This is Emmanuel... you haven't heard from me in a while. I'm doing great, and have a few merged pull requests that I want to share with you.
Don't show secrets for MessageVerifier#inspect and KeyGenerator#inspect
If anyone calls a cipher in the console, it will reveal the secret of the encryptor. By overriding the inspect method to display only the class name, we can prevent accidental exposure of sensitive information.
Active Record commit transaction on return, break and throw
There's a lot of history around this PR. In short Rails 7.1 will get a new configuration option that defines whether return, break and throw inside a transaction block cause the transaction to be committed or rolled back. Let's take this example:
Model.transaction do
Don't show secrets for MessageVerifier#inspect and KeyGenerator#inspect
If anyone calls a cipher in the console, it will reveal the secret of the encryptor. By overriding the inspect method to display only the class name, we can prevent accidental exposure of sensitive information.
Active Record commit transaction on return, break and throw
There's a lot of history around this PR. In short Rails 7.1 will get a new configuration option that defines whether return, break and throw inside a transaction block cause the transaction to be committed or rolled back. Let's take this example:
Model.transaction do
model.save
return
other_model.save
end
With the new config.active_record.commit_transaction_on_non_local_return set to false, this transaction will rollback upon hitting return, if set to true, the transaction will be committed.
Document common ActiveStorage issues
When attaching files to a has_many_attached association, the default behaviour is to replace any existing attachments. However, if you wish to preserve existing attachments and add new ones, you can achieve this by setting Rails.application.config.replace_on_assign_to_many to false. This PR properly documents this behaviour.
Specify when to generate has_secure_token
Rails has a has_secure_token method that employs SecureRandom::base58 to generate a 24-character unique token for a model. With this PR, one can specify at what point during the model's life-cycle the token is generated via an on: option. This PR ensures we can do something like:
class User < ApplicationRecord
has_secure_token on: :initialize
end
By passing the on: :initialize, the token is generated in an after_initialize callback as opposed a before_* callback which is the default behaviour.
In the last fourteen days, we've had 37 generous contributors.
That's all I've got for today!