actionpack 3.0.0.beta4 → 3.0.0.rc

data/lib/action_controller/test_case.rb

@@ -40,7 +40,7 @@ module ActionController
       ActiveSupport::Notifications.unsubscribe("!render_template.action_view")
     end
 
-    # Asserts that the request was rendered with the appropriate template file or partials
+    # Asserts that the request was rendered with the appropriate template file or partials.
     #
     # ==== Examples
     #
@@ -53,6 +53,12 @@ module ActionController
     #   # assert that no partials were rendered
     #   assert_template :partial => false
     #
+    # In a view test case, you can also assert that specific locals are passed
+    # to partials:
+    #
+    #   # assert that the "_customer" partial was rendered with a specific object
+    #   assert_template :partial => '_customer', :locals => { :customer => @customer }
+    #
     def assert_template(options = {}, message = nil)
       validate_request!
 
@@ -72,9 +78,13 @@ module ActionController
         end
       when Hash
         if expected_partial = options[:partial]
-          if expected_count = options[:count]
+          if expected_locals = options[:locals]
+            actual_locals = @locals[expected_partial.to_s.sub(/^_/,'')]
+            expected_locals.each_pair do |k,v|
+              assert_equal(v, actual_locals[k])
+            end
+          elsif expected_count = options[:count]
             actual_count = @partials[expected_partial]
-            # actual_count = found.nil? ? 0 : found[1]
             msg = build_message(message,
                     "expecting ? to be rendered ? time(s) but rendered ? time(s)",
                      expected_partial, expected_count, actual_count)
@@ -183,12 +193,14 @@ module ActionController
       replace(session.stringify_keys)
       @loaded = true
     end
+
+    def exists?; true; end
   end
 
   # Superclass for ActionController functional tests. Functional tests allow you to
   # test a single controller action per test method. This should not be confused with
   # integration tests (see ActionController::IntegrationTest), which are more like
-  # "stories" that can involve multiple controllers and mutliple actions (i.e. multiple
+  # "stories" that can involve multiple controllers and multiple actions (i.e. multiple
   # different HTTP requests).
   #
   # == Basic example
@@ -353,7 +365,7 @@ module ActionController
       def xml_http_request(request_method, action, parameters = nil, session = nil, flash = nil)
         @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
         @request.env['HTTP_ACCEPT'] ||=  [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ')
-        returning __send__(request_method, action, parameters, session, flash) do
+        __send__(request_method, action, parameters, session, flash).tap do
           @request.env.delete 'HTTP_X_REQUESTED_WITH'
           @request.env.delete 'HTTP_ACCEPT'
         end
@@ -442,7 +454,7 @@ module ActionController
     end
 
     # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline
-    # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular
+    # (skipping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular
     # rescue_action process takes place. This means you can test your rescue_action code by setting remote_addr to something else
     # than 0.0.0.0.
     #

data/lib/action_controller/vendor/html-scanner/html/node.rb

@@ -177,6 +177,7 @@ module HTML #:nodoc:
                     case text
                       when "\\" then
                         value << text
+                        break if scanner.eos?
                         value << scanner.getch
                       when delim
                         break

data/lib/action_controller/vendor/html-scanner/html/tokenizer.rb

@@ -96,6 +96,7 @@ module HTML #:nodoc:
           while match = @scanner.scan_until(/[\\#{delim}]/)
             text << match
             break if @scanner.matched == delim
+            break if @scanner.eos?
             text << @scanner.getch # skip the escaped character
           end
         end

data/lib/action_dispatch.rb

@@ -24,9 +24,14 @@
 activesupport_path = File.expand_path('../../../activesupport/lib', __FILE__)
 $:.unshift(activesupport_path) if File.directory?(activesupport_path) && !$:.include?(activesupport_path)
 
+activemodel_path = File.expand_path('../../../activemodel/lib', __FILE__)
+$:.unshift(activemodel_path) if File.directory?(activemodel_path) && !$:.include?(activemodel_path)
+
 require 'active_support'
 require 'active_support/dependencies/autoload'
 
+require 'action_pack'
+require 'active_model'
 require 'rack'
 
 module Rack
@@ -63,6 +68,7 @@ module ActionDispatch
     autoload :Headers
     autoload :MimeNegotiation
     autoload :Parameters
+    autoload :ParameterFilter
     autoload :FilterParameters
     autoload :Upload
     autoload :UploadedFile, 'action_dispatch/http/upload'

data/lib/action_dispatch/http/cache.rb

@@ -89,7 +89,7 @@ module ActionDispatch
           if etag? || last_modified? || !@cache_control.empty?
             set_conditional_cache_control!
           elsif nonempty_ok_response?
-            self.etag = @body
+            self.etag = body
 
             if request && request.etag_matches?(etag)
               self.status = 304
@@ -137,4 +137,4 @@ module ActionDispatch
       end
     end
   end
-end
+end

data/lib/action_dispatch/http/filter_parameters.rb

@@ -26,88 +26,32 @@ module ActionDispatch
     module FilterParameters
       extend ActiveSupport::Concern
 
-      @@compiled_parameter_filter_for = {}
+      @@parameter_filter_for  = {}
 
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
-        @filtered_parameters ||= if filtering_parameters?
-          process_parameter_filter(parameters)
-        else
-          parameters.dup
-        end
+        @filtered_parameters ||= parameter_filter.filter(parameters)
       end
-      alias :fitered_params :filtered_parameters
 
       # Return a hash of request.env with all sensitive data replaced.
       def filtered_env
-        filtered_env = @env.dup
-        filtered_env.each do |key, value|
-          if (key =~ /RAW_POST_DATA/i)
-            filtered_env[key] = '[FILTERED]'
-          elsif value.is_a?(Hash)
-            filtered_env[key] = process_parameter_filter(value)
-          end
-        end
-        filtered_env
+        @filtered_env ||= env_filter.filter(@env)
       end
 
     protected
 
-      def filtering_parameters? #:nodoc:
-        @env["action_dispatch.parameter_filter"].present?
+      def parameter_filter
+        parameter_filter_for(@env["action_dispatch.parameter_filter"])
       end
 
-      def process_parameter_filter(params) #:nodoc:
-        compiled_parameter_filter_for(@env["action_dispatch.parameter_filter"]).call(params)
+      def env_filter
+        parameter_filter_for(Array.wrap(@env["action_dispatch.parameter_filter"]) << /RAW_POST_DATA/)
       end
 
-      def compile_parameter_filter(filters) #:nodoc:
-        strings, regexps, blocks = [], [], []
-
-        filters.each do |item|
-          case item
-          when NilClass
-          when Proc
-            blocks << item
-          when Regexp
-            regexps << item
-          else
-            strings << item.to_s
-          end
-        end
-
-        regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
-        [regexps, blocks]
-      end
-
-      def compiled_parameter_filter_for(filters) #:nodoc:
-        @@compiled_parameter_filter_for[filters] ||= begin
-          regexps, blocks = compile_parameter_filter(filters)
-
-          lambda do |original_params|
-            filtered_params = {}
-
-            original_params.each do |key, value|
-              if regexps.find { |r| key =~ r }
-                value = '[FILTERED]'
-              elsif value.is_a?(Hash)
-                value = process_parameter_filter(value)
-              elsif value.is_a?(Array)
-                value = value.map { |v| v.is_a?(Hash) ? process_parameter_filter(v) : v }
-              elsif blocks.present?
-                key = key.dup
-                value = value.dup if value.duplicable?
-                blocks.each { |b| b.call(key, value) }
-              end
-
-              filtered_params[key] = value
-            end
-
-            filtered_params
-          end
-        end
+      def parameter_filter_for(filters)
+        @@parameter_filter_for[filters] ||= ParameterFilter.new(filters)
       end
 
     end
   end
-end
+end

data/lib/action_dispatch/http/mime_type.rb

@@ -60,7 +60,7 @@ module Mime
       def initialize(order, name, q=nil)
         @order = order
         @name = name.strip
-        q ||= 0.0 if @name == Mime::ALL # default wilcard match to end of list
+        q ||= 0.0 if @name == Mime::ALL # default wildcard match to end of list
         @q = ((q || 1.0).to_f * 100).to_i
       end
 

data/lib/action_dispatch/http/parameter_filter.rb

@@ -0,0 +1,72 @@
+module ActionDispatch
+  module Http
+    class ParameterFilter
+
+      def initialize(filters)
+        @filters = filters
+      end
+
+      def filter(params)
+        if enabled?
+          compiled_filter.call(params)
+        else
+          params.dup
+        end
+      end
+
+    private
+
+      def enabled?
+        @filters.present?
+      end
+
+      def compiled_filter
+        @compiled_filter ||= begin
+          regexps, blocks = compile_filter
+
+          lambda do |original_params|
+            filtered_params = {}
+
+            original_params.each do |key, value|
+              if regexps.find { |r| key =~ r }
+                value = '[FILTERED]'
+              elsif value.is_a?(Hash)
+                value = filter(value)
+              elsif value.is_a?(Array)
+                value = value.map { |v| v.is_a?(Hash) ? filter(v) : v }
+              elsif blocks.present?
+                key = key.dup
+                value = value.dup if value.duplicable?
+                blocks.each { |b| b.call(key, value) }
+              end
+
+              filtered_params[key] = value
+            end
+
+            filtered_params
+          end
+        end
+      end
+
+      def compile_filter
+        strings, regexps, blocks = [], [], []
+
+        @filters.each do |item|
+          case item
+          when NilClass
+          when Proc
+            blocks << item
+          when Regexp
+            regexps << item
+          else
+            strings << item.to_s
+          end
+        end
+
+        regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
+        [regexps, blocks]
+      end
+
+    end
+  end
+end

data/lib/action_dispatch/http/parameters.rb

@@ -6,7 +6,11 @@ module ActionDispatch
     module Parameters
       # Returns both GET and POST \parameters in a single hash.
       def parameters
-        @env["action_dispatch.request.parameters"] ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access
+        @env["action_dispatch.request.parameters"] ||= begin
+          params = request_parameters.merge(query_parameters)
+          params.merge!(path_parameters)
+          encode_params(params).with_indifferent_access
+        end
       end
       alias :params :parameters
 
@@ -32,7 +36,32 @@ module ActionDispatch
       end
 
     private
-      # Convert nested Hashs to HashWithIndifferentAccess
+
+      # TODO: Validate that the characters are UTF-8. If they aren't,
+      # you'll get a weird error down the road, but our form handling
+      # should really prevent that from happening
+      def encode_params(params)
+        return params unless "ruby".encoding_aware?
+
+        if params.is_a?(String)
+          return params.force_encoding("UTF-8").encode!
+        elsif !params.is_a?(Hash)
+          return params
+        end
+
+        params.each do |k, v|
+          case v
+          when Hash
+            encode_params(v)
+          when Array
+            v.map! {|el| encode_params(el) }
+          else
+            encode_params(v)
+          end
+        end
+      end
+
+      # Convert nested Hash to HashWithIndifferentAccess
       def normalize_parameters(value)
         case value
         when Hash

data/lib/action_dispatch/http/request.rb

@@ -194,9 +194,12 @@ module ActionDispatch
       @env['rack.input']
     end
 
+    # TODO This should be broken apart into AD::Request::Session and probably
+    # be included by the session middleware.
     def reset_session
-      self.session_options.delete(:id)
+      session.destroy if session
       self.session = {}
+      @env['action_dispatch.request.flash_hash'] = nil
     end
 
     def session=(session) #:nodoc:

data/lib/action_dispatch/http/upload.rb

@@ -31,8 +31,8 @@ module ActionDispatch
     end
 
     module Upload
-      # Convert nested Hashs to HashWithIndifferentAccess and replace
-      # file upload hashs with UploadedFile objects
+      # Convert nested Hash to HashWithIndifferentAccess and replace
+      # file upload hash with UploadedFile objects
       def normalize_parameters(value)
         if Hash === value && value.has_key?(:tempfile)
           upload = value[:tempfile]

data/lib/action_dispatch/middleware/callbacks.rb

@@ -8,7 +8,7 @@ module ActionDispatch
   class Callbacks
     include ActiveSupport::Callbacks
 
-    define_callbacks :call, :terminator => "result == false", :rescuable => true
+    define_callbacks :call, :rescuable => true
     define_callbacks :prepare, :scope => :name
 
     # Add a preparation callback. Preparation callbacks are run before every
@@ -37,12 +37,12 @@ module ActionDispatch
 
     def initialize(app, prepare_each_request = false)
       @app, @prepare_each_request = app, prepare_each_request
-      run_callbacks(:prepare)
+      _run_prepare_callbacks
     end
 
     def call(env)
-      run_callbacks(:call) do
-        run_callbacks(:prepare) if @prepare_each_request
+      _run_call_callbacks do
+        _run_prepare_callbacks if @prepare_each_request
         @app.call(env)
       end
     end

data/lib/action_dispatch/middleware/cookies.rb

@@ -45,7 +45,16 @@ module ActionDispatch
   # * <tt>:value</tt> - The cookie's value or list of values (as an array).
   # * <tt>:path</tt> - The path for which this cookie applies.  Defaults to the root
   #   of the application.
-  # * <tt>:domain</tt> - The domain for which this cookie applies.
+  # * <tt>:domain</tt> - The domain for which this cookie applies so you can
+  #   restrict to the domain level. If you use a schema like www.example.com
+  #   and want to share session with user.example.com set <tt>:domain</tt>
+  #   to <tt>:all</tt>. Make sure to specify the <tt>:domain</tt> option with
+  #   <tt>:all</tt> again when deleting keys.
+  #
+  #     :domain => nil  # Does not sets cookie domain. (default)
+  #     :domain => :all # Allow the cookie for the top most level
+  #                       domain and subdomains.
+  #
   # * <tt>:expires</tt> - The time at which this cookie expires, as a Time object.
   # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
   #   Default is +false+.
@@ -59,17 +68,29 @@ module ActionDispatch
     class CookieOverflow < StandardError; end
 
     class CookieJar < Hash #:nodoc:
+
+      # This regular expression is used to split the levels of a domain
+      # So www.example.co.uk gives:
+      # $1 => www.
+      # $2 => example
+      # $3 => co.uk
+      DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
+
       def self.build(request)
         secret = request.env[TOKEN_KEY]
-        new(secret).tap do |hash|
+        host = request.env["HTTP_HOST"]
+
+        new(secret, host).tap do |hash|
           hash.update(request.cookies)
         end
       end
 
-      def initialize(secret=nil)
+      def initialize(secret = nil, host = nil)
         @secret = secret
         @set_cookies = {}
         @delete_cookies = {}
+        @host = host
+
         super()
       end
 
@@ -78,6 +99,15 @@ module ActionDispatch
         super(name.to_s)
       end
 
+      def handle_options(options) #:nodoc:
+        options[:path] ||= "/"
+
+        if options[:domain] == :all
+          @host =~ DOMAIN_REGEXP
+          options[:domain] = ".#{$2}.#{$3}"
+        end
+      end
+
       # Sets the cookie named +name+. The second argument may be the very cookie
       # value, or a hash of options as documented above.
       def []=(key, options)
@@ -91,7 +121,8 @@ module ActionDispatch
 
         value = super(key.to_s, value)
 
-        options[:path] ||= "/"
+        handle_options(options)
+
         @set_cookies[key] = options
         @delete_cookies.delete(key)
         value
@@ -102,7 +133,9 @@ module ActionDispatch
       # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
       def delete(key, options = {})
         options.symbolize_keys!
-        options[:path] ||= "/"
+
+        handle_options(options)
+
         value = super(key.to_s)
         @delete_cookies[key] = options
         value
@@ -118,7 +151,7 @@ module ActionDispatch
       # This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
       #
       #   cookies.permanent.signed[:remember_me] = current_user.id
-      #   # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+      #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
         @permanent ||= PermanentCookieJar.new(self, @secret)
       end