Fix: #35204.
This PR added validation to `automatic_inverse_of` that foreign_keys are the same.
If class has multiple `belongs_to` to same class, `automatic_inverse_of` can find the wrong `inverse_name`.
```ruby
class Room < ActiveRecord::Base
belongs_to :user
belongs_to :owner, class_name: "User"
end
class User < ActiveRecord::Base
has_one :room
has_one :owned_room, class_name: "Room", foreign_key: "owner_id"
end
user = User.create!
owned_room = Room.create!(owner: user)
p user.room
```
The current `automatic_inverse_of` validates the `reflection` that found from associations.
However, its validation does not validate that foreign keys are the same.
so this issue can be fixed by adding a validation of foreign keys.
Co-authored-by: alpaca-tc <alpaca-tc@alpaca.tc>
Co-authored-by: cat2koban <taba.noritomo@moneyforward.co.jp>
Co-authored-by: luccafort <konishi.tatsuro@moneyforward.co.jp>
The minimum token length is set to 24 due to security constraints. We
can now specify a longer length through the length: parameter. This is
especially useful for cases when your data storage is case-insensitive
and you want to increase your entropy.
The idea of `class_name` as an option of reflection is that passing a
string would allow us to lazy autoload the class.
Using `belongs_to :client, class_name: Customer` is eagerloading models more than necessary
and creating possible circular dependencies.
This reverts commit 224eddfc0e, reversing
changes made to 9d681fc74c.
When merging the pull request, I misunderstood `has_secure_token` as declaring a model
has a token from birth and through the rest of its lifetime.
Therefore, supporting conditional creation doesn't make sense. You should never mark a
model as having a secure token if there's a time when it shouldn't have it on creation.
