actionpack 6.0.0

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb

@@ -0,0 +1,19 @@
+<header>
+  <h1>No template for interactive request</h1>
+</header>
+
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+
+  <p class="summary">
+    <strong>NOTE!</strong><br>
+    Unless told otherwise, Rails expects an action to render a template with the same name,<br>
+    contained in a folder named after its controller.
+
+    If this controller is an API responding with 204 (No Content), <br>
+    which does not require a template,
+    then this error will occur when trying to access it via browser,<br>
+    since we expect an HTML template
+    to be rendered for such requests. If that's the case, carry on.
+  </p>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb

@@ -0,0 +1,3 @@
+Missing exact template
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb

@@ -0,0 +1,11 @@
+<header>
+  <h1>Template is missing</h1>
+</header>
+
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb

@@ -0,0 +1,3 @@
+Template is missing
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb

@@ -0,0 +1,32 @@
+<header>
+  <h1>Routing Error</h1>
+</header>
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+  <% unless @exception.failures.empty? %>
+    <p>
+      <h2>Failure reasons:</h2>
+      <ol>
+      <% @exception.failures.each do |route, reason| %>
+        <li><code><%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %></li>
+      <% end %>
+      </ol>
+    </p>
+  <% end %>
+
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
+
+  <% if @routes_inspector %>
+    <h2>
+      Routes
+    </h2>
+
+    <p>
+      Routes match in priority from top to bottom
+    </p>
+
+    <%= @routes_inspector.format(ActionDispatch::Routing::HtmlTableFormatter.new(self)) %>
+  <% end %>
+
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb

@@ -0,0 +1,11 @@
+Routing Error
+
+<%= @exception.message %>
+<% unless @exception.failures.empty? %>
+Failure reasons:
+<% @exception.failures.each do |route, reason| %>
+  - <%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %>
+<% end %>
+<% end %>
+
+<%= render template: "rescues/_trace", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -0,0 +1,20 @@
+<header>
+  <h1>
+    <%= @exception.cause.class.to_s %> in
+    <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+  </h1>
+</header>
+
+<div id="container">
+  <p>
+    Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
+  </p>
+  <pre><code><%= h @exception.message %></code></pre>
+
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
+
+  <p><%= @exception.sub_template_message %></p>
+
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb

@@ -0,0 +1,7 @@
+<%= @exception.cause.class.to_s %> in <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+
+Showing <%= @exception.file_name %> where line #<%= @exception.line_number %> raised:
+<%= @exception.message %>
+<%= @exception.sub_template_message %>
+<%= render template: "rescues/_trace", format: :text %>
+<%= render template: "rescues/_request_and_response", format: :text %>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb

@@ -0,0 +1,6 @@
+<header>
+  <h1>Unknown action</h1>
+</header>
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb

@@ -0,0 +1,3 @@
+Unknown action
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/routes/_route.html.erb

@@ -0,0 +1,16 @@
+<tr class='route_row' data-helper='path'>
+  <td data-route-name='<%= route[:name] %>'>
+    <% if route[:name].present? %>
+      <%= route[:name] %><span class='helper'>_path</span>
+    <% end %>
+  </td>
+  <td>
+    <%= route[:verb] %>
+  </td>
+  <td data-route-path='<%= route[:path] %>'>
+    <%= route[:path] %>
+  </td>
+  <td>
+    <%=simple_format route[:reqs] %>
+  </td>
+</tr>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -0,0 +1,203 @@
+<% content_for :style do %>
+  #route_table {
+    margin: 0;
+    border-collapse: collapse;
+  }
+
+  #route_table thead tr {
+    border-bottom: 2px solid #ddd;
+  }
+
+  #route_table thead tr.bottom {
+    border-bottom: none;
+  }
+
+  #route_table thead tr.bottom th {
+    padding: 10px 0;
+    line-height: 15px;
+  }
+
+  #route_table thead tr.bottom th input#search {
+    -webkit-appearance: textfield;
+  }
+
+  #route_table tbody tr {
+    border-bottom: 1px solid #ddd;
+  }
+
+  #route_table tbody tr:nth-child(odd) {
+    background: #f2f2f2;
+  }
+
+  #route_table tbody.exact_matches,
+  #route_table tbody.fuzzy_matches {
+    background-color: LightGoldenRodYellow;
+    border-bottom: solid 2px SlateGrey;
+  }
+
+  #route_table tbody.exact_matches tr,
+  #route_table tbody.fuzzy_matches tr {
+    background: none;
+    border-bottom: none;
+  }
+
+  #route_table td {
+    padding: 4px 30px;
+  }
+
+  #path_search {
+    width: 80%;
+    font-size: inherit;
+  }
+<% end %>
+
+<table id='route_table' class='route_table'>
+  <thead>
+    <tr>
+      <th>Helper</th>
+      <th>HTTP Verb</th>
+      <th>Path</th>
+      <th>Controller#Action</th>
+    </tr>
+    <tr class='bottom'>
+      <th><%# Helper %>
+        <%= link_to "Path", "#", 'data-route-helper' => '_path',
+                    title: "Returns a relative path (without the http or domain)" %> /
+        <%= link_to "Url", "#", 'data-route-helper' => '_url',
+                    title: "Returns an absolute URL (with the http and domain)"   %>
+      </th>
+      <th><%# HTTP Verb %>
+      </th>
+      <th><%# Path %>
+        <%= search_field(:path, nil, id: 'search', placeholder: "Path Match") %>
+      </th>
+      <th><%# Controller#action %>
+      </th>
+    </tr>
+  </thead>
+  <tbody class='exact_matches' id='exact_matches'>
+  </tbody>
+  <tbody class='fuzzy_matches' id='fuzzy_matches'>
+  </tbody>
+  <tbody>
+    <%= yield %>
+  </tbody>
+</table>
+
+<script type='text/javascript'>
+  // support forEarch iterator on NodeList
+  NodeList.prototype.forEach = Array.prototype.forEach;
+
+  // Enables path search functionality
+  function setupMatchPaths() {
+    // Check if there are any matched results in a section
+    function checkNoMatch(section, noMatchText) {
+      if (section.children.length <= 1) {
+        section.innerHTML += noMatchText;
+      }
+    }
+
+    // get JSON from URL and invoke callback with result
+    function getJSON(url, success) {
+      var xhr = new XMLHttpRequest();
+      xhr.open('GET', url);
+      xhr.onload = function() {
+        if (this.status == 200)
+          success(JSON.parse(this.response));
+      };
+      xhr.send();
+    }
+
+    function delayedKeyup(input, callback) {
+      var timeout;
+      input.onkeyup = function(){
+        if (timeout) clearTimeout(timeout);
+        timeout = setTimeout(callback, 300);
+      }
+    }
+
+    // remove params or fragments
+    function sanitizePath(path) {
+      return path.replace(/[#?].*/, '');
+    }
+
+    var pathElements = document.querySelectorAll('#route_table [data-route-path]'),
+        searchElem   = document.querySelector('#search'),
+        exactSection = document.querySelector('#exact_matches'),
+        fuzzySection = document.querySelector('#fuzzy_matches');
+
+    // Remove matches when no search value is present
+    searchElem.onblur = function(e) {
+      if (searchElem.value === "") {
+        exactSection.innerHTML = "";
+        fuzzySection.innerHTML = "";
+      }
+    }
+
+    // On key press perform a search for matching paths
+    delayedKeyup(searchElem, function() {
+      var path = sanitizePath(searchElem.value),
+          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + path +'):</th></tr>',
+          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + path +'):</th></tr>',
+          noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
+          noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
+
+      if (!path)
+        return searchElem.onblur();
+
+      getJSON('/rails/info/routes?path=' + path, function(matches){
+        // Clear out results section
+        exactSection.innerHTML = defaultExactMatch;
+        fuzzySection.innerHTML = defaultFuzzyMatch;
+
+        // Display exact matches and fuzzy matches
+        pathElements.forEach(function(elem) {
+          var elemPath = elem.getAttribute('data-route-path');
+
+          if (matches['exact'].indexOf(elemPath) != -1)
+            exactSection.appendChild(elem.parentNode.cloneNode(true));
+
+          if (matches['fuzzy'].indexOf(elemPath) != -1)
+            fuzzySection.appendChild(elem.parentNode.cloneNode(true));
+        })
+
+        // Display 'No Matches' message when no matches are found
+        checkNoMatch(exactSection, noExactMatch);
+        checkNoMatch(fuzzySection, noFuzzyMatch);
+      })
+    })
+  }
+
+  // Enables functionality to toggle between `_path` and `_url` helper suffixes
+  function setupRouteToggleHelperLinks() {
+
+    // Sets content for each element
+    function setValOn(elems, val) {
+      elems.forEach(function(elem) {
+        elem.innerHTML = val;
+      });
+    }
+
+    // Sets onClick event for each element
+    function onClick(elems, func) {
+      elems.forEach(function(elem) {
+        elem.onclick = func;
+      });
+    }
+
+    var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
+
+    onClick(toggleLinks, function(){
+      var helperTxt   = this.getAttribute("data-route-helper"),
+          helperElems = document.querySelectorAll('[data-route-name] span.helper');
+
+      setValOn(helperElems, helperTxt);
+    });
+  }
+
+  setupMatchPaths();
+  setupRouteToggleHelperLinks();
+
+  // Focus the search input after page has loaded
+  document.getElementById('search').focus();
+</script>

data/lib/action_dispatch/railtie.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require "action_dispatch"
+require "active_support/messages/rotation_configuration"
+
+module ActionDispatch
+  class Railtie < Rails::Railtie # :nodoc:
+    config.action_dispatch = ActiveSupport::OrderedOptions.new
+    config.action_dispatch.x_sendfile_header = nil
+    config.action_dispatch.ip_spoofing_check = true
+    config.action_dispatch.show_exceptions = true
+    config.action_dispatch.tld_length = 1
+    config.action_dispatch.ignore_accept_header = false
+    config.action_dispatch.rescue_templates = {}
+    config.action_dispatch.rescue_responses = {}
+    config.action_dispatch.default_charset = nil
+    config.action_dispatch.rack_cache = false
+    config.action_dispatch.http_auth_salt = "http authentication"
+    config.action_dispatch.signed_cookie_salt = "signed cookie"
+    config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
+    config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
+    config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
+    config.action_dispatch.use_authenticated_cookie_encryption = false
+    config.action_dispatch.use_cookies_with_metadata = false
+    config.action_dispatch.perform_deep_munge = true
+    config.action_dispatch.return_only_media_type_on_content_type = true
+
+    config.action_dispatch.default_headers = {
+      "X-Frame-Options" => "SAMEORIGIN",
+      "X-XSS-Protection" => "1; mode=block",
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
+    }
+
+    config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
+
+    config.eager_load_namespaces << ActionDispatch
+
+    initializer "action_dispatch.configure" do |app|
+      ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
+      ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
+      ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
+      ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
+      ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers
+      ActionDispatch::Response.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_media_type_on_content_type
+
+      ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses)
+      ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates)
+
+      config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
+      ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
+
+      ActionDispatch.test_app = app
+    end
+  end
+end

data/lib/action_dispatch/request/session.rb

@@ -0,0 +1,242 @@
+# frozen_string_literal: true
+
+require "rack/session/abstract/id"
+
+module ActionDispatch
+  class Request
+    # Session is responsible for lazily loading the session from store.
+    class Session # :nodoc:
+      ENV_SESSION_KEY         = Rack::RACK_SESSION # :nodoc:
+      ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS # :nodoc:
+
+      # Singleton object used to determine if an optional param wasn't specified.
+      Unspecified = Object.new
+
+      # Creates a session hash, merging the properties of the previous session if any.
+      def self.create(store, req, default_options)
+        session_was = find req
+        session     = Request::Session.new(store, req)
+        session.merge! session_was if session_was
+
+        set(req, session)
+        Options.set(req, Request::Session::Options.new(store, default_options))
+        session
+      end
+
+      def self.find(req)
+        req.get_header ENV_SESSION_KEY
+      end
+
+      def self.set(req, session)
+        req.set_header ENV_SESSION_KEY, session
+      end
+
+      class Options #:nodoc:
+        def self.set(req, options)
+          req.set_header ENV_SESSION_OPTIONS_KEY, options
+        end
+
+        def self.find(req)
+          req.get_header ENV_SESSION_OPTIONS_KEY
+        end
+
+        def initialize(by, default_options)
+          @by       = by
+          @delegate = default_options.dup
+        end
+
+        def [](key)
+          @delegate[key]
+        end
+
+        def id(req)
+          @delegate.fetch(:id) {
+            @by.send(:extract_session_id, req)
+          }
+        end
+
+        def []=(k, v);        @delegate[k] = v; end
+        def to_hash;          @delegate.dup; end
+        def values_at(*args); @delegate.values_at(*args); end
+      end
+
+      def initialize(by, req)
+        @by       = by
+        @req      = req
+        @delegate = {}
+        @loaded   = false
+        @exists   = nil # We haven't checked yet.
+      end
+
+      def id
+        options.id(@req)
+      end
+
+      def options
+        Options.find @req
+      end
+
+      def destroy
+        clear
+        options = self.options || {}
+        @by.send(:delete_session, @req, options.id(@req), options)
+
+        # Load the new sid to be written with the response.
+        @loaded = false
+        load_for_write!
+      end
+
+      # Returns value of the key stored in the session or
+      # +nil+ if the given key is not found in the session.
+      def [](key)
+        load_for_read!
+        @delegate[key.to_s]
+      end
+
+      # Returns the nested value specified by the sequence of keys, returning
+      # +nil+ if any intermediate step is +nil+.
+      def dig(*keys)
+        load_for_read!
+        keys = keys.map.with_index { |key, i| i.zero? ? key.to_s : key }
+        @delegate.dig(*keys)
+      end
+
+      # Returns true if the session has the given key or false.
+      def has_key?(key)
+        load_for_read!
+        @delegate.key?(key.to_s)
+      end
+      alias :key? :has_key?
+      alias :include? :has_key?
+
+      # Returns keys of the session as Array.
+      def keys
+        load_for_read!
+        @delegate.keys
+      end
+
+      # Returns values of the session as Array.
+      def values
+        load_for_read!
+        @delegate.values
+      end
+
+      # Writes given value to given key of the session.
+      def []=(key, value)
+        load_for_write!
+        @delegate[key.to_s] = value
+      end
+
+      # Clears the session.
+      def clear
+        load_for_write!
+        @delegate.clear
+      end
+
+      # Returns the session as Hash.
+      def to_hash
+        load_for_read!
+        @delegate.dup.delete_if { |_, v| v.nil? }
+      end
+      alias :to_h :to_hash
+
+      # Updates the session with given Hash.
+      #
+      #   session.to_hash
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2"}
+      #
+      #   session.update({ "foo" => "bar" })
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      #
+      #   session.to_hash
+      #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
+      def update(hash)
+        load_for_write!
+        @delegate.update stringify_keys(hash)
+      end
+
+      # Deletes given key from the session.
+      def delete(key)
+        load_for_write!
+        @delegate.delete key.to_s
+      end
+
+      # Returns value of the given key from the session, or raises +KeyError+
+      # if can't find the given key and no default value is set.
+      # Returns default value if specified.
+      #
+      #   session.fetch(:foo)
+      #   # => KeyError: key not found: "foo"
+      #
+      #   session.fetch(:foo, :bar)
+      #   # => :bar
+      #
+      #   session.fetch(:foo) do
+      #     :bar
+      #   end
+      #   # => :bar
+      def fetch(key, default = Unspecified, &block)
+        load_for_read!
+        if default == Unspecified
+          @delegate.fetch(key.to_s, &block)
+        else
+          @delegate.fetch(key.to_s, default, &block)
+        end
+      end
+
+      def inspect
+        if loaded?
+          super
+        else
+          "#<#{self.class}:0x#{(object_id << 1).to_s(16)} not yet loaded>"
+        end
+      end
+
+      def exists?
+        return @exists unless @exists.nil?
+        @exists = @by.send(:session_exists?, @req)
+      end
+
+      def loaded?
+        @loaded
+      end
+
+      def empty?
+        load_for_read!
+        @delegate.empty?
+      end
+
+      def merge!(other)
+        load_for_write!
+        @delegate.merge!(other)
+      end
+
+      def each(&block)
+        to_hash.each(&block)
+      end
+
+      private
+
+        def load_for_read!
+          load! if !loaded? && exists?
+        end
+
+        def load_for_write!
+          load! unless loaded?
+        end
+
+        def load!
+          id, session = @by.load_session @req
+          options[:id] = id
+          @delegate.replace(stringify_keys(session))
+          @loaded = true
+        end
+
+        def stringify_keys(other)
+          other.each_with_object({}) { |(key, value), hash|
+            hash[key.to_s] = value
+          }
+        end
+    end
+  end
+end