actionpack 6.0.0

data/lib/action_controller/metal/rescue.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActionController #:nodoc:
+  # This module is responsible for providing +rescue_from+ helpers
+  # to controllers and configuring when detailed exceptions must be
+  # shown.
+  module Rescue
+    extend ActiveSupport::Concern
+    include ActiveSupport::Rescuable
+
+    # Override this method if you want to customize when detailed
+    # exceptions must be shown. This method is only called when
+    # +consider_all_requests_local+ is +false+. By default, it returns
+    # +false+, but someone may set it to <tt>request.local?</tt> so local
+    # requests in production still show the detailed exception pages.
+    def show_detailed_exceptions?
+      false
+    end
+
+    private
+      def process_action(*args)
+        super
+      rescue Exception => exception
+        request.env["action_dispatch.show_detailed_exceptions"] ||= show_detailed_exceptions?
+        rescue_with_handler(exception) || raise
+      end
+  end
+end

data/lib/action_controller/metal/streaming.rb

@@ -0,0 +1,223 @@
+# frozen_string_literal: true
+
+require "rack/chunked"
+
+module ActionController #:nodoc:
+  # Allows views to be streamed back to the client as they are rendered.
+  #
+  # By default, Rails renders views by first rendering the template
+  # and then the layout. The response is sent to the client after the whole
+  # template is rendered, all queries are made, and the layout is processed.
+  #
+  # Streaming inverts the rendering flow by rendering the layout first and
+  # streaming each part of the layout as they are processed. This allows the
+  # header of the HTML (which is usually in the layout) to be streamed back
+  # to client very quickly, allowing JavaScripts and stylesheets to be loaded
+  # earlier than usual.
+  #
+  # This approach was introduced in Rails 3.1 and is still improving. Several
+  # Rack middlewares may not work and you need to be careful when streaming.
+  # Those points are going to be addressed soon.
+  #
+  # In order to use streaming, you will need to use a Ruby version that
+  # supports fibers (fibers are supported since version 1.9.2 of the main
+  # Ruby implementation).
+  #
+  # Streaming can be added to a given template easily, all you need to do is
+  # to pass the :stream option.
+  #
+  #   class PostsController
+  #     def index
+  #       @posts = Post.all
+  #       render stream: true
+  #     end
+  #   end
+  #
+  # == When to use streaming
+  #
+  # Streaming may be considered to be overkill for lightweight actions like
+  # +new+ or +edit+. The real benefit of streaming is on expensive actions
+  # that, for example, do a lot of queries on the database.
+  #
+  # In such actions, you want to delay queries execution as much as you can.
+  # For example, imagine the following +dashboard+ action:
+  #
+  #   def dashboard
+  #     @posts = Post.all
+  #     @pages = Page.all
+  #     @articles = Article.all
+  #   end
+  #
+  # Most of the queries here are happening in the controller. In order to benefit
+  # from streaming you would want to rewrite it as:
+  #
+  #   def dashboard
+  #     # Allow lazy execution of the queries
+  #     @posts = Post.all
+  #     @pages = Page.all
+  #     @articles = Article.all
+  #     render stream: true
+  #   end
+  #
+  # Notice that :stream only works with templates. Rendering :json
+  # or :xml with :stream won't work.
+  #
+  # == Communication between layout and template
+  #
+  # When streaming, rendering happens top-down instead of inside-out.
+  # Rails starts with the layout, and the template is rendered later,
+  # when its +yield+ is reached.
+  #
+  # This means that, if your application currently relies on instance
+  # variables set in the template to be used in the layout, they won't
+  # work once you move to streaming. The proper way to communicate
+  # between layout and template, regardless of whether you use streaming
+  # or not, is by using +content_for+, +provide+ and +yield+.
+  #
+  # Take a simple example where the layout expects the template to tell
+  # which title to use:
+  #
+  #   <html>
+  #     <head><title><%= yield :title %></title></head>
+  #     <body><%= yield %></body>
+  #   </html>
+  #
+  # You would use +content_for+ in your template to specify the title:
+  #
+  #   <%= content_for :title, "Main" %>
+  #   Hello
+  #
+  # And the final result would be:
+  #
+  #   <html>
+  #     <head><title>Main</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # However, if +content_for+ is called several times, the final result
+  # would have all calls concatenated. For instance, if we have the following
+  # template:
+  #
+  #   <%= content_for :title, "Main" %>
+  #   Hello
+  #   <%= content_for :title, " page" %>
+  #
+  # The final result would be:
+  #
+  #   <html>
+  #     <head><title>Main page</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # This means that, if you have <code>yield :title</code> in your layout
+  # and you want to use streaming, you would have to render the whole template
+  # (and eventually trigger all queries) before streaming the title and all
+  # assets, which kills the purpose of streaming. For this purpose, you can use
+  # a helper called +provide+ that does the same as +content_for+ but tells the
+  # layout to stop searching for other entries and continue rendering.
+  #
+  # For instance, the template above using +provide+ would be:
+  #
+  #   <%= provide :title, "Main" %>
+  #   Hello
+  #   <%= content_for :title, " page" %>
+  #
+  # Giving:
+  #
+  #   <html>
+  #     <head><title>Main</title></head>
+  #     <body>Hello</body>
+  #   </html>
+  #
+  # That said, when streaming, you need to properly check your templates
+  # and choose when to use +provide+ and +content_for+.
+  #
+  # == Headers, cookies, session and flash
+  #
+  # When streaming, the HTTP headers are sent to the client right before
+  # it renders the first line. This means that, modifying headers, cookies,
+  # session or flash after the template starts rendering will not propagate
+  # to the client.
+  #
+  # == Middlewares
+  #
+  # Middlewares that need to manipulate the body won't work with streaming.
+  # You should disable those middlewares whenever streaming in development
+  # or production. For instance, <tt>Rack::Bug</tt> won't work when streaming as it
+  # needs to inject contents in the HTML body.
+  #
+  # Also <tt>Rack::Cache</tt> won't work with streaming as it does not support
+  # streaming bodies yet. Whenever streaming Cache-Control is automatically
+  # set to "no-cache".
+  #
+  # == Errors
+  #
+  # When it comes to streaming, exceptions get a bit more complicated. This
+  # happens because part of the template was already rendered and streamed to
+  # the client, making it impossible to render a whole exception page.
+  #
+  # Currently, when an exception happens in development or production, Rails
+  # will automatically stream to the client:
+  #
+  #   "><script>window.location = "/500.html"</script></html>
+  #
+  # The first two characters (">) are required in case the exception happens
+  # while rendering attributes for a given tag. You can check the real cause
+  # for the exception in your logger.
+  #
+  # == Web server support
+  #
+  # Not all web servers support streaming out-of-the-box. You need to check
+  # the instructions for each of them.
+  #
+  # ==== Unicorn
+  #
+  # Unicorn supports streaming but it needs to be configured. For this, you
+  # need to create a config file as follow:
+  #
+  #   # unicorn.config.rb
+  #   listen 3000, tcp_nopush: false
+  #
+  # And use it on initialization:
+  #
+  #   unicorn_rails --config-file unicorn.config.rb
+  #
+  # You may also want to configure other parameters like <tt>:tcp_nodelay</tt>.
+  # Please check its documentation for more information: https://bogomips.org/unicorn/Unicorn/Configurator.html#method-i-listen
+  #
+  # If you are using Unicorn with NGINX, you may need to tweak NGINX.
+  # Streaming should work out of the box on Rainbows.
+  #
+  # ==== Passenger
+  #
+  # To be described.
+  #
+  module Streaming
+    extend ActiveSupport::Concern
+
+    private
+
+      # Set proper cache control and transfer encoding when streaming
+      def _process_options(options)
+        super
+        if options[:stream]
+          if request.version == "HTTP/1.0"
+            options.delete(:stream)
+          else
+            headers["Cache-Control"] ||= "no-cache"
+            headers["Transfer-Encoding"] = "chunked"
+            headers.delete("Content-Length")
+          end
+        end
+      end
+
+      # Call render_body if we are streaming instead of usual +render+.
+      def _render_template(options)
+        if options.delete(:stream)
+          Rack::Chunked::Body.new view_renderer.render_body(view_context, options)
+        else
+          super
+        end
+      end
+  end
+end

data/lib/action_controller/metal/strong_parameters.rb

@@ -0,0 +1,1105 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/indifferent_access"
+require "active_support/core_ext/array/wrap"
+require "active_support/core_ext/string/filters"
+require "active_support/core_ext/object/to_query"
+require "action_dispatch/http/upload"
+require "rack/test"
+require "stringio"
+require "set"
+require "yaml"
+
+module ActionController
+  # Raised when a required parameter is missing.
+  #
+  #   params = ActionController::Parameters.new(a: {})
+  #   params.fetch(:b)
+  #   # => ActionController::ParameterMissing: param is missing or the value is empty: b
+  #   params.require(:a)
+  #   # => ActionController::ParameterMissing: param is missing or the value is empty: a
+  class ParameterMissing < KeyError
+    attr_reader :param # :nodoc:
+
+    def initialize(param) # :nodoc:
+      @param = param
+      super("param is missing or the value is empty: #{param}")
+    end
+  end
+
+  # Raised when a supplied parameter is not expected and
+  # ActionController::Parameters.action_on_unpermitted_parameters
+  # is set to <tt>:raise</tt>.
+  #
+  #   params = ActionController::Parameters.new(a: "123", b: "456")
+  #   params.permit(:c)
+  #   # => ActionController::UnpermittedParameters: found unpermitted parameters: :a, :b
+  class UnpermittedParameters < IndexError
+    attr_reader :params # :nodoc:
+
+    def initialize(params) # :nodoc:
+      @params = params
+      super("found unpermitted parameter#{'s' if params.size > 1 }: #{params.map { |e| ":#{e}" }.join(", ")}")
+    end
+  end
+
+  # Raised when a Parameters instance is not marked as permitted and
+  # an operation to transform it to hash is called.
+  #
+  #   params = ActionController::Parameters.new(a: "123", b: "456")
+  #   params.to_h
+  #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
+  class UnfilteredParameters < ArgumentError
+    def initialize # :nodoc:
+      super("unable to convert unpermitted parameters to hash")
+    end
+  end
+
+  # == Action Controller \Parameters
+  #
+  # Allows you to choose which attributes should be permitted for mass updating
+  # and thus prevent accidentally exposing that which shouldn't be exposed.
+  # Provides two methods for this purpose: #require and #permit. The former is
+  # used to mark parameters as required. The latter is used to set the parameter
+  # as permitted and limit which attributes should be allowed for mass updating.
+  #
+  #   params = ActionController::Parameters.new({
+  #     person: {
+  #       name: "Francesco",
+  #       age:  22,
+  #       role: "admin"
+  #     }
+  #   })
+  #
+  #   permitted = params.require(:person).permit(:name, :age)
+  #   permitted            # => <ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>
+  #   permitted.permitted? # => true
+  #
+  #   Person.first.update!(permitted)
+  #   # => #<Person id: 1, name: "Francesco", age: 22, role: "user">
+  #
+  # It provides two options that controls the top-level behavior of new instances:
+  #
+  # * +permit_all_parameters+ - If it's +true+, all the parameters will be
+  #   permitted by default. The default is +false+.
+  # * +action_on_unpermitted_parameters+ - Allow to control the behavior when parameters
+  #   that are not explicitly permitted are found. The values can be +false+ to just filter them
+  #   out, <tt>:log</tt> to additionally write a message on the logger, or <tt>:raise</tt> to raise
+  #   ActionController::UnpermittedParameters exception. The default value is <tt>:log</tt>
+  #   in test and development environments, +false+ otherwise.
+  #
+  # Examples:
+  #
+  #   params = ActionController::Parameters.new
+  #   params.permitted? # => false
+  #
+  #   ActionController::Parameters.permit_all_parameters = true
+  #
+  #   params = ActionController::Parameters.new
+  #   params.permitted? # => true
+  #
+  #   params = ActionController::Parameters.new(a: "123", b: "456")
+  #   params.permit(:c)
+  #   # => <ActionController::Parameters {} permitted: true>
+  #
+  #   ActionController::Parameters.action_on_unpermitted_parameters = :raise
+  #
+  #   params = ActionController::Parameters.new(a: "123", b: "456")
+  #   params.permit(:c)
+  #   # => ActionController::UnpermittedParameters: found unpermitted keys: a, b
+  #
+  # Please note that these options *are not thread-safe*. In a multi-threaded
+  # environment they should only be set once at boot-time and never mutated at
+  # runtime.
+  #
+  # You can fetch values of <tt>ActionController::Parameters</tt> using either
+  # <tt>:key</tt> or <tt>"key"</tt>.
+  #
+  #   params = ActionController::Parameters.new(key: "value")
+  #   params[:key]  # => "value"
+  #   params["key"] # => "value"
+  class Parameters
+    cattr_accessor :permit_all_parameters, instance_accessor: false, default: false
+
+    cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
+
+    ##
+    # :method: as_json
+    #
+    # :call-seq:
+    #   as_json(options=nil)
+    #
+    # Returns a hash that can be used as the JSON representation for the parameters.
+
+    ##
+    # :method: each_key
+    #
+    # :call-seq:
+    #   each_key()
+    #
+    # Calls block once for each key in the parameters, passing the key.
+    # If no block is given, an enumerator is returned instead.
+
+    ##
+    # :method: empty?
+    #
+    # :call-seq:
+    #   empty?()
+    #
+    # Returns true if the parameters have no key/value pairs.
+
+    ##
+    # :method: has_key?
+    #
+    # :call-seq:
+    #   has_key?(key)
+    #
+    # Returns true if the given key is present in the parameters.
+
+    ##
+    # :method: has_value?
+    #
+    # :call-seq:
+    #   has_value?(value)
+    #
+    # Returns true if the given value is present for some key in the parameters.
+
+    ##
+    # :method: include?
+    #
+    # :call-seq:
+    #   include?(key)
+    #
+    # Returns true if the given key is present in the parameters.
+
+    ##
+    # :method: key?
+    #
+    # :call-seq:
+    #   key?(key)
+    #
+    # Returns true if the given key is present in the parameters.
+
+    ##
+    # :method: keys
+    #
+    # :call-seq:
+    #   keys()
+    #
+    # Returns a new array of the keys of the parameters.
+
+    ##
+    # :method: to_s
+    #
+    # :call-seq:
+    #   to_s()
+    #
+    # Returns the content of the parameters as a string.
+
+    ##
+    # :method: value?
+    #
+    # :call-seq:
+    #   value?(value)
+    #
+    # Returns true if the given value is present for some key in the parameters.
+
+    ##
+    # :method: values
+    #
+    # :call-seq:
+    #   values()
+    #
+    # Returns a new array of the values of the parameters.
+    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
+      :as_json, :to_s, :each_key, to: :@parameters
+
+    # By default, never raise an UnpermittedParameters exception if these
+    # params are present. The default includes both 'controller' and 'action'
+    # because they are added by Rails and should be of no concern. One way
+    # to change these is to specify `always_permitted_parameters` in your
+    # config. For instance:
+    #
+    #    config.always_permitted_parameters = %w( controller action format )
+    cattr_accessor :always_permitted_parameters, default: %w( controller action )
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt>.
+    # Also, sets the +permitted+ attribute to the default value of
+    # <tt>ActionController::Parameters.permit_all_parameters</tt>.
+    #
+    #   class Person < ActiveRecord::Base
+    #   end
+    #
+    #   params = ActionController::Parameters.new(name: "Francesco")
+    #   params.permitted?  # => false
+    #   Person.new(params) # => ActiveModel::ForbiddenAttributesError
+    #
+    #   ActionController::Parameters.permit_all_parameters = true
+    #
+    #   params = ActionController::Parameters.new(name: "Francesco")
+    #   params.permitted?  # => true
+    #   Person.new(params) # => #<Person id: nil, name: "Francesco">
+    def initialize(parameters = {})
+      @parameters = parameters.with_indifferent_access
+      @permitted = self.class.permit_all_parameters
+    end
+
+    # Returns true if another +Parameters+ object contains the same content and
+    # permitted flag.
+    def ==(other)
+      if other.respond_to?(:permitted?)
+        permitted? == other.permitted? && parameters == other.parameters
+      else
+        @parameters == other
+      end
+    end
+
+    # Returns a safe <tt>ActiveSupport::HashWithIndifferentAccess</tt>
+    # representation of the parameters with all unpermitted keys removed.
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: "Senjougahara Hitagi",
+    #     oddity: "Heavy stone crab"
+    #   })
+    #   params.to_h
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
+    #
+    #   safe_params = params.permit(:name)
+    #   safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
+    def to_h
+      if permitted?
+        convert_parameters_to_hashes(@parameters, :to_h)
+      else
+        raise UnfilteredParameters
+      end
+    end
+
+    # Returns a safe <tt>Hash</tt> representation of the parameters
+    # with all unpermitted keys removed.
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: "Senjougahara Hitagi",
+    #     oddity: "Heavy stone crab"
+    #   })
+    #   params.to_hash
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
+    #
+    #   safe_params = params.permit(:name)
+    #   safe_params.to_hash # => {"name"=>"Senjougahara Hitagi"}
+    def to_hash
+      to_h.to_hash
+    end
+
+    # Returns a string representation of the receiver suitable for use as a URL
+    # query string:
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: "David",
+    #     nationality: "Danish"
+    #   })
+    #   params.to_query
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
+    #
+    #   safe_params = params.permit(:name, :nationality)
+    #   safe_params.to_query
+    #   # => "name=David&nationality=Danish"
+    #
+    # An optional namespace can be passed to enclose key names:
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: "David",
+    #     nationality: "Danish"
+    #   })
+    #   safe_params = params.permit(:name, :nationality)
+    #   safe_params.to_query("user")
+    #   # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish"
+    #
+    # The string pairs "key=value" that conform the query string
+    # are sorted lexicographically in ascending order.
+    #
+    # This method is also aliased as +to_param+.
+    def to_query(*args)
+      to_h.to_query(*args)
+    end
+    alias_method :to_param, :to_query
+
+    # Returns an unsafe, unfiltered
+    # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of the
+    # parameters.
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: "Senjougahara Hitagi",
+    #     oddity: "Heavy stone crab"
+    #   })
+    #   params.to_unsafe_h
+    #   # => {"name"=>"Senjougahara Hitagi", "oddity" => "Heavy stone crab"}
+    def to_unsafe_h
+      convert_parameters_to_hashes(@parameters, :to_unsafe_h)
+    end
+    alias_method :to_unsafe_hash, :to_unsafe_h
+
+    # Convert all hashes in values into parameters, then yield each pair in
+    # the same way as <tt>Hash#each_pair</tt>.
+    def each_pair(&block)
+      @parameters.each_pair do |key, value|
+        yield [key, convert_hashes_to_parameters(key, value)]
+      end
+    end
+    alias_method :each, :each_pair
+
+    # Convert all hashes in values into parameters, then yield each value in
+    # the same way as <tt>Hash#each_value</tt>.
+    def each_value(&block)
+      @parameters.each_pair do |key, value|
+        yield convert_hashes_to_parameters(key, value)
+      end
+    end
+
+    # Attribute that keeps track of converted arrays, if any, to avoid double
+    # looping in the common use case permit + mass-assignment. Defined in a
+    # method to instantiate it only if needed.
+    #
+    # Testing membership still loops, but it's going to be faster than our own
+    # loop that converts values. Also, we are not going to build a new array
+    # object per fetch.
+    def converted_arrays
+      @converted_arrays ||= Set.new
+    end
+
+    # Returns +true+ if the parameter is permitted, +false+ otherwise.
+    #
+    #   params = ActionController::Parameters.new
+    #   params.permitted? # => false
+    #   params.permit!
+    #   params.permitted? # => true
+    def permitted?
+      @permitted
+    end
+
+    # Sets the +permitted+ attribute to +true+. This can be used to pass
+    # mass assignment. Returns +self+.
+    #
+    #   class Person < ActiveRecord::Base
+    #   end
+    #
+    #   params = ActionController::Parameters.new(name: "Francesco")
+    #   params.permitted?  # => false
+    #   Person.new(params) # => ActiveModel::ForbiddenAttributesError
+    #   params.permit!
+    #   params.permitted?  # => true
+    #   Person.new(params) # => #<Person id: nil, name: "Francesco">
+    def permit!
+      each_pair do |key, value|
+        Array.wrap(value).flatten.each do |v|
+          v.permit! if v.respond_to? :permit!
+        end
+      end
+
+      @permitted = true
+      self
+    end
+
+    # This method accepts both a single key and an array of keys.
+    #
+    # When passed a single key, if it exists and its associated value is
+    # either present or the singleton +false+, returns said value:
+    #
+    #   ActionController::Parameters.new(person: { name: "Francesco" }).require(:person)
+    #   # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #
+    # Otherwise raises <tt>ActionController::ParameterMissing</tt>:
+    #
+    #   ActionController::Parameters.new.require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    #   ActionController::Parameters.new(person: nil).require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    #   ActionController::Parameters.new(person: "\t").require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    #   ActionController::Parameters.new(person: {}).require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    # When given an array of keys, the method tries to require each one of them
+    # in order. If it succeeds, an array with the respective return values is
+    # returned:
+    #
+    #   params = ActionController::Parameters.new(user: { ... }, profile: { ... })
+    #   user_params, profile_params = params.require([:user, :profile])
+    #
+    # Otherwise, the method re-raises the first exception found:
+    #
+    #   params = ActionController::Parameters.new(user: {}, profile: {})
+    #   user_params, profile_params = params.require([:user, :profile])
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: user
+    #
+    # Technically this method can be used to fetch terminal values:
+    #
+    #   # CAREFUL
+    #   params = ActionController::Parameters.new(person: { name: "Finn" })
+    #   name = params.require(:person).require(:name) # CAREFUL
+    #
+    # but take into account that at some point those ones have to be permitted:
+    #
+    #   def person_params
+    #     params.require(:person).permit(:name).tap do |person_params|
+    #       person_params.require(:name) # SAFER
+    #     end
+    #   end
+    #
+    # for example.
+    def require(key)
+      return key.map { |k| require(k) } if key.is_a?(Array)
+      value = self[key]
+      if value.present? || value == false
+        value
+      else
+        raise ParameterMissing.new(key)
+      end
+    end
+
+    # Alias of #require.
+    alias :required :require
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # includes only the given +filters+ and sets the +permitted+ attribute
+    # for the object to +true+. This is useful for limiting which attributes
+    # should be allowed for mass updating.
+    #
+    #   params = ActionController::Parameters.new(user: { name: "Francesco", age: 22, role: "admin" })
+    #   permitted = params.require(:user).permit(:name, :age)
+    #   permitted.permitted?      # => true
+    #   permitted.has_key?(:name) # => true
+    #   permitted.has_key?(:age)  # => true
+    #   permitted.has_key?(:role) # => false
+    #
+    # Only permitted scalars pass the filter. For example, given
+    #
+    #   params.permit(:name)
+    #
+    # +:name+ passes if it is a key of +params+ whose associated value is of type
+    # +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
+    # +Date+, +Time+, +DateTime+, +StringIO+, +IO+,
+    # +ActionDispatch::Http::UploadedFile+ or +Rack::Test::UploadedFile+.
+    # Otherwise, the key +:name+ is filtered out.
+    #
+    # You may declare that the parameter should be an array of permitted scalars
+    # by mapping it to an empty array:
+    #
+    #   params = ActionController::Parameters.new(tags: ["rails", "parameters"])
+    #   params.permit(tags: [])
+    #
+    # Sometimes it is not possible or convenient to declare the valid keys of
+    # a hash parameter or its internal structure. Just map to an empty hash:
+    #
+    #   params.permit(preferences: {})
+    #
+    # Be careful because this opens the door to arbitrary input. In this
+    # case, +permit+ ensures values in the returned structure are permitted
+    # scalars and filters out anything else.
+    #
+    # You can also use +permit+ on nested parameters, like:
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       name: "Francesco",
+    #       age:  22,
+    #       pets: [{
+    #         name: "Purplish",
+    #         category: "dogs"
+    #       }]
+    #     }
+    #   })
+    #
+    #   permitted = params.permit(person: [ :name, { pets: :name } ])
+    #   permitted.permitted?                    # => true
+    #   permitted[:person][:name]               # => "Francesco"
+    #   permitted[:person][:age]                # => nil
+    #   permitted[:person][:pets][0][:name]     # => "Purplish"
+    #   permitted[:person][:pets][0][:category] # => nil
+    #
+    # Note that if you use +permit+ in a key that points to a hash,
+    # it won't allow all the hash. You also need to specify which
+    # attributes inside the hash should be permitted.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       contact: {
+    #         email: "none@test.com",
+    #         phone: "555-1234"
+    #       }
+    #     }
+    #   })
+    #
+    #   params.require(:person).permit(:contact)
+    #   # => <ActionController::Parameters {} permitted: true>
+    #
+    #   params.require(:person).permit(contact: :phone)
+    #   # => <ActionController::Parameters {"contact"=><ActionController::Parameters {"phone"=>"555-1234"} permitted: true>} permitted: true>
+    #
+    #   params.require(:person).permit(contact: [ :email, :phone ])
+    #   # => <ActionController::Parameters {"contact"=><ActionController::Parameters {"email"=>"none@test.com", "phone"=>"555-1234"} permitted: true>} permitted: true>
+    def permit(*filters)
+      params = self.class.new
+
+      filters.flatten.each do |filter|
+        case filter
+        when Symbol, String
+          permitted_scalar_filter(params, filter)
+        when Hash
+          hash_filter(params, filter)
+        end
+      end
+
+      unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters
+
+      params.permit!
+    end
+
+    # Returns a parameter for the given +key+. If not found,
+    # returns +nil+.
+    #
+    #   params = ActionController::Parameters.new(person: { name: "Francesco" })
+    #   params[:person] # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #   params[:none]   # => nil
+    def [](key)
+      convert_hashes_to_parameters(key, @parameters[key])
+    end
+
+    # Assigns a value to a given +key+. The given key may still get filtered out
+    # when +permit+ is called.
+    def []=(key, value)
+      @parameters[key] = value
+    end
+
+    # Returns a parameter for the given +key+. If the +key+
+    # can't be found, there are several options: With no other arguments,
+    # it will raise an <tt>ActionController::ParameterMissing</tt> error;
+    # if a second argument is given, then that is returned (converted to an
+    # instance of ActionController::Parameters if possible); if a block
+    # is given, then that will be run and its result returned.
+    #
+    #   params = ActionController::Parameters.new(person: { name: "Francesco" })
+    #   params.fetch(:person)               # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #   params.fetch(:none)                 # => ActionController::ParameterMissing: param is missing or the value is empty: none
+    #   params.fetch(:none, {})             # => <ActionController::Parameters {} permitted: false>
+    #   params.fetch(:none, "Francesco")    # => "Francesco"
+    #   params.fetch(:none) { "Francesco" } # => "Francesco"
+    def fetch(key, *args)
+      convert_value_to_parameters(
+        @parameters.fetch(key) {
+          if block_given?
+            yield
+          else
+            args.fetch(0) { raise ActionController::ParameterMissing.new(key) }
+          end
+        }
+      )
+    end
+
+    # Extracts the nested parameter from the given +keys+ by calling +dig+
+    # at each step. Returns +nil+ if any intermediate step is +nil+.
+    #
+    #   params = ActionController::Parameters.new(foo: { bar: { baz: 1 } })
+    #   params.dig(:foo, :bar, :baz) # => 1
+    #   params.dig(:foo, :zot, :xyz) # => nil
+    #
+    #   params2 = ActionController::Parameters.new(foo: [10, 11, 12])
+    #   params2.dig(:foo, 1) # => 11
+    def dig(*keys)
+      convert_hashes_to_parameters(keys.first, @parameters[keys.first])
+      @parameters.dig(*keys)
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # includes only the given +keys+. If the given +keys+
+    # don't exist, returns an empty hash.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.slice(:a, :b) # => <ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
+    #   params.slice(:d)     # => <ActionController::Parameters {} permitted: false>
+    def slice(*keys)
+      new_instance_with_inherited_permitted_status(@parameters.slice(*keys))
+    end
+
+    # Returns current <tt>ActionController::Parameters</tt> instance which
+    # contains only the given +keys+.
+    def slice!(*keys)
+      @parameters.slice!(*keys)
+      self
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # filters out the given +keys+.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.except(:a, :b) # => <ActionController::Parameters {"c"=>3} permitted: false>
+    #   params.except(:d)     # => <ActionController::Parameters {"a"=>1, "b"=>2, "c"=>3} permitted: false>
+    def except(*keys)
+      new_instance_with_inherited_permitted_status(@parameters.except(*keys))
+    end
+
+    # Removes and returns the key/value pairs matching the given keys.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.extract!(:a, :b) # => <ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
+    #   params                  # => <ActionController::Parameters {"c"=>3} permitted: false>
+    def extract!(*keys)
+      new_instance_with_inherited_permitted_status(@parameters.extract!(*keys))
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> with the results of
+    # running +block+ once for every value. The keys are unchanged.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.transform_values { |x| x * 2 }
+    #   # => <ActionController::Parameters {"a"=>2, "b"=>4, "c"=>6} permitted: false>
+    def transform_values
+      return to_enum(:transform_values) unless block_given?
+      new_instance_with_inherited_permitted_status(
+        @parameters.transform_values { |v| yield convert_value_to_parameters(v) }
+      )
+    end
+
+    # Performs values transformation and returns the altered
+    # <tt>ActionController::Parameters</tt> instance.
+    def transform_values!
+      return to_enum(:transform_values!) unless block_given?
+      @parameters.transform_values! { |v| yield convert_value_to_parameters(v) }
+      self
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance with the
+    # results of running +block+ once for every key. The values are unchanged.
+    def transform_keys(&block)
+      return to_enum(:transform_keys) unless block_given?
+      new_instance_with_inherited_permitted_status(
+        @parameters.transform_keys(&block)
+      )
+    end
+
+    # Performs keys transformation and returns the altered
+    # <tt>ActionController::Parameters</tt> instance.
+    def transform_keys!(&block)
+      return to_enum(:transform_keys!) unless block_given?
+      @parameters.transform_keys!(&block)
+      self
+    end
+
+    # Deletes a key-value pair from +Parameters+ and returns the value. If
+    # +key+ is not found, returns +nil+ (or, with optional code block, yields
+    # +key+ and returns the result). Cf. +#extract!+, which returns the
+    # corresponding +ActionController::Parameters+ object.
+    def delete(key, &block)
+      convert_value_to_parameters(@parameters.delete(key, &block))
+    end
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt> with only
+    # items that the block evaluates to true.
+    def select(&block)
+      new_instance_with_inherited_permitted_status(@parameters.select(&block))
+    end
+
+    # Equivalent to Hash#keep_if, but returns +nil+ if no changes were made.
+    def select!(&block)
+      @parameters.select!(&block)
+      self
+    end
+    alias_method :keep_if, :select!
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt> with items
+    # that the block evaluates to true removed.
+    def reject(&block)
+      new_instance_with_inherited_permitted_status(@parameters.reject(&block))
+    end
+
+    # Removes items that the block evaluates to true and returns self.
+    def reject!(&block)
+      @parameters.reject!(&block)
+      self
+    end
+    alias_method :delete_if, :reject!
+
+    # Returns values that were assigned to the given +keys+. Note that all the
+    # +Hash+ objects will be converted to <tt>ActionController::Parameters</tt>.
+    def values_at(*keys)
+      convert_value_to_parameters(@parameters.values_at(*keys))
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> with all keys from
+    # +other_hash+ merged into current hash.
+    def merge(other_hash)
+      new_instance_with_inherited_permitted_status(
+        @parameters.merge(other_hash.to_h)
+      )
+    end
+
+    # Returns current <tt>ActionController::Parameters</tt> instance with
+    # +other_hash+ merged into current hash.
+    def merge!(other_hash)
+      @parameters.merge!(other_hash.to_h)
+      self
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> with all keys from
+    # current hash merged into +other_hash+.
+    def reverse_merge(other_hash)
+      new_instance_with_inherited_permitted_status(
+        other_hash.to_h.merge(@parameters)
+      )
+    end
+    alias_method :with_defaults, :reverse_merge
+
+    # Returns current <tt>ActionController::Parameters</tt> instance with
+    # current hash merged into +other_hash+.
+    def reverse_merge!(other_hash)
+      @parameters.merge!(other_hash.to_h) { |key, left, right| left }
+      self
+    end
+    alias_method :with_defaults!, :reverse_merge!
+
+    # This is required by ActiveModel attribute assignment, so that user can
+    # pass +Parameters+ to a mass assignment methods in a model. It should not
+    # matter as we are using +HashWithIndifferentAccess+ internally.
+    def stringify_keys # :nodoc:
+      dup
+    end
+
+    def inspect
+      "<#{self.class} #{@parameters} permitted: #{@permitted}>"
+    end
+
+    def self.hook_into_yaml_loading # :nodoc:
+      # Wire up YAML format compatibility with Rails 4.2 and Psych 2.0.8 and 2.0.9+.
+      # Makes the YAML parser call `init_with` when it encounters the keys below
+      # instead of trying its own parsing routines.
+      YAML.load_tags["!ruby/hash-with-ivars:ActionController::Parameters"] = name
+      YAML.load_tags["!ruby/hash:ActionController::Parameters"] = name
+    end
+    hook_into_yaml_loading
+
+    def init_with(coder) # :nodoc:
+      case coder.tag
+      when "!ruby/hash:ActionController::Parameters"
+        # YAML 2.0.8's format where hash instance variables weren't stored.
+        @parameters = coder.map.with_indifferent_access
+        @permitted  = false
+      when "!ruby/hash-with-ivars:ActionController::Parameters"
+        # YAML 2.0.9's Hash subclass format where keys and values
+        # were stored under an elements hash and `permitted` within an ivars hash.
+        @parameters = coder.map["elements"].with_indifferent_access
+        @permitted  = coder.map["ivars"][:@permitted]
+      when "!ruby/object:ActionController::Parameters"
+        # YAML's Object format. Only needed because of the format
+        # backwards compatibility above, otherwise equivalent to YAML's initialization.
+        @parameters, @permitted = coder.map["parameters"], coder.map["permitted"]
+      end
+    end
+
+    # Returns duplicate of object including all parameters.
+    def deep_dup
+      self.class.new(@parameters.deep_dup).tap do |duplicate|
+        duplicate.permitted = @permitted
+      end
+    end
+
+    protected
+      attr_reader :parameters
+
+      attr_writer :permitted
+
+      def fields_for_style?
+        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && (v.is_a?(Hash) || v.is_a?(Parameters)) }
+      end
+
+    private
+      def new_instance_with_inherited_permitted_status(hash)
+        self.class.new(hash).tap do |new_instance|
+          new_instance.permitted = @permitted
+        end
+      end
+
+      def convert_parameters_to_hashes(value, using)
+        case value
+        when Array
+          value.map { |v| convert_parameters_to_hashes(v, using) }
+        when Hash
+          value.transform_values do |v|
+            convert_parameters_to_hashes(v, using)
+          end.with_indifferent_access
+        when Parameters
+          value.send(using)
+        else
+          value
+        end
+      end
+
+      def convert_hashes_to_parameters(key, value)
+        converted = convert_value_to_parameters(value)
+        @parameters[key] = converted unless converted.equal?(value)
+        converted
+      end
+
+      def convert_value_to_parameters(value)
+        case value
+        when Array
+          return value if converted_arrays.member?(value)
+          converted = value.map { |_| convert_value_to_parameters(_) }
+          converted_arrays << converted
+          converted
+        when Hash
+          self.class.new(value)
+        else
+          value
+        end
+      end
+
+      def each_element(object)
+        case object
+        when Array
+          object.grep(Parameters).map { |el| yield el }.compact
+        when Parameters
+          if object.fields_for_style?
+            hash = object.class.new
+            object.each { |k, v| hash[k] = yield v }
+            hash
+          else
+            yield object
+          end
+        end
+      end
+
+      def unpermitted_parameters!(params)
+        unpermitted_keys = unpermitted_keys(params)
+        if unpermitted_keys.any?
+          case self.class.action_on_unpermitted_parameters
+          when :log
+            name = "unpermitted_parameters.action_controller"
+            ActiveSupport::Notifications.instrument(name, keys: unpermitted_keys)
+          when :raise
+            raise ActionController::UnpermittedParameters.new(unpermitted_keys)
+          end
+        end
+      end
+
+      def unpermitted_keys(params)
+        keys - params.keys - always_permitted_parameters
+      end
+
+      #
+      # --- Filtering ----------------------------------------------------------
+      #
+
+      # This is a white list of permitted scalar types that includes the ones
+      # supported in XML and JSON requests.
+      #
+      # This list is in particular used to filter ordinary requests, String goes
+      # as first element to quickly short-circuit the common case.
+      #
+      # If you modify this collection please update the API of +permit+ above.
+      PERMITTED_SCALAR_TYPES = [
+        String,
+        Symbol,
+        NilClass,
+        Numeric,
+        TrueClass,
+        FalseClass,
+        Date,
+        Time,
+        # DateTimes are Dates, we document the type but avoid the redundant check.
+        StringIO,
+        IO,
+        ActionDispatch::Http::UploadedFile,
+        Rack::Test::UploadedFile,
+      ]
+
+      def permitted_scalar?(value)
+        PERMITTED_SCALAR_TYPES.any? { |type| value.is_a?(type) }
+      end
+
+      # Adds existing keys to the params if their values are scalar.
+      #
+      # For example:
+      #
+      #   puts self.keys #=> ["zipcode(90210i)"]
+      #   params = {}
+      #
+      #   permitted_scalar_filter(params, "zipcode")
+      #
+      #   puts params.keys # => ["zipcode"]
+      def permitted_scalar_filter(params, permitted_key)
+        permitted_key = permitted_key.to_s
+
+        if has_key?(permitted_key) && permitted_scalar?(self[permitted_key])
+          params[permitted_key] = self[permitted_key]
+        end
+
+        each_key do |key|
+          next unless key =~ /\(\d+[if]?\)\z/
+          next unless $~.pre_match == permitted_key
+
+          params[key] = self[key] if permitted_scalar?(self[key])
+        end
+      end
+
+      def array_of_permitted_scalars?(value)
+        if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
+          yield value
+        end
+      end
+
+      def non_scalar?(value)
+        value.is_a?(Array) || value.is_a?(Parameters)
+      end
+
+      EMPTY_ARRAY = []
+      EMPTY_HASH  = {}
+      def hash_filter(params, filter)
+        filter = filter.with_indifferent_access
+
+        # Slicing filters out non-declared keys.
+        slice(*filter.keys).each do |key, value|
+          next unless value
+          next unless has_key? key
+
+          if filter[key] == EMPTY_ARRAY
+            # Declaration { comment_ids: [] }.
+            array_of_permitted_scalars?(self[key]) do |val|
+              params[key] = val
+            end
+          elsif filter[key] == EMPTY_HASH
+            # Declaration { preferences: {} }.
+            if value.is_a?(Parameters)
+              params[key] = permit_any_in_parameters(value)
+            end
+          elsif non_scalar?(value)
+            # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
+            params[key] = each_element(value) do |element|
+              element.permit(*Array.wrap(filter[key]))
+            end
+          end
+        end
+      end
+
+      def permit_any_in_parameters(params)
+        self.class.new.tap do |sanitized|
+          params.each do |key, value|
+            case value
+            when ->(v) { permitted_scalar?(v) }
+              sanitized[key] = value
+            when Array
+              sanitized[key] = permit_any_in_array(value)
+            when Parameters
+              sanitized[key] = permit_any_in_parameters(value)
+            else
+              # Filter this one out.
+            end
+          end
+        end
+      end
+
+      def permit_any_in_array(array)
+        [].tap do |sanitized|
+          array.each do |element|
+            case element
+            when ->(e) { permitted_scalar?(e) }
+              sanitized << element
+            when Parameters
+              sanitized << permit_any_in_parameters(element)
+            else
+              # Filter this one out.
+            end
+          end
+        end
+      end
+
+      def initialize_copy(source)
+        super
+        @parameters = @parameters.dup
+      end
+  end
+
+  # == Strong \Parameters
+  #
+  # It provides an interface for protecting attributes from end-user
+  # assignment. This makes Action Controller parameters forbidden
+  # to be used in Active Model mass assignment until they have been explicitly
+  # enumerated.
+  #
+  # In addition, parameters can be marked as required and flow through a
+  # predefined raise/rescue flow to end up as a <tt>400 Bad Request</tt> with no
+  # effort.
+  #
+  #   class PeopleController < ActionController::Base
+  #     # Using "Person.create(params[:person])" would raise an
+  #     # ActiveModel::ForbiddenAttributesError exception because it'd
+  #     # be using mass assignment without an explicit permit step.
+  #     # This is the recommended form:
+  #     def create
+  #       Person.create(person_params)
+  #     end
+  #
+  #     # This will pass with flying colors as long as there's a person key in the
+  #     # parameters, otherwise it'll raise an ActionController::ParameterMissing
+  #     # exception, which will get caught by ActionController::Base and turned
+  #     # into a 400 Bad Request reply.
+  #     def update
+  #       redirect_to current_account.people.find(params[:id]).tap { |person|
+  #         person.update!(person_params)
+  #       }
+  #     end
+  #
+  #     private
+  #       # Using a private method to encapsulate the permissible parameters is
+  #       # a good pattern since you'll be able to reuse the same permit
+  #       # list between create and update. Also, you can specialize this method
+  #       # with per-user checking of permissible attributes.
+  #       def person_params
+  #         params.require(:person).permit(:name, :age)
+  #       end
+  #   end
+  #
+  # In order to use <tt>accepts_nested_attributes_for</tt> with Strong \Parameters, you
+  # will need to specify which nested attributes should be permitted. You might want
+  # to allow +:id+ and +:_destroy+, see ActiveRecord::NestedAttributes for more information.
+  #
+  #   class Person
+  #     has_many :pets
+  #     accepts_nested_attributes_for :pets
+  #   end
+  #
+  #   class PeopleController < ActionController::Base
+  #     def create
+  #       Person.create(person_params)
+  #     end
+  #
+  #     ...
+  #
+  #     private
+  #
+  #       def person_params
+  #         # It's mandatory to specify the nested attributes that should be permitted.
+  #         # If you use `permit` with just the key that points to the nested attributes hash,
+  #         # it will return an empty hash.
+  #         params.require(:person).permit(:name, :age, pets_attributes: [ :id, :name, :category ])
+  #       end
+  #   end
+  #
+  # See ActionController::Parameters.require and ActionController::Parameters.permit
+  # for more information.
+  module StrongParameters
+    # Returns a new ActionController::Parameters object that
+    # has been instantiated with the <tt>request.parameters</tt>.
+    def params
+      @_params ||= Parameters.new(request.parameters)
+    end
+
+    # Assigns the given +value+ to the +params+ hash. If +value+
+    # is a Hash, this will create an ActionController::Parameters
+    # object that has been instantiated with the given +value+ hash.
+    def params=(value)
+      @_params = value.is_a?(Hash) ? Parameters.new(value) : value
+    end
+  end
+end