From 3267c81ba00fab77c2f543813cd90359e03af05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Fri, 15 May 2020 15:19:10 +0200 Subject: [PATCH] Upgrade to Rails 5.2 All the code in the `bin/` and the `config/` folder has been generated running `rake app:update`, except the `escape_javascript_fix` file, which we've removed since the code there is already included in Rails 5.2. --- .rubocop.yml | 1 - Gemfile | 2 +- Gemfile.lock | 85 ++++++++++--------- bin/bundle | 2 +- bin/setup | 3 +- bin/update | 3 +- config/environments/development.rb | 8 +- config/environments/test.rb | 2 +- .../application_controller_renderer.rb | 10 ++- .../initializers/content_security_policy.rb | 25 ++++++ config/initializers/escape_javascript_fix.rb | 25 ------ .../new_framework_defaults_5_2.rb | 38 +++++++++ spec/rails_helper.rb | 12 --- spec/spec_helper.rb | 8 +- 14 files changed, 128 insertions(+), 96 deletions(-) create mode 100644 config/initializers/content_security_policy.rb delete mode 100644 config/initializers/escape_javascript_fix.rb create mode 100644 config/initializers/new_framework_defaults_5_2.rb diff --git a/.rubocop.yml b/.rubocop.yml index 2cf085d92..9941c7659 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -253,7 +253,6 @@ Rails/OutputSafety: Severity: warning Exclude: - app/helpers/text_with_links_helper.rb - - config/initializers/escape_javascript_fix.rb Rails/PluralizationGrammar: Enabled: true diff --git a/Gemfile b/Gemfile index 806cd94c5..32e1f6f0a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source "https://rubygems.org" -gem "rails", "5.1.7" +gem "rails", "5.2.4.4" gem "acts-as-taggable-on", "~> 6.5.0" gem "acts_as_votable", "~> 0.12.1" diff --git a/Gemfile.lock b/Gemfile.lock index 7c6df00e9..89922ea49 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,39 +10,43 @@ GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ specs: - actioncable (5.1.7) - actionpack (= 5.1.7) + actioncable (5.2.4.4) + actionpack (= 5.2.4.4) nio4r (~> 2.0) - websocket-driver (~> 0.6.1) - actionmailer (5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) + websocket-driver (>= 0.6.1) + actionmailer (5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.1.7) - actionview (= 5.1.7) - activesupport (= 5.1.7) - rack (~> 2.0) + actionpack (5.2.4.4) + actionview (= 5.2.4.4) + activesupport (= 5.2.4.4) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.1.7) - activesupport (= 5.1.7) + actionview (5.2.4.4) + activesupport (= 5.2.4.4) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.1.7) - activesupport (= 5.1.7) + activejob (5.2.4.4) + activesupport (= 5.2.4.4) globalid (>= 0.3.6) - activemodel (5.1.7) - activesupport (= 5.1.7) - activerecord (5.1.7) - activemodel (= 5.1.7) - activesupport (= 5.1.7) - arel (~> 8.0) - activesupport (5.1.7) + activemodel (5.2.4.4) + activesupport (= 5.2.4.4) + activerecord (5.2.4.4) + activemodel (= 5.2.4.4) + activesupport (= 5.2.4.4) + arel (>= 9.0) + activestorage (5.2.4.4) + actionpack (= 5.2.4.4) + activerecord (= 5.2.4.4) + marcel (~> 0.3.1) + activesupport (5.2.4.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -73,7 +77,7 @@ GEM nokogiri ancestry (3.2.1) activerecord (>= 4.2.0) - arel (8.0.0) + arel (9.0.0) ast (2.4.1) audited (4.9.0) activerecord (>= 4.2, < 6.1) @@ -338,6 +342,8 @@ GEM nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) + marcel (0.3.3) + mimemagic (~> 0.3.2) mdl (0.11.0) kramdown (~> 2.3) kramdown-parser-gfm (~> 1.1) @@ -427,17 +433,18 @@ GEM rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.1.7) - actioncable (= 5.1.7) - actionmailer (= 5.1.7) - actionpack (= 5.1.7) - actionview (= 5.1.7) - activejob (= 5.1.7) - activemodel (= 5.1.7) - activerecord (= 5.1.7) - activesupport (= 5.1.7) + rails (5.2.4.4) + actioncable (= 5.2.4.4) + actionmailer (= 5.2.4.4) + actionpack (= 5.2.4.4) + actionview (= 5.2.4.4) + activejob (= 5.2.4.4) + activemodel (= 5.2.4.4) + activerecord (= 5.2.4.4) + activestorage (= 5.2.4.4) + activesupport (= 5.2.4.4) bundler (>= 1.3.0) - railties (= 5.1.7) + railties (= 5.2.4.4) sprockets-rails (>= 2.0.0) rails-assets-leaflet (1.5.1) rails-assets-markdown-it (9.0.1) @@ -449,12 +456,12 @@ GEM rails-i18n (5.1.3) i18n (>= 0.7, < 2) railties (>= 5.0, < 6) - railties (5.1.7) - actionpack (= 5.1.7) - activesupport (= 5.1.7) + railties (5.2.4.4) + actionpack (= 5.2.4.4) + activesupport (= 5.2.4.4) method_source rake (>= 0.8.7) - thor (>= 0.18.1, < 2.0) + thor (>= 0.19.0, < 2.0) rainbow (3.0.0) rake (13.0.1) rb-fsevent (0.10.4) @@ -615,7 +622,7 @@ GEM nokogiri (~> 1.6) rubyzip (>= 1.3.0) selenium-webdriver (>= 3.0, < 4.0) - websocket-driver (0.6.5) + websocket-driver (0.7.3) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) whenever (1.0.0) @@ -694,7 +701,7 @@ DEPENDENCIES pg (~> 1.0.0) pg_search (~> 2.3.0) puma (~> 4.3.6) - rails (= 5.1.7) + rails (= 5.2.4.4) rails-assets-leaflet! rails-assets-markdown-it (~> 9.0.1)! recipient_interceptor (~> 0.2.0) diff --git a/bin/bundle b/bin/bundle index fe1874509..67efc37fb 100755 --- a/bin/bundle +++ b/bin/bundle @@ -1,3 +1,3 @@ #!/usr/bin/env ruby -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) load Gem.bin_path("bundler", "bundle") diff --git a/bin/setup b/bin/setup index 4ccb4facf..aa921f10d 100755 --- a/bin/setup +++ b/bin/setup @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require "pathname" require "fileutils" include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path("../../", __FILE__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") diff --git a/bin/update b/bin/update index 770b84062..80e5352ad 100755 --- a/bin/update +++ b/bin/update @@ -1,10 +1,9 @@ #!/usr/bin/env ruby -require "pathname" require "fileutils" include FileUtils # path to your application root. -APP_ROOT = Pathname.new File.expand_path("../../", __FILE__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") diff --git a/config/environments/development.rb b/config/environments/development.rb index 07840b58c..646ee316d 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -13,12 +13,13 @@ Rails.application.configure do config.consider_all_requests_local = true # Enable/disable caching. By default caching is disabled. - if Rails.root.join("tmp/caching-dev.txt").exist? + # Run rails dev:cache to toggle caching. + if Rails.root.join("tmp", "caching-dev.txt").exist? config.action_controller.perform_caching = true config.cache_store = :memory_store config.public_file_server.headers = { - "Cache-Control" => "public, max-age=172800" + "Cache-Control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false @@ -41,6 +42,9 @@ Rails.application.configure do # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load + # Highlight code that triggered database queries in logs. + config.active_record.verbose_query_logs = true + # Debug mode disables concatenation and preprocessing of assets. # This option may cause significant delays in view rendering with a large # number of complex assets. diff --git a/config/environments/test.rb b/config/environments/test.rb index c7059f5c1..6ebbecbfc 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -20,7 +20,7 @@ Rails.application.configure do # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - "Cache-Control" => "public, max-age=3600" + "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. diff --git a/config/initializers/application_controller_renderer.rb b/config/initializers/application_controller_renderer.rb index 51639b67a..89d2efab2 100644 --- a/config/initializers/application_controller_renderer.rb +++ b/config/initializers/application_controller_renderer.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# ApplicationController.renderer.defaults.merge!( -# http_host: 'example.org', -# https: false -# ) +# ActiveSupport::Reloader.to_prepare do +# ApplicationController.renderer.defaults.merge!( +# http_host: 'example.org', +# https: false +# ) +# end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 000000000..d3bcaa5ec --- /dev/null +++ b/config/initializers/content_security_policy.rb @@ -0,0 +1,25 @@ +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy +# For further information see the following documentation +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy + +# Rails.application.config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https + +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end + +# If you are using UJS then enable automatic nonce generation +# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } + +# Report CSP violations to a specified URI +# For further information see the following documentation: +# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only +# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/escape_javascript_fix.rb b/config/initializers/escape_javascript_fix.rb deleted file mode 100644 index 0f693fdf6..000000000 --- a/config/initializers/escape_javascript_fix.rb +++ /dev/null @@ -1,25 +0,0 @@ -# Code taken from https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv -# Remove this code after upgrading to Rails 5.2 -ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!( - { - "`" => "\\`", - "$" => "\\$" - } -) - -module ActionView::Helpers::JavaScriptHelper - alias :old_ej :escape_javascript - alias :old_j :j - - def escape_javascript(javascript) - javascript = javascript.to_s - if javascript.empty? - result = "" - else - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP) - end - javascript.html_safe? ? result.html_safe : result - end - - alias :j :escape_javascript -end diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb new file mode 100644 index 000000000..c383d072b --- /dev/null +++ b/config/initializers/new_framework_defaults_5_2.rb @@ -0,0 +1,38 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains migration options to ease your Rails 5.2 upgrade. +# +# Once upgraded flip defaults one by one to migrate to the new default. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. + +# Make Active Record use stable #cache_key alongside new #cache_version method. +# This is needed for recyclable cache keys. +# Rails.application.config.active_record.cache_versioning = true + +# Use AES-256-GCM authenticated encryption for encrypted cookies. +# Also, embed cookie expiry in signed or encrypted cookies for increased security. +# +# This option is not backwards compatible with earlier Rails versions. +# It's best enabled when your entire app is migrated and stable on 5.2. +# +# Existing cookies will be converted on read then written with the new scheme. +# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true + +# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages +# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. +# Rails.application.config.active_support.use_authenticated_message_encryption = true + +# Add default protection from forgery to ActionController::Base instead of in +# ApplicationController. +# Rails.application.config.action_controller.default_protect_from_forgery = true + +# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and +# 'f' after migrating old data. +# Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true + +# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. +# Rails.application.config.active_support.use_sha1_digests = true + +# Make `form_with` generate id attributes for any generated HTML tags. +# Rails.application.config.action_view.form_with_generates_ids = true diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 3de8fd85d..c4756dd02 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -19,18 +19,6 @@ Warden.test_mode! ActiveRecord::Migration.maintain_test_schema! -# Monkey patch from https://github.com/rails/rails/pull/32293 -# Remove when we upgrade to Rails 5.2 -require "action_dispatch/system_testing/test_helpers/setup_and_teardown" -module ActionDispatch::SystemTesting::TestHelpers::SetupAndTeardown - def after_teardown - take_failed_screenshot - Capybara.reset_sessions! - ensure - super - end -end - RSpec.configure do |config| config.infer_spec_type_from_file_location! config.after do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 7aa19aac4..5a775065f 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -82,12 +82,8 @@ RSpec.configure do |config| .to receive(:available_locales).and_return(I18n.available_locales.map(&:to_s)) end - config.before(:each, :with_frozen_time) do - travel_to Time.current # TODO: use `freeze_time` after migrating to Rails 5.2. - end - - config.after(:each, :with_frozen_time) do - travel_back + config.around(:each, :with_frozen_time) do |example| + freeze_time { example.run } end config.before(:each, :application_zone_west_of_system_zone) do