actionpack 3.0.0.beta → 3.0.0.beta2

data/lib/action_controller/metal.rb

@@ -34,10 +34,12 @@ module ActionController
     # and response object available. You might wish to control the
     # environment and response manually for performance reasons.
 
-    attr_internal :status, :headers, :content_type, :response
+    attr_internal :headers, :response, :request
+    delegate :session, :to => "@_request"
 
     def initialize(*)
-      @_headers = {}
+      @_headers = {"Content-Type" => "text/html"}
+      @_status = 200
       super
     end
 
@@ -49,17 +51,35 @@ module ActionController
       headers["Content-Type"] = type.to_s
     end
 
+    def content_type
+      headers["Content-Type"]
+    end
+
+    def location
+      headers["Location"]
+    end
+
     def location=(url)
       headers["Location"] = url
     end
 
+    def status
+      @_status
+    end
+
     def status=(status)
       @_status = Rack::Utils.status_code(status)
     end
 
+    def response_body=(val)
+      body = val.respond_to?(:each) ? val : [val]
+      super body
+    end
+
     # :api: private
-    def dispatch(name, env)
-      @_env = env
+    def dispatch(name, request)
+      @_request = request
+      @_env = request.env
       @_env['action_controller.instance'] = self
       process(name)
       to_a
@@ -70,31 +90,12 @@ module ActionController
       response ? response.to_a : [status, headers, response_body]
     end
 
-    class ActionEndpoint
-      @@endpoints = Hash.new {|h,k| h[k] = Hash.new {|sh,sk| sh[sk] = {} } }
-
-      def self.for(controller, action, stack)
-        @@endpoints[controller][action][stack] ||= begin
-          endpoint = new(controller, action)
-          stack.build(endpoint)
-        end
-      end
-
-      def initialize(controller, action)
-        @controller, @action = controller, action
-        @_formats = [Mime::HTML]
-      end
-
-      def call(env)
-        @controller.new.dispatch(@action, env)
-      end
-    end
-
     class_attribute :middleware_stack
     self.middleware_stack = ActionDispatch::MiddlewareStack.new
 
     def self.inherited(base)
       self.middleware_stack = base.middleware_stack.dup
+      super
     end
 
     def self.use(*args)
@@ -118,8 +119,10 @@ module ActionController
     #
     # ==== Returns
     # Proc:: A rack application
-    def self.action(name)
-      ActionEndpoint.for(self, name, middleware_stack)
+    def self.action(name, klass = ActionDispatch::Request)
+      middleware_stack.build do |env|
+        new.dispatch(name, klass.new(env))
+      end
     end
   end
 end

data/lib/action_controller/metal/compatibility.rb

@@ -2,26 +2,23 @@ module ActionController
   module Compatibility
     extend ActiveSupport::Concern
 
-    include AbstractController::Compatibility
-
     class ::ActionController::ActionControllerError < StandardError #:nodoc:
     end
 
+    module ClassMethods
+    end
+
     # Temporary hax
     included do
       ::ActionController::UnknownAction = ::AbstractController::ActionNotFound
       ::ActionController::DoubleRenderError = ::AbstractController::DoubleRenderError
 
-      cattr_accessor :session_options
-      self.session_options = {}
-
-      cattr_accessor :relative_url_root
-      self.relative_url_root = ENV['RAILS_RELATIVE_URL_ROOT']
+      # ROUTES TODO: This should be handled by a middleware and route generation
+      # should be able to handle SCRIPT_NAME
+      self.config.relative_url_root = ENV['RAILS_RELATIVE_URL_ROOT']
 
       class << self
         delegate :default_charset=, :to => "ActionDispatch::Response"
-        delegate :resources_path_names, :to => "ActionController::Routing::Routes"
-        delegate :resources_path_names=, :to => "ActionController::Routing::Routes"
       end
 
       # cattr_reader :protected_instance_variables
@@ -32,84 +29,31 @@ module ActionController
                                              @before_filter_chain_aborted @_headers @_params
                                              @_response)
 
-      # Controls the resource action separator
-      cattr_accessor :resource_action_separator
-      self.resource_action_separator = "/"
-
-      cattr_accessor :use_accept_header
-      self.use_accept_header = true
+      def rescue_action(env)
+        raise env["action_dispatch.rescue.exception"]
+      end
 
       self.page_cache_directory = defined?(Rails.public_path) ? Rails.public_path : ""
-
-      # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets,
-      # and images to a dedicated asset server away from the main web server. Example:
-      #   ActionController::Base.asset_host = "http://assets.example.com"
-      cattr_accessor :asset_host
-
-      cattr_accessor :ip_spoofing_check
-      self.ip_spoofing_check = true
-
-      cattr_accessor :trusted_proxies
     end
 
     # For old tests
     def initialize_template_class(*) end
     def assign_shortcuts(*) end
 
-    # TODO: Remove this after we flip
-    def template
-      @template ||= view_context
-    end
-
-    def process_action(*)
-      template
-      super
-    end
-
-    module ClassMethods
-      def consider_all_requests_local
-        ActiveSupport::Deprecation.warn "ActionController::Base.consider_all_requests_local is deprecated, " <<
-          "use Rails.application.config.consider_all_requests_local instead"
-        Rails.application.config.consider_all_requests_local
-      end
-
-      def consider_all_requests_local=(value)
-        ActiveSupport::Deprecation.warn "ActionController::Base.consider_all_requests_local= is no longer effective. " <<
-          "Please configure it on your application with config.consider_all_requests_local="
-      end
-
-      def allow_concurrency
-        ActiveSupport::Deprecation.warn "ActionController::Base.allow_concurrency is deprecated, " <<
-          "use Rails.application.config.allow_concurrency instead"
-        Rails.application.config.allow_concurrency
-      end
-
-      def allow_concurrency=(value)
-        ActiveSupport::Deprecation.warn "ActionController::Base.allow_concurrency= is no longer effective. " <<
-          "Please configure it on your application with config.allow_concurrency="
-      end
-
-      def rescue_action(env)
-        raise env["action_dispatch.rescue.exception"]
-      end
-
-      # Defines the storage option for cached fragments
-      def cache_store=(store_option)
-        @@cache_store = ActiveSupport::Cache.lookup_store(store_option)
-      end
-    end
-
-    delegate :consider_all_requests_local, :consider_all_requests_local=,
-             :allow_concurrency, :allow_concurrency=, :to => :"self.class"
-
-    def render_to_body(options)
-      if options.is_a?(Hash) && options.key?(:template)
-        options[:template].sub!(/^\//, '')
+    def _normalize_options(options)
+      if options[:action] && options[:action].to_s.include?(?/)
+        ActiveSupport::Deprecation.warn "Giving a path to render :action is deprecated. " <<
+          "Please use render :template instead", caller
+        options[:template] = options.delete(:action)
       end
 
       options[:text] = nil if options.delete(:nothing) == true
       options[:text] = " " if options.key?(:text) && options[:text].nil?
+      super
+    end
 
+    def render_to_body(options)
+      options[:template].sub!(/^\//, '') if options.key?(:template)
       super || " "
     end
 
@@ -124,18 +68,5 @@ module ActionController
     def performed?
       response_body
     end
-
-    # ==== Request only view path switching ====
-    def append_view_path(path)
-      view_paths.push(*path)
-    end
-
-    def prepend_view_path(path)
-      view_paths.unshift(*path)
-    end
-
-    def view_paths
-      view_context.view_paths
-    end
   end
 end

data/lib/action_controller/metal/cookies.rb

@@ -6,7 +6,6 @@ module ActionController #:nodoc:
 
     included do
       helper_method :cookies
-      cattr_accessor :cookie_verifier_secret
     end
     
     private

data/lib/action_controller/metal/head.rb

@@ -1,6 +1,7 @@
 module ActionController
   module Head
     extend ActiveSupport::Concern
+
     include ActionController::UrlFor
 
     # Return a response that has no content (merely headers). The options

data/lib/action_controller/metal/helpers.rb

@@ -86,7 +86,7 @@ module ActionController
       end
 
       private
-        # Overwrite _modules_for_helpers to accept :all as argument, which loads
+        # Overwrite modules_for_helpers to accept :all as argument, which loads
         # all helpers in helpers_dir.
         #
         # ==== Parameters
@@ -95,7 +95,7 @@ module ActionController
         # ==== Returns
         # Array[Module]:: A normalized list of modules for the list of
         #   helpers provided.
-        def _modules_for_helpers(args)
+        def modules_for_helpers(args)
           args += all_application_helpers if args.delete(:all)
           super(args)
         end

data/lib/action_controller/metal/hide_actions.rb

@@ -15,10 +15,8 @@ module ActionController
 
     # Overrides AbstractController::Base#action_method? to return false if the
     # action name is in the list of hidden actions.
-    def action_method?(action_name)
-      self.class.visible_action?(action_name) do
-        !self.class.hidden_actions.include?(action_name) && super
-      end
+    def method_for_action(action_name)
+      self.class.visible_action?(action_name) && super
     end
 
     module ClassMethods
@@ -31,13 +29,13 @@ module ActionController
       end
 
       def inherited(klass)
-        klass.instance_variable_set("@visible_actions", {})
+        klass.class_eval { @visible_actions = {} }
         super
       end
 
       def visible_action?(action_name)
         return @visible_actions[action_name] if @visible_actions.key?(action_name)
-        @visible_actions[action_name] = yield
+        @visible_actions[action_name] = !hidden_actions.include?(action_name)
       end
 
       # Overrides AbstractController::Base#action_methods to remove any methods

data/lib/action_controller/metal/http_authentication.rb

@@ -1,4 +1,5 @@
 require 'active_support/base64'
+require 'active_support/core_ext/object/blank'
 
 module ActionController
   module HttpAuthentication
@@ -124,7 +125,7 @@ module ActionController
       end
 
       def authenticate(request, &login_procedure)
-        unless authorization(request).blank?
+        unless request.authorization.blank?
           login_procedure.call(*user_name_and_password(request))
         end
       end
@@ -133,15 +134,8 @@ module ActionController
         decode_credentials(request).split(/:/, 2)
       end
 
-      def authorization(request)
-        request.env['HTTP_AUTHORIZATION']   ||
-        request.env['X-HTTP_AUTHORIZATION'] ||
-        request.env['X_HTTP_AUTHORIZATION'] ||
-        request.env['REDIRECT_X_HTTP_AUTHORIZATION']
-      end
-
       def decode_credentials(request)
-        ActiveSupport::Base64.decode64(authorization(request).split(' ', 2).last || '')
+        ActiveSupport::Base64.decode64(request.authorization.split(' ', 2).last || '')
       end
 
       def encode_credentials(user_name, password)
@@ -165,7 +159,7 @@ module ActionController
 
         # Authenticate with HTTP Digest, returns true or false
         def authenticate_with_http_digest(realm = "Application", &password_procedure)
-          HttpAuthentication::Digest.authenticate(request, realm, &password_procedure)
+          HttpAuthentication::Digest.authenticate(config.secret, request, realm, &password_procedure)
         end
 
         # Render output including the HTTP Digest authentication header
@@ -175,30 +169,23 @@ module ActionController
       end
 
       # Returns false on a valid response, true otherwise
-      def authenticate(request, realm, &password_procedure)
-        authorization(request) && validate_digest_response(request, realm, &password_procedure)
-      end
-
-      def authorization(request)
-        request.env['HTTP_AUTHORIZATION']   ||
-        request.env['X-HTTP_AUTHORIZATION'] ||
-        request.env['X_HTTP_AUTHORIZATION'] ||
-        request.env['REDIRECT_X_HTTP_AUTHORIZATION']
+      def authenticate(secret_key, request, realm, &password_procedure)
+        request.authorization && validate_digest_response(secret_key, request, realm, &password_procedure)
       end
 
       # Returns false unless the request credentials response value matches the expected value.
       # First try the password as a ha1 digest password. If this fails, then try it as a plain
       # text password.
-      def validate_digest_response(request, realm, &password_procedure)
+      def validate_digest_response(secret_key, request, realm, &password_procedure)
         credentials = decode_credentials_header(request)
-        valid_nonce = validate_nonce(request, credentials[:nonce])
+        valid_nonce = validate_nonce(secret_key, request, credentials[:nonce])
 
-        if valid_nonce && realm == credentials[:realm] && opaque == credentials[:opaque]
+        if valid_nonce && realm == credentials[:realm] && opaque(secret_key) == credentials[:opaque]
           password = password_procedure.call(credentials[:username])
           return false unless password
 
           method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
-          uri    = credentials[:uri][0,1] == '/' ? request.request_uri : request.url
+          uri    = credentials[:uri][0,1] == '/' ? request.fullpath : request.url
 
          [true, false].any? do |password_is_ha1|
            expected = expected_response(method, uri, credentials, password, password_is_ha1)
@@ -226,7 +213,7 @@ module ActionController
       end
 
       def decode_credentials_header(request)
-        decode_credentials(authorization(request))
+        decode_credentials(request.authorization)
       end
 
       def decode_credentials(header)
@@ -238,6 +225,9 @@ module ActionController
       end
 
       def authentication_header(controller, realm)
+        secret_key = controller.config.secret
+        nonce = self.nonce(secret_key)
+        opaque = opaque(secret_key)
         controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}")
       end
 
@@ -280,7 +270,7 @@ module ActionController
       # The nonce is opaque to the client. Composed of Time, and hash of Time with secret
       # key from the Rails session secret generated upon creation of project. Ensures
       # the time cannot be modified by client.
-      def nonce(time = Time.now)
+      def nonce(secret_key, time = Time.now)
         t = time.to_i
         hashed = [t, secret_key]
         digest = ::Digest::MD5.hexdigest(hashed.join(":"))
@@ -292,21 +282,16 @@ module ActionController
       # Can be much shorter if the Stale directive is implemented. This would
       # allow a user to use new nonce without prompting user again for their
       # username and password.
-      def validate_nonce(request, value, seconds_to_timeout=5*60)
+      def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
         t = ActiveSupport::Base64.decode64(value).split(":").first.to_i
-        nonce(t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
+        nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
       end
 
       # Opaque based on random generation - but changing each request?
-      def opaque()
+      def opaque(secret_key)
         ::Digest::MD5.hexdigest(secret_key)
       end
 
-      # Set in /initializers/session_store.rb, and loaded even if sessions are not in use.
-      def secret_key
-        ActionController::Base.session_options[:secret]
-      end
-
     end
   end
 end

data/lib/action_controller/metal/implicit_render.rb

@@ -0,0 +1,21 @@
+module ActionController
+  module ImplicitRender
+    def send_action(*)
+      ret = super
+      default_render unless response_body
+      ret
+    end
+
+    def default_render
+      render
+    end
+
+    def method_for_action(action_name)
+      super || begin
+        if template_exists?(action_name.to_s, _prefix)
+          "default_render"
+        end
+      end
+    end
+  end
+end