actionpack 5.2.3

data/lib/action_dispatch/railtie.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require "action_dispatch"
+require "active_support/messages/rotation_configuration"
+
+module ActionDispatch
+  class Railtie < Rails::Railtie # :nodoc:
+    config.action_dispatch = ActiveSupport::OrderedOptions.new
+    config.action_dispatch.x_sendfile_header = nil
+    config.action_dispatch.ip_spoofing_check = true
+    config.action_dispatch.show_exceptions = true
+    config.action_dispatch.tld_length = 1
+    config.action_dispatch.ignore_accept_header = false
+    config.action_dispatch.rescue_templates = {}
+    config.action_dispatch.rescue_responses = {}
+    config.action_dispatch.default_charset = nil
+    config.action_dispatch.rack_cache = false
+    config.action_dispatch.http_auth_salt = "http authentication"
+    config.action_dispatch.signed_cookie_salt = "signed cookie"
+    config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
+    config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
+    config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
+    config.action_dispatch.use_authenticated_cookie_encryption = false
+    config.action_dispatch.perform_deep_munge = true
+
+    config.action_dispatch.default_headers = {
+      "X-Frame-Options" => "SAMEORIGIN",
+      "X-XSS-Protection" => "1; mode=block",
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
+    }
+
+    config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
+
+    config.eager_load_namespaces << ActionDispatch
+
+    initializer "action_dispatch.configure" do |app|
+      ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
+      ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
+      ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
+      ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
+      ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers
+
+      ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses)
+      ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates)
+
+      config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
+      ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
+
+      ActionDispatch.test_app = app
+    end
+  end
+end

data/lib/action_dispatch/request/session.rb

@@ -0,0 +1,234 @@
+# frozen_string_literal: true
+
+require "rack/session/abstract/id"
+
+module ActionDispatch
+  class Request
+    # Session is responsible for lazily loading the session from store.
+    class Session # :nodoc:
+      ENV_SESSION_KEY         = Rack::RACK_SESSION # :nodoc:
+      ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS # :nodoc:
+
+      # Singleton object used to determine if an optional param wasn't specified.
+      Unspecified = Object.new
+
+      # Creates a session hash, merging the properties of the previous session if any.
+      def self.create(store, req, default_options)
+        session_was = find req
+        session     = Request::Session.new(store, req)
+        session.merge! session_was if session_was
+
+        set(req, session)
+        Options.set(req, Request::Session::Options.new(store, default_options))
+        session
+      end
+
+      def self.find(req)
+        req.get_header ENV_SESSION_KEY
+      end
+
+      def self.set(req, session)
+        req.set_header ENV_SESSION_KEY, session
+      end
+
+      class Options #:nodoc:
+        def self.set(req, options)
+          req.set_header ENV_SESSION_OPTIONS_KEY, options
+        end
+
+        def self.find(req)
+          req.get_header ENV_SESSION_OPTIONS_KEY
+        end
+
+        def initialize(by, default_options)
+          @by       = by
+          @delegate = default_options.dup
+        end
+
+        def [](key)
+          @delegate[key]
+        end
+
+        def id(req)
+          @delegate.fetch(:id) {
+            @by.send(:extract_session_id, req)
+          }
+        end
+
+        def []=(k, v);        @delegate[k] = v; end
+        def to_hash;          @delegate.dup; end
+        def values_at(*args); @delegate.values_at(*args); end
+      end
+
+      def initialize(by, req)
+        @by       = by
+        @req      = req
+        @delegate = {}
+        @loaded   = false
+        @exists   = nil # We haven't checked yet.
+      end
+
+      def id
+        options.id(@req)
+      end
+
+      def options
+        Options.find @req
+      end
+
+      def destroy
+        clear
+        options = self.options || {}
+        @by.send(:delete_session, @req, options.id(@req), options)
+
+        # Load the new sid to be written with the response.
+        @loaded = false
+        load_for_write!
+      end
+
+      # Returns value of the key stored in the session or
+      # +nil+ if the given key is not found in the session.
+      def [](key)
+        load_for_read!
+        @delegate[key.to_s]
+      end
+
+      # Returns true if the session has the given key or false.
+      def has_key?(key)
+        load_for_read!
+        @delegate.key?(key.to_s)
+      end
+      alias :key? :has_key?
+      alias :include? :has_key?
+
+      # Returns keys of the session as Array.
+      def keys
+        load_for_read!
+        @delegate.keys
+      end
+
+      # Returns values of the session as Array.
+      def values
+        load_for_read!
+        @delegate.values
+      end
+
+      # Writes given value to given key of the session.
+      def []=(key, value)
+        load_for_write!
+        @delegate[key.to_s] = value
+      end
+
+      # Clears the session.
+      def clear
+        load_for_write!
+        @delegate.clear
+      end
+
+      # Returns the session as Hash.
+      def to_hash
+        load_for_read!
+        @delegate.dup.delete_if { |_, v| v.nil? }
+      end
+      alias :to_h :to_hash
+
+      # Updates the session with given Hash.
+      #
+      #   session.to_hash
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2"}
+      #
+      #   session.update({ "foo" => "bar" })
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      #
+      #   session.to_hash
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      def update(hash)
+        load_for_write!
+        @delegate.update stringify_keys(hash)
+      end
+
+      # Deletes given key from the session.
+      def delete(key)
+        load_for_write!
+        @delegate.delete key.to_s
+      end
+
+      # Returns value of the given key from the session, or raises +KeyError+
+      # if can't find the given key and no default value is set.
+      # Returns default value if specified.
+      #
+      #   session.fetch(:foo)
+      #   # => KeyError: key not found: "foo"
+      #
+      #   session.fetch(:foo, :bar)
+      #   # => :bar
+      #
+      #   session.fetch(:foo) do
+      #     :bar
+      #   end
+      #   # => :bar
+      def fetch(key, default = Unspecified, &block)
+        load_for_read!
+        if default == Unspecified
+          @delegate.fetch(key.to_s, &block)
+        else
+          @delegate.fetch(key.to_s, default, &block)
+        end
+      end
+
+      def inspect
+        if loaded?
+          super
+        else
+          "#<#{self.class}:0x#{(object_id << 1).to_s(16)} not yet loaded>"
+        end
+      end
+
+      def exists?
+        return @exists unless @exists.nil?
+        @exists = @by.send(:session_exists?, @req)
+      end
+
+      def loaded?
+        @loaded
+      end
+
+      def empty?
+        load_for_read!
+        @delegate.empty?
+      end
+
+      def merge!(other)
+        load_for_write!
+        @delegate.merge!(other)
+      end
+
+      def each(&block)
+        to_hash.each(&block)
+      end
+
+      private
+
+        def load_for_read!
+          load! if !loaded? && exists?
+        end
+
+        def load_for_write!
+          load! unless loaded?
+        end
+
+        def load!
+          id, session = @by.load_session @req
+          options[:id] = id
+          @delegate.replace(stringify_keys(session))
+          @loaded = true
+        end
+
+        def stringify_keys(other)
+          other.each_with_object({}) { |(key, value), hash|
+            hash[key.to_s] = value
+          }
+        end
+    end
+  end
+end

data/lib/action_dispatch/request/utils.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/indifferent_access"
+
+module ActionDispatch
+  class Request
+    class Utils # :nodoc:
+      mattr_accessor :perform_deep_munge, default: true
+
+      def self.each_param_value(params, &block)
+        case params
+        when Array
+          params.each { |element| each_param_value(element, &block) }
+        when Hash
+          params.each_value { |value| each_param_value(value, &block) }
+        when String
+          block.call params
+        end
+      end
+
+      def self.normalize_encode_params(params)
+        if perform_deep_munge
+          NoNilParamEncoder.normalize_encode_params params
+        else
+          ParamEncoder.normalize_encode_params params
+        end
+      end
+
+      def self.check_param_encoding(params)
+        case params
+        when Array
+          params.each { |element| check_param_encoding(element) }
+        when Hash
+          params.each_value { |value| check_param_encoding(value) }
+        when String
+          unless params.valid_encoding?
+            # Raise Rack::Utils::InvalidParameterError for consistency with Rack.
+            # ActionDispatch::Request#GET will re-raise as a BadRequest error.
+            raise Rack::Utils::InvalidParameterError, "Invalid encoding for parameter: #{params.scrub}"
+          end
+        end
+      end
+
+      class ParamEncoder # :nodoc:
+        # Convert nested Hash to HashWithIndifferentAccess.
+        def self.normalize_encode_params(params)
+          case params
+          when Array
+            handle_array params
+          when Hash
+            if params.has_key?(:tempfile)
+              ActionDispatch::Http::UploadedFile.new(params)
+            else
+              params.each_with_object({}) do |(key, val), new_hash|
+                new_hash[key] = normalize_encode_params(val)
+              end.with_indifferent_access
+            end
+          else
+            params
+          end
+        end
+
+        def self.handle_array(params)
+          params.map! { |el| normalize_encode_params(el) }
+        end
+      end
+
+      # Remove nils from the params hash.
+      class NoNilParamEncoder < ParamEncoder # :nodoc:
+        def self.handle_array(params)
+          list = super
+          list.compact!
+          list
+        end
+      end
+    end
+  end
+end

data/lib/action_dispatch/routing.rb

@@ -0,0 +1,260 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/string/filters"
+
+module ActionDispatch
+  # The routing module provides URL rewriting in native Ruby. It's a way to
+  # redirect incoming requests to controllers and actions. This replaces
+  # mod_rewrite rules. Best of all, Rails' \Routing works with any web server.
+  # Routes are defined in <tt>config/routes.rb</tt>.
+  #
+  # Think of creating routes as drawing a map for your requests. The map tells
+  # them where to go based on some predefined pattern:
+  #
+  #   Rails.application.routes.draw do
+  #     Pattern 1 tells some request to go to one place
+  #     Pattern 2 tell them to go to another
+  #     ...
+  #   end
+  #
+  # The following symbols are special:
+  #
+  #   :controller maps to your controller name
+  #   :action     maps to an action with your controllers
+  #
+  # Other names simply map to a parameter as in the case of <tt>:id</tt>.
+  #
+  # == Resources
+  #
+  # Resource routing allows you to quickly declare all of the common routes
+  # for a given resourceful controller. Instead of declaring separate routes
+  # for your +index+, +show+, +new+, +edit+, +create+, +update+ and +destroy+
+  # actions, a resourceful route declares them in a single line of code:
+  #
+  #  resources :photos
+  #
+  # Sometimes, you have a resource that clients always look up without
+  # referencing an ID. A common example, /profile always shows the profile of
+  # the currently logged in user. In this case, you can use a singular resource
+  # to map /profile (rather than /profile/:id) to the show action.
+  #
+  #  resource :profile
+  #
+  # It's common to have resources that are logically children of other
+  # resources:
+  #
+  #   resources :magazines do
+  #     resources :ads
+  #   end
+  #
+  # You may wish to organize groups of controllers under a namespace. Most
+  # commonly, you might group a number of administrative controllers under
+  # an +admin+ namespace. You would place these controllers under the
+  # <tt>app/controllers/admin</tt> directory, and you can group them together
+  # in your router:
+  #
+  #   namespace "admin" do
+  #     resources :posts, :comments
+  #   end
+  #
+  # Alternatively, you can add prefixes to your path without using a separate
+  # directory by using +scope+. +scope+ takes additional options which
+  # apply to all enclosed routes.
+  #
+  #   scope path: "/cpanel", as: 'admin' do
+  #     resources :posts, :comments
+  #   end
+  #
+  # For more, see <tt>Routing::Mapper::Resources#resources</tt>,
+  # <tt>Routing::Mapper::Scoping#namespace</tt>, and
+  # <tt>Routing::Mapper::Scoping#scope</tt>.
+  #
+  # == Non-resourceful routes
+  #
+  # For routes that don't fit the <tt>resources</tt> mold, you can use the HTTP helper
+  # methods <tt>get</tt>, <tt>post</tt>, <tt>patch</tt>, <tt>put</tt> and <tt>delete</tt>.
+  #
+  #   get 'post/:id' => 'posts#show'
+  #   post 'post/:id' => 'posts#create_comment'
+  #
+  # Now, if you POST to <tt>/posts/:id</tt>, it will route to the <tt>create_comment</tt> action. A GET on the same
+  # URL will route to the <tt>show</tt> action.
+  #
+  # If your route needs to respond to more than one HTTP method (or all methods) then using the
+  # <tt>:via</tt> option on <tt>match</tt> is preferable.
+  #
+  #   match 'post/:id' => 'posts#show', via: [:get, :post]
+  #
+  # == Named routes
+  #
+  # Routes can be named by passing an <tt>:as</tt> option,
+  # allowing for easy reference within your source as +name_of_route_url+
+  # for the full URL and +name_of_route_path+ for the URI path.
+  #
+  # Example:
+  #
+  #   # In config/routes.rb
+  #   get '/login' => 'accounts#login', as: 'login'
+  #
+  #   # With render, redirect_to, tests, etc.
+  #   redirect_to login_url
+  #
+  # Arguments can be passed as well.
+  #
+  #   redirect_to show_item_path(id: 25)
+  #
+  # Use <tt>root</tt> as a shorthand to name a route for the root path "/".
+  #
+  #   # In config/routes.rb
+  #   root to: 'blogs#index'
+  #
+  #   # would recognize http://www.example.com/ as
+  #   params = { controller: 'blogs', action: 'index' }
+  #
+  #   # and provide these named routes
+  #   root_url   # => 'http://www.example.com/'
+  #   root_path  # => '/'
+  #
+  # Note: when using +controller+, the route is simply named after the
+  # method you call on the block parameter rather than map.
+  #
+  #   # In config/routes.rb
+  #   controller :blog do
+  #     get 'blog/show'     => :list
+  #     get 'blog/delete'   => :delete
+  #     get 'blog/edit'     => :edit
+  #   end
+  #
+  #   # provides named routes for show, delete, and edit
+  #   link_to @article.title, blog_show_path(id: @article.id)
+  #
+  # == Pretty URLs
+  #
+  # Routes can generate pretty URLs. For example:
+  #
+  #   get '/articles/:year/:month/:day' => 'articles#find_by_id', constraints: {
+  #     year:       /\d{4}/,
+  #     month:      /\d{1,2}/,
+  #     day:        /\d{1,2}/
+  #   }
+  #
+  # Using the route above, the URL "http://localhost:3000/articles/2005/11/06"
+  # maps to
+  #
+  #   params = {year: '2005', month: '11', day: '06'}
+  #
+  # == Regular Expressions and parameters
+  # You can specify a regular expression to define a format for a parameter.
+  #
+  #   controller 'geocode' do
+  #     get 'geocode/:postalcode' => :show, constraints: {
+  #       postalcode: /\d{5}(-\d{4})?/
+  #     }
+  #   end
+  #
+  # Constraints can include the 'ignorecase' and 'extended syntax' regular
+  # expression modifiers:
+  #
+  #   controller 'geocode' do
+  #     get 'geocode/:postalcode' => :show, constraints: {
+  #       postalcode: /hx\d\d\s\d[a-z]{2}/i
+  #     }
+  #   end
+  #
+  #   controller 'geocode' do
+  #     get 'geocode/:postalcode' => :show, constraints: {
+  #       postalcode: /# Postalcode format
+  #          \d{5} #Prefix
+  #          (-\d{4})? #Suffix
+  #          /x
+  #     }
+  #   end
+  #
+  # Using the multiline modifier will raise an +ArgumentError+.
+  # Encoding regular expression modifiers are silently ignored. The
+  # match will always use the default encoding or ASCII.
+  #
+  # == External redirects
+  #
+  # You can redirect any path to another path using the redirect helper in your router:
+  #
+  #   get "/stories" => redirect("/posts")
+  #
+  # == Unicode character routes
+  #
+  # You can specify unicode character routes in your router:
+  #
+  #   get "こんにちは" => "welcome#index"
+  #
+  # == Routing to Rack Applications
+  #
+  # Instead of a String, like <tt>posts#index</tt>, which corresponds to the
+  # index action in the PostsController, you can specify any Rack application
+  # as the endpoint for a matcher:
+  #
+  #   get "/application.js" => Sprockets
+  #
+  # == Reloading routes
+  #
+  # You can reload routes if you feel you must:
+  #
+  #   Rails.application.reload_routes!
+  #
+  # This will clear all named routes and reload config/routes.rb if the file has been modified from
+  # last load. To absolutely force reloading, use <tt>reload!</tt>.
+  #
+  # == Testing Routes
+  #
+  # The two main methods for testing your routes:
+  #
+  # === +assert_routing+
+  #
+  #   def test_movie_route_properly_splits
+  #    opts = {controller: "plugin", action: "checkout", id: "2"}
+  #    assert_routing "plugin/checkout/2", opts
+  #   end
+  #
+  # +assert_routing+ lets you test whether or not the route properly resolves into options.
+  #
+  # === +assert_recognizes+
+  #
+  #   def test_route_has_options
+  #    opts = {controller: "plugin", action: "show", id: "12"}
+  #    assert_recognizes opts, "/plugins/show/12"
+  #   end
+  #
+  # Note the subtle difference between the two: +assert_routing+ tests that
+  # a URL fits options while +assert_recognizes+ tests that a URL
+  # breaks into parameters properly.
+  #
+  # In tests you can simply pass the URL or named route to +get+ or +post+.
+  #
+  #   def send_to_jail
+  #     get '/jail'
+  #     assert_response :success
+  #   end
+  #
+  #   def goes_to_login
+  #     get login_url
+  #     #...
+  #   end
+  #
+  # == View a list of all your routes
+  #
+  #   rails routes
+  #
+  # Target specific controllers by prefixing the command with <tt>-c</tt> option.
+  #
+  module Routing
+    extend ActiveSupport::Autoload
+
+    autoload :Mapper
+    autoload :RouteSet
+    autoload :RoutesProxy
+    autoload :UrlFor
+    autoload :PolymorphicRoutes
+
+    SEPARATORS = %w( / . ? ) #:nodoc:
+    HTTP_METHODS = [:get, :head, :post, :patch, :put, :delete, :options] #:nodoc:
+  end
+end