Merge pull request rails#55387 from cassiascheffer/cassia/avoid-dynamic-encrypting-in-fixtures

Avoid dynamic encrypting in generated fixtures

Author: byroot

railties/CHANGELOG.md

@@ -1,3 +1,11 @@
+*   Generate static BCrypt password digests in fixtures instead of dynamic ERB expressions.
+
+    Previously, fixtures with password digest attributes used `<%= BCrypt::Password.create("secret") %>`,
+    which regenerated the hash on each test run. Now generates a static hash with a comment
+    showing how to recreate it.
+
+    *Nate Smith*, *Cassia Scheffer*
+
 *   Broaden the `.gitignore` entry when adding a credentials key to ignore all key files.
 
     *Greg Molnar*

railties/lib/rails/generators/test_unit/model/templates/fixtures.yml.tt

@@ -4,7 +4,7 @@
 <%= name %>:
 <% attributes.each do |attribute| -%>
   <%- if attribute.password_digest? -%>
-  password_digest: <%%= BCrypt::Password.create("secret") %>
+  password_digest: <%= BCrypt::Password.create("secret") %>  # Generated with BCrypt::Password.create("secret")
   <%- elsif attribute.reference? -%>
   <%= yaml_key_value(attribute.column_name.delete_suffix("_id"), attribute.default || name) %>
   <%- elsif !attribute.virtual? -%>

railties/test/generators/scaffold_generator_test.rb

@@ -3,6 +3,7 @@
 require "plugin_helpers"
 require "generators/generators_test_helper"
 require "rails/generators/rails/scaffold/scaffold_generator"
+require "bcrypt"
 
 class ScaffoldGeneratorTest < Rails::Generators::TestCase
   include PluginHelpers
@@ -564,7 +565,9 @@ def test_scaffold_generator_password_digest
     end
 
     assert_file "test/fixtures/users.yml" do |content|
-      assert_match(/password_digest: <%= BCrypt::Password.create\("secret"\) %>/, content)
+      assert_match(/password_digest: (.+)$/, content)
+      digest = content.match(/password_digest: ([^#\s]+)/)[1].strip
+      assert BCrypt::Password.new(digest) == "secret"
     end
   end