This reverts commit 224eddfc, reversing
changes made to 9d681fc7.

When merging the pull request, I misunderstood `has_secure_token` as declaring a model
has a token from birth and through the rest of its lifetime.

Therefore, supporting conditional creation doesn't make sense. You should never mark a
model as having a secure token if there's a time when it shouldn't have it on creation.

The code that set the from clause was removed in
bdc51416. I did not give any reason for
doing so. My assumption was that I intended to change it to use the
clause objects, but forgot. We appeared to not have test coverage for
this case.

Fixes #22996

The code was changed to call `where` on a specific class in 813c8c07,
but no reasoning was given and I can't see any good reason why we would
need to do that. This will ensure that the method is called on whatever
class the scope is called on.

Fixes #23013

Arel handles substitution for bind parameters by now.

Closes #22584.

When you are using scopes and you chaining these scopes it is hard to
know which are the values that are incompatible. This way you can read
the message and know for which values you need to look for.

[Herminio Torres]

This reverts commit 5d41cb3b.

This implementation does not properly handle cases involving predicates
which are not associated with a bind param. I have the fix in mind, but
don't have time to implement just yet. It will be more similar to #22823
than not.

While the predicates are an arel equality node where the left side is a
full arel attribute, the binds just have the name of the column and
nothing else. This means that while splitting the predicates can include
the table as a factor, the binds cannot. It's entirely possible that we
might be able to have the bind params carry a bit more information (I
don't believe the name is used for anything but logging), and that is
probably a worthwhile change to make in the future.

However the simplest (and likely slightly faster) solution is to simply
use the indices of the conflicts in both cases. This means that we only
have to compute the collision space once, instead of twice even though
we're doing an additional array iteration. Regardless, this method isn't
a performance hotspot.

Close #22823.

[Ben Woosley & Sean Griffin]

Closes #23021.

Given a default_scope on a parent of the current class, where that
parent is not the base class, the parent's STI condition would become
attached to the evaluated default scope, and then override the child's
own STI condition.

Instead, we can treat the STI condition as though it is a default scope,
and skip it in this situation: the scope will be merged into the base
relation, which already contains the correct STI condition.

Fixes #22426.

While the commit message (and changelog example) in
5e0b555b talked about sibling classes,
the added test had a child ignore its parent's scoping, which seems less
reasonable.

This PR addresses the issue described in https://github.com/rails/rails/pull/22967#issuecomment-170251635. If the database is non empty and has no new migrations than `db:migrate` will not set the environment. This PR works by always setting the environment value on successful `up` migration regardless of whether or not a migration was actually executed.

If for some reason some one is not able to set the environment from a migration this gives us an escape valve to manually set the environment for the database see https://github.com/rails/rails/pull/22967#issuecomment-170251635.

We will also fix the migration case, but this will ensure there is always a way to set the environment.

cc/ @sgrif

When running passing condition assertions in the same test the user had already
been saved at that point.

Split out so we have a not yet persisted user.

Rename condition tests to improve clarity a bit.

Mistakenly interpreted the test case as a sign that we should switch to
before_save, when the original pitch use case was intended as before_create.

Revert a3ab6ad0.

Adding `if` and `unless` support doesn't bode well if the callback to assign
a token only runs on create.

Switch to `before_save`, but keep the conditional so that no token already
assigned is overriden.

Fix the NoMethodErrors introduced in 224eddfc, when adding conditional token creation.

The model declarations but the column wasn't added to the schema.

Pass through :if and :unless options from has_secure_token to the
generated before_create callback

The error message has become a `DISABLE_DATABASE_ENVIRONMENT_CHECK`, modified to match the error message.

ref: https://github.com/rails/rails/blob/master/activerecord/lib/active_record/migration.rb#L161

[ci skip]

This is really strange, as it passes on Travis for 2.3, and it passes
for me locally on 2.2. But on travis w/ 2.2, passing `Float::INFINITY`
in is resulting in an infinite loop. This should resolve it.

This is an alternate implementation to #22875, that generalizes a lot of
the logic that type decorators are going to need, in order to have them
work with arrays, ranges, etc. The types have the ability to map over a
value, with the default implementation being to just yield that given
value. Array and Range give more appropriate definitions.

This does not automatically make ranges time zone aware, as they need to
be added to the `time_zone_aware` types config, but we could certainly
make that change if we feel it is appropriate. I do think this would be
a breaking change however, and should at least have a deprecation cycle.

Closes #22875.

/cc @matthewd

You cannot use `update_attributes` on models that do not have a primary key. Since SchemaMigration versions are guaranteed to be unique (they have a unique index on them) we can safely use them as a primary key.

Discussion: https://github.com/rails/rails/pull/22967#discussion_r49137035

Raise an error when a destructive action is made on a database where the current environment is different from the environment stored in the database.

Simply `{update|delete}_sql` aliases to `{update|delete}`.

This PR introduces a key/value type store to Active Record that can be used for storing internal values. It is an alternative implementation to #21237 cc @sgrif @matthewd.

It is possible to run your tests against your production database by accident right now. While infrequently, but as an anecdotal data point, Heroku receives a non-trivial number of requests for a database restore due to this happening. In these cases the loss can be large.

To prevent against running tests against production we can store the "environment" version that was used when migrating the database in a new internal table. Before executing tests we can see if the database is a listed in `protected_environments` and abort. There is a manual escape valve to force this check from happening with environment variable `DISABLE_DATABASE_ENVIRONMENT_CHECK=1`.