Merge branch 'main' into support_unencrypted_data-true

Author: ghiculescu

activerecord/CHANGELOG.md

@@ -21,6 +21,90 @@
 
     *Alex Ghiculescu*
 
+*   Model generator no longer needs a database connection to validate column types.
+
+    *Mike Dalessio*
+
+*   Allow signed ID verifiers to be configurable via `Rails.application.message_verifiers`
+
+    Prior to this change, the primary way to configure signed ID verifiers was
+    to set `signed_id_verifier` on each model class:
+
+      ```ruby
+      Post.signed_id_verifier = ActiveSupport::MessageVerifier.new(...)
+      Comment.signed_id_verifier = ActiveSupport::MessageVerifier.new(...)
+      ```
+
+    And if the developer did not set `signed_id_verifier`, a verifier would be
+    instantiated with a secret derived from `secret_key_base` and the following
+    options:
+
+      ```ruby
+      { digest: "SHA256", serializer: JSON, url_safe: true }
+      ```
+
+    Thus it was cumbersome to rotate configuration for all verifiers.
+
+    This change defines a new Rails config: [`config.active_record.use_legacy_signed_id_verifier`][].
+    The default value is `:generate_and_verify`, which preserves the previous
+    behavior. However, when set to `:verify`, signed ID verifiers will use
+    configuration from `Rails.application.message_verifiers` (specifically,
+    `Rails.application.message_verifiers["active_record/signed_id"]`) to
+    generate and verify signed IDs, but will also verify signed IDs using the
+    older configuration.
+
+    To avoid complication, the new behavior only applies when `signed_id_verifier_secret`
+    is not set on a model class or any of its ancestors. Additionally,
+    `signed_id_verifier_secret` is now deprecated. If you are currently setting
+    `signed_id_verifier_secret` on a model class, you can set `signed_id_verifier`
+    instead:
+
+      ```ruby
+      # BEFORE
+      Post.signed_id_verifier_secret = "my secret"
+
+      # AFTER
+      Post.signed_id_verifier = ActiveSupport::MessageVerifier.new("my secret", digest: "SHA256", serializer: JSON, url_safe: true)
+      ```
+
+    To ease migration, `signed_id_verifier` has also been changed to behave as a
+    `class_attribute` (i.e. inheritable), but _only when `signed_id_verifier_secret`
+    is not set_:
+
+      ```ruby
+      # BEFORE
+      ActiveRecord::Base.signed_id_verifier = ActiveSupport::MessageVerifier.new(...)
+      Post.signed_id_verifier == ActiveRecord::Base.signed_id_verifier # => false
+
+      # AFTER
+      ActiveRecord::Base.signed_id_verifier = ActiveSupport::MessageVerifier.new(...)
+      Post.signed_id_verifier == ActiveRecord::Base.signed_id_verifier # => true
+
+      Post.signed_id_verifier_secret = "my secret" # => deprecation warning
+      Post.signed_id_verifier == ActiveRecord::Base.signed_id_verifier # => false
+      ```
+
+    Note, however, that it is recommended to eventually migrate from
+    model-specific verifiers to a unified configuration managed by
+    `Rails.application.message_verifiers`. `ActiveSupport::MessageVerifier#rotate`
+    can facilitate that transition. For example:
+
+      ```ruby
+      # BEFORE
+      # Generate and verify signed Post IDs using Post-specific configuration
+      Post.signed_id_verifier = ActiveSupport::MessageVerifier.new("post secret", ...)
+
+      # AFTER
+      # Generate and verify signed Post IDs using the unified configuration
+      Post.signed_id_verifier = Post.signed_id_verifier.dup
+      # Fall back to Post-specific configuration when verifying signed IDs
+      Post.signed_id_verifier.rotate("post secret", ...)
+      ```
+
+    [`config.active_record.use_legacy_signed_id_verifier`]: https://guides.rubyonrails.org/v8.1/configuring.html#config-active-record-use-legacy-signed-id-verifier
+
+    *Ali Sepehri*, *Jonathan Hefner*
+
 *   Prepend `extra_flags` in postgres' `structure_load`
 
     When specifying `structure_load_flags` with a postgres adapter, the flags

activerecord/lib/active_record.rb

@@ -506,6 +506,13 @@ def self.marshalling_format_version=(value)
     }
   )
 
+  ##
+  # :singleton-method: message_verifiers
+  #
+  # ActiveSupport::MessageVerifiers instance for Active Record. If you are using
+  # Rails, this will be set to +Rails.application.message_verifiers+.
+  singleton_class.attr_accessor :message_verifiers
+
   def self.eager_load!
     super
     ActiveRecord::Locking.eager_load!

activerecord/lib/active_record/connection_adapters/abstract_adapter.rb

@@ -260,7 +260,11 @@ def to_s
       end
 
       def valid_type?(type) # :nodoc:
-        !native_database_types[type].nil?
+        self.class.valid_type?(type)
+      end
+
+      def native_database_types # :nodoc:
+        self.class.native_database_types
       end
 
       # this method must only be called while holding connection pool's mutex
@@ -886,6 +890,10 @@ def extended_type_map(default_timezone:) # :nodoc:
           end
         end
 
+        def valid_type?(type) # :nodoc:
+          !native_database_types[type].nil?
+        end
+
         private
           def initialize_type_map(m)
             register_class_with_limit m, %r(boolean)i,       Type::Boolean

activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb

@@ -81,6 +81,10 @@ def dbconsole(config, options = {})
 
           find_cmd_and_exec(ActiveRecord.database_cli[:mysql], *args)
         end
+
+        def native_database_types # :nodoc:
+          NATIVE_DATABASE_TYPES
+        end
       end
 
       def get_database_version # :nodoc:
@@ -196,10 +200,6 @@ def release_advisory_lock(lock_name) # :nodoc:
         query_value("SELECT RELEASE_LOCK(#{quote(lock_name.to_s)})") == 1
       end
 
-      def native_database_types
-        NATIVE_DATABASE_TYPES
-      end
-
       def index_algorithms
         {
           default: "ALGORITHM = DEFAULT",

activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb

@@ -397,10 +397,6 @@ def discard! # :nodoc:
         @raw_connection = nil
       end
 
-      def native_database_types # :nodoc:
-        self.class.native_database_types
-      end
-
       def self.native_database_types # :nodoc:
         @native_database_types ||= begin
           types = NATIVE_DATABASE_TYPES.dup

activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb

@@ -66,6 +66,10 @@ def dbconsole(config, options = {})
 
           find_cmd_and_exec(ActiveRecord.database_cli[:sqlite], *args)
         end
+
+        def native_database_types # :nodoc:
+          NATIVE_DATABASE_TYPES
+        end
       end
 
       include SQLite3::Quoting
@@ -258,10 +262,6 @@ def supports_index_sort_order?
         true
       end
 
-      def native_database_types # :nodoc:
-        NATIVE_DATABASE_TYPES
-      end
-
       # Returns the current database encoding format as a string, e.g. 'UTF-8'
       def encoding
         any_raw_connection.encoding.to_s

activerecord/lib/active_record/railtie.rb

@@ -38,6 +38,7 @@ class Railtie < Rails::Railtie # :nodoc:
     config.active_record.raise_on_assign_to_attr_readonly = false
     config.active_record.belongs_to_required_validates_foreign_key = true
     config.active_record.generate_secure_token_on = :create
+    config.active_record.use_legacy_signed_id_verifier = :generate_and_verify
 
     config.active_record.queues = ActiveSupport::InheritableOptions.new
 
@@ -233,6 +234,7 @@ class Railtie < Rails::Railtie # :nodoc:
           :check_schema_cache_dump_version,
           :use_schema_cache_dump,
           :postgresql_adapter_decode_dates,
+          :use_legacy_signed_id_verifier,
         )
 
         configs_used_in_other_initializers.each do |k, v|
@@ -319,9 +321,18 @@ class Railtie < Rails::Railtie # :nodoc:
       end
     end
 
-    initializer "active_record.set_signed_id_verifier_secret" do
-      ActiveSupport.on_load(:active_record) do
-        self.signed_id_verifier_secret ||= -> { Rails.application.key_generator.generate_key("active_record/signed_id") }
+    initializer "active_record.configure_message_verifiers" do |app|
+      ActiveRecord.message_verifiers = app.message_verifiers
+
+      use_legacy_signed_id_verifier = app.config.active_record.use_legacy_signed_id_verifier
+      legacy_options = { digest: "SHA256", serializer: JSON, url_safe: true }
+
+      if use_legacy_signed_id_verifier == :generate_and_verify
+        app.message_verifiers.prepend { |salt| legacy_options if salt == "active_record/signed_id" }
+      elsif use_legacy_signed_id_verifier == :verify
+        app.message_verifiers.rotate { |salt| legacy_options if salt == "active_record/signed_id" }
+      elsif use_legacy_signed_id_verifier
+        raise ArgumentError, "Unrecognized value for config.active_record.use_legacy_signed_id_verifier: #{use_legacy_signed_id_verifier.inspect}"
       end
     end
 

activerecord/lib/active_record/relation.rb

@@ -272,7 +272,12 @@ def find_or_create_by!(attributes, &block)
     # such situation.
     def create_or_find_by(attributes, &block)
       with_connection do |connection|
-        transaction(requires_new: true) { create(attributes, &block) }
+        record = nil
+        transaction(requires_new: true) do
+          record = new(attributes, &block)
+          record.save || raise(ActiveRecord::Rollback)
+        end
+        record
       rescue ActiveRecord::RecordNotUnique
         if connection.transaction_open?
           where(attributes).lock.find_by!(attributes)
@@ -287,7 +292,12 @@ def create_or_find_by(attributes, &block)
     # is raised if the created record is invalid.
     def create_or_find_by!(attributes, &block)
       with_connection do |connection|
-        transaction(requires_new: true) { create!(attributes, &block) }
+        record = nil
+        transaction(requires_new: true) do
+          record = new(attributes, &block)
+          record.save! || raise(ActiveRecord::Rollback)
+        end
+        record
       rescue ActiveRecord::RecordNotUnique
         if connection.transaction_open?
           where(attributes).lock.find_by!(attributes)

activerecord/lib/active_record/signed_id.rb

@@ -6,11 +6,27 @@ module SignedId
     extend ActiveSupport::Concern
 
     included do
+      class_attribute :_signed_id_verifier, instance_accessor: false, instance_predicate: false
+
       ##
       # :singleton-method:
       # Set the secret used for the signed id verifier instance when using Active Record outside of \Rails.
       # Within \Rails, this is automatically set using the \Rails application key generator.
       class_attribute :signed_id_verifier_secret, instance_writer: false
+      module DeprecateSignedIdVerifierSecret
+        def signed_id_verifier_secret=(secret)
+          ActiveRecord.deprecator.warn(<<~MSG)
+            ActiveRecord::Base.signed_id_verifier_secret is deprecated and will be removed in the future.
+
+            If the secret is model-specific, set Model.signed_id_verifier instead.
+
+            Otherwise, configure Rails.application.message_verifiers (or ActiveRecord.message_verifiers) with the secret.
+          MSG
+
+          super
+        end
+      end
+      singleton_class.prepend DeprecateSignedIdVerifierSecret
     end
 
     module RelationMethods # :nodoc:
@@ -77,28 +93,38 @@ def find_signed!(signed_id, purpose: nil, on_rotation: nil)
         end
       end
 
-      # The verifier instance that all signed ids are generated and verified from. By default, it'll be initialized
-      # with the class-level +signed_id_verifier_secret+, which within Rails comes from
-      # {Rails.application.key_generator}[rdoc-ref:Rails::Application#key_generator].
-      # By default, it's SHA256 for the digest and JSON for the serialization.
       def signed_id_verifier
-        @signed_id_verifier ||= begin
-          secret = signed_id_verifier_secret
-          secret = secret.call if secret.respond_to?(:call)
+        if signed_id_verifier_secret
+          @signed_id_verifier ||= begin
+            secret = signed_id_verifier_secret
+            secret = secret.call if secret.respond_to?(:call)
+
+            if secret.nil?
+              raise ArgumentError, "You must set ActiveRecord::Base.signed_id_verifier_secret to use signed IDs"
+            end
 
-          if secret.nil?
-            raise ArgumentError, "You must set ActiveRecord::Base.signed_id_verifier_secret to use signed ids"
-          else
             ActiveSupport::MessageVerifier.new secret, digest: "SHA256", serializer: JSON, url_safe: true
           end
+        else
+          return _signed_id_verifier if _signed_id_verifier
+
+          if ActiveRecord.message_verifiers.nil?
+            raise "You must set ActiveRecord.message_verifiers to use signed IDs"
+          end
+
+          ActiveRecord.message_verifiers["active_record/signed_id"]
         end
       end
 
       # Allows you to pass in a custom verifier used for the signed ids. This also allows you to use different
       # verifiers for different classes. This is also helpful if you need to rotate keys, as you can prepare
       # your custom verifier for that in advance. See ActiveSupport::MessageVerifier for details.
       def signed_id_verifier=(verifier)
-        @signed_id_verifier = verifier
+        if signed_id_verifier_secret
+          @signed_id_verifier = verifier
+        else
+          self._signed_id_verifier = verifier
+        end
       end
 
       # :nodoc:

activerecord/test/cases/adapter_test.rb

@@ -48,11 +48,13 @@ def test_create_record_with_pk_as_zero
     def test_valid_column
       @connection.native_database_types.each_key do |type|
         assert @connection.valid_type?(type)
+        assert @connection.class.valid_type?(type)
       end
     end
 
     def test_invalid_column
       assert_not @connection.valid_type?(:foobar)
+      assert_not @connection.class.valid_type?(:foobar)
     end
 
     def test_tables