actionpack 3.2.19 → 4.0.0

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -4,7 +4,11 @@
   <meta charset="utf-8" />
   <title>Action Controller: Exception caught</title>
   <style>
-    body { background-color: #fff; color: #333; }
+    body {
+      background-color: #FAFAFA;
+      color: #333;
+      margin: 0px;
+    }
 
     body, p, ol, ul, td {
       font-family: helvetica, verdana, arial, sans-serif;
@@ -13,16 +17,134 @@
     }
 
     pre {
-      background-color: #eee;
-      padding: 10px;
       font-size: 11px;
       white-space: pre-wrap;
     }
 
-    a { color: #000; }
+    pre.box {
+      border: 1px solid #EEE;
+      padding: 10px;
+      margin: 0px;
+      width: 958px;
+    }
+
+    header {
+      color: #F0F0F0;
+      background: #C52F24;
+      padding: 0.5em 1.5em;
+    }
+
+    h1 {
+      margin: 0.2em 0;
+      line-height: 1.1em;
+      font-size: 2em;
+    }
+
+    h2 {
+      color: #C52F24;
+      line-height: 25px;
+    }
+
+    .details {
+      border: 1px solid #D0D0D0;
+      border-radius: 4px;
+      margin: 1em 0px;
+      display: block;
+      width: 978px;
+    }
+
+    .summary {
+      padding: 8px 15px;
+      border-bottom: 1px solid #D0D0D0;
+      display: block;
+    }
+
+    .details pre {
+      margin: 5px;
+      border: none;
+    }
+
+    #container {
+      box-sizing: border-box;
+      width: 100%;
+      padding: 0 1.5em;
+    }
+
+    .source * {
+      margin: 0px;
+      padding: 0px;
+    }
+
+    .source {
+      border: 1px solid #D9D9D9;
+      background: #ECECEC;
+      width: 978px;
+    }
+
+    .source pre {
+      padding: 10px 0px;
+      border: none;
+    }
+
+    .source .data {
+      font-size: 80%;
+      overflow: auto;
+      background-color: #FFF;
+    }
+
+    .info {
+      padding: 0.5em;
+    }
+
+    .source .data .line_numbers {
+      background-color: #ECECEC;
+      color: #AAA;
+      padding: 1em .5em;
+      border-right: 1px solid #DDD;
+      text-align: right;
+    }
+
+    .line {
+      padding-left: 10px;
+    }
+
+    .line:hover {
+      background-color: #F6F6F6;
+    }
+
+    .line.active {
+      background-color: #FFCCCC;
+    }
+
+    a { color: #980905; }
     a:visited { color: #666; }
-    a:hover { color: #fff; background-color:#000; }
+    a:hover { color: #C52F24; }
+
+    <%= yield :style %>
   </style>
+
+  <script>
+    var toggle = function(id) {
+      var s = document.getElementById(id).style;
+      s.display = s.display == 'none' ? 'block' : 'none';
+      return false;
+    }
+    var show = function(id) {
+      document.getElementById(id).style.display = 'block';
+    }
+    var hide = function(id) {
+      document.getElementById(id).style.display = 'none';
+    }
+    var toggleTrace = function() {
+      return toggle('blame_trace');
+    }
+    var toggleSessionDump = function() {
+      return toggle('session_dump');
+    }
+    var toggleEnvDump = function() {
+      return toggle('env_dump');
+    }
+  </script>
 </head>
 <body>
 

data/lib/action_dispatch/middleware/templates/rescues/missing_template.erb

@@ -1,2 +1,7 @@
-<h1>Template is missing</h1>
-<p><%=h @exception.message %></p>
+<header>
+  <h1>Template is missing</h1>
+</header>
+
+<div id="container">
+  <h2><%= @exception.message %></h2>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.erb

@@ -1,15 +1,30 @@
-<h1>Routing Error</h1>
-<p><pre><%=h @exception.message %></pre></p>
-<% unless @exception.failures.empty? %>
-  <p>
-    <h2>Failure reasons:</h2>
-    <ol>
-    <% @exception.failures.each do |route, reason| %>
-      <li><code><%=h route.inspect.gsub('\\', '') %></code> failed because <%=h reason.downcase %></li>
-    <% end %>
-    </ol>
-  </p>
-<% end %>
-<p>
-  Try running <code>rake routes</code> for more information on available routes.
-</p>
+<header>
+  <h1>Routing Error</h1>
+</header>
+<div id="container">
+  <h2><%= @exception.message %></h2>
+  <% unless @exception.failures.empty? %>
+    <p>
+      <h2>Failure reasons:</h2>
+      <ol>
+      <% @exception.failures.each do |route, reason| %>
+        <li><code><%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %></li>
+      <% end %>
+      </ol>
+    </p>
+  <% end %>
+
+  <%= render template: "rescues/_trace" %>
+
+  <% if @routes_inspector %>
+    <h2>
+      Routes
+    </h2>
+
+    <p>
+      Routes match in priority from top to bottom
+    </p>
+
+    <%= @routes_inspector.format(ActionDispatch::Routing::HtmlTableFormatter.new(self)) %>
+  <% end %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/template_error.erb

@@ -1,17 +1,43 @@
-<h1>
-  <%=h @exception.original_exception.class.to_s %> in
-  <%=h @request.parameters["controller"].capitalize if @request.parameters["controller"]%>#<%=h @request.parameters["action"] %>
-</h1>
+<% @source_extract = @exception.source_extract(0, :html) %>
+<header>
+  <h1>
+    <%= @exception.original_exception.class.to_s %> in
+    <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
+  </h1>
+</header>
 
-<p>
-  Showing <i><%=h @exception.file_name %></i> where line <b>#<%=h @exception.line_number %></b> raised:
-  <pre><code><%=h @exception.message %></code></pre>
-</p>
+<div id="container">
+  <p>
+    Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
+  </p>
+  <pre><code><%= @exception.message %></code></pre>
 
-<p>Extracted source (around line <b>#<%=h @exception.line_number %></b>):
-<pre><code><%=h @exception.source_extract %></code></pre></p>
+  <div class="source">
+    <div class="info">
+      <p>Extracted source (around line <strong>#<%= @exception.line_number %></strong>):</p>
+    </div>
+    <div class="data">
+    <table cellpadding="0" cellspacing="0" class="lines">
+      <tr>
+        <td>
+          <pre class="line_numbers">
+            <% @source_extract.keys.each do |line_number| %>
+<span><%= line_number -%></span>
+            <% end %>
+          </pre>
+        </td>
+<td width="100%">
+<pre>
+<% @source_extract.each do |line, source| -%><div class="line<%= " active" if line == @exception.line_number -%>"><%= source -%></div><% end -%>
+</pre>
+</td>
+    </tr>
+  </table>
+</div>
+</div>
 
-<p><%=h @exception.sub_template_message %></p>
+  <p><%= @exception.sub_template_message %></p>
 
-<%= render :template => "rescues/_trace" %>
-<%= render :template => "rescues/_request_and_response" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.erb

@@ -1,2 +1,6 @@
-<h1>Unknown action</h1>
-<p><%=h @exception.message %></p>
+<header>
+  <h1>Unknown action</h1>
+</header>
+<div id="container">
+  <h2><%= @exception.message %></h2>
+</div>

data/lib/action_dispatch/middleware/templates/routes/_route.html.erb

@@ -0,0 +1,16 @@
+<tr class='route_row' data-helper='path'>
+  <td data-route-name='<%= route[:name] %>'>
+    <% if route[:name].present? %>
+      <%= route[:name] %><span class='helper'>_path</span>
+    <% end %>
+  </td>
+  <td data-route-verb='<%= route[:verb] %>'>
+    <%= route[:verb] %>
+  </td>
+  <td data-route-path='<%= route[:path] %>' data-regexp='<%= route[:regexp] %>'>
+    <%= route[:path] %>
+  </td>
+  <td data-route-reqs='<%= route[:reqs] %>'>
+    <%= route[:reqs] %>
+  </td>
+</tr>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -0,0 +1,144 @@
+<% content_for :style do %>
+  #route_table {
+    margin: 0 auto 0;
+    border-collapse: collapse;
+  }
+
+  #route_table td {
+    padding: 0 30px;
+  }
+
+  #route_table tr.bottom th {
+    padding-bottom: 10px;
+    line-height: 15px;
+  }
+
+  #route_table .matched_paths {
+    background-color: LightGoldenRodYellow;
+  }
+
+  #route_table .matched_paths {
+    border-bottom: solid 3px SlateGrey;
+  }
+
+  #path_search {
+    width: 80%;
+    font-size: inherit;
+  }
+<% end %>
+
+<table id='route_table' class='route_table'>
+  <thead>
+    <tr>
+      <th>Helper</th>
+      <th>HTTP Verb</th>
+      <th>Path</th>
+      <th>Controller#Action</th>
+    </tr>
+    <tr class='bottom'>
+      <th><%# Helper %>
+        <%= link_to "Path", "#", 'data-route-helper' => '_path',
+                    title: "Returns a relative path (without the http or domain)" %> /
+        <%= link_to "Url", "#", 'data-route-helper' => '_url',
+                    title: "Returns an absolute url (with the http and domain)"   %>
+      </th>
+      <th><%# HTTP Verb %>
+      </th>
+      <th><%# Path %>
+        <%= search_field(:path, nil, id: 'path_search', placeholder: "Path Match") %>
+      </th>
+      <th><%# Controller#action %>
+      </th>
+    </tr>
+  </thead>
+  <tbody class='matched_paths' id='matched_paths'>
+  </tbody>
+  <tbody>
+    <%= yield %>
+  </tbody>
+</table>
+
+<script type='text/javascript'>
+  function each(elems, func) {
+    if (!elems instanceof Array) { elems = [elems]; }
+    for (var i = 0, len = elems.length; i < len; i++) {
+      func(elems[i]);
+    }
+  }
+
+  function setValOn(elems, val) {
+    each(elems, function(elem) {
+      elem.innerHTML = val;
+    });
+  }
+
+  function onClick(elems, func) {
+    each(elems, function(elem) {
+      elem.onclick = func;
+    });
+  }
+
+  // Enables functionality to toggle between `_path` and `_url` helper suffixes
+  function setupRouteToggleHelperLinks() {
+    var toggleLinks = document.querySelectorAll('#route_table [data-route-helper]');
+    onClick(toggleLinks, function(){
+      var helperTxt   = this.getAttribute("data-route-helper"),
+          helperElems = document.querySelectorAll('[data-route-name] span.helper');
+      setValOn(helperElems, helperTxt);
+    });
+  }
+
+  // takes an array of elements with a data-regexp attribute and
+  // passes their their parent <tr> into the callback function
+  // if the regexp matchs a given path
+  function eachElemsForPath(elems, path, func) {
+    each(elems, function(e){
+      var reg = e.getAttribute("data-regexp");
+      if (path.match(RegExp(reg))) {
+        func(e.parentNode.cloneNode(true));
+      }
+    })
+  }
+
+  // Ensure path always starts with a slash "/" and remove params or fragments
+  function sanitizePath(path) {
+    var path = path.charAt(0) == '/' ? path : "/" + path;
+    return path.replace(/\#.*|\?.*/, '');
+  }
+
+  // Enables path search functionality
+  function setupMatchPaths() {
+    var regexpElems     = document.querySelectorAll('#route_table [data-regexp]'),
+        pathElem        = document.querySelector('#path_search'),
+        selectedSection = document.querySelector('#matched_paths'),
+        noMatchText     = '<tr><th colspan="4">None</th></tr>';
+
+
+    // Remove matches if no path is present
+    pathElem.onblur = function(e) {
+      if (pathElem.value === "") selectedSection.innerHTML = "";
+    }
+
+    // On key press perform a search for matching paths
+    pathElem.onkeyup = function(e){
+      var path        = sanitizePath(pathElem.value),
+          defaultText = '<tr><th colspan="4">Paths Matching (' + path + '):</th></tr>';
+
+      // Clear out results section
+      selectedSection.innerHTML= defaultText;
+
+      // Display matches if they exist
+      eachElemsForPath(regexpElems, path, function(e){
+        selectedSection.appendChild(e);
+      });
+
+      // If no match present, tell the user
+      if (selectedSection.innerHTML === defaultText) {
+        selectedSection.innerHTML = selectedSection.innerHTML + noMatchText;
+      }
+    }
+  }
+
+  setupMatchPaths();
+  setupRouteToggleHelperLinks();
+</script>

data/lib/action_dispatch/railtie.rb

@@ -1,34 +1,44 @@
 require "action_dispatch"
 
 module ActionDispatch
-  class Railtie < Rails::Railtie
+  class Railtie < Rails::Railtie # :nodoc:
     config.action_dispatch = ActiveSupport::OrderedOptions.new
     config.action_dispatch.x_sendfile_header = nil
     config.action_dispatch.ip_spoofing_check = true
     config.action_dispatch.show_exceptions = true
-    config.action_dispatch.best_standards_support = true
     config.action_dispatch.tld_length = 1
     config.action_dispatch.ignore_accept_header = false
     config.action_dispatch.rescue_templates = { }
     config.action_dispatch.rescue_responses = { }
     config.action_dispatch.default_charset = nil
+    config.action_dispatch.rack_cache = false
+    config.action_dispatch.http_auth_salt = 'http authentication'
+    config.action_dispatch.signed_cookie_salt = 'signed cookie'
+    config.action_dispatch.encrypted_cookie_salt = 'encrypted cookie'
+    config.action_dispatch.encrypted_signed_cookie_salt = 'signed encrypted cookie'
 
-    config.action_dispatch.rack_cache = {
-      :metastore => "rails:/",
-      :entitystore => "rails:/",
-      :verbose => false
+    config.action_dispatch.default_headers = {
+      'X-Frame-Options' => 'SAMEORIGIN',
+      'X-XSS-Protection' => '1; mode=block',
+      'X-Content-Type-Options' => 'nosniff',
+      'X-UA-Compatible' => 'chrome=1'
     }
 
+    config.eager_load_namespaces << ActionDispatch
+
     initializer "action_dispatch.configure" do |app|
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
       ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
       ActionDispatch::Response.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
+      ActionDispatch::Response.default_headers = app.config.action_dispatch.default_headers
 
       ActionDispatch::ExceptionWrapper.rescue_responses.merge!(config.action_dispatch.rescue_responses)
       ActionDispatch::ExceptionWrapper.rescue_templates.merge!(config.action_dispatch.rescue_templates)
 
       config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
+
+      ActionDispatch.test_app = app
     end
   end
 end

data/lib/action_dispatch/request/session.rb

@@ -0,0 +1,181 @@
+require 'rack/session/abstract/id'
+
+module ActionDispatch
+  class Request < Rack::Request
+    # Session is responsible for lazily loading the session from store.
+    class Session # :nodoc:
+      ENV_SESSION_KEY         = Rack::Session::Abstract::ENV_SESSION_KEY # :nodoc:
+      ENV_SESSION_OPTIONS_KEY = Rack::Session::Abstract::ENV_SESSION_OPTIONS_KEY # :nodoc:
+
+      def self.create(store, env, default_options)
+        session_was = find env
+        session     = Request::Session.new(store, env)
+        session.merge! session_was if session_was
+
+        set(env, session)
+        Options.set(env, Request::Session::Options.new(store, env, default_options))
+        session
+      end
+
+      def self.find(env)
+        env[ENV_SESSION_KEY]
+      end
+
+      def self.set(env, session)
+        env[ENV_SESSION_KEY] = session
+      end
+
+      class Options #:nodoc:
+        def self.set(env, options)
+          env[ENV_SESSION_OPTIONS_KEY] = options
+        end
+
+        def self.find(env)
+          env[ENV_SESSION_OPTIONS_KEY]
+        end
+
+        def initialize(by, env, default_options)
+          @by       = by
+          @env      = env
+          @delegate = default_options.dup
+        end
+
+        def [](key)
+          if key == :id
+            @delegate.fetch(key) {
+              @delegate[:id] = @by.send(:extract_session_id, @env)
+            }
+          else
+            @delegate[key]
+          end
+        end
+
+        def []=(k,v);         @delegate[k] = v; end
+        def to_hash;          @delegate.dup; end
+        def values_at(*args); @delegate.values_at(*args); end
+      end
+
+      def initialize(by, env)
+        @by       = by
+        @env      = env
+        @delegate = {}
+        @loaded   = false
+        @exists   = nil # we haven't checked yet
+      end
+
+      def id
+        options[:id]
+      end
+
+      def options
+        Options.find @env
+      end
+
+      def destroy
+        clear
+        options = self.options || {}
+        new_sid = @by.send(:destroy_session, @env, options[:id], options)
+        options[:id] = new_sid # Reset session id with a new value or nil
+
+        # Load the new sid to be written with the response
+        @loaded = false
+        load_for_write!
+      end
+
+      def [](key)
+        load_for_read!
+        @delegate[key.to_s]
+      end
+
+      def has_key?(key)
+        load_for_read!
+        @delegate.key?(key.to_s)
+      end
+      alias :key? :has_key?
+      alias :include? :has_key?
+
+      def keys
+        @delegate.keys
+      end
+
+      def values
+        @delegate.values
+      end
+
+      def []=(key, value)
+        load_for_write!
+        @delegate[key.to_s] = value
+      end
+
+      def clear
+        load_for_write!
+        @delegate.clear
+      end
+
+      def to_hash
+        load_for_read!
+        @delegate.dup.delete_if { |_,v| v.nil? }
+      end
+
+      def update(hash)
+        load_for_write!
+        @delegate.update stringify_keys(hash)
+      end
+
+      def delete(key)
+        load_for_write!
+        @delegate.delete key.to_s
+      end
+
+      def inspect
+        if loaded?
+          super
+        else
+          "#<#{self.class}:0x#{(object_id << 1).to_s(16)} not yet loaded>"
+        end
+      end
+
+      def exists?
+        return @exists unless @exists.nil?
+        @exists = @by.send(:session_exists?, @env)
+      end
+
+      def loaded?
+        @loaded
+      end
+
+      def empty?
+        load_for_read!
+        @delegate.empty?
+      end
+
+      def merge!(other)
+        load_for_write!
+        @delegate.merge!(other)
+      end
+
+      private
+
+      def load_for_read!
+        load! if !loaded? && exists?
+      end
+
+      def load_for_write!
+        load! unless loaded?
+      end
+
+      def load!
+        id, session = @by.load_session @env
+        options[:id] = id
+        @delegate.replace(stringify_keys(session))
+        @loaded = true
+      end
+
+      def stringify_keys(other)
+        other.each_with_object({}) { |(key, value), hash|
+          hash[key.to_s] = value
+        }
+      end
+    end
+  end
+end