diff --git a/railties/lib/rails/generators/rails/app/app_generator.rb b/railties/lib/rails/generators/rails/app/app_generator.rb index 3bc66f55fb1aec5356b46128e88c1f9da4ca7f32..c288b3dfce6efdd961ac756fa043db2df2d446f1 100644 --- a/railties/lib/rails/generators/rails/app/app_generator.rb +++ b/railties/lib/rails/generators/rails/app/app_generator.rb @@ -90,41 +90,26 @@ def config def config_when_updating cookie_serializer_config_exist = File.exist?('config/initializers/cookies_serializer.rb') - callback_terminator_config_exist = File.exist?('config/initializers/new_framework_defaults/callback_terminator.rb') - active_record_belongs_to_required_by_default_config_exist = File.exist?('config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb') - to_time_preserves_timezone_config_exist = File.exist?('config/initializers/new_framework_defaults/to_time_preserves_timezone.rb') + new_framework_defaults_config_exist = File.exist?('config/initializers/new_framework_defaults.rb') action_cable_config_exist = File.exist?('config/cable.yml') - ssl_options_exist = File.exist?('config/initializers/new_framework_defaults/ssl_options.rb') rack_cors_config_exist = File.exist?('config/initializers/cors.rb') config gsub_file 'config/environments/development.rb', /^(\s+)config\.file_watcher/, '\1# config.file_watcher' - unless callback_terminator_config_exist - remove_file 'config/initializers/new_framework_defaults/callback_terminator.rb' - end - unless cookie_serializer_config_exist gsub_file 'config/initializers/cookies_serializer.rb', /json(?!,)/, 'marshal' end - unless active_record_belongs_to_required_by_default_config_exist - remove_file 'config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb' - end - - unless to_time_preserves_timezone_config_exist - remove_file 'config/initializers/new_framework_defaults/to_time_preserves_timezone.rb' + unless new_framework_defaults_config_exist + remove_file 'config/initializers/new_framework_defaults.rb' end unless action_cable_config_exist template 'config/cable.yml' end - unless ssl_options_exist - remove_file 'config/initializers/new_framework_defaults/ssl_options.rb' - end - unless rack_cors_config_exist remove_file 'config/initializers/cors.rb' end @@ -342,12 +327,6 @@ def delete_action_mailer_files_skipping_action_mailer end end - def delete_active_record_initializers_skipping_active_record - if options[:skip_active_record] - remove_file 'config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb' - end - end - def delete_action_cable_files_skipping_action_cable if options[:skip_action_cable] remove_file 'config/cable.yml' @@ -360,8 +339,6 @@ def delete_non_api_initializers_if_api_option if options[:api] remove_file 'config/initializers/session_store.rb' remove_file 'config/initializers/cookies_serializer.rb' - remove_file 'config/initializers/new_framework_defaults/request_forgery_protection.rb' - remove_file 'config/initializers/new_framework_defaults/per_form_csrf_tokens.rb' end end diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt new file mode 100644 index 0000000000000000000000000000000000000000..730938a1bad86b21b0a26e34cfdb53a77594ff66 --- /dev/null +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults.rb.tt @@ -0,0 +1,37 @@ +# Be sure to restart your server when you modify this file. +# This file contains all the new default configuration options from +# Rails 5.0. +<%- unless options[:skip_active_record] -%> + +# Require `belongs_to` associations by default. This is a new Rails 5.0 +# default, so it is introduced as a configuration option to ensure that apps +# made on earlier versions of Rails are not affected when upgrading. +Rails.application.config.active_record.belongs_to_required_by_default = true +<%- end -%> + +# Do not halt callback chains when a callback returns false. This is a new +# Rails 5.0 default, so it is introduced as a configuration option to ensure +# that apps made with earlier versions of Rails are not affected when upgrading. +ActiveSupport.halt_callback_chains_on_return_false = false +<%- unless options[:api] -%> + +# Enable per-form CSRF tokens. +Rails.application.config.action_controller.per_form_csrf_tokens = true + +# Enable origin-checking CSRF mitigation. +Rails.application.config.action_controller.forgery_protection_origin_check = true +<%- end -%> + +# Configure SSL options to enable HSTS with subdomains. This is a new +# Rails 5.0 default, so it is introduced as a configuration option to ensure +# that apps made on earlier versions of Rails are not affected when upgrading. +Rails.application.config.ssl_options = { hsts: { subdomains: true } } + +# Preserve the timezone of the receiver when calling to `to_time`. +# Ruby 2.4 will change the behavior of `to_time` to preserve the timezone +# when converting to an instance of `Time` instead of the previous behavior +# of converting to the local system timezone. +# +# Rails 5.0 introduced this config option so that apps made with earlier +# versions of Rails are not affected when upgrading. +ActiveSupport.to_time_preserves_timezone = true diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb deleted file mode 100644 index f613b40f8044469a3cf8da9baad20e5937fc128e..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Require `belongs_to` associations by default. This is a new Rails 5.0 -# default, so it is introduced as a configuration option to ensure that apps -# made on earlier versions of Rails are not affected when upgrading. -Rails.application.config.active_record.belongs_to_required_by_default = true diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/callback_terminator.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/callback_terminator.rb deleted file mode 100644 index 649e82280e1f771f2ff189e56cc66a7804bd0360..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/callback_terminator.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Do not halt callback chains when a callback returns false. This is a new -# Rails 5.0 default, so it is introduced as a configuration option to ensure -# that apps made with earlier versions of Rails are not affected when upgrading. -ActiveSupport.halt_callback_chains_on_return_false = false diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/per_form_csrf_tokens.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/per_form_csrf_tokens.rb deleted file mode 100644 index 1f569dedfda0344c242a0e4c3c72d26fca722e3d..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/per_form_csrf_tokens.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Enable per-form CSRF tokens. -Rails.application.config.action_controller.per_form_csrf_tokens = true diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/request_forgery_protection.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/request_forgery_protection.rb deleted file mode 100644 index 3eab78a8850a3cf4acb923443d14b9997ebd640b..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/request_forgery_protection.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Enable origin-checking CSRF mitigation. -Rails.application.config.action_controller.forgery_protection_origin_check = true diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/ssl_options.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/ssl_options.rb deleted file mode 100644 index 53dfcd7466d8f67ac371f54014e3fbafce73a7f5..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/ssl_options.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Configure SSL options to enable HSTS with subdomains. This is a new -# Rails 5.0 default, so it is introduced as a configuration option to ensure -# that apps made on earlier versions of Rails are not affected when upgrading. -Rails.application.config.ssl_options = { hsts: { subdomains: true } } diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb b/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb deleted file mode 100644 index 8674be3227e03b2efd3c599193e14a48a004e9a1..0000000000000000000000000000000000000000 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb +++ /dev/null @@ -1,10 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Preserve the timezone of the receiver when calling to `to_time`. -# Ruby 2.4 will change the behavior of `to_time` to preserve the timezone -# when converting to an instance of `Time` instead of the previous behavior -# of converting to the local system timezone. -# -# Rails 5.0 introduced this config option so that apps made with earlier -# versions of Rails are not affected when upgrading. -ActiveSupport.to_time_preserves_timezone = true diff --git a/railties/test/generators/api_app_generator_test.rb b/railties/test/generators/api_app_generator_test.rb index 505c1be9fcf897bb4d76b2f171fb68ceeaa0076e..92779452e1bf3e8b795d3adc1b6b81d7bd4feaf4 100644 --- a/railties/test/generators/api_app_generator_test.rb +++ b/railties/test/generators/api_app_generator_test.rb @@ -62,6 +62,15 @@ def test_generator_if_skip_action_cable_is_given end end + def test_generator_skips_per_form_csrf_token_and_origin_check_configs_for_api_apps + run_generator + + assert_file "config/initializers/new_framework_defaults.rb" do |initializer_content| + assert_no_match(/per_form_csrf_tokens/, initializer_content) + assert_no_match(/forgery_protection_origin_check/, initializer_content) + end + end + private def default_files @@ -100,8 +109,6 @@ def skipped_files config/initializers/assets.rb config/initializers/cookies_serializer.rb config/initializers/session_store.rb - config/initializers/new_framework_defaults/request_forgery_protection.rb - config/initializers/new_framework_defaults/per_form_csrf_tokens.rb lib/assets vendor/assets test/helpers diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index cb656cc94c9de89ba6aac5cbedd3b4649a1e131f..bea8db087fbdcfe4988e809682a78b43922b733d 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -172,34 +172,6 @@ def test_rails_update_keep_the_cookie_serializer_if_it_is_already_configured end end - def test_rails_update_does_not_create_callback_terminator_initializer - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults/callback_terminator.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_no_file "#{app_root}/config/initializers/new_framework_defaults/callback_terminator.rb" - end - end - - def test_rails_update_does_not_remove_callback_terminator_initializer_if_already_present - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults/callback_terminator.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_file "#{app_root}/config/initializers/new_framework_defaults/callback_terminator.rb" - end - end - def test_rails_update_set_the_cookie_serializer_to_marshal_if_it_is_not_already_configured app_root = File.join(destination_root, 'myapp') run_generator [app_root] @@ -229,87 +201,31 @@ def test_rails_update_dont_set_file_watcher end end - def test_rails_update_does_not_create_active_record_belongs_to_required_by_default - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_no_file "#{app_root}/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb" - end - end - - def test_rails_update_does_not_remove_active_record_belongs_to_required_by_default_if_already_present - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_file "#{app_root}/config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb" - end - end - - def test_rails_update_does_not_create_to_time_preserves_timezone - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_no_file "#{app_root}/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb" - end - end - - def test_rails_update_does_not_remove_to_time_preserves_timezone_if_already_present + def test_rails_update_does_not_create_new_framework_defaults_by_default app_root = File.join(destination_root, 'myapp') run_generator [app_root] - FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb") + FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults.rb") stub_rails_application(app_root) do generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell generator.send(:app_const) quietly { generator.send(:update_config_files) } - assert_file "#{app_root}/config/initializers/new_framework_defaults/to_time_preserves_timezone.rb" + assert_no_file "#{app_root}/config/initializers/new_framework_defaults.rb" end end - def test_rails_update_does_not_create_ssl_options_by_default + def test_rails_update_does_not_new_framework_defaults_if_already_present app_root = File.join(destination_root, 'myapp') run_generator [app_root] - FileUtils.rm("#{app_root}/config/initializers/new_framework_defaults/ssl_options.rb") + FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults.rb") stub_rails_application(app_root) do generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell generator.send(:app_const) quietly { generator.send(:update_config_files) } - assert_no_file "#{app_root}/config/initializers/new_framework_defaults/ssl_options.rb" - end - end - - def test_rails_update_does_not_remove_ssl_options_if_already_present - app_root = File.join(destination_root, 'myapp') - run_generator [app_root] - - FileUtils.touch("#{app_root}/config/initializers/new_framework_defaults/ssl_options.rb") - - stub_rails_application(app_root) do - generator = Rails::Generators::AppGenerator.new ["rails"], [], destination_root: app_root, shell: @shell - generator.send(:app_const) - quietly { generator.send(:update_config_files) } - assert_file "#{app_root}/config/initializers/new_framework_defaults/ssl_options.rb" + assert_file "#{app_root}/config/initializers/new_framework_defaults.rb" end end @@ -452,12 +368,15 @@ def test_generator_if_skip_puma_is_given def test_generator_if_skip_active_record_is_given run_generator [destination_root, "--skip-active-record"] assert_no_file "config/database.yml" - assert_no_file "config/initializers/new_framework_defaults/active_record_belongs_to_required_by_default.rb" assert_no_file "app/models/application_record.rb" assert_file "config/application.rb", /#\s+require\s+["']active_record\/railtie["']/ assert_file "test/test_helper.rb" do |helper_content| assert_no_match(/fixtures :all/, helper_content) end + + assert_file "config/initializers/new_framework_defaults.rb" do |initializer_content| + assert_no_match(/belongs_to_required_by_default/, initializer_content) + end end def test_generator_if_skip_action_mailer_is_given