actionpack 3.0.0.beta2 → 3.0.0.beta3

data/lib/action_dispatch/middleware/cookies.rb

@@ -1,3 +1,5 @@
+require "active_support/core_ext/object/blank"
+
 module ActionDispatch
   class Request
     def cookie_jar
@@ -52,16 +54,17 @@ module ActionDispatch
   class Cookies
     class CookieJar < Hash #:nodoc:
       def self.build(request)
-        new.tap do |hash|
+        secret = request.env["action_dispatch.secret_token"]
+        new(secret).tap do |hash|
           hash.update(request.cookies)
         end
       end
 
-      def initialize
+      def initialize(secret=nil)
+        @secret = secret
         @set_cookies = {}
         @delete_cookies = {}
-
-        super
+        super()
       end
 
       # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists.
@@ -111,7 +114,7 @@ module ActionDispatch
       #   cookies.permanent.signed[:remember_me] = current_user.id
       #   # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
-        @permanent ||= PermanentCookieJar.new(self)
+        @permanent ||= PermanentCookieJar.new(self, @secret)
       end
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -119,7 +122,7 @@ module ActionDispatch
       # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
       # be raised.
       #
-      # This jar requires that you set a suitable secret for the verification on ActionController::Base.cookie_verifier_secret.
+      # This jar requires that you set a suitable secret for the verification on your app's config.secret_token.
       #
       # Example:
       #
@@ -128,7 +131,7 @@ module ActionDispatch
       #
       #   cookies.signed[:discount] # => 45
       def signed
-        @signed ||= SignedCookieJar.new(self)
+        @signed ||= SignedCookieJar.new(self, @secret)
       end
 
       def write(response)
@@ -138,8 +141,8 @@ module ActionDispatch
     end
 
     class PermanentCookieJar < CookieJar #:nodoc:
-      def initialize(parent_jar)
-        @parent_jar = parent_jar
+      def initialize(parent_jar, secret)
+        @parent_jar, @secret = parent_jar, secret
       end
 
       def []=(key, options)
@@ -154,11 +157,7 @@ module ActionDispatch
       end
 
       def signed
-        @signed ||= SignedCookieJar.new(self)
-      end
-
-      def controller
-        @parent_jar.controller
+        @signed ||= SignedCookieJar.new(self, @secret)
       end
 
       def method_missing(method, *arguments, &block)
@@ -167,18 +166,15 @@ module ActionDispatch
     end
 
     class SignedCookieJar < CookieJar #:nodoc:
-      def initialize(parent_jar)
-        unless ActionController::Base.config.secret
-          raise "You must set ActionController::Base.config.secret"
-        end
-
+      def initialize(parent_jar, secret)
+        raise "You must set config.secret_token in your app's config" if secret.blank?
         @parent_jar = parent_jar
-        @verifier = ActiveSupport::MessageVerifier.new(ActionController::Base.config.secret)
+        @verifier   = ActiveSupport::MessageVerifier.new(secret)
       end
 
       def [](name)
-        if value = @parent_jar[name]
-          @verifier.verify(value)
+        if signed_message = @parent_jar[name]
+          @verifier.verify(signed_message)
         end
       end
 

data/lib/action_dispatch/middleware/params_parser.rb

@@ -36,17 +36,16 @@ module ActionDispatch
         when Proc
           strategy.call(request.raw_post)
         when :xml_simple, :xml_node
-          request.body.size == 0 ? {} : Hash.from_xml(request.raw_post).with_indifferent_access
+          data = Hash.from_xml(request.body) || {}
+          request.body.rewind if request.body.respond_to?(:rewind)
+          data.with_indifferent_access
         when :yaml
           YAML.load(request.raw_post)
         when :json
-          if request.body.size == 0
-            {}
-          else
-            data = ActiveSupport::JSON.decode(request.raw_post)
-            data = {:_json => data} unless data.is_a?(Hash)
-            data.with_indifferent_access
-          end
+          data = ActiveSupport::JSON.decode(request.body)
+          request.body.rewind if request.body.respond_to?(:rewind)
+          data = {:_json => data} unless data.is_a?(Hash)
+          data.with_indifferent_access
         else
           false
         end
@@ -76,4 +75,4 @@ module ActionDispatch
         defined?(Rails.logger) ? Rails.logger : Logger.new($stderr)
       end
   end
-end
+end

data/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -192,7 +192,7 @@ module ActionDispatch
           if secret.blank?
             raise ArgumentError, "A secret is required to generate an " +
               "integrity hash for cookie session data. Use " +
-              "config.cookie_secret = \"some secret phrase of at " +
+              "config.secret_token = \"some secret phrase of at " +
               "least #{SECRET_MIN_LENGTH} characters\"" +
               "in config/application.rb"
           end

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb

@@ -6,7 +6,7 @@
 <% end %>
 
 <%
-  clean_params = @request.parameters.clone
+  clean_params = @request.filtered_parameters.clone
   clean_params.delete("action")
   clean_params.delete("controller")
 

data/lib/action_dispatch/railtie.rb

@@ -6,6 +6,7 @@ module ActionDispatch
     config.action_dispatch = ActiveSupport::OrderedOptions.new
     config.action_dispatch.x_sendfile_header = ""
     config.action_dispatch.ip_spoofing_check = true
+    config.action_dispatch.show_exceptions = true
 
     # Prepare dispatcher callbacks and run 'prepare' callbacks
     initializer "action_dispatch.prepare_dispatcher" do |app|

data/lib/action_dispatch/routing.rb

@@ -136,20 +136,32 @@ module ActionDispatch
   #
   # == HTTP Methods
   #
-  # With conditions you can define restrictions on routes. Currently the only valid condition is <tt>:method</tt>.
+  # Using the <tt>:via</tt> option when specifying a route allows you to restrict it to a specific HTTP method.
+  # Possible values are <tt>:post</tt>, <tt>:get</tt>, <tt>:put</tt>, <tt>:delete</tt> and <tt>:any</tt>. 
+  # If your route needs to respond to more than one method you can use an array, e.g. <tt>[ :get, :post ]</tt>. 
+  # The default value is <tt>:any</tt> which means that the route will respond to any of the HTTP methods.
   #
-  # * <tt>:method</tt> - Allows you to specify which HTTP method(s) can access the route. Possible values are
-  #   <tt>:post</tt>, <tt>:get</tt>, <tt>:put</tt>, <tt>:delete</tt> and <tt>:any</tt>. Use an array to specify more
-  #   than one method, e.g. <tt>[ :get, :post ]</tt>. The default value is <tt>:any</tt>, <tt>:any</tt> means that any
-  #   method can access the route.
+  # Examples:
   #
-  # Example:
+  #   match 'post/:id' => 'posts#show', :via => :get
+  #   match 'post/:id' => "posts#create_comment', :via => :post
+  #
+  # Now, if you POST to <tt>/posts/:id</tt>, it will route to the <tt>create_comment</tt> action. A GET on the same
+  # URL will route to the <tt>show</tt> action. 
+  #
+  # === HTTP helper methods
   #
-  #   get  'post/:id' => 'posts#show'
+  # An alternative method of specifying which HTTP method a route should respond to is to use the helper
+  # methods <tt>get</tt>, <tt>post</tt>, <tt>put</tt> and <tt>delete</tt>.
+  #
+  # Examples:
+  #
+  #   get 'post/:id' => 'posts#show'
   #   post 'post/:id' => "posts#create_comment'
   #
-  # Now, if you POST to <tt>/posts/:id</tt>, it will route to the <tt>create_comment</tt> action. A GET on the same
-  # URL will route to the <tt>show</tt> action.
+  # This syntax is less verbose and the intention is more apparent to someone else reading your code,
+  # however if your route needs to respond to more than one HTTP method (or all methods) then using the
+  # <tt>:via</tt> option on <tt>match</tt> is preferable.
   #
   # == Reloading routes
   #
@@ -208,11 +220,11 @@ module ActionDispatch
     autoload :RouteSet, 'action_dispatch/routing/route_set'
     autoload :UrlFor, 'action_dispatch/routing/url_for'
 
-    SEPARATORS = %w( / . ? )
-    HTTP_METHODS = [:get, :head, :post, :put, :delete, :options]
+    SEPARATORS = %w( / . ? ) #:nodoc:
+    HTTP_METHODS = [:get, :head, :post, :put, :delete, :options] #:nodoc:
 
     # A helper module to hold URL related helpers.
-    module Helpers
+    module Helpers #:nodoc:
       include ActionController::PolymorphicRoutes
     end
   end

data/lib/action_dispatch/routing/deprecated_mapper.rb

@@ -75,7 +75,7 @@ module ActionDispatch
     # supplying you with methods to create them in your routes.rb file.
     #
     # Read more about REST at http://en.wikipedia.org/wiki/Representational_State_Transfer
-    class DeprecatedMapper #:doc:
+    class DeprecatedMapper #:nodoc:
       def initialize(set) #:nodoc:
         @set = set
       end

data/lib/action_dispatch/routing/mapper.rb

@@ -4,21 +4,21 @@ require 'active_support/core_ext/object/blank'
 module ActionDispatch
   module Routing
     class Mapper
-      class Constraints
-        def self.new(app, constraints = [])
+      class Constraints #:nodoc:
+        def self.new(app, constraints, request = Rack::Request)
           if constraints.any?
-            super(app, constraints)
+            super(app, constraints, request)
           else
             app
           end
         end
 
-        def initialize(app, constraints = [])
-          @app, @constraints = app, constraints
+        def initialize(app, constraints, request)
+          @app, @constraints, @request = app, constraints, request
         end
 
         def call(env)
-          req = Rack::Request.new(env)
+          req = @request.new(env)
 
           @constraints.each { |constraint|
             if constraint.respond_to?(:matches?) && !constraint.matches?(req)
@@ -32,7 +32,7 @@ module ActionDispatch
         end
       end
 
-      class Mapping
+      class Mapping #:nodoc:
         IGNORE_OPTIONS = [:to, :as, :controller, :action, :via, :on, :constraints, :defaults, :only, :except, :anchor]
 
         def initialize(set, scope, args)
@@ -55,6 +55,14 @@ module ActionDispatch
               path = args.first
             end
 
+            if @scope[:module] && options[:to]
+              if options[:to].to_s.include?("#")
+                options[:to] = "#{@scope[:module]}/#{options[:to]}"
+              elsif @scope[:controller].nil?
+                options[:to] = "#{@scope[:module]}##{options[:to]}"
+              end
+            end
+
             path = normalize_path(path)
 
             if using_match_shorthand?(path, options)
@@ -83,7 +91,8 @@ module ActionDispatch
           def app
             Constraints.new(
               to.respond_to?(:call) ? to : Routing::RouteSet::Dispatcher.new(:defaults => defaults),
-              blocks
+              blocks,
+              @set.request_class
             )
           end
 
@@ -115,11 +124,16 @@ module ActionDispatch
                 controller, action = to.split('#')
                 { :controller => controller, :action => action }
               when Symbol
-                { :action => to.to_s }.merge(default_controller ? { :controller => default_controller } : {})
+                { :action => to.to_s }
               else
-                default_controller ? { :controller => default_controller } : {}
+                {}
               end
 
+              defaults[:controller] ||= default_controller
+
+              defaults.delete(:controller) if defaults[:controller].blank?
+              defaults.delete(:action)     if defaults[:action].blank?
+
               if defaults[:controller].blank? && segment_keys.exclude?("controller")
                 raise ArgumentError, "missing :controller"
               end
@@ -166,7 +180,11 @@ module ActionDispatch
           end
 
           def default_controller
-            @scope[:controller].to_s if @scope[:controller]
+            if @options[:controller]
+              @options[:controller].to_s
+            elsif @scope[:controller]
+              @scope[:controller].to_s
+            end
           end
       end
 
@@ -180,7 +198,7 @@ module ActionDispatch
       end
 
       module Base
-        def initialize(set)
+        def initialize(set) #:nodoc:
           @set = set
         end
 
@@ -194,6 +212,21 @@ module ActionDispatch
           self
         end
 
+        def mount(app, options = nil)
+          if options
+            path = options.delete(:at)
+          else
+            options = app
+            app, path = options.find { |k, v| k.respond_to?(:call) }
+            options.delete(app) if app
+          end
+
+          raise "A rack application must be specified" unless path
+
+          match(path, options.merge(:to => app, :anchor => false))
+          self
+        end
+
         def default_url_options=(options)
           @set.default_url_options = options
         end
@@ -227,7 +260,11 @@ module ActionDispatch
 
           lambda do |env|
             req = Request.new(env)
-            uri = URI.parse(path_proc.call(req.symbolized_path_parameters))
+
+            params = [req.symbolized_path_parameters]
+            params << req if path_proc.arity > 1
+
+            uri = URI.parse(path_proc.call(*params))
             uri.scheme ||= req.scheme
             uri.host   ||= req.host
             uri.port   ||= req.port unless req.port == 80
@@ -252,7 +289,7 @@ module ActionDispatch
       end
 
       module Scoping
-        def initialize(*args)
+        def initialize(*args) #:nodoc:
           @scope = {}
           super
         end
@@ -304,7 +341,8 @@ module ActionDispatch
         end
 
         def namespace(path)
-          scope(path.to_s, :name_prefix => path.to_s, :controller_namespace => path.to_s) { yield }
+          path = path.to_s
+          scope(:path => path, :name_prefix => path, :module => path) { yield }
         end
 
         def constraints(constraints = {})
@@ -343,15 +381,15 @@ module ActionDispatch
             parent ? "#{parent}_#{child}" : child
           end
 
-          def merge_controller_namespace_scope(parent, child)
+          def merge_module_scope(parent, child)
             parent ? "#{parent}/#{child}" : child
           end
 
           def merge_controller_scope(parent, child)
-            @scope[:controller_namespace] ? "#{@scope[:controller_namespace]}/#{child}" : child
+            @scope[:module] ? "#{@scope[:module]}/#{child}" : child
           end
 
-          def merge_resources_path_names_scope(parent, child)
+          def merge_path_names_scope(parent, child)
             merge_options_scope(parent, child)
           end
 
@@ -373,21 +411,20 @@ module ActionDispatch
       end
 
       module Resources
-        CRUD_ACTIONS = [:index, :show, :create, :update, :destroy]
+        CRUD_ACTIONS = [:index, :show, :create, :update, :destroy] #:nodoc:
 
         class Resource #:nodoc:
           def self.default_actions
             [:index, :create, :new, :show, :update, :destroy, :edit]
           end
 
-          attr_reader :plural, :singular, :options
+          attr_reader :controller, :path, :options
 
           def initialize(entities, options = {})
-            @name = entities.to_s
-            @options = options
-
-            @plural   = @name.pluralize
-            @singular = @name.singularize
+            @name       = entities.to_s
+            @path       = options.delete(:path) || @name
+            @controller = options.delete(:controller) || @name.to_s.pluralize
+            @options    = options
           end
 
           def default_actions
@@ -417,8 +454,12 @@ module ActionDispatch
             options[:as] || @name
           end
 
-          def controller
-            options[:controller] || plural
+          def plural
+            name.to_s.pluralize
+          end
+
+          def singular
+            name.to_s.singularize
           end
 
           def member_name
@@ -495,9 +536,9 @@ module ActionDispatch
           end
         end
 
-        def initialize(*args)
+        def initialize(*args) #:nodoc:
           super
-          @scope[:resources_path_names] = @set.resources_path_names
+          @scope[:path_names] = @set.resources_path_names
         end
 
         def resource(*resources, &block)
@@ -509,7 +550,7 @@ module ActionDispatch
 
           resource = SingletonResource.new(resources.pop, options)
 
-          scope(:path => resource.name.to_s, :controller => resource.controller) do
+          scope(:path => resource.path, :controller => resource.controller) do
             with_scope_level(:resource, resource) do
 
               scope(:name_prefix => resource.name.to_s, :as => "") do
@@ -539,7 +580,7 @@ module ActionDispatch
 
           resource = Resource.new(resources.pop, options)
 
-          scope(:path => resource.name.to_s, :controller => resource.controller) do
+          scope(:path => resource.path, :controller => resource.controller) do
             with_scope_level(:resources, resource) do
               yield if block_given?
 
@@ -603,21 +644,6 @@ module ActionDispatch
           end
         end
 
-        def mount(app, options = nil)
-          if options
-            path = options.delete(:at)
-          else
-            options = app
-            app, path = options.find { |k, v| k.respond_to?(:call) }
-            options.delete(app) if app
-          end
-
-          raise "A rack application must be specified" unless path
-
-          match(path, options.merge(:to => app, :anchor => false))
-          self
-        end
-
         def match(*args)
           options = args.extract_options!
 
@@ -628,7 +654,7 @@ module ActionDispatch
             return self
           end
 
-          resources_path_names = options.delete(:path_names)
+          path_names = options.delete(:path_names)
 
           if args.first.is_a?(Symbol)
             action = args.first
@@ -645,7 +671,7 @@ module ActionDispatch
               end
             else
               with_exclusive_name_prefix(action) do
-                return match("#{action_path(action, resources_path_names)}(.:format)", options.reverse_merge(:to => action))
+                return match("#{action_path(action, path_names)}(.:format)", options.reverse_merge(:to => action))
               end
             end
           end
@@ -667,13 +693,13 @@ module ActionDispatch
         end
 
         protected
-          def parent_resource
+          def parent_resource #:nodoc:
             @scope[:scope_level_resource]
           end
 
         private
           def action_path(name, path_names = nil)
-            path_names ||= @scope[:resources_path_names]
+            path_names ||= @scope[:path_names]
             path_names[name.to_sym] || name.to_s
           end
 
@@ -684,7 +710,7 @@ module ActionDispatch
             end
 
             if path_names = options.delete(:path_names)
-              scope(:resources_path_names => path_names) do
+              scope(:path_names => path_names) do
                 send(method, resources.pop, options, &block)
               end
               return true