actionpack 3.0.20 → 3.1.0.beta1

data/lib/action_dispatch/middleware/params_parser.rb

@@ -38,7 +38,7 @@ module ActionDispatch
         when Proc
           strategy.call(request.raw_post)
         when :xml_simple, :xml_node
-          data = request.deep_munge(Hash.from_xml(request.body.read) || {})
+          data = Hash.from_xml(request.body.read) || {}
           request.body.rewind if request.body.respond_to?(:rewind)
           data.with_indifferent_access
         when :yaml
@@ -47,7 +47,7 @@ module ActionDispatch
           data = ActiveSupport::JSON.decode(request.body)
           request.body.rewind if request.body.respond_to?(:rewind)
           data = {:_json => data} unless data.is_a?(Hash)
-          request.deep_munge(data).with_indifferent_access
+          data.with_indifferent_access
         else
           false
         end

data/lib/action_dispatch/middleware/reloader.rb

@@ -0,0 +1,76 @@
+module ActionDispatch
+  # ActionDispatch::Reloader provides prepare and cleanup callbacks,
+  # intended to assist with code reloading during development.
+  #
+  # Prepare callbacks are run before each request, and cleanup callbacks
+  # after each request. In this respect they are analogs of ActionDispatch::Callback's
+  # before and after callbacks. However, cleanup callbacks are not called until the
+  # request is fully complete -- that is, after #close has been called on
+  # the response body. This is important for streaming responses such as the
+  # following:
+  #
+  #     self.response_body = lambda { |response, output|
+  #       # code here which refers to application models
+  #     }
+  #
+  # Cleanup callbacks will not be called until after the response_body lambda
+  # is evaluated, ensuring that it can refer to application models and other
+  # classes before they are unloaded.
+  #
+  # By default, ActionDispatch::Reloader is included in the middleware stack
+  # only in the development environment; specifically, when config.cache_classes
+  # is false. Callbacks may be registered even when it is not included in the
+  # middleware stack, but are executed only when +ActionDispatch::Reloader.prepare!+
+  # or +ActionDispatch::Reloader.cleanup!+ are called manually.
+  #
+  class Reloader
+    include ActiveSupport::Callbacks
+
+    define_callbacks :prepare, :scope => :name
+    define_callbacks :cleanup, :scope => :name
+
+    # Add a prepare callback. Prepare callbacks are run before each request, prior
+    # to ActionDispatch::Callback's before callbacks.
+    def self.to_prepare(*args, &block)
+      set_callback(:prepare, *args, &block)
+    end
+
+    # Add a cleanup callback. Cleanup callbacks are run after each request is
+    # complete (after #close is called on the response body).
+    def self.to_cleanup(*args, &block)
+      set_callback(:cleanup, *args, &block)
+    end
+
+    # Execute all prepare callbacks.
+    def self.prepare!
+      new(nil).run_callbacks :prepare
+    end
+
+    # Execute all cleanup callbacks.
+    def self.cleanup!
+      new(nil).run_callbacks :cleanup
+    end
+
+    def initialize(app)
+      @app = app
+    end
+
+    module CleanupOnClose
+      def close
+        super if defined?(super)
+      ensure
+        ActionDispatch::Reloader.cleanup!
+      end
+    end
+
+    def call(env)
+      run_callbacks :prepare
+      response = @app.call(env)
+      response[2].extend(CleanupOnClose)
+      response
+    rescue Exception
+      run_callbacks :cleanup
+      raise
+    end
+  end
+end

data/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -1,5 +1,6 @@
 require 'rack/utils'
 require 'rack/request'
+require 'rack/session/abstract/id'
 require 'action_dispatch/middleware/cookies'
 require 'active_support/core_ext/object/blank'
 
@@ -8,249 +9,78 @@ module ActionDispatch
     class SessionRestoreError < StandardError #:nodoc:
     end
 
-    class AbstractStore
-      ENV_SESSION_KEY = 'rack.session'.freeze
-      ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
-
-      # thin wrapper around Hash that allows us to lazily
-      # load session id into session_options
-      class OptionsHash < Hash
-        def initialize(by, env, default_options)
-          @by = by
-          @env = env
-          @session_id_loaded = false
-          merge!(default_options)
-        end
-
-        def [](key)
-          if key == :id
-            load_session_id! unless key?(:id) || has_session_id?
-          end
-          super
-        end
-
-      private
-
-        def has_session_id?
-          @session_id_loaded
-        end
-
-        def load_session_id!
-          self[:id] = @by.send(:extract_session_id, @env)
-          @session_id_loaded = true
-        end
-      end
-
-      class SessionHash < Hash
-        def initialize(by, env)
-          super()
-          @by = by
-          @env = env
-          @loaded = false
-        end
-
-        def [](key)
-          load_for_read!
-          super(key.to_s)
-        end
-
-        def has_key?(key)
-          load_for_read!
-          super(key.to_s)
-        end
-
-        def []=(key, value)
-          load_for_write!
-          super(key.to_s, value)
-        end
-
-        def clear
-          load_for_write!
-          super
-        end
-
-        def to_hash
-          load_for_read!
-          h = {}.replace(self)
-          h.delete_if { |k,v| v.nil? }
-          h
-        end
-
-        def update(hash)
-          load_for_write!
-          super(hash.stringify_keys)
-        end
-
-        def delete(key)
-          load_for_write!
-          super(key.to_s)
-        end
-
-        def inspect
-          load_for_read!
-          super
-        end
-
-        def exists?
-          return @exists if instance_variable_defined?(:@exists)
-          @exists = @by.send(:exists?, @env)
-        end
-
-        def loaded?
-          @loaded
-        end
-
-        def destroy
-          clear
-          @by.send(:destroy, @env) if @by
-          @env[ENV_SESSION_OPTIONS_KEY][:id] = nil if @env && @env[ENV_SESSION_OPTIONS_KEY]
-          @loaded = false
-        end
-
-        private
-
-          def load_for_read!
-            load! if !loaded? && exists?
-          end
-
-          def load_for_write!
-            load! unless loaded?
-          end
-
-          def load!
-            id, session = @by.send(:load_session, @env)
-            @env[ENV_SESSION_OPTIONS_KEY][:id] = id
-            replace(session.stringify_keys)
-            @loaded = true
-          end
-
+    module DestroyableSession
+      def destroy
+        clear
+        options = @env[Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY] if @env
+        options ||= {}
+        @by.send(:destroy_session, @env, options[:id], options) if @by
+        options[:id] = nil
+        @loaded = false
       end
+    end
 
-      DEFAULT_OPTIONS = {
-        :key =>           '_session_id',
-        :path =>          '/',
-        :domain =>        nil,
-        :expire_after =>  nil,
-        :secure =>        false,
-        :httponly =>      true,
-        :cookie_only =>   true
-      }
+    ::Rack::Session::Abstract::SessionHash.send :include, DestroyableSession
 
+    module Compatibility
       def initialize(app, options = {})
-        @app = app
-        @default_options = DEFAULT_OPTIONS.merge(options)
-        @key = @default_options.delete(:key).freeze
-        @cookie_only = @default_options.delete(:cookie_only)
-        ensure_session_key!
+        options[:key] ||= '_session_id'
+        super
       end
 
-      def call(env)
-        prepare!(env)
-        response = @app.call(env)
-
-        session_data = env[ENV_SESSION_KEY]
-        options = env[ENV_SESSION_OPTIONS_KEY]
-
-        if !session_data.is_a?(AbstractStore::SessionHash) || session_data.loaded? || options[:expire_after]
-          session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.loaded?
-
-          sid = options[:id] || generate_sid
-          session_data = session_data.to_hash
-
-          value = set_session(env, sid, session_data)
-          return response unless value
-
-          cookie = { :value => value }
-          unless options[:expire_after].nil?
-            cookie[:expires] = Time.now + options.delete(:expire_after)
-          end
-
-          request = ActionDispatch::Request.new(env)
-          set_cookie(request, cookie.merge!(options))
-        end
-
-        response
+      def generate_sid
+        sid = ActiveSupport::SecureRandom.hex(16)
+        sid.encode!('UTF-8') if sid.respond_to?(:encode!)
+        sid
       end
 
-      private
-
-        def prepare!(env)
-          env[ENV_SESSION_KEY] = SessionHash.new(self, env)
-          env[ENV_SESSION_OPTIONS_KEY] = OptionsHash.new(self, env, @default_options)
-        end
-
-        def generate_sid
-          ActiveSupport::SecureRandom.hex(16)
-        end
-
-        def set_cookie(request, options)
-          if request.cookie_jar[@key] != options[:value] || !options[:expires].nil?
-            request.cookie_jar[@key] = options
-          end
-        end
-
-        def load_session(env)
-          stale_session_check! do
-            sid = current_session_id(env)
-            sid, session = get_session(env, sid)
-            [sid, session]
-          end
-        end
+    protected
 
-        def extract_session_id(env)
-          stale_session_check! do
-            request = ActionDispatch::Request.new(env)
-            sid = request.cookies[@key]
-            sid ||= request.params[@key] unless @cookie_only
-            sid
-          end
-        end
+      def initialize_sid
+        @default_options.delete(:sidbits)
+        @default_options.delete(:secure_random)
+      end
+    end
 
-        def current_session_id(env)
-          env[ENV_SESSION_OPTIONS_KEY][:id]
-        end
+    module StaleSessionCheck
+      def load_session(env)
+        stale_session_check! { super }
+      end
 
-        def ensure_session_key!
-          if @key.blank?
-            raise ArgumentError, 'A key is required to write a ' +
-              'cookie containing the session data. Use ' +
-              'config.session_store SESSION_STORE, { :key => ' +
-              '"_myapp_session" } in config/application.rb'
-          end
-        end
+      def extract_session_id(env)
+        stale_session_check! { super }
+      end
 
-        def stale_session_check!
-          yield
-        rescue ArgumentError => argument_error
-          if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
-            begin
-              # Note that the regexp does not allow $1 to end with a ':'
-              $1.constantize
-            rescue LoadError, NameError => const_error
-              raise ActionDispatch::Session::SessionRestoreError, "Session contains objects whose class definition isn't available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: #{const_error.message} [#{const_error.class}])\n"
-            end
-            retry
-          else
-            raise
+      def stale_session_check!
+        yield
+      rescue ArgumentError => argument_error
+        if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
+          begin
+            # Note that the regexp does not allow $1 to end with a ':'
+            $1.constantize
+          rescue LoadError, NameError => const_error
+            raise ActionDispatch::Session::SessionRestoreError, "Session contains objects whose class definition isn't available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: #{const_error.message} [#{const_error.class}])\n"
           end
+          retry
+        else
+          raise
         end
+      end
+    end
 
-        def exists?(env)
-          current_session_id(env).present?
-        end
-
-        def get_session(env, sid)
-          raise '#get_session needs to be implemented.'
-        end
+    class AbstractStore < Rack::Session::Abstract::ID
+      include Compatibility
+      include StaleSessionCheck
 
-        def set_session(env, sid, session_data)
-          raise '#set_session needs to be implemented and should return ' <<
-            'the value to be stored in the cookie (usually the sid)'
-        end
+      def destroy_session(env, sid, options)
+        ActiveSupport::Deprecation.warn "Implementing #destroy in session stores is deprecated. " <<
+          "Please implement destroy_session(env, session_id, options) instead."
+        destroy(env)
+      end
 
-        def destroy(env)
-          raise '#destroy needs to be implemented.'
-        end
+      def destroy(env)
+        raise '#destroy needs to be implemented.'
+      end
     end
   end
 end

data/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -1,5 +1,7 @@
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/object/blank'
+require 'action_dispatch/middleware/session/abstract_store'
+require 'rack/session/cookie'
 
 module ActionDispatch
   module Session
@@ -38,58 +40,32 @@ module ActionDispatch
     # "rake secret" and set the key in config/initializers/secret_token.rb.
     #
     # Note that changing digest or secret invalidates all existing sessions!
-    class CookieStore < AbstractStore
-
-      def initialize(app, options = {})
-        super(app, options.merge!(:cookie_only => true))
-        freeze
-      end
+    class CookieStore < Rack::Session::Cookie
+      include Compatibility
+      include StaleSessionCheck
 
       private
 
-        def load_session(env)
-          data = unpacked_cookie_data(env)
-          data = persistent_session_id!(data)
-          [data["session_id"], data]
-        end
-
-        def extract_session_id(env)
-          if data = unpacked_cookie_data(env)
-            data["session_id"]
-          else
-            nil
-          end
-        end
-
-        def unpacked_cookie_data(env)
-          env["action_dispatch.request.unsigned_session_cookie"] ||= begin
-            stale_session_check! do
-              request = ActionDispatch::Request.new(env)
-              if data = request.cookie_jar.signed[@key]
-                data.stringify_keys!
-              end
-              data || {}
+      def unpacked_cookie_data(env)
+        env["action_dispatch.request.unsigned_session_cookie"] ||= begin
+          stale_session_check! do
+            request = ActionDispatch::Request.new(env)
+            if data = request.cookie_jar.signed[@key]
+              data.stringify_keys!
             end
+            data || {}
           end
         end
+      end
 
-        def set_cookie(request, options)
-          request.cookie_jar.signed[@key] = options
-        end
-
-        def set_session(env, sid, session_data)
-          persistent_session_id!(session_data, sid)
-        end
-
-        def destroy(env)
-          # session data is stored on client; nothing to do here
-        end
+      def set_session(env, sid, session_data, options)
+        session_data.merge("session_id" => sid)
+      end
 
-        def persistent_session_id!(data, sid=nil)
-          data ||= {}
-          data["session_id"] ||= sid || generate_sid
-          data
-        end
+      def set_cookie(env, session_id, cookie)
+        request = ActionDispatch::Request.new(env)
+        request.cookie_jar.signed[@key] = cookie
+      end
     end
   end
 end