From 0403a8633bdedfe497ec3e2fe5d03e17940d6f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Guitaut?= <loic@discourse.org>
Date: Thu, 19 May 2022 16:58:31 +0200
Subject: [PATCH] DEV: Apply Rails 6.1 defaults

We never applied `config.load_defaults` since its inception (Rails 5.0)
and doing so is necessary to properly upgrade to all the Rails 7 new
defaults.
---
 config/application.rb                              |  6 ++++++
 spec/integration/multisite_cookies_spec.rb         |  2 +-
 .../lib/auth/default_current_user_provider_spec.rb |  7 +++++--
 spec/rails_helper.rb                               | 14 ++++++++------
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/config/application.rb b/config/application.rb
index 48abdb168f8..d459fad4cb3 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -97,6 +97,12 @@ module Discourse
     # tiny file needed by site settings
     require 'highlight_js'
 
+    config.load_defaults 6.1
+    config.active_record.cache_versioning = false # our custom cache class doesn’t support this
+    config.action_controller.forgery_protection_origin_check = false
+    config.active_record.belongs_to_required_by_default = false
+    config.active_record.legacy_connection_handling = true
+
     # we skip it cause we configure it in the initializer
     # the railtie for message_bus would insert it in the
     # wrong position
diff --git a/spec/integration/multisite_cookies_spec.rb b/spec/integration/multisite_cookies_spec.rb
index 955b3176b63..c5d2a3b2ef1 100644
--- a/spec/integration/multisite_cookies_spec.rb
+++ b/spec/integration/multisite_cookies_spec.rb
@@ -4,7 +4,7 @@ describe 'multisite', type: [:multisite, :request] do
   it "works" do
     get "http://test.localhost/session/csrf.json"
     expect(response.status).to eq(200)
-    cookie = response.cookies["_forum_session"]
+    cookie = CGI.escape(response.cookies["_forum_session"])
     id1 = session["session_id"]
 
     get "http://test.localhost/session/csrf.json", headers: { "Cookie" => "_forum_session=#{cookie};" }
diff --git a/spec/lib/auth/default_current_user_provider_spec.rb b/spec/lib/auth/default_current_user_provider_spec.rb
index ef5fe47dc02..3be4ee37cfa 100644
--- a/spec/lib/auth/default_current_user_provider_spec.rb
+++ b/spec/lib/auth/default_current_user_provider_spec.rb
@@ -261,7 +261,7 @@ describe Auth::DefaultCurrentUserProvider do
     let(:cookie) do
       new_provider = provider('/')
       new_provider.log_on_user(user, {}, new_provider.cookie_jar)
-      new_provider.cookie_jar["_t"]
+      CGI.escape(new_provider.cookie_jar["_t"])
     end
 
     before do
@@ -367,6 +367,7 @@ describe Auth::DefaultCurrentUserProvider do
 
     cookie = @provider.cookie_jar["_t"]
     unhashed_token = decrypt_auth_cookie(cookie)[:token]
+    cookie = CGI.escape(cookie)
 
     token = UserAuthToken.find_by(user_id: user.id)
 
@@ -431,6 +432,7 @@ describe Auth::DefaultCurrentUserProvider do
       @provider.log_on_user(user, {}, @provider.cookie_jar)
       cookie = @provider.cookie_jar["_t"]
       unhashed_token = decrypt_auth_cookie(cookie)[:token]
+      cookie = CGI.escape(cookie)
       freeze_time 20.minutes.from_now
       provider2 = provider("/", "HTTP_COOKIE" => "_t=#{cookie}")
       provider2.refresh_session(user, {}, provider2.cookie_jar)
@@ -442,6 +444,7 @@ describe Auth::DefaultCurrentUserProvider do
       @provider.log_on_user(user, {}, @provider.cookie_jar)
       cookie = @provider.cookie_jar["_t"]
       unhashed_token = decrypt_auth_cookie(cookie)[:token]
+      cookie = CGI.escape(cookie)
       freeze_time 2.minutes.from_now
       provider2 = provider("/", "HTTP_COOKIE" => "_t=#{cookie}")
       provider2.refresh_session(user, {}, provider2.cookie_jar)
@@ -748,7 +751,7 @@ describe Auth::DefaultCurrentUserProvider do
       method: "GET",
     })
     @provider.log_on_user(user, {}, @provider.cookie_jar)
-    cookie = @provider.cookie_jar["_t"]
+    cookie = CGI.escape(@provider.cookie_jar["_t"])
 
     ip = "10.0.0.1"
     env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
index b2e6c0de0e6..1704c0e23b0 100644
--- a/spec/rails_helper.rb
+++ b/spec/rails_helper.rb
@@ -460,21 +460,23 @@ def create_request_env(path: nil)
   env
 end
 
-def create_auth_cookie(token:, user_id: nil, trust_level: nil, issued_at: Time.zone.now)
-  request = ActionDispatch::Request.new(create_request_env)
+def create_auth_cookie(token:, user_id: nil, trust_level: nil, issued_at: Time.current)
   data = {
     token: token,
     user_id: user_id,
     trust_level: trust_level,
     issued_at: issued_at.to_i
   }
-  cookie = request.cookie_jar.encrypted["_t"] = { value: data }
-  cookie[:value]
+  jar = ActionDispatch::Cookies::CookieJar.build(ActionDispatch::TestRequest.create, {})
+  jar.encrypted[:_t] = { value: data }
+  CGI.escape(jar[:_t])
 end
 
 def decrypt_auth_cookie(cookie)
-  request = ActionDispatch::Request.new(create_request_env.merge("HTTP_COOKIE" => "_t=#{cookie}"))
-  request.cookie_jar.encrypted["_t"].with_indifferent_access
+  ActionDispatch::Cookies::CookieJar
+    .build(ActionDispatch::TestRequest.create, { _t: cookie })
+    .encrypted[:_t]
+    .with_indifferent_access
 end
 
 class SpecSecureRandom