System Test raises ActiveSupport::MessageVerifier::InvalidSignature

[Yong Bakos]

Hi everyone, thank you for all things Capybara.

I am witnessing an exception in a Rails system test w/ rack driver that works fine when carried out manually in development. Never had this issue in the past. The system test raises a ActiveSupport::MessageVerifier::InvalidSignature.

Is the following a bug?

Capybara Version:
3.36.0

Driver Information (and browser if relevant):
rack-test 1.1.0

## Expected Behavior

A Rails system test of a multipart form should pass.

## Actual Behavior

ActiveSupport::MessageVerifier::InvalidSignature raised in controller action after parameter permitting.

I have a typical Rails model form with a file attachment selector allowing multiple attachments. It works fine in development, but during a system test, raises an `ActiveSupport::MessageVerifier::InvalidSignature` exception.

- Rails 7.0.2.2
- capybara 3.36.0
- rack-test 1.1.0

The model `has_many_attached :photos`.

The form is using `form_with` and `multipart: true`.

The HTML source looks correct.

In development, manually using the form with 0 or any file attachments works as expected.

In my system test, I am using the `rack_test` driver.

```
test "creating a quote request" do
  visit new_quote_request_path
  fill_in "First name", with: 'FAKE FIRST'
  # ...
  click_on "Submit"
  assert_text "Success"
end
```

In the controller, my canonical param-permitting method looks like:

```
def quote_request_params
  params.require(:quote_request).permit(:first_name, :last_name, :email,
    :phone_number, :shipping, :promo_code, :description, :item_type_id, :brand_id,
    photos: [])
end
```

My controller `create` method is typical...

```
def create
  @quote_request = QuoteRequest.new(quote_request_params)
  respond_to do |format|
  # ...
```

In the system test, the call of `QuoteRequest.new(quote_request_params)` raises an `ActiveSupport::MessageVerifier::InvalidSignature` exception.

With a breakpoint in place, I can see that the `quote_request_params` looks like:

```
#<ActionController::Parameters {
"first_name"=>"FAKE FIRST", "last_name"=>"FAKE LAST",
"email"=>"fa...@fake.com", "phone_number"=>"5415555555", "shipping"=>"1",
"promo_code"=>"", "description"=>"Fake quote request description.",
"item_type_id"=>"980190962", "brand_id"=>"980190962",
"photos"=>[
  "",
   "#<Capybara::RackTest::Form::NilUploadedFile:0x000000010dae35b8>"
]} permitted: true>
```

And it seems Capybara is doing its default behavior of attaching a 'nil file' for the multipart form.

The test is raising an `ActiveSupport::MessageVerifier::InvalidSignature` exception, when manually using the same form in development succeeds without error.