Merge branch 'master' into adequaterecord

* master: (28 commits)
  move AR length validation tests into separate test-case.
  No need for trailing slash on migration path.
  reset `@arel` when modifying a Relation in place.
  PostgreSQL Timestamps always map to `:datetime`.
  [ci skip] Improve formatting and yml
  Fix a typo in the doc of forty_two AR FinderMethod
  Improve readability of contributing to rails guide. [ci skip]
  Precompile the image we're referencing, too.
  `ActiveRecord::Base.no_touching` no longer triggers callbacks or start empty transactions.
  Fixed an issue with migrating legacy json cookies.
  Correct comment [ci skip]
  Perfer to define methods instead of calling test
  Fix syntax error
  Add CHANGELOG entry for #14757 [ci skip]
  Fix run-on sentences and improve grammar [skip ci]
  Add test for using ActionView::Helpers::FormHelper.label with block and html
  select! renamed to avoid name collision Array#select!
  Rearrange deck chairs on the titanic. Organize connection handling test cases.
  Change favicon_link_tag helper mimetype from image/vnd.microsoft.icon to image/x-icon.
  ActionController::Renderers documentation fix
  ...

actionmailer/lib/action_mailer/base.rb

@@ -154,7 +154,7 @@ module ActionMailer
   # * signup_notification.text.erb
   # * signup_notification.html.erb
   # * signup_notification.xml.builder
-  # * signup_notification.yaml.erb
+  # * signup_notification.yml.erb
   #
   # Each would be rendered and added as a separate part to the message, with the corresponding content
   # type. The content type for the entire message is automatically set to <tt>multipart/alternative</tt>,
@@ -325,7 +325,7 @@ module ActionMailer
   # directory can be configured using the <tt>preview_path</tt> option which has a default
   # of <tt>test/mailers/previews</tt>:
   #
-  #     config.action_mailer.preview_path = "#{Rails.root}/lib/mailer_previews"
+  #   config.action_mailer.preview_path = "#{Rails.root}/lib/mailer_previews"
   #
   # An overview of all previews is accessible at <tt>http://localhost:3000/rails/mailers</tt>
   # on a running development server instance.

actionpack/CHANGELOG.md

@@ -1,3 +1,16 @@
+*   Fixed an issue with migrating legacy json cookies.
+
+    Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
+    cookies are marshal-encoded. This is not the case when `secret_token` is
+    used in conjunction with the `:json` or `:hybrid` serializer.
+
+    In those case, when upgrading to use `secret_key_base`, this would cause a
+    `TypeError: incompatible marshal file format` and a 500 error for the user.
+
+    Fixes #14774.
+
+    *Godfrey Chan*
+
 *   Make URL escaping more consistent:
 
     1. Escape '%' characters in URLs - only unescaped data should be passed to URL helpers

actionpack/lib/abstract_controller/callbacks.rb

@@ -178,41 +178,35 @@ def _insert_callbacks(callbacks, block = nil)
       # set up before_action, prepend_before_action, skip_before_action, etc.
       # for each of before, after, and around.
       [:before, :after, :around].each do |callback|
-        class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
-          # Append a before, after or around callback. See _insert_callbacks
-          # for details on the allowed parameters.
-          def #{callback}_action(*names, &blk)                                                    # def before_action(*names, &blk)
-            _insert_callbacks(names, blk) do |name, options|                                      #   _insert_callbacks(names, blk) do |name, options|
-              set_callback(:process_action, :#{callback}, name, options)                          #     set_callback(:process_action, :before, name, options)
-            end                                                                                   #   end
-          end                                                                                     # end
-
-          alias_method :#{callback}_filter, :#{callback}_action
-
-          # Prepend a before, after or around callback. See _insert_callbacks
-          # for details on the allowed parameters.
-          def prepend_#{callback}_action(*names, &blk)                                            # def prepend_before_action(*names, &blk)
-            _insert_callbacks(names, blk) do |name, options|                                      #   _insert_callbacks(names, blk) do |name, options|
-              set_callback(:process_action, :#{callback}, name, options.merge(:prepend => true))  #     set_callback(:process_action, :before, name, options.merge(:prepend => true))
-            end                                                                                   #   end
-          end                                                                                     # end
-
-          alias_method :prepend_#{callback}_filter, :prepend_#{callback}_action
-
-          # Skip a before, after or around callback. See _insert_callbacks
-          # for details on the allowed parameters.
-          def skip_#{callback}_action(*names)                                                     # def skip_before_action(*names)
-            _insert_callbacks(names) do |name, options|                                           #   _insert_callbacks(names) do |name, options|
-              skip_callback(:process_action, :#{callback}, name, options)                         #     skip_callback(:process_action, :before, name, options)
-            end                                                                                   #   end
-          end                                                                                     # end
-
-          alias_method :skip_#{callback}_filter, :skip_#{callback}_action
-
-          # *_action is the same as append_*_action
-          alias_method :append_#{callback}_action, :#{callback}_action  # alias_method :append_before_action, :before_action
-          alias_method :append_#{callback}_filter, :#{callback}_action  # alias_method :append_before_filter, :before_action
-        RUBY_EVAL
+        define_method "#{callback}_action" do |*names, &blk|
+          _insert_callbacks(names, blk) do |name, options|
+            set_callback(:process_action, callback, name, options)
+          end
+        end
+
+        alias_method :"#{callback}_filter", :"#{callback}_action"
+
+        define_method "prepend_#{callback}_action" do |*names, &blk|
+          _insert_callbacks(names, blk) do |name, options|
+            set_callback(:process_action, callback, name, options.merge(:prepend => true))
+          end
+        end
+
+        alias_method :"prepend_#{callback}_filter", :"prepend_#{callback}_action"
+
+        # Skip a before, after or around callback. See _insert_callbacks
+        # for details on the allowed parameters.
+        define_method "skip_#{callback}_action" do |*names|
+          _insert_callbacks(names) do |name, options|
+            skip_callback(:process_action, callback, name, options)
+          end
+        end
+
+        alias_method :"skip_#{callback}_filter", :"skip_#{callback}_action"
+
+        # *_action is the same as append_*_action
+        alias_method :"append_#{callback}_action", :"#{callback}_action"  # alias_method :append_before_action, :before_action
+        alias_method :"append_#{callback}_filter", :"#{callback}_action"  # alias_method :append_before_filter, :before_action
       end
     end
   end

actionpack/lib/action_controller/metal/renderers.rb

@@ -42,8 +42,8 @@ def _handle_render_options(options)
       nil
     end
 
-    # Hash of available renderers, mapping a renderer name to its proc.
-    # Default keys are <tt>:json</tt>, <tt>:js</tt>, <tt>:xml</tt>.
+    # A Set containing renderer names that correspond to available renderer procs.
+    # Default values are <tt>:json</tt>, <tt>:js</tt>, <tt>:xml</tt>.
     RENDERERS = Set.new
 
     # Adds a new renderer to call within controller actions.

actionpack/lib/action_dispatch/middleware/cookies.rb

@@ -176,11 +176,11 @@ def signed_or_encrypted
     module VerifyAndUpgradeLegacySignedMessage
       def initialize(*args)
         super
-        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token])
+        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: NullSerializer)
       end
 
       def verify_and_upgrade_legacy_signed_message(name, signed_message)
-        @legacy_verifier.verify(signed_message).tap do |value|
+        deserialize(name, @legacy_verifier.verify(signed_message)).tap do |value|
           self[name] = { value: value }
         end
       rescue ActiveSupport::MessageVerifier::InvalidSignature

actionpack/test/dispatch/cookies_test.rb

@@ -681,6 +681,123 @@ def test_legacy_signed_cookie_is_read_and_transparently_encrypted_by_encrypted_c
     assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
+  def test_legacy_json_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_cookie_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :json
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate(45)
+
+    @request.headers["Cookie"] = "user_id=#{legacy_value}"
+    get :get_signed_cookie
+
+    assert_equal 45, @controller.send(:cookies).signed[:user_id]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.signed_cookie_salt"])
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: JSON)
+    assert_equal 45, verifier.verify(@response.cookies["user_id"])
+  end
+
+  def test_legacy_json_signed_cookie_is_read_and_transparently_encrypted_by_encrypted_json_cookie_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :json
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+    @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
+    @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate('bar')
+
+    @request.headers["Cookie"] = "foo=#{legacy_value}"
+    get :get_encrypted_cookie
+
+    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
+    sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
+    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+  end
+
+  def test_legacy_json_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_hybrid_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :hybrid
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate(45)
+
+    @request.headers["Cookie"] = "user_id=#{legacy_value}"
+    get :get_signed_cookie
+
+    assert_equal 45, @controller.send(:cookies).signed[:user_id]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.signed_cookie_salt"])
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: JSON)
+    assert_equal 45, verifier.verify(@response.cookies["user_id"])
+  end
+
+  def test_legacy_json_signed_cookie_is_read_and_transparently_encrypted_by_encrypted_hybrid_cookie_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :hybrid
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+    @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
+    @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate('bar')
+
+    @request.headers["Cookie"] = "foo=#{legacy_value}"
+    get :get_encrypted_cookie
+
+    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
+    sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
+    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+  end
+
+  def test_legacy_marshal_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_hybrid_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :hybrid
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate(45)
+
+    @request.headers["Cookie"] = "user_id=#{legacy_value}"
+    get :get_signed_cookie
+
+    assert_equal 45, @controller.send(:cookies).signed[:user_id]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.signed_cookie_salt"])
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: JSON)
+    assert_equal 45, verifier.verify(@response.cookies["user_id"])
+  end
+
+  def test_legacy_marshal_signed_cookie_is_read_and_transparently_encrypted_by_encrypted_hybrid_cookie_jar_if_both_secret_token_and_secret_key_base_are_set
+    @request.env["action_dispatch.cookies_serializer"] = :hybrid
+    @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
+    @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"
+    @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
+    @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
+
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate('bar')
+
+    @request.headers["Cookie"] = "foo=#{legacy_value}"
+    get :get_encrypted_cookie
+
+    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
+    sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
+    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+  end
+
   def test_legacy_signed_cookie_is_treated_as_nil_by_signed_cookie_jar_if_tampered
     @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
     @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff"

actionview/CHANGELOG.md

@@ -1,3 +1,18 @@
+*   Change `favicon_link_tag` default mimetype from `image/vnd.microsoft.icon` to
+    `image/x-icon`.
+
+    Before:
+
+        #=> favicon_link_tag 'myicon.ico'
+        <link href="/assets/myicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
+
+    After:
+
+        #=> favicon_link_tag 'myicon.ico'
+        <link href="/assets/myicon.ico" rel="shortcut icon" type="image/x-icon" />
+
+    *Geoffroy Lorieux*
+
 *   Remove wrapping div with inline styles for hidden form fields.
 
     We are dropping HTML 4.01 and XHTML strict compliance since input tags directly

actionview/lib/action_view/helpers/asset_tag_helper.rb

@@ -149,12 +149,12 @@ def auto_discovery_link_tag(type = :rss, url_options = {}, tag_options = {})
       # ==== Options
       #
       # * <tt>:rel</tt>   - Specify the relation of this link, defaults to 'shortcut icon'
-      # * <tt>:type</tt>  - Override the auto-generated mime type, defaults to 'image/vnd.microsoft.icon'
+      # * <tt>:type</tt>  - Override the auto-generated mime type, defaults to 'image/x-icon'
       #
       # ==== Examples
       #
       #   favicon_link_tag 'myicon.ico'
-      #   # => <link href="/assets/myicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />
+      #   # => <link href="/assets/myicon.ico" rel="shortcut icon" type="image/x-icon" />
       #
       # Mobile Safari looks for a different <link> tag, pointing to an image that
       # will be used if you add the page to the home screen of an iPod Touch, iPhone, or iPad.
@@ -165,7 +165,7 @@ def auto_discovery_link_tag(type = :rss, url_options = {}, tag_options = {})
       def favicon_link_tag(source='favicon.ico', options={})
         tag('link', {
           :rel  => 'shortcut icon',
-          :type => 'image/vnd.microsoft.icon',
+          :type => 'image/x-icon',
           :href => path_to_image(source)
         }.merge!(options.symbolize_keys))
       end

actionview/lib/action_view/helpers/form_helper.rb

@@ -746,6 +746,7 @@ def fields_for(record_name, record_object = nil, options = {}, &block)
       #   label(:post, :terms) do
       #     'Accept <a href="/terms">Terms</a>.'.html_safe
       #   end
+      #   # => <label for="post_terms">Accept <a href="/terms">Terms</a>.</label>
       def label(object_name, method, content_or_options = nil, options = nil, &block)
         Tags::Label.new(object_name, method, self, content_or_options, options).render(&block)
       end

actionview/test/template/asset_tag_helper_test.rb

@@ -195,9 +195,9 @@ def url_for(*args)
   }
 
   FaviconLinkToTag = {
-    %(favicon_link_tag) => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />),
-    %(favicon_link_tag 'favicon.ico') => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon" />),
-    %(favicon_link_tag 'favicon.ico', :rel => 'foo') => %(<link href="/images/favicon.ico" rel="foo" type="image/vnd.microsoft.icon" />),
+    %(favicon_link_tag) => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />),
+    %(favicon_link_tag 'favicon.ico') => %(<link href="/images/favicon.ico" rel="shortcut icon" type="image/x-icon" />),
+    %(favicon_link_tag 'favicon.ico', :rel => 'foo') => %(<link href="/images/favicon.ico" rel="foo" type="image/x-icon" />),
     %(favicon_link_tag 'favicon.ico', :rel => 'foo', :type => 'bar') => %(<link href="/images/favicon.ico" rel="foo" type="bar" />),
     %(favicon_link_tag 'mb-icon.png', :rel => 'apple-touch-icon', :type => 'image/png') => %(<link href="/images/mb-icon.png" rel="apple-touch-icon" type="image/png" />)
   }

actionview/test/template/form_helper_test.rb

@@ -265,6 +265,13 @@ def test_label_with_block
     )
   end
 
+  def test_label_with_block_and_html
+    assert_dom_equal(
+      '<label for="post_terms">Accept <a href="/terms">Terms</a>.</label>',
+      label(:post, :terms) { 'Accept <a href="/terms">Terms</a>.'.html_safe }
+    )
+  end
+
   def test_label_with_block_and_options
     assert_dom_equal(
       '<label for="my_for">The title, please:</label>',

activerecord/CHANGELOG.md

@@ -1,3 +1,43 @@
+*   Reset the cache when modifying a Relation with cached Arel.
+    Additionally display a warning message to make the user aware.
+
+    *Yves Senn*
+
+*   PostgreSQL should internally use `:datetime` consistently for TimeStamp. Assures
+    different spellings of timestamps are treated the same.
+
+    Example:
+
+        mytimestamp.simplified_type('timestamp without time zone')
+        # => :datetime
+        mytimestamp.simplified_type('timestamp(6) without time zone')
+        # => also :datetime (previously would be :timestamp)
+
+    See #14513.
+
+    *Jefferson Lai*
+
+*   `ActiveRecord::Base.no_touching` no longer triggers callbacks or start empty transactions.
+
+    Fixes #14841.
+
+    *Lucas Mazza*
+
+*   Fix name collision with `Array#select!` with `Relation#select!`.
+
+    Fixes #14752.
+
+    *Earl St Sauver*
+
+*   Fixed unexpected behavior for `has_many :through` associations going through a scoped `has_many`.
+
+    If a `has_many` association is adjusted using a scope, and another `has_many :through`
+    uses this association, then the scope adjustment is unexpectedly neglected.
+
+    Fixes #14537.
+
+    *Jan Habermann*
+
 *   `@destroyed` should always be set to `false` when an object is duped.
 
     *Kuldeep Aggarwal*

activerecord/lib/active_record/associations/preloader/association.rb

@@ -119,7 +119,7 @@ def build_scope
           scope.references_values = Array(values[:references]) + Array(preload_values[:references])
           scope.bind_values       = (reflection_binds + preload_binds)
 
-          scope.select!   preload_values[:select] || values[:select] || table[Arel.star]
+          scope._select!   preload_values[:select] || values[:select] || table[Arel.star]
           scope.includes! preload_values[:includes] || values[:includes]
 
           if preload_values.key? :order