Bump rails from 7.0.8 to 7.1.1 (#60)

* Bump rails from 7.0.8 to 7.1.1 Bumps [rails](https://github.com/rails/rails) from 7.0.8 to 7.1.1. - [Release notes](https://github.com/rails/rails/releases) - [Commits](rails/rails@v7.0.8...v7.1.1) --- updated-dependencies: - dependency-name: rails dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Update gemset.nix * Opt-in to new rails 7.1 features --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: robbe[bot] <[email protected]> Co-authored-by: Robbe Van Petegem <[email protected]>
robbevp · Oct 14, 2023 · b623899 · b623899
1 parent 1847b1d
commit b623899
Show file tree

Hide file tree

Showing 10 changed files with 234 additions and 164 deletions.
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -62,7 +62,7 @@ Rails/ActionOrder:
     - destroy
 Rails/DynamicFindBy:
   Enabled: true
-  AllowedMethods: [find_by_password_reset_token] # We add the methods we define ourselves
+  AllowedMethods: [] # We add the methods we define ourselves
 
 Style/Documentation:
   Enabled: false

diff --git a/Gemfile b/Gemfile
@@ -5,7 +5,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby '3.2.2'
 
-gem 'rails', '~> 7.0.8'
+gem 'rails', '~> 7.1.1'
 
 gem 'bcrypt' # Use Active Model has_secure_password
 gem 'bootsnap', require: false # Reduces boot times through caching; required in config/boot.rb

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -10,70 +10,78 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
+    actioncable (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+      zeitwerk (~> 2.6)
+    actionmailbox (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8)
-      actionpack (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activesupport (= 7.0.8)
+    actionmailer (7.1.1)
+      actionpack (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activesupport (= 7.1.1)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.0)
-    actionpack (7.0.8)
-      actionview (= 7.0.8)
-      activesupport (= 7.0.8)
-      rack (~> 2.0, >= 2.2.4)
+      rails-dom-testing (~> 2.2)
+    actionpack (7.1.1)
+      actionview (= 7.1.1)
+      activesupport (= 7.1.1)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.8)
-      actionpack (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    actiontext (7.1.1)
+      actionpack (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8)
-      activesupport (= 7.0.8)
+    actionview (7.1.1)
+      activesupport (= 7.1.1)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.8)
-      activesupport (= 7.0.8)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.1.1)
+      activesupport (= 7.1.1)
       globalid (>= 0.3.6)
-    activemodel (7.0.8)
-      activesupport (= 7.0.8)
-    activerecord (7.0.8)
-      activemodel (= 7.0.8)
-      activesupport (= 7.0.8)
-    activestorage (7.0.8)
-      actionpack (= 7.0.8)
-      activejob (= 7.0.8)
-      activerecord (= 7.0.8)
-      activesupport (= 7.0.8)
+    activemodel (7.1.1)
+      activesupport (= 7.1.1)
+    activerecord (7.1.1)
+      activemodel (= 7.1.1)
+      activesupport (= 7.1.1)
+      timeout (>= 0.4.0)
+    activestorage (7.1.1)
+      actionpack (= 7.1.1)
+      activejob (= 7.1.1)
+      activerecord (= 7.1.1)
+      activesupport (= 7.1.1)
       marcel (~> 1.0)
-      mini_mime (>= 1.1.0)
-    activesupport (7.0.8)
+    activesupport (7.1.1)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
@@ -87,6 +95,7 @@ GEM
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
+    bigdecimal (3.1.4)
     bindex (0.8.1)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
@@ -101,6 +110,7 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
     crack (0.4.5)
       rexml
     crass (1.0.6)
@@ -109,6 +119,8 @@ GEM
       irb (>= 1.5.0)
       reline (>= 0.3.1)
     docile (1.4.0)
+    drb (2.1.1)
+      ruby2_keywords
     dry-cli (1.0.0)
     erb_lint (0.5.0)
       activesupport
@@ -170,14 +182,15 @@ GEM
     mini_portile2 (2.8.4)
     minitest (5.20.0)
     msgpack (1.7.2)
-    net-imap (0.3.7)
+    mutex_m (0.1.2)
+    net-imap (0.4.1)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.3)
+    net-smtp (0.4.0)
       net-protocol
     nio4r (2.5.9)
     nokogiri (1.15.4)
@@ -197,41 +210,47 @@ GEM
       activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.7.1)
-    rack (2.2.8)
+    rack (3.0.8)
     rack-mini-profiler (3.1.1)
       rack (>= 1.2.0)
     rack-proxy (0.7.7)
       rack
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8)
-      actioncable (= 7.0.8)
-      actionmailbox (= 7.0.8)
-      actionmailer (= 7.0.8)
-      actionpack (= 7.0.8)
-      actiontext (= 7.0.8)
-      actionview (= 7.0.8)
-      activejob (= 7.0.8)
-      activemodel (= 7.0.8)
-      activerecord (= 7.0.8)
-      activestorage (= 7.0.8)
-      activesupport (= 7.0.8)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
+    rails (7.1.1)
+      actioncable (= 7.1.1)
+      actionmailbox (= 7.1.1)
+      actionmailer (= 7.1.1)
+      actionpack (= 7.1.1)
+      actiontext (= 7.1.1)
+      actionview (= 7.1.1)
+      activejob (= 7.1.1)
+      activemodel (= 7.1.1)
+      activerecord (= 7.1.1)
+      activestorage (= 7.1.1)
+      activesupport (= 7.1.1)
       bundler (>= 1.15.0)
-      railties (= 7.0.8)
+      railties (= 7.1.1)
     rails-dom-testing (2.2.0)
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.8)
-      actionpack (= 7.0.8)
-      activesupport (= 7.0.8)
-      method_source
+    railties (7.1.1)
+      actionpack (= 7.1.1)
+      activesupport (= 7.1.1)
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
     rake (13.0.6)
     regexp_parser (2.8.2)
@@ -264,6 +283,7 @@ GEM
     ruby-progressbar (1.13.0)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
+    ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
     sax-machine (1.3.2)
     selenium-webdriver (4.14.0)
@@ -314,6 +334,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.8.1)
     websocket (1.2.10)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -343,7 +364,7 @@ DEPENDENCIES
   puma
   pundit
   rack-mini-profiler
-  rails (~> 7.0.8)
+  rails (~> 7.1.1)
   rubocop
   rubocop-minitest
   rubocop-performance

diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
@@ -30,7 +30,7 @@ def update
   private
 
   def set_user
-    @user = User.find_by_password_reset_token params[:token]
+    @user = User.find_by_token_for :password_reset, params[:token]
 
     if @user.nil?
       flash[:danger] = t '.invalid_token'

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
@@ -4,7 +4,7 @@ class UserMailer < ApplicationMailer
   before_action :set_user
 
   def reset_password
-    @token = @user.password_reset_token(expires_in: 1.hour)
+    @token = @user.generate_token_for(:password_reset)
     mail to: @user.email
   end
 

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,56 +1,20 @@
 # frozen_string_literal: true
 
 class User < ApplicationRecord
-  # NOTE: Delete when upgrading to rails 7.1
-  attr_accessor :password_challenge
-
   has_secure_password
 
+  generates_token_for :password_reset, expires_in: 1.hour do
+    BCrypt::Password.new(password_digest).salt.last(10)
+  end
+
   has_many :feeds, dependent: :destroy
 
-  before_validation :normalize_email
+  normalizes :email, with: ->(email) { email&.strip&.downcase }
 
   validates :email, presence: true, uniqueness: { case_sensitive: false },
                     # The basic regex to validate emails was taken from devise
                     # See: https://github.com/heartcombo/devise/blob/9f80dc2562524f744e8633b8562f2a0114efb32b/lib/generators/templates/devise.rb#L186
                     format: { with: /\A[^@\s]+@[^@\s]+\z/ }
   validates :password_digest, presence: true
   validates :password, length: { minimum: 12 }, allow_nil: true
-  # NOTE: Delete when upgrading to rails 7.1
-  validate :check_password_challenge
-
-  # Reset password
-  # NOTE: Replace with `generates_token_for` when upgrading to rails 7.1
-  def self.token_verifier
-    @token_verifier ||= Rails.application.message_verifier('feed_reader/user_token')
-  end
-
-  def self.find_by_password_reset_token(password_reset_token)
-    payload = token_verifier.verified(password_reset_token)
-    user = find_by(id: payload && payload[0])
-    return nil if user.nil?
-
-    salt = BCrypt::Password.new(user.password_digest).salt[-10..]
-    user if payload == [user.id, salt]
-  end
-
-  def password_reset_token(expires_in: nil)
-    # We use the current password digest to generate a token
-    # This way a changed password, will cause the token to be invalid
-    salt = BCrypt::Password.new(password_digest).salt[-10..]
-    self.class.token_verifier.generate([id, salt], expires_in:)
-  end
-
-  private
-
-  def normalize_email
-    email&.strip!&.downcase!
-  end
-
-  def check_password_challenge
-    return if password_challenge.nil?
-    return if password_digest_was.present? && BCrypt::Password.new(password_digest_was).is_password?(password_challenge)
-
-    errors.add(:password_challenge)
-  end
 end