kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/railties/lib/rails/application.rb

633 lines
23 KiB
Ruby
Raw Normal View History

Adding frozen_string_literal pragma to Railties.
2017-08-14 13:08:09 -04:00
# frozen_string_literal: true
applies new string literal convention in railties/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 13:15:47 -04:00
require "yaml"
require "active_support/core_ext/hash/keys"
require "active_support/core_ext/object/blank"
require "active_support/key_generator"
require "active_support/message_verifier"
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
require "active_support/encrypted_configuration"
Allow deprecated non-symbol access to nested `config_for` hashes A change to `Rails::Application.config_for` in https://github.com/rails/rails/pull/33815 and https://github.com/rails/rails/pull/33882 has altered the behaviour of the returned object in a breaking manner. Before that change, nested hashes returned from `config_for` could be accessed using non-symbol keys. After the change, all keys are recursively symbolized so non-symbol access fails to read the expected values. This is a breaking change for any app that might be relying on the nested hashes returned from `config_for` calls, and thus should be deprecated before being removed from the codebase. This commit introduces a temporary `NonSymbolAccessDeprecatedHash` class that recursively wraps any nested hashes inside the `OrderedOptions` object returned from `config_for` and issues a deprecation notice when a non-symbol based access is performed. This way, apps that are still relying on the ability to access these nested hashes using non-symbol keys will be able to observe the deprecation notices and have time to implement changes before non-symbol access is removed for good. A CHANGELOG entry is also added to note that non-symbol access to nested `config_for` hashes is deprecated.
2019-02-08 12:44:43 -05:00
require "active_support/hash_with_indifferent_access"
Extract internal ActiveSupport::ConfigurationFile object Rails has a number of places where a YAML configuration file is read, then ERB is evaluated and finally the YAML is parsed. This consolidates that into one common class. Co-authored-by: Kasper Timm Hansen <kaspth@gmail.com>
2019-10-05 20:37:23 -04:00
require "active_support/configuration_file"
[Railties] require_relative => require This basically reverts 618268b4b9382f4bcf004a945fe2d85c0bd03e32
2017-10-21 09:08:33 -04:00
require "rails/engine"
require "rails/secrets"
tests pass with requiring the frameworks in rails.rb
2009-12-22 20:03:23 -05:00
Restore "Start Rails::Application object This reverts commit f14ad4145622f45e9bf7433b5fdef4ce427efe4b.
2009-09-25 22:32:28 -04:00
module Rails
[ci skip] Remove comments about Rails 3.1 Stems from https://github.com/rails/rails/pull/20105#issuecomment-100900939 where @senny said: > From my point of view, all the docs (guides, API) are version bound. > They should describe that version and continue to be available when newer versions are released. > The cross referencing can be done by the interested user.
2015-05-11 09:51:45 -04:00
# An Engine with the responsibility of coordinating the whole boot process.
Add docs for Railtie, Engine, Plugin and Application.
2010-02-02 14:05:26 -05:00
#
# == Initialization
#
Rails::Plugin has gone
2012-01-02 15:49:18 -05:00
# Rails::Application is responsible for executing all railties and engines
grammar/tense correction to rails application doc
2011-07-12 09:37:55 -04:00
# initializers. It also executes some bootstrap initializers (check
Add docs for Railtie, Engine, Plugin and Application.
2010-02-02 14:05:26 -05:00
# Rails::Application::Bootstrap) and finishing initializers, after all the others
# are executed (check Rails::Application::Finisher).
#
# == Configuration
#
# Besides providing the same configuration as Rails::Engine and Rails::Railtie,
# the application object has several specific configurations, for example
Remove allow_concurrency as a flag The flag was mainly used to add a Rack::Lock middleware to the stack, but the only scenario the lock is desired is in development. If you are deploying on a not-threaded server, the Rack::Lock does not provide any benefit since you don't have concurrent accesses. On the other hand, if you are on a threaded server, you don't want the lock, since it defeats the purpose of using a threaded server. If there is someone out there, running on a thread server and does want a lock, it can be added to your environment as easy as: `use Rack::Lock`
2012-08-01 09:27:57 -04:00
# "cache_classes", "consider_all_requests_local", "filter_parameters",
Rails::Plugin has gone
2012-01-02 15:49:18 -05:00
# "logger" and so forth.
Add docs for Railtie, Engine, Plugin and Application.
2010-02-02 14:05:26 -05:00
#
# Check Rails::Application::Configuration to see them all.
#
# == Routes
#
# The application object is also responsible for holding the routes and reloading routes
# whenever the files change in development.
#
Removing Metal from Rails 3. If you have existing Metals, you have a few options: * if your metal behaves like a middleware, add it to the middleware stack via config.middleware.use. You can use methods on the middleware stack to control exactly where it should go * if it behaves like a Rack endpoint, you can link to it in the router. This will result in more optimal routing time, and allows you to remove code in your endpoint that matches specific URLs in favor of the more powerful handling in the router itself. For the future, you can use ActionController::Metal to get a very fast controller with the ability to opt-in to specific controller features without paying the penalty of the full controller stack. Since Rails 3 is closer to Rack, the Metal abstraction is no longer needed.
2010-05-29 14:07:47 -04:00
# == Middlewares
Add docs for Railtie, Engine, Plugin and Application.
2010-02-02 14:05:26 -05:00
#
Removing Metal from Rails 3. If you have existing Metals, you have a few options: * if your metal behaves like a middleware, add it to the middleware stack via config.middleware.use. You can use methods on the middleware stack to control exactly where it should go * if it behaves like a Rack endpoint, you can link to it in the router. This will result in more optimal routing time, and allows you to remove code in your endpoint that matches specific URLs in favor of the more powerful handling in the router itself. For the future, you can use ActionController::Metal to get a very fast controller with the ability to opt-in to specific controller features without paying the penalty of the full controller stack. Since Rails 3 is closer to Rack, the Metal abstraction is no longer needed.
2010-05-29 14:07:47 -04:00
# The Application is also responsible for building the middleware stack.
Reorganized initializers a bit to enable better hooks for common cases without the need for Railtie. Specifically, the following hooks were added: * before_configuration: this hook is run immediately after the Application class comes into existence, but before the user has added any configuration. This is the appropriate place to set configuration for your plugin * before_initialize: This is run after all of the user's configuration has completed, but before any initializers have begun (in other words, it runs right after config/environments/{development,production,test}.rb) * after_initialize: This is run after all of the initializers have run. It is an appropriate place for forking in a preforking setup Each of these hooks may be used via ActiveSupport.on_load(name) { }. In all these cases, the context inside the block will be the Application object. This means that for simple cases, you can use these hooks without needing to create a Railtie.
2010-05-15 09:08:55 -04:00
#
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
# == Booting process
#
# The application is also responsible for setting up and executing the booting
# process. From the moment you require "config/application.rb" in your app,
# the booting process goes like this:
#
update from PR #36222
2019-08-09 17:30:15 -04:00
# 1) require "config/boot.rb" to set up load paths
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
# 2) require railties and engines
# 3) Define Rails.application as "class MyApp::Application < Rails::Application"
# 4) Run config.before_configuration callbacks
# 5) Load config/environments/ENV.rb
# 6) Run config.before_initialize callbacks
# 7) Run Railtie#initializer defined by railties, engines and application.
Revert "Provide a unique point for running initializers." This reverts commit c2e3ce8d1e1174e66536d59d8d97eb2cc8ce6f25. Conflicts: railties/lib/rails/application/configuration.rb railties/lib/rails/application/finisher.rb railties/lib/rails/engine.rb
2011-12-13 02:49:04 -05:00
# One by one, each engine sets up its load paths, routes and runs its config/initializers/* files.
Renumbering the comments in the application boot process.
2013-03-09 12:42:02 -05:00
# 8) Custom Railtie#initializers added by railties, engines and applications are executed
# 9) Build the middleware stack and run to_prepare callbacks
# 10) Run config.before_eager_load and eager_load! if eager_load is true
# 11) Run config.after_initialize callbacks
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
#
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
# == Multiple Applications
#
# If you decide to define multiple applications, then the first application
# that is initialized will be set to +Rails.application+, unless you override
# it with a different application.
#
# To create a new application, you can instantiate a new instance of a class
# that has already been created:
#
# class Application < Rails::Application
# end
#
# first_application = Application.new
# second_application = Application.new(config: first_application.config)
#
# In the above example, the configuration from the first application was used
# to initialize the second application. You can also use the +initialize_copy+
# on one of the applications to create a copy of the application which shares
# the configuration.
#
Capitalize Rake [ci skip]
2016-12-19 21:06:12 -05:00
# If you decide to define Rake tasks, runners, or initializers in an
[ci skip] correcting sentence in description of application.rb Adding period in the end.
2016-03-04 07:22:31 -05:00
# application other than +Rails.application+, then you must run them manually.
Massive cleanup in Railties and load stack.
2010-01-21 17:14:20 -05:00
class Application < Engine
applies new string literal convention in railties/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 13:15:47 -04:00
autoload :Bootstrap, "rails/application/bootstrap"
autoload :Configuration, "rails/application/configuration"
autoload :DefaultMiddlewareStack, "rails/application/default_middleware_stack"
autoload :Finisher, "rails/application/finisher"
autoload :Railties, "rails/engine/railties"
autoload :RoutesReloader, "rails/application/routes_reloader"
Extract routes reloading responsibilities from application and load them just upon a request.
2010-01-23 09:05:13 -05:00
Moving more initializers into the application object
2009-10-08 15:14:57 -04:00
class << self
Massive cleanup in Railties and load stack.
2010-01-21 17:14:20 -05:00
def inherited(base)
super
lazily instantiate application subclasses this means we can meaningfully override methods in the subclass
2014-08-06 21:27:16 -04:00
Rails.app_class = base
add lib to $LOAD_PATH on application inhertence. fixes #17106
2014-11-04 17:54:52 -05:00
add_lib_to_load_path!(find_root(base.called_from))
run `before_configuration` callbacks as soon as application constant inherits from Rails::Application Until Rails 4.1, `before_configuration` run as soon as the application constant inherits from `Rails::Application`. However, in d25fe31c40928712b5e08fe0afb567c3bc88eddf, it has been modified to run at instantiation process. This modify to `before_configuration` is run at same timing as to Rails 4.1. Fixes #19880
2016-07-25 19:12:55 -04:00
ActiveSupport.run_load_hooks(:before_configuration, base)
Moving more initializers into the application object
2009-10-08 15:14:57 -04:00
end
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
defer running after_config hooks until after the object is allocated
2014-08-07 18:28:31 -04:00
def instance
super.run_load_hooks!
end
add a new constructor that runs load hooks
2014-08-07 18:50:46 -04:00
def create(initial_variable_values = {}, &block)
new(initial_variable_values, &block).run_load_hooks!
end
add lib to $LOAD_PATH on application inhertence. fixes #17106
2014-11-04 17:54:52 -05:00
def find_root(from)
find_root_with_flag "config.ru", from, Dir.pwd
end
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
# Makes the +new+ method public.
#
# Note that Rails::Application inherits from Rails::Engine, which
# inherits from Rails::Railtie and the +new+ method on Rails::Railtie is
# private
public :new
Conceptually unify instance & global initializers
2009-11-02 20:19:03 -05:00
end
Create the application object from config/environment.rb This is preliminary and not necessarily reflective of the full plan.
2009-09-28 20:57:36 -04:00
Move background jobs to the 'jobs' branch until fully baked. Not shipping with Rails 4.0.
2012-12-21 18:42:47 -05:00
attr_accessor :assets, :sandbox
Everyone receives app as argument for consistency.
2011-05-24 19:37:55 -04:00
alias_method :sandbox?, :sandbox
Publish AS::Executor and AS::Reloader APIs These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
2016-02-21 20:25:52 -05:00
attr_reader :reloaders, :reloader, :executor
Everyone receives app as argument for consistency.
2011-05-24 19:37:55 -04:00
Use Ruby 1.9 Hash syntax in railties
2012-10-14 06:03:39 -04:00
delegate :default_url_options, :default_url_options=, to: :routes
New way of generating urls for Application from Engine. It's based specifying application's script_name with: Rails.application.default_url_options = {:script_name => "/foo"} default_url_options method is delegated to routes. If router used to generate url differs from the router passed via env it always overwrites :script_name with this value.
2010-07-08 09:42:40 -04:00
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
INITIAL_VARIABLES = [:config, :railties, :routes_reloader, :reloaders,
Load secret_key_base from tokens.yml, fallback to config.secret_key_base
2013-12-10 10:04:07 -05:00
:routes, :helpers, :app_env_config, :secrets] # :nodoc:
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
def initialize(initial_variable_values = {}, &block)
super()
Make possibile to get different message verifiers
2013-11-21 20:42:10 -05:00
@initialized = false
@reloaders = []
@routes_reloader = nil
@app_env_config = nil
@ordered_railties = nil
@railties = nil
@message_verifiers = {}
defer running after_config hooks until after the object is allocated
2014-08-07 18:28:31 -04:00
@ran_load_hooks = false
Publish AS::Executor and AS::Reloader APIs These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
2016-02-21 20:25:52 -05:00
@executor = Class.new(ActiveSupport::Executor)
@reloader = Class.new(ActiveSupport::Reloader)
@reloader.executor = @executor
defer running after_config hooks until after the object is allocated
2014-08-07 18:28:31 -04:00
# are these actually used?
@initial_variable_values = initial_variable_values
@block = block
end
# Returns true if the application is initialized.
def initialized?
@initialized
end
def run_load_hooks! # :nodoc:
return self if @ran_load_hooks
@ran_load_hooks = true
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
defer running after_config hooks until after the object is allocated
2014-08-07 18:28:31 -04:00
@initial_variable_values.each do |variable_name, value|
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
if INITIAL_VARIABLES.include?(variable_name)
instance_variable_set("@#{variable_name}", value)
end
end
defer running after_config hooks until after the object is allocated
2014-08-07 18:28:31 -04:00
instance_eval(&@block) if @block
self
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
end
# Reload application routes regardless if they changed or not.
def reload_routes!
routes_reloader.reload!
end
Renamed ‘Return’ to ‘Returns’ [ci skip]
2015-09-28 10:45:53 -04:00
# Returns the application's KeyGenerator
Provide access to the application's KeyGenerator Available both as an env entry for rack and an instance method on Rails::Application for other uses
2012-09-30 22:34:12 -04:00
def key_generator
# number of iterations selected based on consultation with the google security
# team. Details at https://github.com/rails/rails/pull/6952#issuecomment-7661220
Remove deprecated `config.secret_token`
2019-01-16 16:17:52 -05:00
@caching_key_generator ||= ActiveSupport::CachingKeyGenerator.new(
ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)
)
Provide access to the application's KeyGenerator Available both as an env entry for rack and an instance method on Rails::Application for other uses
2012-09-30 22:34:12 -04:00
end
Fix typos
2013-12-02 19:42:10 -05:00
# Returns a message verifier object.
Add documentation and CHANGELOG entry to Application#verifier
2013-11-19 19:34:32 -05:00
#
Fix typos
2013-12-02 19:42:10 -05:00
# This verifier can be used to generate and verify signed messages in the application.
Add documentation and CHANGELOG entry to Application#verifier
2013-11-19 19:34:32 -05:00
#
No need to configure salts
2013-11-21 21:02:10 -05:00
# It is recommended not to use the same verifier for different things, so you can get different
# verifiers passing the +verifier_name+ argument.
Make possibile to get different message verifiers
2013-11-21 20:42:10 -05:00
#
# ==== Parameters
#
Change the message verifier argument to verifier_name
2013-12-19 14:00:53 -05:00
# * +verifier_name+ - the name of the message verifier.
Make possibile to get different message verifiers
2013-11-21 20:42:10 -05:00
#
# ==== Examples
#
Change the message verifier argument to verifier_name
2013-12-19 14:00:53 -05:00
# message = Rails.application.message_verifier('sensitive_data').generate('my sensible data')
# Rails.application.message_verifier('sensitive_data').verify(message)
Add documentation and CHANGELOG entry to Application#verifier
2013-11-19 19:34:32 -05:00
# # => 'my sensible data'
#
No need to configure salts
2013-11-21 21:02:10 -05:00
# See the +ActiveSupport::MessageVerifier+ documentation for more information.
Change the message verifier argument to verifier_name
2013-12-19 14:00:53 -05:00
def message_verifier(verifier_name)
@message_verifiers[verifier_name] ||= begin
Make possible to use symbol as the verifier name
2013-12-19 14:04:07 -05:00
secret = key_generator.generate_key(verifier_name.to_s)
Add application verifier It is an application global verifier that can be used to generate and verify signed messages. See the documentation of ActiveSupport::MessageVerifier for more information.
2013-11-19 19:26:52 -05:00
ActiveSupport::MessageVerifier.new(secret)
end
end
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
# Convenience for loading config/foo.yml for the current Rails env.
#
Add mention to shared section in `config_for` docs [ci skip] 37913 added the possibility to deeply merge configurations by grouping them within a shared section. This powerful alternative was not reflected in any documentation, which made my team think it was not possible until I found out this feature after looking at the source code. This patch reflects this change in the documentation so that it is easier for other developers to know about this behavior.
2020-05-01 08:35:38 -04:00
# Examples:
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
#
# # config/exception_notification.yml:
# production:
# url: http://127.0.0.1:8080
# namespace: my_app_production
Add mention to shared section in `config_for` docs [ci skip] 37913 added the possibility to deeply merge configurations by grouping them within a shared section. This powerful alternative was not reflected in any documentation, which made my team think it was not possible until I found out this feature after looking at the source code. This patch reflects this change in the documentation so that it is easier for other developers to know about this behavior.
2020-05-01 08:35:38 -04:00
#
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
# development:
# url: http://localhost:3001
# namespace: my_app_development
#
Use correct path in documentation. s/config\/production/config\/environments\/production/ [ci skip]
2016-02-08 15:20:41 -05:00
# # config/environments/production.rb
Standardize on `Rails.application` [ci skip] This seems to be the style settled on in most of the templates.
2014-09-19 13:30:31 -04:00
# Rails.application.configure do
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
# config.middleware.use ExceptionNotifier, config_for(:exception_notification)
# end
Add mention to shared section in `config_for` docs [ci skip] 37913 added the possibility to deeply merge configurations by grouping them within a shared section. This powerful alternative was not reflected in any documentation, which made my team think it was not possible until I found out this feature after looking at the source code. This patch reflects this change in the documentation so that it is easier for other developers to know about this behavior.
2020-05-01 08:35:38 -04:00
#
# # You can also store configurations in a shared section which will be
# # merged with the environment configuration
#
# # config/example.yml
# shared:
# foo:
# bar:
# baz: 1
#
# development:
# foo:
# bar:
# qux: 2
#
# # development environment
# Rails.application.config_for(:example)[:foo][:bar]
# # => { baz: 1, qux: 2 }
rails/application: allow passing an env to config_for
2015-10-30 14:46:15 -04:00
def config_for(name, env: Rails.env)
Allow non-hash values in config files Fix: https://github.com/rails/rails/issues/37800
2019-12-02 05:52:54 -05:00
yaml = name.is_a?(Pathname) ? name : Pathname.new("#{paths["config"].existent.first}/#{name}.yml")
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
if yaml.exist?
require "erb"
Use deep_symbolize_keys instead of symbolize_names Fixes #40031 While removing deprecated non-symbol access to nested `config_for` hashes in #37876, we also broke `config_for` for anyone using the [safe_yaml] gem. The problem is that `safe_yaml` patches `YAML.load` in a way that doesn't honor the `symbolize_names` options (I believe this is on purpose, to prevent symbol-based DOS attacks). In the description of #37876 there is mention of the fact that this was the first place in Rails we used `symbolize_names`, and that `deep_symbolize_keys` had been used in the past. This commit switches over to `deep_symbolize_keys` to allow `config_for` to continue working for people using [safe_yaml]. [safe_yaml]: https://rubygems.org/gems/safe_yaml
2020-08-14 23:48:16 -04:00
all_configs = ActiveSupport::ConfigurationFile.parse(yaml).deep_symbolize_keys
Allow non-hash values in config files Fix: https://github.com/rails/rails/issues/37800
2019-12-02 05:52:54 -05:00
config, shared = all_configs[env.to_sym], all_configs[:shared]
refacto: config_for with ActiveSupport::InheritableOptions and symbolized keys
2018-09-11 17:47:41 -04:00
Allow non-hash values in config files Fix: https://github.com/rails/rails/issues/37800
2019-12-02 05:52:54 -05:00
if config.is_a?(Hash)
ActiveSupport::OrderedOptions.new.update(shared&.deep_merge(config) || config)
else
config || shared
chore: implement config_for as ActiveSupport::OrderedOptions
2018-10-19 08:37:06 -04:00
end
Add Rails::Application#config_for This is a convenience for loading configuration for the current Rails environment.
2014-07-10 15:40:07 -04:00
else
raise "Could not load configuration. No such file - #{yaml}"
end
end
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
# Stores some of the Rails initial environment parameters which
# will be used by middlewares and engines to configure themselves.
def env_config
Use @app_env_config instead of @env_config Check pull request #9789 for more information.
2013-03-18 23:00:39 -04:00
@app_env_config ||= begin
remove explicit curlies for hash argument Idiomatically trailing hashes in method calls do not use explicit curlies.
2016-04-11 12:20:59 -04:00
super.merge(
Warn config.derive_keys will be true by default in 4.1
2012-11-01 00:20:16 -04:00
"action_dispatch.parameter_filter" => config.filter_parameters,
Adding filter capability to ActionController logs
2012-09-30 18:00:44 -04:00
"action_dispatch.redirect_filter" => config.filter_redirect,
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
"action_dispatch.secret_key_base" => secret_key_base,
Warn config.derive_keys will be true by default in 4.1
2012-11-01 00:20:16 -04:00
"action_dispatch.show_exceptions" => config.action_dispatch.show_exceptions,
"action_dispatch.show_detailed_exceptions" => config.consider_all_requests_local,
"action_dispatch.logger" => Rails.logger,
"action_dispatch.backtrace_cleaner" => Rails.backtrace_cleaner,
Allow users to change the default salt if they want, shouldn't be necessary
2012-11-01 18:02:09 -04:00
"action_dispatch.key_generator" => key_generator,
"action_dispatch.http_auth_salt" => config.action_dispatch.http_auth_salt,
"action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
"action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
Allow session serializer key in config.session_store MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
2014-01-10 06:57:50 -05:00
"action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
AEAD encrypted cookies and sessions This commit changes encrypted cookies from AES in CBC HMAC mode to Authenticated Encryption using AES-GCM. It also provides a cookie jar to transparently upgrade encrypted cookies to this new scheme. Some other notable changes include: - There is a new application configuration value: +use_authenticated_cookie_encryption+. When enabled, AEAD encrypted cookies will be used. - +cookies.signed+ does not raise a +TypeError+ now if the name of an encrypted cookie is used. Encrypted cookies using the same key as signed cookies would be verified and serialization would then fail due the message still be encrypted.
2017-02-23 13:54:17 -05:00
"action_dispatch.authenticated_encrypted_cookie_salt" => config.action_dispatch.authenticated_encrypted_cookie_salt,
Add key rotation cookies middleware Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
2017-09-23 17:18:01 -04:00
"action_dispatch.use_authenticated_cookie_encryption" => config.action_dispatch.use_authenticated_cookie_encryption,
Add key rotation message Encryptor and Verifier Both classes now have a rotate method where new instances are added for each call. When decryption or verification fails the next rotation instance is tried.
2017-09-23 17:16:21 -04:00
"action_dispatch.encrypted_cookie_cipher" => config.action_dispatch.encrypted_cookie_cipher,
"action_dispatch.signed_cookie_digest" => config.action_dispatch.signed_cookie_digest,
Add config option for cookies digest You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
2014-08-12 15:57:51 -04:00
"action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer,
Add key rotation message Encryptor and Verifier Both classes now have a rotate method where new instances are added for each call. When decryption or verification fails the next rotation instance is tried.
2017-09-23 17:16:21 -04:00
"action_dispatch.cookies_digest" => config.action_dispatch.cookies_digest,
Add DSL for configuring Content-Security-Policy header https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
2017-11-15 16:07:28 -05:00
"action_dispatch.cookies_rotations" => config.action_dispatch.cookies_rotations,
Allow a proc to be used in addition to a static value for cookies_same_site_protection Add documentation of Proc usage for SameSite property to configuring.md Address PR comments Co-authored-by: Adrianna Chang <adrianna.chang@shopify.com>
2020-01-15 16:39:35 -05:00
"action_dispatch.cookies_same_site_protection" => coerce_same_site_protection(config.action_dispatch.cookies_same_site_protection),
Purpose Metadata For Signed And Encrypted Cookies Purpose metadata prevents cookie values from being copy-pasted and ensures that the cookie is used only for its originally intended purpose. The Purpose and Expiry metadata are embedded inside signed/encrypted cookies and will not be readable on previous versions of Rails. We can switch off purpose and expiry metadata embedded in signed and encrypted cookies using config.action_dispatch.use_cookies_with_metadata = false if you want your cookies to be readable on older versions of Rails.
2018-05-19 04:01:57 -04:00
"action_dispatch.use_cookies_with_metadata" => config.action_dispatch.use_cookies_with_metadata,
Add DSL for configuring Content-Security-Policy header https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
2017-11-15 16:07:28 -05:00
"action_dispatch.content_security_policy" => config.content_security_policy,
Add support for automatic nonce generation for Rails UJS Because the UJS library creates a script tag to process responses it normally requires the script-src attribute of the content security policy to include 'unsafe-inline'. To work around this we generate a per-request nonce value that is embedded in a meta tag in a similar fashion to how CSRF protection embeds its token in a meta tag. The UJS library can then read the nonce value and set it on the dynamically generated script tag to enable it to execute without needing 'unsafe-inline' enabled. Nonce generation isn't 100% safe - if your script tag is including user generated content in someway then it may be possible to exploit an XSS vulnerability which can take advantage of the nonce. It is however an improvement on a blanket permission for inline scripts. It is also possible to use the nonce within your own script tags by using `nonce: true` to set the nonce value on the tag, e.g <%= javascript_tag nonce: true do %> alert('Hello, World!'); <% end %> Fixes #31689.
2018-02-16 08:21:48 -05:00
"action_dispatch.content_security_policy_report_only" => config.content_security_policy_report_only,
Add the ability to set the CSP nonce only to the specified directives I changed to set CSP nonce to `style-src` directive in #32932. But this causes an issue when `unsafe-inline` is specified to `style-src` (If a nonce is present, a nonce takes precedence over `unsafe-inline`). So, I fixed to nonce directives configurable. By configure this, users can make CSP as before. Fixes #35137.
2019-02-02 21:33:44 -05:00
"action_dispatch.content_security_policy_nonce_generator" => config.content_security_policy_nonce_generator,
Adds support for configuring HTTP Feature Policy (#33439) A HTTP feature policy is Yet Another HTTP header for instructing the browser about which features the application intends to make use of and to lock down access to others. This is a new security mechanism that ensures that should an application become compromised or a third party attempts an unexpected action, the browser will override it and maintain the intended UX. WICG specification: https://wicg.github.io/feature-policy/ The end result is a HTTP header that looks like the following: ``` Feature-Policy: geolocation 'none'; autoplay https://example.com ``` This will prevent the browser from using geolocation and only allow autoplay on `https://example.com`. Full feature list can be found over in the WICG repository[1]. As of today Chrome and Safari have public support[2] for this functionality with Firefox working on support[3] and Edge still pending acceptance of the suggestion[4]. #### Examples Using an initializer ```rb # config/initializers/feature_policy.rb Rails.application.config.feature_policy do |f| f.geolocation :none f.camera :none f.payment "https://secure.example.com" f.fullscreen :self end ``` In a controller ```rb class SampleController < ApplicationController def index feature_policy do |f| f.geolocation "https://example.com" end end end ``` Some of you might realise that the HTTP feature policy looks pretty close to that of a Content Security Policy; and you're right. So much so that I used the Content Security Policy DSL from #31162 as the starting point for this change. This change *doesn't* introduce support for defining a feature policy on an iframe and this has been intentionally done to split the HTTP header and the HTML element (`iframe`) support. If this is successful, I'll look to add that on it's own. Full documentation on HTTP feature policies can be found at https://wicg.github.io/feature-policy/. Google have also published[5] a great in-depth write up of this functionality. [1]: https://github.com/WICG/feature-policy/blob/master/features.md [2]: https://www.chromestatus.com/feature/5694225681219584 [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 [4]: https://wpdev.uservoice.com/forums/257854-microsoft-edge-developer/suggestions/33507907-support-feature-policy [5]: https://developers.google.com/web/updates/2018/06/feature-policy
2019-07-10 18:33:16 -04:00
"action_dispatch.content_security_policy_nonce_directives" => config.content_security_policy_nonce_directives,
Rename HTTP Feature Policy to Permissions Policy HTTP Feature-Policy has been renamed to Permissions-Policy: * Original issue: https://github.com/w3c/webappsec-permissions-policy/issues/359 * PR: https://github.com/w3c/webappsec-permissions-policy/pull/379 * Doc: https://w3c.github.io/webappsec-permissions-policy/ Mozilla documentation has been updated on July 2020: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
2020-11-14 07:13:54 -05:00
"action_dispatch.permissions_policy" => config.permissions_policy,
remove explicit curlies for hash argument Idiomatically trailing hashes in method calls do not use explicit curlies.
2016-04-11 12:20:59 -04:00
)
Warn config.derive_keys will be true by default in 4.1
2012-11-01 00:20:16 -04:00
end
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
end
Capitalize Rake [ci skip]
2016-12-19 21:06:12 -05:00
# If you try to define a set of Rake tasks on the instance, these will get
# passed up to the Rake tasks defined on the application's class.
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
def rake_tasks(&block)
self.class.rake_tasks(&block)
end
# Sends the initializers to the +initializer+ method defined in the
# Rails::Initializable module. Each Rails::Application class has its own
# set of initializers, as defined by the Initializable module.
Add more rubocop rules about whitespaces
2016-10-28 23:05:58 -04:00
def initializer(name, opts = {}, &block)
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
self.class.initializer(name, opts, &block)
end
# Sends any runner called in the instance of a new application up
# to the +runner+ method defined in Rails::Railtie.
def runner(&blk)
self.class.runner(&blk)
end
Make console and generators blocks works at Application instance level Like rake tasks and runner blocks these blocks should also being shared between applications since they are stored at the classes. Fixes #14748
2014-04-14 17:56:59 -04:00
# Sends any console called in the instance of a new application up
# to the +console+ method defined in Rails::Railtie.
def console(&blk)
self.class.console(&blk)
end
# Sends any generators called in the instance of a new application up
# to the +generators+ method defined in Rails::Railtie.
def generators(&blk)
self.class.generators(&blk)
end
Allow a new `server` Railtie block: - This is similar to other railties blocks (such as `console`, `tasks` ...). The goal of this block is to allow the application or a railtie to load code after the server start. The use case can be to fire the webpack or react server in development or start some job worker like sidekiq or resque. Right now, all these tasks needs to be done in a separate shell and gem maintainer needs to add documentation on how to run their libraries if another program needs to run next to the Rails server. This feature can be used like this: ```ruby class SuperRailtie < Rails::Railtie server do WebpackServer.run end end ```
2020-07-30 08:15:18 -04:00
# Sends any server called in the instance of a new application up
# to the +server+ method defined in Rails::Railtie.
def server(&blk)
self.class.server(&blk)
end
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
# Sends the +isolate_namespace+ method up to the class method.
def isolate_namespace(mod)
self.class.isolate_namespace(mod)
end
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
## Rails internal API
Improve documentation for add_lib_to_load_paths!
2010-06-20 07:03:08 -04:00
# This method is called just after an application inherits from Rails::Application,
# allowing the developer to load classes in lib and use them during application
# configuration.
#
# class MyApplication < Rails::Application
# require "my_backend" # in lib/my_backend
# config.i18n.backend = MyBackend
# end
#
# Notice this method takes into consideration the default root path. So if you
# are changing config.root inside your application definition or having a custom
# Rails application, you will need to add lib to $LOAD_PATH on your own in case
# you need to load files in lib/ during the application configuration as well.
add lib to $LOAD_PATH on application inhertence. fixes #17106
2014-11-04 17:54:52 -05:00
def self.add_lib_to_load_path!(root) #:nodoc:
applies new string literal convention in railties/lib The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 13:15:47 -04:00
path = File.join root, "lib"
clean up some warnings on trunk ruby
2013-10-31 14:47:51 -04:00
if File.exist?(path) && !$LOAD_PATH.include?(path)
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
$LOAD_PATH.unshift(path)
end
Add lib to load paths when application is inherited to be able to load lib code during configuration.
2010-06-01 18:42:20 -04:00
end
Improve documentation for add_lib_to_load_paths!
2010-06-20 07:03:08 -04:00
def require_environment! #:nodoc:
Provide a cleaner syntax for paths configuration that does not rely on method_missing.
2010-10-06 11:18:59 -04:00
environment = paths["config/environment"].existent.first
Extract Railtie load from application.
2010-01-23 10:59:32 -05:00
require environment if environment
Replace reopening the class with App.configure as an alias to class_eval
2009-12-21 19:35:54 -05:00
end
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
def routes_reloader #:nodoc:
Revert "Use `app.config.file_watcher` for watcher in `RoutesReloader`" This reverts commit 28e44f472d1cd6853726f85eeb7623e5901c4d37. A limitation of Listen is that it currently only supports watching directories. Therefore, watching `config/routes.rb` will end up watching the entire `config` directory if we use the evented file watcher. This causes problems especially if symlinks are present in the `config` directory.
2019-12-06 01:57:08 -05:00
@routes_reloader ||= RoutesReloader.new
Extract routes reloading responsibilities from application and load them just upon a request.
2010-01-23 09:05:13 -05:00
end
Move route reloading into railties
2009-12-14 18:54:41 -05:00
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
# Returns an array of file paths appended with a hash of
# directories-extensions suitable for ActiveSupport::FileUpdateChecker
# API.
def watchable_args #:nodoc:
Refactored watchable_args and build_original_fullpath methods in railties/lib/rails/application.rb
2012-01-14 21:34:51 -05:00
files, dirs = config.watchable_files.dup, config.watchable_dirs.dup
Speed up development by only reloading classes if dependencies files changed. This can be turned off by setting `config.reload_classes_only_on_change` to false. Extensions like Active Record should add their respective files like db/schema.rb and db/structure.sql to `config.watchable_files` if they want their changes to affect classes reloading. Thanks to https://github.com/paneq/active_reload and Pastorino for the inspiration. <3
2011-12-12 16:51:33 -05:00
ActiveSupport::Dependencies.autoload_paths.each do |path|
Correctly classify the files and directories that pass to watcher Currently, autoload paths pass to the watcher as directories. If using evented watcher, this possibly pass as it is to `Listen`. But autoload paths include files and `Listen` raise an error when was passed file. So, it is necessary to classify files and directories correctly. Fixes #37011.
2019-09-01 02:52:31 -04:00
File.file?(path) ? files << path.to_s : dirs[path.to_s] = [:rb]
Speed up development by only reloading classes if dependencies files changed. This can be turned off by setting `config.reload_classes_only_on_change` to false. Extensions like Active Record should add their respective files like db/schema.rb and db/structure.sql to `config.watchable_files` if they want their changes to affect classes reloading. Thanks to https://github.com/paneq/active_reload and Pastorino for the inspiration. <3
2011-12-12 16:51:33 -05:00
end
FileUpdateChecker should be able to handle deleted files.
2011-12-13 05:23:21 -05:00
[files, dirs]
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
end
# Initialize the application passing the given group. By default, the
`initialize_on_precompile` is not used anymore.
2013-06-04 04:52:54 -04:00
# group is :default
Add more rubocop rules about whitespaces
2016-10-28 23:05:58 -04:00
def initialize!(group = :default) #:nodoc:
Ensure that Rails.application.initialize! is called only once
2010-07-22 06:07:45 -04:00
raise "Application has been already initialized." if @initialized
`rake assets:precompile` loads the application but does not initialize it. To the app developer, this means configuration add in config/initializers/* will not be executed. Plugins developers need to special case their initializers that are meant to be run in the assets group by adding :group => :assets. Conflicts: railties/CHANGELOG railties/test/application/assets_test.rb
2011-09-23 19:56:49 -04:00
run_initializers(group, self)
Ensure that Rails.application.initialize! is called only once
2010-07-22 06:07:45 -04:00
@initialized = true
Extract routes reloading responsibilities from application and load them just upon a request.
2010-01-23 09:05:13 -05:00
self
Move route reloading into railties
2009-12-14 18:54:41 -05:00
end
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
def initializers #:nodoc:
Makes this code a bit more clear
2010-10-08 10:58:24 -04:00
Bootstrap.initializers_for(self) +
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
railties_initializers(super) +
Makes this code a bit more clear
2010-10-08 10:58:24 -04:00
Finisher.initializers_for(self)
Get rid of initializers global and create i18n railtie.
2010-01-22 19:29:29 -05:00
end
Create configurable modules and ensure that they are added only on direct children.
2010-01-23 12:41:53 -05:00
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
def config #:nodoc:
add lib to $LOAD_PATH on application inhertence. fixes #17106
2014-11-04 17:54:52 -05:00
@config ||= Application::Configuration.new(self.class.find_root(self.class.called_from))
Move singleton pattern to Railtie and remove Engine::Configurable and Application::Configurable in favor of unified Railtie::Configurable
2010-07-19 11:53:14 -04:00
end
Turn on performance based cops Use attr_reader/attr_writer instead of methods method is 12% slower Use flat_map over map.flatten(1) flatten is 66% slower Use hash[]= instead of hash.merge! with single arguments merge! is 166% slower See https://github.com/rails/rails/pull/32337 for more conversation
2018-03-29 22:29:55 -04:00
attr_writer :config
Allowing multiple rails applications in the same ruby instance. This change provides the ability to create a new application with a configuration which can be specified.
2013-04-04 21:25:31 -04:00
Rails::Application#secrets should be documented.
2014-12-23 11:32:31 -05:00
def secrets
Load secret_key_base from tokens.yml, fallback to config.secret_key_base
2013-12-10 10:04:07 -05:00
@secrets ||= begin
secrets = ActiveSupport::OrderedOptions.new
Use the config value directly when call `secrets` Currently, `read_encrypted_secrets` is set with initializer. Therefore if refer to `secrets` in config, `read_encrypted_secrets` is false, so can not get the value of `secrets.yml.enc`. In order to be able to refer to secrets in config, modified to refer to `config.read_encrypted_secrets` when calling `secrets`. Fixes #28618.
2017-04-01 00:22:25 -04:00
files = config.paths["config/secrets"].existent
files = files.reject { |path| path.end_with?(".enc") } unless config.read_encrypted_secrets
secrets.merge! Rails::Secrets.parse(files, env: Rails.env)
Load secret_key_base from tokens.yml, fallback to config.secret_key_base
2013-12-10 10:04:07 -05:00
# Fallback to config.secret_key_base if secrets.secret_key_base isn't set
secrets.secret_key_base ||= config.secret_key_base
Deprecate secret_token, long since usurped by secret_key_base. See the changelog entry. Remove `secrets.secret_token` from the bug report templates, since we don't accept bug reports for Rails versions that don't support a `secret_key_base`. [ claudiob & Kasper Timm Hansen ]
2017-09-28 14:04:46 -04:00
Load secret_key_base from tokens.yml, fallback to config.secret_key_base
2013-12-10 10:04:07 -05:00
secrets
end
end
Add attr_writer for credentials to Rails::Application
2020-08-26 13:30:29 -04:00
attr_writer :secrets, :credentials
Load secret_key_base from tokens.yml, fallback to config.secret_key_base
2013-12-10 10:04:07 -05:00
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
# The secret_key_base is used as the input secret to the application's key generator, which in turn
[ci skip] Prefer credentials to secrets in docs. Removes most mentions of secrets.secret_key_base and explains credentials instead. Also removes some very stale upgrade notices about Rails 3/4.
2017-09-13 15:26:45 -04:00
# is used to create all MessageVerifiers/MessageEncryptors, including the ones that sign and encrypt cookies.
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
#
Update comment for how secret key is calculated This updates the comment to reflect how the secret key is generated since 4c743587ad6a31908503ab317e37d70361d49e66 Fixes #35717
2019-03-22 20:53:55 -04:00
# In development and test, this is randomly generated and stored in a
# temporary file in <tt>tmp/development_secret.txt</tt>.
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
#
# In all other environments, we look for it first in ENV["SECRET_KEY_BASE"],
[ci skip] Prefer credentials to secrets in docs. Removes most mentions of secrets.secret_key_base and explains credentials instead. Also removes some very stale upgrade notices about Rails 3/4.
2017-09-13 15:26:45 -04:00
# then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications,
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
# the correct place to store it is in the encrypted credentials file.
def secret_key_base
Fix possible dev mode RCE If the secret_key_base is nil in dev or test generate a key from random bytes and store it in a tmp file. This prevents the app developers from having to share / checkin the secret key for dev / test but also maintains a key between app restarts in dev/test. [CVE-2019-5420] Co-Authored-By: eileencodes <eileencodes@gmail.com> Co-Authored-By: John Hawthorn <john@hawthorn.email>
2019-03-10 19:37:46 -04:00
if Rails.env.development? || Rails.env.test?
secrets.secret_key_base ||= generate_development_secret
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
else
Use parentheses for multi-line method calls Own style guide says we should be using parentheses for method calls with arguments.
2017-11-25 14:10:34 -05:00
validate_secret_key_base(
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base
Use parentheses for multi-line method calls Own style guide says we should be using parentheses for method calls with arguments.
2017-11-25 14:10:34 -05:00
)
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
end
end
Fix formatting of `credentials` and `encrypted` [ci skip]
2017-11-19 00:42:45 -05:00
# Decrypts the credentials hash as kept in +config/credentials.yml.enc+. This file is encrypted with
# the Rails master key, which is either taken from <tt>ENV["RAILS_MASTER_KEY"]</tt> or from loading
# +config/master.key+.
Support environment specific credentials file. (#33521) For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
2018-09-19 17:02:00 -04:00
# If specific credentials file exists for current environment, it takes precedence, thus for +production+
# environment look first for +config/credentials/production.yml.enc+ with master key taken
Fixed to RAILS_MASTER_KEY as a default env key for decrypting. Fixes mistake left in https://github.com/rails/rails/pull/33521/files#diff-2a29095afcfe2c683b82a779a94c2208R59 and misunderstanding in https://github.com/rails/rails/commit/d69b04de0ff33237209afea6f6cac3ab27934908
2018-09-20 06:23:47 -04:00
# from <tt>ENV["RAILS_MASTER_KEY"]</tt> or from loading +config/credentials/production.key+.
Support environment specific credentials file. (#33521) For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
2018-09-19 17:02:00 -04:00
# Default behavior can be overwritten by setting +config.credentials.content_path+ and +config.credentials.key_path+.
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
def credentials
Support environment specific credentials file. (#33521) For `production` environment look first for `config/credentials/production.yml.enc` file that can be decrypted by `ENV["RAILS_MASTER_KEY"]` or `config/credentials/production.key` master key. Edit given environment credentials file by command `rails credentials:edit --environment production`. Default behavior can be overwritten by setting `config.credentials.content_path` and `config.credentials.key_path`.
2018-09-19 17:02:00 -04:00
@credentials ||= encrypted(config.credentials.content_path, key_path: config.credentials.key_path)
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
end
# Shorthand to decrypt any encrypted configurations or files.
#
Recommend use of rails over bin/rails As discussed in #33203 rails command already looks for, and runs, bin/rails if it is present. We were mixing recommendations within guides and USAGE guidelines, in some files we recommended using rails, in others bin/rails and in some cases we even had both options mixed together.
2018-06-26 16:02:51 -04:00
# For any file added with <tt>rails encrypted:edit</tt> call +read+ to decrypt
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
# the file with the master key.
Fix formatting of `credentials` and `encrypted` [ci skip]
2017-11-19 00:42:45 -05:00
# The master key is either stored in +config/master.key+ or <tt>ENV["RAILS_MASTER_KEY"]</tt>.
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
#
Fixed example of `Rails.application.encrypted` method usage [ci skip]
2017-11-16 03:52:51 -05:00
# Rails.application.encrypted("config/mystery_man.txt.enc").read
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
# # => "We've met before, haven't we?"
#
Fix formatting of `credentials` and `encrypted` [ci skip]
2017-11-19 00:42:45 -05:00
# It's also possible to interpret encrypted YAML files with +config+.
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
#
# Rails.application.encrypted("config/credentials.yml.enc").config
# # => { next_guys_line: "I don't think so. Where was it you think we met?" }
#
# Any top-level configs are also accessible directly on the return value:
#
# Rails.application.encrypted("config/credentials.yml.enc").next_guys_line
# # => "I don't think so. Where was it you think we met?"
#
# The files or configs can also be encrypted with a custom key. To decrypt with
Fix formatting of `credentials` and `encrypted` [ci skip]
2017-11-19 00:42:45 -05:00
# a key in the +ENV+, use:
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
#
# Rails.application.encrypted("config/special_tokens.yml.enc", env_key: "SPECIAL_TOKENS")
#
Fix formatting of `credentials` and `encrypted` [ci skip]
2017-11-19 00:42:45 -05:00
# Or to decrypt with a file, that should be version control ignored, relative to +Rails.root+:
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
#
# Rails.application.encrypted("config/special_tokens.yml.enc", key_path: "config/special_tokens.key")
def encrypted(path, key_path: "config/master.key", env_key: "RAILS_MASTER_KEY")
Use parentheses for multi-line method calls Own style guide says we should be using parentheses for method calls with arguments.
2017-11-25 14:10:34 -05:00
ActiveSupport::EncryptedConfiguration.new(
Add CLI to manage encrypted files/configs. To edit/show encrypted file: ``` bin/rails encrypted:edit config/staging_tokens.yml.enc bin/rails encrypted:edit config/staging_tokens.yml.enc --key config/staging.key bin/rails encrypted:show config/staging_tokens.yml.enc ``` Also provides a backing Rails.application.encrypted API for Ruby access: ```ruby Rails.application.encrypted("config/staging_tokens.yml.enc").read Rails.application.encrypted("config/staging_tokens.yml.enc").config Rails.application.encrypted("config/staging_tokens.yml.enc", key: "config/staging.key") ```
2017-11-14 05:44:23 -05:00
config_path: Rails.root.join(path),
key_path: Rails.root.join(key_path),
Raise an error only when `require_master_key` is specified To prevent errors from being raise in environments where credentials is unnecessary. Context: https://github.com/rails/rails/issues/31283#issuecomment-348801489 Fixes #31283
2017-12-05 07:41:19 -05:00
env_key: env_key,
raise_if_missing_key: config.require_master_key
Use parentheses for multi-line method calls Own style guide says we should be using parentheses for method calls with arguments.
2017-11-25 14:10:34 -05:00
)
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
end
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
def to_app #:nodoc:
Fixing Rails::Server#app under Rack::URLMap
2011-06-06 16:56:41 -04:00
self
end
Improve docs for Rails::Application and add routes_reloader_hook and app_reloader_hooks.
2011-12-12 09:18:19 -05:00
def helpers_paths #:nodoc:
Rely on a public contract between railties instead of accessing railtie methods directly.
2011-11-23 14:06:45 -05:00
config.helpers_paths
end
Ensure we supply Kernel#y for 1.9 too In 1.9, it doesn't live in its own file, so we'll have to define it ourselves. Check RUBY_VERSION, instead of rescuing the require, because we want this to break if `psych/y` moves in a future Ruby release.
2014-04-04 08:05:29 -04:00
console do
unless ::Kernel.private_method_defined?(:y)
Remove Psych hack for Ruby 1.9 A special `if` statement to support `Psych` for Ruby < 2.0 can be dropped now that Rails requires Ruby >= 2.0.
2014-11-28 21:38:08 -05:00
require "psych/y"
Ensure we supply Kernel#y for 1.9 too In 1.9, it doesn't live in its own file, so we'll have to define it ourselves. Check RUBY_VERSION, instead of rescuing the require, because we want this to break if `psych/y` moves in a future Ruby release.
2014-04-04 08:05:29 -04:00
end
end
Dont mess with default order engines load When copying migrations some engines might depend on schema from other engine so we can't blindly reverse all railties collection as that would affect the order they were originally loaded. This patch helps to only apply the order from engines specified in `railties_order`
2014-08-30 18:39:38 -04:00
# Return an array of railties respecting the order they're loaded
# and the order specified by the +railties_order+ config.
#
Some documentation edits [ci skip] * Fix a few typos * Wrap some lines around 80 chars * Rephrase some statements
2015-03-05 08:17:01 -05:00
# While running initializers we need engines in reverse order here when
# copying migrations from railties ; we need them in the order given by
# +railties_order+.
rake railties:install:migrations respects the order of railties This PR fixes #8930 and some stuff from #8985
2014-05-23 08:34:05 -04:00
def migration_railties # :nodoc:
Dont mess with default order engines load When copying migrations some engines might depend on schema from other engine so we can't blindly reverse all railties collection as that would affect the order they were originally loaded. This patch helps to only apply the order from engines specified in `railties_order`
2014-08-30 18:39:38 -04:00
ordered_railties.flatten - [self]
rake railties:install:migrations respects the order of railties This PR fixes #8930 and some stuff from #8985
2014-05-23 08:34:05 -04:00
end
restores the ability to manually eager load applications The main interface to eager loading is config.eager_load. The logic that implies happens during the boot process. With the introduction of Zeitwerk, application code is loaded in the finisher as everything else, but in previous versions of Rails users could eager load the application code regardless of config.eager_load. Use cases: * Some gems like indexers need to have everything in memory and would be a bad user experience to ask users to conditionally set the eager load flag. * Some tests may need to have everything in memory and would be a bad experience to have the flag enabled globally in the test environment. I personally feel that the contract between this method and the entire eager loading process is ill-defined. I believe this method is essentially internal. The purpose of this patch is simply to restore this functionality emulating what it did before because rethinking the design of this interface may need time.
2020-01-07 09:13:02 -05:00
# Eager loads the application code.
def eager_load!
if Rails.autoloaders.zeitwerk_enabled?
Rails.autoloaders.each(&:eager_load)
else
super
end
end
Booya, sprockets now works from Engines.
2011-04-15 12:42:51 -04:00
protected
alias :build_middleware_stack :app
Move sprockets initializers back to application
2011-03-29 22:16:44 -04:00
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
def run_tasks_blocks(app) #:nodoc:
railties.each { |r| r.run_tasks_blocks(app) }
super
Load Rails tasks for each new Rake::Application Follow-up to #40143. Rails Rake tasks are loaded for each new `Rake::Application` instance via `Rails.application.load_tasks`. However, under the hood, `Rails.application.load_tasks` used `require` instead of `load`, which caused Rails tasks to be loaded for only the first `Rake::Application` instance. This commit changes the relevant `require` to `load`. Fixes #40184.
2020-09-06 15:40:14 -04:00
load "rails/tasks.rb"
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
task :environment do
[Railties] Add config rake_eager_load
2017-02-27 16:55:30 -05:00
ActiveSupport.on_load(:before_initialize) { config.eager_load = config.rake_eager_load }
#11381: Ignore config.eager_load=true for rake Closes #11381
2013-07-09 16:36:50 -04:00
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
require_environment!
end
end
def run_generators_blocks(app) #:nodoc:
railties.each { |r| r.run_generators_blocks(app) }
super
end
def run_runner_blocks(app) #:nodoc:
railties.each { |r| r.run_runner_blocks(app) }
super
end
def run_console_blocks(app) #:nodoc:
railties.each { |r| r.run_console_blocks(app) }
super
end
Allow a new `server` Railtie block: - This is similar to other railties blocks (such as `console`, `tasks` ...). The goal of this block is to allow the application or a railtie to load code after the server start. The use case can be to fire the webpack or react server in development or start some job worker like sidekiq or resque. Right now, all these tasks needs to be done in a separate shell and gem maintainer needs to add documentation on how to run their libraries if another program needs to run next to the Rails server. This feature can be used like this: ```ruby class SuperRailtie < Rails::Railtie server do WebpackServer.run end end ```
2020-07-30 08:15:18 -04:00
def run_server_blocks(app) #:nodoc:
railties.each { |r| r.run_server_blocks(app) }
super
end
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
# Returns the ordered railties for this application considering railties_order.
def ordered_railties #:nodoc:
@ordered_railties ||= begin
order = config.railties_order.map do |railtie|
if railtie == :main_app
self
elsif railtie.respond_to?(:instance)
railtie.instance
else
railtie
end
end
all = (railties - order)
all.push(self) unless (all + order).include?(self)
order.push(:all) unless order.include?(:all)
index = order.index(:all)
order[index] = all
Dont mess with default order engines load When copying migrations some engines might depend on schema from other engine so we can't blindly reverse all railties collection as that would affect the order they were originally loaded. This patch helps to only apply the order from engines specified in `railties_order`
2014-08-30 18:39:38 -04:00
order
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
end
end
def railties_initializers(current) #:nodoc:
initializers = []
Dont mess with default order engines load When copying migrations some engines might depend on schema from other engine so we can't blindly reverse all railties collection as that would affect the order they were originally loaded. This patch helps to only apply the order from engines specified in `railties_order`
2014-08-30 18:39:38 -04:00
ordered_railties.reverse.flatten.each do |r|
Remove unused responsibilities and add a few load definitions to engines Since plugins were removed, we can clean up a few methods in engines. We also use this opportunity to move `load_console`, `load_tasks` and `load_runner` to Rails::Engine. This means that, if someone wants to improve script/rails for engines to support console or runner commands, part of the work is already done.
2012-06-29 10:50:51 -04:00
if r == self
initializers += current
else
initializers += r.initializers
end
end
initializers
end
Remove unnecessary Railties structure now that plugins are gone
2012-06-29 09:25:47 -04:00
def default_middleware_stack #:nodoc:
Creating a class to build the default middleware stack. A lot of logic for building the default middleware stack is currently kept in Application class, but this can be encapsulated and made more modular by being moved to its own class. Also refactored a couple of the helper methods.
2013-06-15 22:22:15 -04:00
default_stack = DefaultMiddlewareStack.new(self, config, paths)
default_stack.build_stack
Bring config.allow_concurrency back Since the Rack::Lock still exists in development, let's provide a way to disable it explicitly.
2013-03-03 15:20:44 -05:00
end
Add credentials using a generic EncryptedConfiguration class (#30067) * WIP: Add credentials using a generic EncryptedConfiguration class This is sketch code so far. * Flesh out EncryptedConfiguration and test it * Better name * Add command and generator for credentials * Use the Pathnames * Extract EncryptedFile from EncryptedConfiguration and add serializers * Test EncryptedFile * Extract serializer validation * Stress the point about losing comments * Allow encrypted configuration to be read without parsing for display * Use credentials by default and base them on the master key * Derive secret_key_base in test/dev, source it from credentials in other envs And document the usage. * Document the new credentials setup * Stop generating the secrets.yml file now that we have credentials * Document what we should have instead Still need to make it happen, tho. * [ci skip] Keep wording to `key base`; prefer defaults. Usually we say we change defaults, not "spec" out a release. Can't use backticks in our sdoc generated documentation either. * Abstract away OpenSSL; prefer MessageEncryptor. * Spare needless new when raising. * Encrypted file test shouldn't depend on subclass. * [ci skip] Some woordings. * Ditch serializer future coding. * I said flip it. Flip it good. * [ci skip] Move require_master_key to the real production.rb. * Add require_master_key to abort the boot process. In case the master key is required in a certain environment we should inspect that the key is there and abort if it isn't. * Print missing key message and exit immediately. Spares us a lengthy backtrace and prevents further execution. I've verified the behavior in a test app, but couldn't figure the test out as loading the app just exits immediately with: ``` /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `load': marshal data too short (ArgumentError) from /Users/kasperhansen/Documents/code/rails/activesupport/lib/active_support/testing/isolation.rb:23:in `run' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest.rb:830:in `run_one_method' from /Users/kasperhansen/.rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/minitest-5.10.2/lib/minitest/parallel.rb:32:in `block (2 levels) in start' ``` It's likely we need to capture and prevent the exit somehow. Kernel.stub(:exit) didn't work. Leaving it for tomorrow. * Fix require_master_key config test. Loading the app would trigger the `exit 1` per require_master_key's semantics, which then aborted the test. Fork and wait for the child process to finish, then inspect the exit status. Also check we aborted because of a missing master key, so something else didn't just abort the boot. Much <3 to @tenderlove for the tip. * Support reading/writing configs via methods. * Skip needless deep symbolizing. * Remove save; test config reader elsewhere. * Move secret_key_base check to when we're reading it. Otherwise we'll abort too soon since we don't assign the secret_key_base to secrets anymore. * Add missing string literal comments; require unneeded yaml require. * ya ya ya, rubocop. * Add master_key/credentials after bundle. Then we can reuse the existing message on `rails new bc4`. It'll look like: ``` Using web-console 3.5.1 from https://github.com/rails/web-console.git (at master@ce985eb) Using rails 5.2.0.alpha from source at `/Users/kasperhansen/Documents/code/rails` Using sass-rails 5.0.6 Bundle complete! 16 Gemfile dependencies, 72 gems now installed. Use `bundle info [gemname]` to see where a bundled gem is installed. Adding config/master.key to store the master encryption key: 97070158c44b4675b876373a6bc9d5a0 Save this in a password manager your team can access. If you lose the key, no one, including you, can access anything encrypted with it. create config/master.key ``` And that'll be executed even if `--skip-bundle` was passed. * Ensure test app has secret_key_base. * Assign secret_key_base to app or omit. * Merge noise * Split options for dynamic delegation into its own method and use deep symbols to make it work * Update error to point to credentials instead * Appease Rubocop * Validate secret_key_base when reading it. Instead of relying on the validation in key_generator move that into secret_key_base itself. * Fix generator and secrets test. Manually add config.read_encrypted_secrets since it's not there by default anymore. Move mentions of config/secrets.yml to config/credentials.yml.enc. * Remove files I have no idea how they got here. * [ci skip] swap secrets for credentials. * [ci skip] And now, changelogs are coming.
2017-09-11 14:21:20 -04:00
def validate_secret_key_base(secret_key_base)
if secret_key_base.is_a?(String) && secret_key_base.present?
secret_key_base
elsif secret_key_base
raise ArgumentError, "`secret_key_base` for #{Rails.env} environment must be a type of String`"
Remove deprecated `config.secret_token`
2019-01-16 16:17:52 -05:00
else
remove reference to global rails command and replace with bin/rails
2019-01-22 03:53:47 -05:00
raise ArgumentError, "Missing `secret_key_base` for '#{Rails.env}' environment, set this string with `bin/rails credentials:edit`"
Removing a repetitive comment and removing a deprecation warning. The comment on the +env_config+ method is repetitive, likely to get outdated, and provides no useful information which cannot be gleamed from the code. I'm therefore removing it. I'm also refactoring the check for the presence of a secret_token in the configuration.
2013-06-18 00:22:52 -04:00
end
end
Engines get different middleware than apps We shouldn't merge the app middleware in to the config middleware for engines.
2015-09-29 16:35:13 -04:00
private
Fix possible dev mode RCE If the secret_key_base is nil in dev or test generate a key from random bytes and store it in a tmp file. This prevents the app developers from having to share / checkin the secret key for dev / test but also maintains a key between app restarts in dev/test. [CVE-2019-5420] Co-Authored-By: eileencodes <eileencodes@gmail.com> Co-Authored-By: John Hawthorn <john@hawthorn.email>
2019-03-10 19:37:46 -04:00
def generate_development_secret
if secrets.secret_key_base.nil?
key_file = Rails.root.join("tmp/development_secret.txt")
if !File.exist?(key_file)
random_key = SecureRandom.hex(64)
Make application work without tmp directory The tmp directory is added to version control in the newly created application. This was added in Rails 5.0.0(https://github.com/rails/rails/commit/f06ce4c12a396795a3b2c1812951d9277bcb3a82). However, applications created before that are not guaranteed to have the tmp directory. If the tmp directory does not exist, writing to the key file raise error. This is a bit incompatible. So I fixed that create the directory before writing a key.
2019-03-14 02:39:23 -04:00
FileUtils.mkdir_p(key_file.dirname)
Fix possible dev mode RCE If the secret_key_base is nil in dev or test generate a key from random bytes and store it in a tmp file. This prevents the app developers from having to share / checkin the secret key for dev / test but also maintains a key between app restarts in dev/test. [CVE-2019-5420] Co-Authored-By: eileencodes <eileencodes@gmail.com> Co-Authored-By: John Hawthorn <john@hawthorn.email>
2019-03-10 19:37:46 -04:00
File.binwrite(key_file, random_key)
end
secrets.secret_key_base = File.binread(key_file)
end
secrets.secret_key_base
end
normalizes indentation and whitespace across the project
2016-08-06 13:55:02 -04:00
def build_request(env)
req = super
env["ORIGINAL_FULLPATH"] = req.fullpath
env["ORIGINAL_SCRIPT_NAME"] = req.script_name
req
end
only construct one request in an engine
2015-09-30 14:23:00 -04:00
normalizes indentation and whitespace across the project
2016-08-06 13:55:02 -04:00
def build_middleware
config.app_middleware + super
end
Allow a proc to be used in addition to a static value for cookies_same_site_protection Add documentation of Proc usage for SameSite property to configuring.md Address PR comments Co-authored-by: Adrianna Chang <adrianna.chang@shopify.com>
2020-01-15 16:39:35 -05:00
def coerce_same_site_protection(protection)
protection.respond_to?(:call) ? protection : proc { protection }
end
Restore "Start Rails::Application object This reverts commit f14ad4145622f45e9bf7433b5fdef4ce427efe4b.
2009-09-25 22:32:28 -04:00
end
Logs should show overridden method; Issue 426
2011-05-07 04:19:01 -04:00
end
Copy permalink