From 5b0fb3213dfb19488e4f0594b132fde2748f7668 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Tue, 25 Jul 2023 23:02:42 +0200 Subject: [PATCH 01/20] Bump selenium-webdriver from 4.0.0 to 4.11.0 Webdrivers doesn't seem to be working with GitHub Actions since Chrome changed the way to download ChromeDriver [1]. Luckily, webdrivers functionality has recently been added directly to selenium-webdriver, and version 4.11.0 is compatible with the new way to download ChromeDriver. So we're updating selenium-webdriver and removing webdrivers. Note we now have to use the `Options` class instead of the `Capabilities`. We're updating Capybara since its changelog mentions its latest version also adapts these changes in Selenium. [1] https://groups.google.com/g/chromedriver-users/c/qVPTFXnedw0 --- Gemfile | 5 ++--- Gemfile.lock | 19 +++++++------------ spec/rails_helper.rb | 17 +++++++---------- 3 files changed, 16 insertions(+), 25 deletions(-) diff --git a/Gemfile b/Gemfile index 8288f259d9c1..a556d63777b2 100644 --- a/Gemfile +++ b/Gemfile @@ -84,14 +84,13 @@ group :development, :test do end group :test do - gem "capybara", "~> 3.37.1" + gem "capybara", "~> 3.39.2" gem "capybara-webmock", "~> 0.7.0" gem "email_spec", "~> 2.2.0" gem "rspec-rails", "~> 5.1.2" - gem "selenium-webdriver", "~> 4.0.0" + gem "selenium-webdriver", "~> 4.11.0" gem "simplecov", "~> 0.21.2", require: false gem "simplecov-lcov", "~> 0.8.0", require: false - gem "webdrivers", "~> 4.7.0" end group :development do diff --git a/Gemfile.lock b/Gemfile.lock index c9a8a8833c23..8d94e82f21c6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -125,7 +125,7 @@ GEM capistrano (~> 3.7) capistrano-bundler puma (>= 4.0, < 6.0) - capybara (3.37.1) + capybara (3.39.2) addressable matrix mini_mime (>= 0.1.3) @@ -150,7 +150,6 @@ GEM actionpack (>= 3.1) caxlsx (>= 3.0) chef-utils (16.4.41) - childprocess (4.1.0) chronic (0.10.2) ckeditor (4.3.0) orm_adapter (~> 0.5.0) @@ -578,10 +577,10 @@ GEM faraday (>= 0.17.3, < 3) scss_lint (0.59.0) sass (~> 3.5, >= 3.5.5) - selenium-webdriver (4.0.3) - childprocess (>= 0.5, < 5.0) + selenium-webdriver (4.11.0) rexml (~> 3.2, >= 3.2.5) - rubyzip (>= 1.2.2) + rubyzip (>= 1.2.2, < 3.0) + websocket (~> 1.0) simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) @@ -650,11 +649,8 @@ GEM activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - webdrivers (4.7.0) - nokogiri (~> 1.6) - rubyzip (>= 1.3.0) - selenium-webdriver (> 3.141, < 5.0) webrick (1.8.1) + websocket (1.2.9) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) @@ -687,7 +683,7 @@ DEPENDENCIES capistrano-rails (~> 1.6.2) capistrano3-delayed-job (~> 1.7.6) capistrano3-puma (~> 5.2.0) - capybara (~> 3.37.1) + capybara (~> 3.39.2) capybara-webmock (~> 0.7.0) caxlsx (~> 3.2.0) caxlsx_rails (~> 0.6.3) @@ -755,7 +751,7 @@ DEPENDENCIES sassc-rails (~> 2.1.2) savon (~> 2.13.0) scss_lint (~> 0.59.0) - selenium-webdriver (~> 4.0.0) + selenium-webdriver (~> 4.11.0) simplecov (~> 0.21.2) simplecov-lcov (~> 0.8.0) sitemap_generator (~> 6.3.0) @@ -769,7 +765,6 @@ DEPENDENCIES uuidtools (~> 2.2.0) view_component (~> 2.78.0) web-console (~> 4.2.0) - webdrivers (~> 4.7.0) whenever (~> 1.0.0) wicked_pdf (~> 2.6.3) wkhtmltopdf-binary (~> 0.12.6) diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 170c2e78aea9..8c5176865ca3 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -54,17 +54,14 @@ def within(...) FactoryBot.use_parent_strategy = false Capybara.register_driver :headless_chrome do |app| - capabilities = Selenium::WebDriver::Remote::Capabilities.chrome( - "goog:chromeOptions" => { - args: %W[headless no-sandbox window-size=1200,800 proxy-server=#{Capybara.app_host}:#{Capybara::Webmock.port_number}] - } - ) + options = Selenium::WebDriver::Chrome::Options.new.tap do |opts| + opts.add_argument "--headless" + opts.add_argument "--no-sandbox" + opts.add_argument "--window-size=1200,800" + opts.add_argument "--proxy-server=#{Capybara.app_host}:#{Capybara::Webmock.port_number}" + end - Capybara::Selenium::Driver.new( - app, - browser: :chrome, - capabilities: capabilities - ) + Capybara::Selenium::Driver.new(app, browser: :chrome, options: options) end Capybara.exact = true From d858af59044ed17a48f0d0328df672d9a6f3374d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 24 Sep 2021 21:08:41 +0200 Subject: [PATCH 02/20] Move time zone option to its right place It is supposed to be set in the place where there's a comment related to it, but we were setting it in another section of the configuration file. --- config/application.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/application.rb b/config/application.rb index 9391b39fa9f3..cdd8ac2f421e 100644 --- a/config/application.rb +++ b/config/application.rb @@ -55,7 +55,7 @@ class Application < Rails::Application # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. - # config.time_zone = 'Central Time (US & Canada)' + config.time_zone = "Madrid" # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] @@ -123,7 +123,6 @@ class Application < Rails::Application # Add lib to the autoload path config.autoload_paths << Rails.root.join("lib") - config.time_zone = "Madrid" config.active_job.queue_adapter = :delayed_job # CONSUL DEMOCRACY specific custom overrides From 21eedf6b840687205c877f088f3e8d8ee96572f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 24 Sep 2021 21:16:33 +0200 Subject: [PATCH 03/20] Upgrade to Rails 6.1 Note that `Capybara.app_host` now returns `nil` by default and that breaks tests using `lvh.me` or our custom `app_host` method, so we're setting `Capybara.app_host` to the value it had in earlier versions of Rails. I also haven't found a way to remove the code to set the integration session host in relationable tests which I mentioned in commit ffc14e499. Also note that we now filter more parameters, and that they match regular expressions, so filtering `:passw` means we're filtering `passwd`, `password`, ... --- .rubocop.yml | 1 + Gemfile | 2 +- Gemfile.lock | 127 +++++++++--------- bin/setup | 4 +- config.ru | 4 +- config/environments/development.rb | 19 ++- config/environments/production.rb | 14 +- config/environments/staging.rb | 15 ++- config/environments/test.rb | 13 +- config/initializers/backtrace_silencers.rb | 7 +- .../initializers/filter_parameter_logging.rb | 4 +- .../new_framework_defaults_6_1.rb | 67 +++++++++ config/initializers/permissions_policy.rb | 11 ++ ..._to_active_storage_blobs.active_storage.rb | 18 +++ ..._storage_variant_records.active_storage.rb | 12 ++ db/schema.rb | 12 +- spec/rails_helper.rb | 1 + spec/shared/system/relationable.rb | 4 +- 18 files changed, 250 insertions(+), 85 deletions(-) create mode 100644 config/initializers/new_framework_defaults_6_1.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 db/migrate/20210924190647_add_service_name_to_active_storage_blobs.active_storage.rb create mode 100644 db/migrate/20210924190648_create_active_storage_variant_records.active_storage.rb diff --git a/.rubocop.yml b/.rubocop.yml index ed46718de37b..50fcdb8f3272 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -244,6 +244,7 @@ Rails/CreateTableWithTimestamps: Exclude: - "db/migrate/201[5-8]*" - "db/migrate/*install_audited.rb" + - "db/migrate/*create_active_storage_variant_records.active_storage.rb" Rails/Date: Enabled: true diff --git a/Gemfile b/Gemfile index a556d63777b2..f820141c6d6d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "6.0.6.1" +gem "rails", "6.1.7.4" gem "acts-as-taggable-on", "~> 9.0.1" gem "acts_as_votable", "~> 0.13.2" diff --git a/Gemfile.lock b/Gemfile.lock index 8d94e82f21c6..3975e1b6d507 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,61 +6,65 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (6.0.6.1) - actionpack (= 6.0.6.1) + actioncable (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.6.1) - actionpack (= 6.0.6.1) - activejob (= 6.0.6.1) - activerecord (= 6.0.6.1) - activestorage (= 6.0.6.1) - activesupport (= 6.0.6.1) + actionmailbox (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (>= 2.7.1) - actionmailer (6.0.6.1) - actionpack (= 6.0.6.1) - actionview (= 6.0.6.1) - activejob (= 6.0.6.1) + actionmailer (6.1.7.4) + actionpack (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activesupport (= 6.1.7.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.6.1) - actionview (= 6.0.6.1) - activesupport (= 6.0.6.1) - rack (~> 2.0, >= 2.0.8) + actionpack (6.1.7.4) + actionview (= 6.1.7.4) + activesupport (= 6.1.7.4) + rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.6.1) - actionpack (= 6.0.6.1) - activerecord (= 6.0.6.1) - activestorage (= 6.0.6.1) - activesupport (= 6.0.6.1) + actiontext (6.1.7.4) + actionpack (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) nokogiri (>= 1.8.5) - actionview (6.0.6.1) - activesupport (= 6.0.6.1) + actionview (6.1.7.4) + activesupport (= 6.1.7.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.6.1) - activesupport (= 6.0.6.1) + activejob (6.1.7.4) + activesupport (= 6.1.7.4) globalid (>= 0.3.6) - activemodel (6.0.6.1) - activesupport (= 6.0.6.1) - activerecord (6.0.6.1) - activemodel (= 6.0.6.1) - activesupport (= 6.0.6.1) - activestorage (6.0.6.1) - actionpack (= 6.0.6.1) - activejob (= 6.0.6.1) - activerecord (= 6.0.6.1) + activemodel (6.1.7.4) + activesupport (= 6.1.7.4) + activerecord (6.1.7.4) + activemodel (= 6.1.7.4) + activesupport (= 6.1.7.4) + activestorage (6.1.7.4) + actionpack (= 6.1.7.4) + activejob (= 6.1.7.4) + activerecord (= 6.1.7.4) + activesupport (= 6.1.7.4) marcel (~> 1.0) - activesupport (6.0.6.1) + mini_mime (>= 1.1.0) + activesupport (6.1.7.4) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (>= 0.7, < 2) - minitest (~> 5.1) - tzinfo (~> 1.1) - zeitwerk (~> 2.2, >= 2.2.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) acts-as-taggable-on (9.0.1) activerecord (>= 6.0, < 7.1) acts_as_votable (0.13.2) @@ -449,20 +453,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (6.0.6.1) - actioncable (= 6.0.6.1) - actionmailbox (= 6.0.6.1) - actionmailer (= 6.0.6.1) - actionpack (= 6.0.6.1) - actiontext (= 6.0.6.1) - actionview (= 6.0.6.1) - activejob (= 6.0.6.1) - activemodel (= 6.0.6.1) - activerecord (= 6.0.6.1) - activestorage (= 6.0.6.1) - activesupport (= 6.0.6.1) - bundler (>= 1.3.0) - railties (= 6.0.6.1) + rails (6.1.7.4) + actioncable (= 6.1.7.4) + actionmailbox (= 6.1.7.4) + actionmailer (= 6.1.7.4) + actionpack (= 6.1.7.4) + actiontext (= 6.1.7.4) + actionview (= 6.1.7.4) + activejob (= 6.1.7.4) + activemodel (= 6.1.7.4) + activerecord (= 6.1.7.4) + activestorage (= 6.1.7.4) + activesupport (= 6.1.7.4) + bundler (>= 1.15.0) + railties (= 6.1.7.4) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -472,12 +476,12 @@ GEM rails-i18n (6.0.0) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 7) - railties (6.0.6.1) - actionpack (= 6.0.6.1) - activesupport (= 6.0.6.1) + railties (6.1.7.4) + actionpack (= 6.1.7.4) + activesupport (= 6.1.7.4) method_source - rake (>= 0.8.7) - thor (>= 0.20.3, < 2.0) + rake (>= 12.2) + thor (~> 1.0) rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.10.4) @@ -616,7 +620,6 @@ GEM terrapin (0.6.0) climate_control (>= 0.0.3, < 1.0) thor (1.2.1) - thread_safe (0.3.6) tilt (2.0.10) tomlrb (1.3.0) turbolinks (5.2.1) @@ -627,8 +630,8 @@ GEM rack (>= 1.3, < 3) rack-accept (~> 0.4) tilt (>= 1.4, < 3) - tzinfo (1.2.11) - thread_safe (~> 0.1) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) uglifier (4.2.0) execjs (>= 0.3.0, < 3) unicode-display_width (2.2.0) @@ -735,7 +738,7 @@ DEPENDENCIES pronto-rubocop (~> 0.11.2) pronto-scss (~> 0.11.0) puma (~> 4.3.12) - rails (= 6.0.6.1) + rails (= 6.1.7.4) rails-assets-markdown-it (~> 9.0.1)! recipient_interceptor (~> 0.3.1) redcarpet (~> 3.5.1) diff --git a/bin/setup b/bin/setup index 5635f8ec1522..50fe751989f1 100755 --- a/bin/setup +++ b/bin/setup @@ -9,8 +9,8 @@ def system!(*args) end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts "== Installing dependencies ==" diff --git a/config.ru b/config.ru index 193e5fed8d68..4a3c09a6889a 100644 --- a/config.ru +++ b/config.ru @@ -1,4 +1,6 @@ # This file is used by Rack-based servers to start the application. -require ::File.expand_path("../config/environment", __FILE__) +require_relative "config/environment" + run Rails.application +Rails.application.load_server diff --git a/config/environments/development.rb b/config/environments/development.rb index d3adf353f15c..704a1e63e57c 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,10 +1,11 @@ Warning[:deprecated] = true +require "active_support/core_ext/integer/time" Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -45,6 +46,12 @@ # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load @@ -60,7 +67,10 @@ config.assets.quiet = true # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true config.action_mailer.preview_path = "#{Rails.root}/spec/mailers/previews" @@ -81,6 +91,9 @@ # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. # config.file_watcher = ActiveSupport::EventedFileUpdateChecker + + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end require Rails.root.join("config", "environments", "custom", "development") diff --git a/config/environments/production.rb b/config/environments/production.rb index 47c8ac22ad11..4f0bc2fa3aa5 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -35,7 +37,7 @@ config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = "http://assets.example.com" + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache @@ -50,8 +52,8 @@ # Configure force_ssl in secrets.yml config.force_ssl = Rails.application.secrets.force_ssl - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). config.log_level = :warn # Prepend all log lines with the following tags. @@ -84,6 +86,12 @@ # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 87c57f36d52a..947d33ed0506 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -35,7 +37,7 @@ config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = "http://assets.example.com" + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache @@ -50,8 +52,8 @@ # Configure force_ssl in secrets.yml config.force_ssl = Rails.application.secrets.force_ssl - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). config.log_level = :debug # Prepend all log lines with the following tags. @@ -63,6 +65,7 @@ # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "consul_#{Rails.env}" + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -83,6 +86,12 @@ # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify + # Log disallowed deprecations. + config.active_support.disallowed_deprecation = :log + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new diff --git a/config/environments/test.rb b/config/environments/test.rb index 64c8b75199ee..5787afca2e1d 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,3 +1,5 @@ +require "active_support/core_ext/integer/time" + # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped @@ -51,8 +53,17 @@ # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raises error for missing translations. - # config.action_view.raise_on_missing_translations = true + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true # Limit size of local logs # TODO: replace with config.log_file_size after upgrading to Rails 7.1 diff --git a/config/initializers/backtrace_silencers.rb b/config/initializers/backtrace_silencers.rb index 59385cdf379b..33699c30910b 100644 --- a/config/initializers/backtrace_silencers.rb +++ b/config/initializers/backtrace_silencers.rb @@ -1,7 +1,8 @@ # Be sure to restart your server when you modify this file. # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. -# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } +# Rails.backtrace_cleaner.add_silencer { |line| /my_noisy_library/.match?(line) } -# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. -# Rails.backtrace_cleaner.remove_silencers! +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code +# by setting BACKTRACE=1 before calling your invocation, like "BACKTRACE=1 ./bin/rails runner 'MyClass.perform'". +Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"] diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1e7bb7..4b34a036689c 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,6 @@ # Be sure to restart your server when you modify this file. # Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb new file mode 100644 index 000000000000..9526b835ab6d --- /dev/null +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -0,0 +1,67 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 6.1 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Support for inversing belongs_to -> has_many Active Record associations. +# Rails.application.config.active_record.has_many_inversing = true + +# Track Active Storage variants in the database. +# Rails.application.config.active_storage.track_variants = true + +# Apply random variation to the delay when retrying failed jobs. +# Rails.application.config.active_job.retry_jitter = 0.15 + +# Stop executing `after_enqueue`/`after_perform` callbacks if +# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. +# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true + +# Specify cookies SameSite protection level: either :none, :lax, or :strict. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax + +# Generate CSRF tokens that are encoded in URL-safe Base64. +# +# This change is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 6.1. +# Rails.application.config.action_controller.urlsafe_csrf_tokens = true + +# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an +# UTC offset or a UTC time. +# ActiveSupport.utc_to_local_returns_utc_offset_times = true + +# Change the default HTTP status code to `308` when redirecting non-GET/HEAD +# requests to HTTPS in `ActionDispatch::SSL` middleware. +# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 + +# Use new connection handling API. For most applications this won't have any +# effect. For applications using multiple databases, this new API provides +# support for granular connection swapping. +# Rails.application.config.active_record.legacy_connection_handling = false + +# Make `form_with` generate non-remote forms by default. +# Rails.application.config.action_view.form_with_generates_remote_forms = false + +# Set the default queue name for the analysis job to the queue adapter default. +# Rails.application.config.active_storage.queues.analysis = nil + +# Set the default queue name for the purge job to the queue adapter default. +# Rails.application.config.active_storage.queues.purge = nil + +# Set the default queue name for the incineration job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.incineration = nil + +# Set the default queue name for the routing job to the queue adapter default. +# Rails.application.config.action_mailbox.queues.routing = nil + +# Set the default queue name for the mail deliver job to the queue adapter default. +# Rails.application.config.action_mailer.deliver_later_queue_name = nil + +# Generate a `Link` header that gives a hint to modern browsers about +# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. +# Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 000000000000..00f64d71b03e --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,11 @@ +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/db/migrate/20210924190647_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20210924190647_add_service_name_to_active_storage_blobs.active_storage.rb new file mode 100644 index 000000000000..9967a1323707 --- /dev/null +++ b/db/migrate/20210924190647_add_service_name_to_active_storage_blobs.active_storage.rb @@ -0,0 +1,18 @@ +# This migration comes from active_storage (originally 20190112182829) +class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] + def up + unless column_exists?(:active_storage_blobs, :service_name) + add_column :active_storage_blobs, :service_name, :string + + if configured_service = ActiveStorage::Blob.service.name + ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) + end + + change_column :active_storage_blobs, :service_name, :string, null: false + end + end + + def down + remove_column :active_storage_blobs, :service_name + end +end diff --git a/db/migrate/20210924190648_create_active_storage_variant_records.active_storage.rb b/db/migrate/20210924190648_create_active_storage_variant_records.active_storage.rb new file mode 100644 index 000000000000..fb6e2b01758f --- /dev/null +++ b/db/migrate/20210924190648_create_active_storage_variant_records.active_storage.rb @@ -0,0 +1,12 @@ +# This migration comes from active_storage (originally 20191206030411) +class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] + def change + create_table :active_storage_variant_records do |t| + t.belongs_to :blob, null: false, index: false + t.string :variation_digest, null: false + + t.index %i[blob_id variation_digest], name: "index_active_storage_variant_records_uniqueness", unique: true + t.foreign_key :active_storage_blobs, column: :blob_id + end + end +end diff --git a/db/schema.rb b/db/schema.rb index 165b1ffa762a..11ebacaa9452 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,8 +2,8 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# This file is the source Rails uses to define your schema when running `rails -# db:schema:load`. When creating a new database, `rails db:schema:load` tends to +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to # be faster and is potentially less error prone than running all of your # migrations from scratch. Old migrations may fail to apply correctly if those # migrations use external dependencies or application code. @@ -50,9 +50,16 @@ t.bigint "byte_size", null: false t.string "checksum", null: false t.datetime "created_at", null: false + t.string "service_name", null: false t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true end + create_table "active_storage_variant_records", force: :cascade do |t| + t.bigint "blob_id", null: false + t.string "variation_digest", null: false + t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true + end + create_table "activities", id: :serial, force: :cascade do |t| t.integer "user_id" t.string "action" @@ -1776,6 +1783,7 @@ end add_foreign_key "active_storage_attachments", "active_storage_blobs", column: "blob_id" + add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" add_foreign_key "administrators", "users" add_foreign_key "budget_administrators", "administrators" add_foreign_key "budget_administrators", "budgets" diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 8c5176865ca3..1b8180aa7c59 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -67,6 +67,7 @@ def within(...) Capybara.exact = true Capybara.enable_aria_label = true Capybara.disable_animation = true +Capybara.app_host ||= "http://127.0.0.1" OmniAuth.config.test_mode = true diff --git a/spec/shared/system/relationable.rb b/spec/shared/system/relationable.rb index 4b744fe35358..bfbba3868d65 100644 --- a/spec/shared/system/relationable.rb +++ b/spec/shared/system/relationable.rb @@ -4,9 +4,7 @@ let(:related2) { create([:proposal, :debate, :budget_investment].sample) } let(:user) { create(:user) } - before do - integration_session.host = Capybara.app_host # TODO: remove after upgrading to Rails 6.1 - end + before { integration_session.host = Capybara.app_host } scenario "related contents are listed" do create(:related_content, parent_relationable: relationable, child_relationable: related1, author: build(:user)) From 737a6a67ae5536ab02a475a75cf7892390a021d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 24 Sep 2021 21:18:41 +0200 Subject: [PATCH 04/20] Remove Wicked PDF monkey patch This patch was added in commit baefc249f because both ViewComponent and Wicked PDF monkey-patched the `render` method and so they were incompatible. However, Rails 6.1 includes the patch used by ViewComponent, meaning ViewComponent doesn't monkey-patch the `render` method anymore, and so it's compatible with Wicked PDF. --- config/initializers/wicked_pdf.rb | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/config/initializers/wicked_pdf.rb b/config/initializers/wicked_pdf.rb index 6befcabeb479..8a4ead8eebd7 100644 --- a/config/initializers/wicked_pdf.rb +++ b/config/initializers/wicked_pdf.rb @@ -1,27 +1,3 @@ -class WickedPdf - # Wicked Pdf magic breaks ViewComponent - # https://github.com/mileszs/wicked_pdf/pull/925 - module PdfHelper - def render(*args) - options = args.first - if options.is_a?(Hash) && options.key?(:pdf) - render_with_wicked_pdf(options) - else - super - end - end - - def render_to_string(*args) - options = args.first - if options.is_a?(Hash) && options.key?(:pdf) - render_to_string_with_wicked_pdf(options) - else - super - end - end - end -end - # WickedPDF Global Configuration # # Use this to set up shared configuration options for your entire application. From b0dfbd6fea15313c65bd592ab1df2ef937d05f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 25 Sep 2021 03:38:49 +0200 Subject: [PATCH 05/20] Delete configuration options that are now redundant These options are the default options in Rails 6.1, so we no longer need to customize them. --- config/application.rb | 8 -------- config/initializers/new_framework_defaults_6_1.rb | 9 --------- 2 files changed, 17 deletions(-) diff --git a/config/application.rb b/config/application.rb index cdd8ac2f421e..97b992a0d77c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -27,9 +27,6 @@ class Application < Rails::Application # Rails 4 models worked config.active_record.belongs_to_required_by_default = false - # Use local forms with `form_with`, so it works like `form_for` - config.action_view.form_with_generates_remote_forms = false - # Keep using AES-256-CBC for message encryption in case it's used # in any CONSUL DEMOCRACY installations config.active_support.use_authenticated_message_encryption = false @@ -38,11 +35,6 @@ class Application < Rails::Application # should work with zeitwerk config.autoloader = :classic - # Use the default queue for ActiveStorage like we were doing with Rails 5.2 - # because it will also be the default in Rails 6.1. - config.active_storage.queues.analysis = nil - config.active_storage.queues.purge = nil - # Keep reading existing data in the legislation_annotations ranges column config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess, Symbol] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 9526b835ab6d..9f071cc059ab 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -44,15 +44,6 @@ # support for granular connection swapping. # Rails.application.config.active_record.legacy_connection_handling = false -# Make `form_with` generate non-remote forms by default. -# Rails.application.config.action_view.form_with_generates_remote_forms = false - -# Set the default queue name for the analysis job to the queue adapter default. -# Rails.application.config.active_storage.queues.analysis = nil - -# Set the default queue name for the purge job to the queue adapter default. -# Rails.application.config.active_storage.queues.purge = nil - # Set the default queue name for the incineration job to the queue adapter default. # Rails.application.config.action_mailbox.queues.incineration = nil From 3504f398175db7ca94a239ea9284841f5ee0e9cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 25 Sep 2021 03:20:28 +0200 Subject: [PATCH 06/20] Store Active Storage variants in the database This mostly benefit people using external services, as now there's no need to query the service to check whether a variant exists. For most Consul Democracy installations, this will probably not be relevant, so we're sticking wih the default value. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 9f071cc059ab..d4d2ddae2f84 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -10,7 +10,7 @@ # Rails.application.config.active_record.has_many_inversing = true # Track Active Storage variants in the database. -# Rails.application.config.active_storage.track_variants = true +Rails.application.config.active_storage.track_variants = true # Apply random variation to the delay when retrying failed jobs. # Rails.application.config.active_job.retry_jitter = 0.15 From a63fb7d642c9e26a95d799500e566f21c0d7a0a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 25 Sep 2021 03:27:08 +0200 Subject: [PATCH 07/20] Configure "retry jitter" option in active job This way, when several jobs fail at the same time, not all of them will be retried at the same time. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index d4d2ddae2f84..9f584e977729 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -13,7 +13,7 @@ Rails.application.config.active_storage.track_variants = true # Apply random variation to the delay when retrying failed jobs. -# Rails.application.config.active_job.retry_jitter = 0.15 +Rails.application.config.active_job.retry_jitter = 0.15 # Stop executing `after_enqueue`/`after_perform` callbacks if # `before_enqueue`/`before_perform` respectively halts with `throw :abort`. From bfc1ce443cdb291558539e8faa64d171f654716d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 25 Sep 2021 03:43:39 +0200 Subject: [PATCH 08/20] Delete action mailbox options since we don't use it Simply uncommeting them raised an exception. --- config/initializers/new_framework_defaults_6_1.rb | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 9f584e977729..3a4761aea86b 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -44,12 +44,6 @@ # support for granular connection swapping. # Rails.application.config.active_record.legacy_connection_handling = false -# Set the default queue name for the incineration job to the queue adapter default. -# Rails.application.config.action_mailbox.queues.incineration = nil - -# Set the default queue name for the routing job to the queue adapter default. -# Rails.application.config.action_mailbox.queues.routing = nil - # Set the default queue name for the mail deliver job to the queue adapter default. # Rails.application.config.action_mailer.deliver_later_queue_name = nil From 9396da74203e26f9bdcfdb15ce526e3d800b9828 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 14:21:51 +0200 Subject: [PATCH 09/20] Skip after callbacks if terminated in active job Not sure this configuration option does anything, though, since it's been removed in Rails 7.0 because it was not halting the callbacks. But, if it does nothing, it's the same as disabling it, which is what we were doing until now, so in the end using the Rails 6.1 default value does no harm. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 3a4761aea86b..9e2590862e5c 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -17,7 +17,7 @@ # Stop executing `after_enqueue`/`after_perform` callbacks if # `before_enqueue`/`before_perform` respectively halts with `throw :abort`. -# Rails.application.config.active_job.skip_after_callbacks_if_terminated = true +Rails.application.config.active_job.skip_after_callbacks_if_terminated = true # Specify cookies SameSite protection level: either :none, :lax, or :strict. # From 2c63cc57205a78669043cbb9fc36d6e5d59465fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 14:28:42 +0200 Subject: [PATCH 10/20] Use URL-safe CSRF tokens and SameSite in cookies These measures increase protection against CSRF ataks. The only reason Rails provides them as a configuration option is there are complex applications that run one version of the code in some servers while running an old version of the code in other servers might run into issues because the the old version won't handle the tokens or cookies generated by the new version. Since most Consul applications use just one server and the ones with more servers would only face this issue for a few seconds (while upgrading to a new version of Consul Democracy), we can safely enable these configuration options. --- config/initializers/new_framework_defaults_6_1.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 9e2590862e5c..02fdb8b78760 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -23,13 +23,13 @@ # # This change is not backwards compatible with earlier Rails versions. # It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax +Rails.application.config.action_dispatch.cookies_same_site_protection = :lax # Generate CSRF tokens that are encoded in URL-safe Base64. # # This change is not backwards compatible with earlier Rails versions. # It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_controller.urlsafe_csrf_tokens = true +Rails.application.config.action_controller.urlsafe_csrf_tokens = true # Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an # UTC offset or a UTC time. From 9cb5b7301be941f2ed059e819d590732bcc39bdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 14:45:57 +0200 Subject: [PATCH 11/20] Return UTC offests in the utc_to_local method We don't use this method anywhere, so we might use the new default in Rails 6.1, which was added when Rails started using tzinfo 2. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 02fdb8b78760..cbbd28b3e85a 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -33,7 +33,7 @@ # Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an # UTC offset or a UTC time. -# ActiveSupport.utc_to_local_returns_utc_offset_times = true +ActiveSupport.utc_to_local_returns_utc_offset_times = true # Change the default HTTP status code to `308` when redirecting non-GET/HEAD # requests to HTTPS in `ActionDispatch::SSL` middleware. From ef16e5777db0823256673b85e08001a8d37bbfa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 14:54:10 +0200 Subject: [PATCH 12/20] Use 308 as SSL default redirect status This way user agents will know that the redirection from HTTP to HTTPS is permanent and not temporary, which is the case if we activate the `force_ssl` option (which we do by default). --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index cbbd28b3e85a..2eadefb641e2 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -37,7 +37,7 @@ # Change the default HTTP status code to `308` when redirecting non-GET/HEAD # requests to HTTPS in `ActionDispatch::SSL` middleware. -# Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 +Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 # Use new connection handling API. For most applications this won't have any # effect. For applications using multiple databases, this new API provides From 1fc34b894334622afdf59b25d10ffdb6f0807cea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 15:16:37 +0200 Subject: [PATCH 13/20] Disable legacy database connection handling Since we aren't using the old way to handle multiple databases (because we don't use multiple databases), we can safely enable this option without breaking anything. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 2eadefb641e2..69be565dbdd8 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -42,7 +42,7 @@ # Use new connection handling API. For most applications this won't have any # effect. For applications using multiple databases, this new API provides # support for granular connection swapping. -# Rails.application.config.active_record.legacy_connection_handling = false +Rails.application.config.active_record.legacy_connection_handling = false # Set the default queue name for the mail deliver job to the queue adapter default. # Rails.application.config.action_mailer.deliver_later_queue_name = nil From 90c2d1becc6d7849cee6ae64c036a22eeceedb73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 15:57:53 +0200 Subject: [PATCH 14/20] Use the default job queue to deliver emails This is the default in Rails 6.1 for Action Mailer, just like it's the default for Active Storage. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 69be565dbdd8..26a97d92bfc4 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -45,7 +45,7 @@ Rails.application.config.active_record.legacy_connection_handling = false # Set the default queue name for the mail deliver job to the queue adapter default. -# Rails.application.config.action_mailer.deliver_later_queue_name = nil +Rails.application.config.action_mailer.deliver_later_queue_name = nil # Generate a `Link` header that gives a hint to modern browsers about # preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. From d582e2b3f673c1cec7a36e3d3511e1492859495e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sat, 15 Jul 2023 16:16:49 +0200 Subject: [PATCH 15/20] Preload CSS and JavaScript files This is the default setting in Rails 6.1, and generates an extra tag in the HTML which tells the browser to download and cache these files as soon as possible, even before they're needed. This might not be that relevant in our application, since on most pages we only generate one CSS and one JS file. But it might make it easier to move the `javascript_include_tag` statement to the bottom of the page in the future if we detect that doing so increases performance. --- config/initializers/new_framework_defaults_6_1.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb index 26a97d92bfc4..dd5b6b9c63a7 100644 --- a/config/initializers/new_framework_defaults_6_1.rb +++ b/config/initializers/new_framework_defaults_6_1.rb @@ -49,4 +49,4 @@ # Generate a `Link` header that gives a hint to modern browsers about # preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. -# Rails.application.config.action_view.preload_links_header = true +Rails.application.config.action_view.preload_links_header = true From 5fa6aa36ca749fe9033357d27d6402272e41f521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Sun, 16 Jul 2023 01:55:32 +0200 Subject: [PATCH 16/20] Use Rails 6.1 defaults and overwrite them We can remove the `new_framework_defaults_6_1` file by using Rails 6.1 default options and overwriting the one we haven't enabled. We've experienced problems while running the tests (probably the same would happen on production) when enabling the `has_many_inversing` option. For example, after creating a legislation answer for a question with no answers, calling `question.answers_count` would then return `2` instead of `1`. So we aren't enabling this option. --- config/application.rb | 6 ++- .../new_framework_defaults_6_1.rb | 52 ------------------- 2 files changed, 5 insertions(+), 53 deletions(-) delete mode 100644 config/initializers/new_framework_defaults_6_1.rb diff --git a/config/application.rb b/config/application.rb index 97b992a0d77c..0aa2faf58df4 100644 --- a/config/application.rb +++ b/config/application.rb @@ -21,7 +21,7 @@ module Consul class Application < Rails::Application - config.load_defaults 6.0 + config.load_defaults 6.1 # Keep belongs_to fields optional by default, because that's the way # Rails 4 models worked @@ -35,6 +35,10 @@ class Application < Rails::Application # should work with zeitwerk config.autoloader = :classic + # Don't enable has_many_inversing because it doesn't seem to currently + # work with the _count database columns we use for caching purposes + config.active_record.has_many_inversing = false + # Keep reading existing data in the legislation_annotations ranges column config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess, Symbol] diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb deleted file mode 100644 index dd5b6b9c63a7..000000000000 --- a/config/initializers/new_framework_defaults_6_1.rb +++ /dev/null @@ -1,52 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 6.1 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Support for inversing belongs_to -> has_many Active Record associations. -# Rails.application.config.active_record.has_many_inversing = true - -# Track Active Storage variants in the database. -Rails.application.config.active_storage.track_variants = true - -# Apply random variation to the delay when retrying failed jobs. -Rails.application.config.active_job.retry_jitter = 0.15 - -# Stop executing `after_enqueue`/`after_perform` callbacks if -# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. -Rails.application.config.active_job.skip_after_callbacks_if_terminated = true - -# Specify cookies SameSite protection level: either :none, :lax, or :strict. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -Rails.application.config.action_dispatch.cookies_same_site_protection = :lax - -# Generate CSRF tokens that are encoded in URL-safe Base64. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -Rails.application.config.action_controller.urlsafe_csrf_tokens = true - -# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an -# UTC offset or a UTC time. -ActiveSupport.utc_to_local_returns_utc_offset_times = true - -# Change the default HTTP status code to `308` when redirecting non-GET/HEAD -# requests to HTTPS in `ActionDispatch::SSL` middleware. -Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 - -# Use new connection handling API. For most applications this won't have any -# effect. For applications using multiple databases, this new API provides -# support for granular connection swapping. -Rails.application.config.active_record.legacy_connection_handling = false - -# Set the default queue name for the mail deliver job to the queue adapter default. -Rails.application.config.action_mailer.deliver_later_queue_name = nil - -# Generate a `Link` header that gives a hint to modern browsers about -# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. -Rails.application.config.action_view.preload_links_header = true From 933298fc4b2868335c700dc40d0bdbf4ebf36021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 17 Jul 2023 00:17:59 +0200 Subject: [PATCH 17/20] Ignore dots in slugs when rendering custom pages We were getting a warning in one of the tests: DEPRECATION WARNING: Rendering actions with '.' in the name is deprecated: application/nonExistentJavaScript.js I haven't found a case where the behavior on production environments is different due to this change; the application seems to behave the same way as it used to. So I'm not adding tests for this change. --- app/controllers/pages_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index d33854784a68..bc997297b558 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -11,7 +11,7 @@ def show @cards = @custom_page.cards render action: :custom_page else - render action: params[:id] + render action: params[:id].split(".").first end rescue ActionView::MissingTemplate head :not_found, content_type: "text/html" From 8cef74fa078f48d2781b1671181509840d0ecd2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 17 Jul 2023 00:44:04 +0200 Subject: [PATCH 18/20] Don't include extensions when rendering templates We were getting a deprecation warning: DEPRECATION WARNING: Rendering actions with '.' in the name is deprecated: welcome/_recommended_carousel.html.erb --- spec/views/welcome/index.html.erb_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/views/welcome/index.html.erb_spec.rb b/spec/views/welcome/index.html.erb_spec.rb index c0c2d4086c84..1583730d90e4 100644 --- a/spec/views/welcome/index.html.erb_spec.rb +++ b/spec/views/welcome/index.html.erb_spec.rb @@ -4,7 +4,7 @@ it "Display images on orbit carrousel when we have defined image_default" do debate = create(:debate) - render template: "welcome/_recommended_carousel.html.erb", + render template: "welcome/_recommended_carousel", locals: { key: "debates", recommendeds: [debate], image_field: nil, @@ -22,7 +22,7 @@ it "Not display images on orbit carrousel when we have not defined image_default" do debate = create(:debate) - render template: "welcome/_recommended_carousel.html.erb", + render template: "welcome/_recommended_carousel", locals: { key: "debates", recommendeds: [debate], image_field: nil, From 2d40589074bcce218ad1ec3c784e15ab0b44404c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 17 Jul 2023 01:14:15 +0200 Subject: [PATCH 19/20] Directly delete the "organization is invalid" error We were getting a warning since upgrading to Rails 6.1: DEPRECATION WARNING: Calling `delete` to an ActiveModel::Errors messages hash is deprecated. Please call `ActiveModel::Errors#delete` instead. So we're deleting the error instead of deleting the message. --- app/controllers/account_controller.rb | 2 +- app/controllers/organizations/registrations_controller.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index f67f1be0c59d..88ac41b0f253 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -10,7 +10,7 @@ def update if @account.update(account_params) redirect_to account_path, notice: t("flash.actions.save_changes.notice") else - @account.errors.messages.delete(:organization) + @account.errors.delete(:organization) render :show end end diff --git a/app/controllers/organizations/registrations_controller.rb b/app/controllers/organizations/registrations_controller.rb index 7b37ee7c2466..544432a84d14 100644 --- a/app/controllers/organizations/registrations_controller.rb +++ b/app/controllers/organizations/registrations_controller.rb @@ -13,7 +13,7 @@ def create if resource.valid? super do |user| # Removes unuseful "organization is invalid" error message - user.errors.messages.delete(:organization) + user.errors.delete(:organization) end else render :new From 35926e7fc1b1d67bbae81dbefe7cef8dee9fed5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Mon, 17 Jul 2023 22:26:59 +0200 Subject: [PATCH 20/20] Remove no longer needed call to `default_scoped` Automatically using `default_scoped` in this context is the default behavior in Rails 6.1. --- config/initializers/acts_as_taggable_on.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/initializers/acts_as_taggable_on.rb b/config/initializers/acts_as_taggable_on.rb index a3ebeb853741..d661338bba12 100644 --- a/config/initializers/acts_as_taggable_on.rb +++ b/config/initializers/acts_as_taggable_on.rb @@ -5,8 +5,7 @@ module ActsAsTaggableOn scope :public_for_api, -> do where( - # TODO: remove default_scoped after upgrading to Rails 6.1 - tag: Tag.default_scoped.where(kind: [nil, "category"]), + tag: Tag.where(kind: [nil, "category"]), taggable: [Debate.public_for_api, Proposal.public_for_api] ) end