Rails 6

Gemfile

@@ -3,7 +3,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 ruby '~> 2.6.5'
 
-gem 'rails', '~> 5.2.4', '>= 5.2.4.4'
+gem 'rails', '~> 6.0.0'
 
 gem 'ahoy_matey', '~> 2.2', '>= 2.2.1'
 gem 'american_date'

Gemfile.lock

@@ -87,47 +87,61 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.4.4)
-      actionpack (= 5.2.4.4)
+    actioncable (6.0.3.4)
+      actionpack (= 6.0.3.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      actionview (= 5.2.4.4)
-      activejob (= 5.2.4.4)
+    actionmailbox (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+      mail (>= 2.7.1)
+    actionmailer (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.4.4)
-      actionview (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    actionpack (6.0.3.4)
+      actionview (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.4.4)
-      activesupport (= 5.2.4.4)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.3.4)
+      activesupport (= 6.0.3.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.4.4)
-      activesupport (= 5.2.4.4)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.3.4)
+      activesupport (= 6.0.3.4)
       globalid (>= 0.3.6)
-    activemodel (5.2.4.4)
-      activesupport (= 5.2.4.4)
-    activerecord (5.2.4.4)
-      activemodel (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
-      arel (>= 9.0)
-    activestorage (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      activerecord (= 5.2.4.4)
+    activemodel (6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activerecord (6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activestorage (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
       marcel (~> 0.3.1)
-    activesupport (5.2.4.4)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+      zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     aes_key_wrap (1.0.1)
@@ -142,7 +156,6 @@ GEM
       safely_block (>= 0.2.1)
       user_agent_parser
     american_date (1.1.1)
-    arel (9.0.0)
     ast (2.4.1)
     awrence (1.1.1)
     aws-eventstream (1.1.0)
@@ -463,18 +476,20 @@ GEM
     rack_session_access (0.2.0)
       builder (>= 2.0.0)
       rack (>= 1.0.0)
-    rails (5.2.4.4)
-      actioncable (= 5.2.4.4)
-      actionmailer (= 5.2.4.4)
-      actionpack (= 5.2.4.4)
-      actionview (= 5.2.4.4)
-      activejob (= 5.2.4.4)
-      activemodel (= 5.2.4.4)
-      activerecord (= 5.2.4.4)
-      activestorage (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+    rails (6.0.3.4)
+      actioncable (= 6.0.3.4)
+      actionmailbox (= 6.0.3.4)
+      actionmailer (= 6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actiontext (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       bundler (>= 1.3.0)
-      railties (= 5.2.4.4)
+      railties (= 6.0.3.4)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -490,15 +505,15 @@ GEM
       ruby-graphviz (~> 1.2)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    rails-i18n (5.1.3)
+    rails-i18n (6.0.0)
       i18n (>= 0.7, < 2)
-      railties (>= 5.0, < 6)
-    railties (5.2.4.4)
-      actionpack (= 5.2.4.4)
-      activesupport (= 5.2.4.4)
+      railties (>= 6.0.0, < 7)
+    railties (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
+      thor (>= 0.20.3, < 2.0)
     rainbow (3.0.0)
     raise-if-root (0.0.2)
     rake (13.0.1)
@@ -630,7 +645,7 @@ GEM
     sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.1)
+    sprockets-rails (3.2.2)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -708,6 +723,7 @@ GEM
     xpath (3.2.0)
       nokogiri (~> 1.8)
     yard (0.9.20)
+    zeitwerk (2.4.1)
     zonebie (0.6.1)
     zxcvbn-js (4.4.3)
       execjs
@@ -784,7 +800,7 @@ DEPENDENCIES
   rack-test (>= 1.1.0)
   rack-timeout
   rack_session_access (>= 0.2.0)
-  rails (~> 5.2.4, >= 5.2.4.4)
+  rails (~> 6.0.0)
   rails-controller-testing (>= 1.0.4)
   rails-erd (>= 1.6.0)
   raise-if-root

app/controllers/sign_up/cancellations_controller.rb

@@ -5,7 +5,7 @@ class CancellationsController < ApplicationController
     def new
       properties = ParseControllerFromReferer.new(request.referer).call
       analytics.track_event(Analytics::USER_REGISTRATION_CANCELLATION, properties)
-      @presenter = CancellationPresenter.new(view_context: view_context)
+      @presenter = CancellationPresenter.new(referer: request.referer)
     end
 
     private

app/presenters/cancellation_presenter.rb

@@ -2,13 +2,11 @@ class CancellationPresenter < FailurePresenter
   include ActionView::Helpers::TranslationHelper
   include Rails.application.routes.url_helpers
 
-  delegate :request, to: :view_context
+  attr_reader :referer
 
-  attr_reader :view_context
-
-  def initialize(view_context:)
+  def initialize(referer:)
     super(:warning)
-    @view_context = view_context
+    @referer = referer
   end
 
   def title
@@ -34,9 +32,8 @@ def go_back_path
   private
 
   def referer_path
-    referer_string = request.env['HTTP_REFERER']
-    return if referer_string.blank?
-    referer_uri = URI.parse(referer_string)
+    return if referer.blank?
+    referer_uri = URI.parse(referer)
     return if referer_uri.scheme == 'javascript'
     return unless referer_uri.host == AppConfig.env.domain_name.split(':')[0]
     extract_path_and_query_from_uri(referer_uri)

app/services/reports/iaa_billing_report.rb

@@ -57,7 +57,9 @@ def unique_iaa_sps
       sps = []
       ServiceProvider.where.not(
         iaa: nil,
+      ).where.not(
         iaa_start_date: nil,
+      ).where.not(
         iaa_end_date: nil,
       ).sort_by(&:issuer).each do |sp|
         iaa = sp.iaa

config/application.rb

@@ -12,10 +12,14 @@ module Upaya
   class Application < Rails::Application
     AppConfig.setup(YAML.safe_load(File.read(Rails.root.join('config', 'application.yml'))))
 
-    config.load_defaults '5.2'
+    config.load_defaults '6.0'
     config.active_record.belongs_to_required_by_default = false
     config.assets.unknown_asset_fallback = true
 
+    # We can enable this once we know we're not rolling back from Rails 6
+    # https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#purpose-in-signed-or-encrypted-cookie-is-now-embedded-within-cookies
+    config.action_dispatch.use_cookies_with_metadata = false
+
     config.active_job.queue_adapter = 'inline'
     config.time_zone = 'UTC'
 

public/406.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <title>We're sorry, but something went wrong (406)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <link rel="stylesheet" href="/css/static.css">
+</head>
+<body>
+  <div class="site-wrapper">
+    <div class="site-wrapper-inner">
+      <div class="cover-container" role="main">
+        <div class="masthead clearfix">
+          <div class="inner">
+            <img width="150" alt="login.gov" class="masthead-brand" src="/images/logo-white.svg">
+          </div>
+        </div>
+        <div class="inner cover">
+          <h1>We're sorry, but something went wrong.</h1>
+          <p>Please try again in a few minutes. (406)</p>
+        </div>
+      </div>
+    </div>
+  </div>
+</body>
+</html>

spec/controllers/application_controller_spec.rb

@@ -70,7 +70,7 @@ def index
     it 'returns an html page' do
       get :index
 
-      expect(response.content_type).to eq 'text/html'
+      expect(response.media_type).to eq 'text/html'
     end
   end
 

spec/controllers/saml_idp_controller_spec.rb

@@ -51,7 +51,7 @@
     let(:xmldoc) { SamlResponseDoc.new('controller', 'metadata', response) }
 
     it 'renders XML inline' do
-      expect(response.content_type).to eq 'text/xml'
+      expect(response.media_type).to eq 'text/xml'
     end
 
     it 'contains an EntityDescriptor nodeset' do

spec/controllers/sign_up/registrations_controller_spec.rb

@@ -23,9 +23,9 @@
 
     it 'gracefully handles invalid formats' do
       @request.env['HTTP_ACCEPT'] = "nessus=bad_bad_value'"
-      get :new
 
-      expect(response.status).to eq(200)
+      expect { get :new }.
+        to raise_error(Mime::Type::InvalidMimeType)
     end
   end
 

spec/controllers/users/sessions_controller_spec.rb

@@ -34,7 +34,7 @@
       it 'renders json' do
         get :active
 
-        expect(response.content_type).to eq('application/json')
+        expect(response.media_type).to eq('application/json')
       end
 
       it 'sets live key to true' do
@@ -542,7 +542,7 @@
       it 'renders json' do
         post :keepalive
 
-        expect(response.content_type).to eq('application/json')
+        expect(response.media_type).to eq('application/json')
       end
 
       it 'resets the timeout key' do

spec/features/accessibility/static_pages_spec.rb

@@ -18,6 +18,14 @@
     expect(page).to be_uniquely_titled
   end
 
+  scenario '406 page' do
+    visit '/406'
+
+    expect(page).to be_accessible.according_to :section508, :"best-practice"
+    expect(page).to label_required_fields
+    expect(page).to be_uniquely_titled
+  end
+
   scenario '422 page' do
     visit '/422'
 

spec/presenters/cancellation_presenter_spec.rb

@@ -5,20 +5,11 @@
   let(:good_url_with_path) { 'http://example.com/asdf?qwerty=123' }
   let(:bad_url) { 'http://evil.com/asdf/qwerty' }
 
-  let(:view_context) { ActionView::Base.new }
-
-  subject { described_class.new(view_context: view_context) }
+  subject { described_class.new(referer: referer_header) }
 
   describe '#go_back_link' do
     let(:sign_up_path) { '/two_factor_options' }
 
-    before do
-      allow(view_context).to receive(:sign_up_path).and_return(sign_up_path)
-      request = instance_double(ActionDispatch::Request)
-      allow(request).to receive(:env).and_return('HTTP_REFERER' => referer_header)
-      allow(view_context).to receive(:request).and_return(request)
-    end
-
     context 'without a referer header' do
       let(:referer_header) { nil }
 

spec/services/reports/deleted_user_accounts_report_spec.rb

@@ -6,7 +6,7 @@
   let(:name) { 'An SP' }
   let(:user) { create(:user) }
   let(:uuid) { 'foo' }
-  let(:last_authenticated_at) { '2020-01-02 12:03:04' }
+  let(:last_authenticated_at) { '2020-01-02 12:03:04 UTC' }
 
   subject { described_class.new }
 
@@ -20,7 +20,7 @@
     create(:identity, service_provider: issuer,
                       user: user,
                       uuid: uuid,
-                      last_authenticated_at: last_authenticated_at + ' UTC')
+                      last_authenticated_at: last_authenticated_at)
     user.destroy!
 
     allow(AppConfig.env).to receive(:deleted_user_accounts_report_configs).and_return(