             gen.send(:app_const) : gen.send(:valid_const?)

railties/test/generators/app_generator_test.rb

@@ -208,24 +208,13 @@ def test_rails_update_does_not_create_new_framework_defaults_by_default
     FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults.rb")
 
     stub_rails_application(app_root) do
-      generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell
-      generator.send(:app_const)
-      quietly { generator.send(:update_config_files) }
-      assert_no_file "#{app_root}/config/initializers/new_framework_defaults.rb"
-    end
-  end
-
-  def test_rails_update_does_not_new_framework_defaults_if_already_present
-    app_root = File.join(destination_root, 'myapp')
-    run_generator [app_root]
-
-    FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults.rb")
+      quietly { `FORCE=true bin/rails app:update` }
 
-    stub_rails_application(app_root) do
-      generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell
-      generator.send(:app_const)
-      quietly { generator.send(:update_config_files) }
-      assert_file "#{app_root}/config/initializers/new_framework_defaults.rb"
+      assert_file "#{app_root}/config/initializers/new_framework_defaults.rb" do |content|
+        assert_match(/ActiveSupport\.halt_callback_chains_on_return_false = true/, content)
+        assert_match(/Rails\.application\.config.active_record\.belongs_to_required_by_default = false/, content)
+        assert_no_match(/Rails\.application\.config\.ssl_options/, content)
+      end
     end
   end