DEV: Upgrade to Rails 7

This patch upgrades Rails to version 7.0.2.4.
RickyC0626-forks · Apr 28, 2022 · 008b700 · 008b700
1 parent 532f9cd
commit 008b700
Show file tree

Hide file tree

Showing 99 changed files with 715 additions and 682 deletions.
diff --git a/.licensed.yml b/.licensed.yml
@@ -13,6 +13,7 @@ allowed:
 ignored:
   bundler:
     - rchardet # Ruby terms
+    - strscan # Ruby
 
 reviewed:
   bundler:
@@ -31,10 +32,16 @@ reviewed:
     - highline # GPL-2.0 OR Ruby terms
     - htmlentities # MIT
     - image_size # MIT
+    - io-wait # Ruby terms
     - json # Ruby terms
     - jwt # MIT
     - kgio # LGPL-2.1+
     - logstash-event # Apache-2.0
+    - net-http # Ruby
+    - net-imap # Ruby
+    - net-pop # Ruby
+    - net-protocol # Ruby
+    - net-smtp # Ruby
     - omniauth # MIT
     - openssl # Ruby terms
     - pg # Ruby terms
@@ -44,5 +51,7 @@ reviewed:
     - rubyzip # Ruby terms
     - sidekiq # LGPL (Sidekiq)
     - tilt
+    - timeout # Ruby
     - unf # BSD-2-Clause
-    - unicorn
+    - unicorn
+    - uri # Ruby
diff --git a/Gemfile b/Gemfile
@@ -18,7 +18,7 @@ else
   # this allows us to include the bits of rails we use without pieces we do not.
   #
   # To issue a rails update bump the version number here
-  rails_version = '6.1.4.7'
+  rails_version = '7.0.2.4'
   gem 'actionmailer', rails_version
   gem 'actionpack', rails_version
   gem 'actionview', rails_version
@@ -68,7 +68,7 @@ gem 'http_accept_language', require: false
 gem 'discourse-ember-rails', '0.18.6', require: 'ember-rails'
 gem 'discourse-ember-source', '~> 3.12.2'
 gem 'ember-handlebars-template', '0.8.0'
-gem 'discourse-fonts'
+gem 'discourse-fonts', require: 'discourse_fonts'
 
 gem 'barber'
 
@@ -190,7 +190,7 @@ if ENV["ALLOW_DEV_POPULATE"] == "1"
   gem 'discourse_dev_assets'
   gem 'faker', "~> 2.16"
 else
-  group :development do
+  group :development, :test do
     gem 'discourse_dev_assets'
     gem 'faker', "~> 2.16"
   end
@@ -268,3 +268,7 @@ gem 'colored2', require: false
 gem 'maxminddb'
 
 gem 'rails_failover', require: false
+
+# workaround for faraday-net_http, see
+# https://github.com/ruby/net-imap/issues/16#issuecomment-803086765
+gem 'net-http'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -8,22 +8,25 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      actionview (= 6.1.4.7)
-      activejob (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionmailer (7.0.2.4)
+      actionpack (= 7.0.2.4)
+      actionview (= 7.0.2.4)
+      activejob (= 7.0.2.4)
+      activesupport (= 7.0.2.4)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.7)
-      actionview (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.2.4)
+      actionview (= 7.0.2.4)
+      activesupport (= 7.0.2.4)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    actionview (7.0.2.4)
+      activesupport (= 7.0.2.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -32,20 +35,19 @@ GEM
       actionview (>= 6.0.a)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
-    activejob (6.1.4.7)
-      activesupport (= 6.1.4.7)
+    activejob (7.0.2.4)
+      activesupport (= 7.0.2.4)
       globalid (>= 0.3.6)
-    activemodel (6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activerecord (6.1.4.7)
-      activemodel (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
-    activesupport (6.1.4.7)
+    activemodel (7.0.2.4)
+      activesupport (= 7.0.2.4)
+    activerecord (7.0.2.4)
+      activemodel (= 7.0.2.4)
+      activesupport (= 7.0.2.4)
+    activesupport (7.0.2.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     annotate (3.2.0)
@@ -106,6 +108,7 @@ GEM
     debug_inspector (1.1.0)
     diff-lcs (1.5.0)
     diffy (3.4.0)
+    digest (3.1.0)
     discourse-ember-rails (0.18.6)
       active_model_serializers
       ember-data-source (>= 1.0.0.beta.5)
@@ -185,6 +188,7 @@ GEM
       progress (~> 3.0, >= 3.0.1)
     image_size (3.0.1)
     in_threads (1.6.0)
+    io-wait (0.2.1)
     ipaddr (1.2.4)
     jmespath (1.6.1)
     jquery-rails (4.4.0)
@@ -246,6 +250,24 @@ GEM
     multi_xml (0.6.0)
     multipart-post (2.1.1)
     mustache (1.1.1)
+    net-http (0.2.0)
+      net-protocol
+      uri
+    net-imap (0.2.3)
+      digest
+      net-protocol
+      strscan
+    net-pop (0.1.1)
+      digest
+      net-protocol
+      timeout
+    net-protocol (0.1.2)
+      io-wait
+      timeout
+    net-smtp (0.3.1)
+      digest
+      net-protocol
+      timeout
     nio4r (2.5.8)
     nokogiri (1.13.4)
       mini_portile2 (~> 2.8.0)
@@ -332,12 +354,13 @@ GEM
     rails_multisite (4.0.1)
       activerecord (> 5.0, < 7.1)
       railties (> 5.0, < 7.1)
-    railties (6.1.4.7)
-      actionpack (= 6.1.4.7)
-      activesupport (= 6.1.4.7)
+    railties (7.0.2.4)
+      actionpack (= 7.0.2.4)
+      activesupport (= 7.0.2.4)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     raindrops (0.20.0)
     rake (13.0.6)
@@ -452,9 +475,11 @@ GEM
       sprockets (>= 3.0.0)
     sshkey (2.0.0)
     stackprof (0.2.19)
+    strscan (3.0.1)
     test-prof (1.0.8)
     thor (1.2.1)
     tilt (2.0.10)
+    timeout (0.2.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     uglifier (4.2.0)
@@ -467,6 +492,7 @@ GEM
       kgio (~> 2.6)
       raindrops (~> 0.7)
     uniform_notifier (1.16.0)
+    uri (0.11.0)
     uri_template (0.7.0)
     webmock (3.14.0)
       addressable (>= 2.8.0)
@@ -489,14 +515,14 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
-  actionmailer (= 6.1.4.7)
-  actionpack (= 6.1.4.7)
-  actionview (= 6.1.4.7)
+  actionmailer (= 7.0.2.4)
+  actionpack (= 7.0.2.4)
+  actionview (= 7.0.2.4)
   actionview_precompiler
   active_model_serializers (~> 0.8.3)
-  activemodel (= 6.1.4.7)
-  activerecord (= 6.1.4.7)
-  activesupport (= 6.1.4.7)
+  activemodel (= 7.0.2.4)
+  activerecord (= 7.0.2.4)
+  activesupport (= 7.0.2.4)
   addressable
   annotate
   aws-sdk-s3
@@ -556,6 +582,7 @@ DEPENDENCIES
   mocha
   multi_json
   mustache
+  net-http
   nokogiri
   oj
   omniauth
@@ -575,7 +602,7 @@ DEPENDENCIES
   rack-protection
   rails_failover
   rails_multisite
-  railties (= 6.1.4.7)
+  railties (= 7.0.2.4)
   rake
   rb-fsevent
   rbtrace

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -68,7 +68,7 @@ def show_browser_update?
   def use_crawler_layout?
     @use_crawler_layout ||=
       request.user_agent &&
-      (request.content_type.blank? || request.content_type.include?('html')) &&
+      (request.media_type.blank? || request.media_type.include?('html')) &&
       !['json', 'rss'].include?(params[:format]) &&
       (has_escaped_fragment? || params.key?("print") || show_browser_update? ||
       CrawlerDetection.crawler?(request.user_agent, request.headers["HTTP_VIA"])
@@ -287,7 +287,7 @@ def rescue_discourse_actions(type, status_code, opts = nil)
       # cause category / topic was deleted
       if permalink.present? && permalink.target_url
         # permalink present, redirect to that URL
-        redirect_with_client_support permalink.target_url, status: :moved_permanently
+        redirect_with_client_support permalink.target_url, status: :moved_permanently, allow_other_host: true
         return
       end
     end
@@ -834,7 +834,7 @@ def redirect_to_login_if_required
       end
 
       if UserApiKey.allowed_scopes.superset?(Set.new(["one_time_password"]))
-        redirect_to("#{params[:auth_redirect]}?otp=true")
+        redirect_to("#{params[:auth_redirect]}?otp=true", allow_other_host: true)
         return
       end
     end

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class PostsController < ApplicationController
+  # Bug with Rails 7+
+  # see https://github.com/rails/rails/issues/44867
+  self._flash_types -= [:notice]
 
   requires_login except: [
     :show,

diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
@@ -33,7 +33,7 @@ def sso
       if SiteSetting.verbose_discourse_connect_logging
         Rails.logger.warn("Verbose SSO log: Started SSO process\n\n#{sso.diagnostics}")
       end
-      redirect_to sso_url(sso)
+      redirect_to sso_url(sso), allow_other_host: true
     else
       render body: nil, status: 404
     end
@@ -69,14 +69,14 @@ def sso_provider(payload = nil, confirmed_2fa_during_login = false)
         # for the login modal
         cookies[:sso_destination_url] = data[:sso_redirect_url]
       else
-        redirect_to data[:sso_redirect_url]
+        redirect_to data[:sso_redirect_url], allow_other_host: true
       end
     elsif result.no_second_factors_enabled?
       if request.xhr?
         # for the login modal
         cookies[:sso_destination_url] = result.data[:sso_redirect_url]
       else
-        redirect_to result.data[:sso_redirect_url]
+        redirect_to result.data[:sso_redirect_url], allow_other_host: true
       end
     elsif result.second_factor_auth_completed?
       redirect_url = result.data[:sso_redirect_url]
@@ -169,7 +169,7 @@ def sso_login
         # they are already pre-approved because they have been invited
         if SiteSetting.must_approve_users? && !user.approved? && invite.blank?
           if SiteSetting.discourse_connect_not_approved_url.present?
-            redirect_to SiteSetting.discourse_connect_not_approved_url
+            redirect_to SiteSetting.discourse_connect_not_approved_url, allow_other_host: true
           else
             render_sso_error(text: I18n.t("discourse_connect.account_not_approved"), status: 403)
           end
@@ -220,7 +220,7 @@ def sso_login
           return_path = path("/")
         end
 
-        redirect_to return_path
+        redirect_to return_path, allow_other_host: true
       else
         render_sso_error(text: I18n.t("discourse_connect.not_found"), status: 500)
       end
@@ -583,7 +583,7 @@ def destroy
         redirect_url: redirect_url
       }
     else
-      redirect_to redirect_url
+      redirect_to redirect_url, allow_other_host: true
     end
   end
 

diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
@@ -30,7 +30,7 @@ def show
     if map.has_key?(@page)
       site_setting_key = map[@page][:redirect]
       url = SiteSetting.get(site_setting_key) if site_setting_key
-      return redirect_to(url) if url.present?
+      return redirect_to(url, allow_other_host: true) if url.present?
     end
 
     # The /guidelines route ALWAYS shows our FAQ, ignoring the faq_url site setting.

diff --git a/app/controllers/svg_sprite_controller.rb b/app/controllers/svg_sprite_controller.rb
@@ -15,7 +15,7 @@ def show
       theme_id = params[:theme_id].to_i if params[:theme_id].present?
 
       if SvgSprite.version(theme_id) != params[:version]
-        return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id)))
+        return redirect_to UrlHelper.absolute((SvgSprite.path(theme_id))), allow_other_host: true
       end
 
       svg_sprite = "window.__svg_sprite = #{SvgSprite.bundle(theme_id).inspect};"

diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
@@ -118,7 +118,7 @@ def show_short
       if Discourse.store.internal?
         send_file_local_upload(upload)
       else
-        redirect_to Discourse.store.url_for(upload, force_download: force_download?)
+        redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true
       end
     else
       render_404
@@ -149,7 +149,7 @@ def show_secure
     # private, so we don't want to go to the CDN url just yet otherwise we
     # will get a 403. if the upload is not secure we assume the ACL is public
     signed_secure_url = Discourse.store.signed_url_for_path(path_with_ext)
-    redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url)
+    redirect_to upload.secure? ? signed_secure_url : Discourse.store.cdn_url(upload.url), allow_other_host: true
   end
 
   def handle_secure_upload_request(upload, path_with_ext = nil)
@@ -166,14 +166,14 @@ def handle_secure_upload_request(upload, path_with_ext = nil)
     # url_for figures out the full URL, handling multisite DBs,
     # and will return a presigned URL for the upload
     if path_with_ext.blank?
-      return redirect_to Discourse.store.url_for(upload, force_download: force_download?)
+      return redirect_to Discourse.store.url_for(upload, force_download: force_download?), allow_other_host: true
     end
 
     redirect_to Discourse.store.signed_url_for_path(
       path_with_ext,
       expires_in: S3Helper::DOWNLOAD_URL_EXPIRES_AFTER_SECONDS,
       force_download: force_download?
-    )
+    ), allow_other_host: true
   end
 
   def metadata