RubyGems - actionpack - Versions diffs - 2.2.3 → 2.3.2 - Mend

actionpack 2.2.3 → 2.3.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (264) hide show

data/CHANGELOG +433 -375
data/MIT-LICENSE +1 -1
data/README +21 -75
data/Rakefile +1 -1
data/lib/action_controller.rb +80 -43
data/lib/action_controller/assertions/model_assertions.rb +1 -0
data/lib/action_controller/assertions/response_assertions.rb +43 -16
data/lib/action_controller/assertions/routing_assertions.rb +1 -1
data/lib/action_controller/assertions/selector_assertions.rb +17 -12
data/lib/action_controller/assertions/tag_assertions.rb +1 -4
data/lib/action_controller/base.rb +153 -82
data/lib/action_controller/benchmarking.rb +9 -9
data/lib/action_controller/caching.rb +9 -11
data/lib/action_controller/caching/actions.rb +11 -18
data/lib/action_controller/caching/fragments.rb +28 -20
data/lib/action_controller/caching/pages.rb +13 -15
data/lib/action_controller/caching/sweeping.rb +2 -2
data/lib/action_controller/cgi_ext.rb +0 -1
data/lib/action_controller/cgi_ext/cookie.rb +2 -0
data/lib/action_controller/cgi_process.rb +54 -162
data/lib/action_controller/cookies.rb +13 -25
data/lib/action_controller/dispatcher.rb +43 -122
data/lib/action_controller/failsafe.rb +52 -0
data/lib/action_controller/flash.rb +38 -47
data/lib/action_controller/helpers.rb +13 -9
data/lib/action_controller/http_authentication.rb +203 -23
data/lib/action_controller/integration.rb +126 -70
data/lib/action_controller/layout.rb +36 -39
data/lib/action_controller/middleware_stack.rb +119 -0
data/lib/action_controller/middlewares.rb +13 -0
data/lib/action_controller/mime_responds.rb +19 -4
data/lib/action_controller/mime_type.rb +8 -0
data/lib/action_controller/params_parser.rb +71 -0
data/lib/action_controller/performance_test.rb +0 -1
data/lib/action_controller/polymorphic_routes.rb +36 -30
data/lib/action_controller/reloader.rb +14 -0
data/lib/action_controller/request.rb +107 -499
data/lib/action_controller/request_forgery_protection.rb +7 -39
data/lib/action_controller/rescue.rb +55 -35
data/lib/action_controller/resources.rb +34 -31
data/lib/action_controller/response.rb +99 -57
data/lib/action_controller/rewindable_input.rb +28 -0
data/lib/action_controller/routing.rb +7 -7
data/lib/action_controller/routing/builder.rb +4 -1
data/lib/action_controller/routing/optimisations.rb +1 -1
data/lib/action_controller/routing/recognition_optimisation.rb +1 -2
data/lib/action_controller/routing/route.rb +15 -5
data/lib/action_controller/routing/route_set.rb +82 -35
data/lib/action_controller/routing/segments.rb +35 -0
data/lib/action_controller/session/abstract_store.rb +181 -0
data/lib/action_controller/session/cookie_store.rb +197 -175
data/lib/action_controller/session/mem_cache_store.rb +36 -83
data/lib/action_controller/session_management.rb +26 -134
data/lib/action_controller/streaming.rb +24 -7
data/lib/action_controller/templates/rescues/diagnostics.erb +2 -2
data/lib/action_controller/templates/rescues/template_error.erb +2 -2
data/lib/action_controller/test_case.rb +87 -30
data/lib/action_controller/test_process.rb +145 -104
data/lib/action_controller/uploaded_file.rb +44 -0
data/lib/action_controller/url_rewriter.rb +3 -6
data/lib/action_controller/vendor/html-scanner.rb +16 -0
data/lib/action_controller/vendor/html-scanner/html/selector.rb +1 -1
data/lib/action_controller/vendor/rack-1.0/rack.rb +89 -0
data/lib/action_controller/vendor/rack-1.0/rack/adapter/camping.rb +22 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/handler.rb +37 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/request.rb +37 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/basic.rb +58 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/md5.rb +124 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/nonce.rb +51 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/params.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/request.rb +40 -0
data/lib/action_controller/vendor/rack-1.0/rack/auth/openid.rb +480 -0
data/lib/action_controller/vendor/rack-1.0/rack/builder.rb +63 -0
data/lib/action_controller/vendor/rack-1.0/rack/cascade.rb +36 -0
data/lib/action_controller/vendor/rack-1.0/rack/chunked.rb +49 -0
data/lib/action_controller/vendor/rack-1.0/rack/commonlogger.rb +61 -0
data/lib/action_controller/vendor/rack-1.0/rack/conditionalget.rb +45 -0
data/lib/action_controller/vendor/rack-1.0/rack/content_length.rb +29 -0
data/lib/action_controller/vendor/rack-1.0/rack/content_type.rb +23 -0
data/lib/action_controller/vendor/rack-1.0/rack/deflater.rb +85 -0
data/lib/action_controller/vendor/rack-1.0/rack/directory.rb +153 -0
data/lib/action_controller/vendor/rack-1.0/rack/file.rb +88 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler.rb +48 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/cgi.rb +61 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/evented_mongrel.rb +8 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/fastcgi.rb +89 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/lsws.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/mongrel.rb +84 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/scgi.rb +59 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb +8 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/thin.rb +18 -0
data/lib/action_controller/vendor/rack-1.0/rack/handler/webrick.rb +67 -0
data/lib/action_controller/vendor/rack-1.0/rack/head.rb +19 -0
data/lib/action_controller/vendor/rack-1.0/rack/lint.rb +462 -0
data/lib/action_controller/vendor/rack-1.0/rack/lobster.rb +65 -0
data/lib/action_controller/vendor/rack-1.0/rack/lock.rb +16 -0
data/lib/action_controller/vendor/rack-1.0/rack/methodoverride.rb +27 -0
data/lib/action_controller/vendor/rack-1.0/rack/mime.rb +204 -0
data/lib/action_controller/vendor/rack-1.0/rack/mock.rb +160 -0
data/lib/action_controller/vendor/rack-1.0/rack/recursive.rb +57 -0
data/lib/action_controller/vendor/rack-1.0/rack/reloader.rb +64 -0
data/lib/action_controller/vendor/rack-1.0/rack/request.rb +241 -0
data/lib/action_controller/vendor/rack-1.0/rack/response.rb +179 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/abstract/id.rb +142 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/cookie.rb +91 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/memcache.rb +109 -0
data/lib/action_controller/vendor/rack-1.0/rack/session/pool.rb +100 -0
data/lib/action_controller/vendor/rack-1.0/rack/showexceptions.rb +349 -0
data/lib/action_controller/vendor/rack-1.0/rack/showstatus.rb +106 -0
data/lib/action_controller/vendor/rack-1.0/rack/static.rb +38 -0
data/lib/action_controller/vendor/rack-1.0/rack/urlmap.rb +55 -0
data/lib/action_controller/vendor/rack-1.0/rack/utils.rb +392 -0
data/lib/action_controller/verification.rb +1 -1
data/lib/action_pack.rb +1 -1
data/lib/action_pack/version.rb +2 -2
data/lib/action_view.rb +22 -17
data/lib/action_view/base.rb +53 -79
data/lib/action_view/erb/util.rb +38 -0
data/lib/action_view/helpers.rb +24 -5
data/lib/action_view/helpers/active_record_helper.rb +2 -2
data/lib/action_view/helpers/asset_tag_helper.rb +81 -50
data/lib/action_view/helpers/atom_feed_helper.rb +1 -1
data/lib/action_view/helpers/benchmark_helper.rb +26 -5
data/lib/action_view/helpers/date_helper.rb +82 -7
data/lib/action_view/helpers/form_helper.rb +295 -64
data/lib/action_view/helpers/form_options_helper.rb +160 -18
data/lib/action_view/helpers/form_tag_helper.rb +2 -2
data/lib/action_view/helpers/number_helper.rb +31 -18
data/lib/action_view/helpers/prototype_helper.rb +2 -12
data/lib/action_view/helpers/sanitize_helper.rb +0 -10
data/lib/action_view/helpers/scriptaculous_helper.rb +1 -0
data/lib/action_view/helpers/tag_helper.rb +3 -4
data/lib/action_view/helpers/text_helper.rb +99 -122
data/lib/action_view/helpers/translation_helper.rb +19 -1
data/lib/action_view/helpers/url_helper.rb +25 -2
data/lib/action_view/inline_template.rb +1 -1
data/lib/action_view/locale/en.yml +19 -1
data/lib/action_view/partials.rb +46 -9
data/lib/action_view/paths.rb +28 -84
data/lib/action_view/reloadable_template.rb +117 -0
data/lib/action_view/renderable.rb +28 -35
data/lib/action_view/renderable_partial.rb +3 -4
data/lib/action_view/template.rb +172 -31
data/lib/action_view/template_error.rb +8 -9
data/lib/action_view/template_handler.rb +1 -1
data/lib/action_view/template_handlers.rb +9 -6
data/lib/action_view/template_handlers/erb.rb +2 -39
data/lib/action_view/template_handlers/rjs.rb +1 -0
data/lib/action_view/test_case.rb +27 -1
data/test/abstract_unit.rb +23 -17
data/test/active_record_unit.rb +5 -4
data/test/activerecord/active_record_store_test.rb +139 -106
data/test/activerecord/render_partial_with_record_identification_test.rb +5 -21
data/test/controller/action_pack_assertions_test.rb +25 -23
data/test/controller/addresses_render_test.rb +3 -6
data/test/controller/assert_select_test.rb +83 -70
data/test/controller/base_test.rb +11 -13
data/test/controller/benchmark_test.rb +3 -3
data/test/controller/caching_test.rb +34 -24
data/test/controller/capture_test.rb +3 -6
data/test/controller/content_type_test.rb +3 -6
data/test/controller/cookie_test.rb +31 -66
data/test/controller/deprecation/deprecated_base_methods_test.rb +9 -11
data/test/controller/dispatcher_test.rb +23 -28
data/test/controller/fake_models.rb +8 -0
data/test/controller/filters_test.rb +6 -2
data/test/controller/flash_test.rb +2 -6
data/test/controller/helper_test.rb +15 -1
data/test/controller/html-scanner/document_test.rb +1 -1
data/test/controller/html-scanner/sanitizer_test.rb +1 -1
data/test/controller/http_basic_authentication_test.rb +88 -0
data/test/controller/http_digest_authentication_test.rb +178 -0
data/test/controller/integration_test.rb +56 -52
data/test/controller/layout_test.rb +46 -44
data/test/controller/middleware_stack_test.rb +90 -0
data/test/controller/mime_responds_test.rb +7 -11
data/test/controller/mime_type_test.rb +9 -0
data/test/controller/polymorphic_routes_test.rb +235 -151
data/test/controller/rack_test.rb +52 -81
data/test/controller/redirect_test.rb +6 -14
data/test/controller/render_test.rb +273 -60
data/test/controller/request/json_params_parsing_test.rb +45 -0
data/test/controller/request/multipart_params_parsing_test.rb +223 -0
data/test/controller/request/query_string_parsing_test.rb +120 -0
data/test/controller/request/url_encoded_params_parsing_test.rb +184 -0
data/test/controller/request/xml_params_parsing_test.rb +88 -0
data/test/controller/request_forgery_protection_test.rb +17 -98
data/test/controller/request_test.rb +45 -530
data/test/controller/rescue_test.rb +45 -22
data/test/controller/resources_test.rb +112 -37
data/test/controller/routing_test.rb +1442 -1384
data/test/controller/selector_test.rb +3 -3
data/test/controller/send_file_test.rb +30 -3
data/test/controller/session/cookie_store_test.rb +169 -240
data/test/controller/session/mem_cache_store_test.rb +94 -148
data/test/controller/session/test_session_test.rb +58 -0
data/test/controller/test_test.rb +32 -13
data/test/controller/url_rewriter_test.rb +54 -4
data/test/controller/verification_test.rb +1 -1
data/test/controller/view_paths_test.rb +15 -15
data/test/controller/webservice_test.rb +178 -147
data/test/fixtures/alternate_helpers/foo_helper.rb +3 -0
data/test/fixtures/layout_tests/alt/layouts/alt.rhtml +0 -0
data/test/fixtures/layouts/default_html.html.erb +1 -0
data/test/fixtures/layouts/xhr.html.erb +2 -0
data/test/fixtures/multipart/empty +10 -0
data/test/fixtures/multipart/hello.txt +1 -0
data/test/fixtures/multipart/none +9 -0
data/test/fixtures/public/500.da.html +1 -0
data/test/fixtures/quiz/questions/_question.html.erb +1 -0
data/test/fixtures/replies.yml +1 -1
data/test/fixtures/test/_one.html.erb +1 -0
data/test/fixtures/test/_two.html.erb +1 -0
data/test/fixtures/test/dont_pick_me +1 -0
data/test/fixtures/test/hello.builder +1 -1
data/test/fixtures/test/hello_world.da.html.erb +1 -0
data/test/fixtures/test/hello_world.erb~ +1 -0
data/test/fixtures/test/hello_world.pt-BR.html.erb +1 -0
data/test/fixtures/test/malformed/malformed.en.html.erb~ +1 -0
data/test/fixtures/test/malformed/malformed.erb~ +1 -0
data/test/fixtures/test/malformed/malformed.html.erb~ +1 -0
data/test/fixtures/test/render_explicit_html_template.js.rjs +1 -0
data/test/fixtures/test/render_implicit_html_template.js.rjs +1 -0
data/test/fixtures/test/render_implicit_html_template_from_xhr_request.da.html.erb +1 -0
data/test/fixtures/test/render_implicit_html_template_from_xhr_request.html.erb +1 -0
data/test/fixtures/test/render_implicit_js_template_without_layout.js.erb +1 -0
data/test/fixtures/test/utf8.html.erb +2 -0
data/test/template/active_record_helper_i18n_test.rb +31 -33
data/test/template/active_record_helper_test.rb +34 -0
data/test/template/asset_tag_helper_test.rb +52 -14
data/test/template/atom_feed_helper_test.rb +3 -5
data/test/template/benchmark_helper_test.rb +50 -24
data/test/template/compiled_templates_test.rb +177 -33
data/test/template/date_helper_i18n_test.rb +88 -81
data/test/template/date_helper_test.rb +427 -43
data/test/template/form_helper_test.rb +243 -44
data/test/template/form_options_helper_test.rb +631 -565
data/test/template/form_tag_helper_test.rb +9 -2
data/test/template/javascript_helper_test.rb +0 -5
data/test/template/number_helper_i18n_test.rb +60 -48
data/test/template/number_helper_test.rb +1 -0
data/test/template/render_test.rb +117 -35
data/test/template/test_test.rb +4 -6
data/test/template/text_helper_test.rb +129 -50
data/test/template/translation_helper_test.rb +23 -19
data/test/template/url_helper_test.rb +35 -2
data/test/view/test_case_test.rb +8 -0
metadata +197 -23
data/lib/action_controller/assertions.rb +0 -69
data/lib/action_controller/caching/sql_cache.rb +0 -18
data/lib/action_controller/cgi_ext/session.rb +0 -53
data/lib/action_controller/components.rb +0 -169
data/lib/action_controller/rack_process.rb +0 -297
data/lib/action_controller/request_profiler.rb +0 -169
data/lib/action_controller/session/active_record_store.rb +0 -340
data/lib/action_controller/session/drb_server.rb +0 -32
data/lib/action_controller/session/drb_store.rb +0 -35
data/test/controller/cgi_test.rb +0 -269
data/test/controller/components_test.rb +0 -156
data/test/controller/http_authentication_test.rb +0 -54
data/test/controller/integration_upload_test.rb +0 -43
data/test/controller/session_fixation_test.rb +0 -89
data/test/controller/session_management_test.rb +0 -178
data/test/fixtures/test/hello_world.js +0 -1

data/lib/action_controller/uploaded_file.rb ADDED

@@ -0,0 +1,44 @@
+module ActionController
+  module UploadedFile
+    def self.included(base)
+      base.class_eval do
+        attr_accessor :original_path, :content_type
+        alias_method :local_path, :path
+      end
+    end
+    def self.extended(object)
+      object.class_eval do
+        attr_accessor :original_path, :content_type
+        alias_method :local_path, :path
+      end
+    end
+    # Take the basename of the upload's original filename.
+    # This handles the full Windows paths given by Internet Explorer
+    # (and perhaps other broken user agents) without affecting
+    # those which give the lone filename.
+    # The Windows regexp is adapted from Perl's File::Basename.
+    def original_filename
+      unless defined? @original_filename
+        @original_filename =
+          unless original_path.blank?
+            if original_path =~ /^(?:.*[:\\\/])?(.*)/m
+              $1
+            else
+              File.basename original_path
+            end
+          end
+      end
+      @original_filename
+    end
+  end
+  class UploadedStringIO < StringIO
+    include UploadedFile
+  end
+  class UploadedTempfile < Tempfile
+    include UploadedFile
+  end
+end

data/lib/action_controller/url_rewriter.rb CHANGED

@@ -92,15 +92,12 @@ module ActionController
   #     end
   #   end
   module UrlWriter
-    # The default options for urls written by this writer. Typically a <tt>:host</tt>
-    # pair is provided.
-    mattr_accessor :default_url_options
-    self.default_url_options = {}
     def self.included(base) #:nodoc:
       ActionController::Routing::Routes.install_helpers(base)
       base.mattr_accessor :default_url_options
-      base.default_url_options ||= default_url_options
+      # The default options for urls written by this writer. Typically a <tt>:host</tt> pair is provided.
+      base.default_url_options ||= {}
     end
     # Generate a url based on the options provided, default_url_options and the

data/lib/action_controller/vendor/html-scanner.rb ADDED

@@ -0,0 +1,16 @@
+$LOAD_PATH << "#{File.dirname(__FILE__)}/html-scanner"
+module HTML
+  autoload :CDATA, 'html/node'
+  autoload :Document, 'html/document'
+  autoload :FullSanitizer, 'html/sanitizer'
+  autoload :LinkSanitizer, 'html/sanitizer'
+  autoload :Node, 'html/node'
+  autoload :Sanitizer, 'html/sanitizer'
+  autoload :Selector, 'html/selector'
+  autoload :Tag, 'html/node'
+  autoload :Text, 'html/node'
+  autoload :Tokenizer, 'html/tokenizer'
+  autoload :Version, 'html/version'
+  autoload :WhiteListSanitizer, 'html/sanitizer'
+end

data/lib/action_controller/vendor/html-scanner/html/selector.rb CHANGED

@@ -556,7 +556,7 @@ module HTML
         end
         # Attribute value.
-        next if statement.sub!(/^\[\s*([[:alpha:]][\w\-]*)\s*((?:[~|^$*])?=)?\s*('[^']*'|"[^*]"|[^\]]*)\s*\]/) do |match|
+        next if statement.sub!(/^\[\s*([[:alpha:]][\w\-:]*)\s*((?:[~|^$*])?=)?\s*('[^']*'|"[^*]"|[^\]]*)\s*\]/) do |match|
           name, equality, value = $1, $2, $3
           if value == "?"
             value = values.shift

data/lib/action_controller/vendor/rack-1.0/rack.rb ADDED

@@ -0,0 +1,89 @@
+# Copyright (C) 2007, 2008, 2009 Christian Neukirchen <purl.org/net/chneukirchen>
+#
+# Rack is freely distributable under the terms of an MIT-style license.
+# See COPYING or http://www.opensource.org/licenses/mit-license.php.
+$:.unshift(File.expand_path(File.dirname(__FILE__)))
+# The Rack main module, serving as a namespace for all core Rack
+# modules and classes.
+#
+# All modules meant for use in your application are <tt>autoload</tt>ed here,
+# so it should be enough just to <tt>require rack.rb</tt> in your code.
+module Rack
+  # The Rack protocol version number implemented.
+  VERSION = [0,1]
+  # Return the Rack protocol version as a dotted string.
+  def self.version
+    VERSION.join(".")
+  end
+  # Return the Rack release as a dotted string.
+  def self.release
+    "1.0 bundled"
+  end
+  autoload :Builder, "rack/builder"
+  autoload :Cascade, "rack/cascade"
+  autoload :Chunked, "rack/chunked"
+  autoload :CommonLogger, "rack/commonlogger"
+  autoload :ConditionalGet, "rack/conditionalget"
+  autoload :ContentLength, "rack/content_length"
+  autoload :ContentType, "rack/content_type"
+  autoload :File, "rack/file"
+  autoload :Deflater, "rack/deflater"
+  autoload :Directory, "rack/directory"
+  autoload :ForwardRequest, "rack/recursive"
+  autoload :Handler, "rack/handler"
+  autoload :Head, "rack/head"
+  autoload :Lint, "rack/lint"
+  autoload :Lock, "rack/lock"
+  autoload :MethodOverride, "rack/methodoverride"
+  autoload :Mime, "rack/mime"
+  autoload :Recursive, "rack/recursive"
+  autoload :Reloader, "rack/reloader"
+  autoload :ShowExceptions, "rack/showexceptions"
+  autoload :ShowStatus, "rack/showstatus"
+  autoload :Static, "rack/static"
+  autoload :URLMap, "rack/urlmap"
+  autoload :Utils, "rack/utils"
+  autoload :MockRequest, "rack/mock"
+  autoload :MockResponse, "rack/mock"
+  autoload :Request, "rack/request"
+  autoload :Response, "rack/response"
+  module Auth
+    autoload :Basic, "rack/auth/basic"
+    autoload :AbstractRequest, "rack/auth/abstract/request"
+    autoload :AbstractHandler, "rack/auth/abstract/handler"
+    autoload :OpenID, "rack/auth/openid"
+    module Digest
+      autoload :MD5, "rack/auth/digest/md5"
+      autoload :Nonce, "rack/auth/digest/nonce"
+      autoload :Params, "rack/auth/digest/params"
+      autoload :Request, "rack/auth/digest/request"
+    end
+  end
+  module Session
+    autoload :Cookie, "rack/session/cookie"
+    autoload :Pool, "rack/session/pool"
+    autoload :Memcache, "rack/session/memcache"
+  end
+  # *Adapters* connect Rack with third party web frameworks.
+  #
+  # Rack includes an adapter for Camping, see README for other
+  # frameworks supporting Rack in their code bases.
+  #
+  # Refer to the submodules for framework-specific calling details.
+  module Adapter
+    autoload :Camping, "rack/adapter/camping"
+  end
+end

data/lib/action_controller/vendor/rack-1.0/rack/adapter/camping.rb ADDED

@@ -0,0 +1,22 @@
+module Rack
+  module Adapter
+    class Camping
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        env["PATH_INFO"] ||= ""
+        env["SCRIPT_NAME"] ||= ""
+        controller = @app.run(env['rack.input'], env)
+        h = controller.headers
+        h.each_pair do |k,v|
+          if v.kind_of? URI
+            h[k] = v.to_s
+          end
+        end
+        [controller.status, controller.headers, [controller.body.to_s]]
+      end
+    end
+  end
+end

data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/handler.rb ADDED

@@ -0,0 +1,37 @@
+module Rack
+  module Auth
+    # Rack::Auth::AbstractHandler implements common authentication functionality.
+    #
+    # +realm+ should be set for all handlers.
+    class AbstractHandler
+      attr_accessor :realm
+      def initialize(app, realm=nil, &authenticator)
+        @app, @realm, @authenticator = app, realm, authenticator
+      end
+      private
+      def unauthorized(www_authenticate = challenge)
+        return [ 401,
+          { 'Content-Type' => 'text/plain',
+            'Content-Length' => '0',
+            'WWW-Authenticate' => www_authenticate.to_s },
+          []
+        ]
+      end
+      def bad_request
+        return [ 400,
+          { 'Content-Type' => 'text/plain',
+            'Content-Length' => '0' },
+          []
+        ]
+      end
+    end
+  end
+end

data/lib/action_controller/vendor/rack-1.0/rack/auth/abstract/request.rb ADDED

@@ -0,0 +1,37 @@
+module Rack
+  module Auth
+    class AbstractRequest
+      def initialize(env)
+        @env = env
+      end
+      def provided?
+        !authorization_key.nil?
+      end
+      def parts
+        @parts ||= @env[authorization_key].split(' ', 2)
+      end
+      def scheme
+        @scheme ||= parts.first.downcase.to_sym
+      end
+      def params
+        @params ||= parts.last
+      end
+      private
+      AUTHORIZATION_KEYS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION']
+      def authorization_key
+        @authorization_key ||= AUTHORIZATION_KEYS.detect { |key| @env.has_key?(key) }
+      end
+    end
+  end
+end

data/lib/action_controller/vendor/rack-1.0/rack/auth/basic.rb ADDED

@@ -0,0 +1,58 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/abstract/request'
+module Rack
+  module Auth
+    # Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617.
+    #
+    # Initialize with the Rack application that you want protecting,
+    # and a block that checks if a username and password pair are valid.
+    #
+    # See also: <tt>example/protectedlobster.rb</tt>
+    class Basic < AbstractHandler
+      def call(env)
+        auth = Basic::Request.new(env)
+        return unauthorized unless auth.provided?
+        return bad_request unless auth.basic?
+        if valid?(auth)
+          env['REMOTE_USER'] = auth.username
+          return @app.call(env)
+        end
+        unauthorized
+      end
+      private
+      def challenge
+        'Basic realm="%s"' % realm
+      end
+      def valid?(auth)
+        @authenticator.call(*auth.credentials)
+      end
+      class Request < Auth::AbstractRequest
+        def basic?
+          :basic == scheme
+        end
+        def credentials
+          @credentials ||= params.unpack("m*").first.split(/:/, 2)
+        end
+        def username
+          credentials.first
+        end
+      end
+    end
+  end
+end

data/lib/action_controller/vendor/rack-1.0/rack/auth/digest/md5.rb ADDED

@@ -0,0 +1,124 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/digest/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+require 'digest/md5'
+module Rack
+  module Auth
+    module Digest
+      # Rack::Auth::Digest::MD5 implements the MD5 algorithm version of
+      # HTTP Digest Authentication, as per RFC 2617.
+      #
+      # Initialize with the [Rack] application that you want protecting,
+      # and a block that looks up a plaintext password for a given username.
+      #
+      # +opaque+ needs to be set to a constant base64/hexadecimal string.
+      #
+      class MD5 < AbstractHandler
+        attr_accessor :opaque
+        attr_writer :passwords_hashed
+        def initialize(*args)
+          super
+          @passwords_hashed = nil
+        end
+        def passwords_hashed?
+          !!@passwords_hashed
+        end
+        def call(env)
+          auth = Request.new(env)
+          unless auth.provided?
+            return unauthorized
+          end
+          if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
+            return bad_request
+          end
+          if valid?(auth)
+            if auth.nonce.stale?
+              return unauthorized(challenge(:stale => true))
+            else
+              env['REMOTE_USER'] = auth.username
+              return @app.call(env)
+            end
+          end
+          unauthorized
+        end
+        private
+        QOP = 'auth'.freeze
+        def params(hash = {})
+          Params.new do |params|
+            params['realm'] = realm
+            params['nonce'] = Nonce.new.to_s
+            params['opaque'] = H(opaque)
+            params['qop'] = QOP
+            hash.each { |k, v| params[k] = v }
+          end
+        end
+        def challenge(hash = {})
+          "Digest #{params(hash)}"
+        end
+        def valid?(auth)
+          valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth)
+        end
+        def valid_qop?(auth)
+          QOP == auth.qop
+        end
+        def valid_opaque?(auth)
+          H(opaque) == auth.opaque
+        end
+        def valid_nonce?(auth)
+          auth.nonce.valid?
+        end
+        def valid_digest?(auth)
+          digest(auth, @authenticator.call(auth.username)) == auth.response
+        end
+        def md5(data)
+          ::Digest::MD5.hexdigest(data)
+        end
+        alias :H :md5
+        def KD(secret, data)
+          H([secret, data] * ':')
+        end
+        def A1(auth, password)
+          [ auth.username, auth.realm, password ] * ':'
+        end
+        def A2(auth)
+          [ auth.method, auth.uri ] * ':'
+        end
+        def digest(auth, password)
+          password_hash = passwords_hashed? ? password : H(A1(auth, password))
+          KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+        end
+      end
+    end
+  end
+end