A much needed Active Storage documentation with a new option to trigger has_secure_token

Sunday, July 23, 2023

A much needed Active Storage documentation with a new option to trigger has_secure_token

Posted by Emmanuel Hayford

This is Emmanuel… you haven’t heard from me in a while. I’m doing great, and have a few merged pull requests that I want to share with you.

Don’t show secrets for MessageVerifier#inspect and KeyGenerator#inspect If anyone calls a cipher in the console, it will reveal the secret of the encryptor. By overriding the inspect method to display only the class name, we can prevent accidental exposure of sensitive information.

Active Record commit transaction on return, break and throw There’s a lot of history around this PR. In short Rails 7.1 will get a new configuration option that defines whether return , break and throw inside a transaction block cause the transaction to be committed or rolled back. Let’s take this example:

Model.transaction do
  model.save
  return
  other_model.save
end

With the new config.active_record.commit_transaction_on_non_local_return set to false , this transaction will rollback upon hitting return, if set to true , the transaction will be committed.

Document common ActiveStorage issues When attaching files to a has_many_attached association, the default behaviour is to replace any existing attachments. However, if you wish to preserve existing attachments and add new ones, you can achieve this by setting Rails.application.config.replace_on_assign_to_many to false. This PR properly documents this behaviour.

Specify when to generate has_secure_token Rails has a has_secure_token method that employs SecureRandom::base58 to generate a 24-character unique token for a model. With this PR, one can specify at what point during the model’s life-cycle the token is generated via an on: option. This PR ensures we can do something like:

class User < ApplicationRecord
  has_secure_token on: :initialize
end

By passing the on: :initialize , the token is generated in an after_initialize callback as opposed a before_* callback which is the default behaviour.

In the last fourteen days, we’ve had 37 generous contributors.

That’s all I’ve got for today!

Your weekly inside scoop of interesting commits, pull requests and more from Rails.

Subscribe to get these updates mailed to you.