actionpack 3.2.19 → 4.2.11.3

data/lib/action_controller/caching.rb

@@ -2,41 +2,33 @@ require 'fileutils'
 require 'uri'
 require 'set'
 
-module ActionController #:nodoc:
+module ActionController
   # \Caching is a cheap way of speeding up slow applications by keeping the result of
   # calculations, renderings, and database calls around for subsequent requests.
-  # Action Controller affords you three approaches in varying levels of granularity:
-  # Page, Action, Fragment.
   #
-  # You can read more about each approach and the sweeping assistance by clicking the
-  # modules below.
+  # You can read more about each approach by clicking the modules below.
   #
-  # Note: To turn off all caching and sweeping, set
-  #   config.action_controller.perform_caching = false.
+  # Note: To turn off all caching, set
+  #   config.action_controller.perform_caching = false
   #
   # == \Caching stores
   #
   # All the caching stores from ActiveSupport::Cache are available to be used as backends
-  # for Action Controller caching. This setting only affects action and fragment caching
-  # as page caching is always written to disk.
+  # for Action Controller caching.
   #
-  # Configuration examples (MemoryStore is the default):
+  # Configuration examples (FileStore is the default):
   #
   #   config.action_controller.cache_store = :memory_store
-  #   config.action_controller.cache_store = :file_store, "/path/to/cache/directory"
-  #   config.action_controller.cache_store = :mem_cache_store, "localhost"
-  #   config.action_controller.cache_store = :mem_cache_store, Memcached::Rails.new("localhost:11211")
-  #   config.action_controller.cache_store = MyOwnStore.new("parameter")
+  #   config.action_controller.cache_store = :file_store, '/path/to/cache/directory'
+  #   config.action_controller.cache_store = :mem_cache_store, 'localhost'
+  #   config.action_controller.cache_store = :mem_cache_store, Memcached::Rails.new('localhost:11211')
+  #   config.action_controller.cache_store = MyOwnStore.new('parameter')
   module Caching
     extend ActiveSupport::Concern
     extend ActiveSupport::Autoload
 
     eager_autoload do
-      autoload :Actions
       autoload :Fragments
-      autoload :Pages
-      autoload :Sweeper, 'action_controller/caching/sweeping'
-      autoload :Sweeping, 'action_controller/caching/sweeping'
     end
 
     module ConfigMethods
@@ -48,39 +40,50 @@ module ActionController #:nodoc:
         config.cache_store = ActiveSupport::Cache.lookup_store(store)
       end
 
-    private
-
-      def cache_configured?
-        perform_caching && cache_store
-      end
+      private
+        def cache_configured?
+          perform_caching && cache_store
+        end
     end
 
     include RackDelegation
     include AbstractController::Callbacks
 
     include ConfigMethods
-    include Pages, Actions, Fragments
-    include Sweeping if defined?(ActiveRecord)
+    include Fragments
 
     included do
       extend ConfigMethods
 
+      config_accessor :default_static_extension
+      self.default_static_extension ||= '.html'
+
       config_accessor :perform_caching
       self.perform_caching = true if perform_caching.nil?
-    end
 
-    def caching_allowed?
-      request.get? && response.status == 200
+      class_attribute :_view_cache_dependencies
+      self._view_cache_dependencies = []
+      helper_method :view_cache_dependencies if respond_to?(:helper_method)
     end
 
-  protected
-    # Convenience accessor
-    def cache(key, options = {}, &block)
-      if cache_configured?
-        cache_store.fetch(ActiveSupport::Cache.expand_cache_key(key, :controller), options, &block)
-      else
-        yield
+    module ClassMethods
+      def view_cache_dependency(&dependency)
+        self._view_cache_dependencies += [dependency]
       end
     end
+
+    def view_cache_dependencies
+      self.class._view_cache_dependencies.map { |dep| instance_exec(&dep) }.compact
+    end
+
+    protected
+      # Convenience accessor.
+      def cache(key, options = {}, &block)
+        if cache_configured?
+          cache_store.fetch(ActiveSupport::Cache.expand_cache_key(key, :controller), options, &block)
+        else
+          yield
+        end
+      end
   end
 end

data/lib/action_controller/log_subscriber.rb

@@ -1,10 +1,10 @@
-require 'active_support/core_ext/object/blank'
-
 module ActionController
   class LogSubscriber < ActiveSupport::LogSubscriber
     INTERNAL_PARAMS = %w(controller action format _method only_path)
 
     def start_processing(event)
+      return unless logger.info?
+
       payload = event.payload
       params  = payload[:params].except(*INTERNAL_PARAMS)
       format  = payload[:format]
@@ -15,44 +15,61 @@ module ActionController
     end
 
     def process_action(event)
-      payload   = event.payload
-      additions = ActionController::Base.log_process_action(payload)
+      info do
+        payload   = event.payload
+        additions = ActionController::Base.log_process_action(payload)
 
-      status = payload[:status]
-      if status.nil? && payload[:exception].present?
-        exception_class_name = payload[:exception].first
-        status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
+        status = payload[:status]
+        if status.nil? && payload[:exception].present?
+          exception_class_name = payload[:exception].first
+          status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
+        end
+        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << " (#{additions.join(" | ")})" unless additions.blank?
+        message
       end
-      message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{format_duration(event.duration)}"
-      message << " (#{additions.join(" | ")})" unless additions.blank?
-
-      info(message)
     end
 
     def halted_callback(event)
-      info "Filter chain halted as #{event.payload[:filter]} rendered or redirected"
+      info { "Filter chain halted as #{event.payload[:filter].inspect} rendered or redirected" }
     end
 
     def send_file(event)
-      info("Sent file #{event.payload[:path]} (#{format_duration(event.duration)})")
+      info { "Sent file #{event.payload[:path]} (#{event.duration.round(1)}ms)" }
     end
 
     def redirect_to(event)
-      info "Redirected to #{event.payload[:location]}"
+      info { "Redirected to #{event.payload[:location]}" }
     end
 
     def send_data(event)
-      info("Sent data #{event.payload[:filename]}  (#{format_duration(event.duration)})")
+      info { "Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)" }
+    end
+
+    def unpermitted_parameters(event)
+      debug do
+        unpermitted_keys = event.payload[:keys]
+        "Unpermitted parameter#{'s' if unpermitted_keys.size > 1}: #{unpermitted_keys.join(", ")}"
+      end
+    end
+
+    def deep_munge(event)
+      debug do
+        "Value for params[:#{event.payload[:keys].join('][:')}] was set "\
+        "to nil, because it was one of [], [null] or [null, null, ...]. "\
+        "Go to http://guides.rubyonrails.org/security.html#unsafe-query-generation "\
+        "for more information."\
+      end
     end
 
     %w(write_fragment read_fragment exist_fragment?
        expire_fragment expire_page write_page).each do |method|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1
         def #{method}(event)
+          return unless logger.info?
           key_or_path = event.payload[:key] || event.payload[:path]
           human_name  = #{method.to_s.humanize.inspect}
-          duration = format_duration(event.duration)
-          info("\#{human_name} \#{key_or_path} \#{duration}")
+          info("\#{human_name} \#{key_or_path} (\#{event.duration.round(1)}ms)")
         end
       METHOD
     end

data/lib/action_controller/metal/conditional_get.rb

@@ -1,3 +1,5 @@
+require 'active_support/core_ext/hash/keys'
+
 module ActionController
   module ConditionalGet
     extend ActiveSupport::Concern
@@ -5,25 +7,58 @@ module ActionController
     include RackDelegation
     include Head
 
-    # Sets the etag, last_modified, or both on the response and renders a
+    included do
+      class_attribute :etaggers
+      self.etaggers = []
+    end
+
+    module ClassMethods
+      # Allows you to consider additional controller-wide information when generating an ETag.
+      # For example, if you serve pages tailored depending on who's logged in at the moment, you
+      # may want to add the current user id to be part of the ETag to prevent authorized displaying
+      # of cached pages.
+      #
+      #   class InvoicesController < ApplicationController
+      #     etag { current_user.try :id }
+      #
+      #     def show
+      #       # Etag will differ even for the same invoice when it's viewed by a different current_user
+      #       @invoice = Invoice.find(params[:id])
+      #       fresh_when(@invoice)
+      #     end
+      #   end
+      def etag(&etagger)
+        self.etaggers += [etagger]
+      end
+    end
+
+    # Sets the +etag+, +last_modified+, or both on the response and renders a
     # <tt>304 Not Modified</tt> response if the request is already fresh.
     #
-    # Parameters:
-    # * <tt>:etag</tt>
-    # * <tt>:last_modified</tt>
-    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    # === Parameters:
+    #
+    # * <tt>:etag</tt>.
+    # * <tt>:last_modified</tt>.
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to
+    #   +true+ if you want your application to be cachable by other devices (proxy caches).
+    # * <tt>:template</tt> By default, the template digest for the current
+    #   controller/action is included in ETags. If the action renders a
+    #   different template, you can include its digest instead. If the action
+    #   doesn't render a template at all, you can pass <tt>template: false</tt>
+    #   to skip any attempt to check for a template digest.
     #
-    # Example:
+    # === Example:
     #
     #   def show
     #     @article = Article.find(params[:id])
-    #     fresh_when(:etag => @article, :last_modified => @article.created_at, :public => true)
+    #     fresh_when(etag: @article, last_modified: @article.created_at, public: true)
     #   end
     #
-    # This will render the show template if the request isn't sending a matching etag or
+    # This will render the show template if the request isn't sending a matching ETag or
     # If-Modified-Since header and just a <tt>304 Not Modified</tt> response if there's a match.
     #
-    # You can also just pass a record where last_modified will be set by calling updated_at and the etag by passing the object itself. Example:
+    # You can also just pass a record where +last_modified+ will be set by calling
+    # +updated_at+ and the +etag+ by passing the object itself.
     #
     #   def show
     #     @article = Article.find(params[:id])
@@ -34,40 +69,53 @@ module ActionController
     #
     #   def show
     #     @article = Article.find(params[:id])
-    #     fresh_when(@article, :public => true)
+    #     fresh_when(@article, public: true)
     #   end
+    #
+    # When rendering a different template than the default controller/action
+    # style, you can indicate which digest to include in the ETag:
+    #
+    #   before_action { fresh_when @article, template: 'widgets/show' }
+    #
     def fresh_when(record_or_options, additional_options = {})
       if record_or_options.is_a? Hash
         options = record_or_options
-        options.assert_valid_keys(:etag, :last_modified, :public)
+        options.assert_valid_keys(:etag, :last_modified, :public, :template)
       else
         record  = record_or_options
-        options = { :etag => record, :last_modified => record.try(:updated_at) }.merge(additional_options)
+        options = { etag: record, last_modified: record.try(:updated_at) }.merge!(additional_options)
       end
 
-      response.etag          = options[:etag]          if options[:etag]
-      response.last_modified = options[:last_modified] if options[:last_modified]
-      response.cache_control[:public] = true if options[:public]
+      response.etag          = combine_etags(options)   if options[:etag] || options[:template]
+      response.last_modified = options[:last_modified]  if options[:last_modified]
+      response.cache_control[:public] = true            if options[:public]
 
       head :not_modified if request.fresh?(response)
     end
 
-    # Sets the etag and/or last_modified on the response and checks it against
+    # Sets the +etag+ and/or +last_modified+ on the response and checks it against
     # the client request. If the request doesn't match the options provided, the
     # request is considered stale and should be generated from scratch. Otherwise,
     # it's fresh and we don't need to generate anything and a reply of <tt>304 Not Modified</tt> is sent.
     #
-    # Parameters:
-    # * <tt>:etag</tt>
-    # * <tt>:last_modified</tt>
-    # * <tt>:public</tt> By default the Cache-Control header is private, set this to true if you want your application to be cachable by other devices (proxy caches).
+    # === Parameters:
     #
-    # Example:
+    # * <tt>:etag</tt>.
+    # * <tt>:last_modified</tt>.
+    # * <tt>:public</tt> By default the Cache-Control header is private, set this to
+    #   +true+ if you want your application to be cachable by other devices (proxy caches).
+    # * <tt>:template</tt> By default, the template digest for the current
+    #   controller/action is included in ETags. If the action renders a
+    #   different template, you can include its digest instead. If the action
+    #   doesn't render a template at all, you can pass <tt>template: false</tt>
+    #   to skip any attempt to check for a template digest.
+    #
+    # === Example:
     #
     #   def show
     #     @article = Article.find(params[:id])
     #
-    #     if stale?(:etag => @article, :last_modified => @article.created_at)
+    #     if stale?(etag: @article, last_modified: @article.created_at)
     #       @statistics = @article.really_expensive_call
     #       respond_to do |format|
     #         # all the supported formats
@@ -75,7 +123,8 @@ module ActionController
     #     end
     #   end
     #
-    # You can also just pass a record where last_modified will be set by calling updated_at and the etag by passing the object itself. Example:
+    # You can also just pass a record where +last_modified+ will be set by calling
+    # +updated_at+ and the +etag+ by passing the object itself.
     #
     #   def show
     #     @article = Article.find(params[:id])
@@ -93,39 +142,59 @@ module ActionController
     #   def show
     #     @article = Article.find(params[:id])
     #
-    #     if stale?(@article, :public => true)
+    #     if stale?(@article, public: true)
     #       @statistics = @article.really_expensive_call
     #       respond_to do |format|
     #         # all the supported formats
     #       end
     #     end
     #   end
+    #
+    # When rendering a different template than the default controller/action
+    # style, you can indicate which digest to include in the ETag:
+    #
+    #   def show
+    #     super if stale? @article, template: 'widgets/show'
+    #   end
+    #
     def stale?(record_or_options, additional_options = {})
       fresh_when(record_or_options, additional_options)
       !request.fresh?(response)
     end
 
-    # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a <tt>private</tt> instruction, so that
-    # intermediate caches must not cache the response.
+    # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a +private+
+    # instruction, so that intermediate caches must not cache the response.
     #
-    # Examples:
     #   expires_in 20.minutes
-    #   expires_in 3.hours, :public => true
-    #   expires_in 3.hours, 'max-stale' => 5.hours, :public => true
+    #   expires_in 3.hours, public: true
+    #   expires_in 3.hours, public: true, must_revalidate: true
     #
     # This method will overwrite an existing Cache-Control header.
     # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.
-    def expires_in(seconds, options = {}) #:doc:
-      response.cache_control.merge!(:max_age => seconds, :public => options.delete(:public))
+    #
+    # The method will also ensure a HTTP Date header for client compatibility.
+    def expires_in(seconds, options = {})
+      response.cache_control.merge!(
+        :max_age         => seconds,
+        :public          => options.delete(:public),
+        :must_revalidate => options.delete(:must_revalidate)
+      )
       options.delete(:private)
 
       response.cache_control[:extras] = options.map {|k,v| "#{k}=#{v}"}
+      response.date = Time.now unless response.date?
     end
 
-    # Sets a HTTP 1.1 Cache-Control header of <tt>no-cache</tt> so no caching should occur by the browser or
-    # intermediate caches (like caching proxy servers).
-    def expires_now #:doc:
+    # Sets a HTTP 1.1 Cache-Control header of <tt>no-cache</tt> so no caching should
+    # occur by the browser or intermediate caches (like caching proxy servers).
+    def expires_now
       response.cache_control.replace(:no_cache => true)
     end
+
+    private
+      def combine_etags(options)
+        etags = etaggers.map { |etagger| instance_exec(options, &etagger) }.compact
+        etags.unshift options[:etag]
+      end
   end
 end

data/lib/action_controller/metal/data_streaming.rb

@@ -1,4 +1,3 @@
-require 'active_support/core_ext/file/path'
 require 'action_controller/metal/exceptions'
 
 module ActionController #:nodoc:
@@ -9,15 +8,13 @@ module ActionController #:nodoc:
 
     include ActionController::Rendering
 
-    DEFAULT_SEND_FILE_OPTIONS = {
-      :type         => 'application/octet-stream'.freeze,
-      :disposition  => 'attachment'.freeze,
-    }.freeze
+    DEFAULT_SEND_FILE_TYPE        = 'application/octet-stream'.freeze #:nodoc:
+    DEFAULT_SEND_FILE_DISPOSITION = 'attachment'.freeze #:nodoc:
 
     protected
       # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
       # via the Rack::Sendfile middleware. The header to use is set via
-      # config.action_dispatch.x_sendfile_header.
+      # +config.action_dispatch.x_sendfile_header+.
       # Your server can also configure this for you by setting the X-Sendfile-Type header.
       #
       # Be careful to sanitize the path parameter if it is coming from a web
@@ -50,11 +47,11 @@ module ActionController #:nodoc:
       #
       # Show a JPEG in the browser:
       #
-      #   send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
+      #   send_file '/path/to.jpeg', type: 'image/jpeg', disposition: 'inline'
       #
       # Show a 404 page in the browser:
       #
-      #   send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
+      #   send_file '/path/to/404.html', type: 'text/html; charset=utf-8', status: 404
       #
       # Read about the other Content-* HTTP headers if you'd like to
       # provide the user with more information (such as Content-Description) in
@@ -99,7 +96,7 @@ module ActionController #:nodoc:
       end
 
       # Sends the given binary data to the browser. This method is similar to
-      # <tt>render :text => data</tt>, but also allows you to specify whether
+      # <tt>render plain: data</tt>, but also allows you to specify whether
       # the browser should display the response as a file attachment (i.e. in a
       # download dialog) or as inline data. You may also set the content type,
       # the apparent file name, and other things.
@@ -120,15 +117,15 @@ module ActionController #:nodoc:
       #
       # Download a dynamically-generated tarball:
       #
-      #   send_data generate_tgz('dir'), :filename => 'dir.tgz'
+      #   send_data generate_tgz('dir'), filename: 'dir.tgz'
       #
       # Display an image Active Record in the browser:
       #
-      #   send_data image.data, :type => image.content_type, :disposition => 'inline'
+      #   send_data image.data, type: image.content_type, disposition: 'inline'
       #
       # See +send_file+ for more information on HTTP Content-* headers and caching.
       def send_data(data, options = {}) #:doc:
-        send_file_headers! options.dup
+        send_file_headers! options
         render options.slice(:status, :content_type).merge(:text => data)
       end
 
@@ -136,15 +133,8 @@ module ActionController #:nodoc:
       def send_file_headers!(options)
         type_provided = options.has_key?(:type)
 
-        options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options))
-        [:type, :disposition].each do |arg|
-          raise ArgumentError, ":#{arg} option required" if options[arg].nil?
-        end
-
-        disposition = options[:disposition].to_s
-        disposition += %(; filename="#{options[:filename]}") if options[:filename]
-
-        content_type = options[:type]
+        content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
+        raise ArgumentError, ":type option required" if content_type.nil?
 
         if content_type.is_a?(Symbol)
           extension = Mime[content_type]
@@ -153,15 +143,19 @@ module ActionController #:nodoc:
         else
           if !type_provided && options[:filename]
             # If type wasn't provided, try guessing from file extension.
-            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.tr('.','')) || content_type
+            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete('.')) || content_type
           end
           self.content_type = content_type
         end
 
-        headers.merge!(
-          'Content-Disposition'       => disposition,
-          'Content-Transfer-Encoding' => 'binary'
-        )
+        disposition = options.fetch(:disposition, DEFAULT_SEND_FILE_DISPOSITION)
+        unless disposition.nil?
+          disposition  = disposition.to_s
+          disposition += %(; filename="#{options[:filename]}") if options[:filename]
+          headers['Content-Disposition'] = disposition
+        end
+
+        headers['Content-Transfer-Encoding'] = 'binary'
 
         response.sending_file = true
 

data/lib/action_controller/metal/etag_with_template_digest.rb

@@ -0,0 +1,50 @@
+module ActionController
+  # When our views change, they should bubble up into HTTP cache freshness
+  # and bust browser caches. So the template digest for the current action
+  # is automatically included in the ETag.
+  #
+  # Enabled by default for apps that use Action View. Disable by setting
+  #
+  #   config.action_controller.etag_with_template_digest = false
+  #
+  # Override the template to digest by passing +:template+ to +fresh_when+
+  # and +stale?+ calls. For example:
+  #
+  #   # We're going to render widgets/show, not posts/show
+  #   fresh_when @post, template: 'widgets/show'
+  #
+  #   # We're not going to render a template, so omit it from the ETag.
+  #   fresh_when @post, template: false
+  #
+  module EtagWithTemplateDigest
+    extend ActiveSupport::Concern
+
+    include ActionController::ConditionalGet
+
+    included do
+      class_attribute :etag_with_template_digest
+      self.etag_with_template_digest = true
+
+      ActiveSupport.on_load :action_view, yield: true do |action_view_base|
+        etag do |options|
+          determine_template_etag(options) if etag_with_template_digest
+        end
+      end
+    end
+
+    private
+    def determine_template_etag(options)
+      if template = pick_template_for_etag(options)
+        lookup_and_digest_template(template)
+      end
+    end
+
+    def pick_template_for_etag(options)
+      options.fetch(:template) { "#{controller_name}/#{action_name}" }
+    end
+
+    def lookup_and_digest_template(template)
+      ActionView::Digestor.digest name: template, finder: lookup_context
+    end
+  end
+end

data/lib/action_controller/metal/exceptions.rb

@@ -2,6 +2,18 @@ module ActionController
   class ActionControllerError < StandardError #:nodoc:
   end
 
+  class BadRequest < ActionControllerError #:nodoc:
+    attr_reader :original_exception
+
+    def initialize(type = nil, e = nil)
+      return super() unless type && e
+
+      super("Invalid #{type} parameters: #{e.message}")
+      @original_exception = e
+      set_backtrace e.backtrace
+    end
+  end
+
   class RenderError < ActionControllerError #:nodoc:
   end
 
@@ -13,9 +25,10 @@ module ActionController
     end
   end
 
-  class MethodNotAllowed < ActionControllerError #:nodoc:
-    attr_reader :allowed_methods
+  class ActionController::UrlGenerationError < ActionControllerError #:nodoc:
+  end
 
+  class MethodNotAllowed < ActionControllerError #:nodoc:
     def initialize(*allowed_methods)
       super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.")
     end
@@ -30,9 +43,6 @@ module ActionController
   class MissingFile < ActionControllerError #:nodoc:
   end
 
-  class RenderError < ActionControllerError #:nodoc:
-  end
-
   class SessionOverflowError < ActionControllerError #:nodoc:
     DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.'
 
@@ -43,4 +53,7 @@ module ActionController
 
   class UnknownHttpMethod < ActionControllerError #:nodoc:
   end
-end
+
+  class UnknownFormat < ActionControllerError #:nodoc:
+  end
+end