actionpack 3.2.22.5 → 4.0.0.beta1

data/lib/action_dispatch/journey/visitors.rb

@@ -0,0 +1,189 @@
+# encoding: utf-8
+module ActionDispatch
+  module Journey # :nodoc:
+    module Visitors # :nodoc:
+      class Visitor # :nodoc:
+        DISPATCH_CACHE = Hash.new { |h,k|
+          h[k] = "visit_#{k}"
+        }
+
+        def accept(node)
+          visit(node)
+        end
+
+        private
+
+          def visit node
+            send(DISPATCH_CACHE[node.type], node)
+          end
+
+          def binary(node)
+            visit(node.left)
+            visit(node.right)
+          end
+          def visit_CAT(n); binary(n); end
+
+          def nary(node)
+            node.children.each { |c| visit(c) }
+          end
+          def visit_OR(n); nary(n); end
+
+          def unary(node)
+            visit(node.left)
+          end
+          def visit_GROUP(n); unary(n); end
+          def visit_STAR(n); unary(n); end
+
+          def terminal(node); end
+          %w{ LITERAL SYMBOL SLASH DOT }.each do |t|
+            class_eval %{ def visit_#{t}(n); terminal(n); end }, __FILE__, __LINE__
+          end
+      end
+
+      # Loop through the requirements AST
+      class Each < Visitor # :nodoc:
+        attr_reader :block
+
+        def initialize(block)
+          @block = block
+        end
+
+        def visit(node)
+          super
+          block.call(node)
+        end
+      end
+
+      class String < Visitor # :nodoc:
+        private
+
+        def binary(node)
+          [visit(node.left), visit(node.right)].join
+        end
+
+        def nary(node)
+          node.children.map { |c| visit(c) }.join '|'
+        end
+
+        def terminal(node)
+          node.left
+        end
+
+        def visit_GROUP(node)
+          "(#{visit(node.left)})"
+        end
+      end
+
+      # Used for formatting urls (url_for)
+      class Formatter < Visitor # :nodoc:
+        attr_reader :options, :consumed
+
+        def initialize(options)
+          @options  = options
+          @consumed = {}
+        end
+
+        private
+
+          def visit_GROUP(node)
+            if consumed == options
+              nil
+            else
+              route = visit(node.left)
+              route.include?("\0") ? nil : route
+            end
+          end
+
+          def terminal(node)
+            node.left
+          end
+
+          def binary(node)
+            [visit(node.left), visit(node.right)].join
+          end
+
+          def nary(node)
+            node.children.map { |c| visit(c) }.join
+          end
+
+          def visit_SYMBOL(node)
+            key = node.to_sym
+
+            if value = options[key]
+              consumed[key] = value
+              Router::Utils.escape_path(value)
+            else
+              "\0"
+            end
+          end
+      end
+
+      class Dot < Visitor # :nodoc:
+        def initialize
+          @nodes = []
+          @edges = []
+        end
+
+        def accept(node)
+          super
+          <<-eodot
+  digraph parse_tree {
+    size="8,5"
+    node [shape = none];
+    edge [dir = none];
+    #{@nodes.join "\n"}
+    #{@edges.join("\n")}
+  }
+          eodot
+        end
+
+        private
+
+          def binary(node)
+            node.children.each do |c|
+              @edges << "#{node.object_id} -> #{c.object_id};"
+            end
+            super
+          end
+
+          def nary(node)
+            node.children.each do |c|
+              @edges << "#{node.object_id} -> #{c.object_id};"
+            end
+            super
+          end
+
+          def unary(node)
+            @edges << "#{node.object_id} -> #{node.left.object_id};"
+            super
+          end
+
+          def visit_GROUP(node)
+            @nodes << "#{node.object_id} [label=\"()\"];"
+            super
+          end
+
+          def visit_CAT(node)
+            @nodes << "#{node.object_id} [label=\"○\"];"
+            super
+          end
+
+          def visit_STAR(node)
+            @nodes << "#{node.object_id} [label=\"*\"];"
+            super
+          end
+
+          def visit_OR(node)
+            @nodes << "#{node.object_id} [label=\"|\"];"
+            super
+          end
+
+          def terminal(node)
+            value = node.left
+
+            @nodes << "#{node.object_id} [label=\"#{value}\"];"
+          end
+      end
+    end
+  end
+end

data/lib/action_dispatch/journey/visualizer/fsm.css

@@ -0,0 +1,34 @@
+body {
+  font-family: "Helvetica Neue", Helvetica, Arial, Sans-Serif;
+  margin: 0;
+}
+
+h1 {
+  font-size: 2.0em; font-weight: bold; text-align: center;
+  color: white; background-color: black;
+  padding: 5px 0;
+  margin: 0 0 20px;
+}
+
+h2 {
+  text-align: center;
+  display: none;
+  font-size: 0.5em;
+}
+
+div#chart-2 {
+  height: 350px;
+}
+
+.clearfix {display: inline-block; }
+.input { overflow: show;}
+.instruction { color: #666; padding: 0 30px 20px; font-size: 0.9em}
+.instruction p { padding: 0 0 5px; }
+.instruction li { padding: 0 10px 5px; }
+
+.form { background: #EEE; padding: 20px 30px; border-radius: 5px; margin-left: auto; margin-right: auto; width: 500px; margin-bottom: 20px}
+.form p, .form form { text-align: center }
+.form form {padding: 0 10px 5px; }
+.form .fun_routes { font-size: 0.9em;}
+.form .fun_routes a { margin: 0 5px 0 0; }
+

data/lib/action_dispatch/journey/visualizer/fsm.js

@@ -0,0 +1,134 @@
+function tokenize(input, callback) {
+  while(input.length > 0) {
+    callback(input.match(/^[\/\.\?]|[^\/\.\?]+/)[0]);
+    input = input.replace(/^[\/\.\?]|[^\/\.\?]+/, '');
+  }
+}
+
+var graph = d3.select("#chart-2 svg");
+var svg_edges = {};
+var svg_nodes = {};
+
+graph.selectAll("g.edge").each(function() {
+  var node  = d3.select(this);
+  var index = node.select("title").text().split("->");
+  var left  = parseInt(index[0]);
+  var right = parseInt(index[1]);
+
+  if(!svg_edges[left]) { svg_edges[left] = {} }
+  svg_edges[left][right] = node;
+});
+
+graph.selectAll("g.node").each(function() {
+  var node  = d3.select(this);
+  var index = parseInt(node.select("title").text());
+  svg_nodes[index] = node;
+});
+
+function reset_graph() {
+  for(var key in svg_edges) {
+    for(var mkey in svg_edges[key]) {
+      var node = svg_edges[key][mkey];
+      var path = node.select("path");
+      var arrow = node.select("polygon");
+      path.style("stroke", "black");
+      arrow.style("stroke", "black").style("fill", "black");
+    }
+  }
+
+  for(var key in svg_nodes) {
+    var node = svg_nodes[key];
+    node.select('ellipse').style("fill", "white");
+    node.select('polygon').style("fill", "white");
+  }
+  return false;
+}
+
+function highlight_edge(from, to) {
+  var node = svg_edges[from][to];
+  var path = node.select("path");
+  var arrow = node.select("polygon");
+
+  path
+    .transition().duration(500)
+    .style("stroke", "green");
+
+  arrow
+    .transition().duration(500)
+    .style("stroke", "green").style("fill", "green");
+}
+
+function highlight_state(index, color) {
+  if(!color) { color = "green"; }
+
+  svg_nodes[index].select('ellipse')
+    .style("fill", "white")
+    .transition().duration(500)
+    .style("fill", color);
+}
+
+function highlight_finish(index) {
+  svg_nodes[index].select('polygon')
+    .style("fill", "while")
+    .transition().duration(500)
+    .style("fill", "blue");
+}
+
+function match(input) {
+  reset_graph();
+  var table         = tt();
+  var states        = [0];
+  var regexp_states = table['regexp_states'];
+  var string_states = table['string_states'];
+  var accepting     = table['accepting'];
+
+  highlight_state(0);
+
+  tokenize(input, function(token) {
+    var new_states = [];
+    for(var key in states) {
+      var state = states[key];
+
+      if(string_states[state] && string_states[state][token]) {
+        var new_state = string_states[state][token];
+        highlight_edge(state, new_state);
+        highlight_state(new_state);
+        new_states.push(new_state);
+      }
+
+      if(regexp_states[state]) {
+        for(var key in regexp_states[state]) {
+          var re = new RegExp("^" + key + "$");
+          if(re.test(token)) {
+            var new_state = regexp_states[state][key];
+            highlight_edge(state, new_state);
+            highlight_state(new_state);
+            new_states.push(new_state);
+          }
+        }
+      }
+    }
+
+    if(new_states.length == 0) {
+      return;
+    }
+    states = new_states;
+  });
+
+  for(var key in states) {
+    var state = states[key];
+    if(accepting[state]) {
+      for(var mkey in svg_edges[state]) {
+        if(!regexp_states[mkey] && !string_states[mkey]) {
+          highlight_edge(state, mkey);
+          highlight_finish(mkey);
+        }
+      }
+    } else {
+      highlight_state(state, "red");
+    }
+  }
+
+  return false;
+}
+

data/lib/action_dispatch/journey/visualizer/index.html.erb

@@ -0,0 +1,52 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%= title %></title>
+    <link rel="stylesheet" href="https://raw.github.com/gist/1706081/af944401f75ea20515a02ddb3fb43d23ecb8c662/reset.css" type="text/css">
+    <style>
+      <% stylesheets.each do |style| %>
+        <%= style %>
+      <% end %>
+    </style>
+    <script src="https://raw.github.com/gist/1706081/df464722a05c3c2bec450b7b5c8240d9c31fa52d/d3.min.js" type="text/javascript"></script>
+  </head>
+  <body>
+    <div id="wrapper">
+      <h1>Routes FSM with NFA simulation</h1>
+      <div class="instruction form">
+        <p>
+        Type a route in to the box and click "simulate".
+        </p>
+        <form onsubmit="return match(this.route.value);">
+          <input type="text" size="30" name="route" value="/articles/new" />
+          <button>simulate</button>
+          <input type="reset" value="reset" onclick="return reset_graph();"/>
+        </form>
+        <p class="fun_routes">
+          Some fun routes to try:
+          <% fun_routes.each do |path| %>
+             <a href="#" onclick="document.forms[0].elements[0].value=this.text.replace(/^\s+|\s+$/g,''); return match(this.text.replace(/^\s+|\s+$/g,''));">
+               <%= path %>
+             </a>
+          <% end %>
+        </p>
+      </div>
+      <div class='chart' id='chart-2'>
+        <%= svg %>
+      </div>
+      <div class="instruction">
+        <p>
+        This is a FSM for a system that has the following routes:
+        </p>
+        <ul>
+          <% paths.each do |route| %>
+            <li><%= route %></li>
+          <% end %>
+        </ul>
+      </div>
+    </div>
+    <% javascripts.each do |js| %>
+      <script><%= js %></script>
+    <% end %>
+  </body>
+</html>

data/lib/action_dispatch/middleware/callbacks.rb

@@ -1,11 +1,10 @@
-require 'active_support/core_ext/module/delegation'
 
 module ActionDispatch
   # Provide callbacks to be executed before and after the request dispatch.
   class Callbacks
     include ActiveSupport::Callbacks
 
-    define_callbacks :call, :rescuable => true
+    define_callbacks :call
 
     class << self
       delegate :to_prepare, :to_cleanup, :to => "ActionDispatch::Reloader"
@@ -24,9 +23,15 @@ module ActionDispatch
     end
 
     def call(env)
-      run_callbacks :call do
-        @app.call(env)
+      error = nil
+      result = run_callbacks :call do
+        begin
+          @app.call(env)
+        rescue => error
+        end
       end
+      raise error if error
+      result
     end
   end
 end

data/lib/action_dispatch/middleware/cookies.rb

@@ -1,9 +1,10 @@
-require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/key_generator'
+require 'active_support/message_verifier'
 
 module ActionDispatch
-  class Request
+  class Request < Rack::Request
     def cookie_jar
       env['action_dispatch.cookies'] ||= Cookies::CookieJar.build(self)
     end
@@ -15,7 +16,7 @@ module ActionDispatch
   # being written will be sent out with the response. Reading a cookie does not get
   # the cookie object itself back, just the value it holds.
   #
-  # Examples for writing:
+  # Examples of writing:
   #
   #   # Sets a simple session cookie.
   #   # This cookie will be deleted when the user's browser is closed.
@@ -25,11 +26,11 @@ module ActionDispatch
   #   cookies[:lat_lon] = [47.68, -122.37]
   #
   #   # Sets a cookie that expires in 1 hour.
-  #   cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }
+  #   cookies[:login] = { value: "XJ-122", expires: 1.hour.from_now }
   #
-  #   # Sets a signed cookie, which prevents a user from tampering with its value.
-  #   # The cookie is signed by your app's <tt>config.secret_token</tt> value.
-  #   # Rails generates this value by default when you create a new Rails app.
+  #   # Sets a signed cookie, which prevents users from tampering with its value.
+  #   # The cookie is signed by your app's <tt>config.secret_key_base</tt> value.
+  #   # It can be read using the signed method <tt>cookies.signed[:key]</tt>
   #   cookies.signed[:user_id] = current_user.id
   #
   #   # Sets a "permanent" cookie (which expires in 20 years from now).
@@ -38,11 +39,12 @@ module ActionDispatch
   #   # You can also chain these methods:
   #   cookies.permanent.signed[:login] = "XJ-122"
   #
-  # Examples for reading:
+  # Examples of reading:
   #
-  #   cookies[:user_name] # => "david"
-  #   cookies.size        # => 2
-  #   cookies[:lat_lon]   # => [47.68, -122.37]
+  #   cookies[:user_name]    # => "david"
+  #   cookies.size           # => 2
+  #   cookies[:lat_lon]      # => [47.68, -122.37]
+  #   cookies.signed[:login] # => "XJ-122"
   #
   # Example for deleting:
   #
@@ -51,12 +53,12 @@ module ActionDispatch
   # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
   #
   #  cookies[:key] = {
-  #    :value => 'a yummy cookie',
-  #    :expires => 1.year.from_now,
-  #    :domain => 'domain.com'
+  #    value: 'a yummy cookie',
+  #    expires: 1.year.from_now,
+  #    domain: 'domain.com'
   #  }
   #
-  #  cookies.delete(:key, :domain => 'domain.com')
+  #  cookies.delete(:key, domain: 'domain.com')
   #
   # The option symbols for setting cookies are:
   #
@@ -69,8 +71,8 @@ module ActionDispatch
   #   to <tt>:all</tt>. Make sure to specify the <tt>:domain</tt> option with
   #   <tt>:all</tt> again when deleting keys.
   #
-  #     :domain => nil  # Does not sets cookie domain. (default)
-  #     :domain => :all # Allow the cookie for the top most level
+  #     domain: nil  # Does not sets cookie domain. (default)
+  #     domain: :all # Allow the cookie for the top most level
   #                       domain and subdomains.
   #
   # * <tt>:expires</tt> - The time at which this cookie expires, as a \Time object.
@@ -79,11 +81,18 @@ module ActionDispatch
   # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
   #   only HTTP. Defaults to +false+.
   class Cookies
-    HTTP_HEADER = "Set-Cookie".freeze
+    HTTP_HEADER   = "Set-Cookie".freeze
+    GENERATOR_KEY = "action_dispatch.key_generator".freeze
+    SIGNED_COOKIE_SALT = "action_dispatch.signed_cookie_salt".freeze
+    ENCRYPTED_COOKIE_SALT = "action_dispatch.encrypted_cookie_salt".freeze
+    ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze
     TOKEN_KEY   = "action_dispatch.secret_token".freeze
 
+    # Cookies can typically store 4096 bytes.
+    MAX_COOKIE_SIZE = 4096
+
     # Raised when storing more than 4K of session data.
-    class CookieOverflow < StandardError; end
+    CookieOverflow = Class.new StandardError
 
     class CookieJar #:nodoc:
       include Enumerable
@@ -102,23 +111,33 @@ module ActionDispatch
       # $& => example.local
       DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
 
+      def self.options_for_env(env) #:nodoc:
+        { signed_cookie_salt: env[SIGNED_COOKIE_SALT] || '',
+          encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT] || '',
+          encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '',
+          token_key: env[TOKEN_KEY] }
+      end
+
       def self.build(request)
-        secret = request.env[TOKEN_KEY]
+        env = request.env
+        key_generator = env[GENERATOR_KEY]
+        options = options_for_env env
+
         host = request.host
         secure = request.ssl?
 
-        new(secret, host, secure).tap do |hash|
+        new(key_generator, host, secure, options).tap do |hash|
           hash.update(request.cookies)
         end
       end
 
-      def initialize(secret = nil, host = nil, secure = false)
-        @secret = secret
+      def initialize(key_generator, host = nil, secure = false, options = {})
+        @key_generator = key_generator
         @set_cookies = {}
         @delete_cookies = {}
         @host = host
         @secure = secure
-        @closed = false
+        @options = options
         @cookies = {}
       end
 
@@ -131,6 +150,10 @@ module ActionDispatch
         @cookies[name.to_s]
       end
 
+      def fetch(name, *args, &block)
+        @cookies.fetch(name.to_s, *args, &block)
+      end
+
       def key?(name)
         @cookies.key?(name.to_s)
       end
@@ -155,7 +178,7 @@ module ActionDispatch
           end
         elsif options[:domain].is_a? Array
           # if host matches one of the supplied domains without a dot in front of it
-          options[:domain] = options[:domain].find {|domain| @host.include? domain[/^\.?(.*)$/, 1] }
+          options[:domain] = options[:domain].find {|domain| @host.include? domain.sub(/^\./, '') }
         end
       end
 
@@ -185,8 +208,9 @@ module ActionDispatch
       # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in
       # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
       def delete(key, options = {})
-        options.symbolize_keys!
+        return unless @cookies.has_key? key.to_s
 
+        options.symbolize_keys!
         handle_options(options)
 
         value = @cookies.delete(key.to_s)
@@ -194,6 +218,15 @@ module ActionDispatch
         value
       end
 
+      # Whether the given cookie is to be deleted by this CookieJar.
+      # Like <tt>[]=</tt>, you can pass in an options hash to test if a
+      # deletion applies to a specific <tt>:path</tt>, <tt>:domain</tt> etc.
+      def deleted?(key, options = {})
+        options.symbolize_keys!
+        handle_options(options)
+        @delete_cookies[key.to_s] == options
+      end
+
       # Removes all cookies on the client machine by calling <tt>delete</tt> for each cookie
       def clear(options = {})
         @cookies.each_key{ |k| delete(k, options) }
@@ -211,7 +244,7 @@ module ActionDispatch
       #   cookies.permanent.signed[:remember_me] = current_user.id
       #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
-        @permanent ||= PermanentCookieJar.new(self, @secret)
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
       end
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -219,7 +252,7 @@ module ActionDispatch
       # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
       # be raised.
       #
-      # This jar requires that you set a suitable secret for the verification on your app's config.secret_token.
+      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
       #
       # Example:
       #
@@ -228,7 +261,28 @@ module ActionDispatch
       #
       #   cookies.signed[:discount] # => 45
       def signed
-        @signed ||= SignedCookieJar.new(self, @secret)
+        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
+      end
+
+      # Only needed for supporting the +UpgradeSignatureToEncryptionCookieStore+, users and plugin authors should not use this
+      def signed_using_old_secret #:nodoc:
+        @signed_using_old_secret ||= SignedCookieJar.new(self, ActiveSupport::DummyKeyGenerator.new(@options[:token_key]), @options)
+      end
+
+      # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
+      # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
+      # will be raised.
+      #
+      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
+      #
+      # Example:
+      #
+      #   cookies.encrypted[:discount] = 45
+      #   # => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
+      #
+      #   cookies.encrypted[:discount] # => 45
+      def encrypted
+        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
       end
 
       def write(headers)
@@ -251,9 +305,15 @@ module ActionDispatch
         end
     end
 
-    class PermanentCookieJar < CookieJar #:nodoc:
-      def initialize(parent_jar, secret)
-        @parent_jar, @secret = parent_jar, secret
+    class PermanentCookieJar #:nodoc:
+      def initialize(parent_jar, key_generator, options = {})
+        @parent_jar = parent_jar
+        @key_generator = key_generator
+        @options = options
+      end
+
+      def [](key)
+        @parent_jar[name.to_s]
       end
 
       def []=(key, options)
@@ -267,22 +327,29 @@ module ActionDispatch
         @parent_jar[key] = options
       end
 
+      def permanent
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+      end
+
       def signed
-        @signed ||= SignedCookieJar.new(self, @secret)
+        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
+      end
+
+      def encrypted
+        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
       end
 
       def method_missing(method, *arguments, &block)
-        @parent_jar.send(method, *arguments, &block)
+        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
+          "You probably want to try this method over the parent CookieJar."
       end
     end
 
-    class SignedCookieJar < CookieJar #:nodoc:
-      MAX_COOKIE_SIZE = 4096 # Cookies can typically store 4096 bytes.
-      SECRET_MIN_LENGTH = 30 # Characters
-
-      def initialize(parent_jar, secret)
-        ensure_secret_secure(secret)
+    class SignedCookieJar #:nodoc:
+      def initialize(parent_jar, key_generator, options = {})
         @parent_jar = parent_jar
+        @options = options
+        secret = key_generator.generate_key(@options[:signed_cookie_salt])
         @verifier   = ActiveSupport::MessageVerifier.new(secret)
       end
 
@@ -306,29 +373,74 @@ module ActionDispatch
         @parent_jar[key] = options
       end
 
+      def permanent
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+      end
+
+      def signed
+        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
+      end
+
+      def encrypted
+        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
+      end
+
       def method_missing(method, *arguments, &block)
-        @parent_jar.send(method, *arguments, &block)
+        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
+          "You probably want to try this method over the parent CookieJar."
       end
+    end
+
+    class EncryptedCookieJar #:nodoc:
+      def initialize(parent_jar, key_generator, options = {})
+        if ActiveSupport::DummyKeyGenerator === key_generator
+          raise "Encrypted Cookies must be used in conjunction with config.secret_key_base." +
+                "Set config.secret_key_base in config/initializers/secret_token.rb"
+        end
 
-    protected
+        @parent_jar = parent_jar
+        @options = options
+        secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
+        sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
+        @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
+      end
 
-      # To prevent users from using something insecure like "Password" we make sure that the
-      # secret they've provided is at least 30 characters in length.
-      def ensure_secret_secure(secret)
-        if secret.blank?
-          raise ArgumentError, "A secret is required to generate an " +
-            "integrity hash for cookie session data. Use " +
-            "config.secret_token = \"some secret phrase of at " +
-            "least #{SECRET_MIN_LENGTH} characters\"" +
-            "in config/initializers/secret_token.rb"
+      def [](key)
+        if encrypted_message = @parent_jar[key]
+          @encryptor.decrypt_and_verify(encrypted_message)
         end
+      rescue ActiveSupport::MessageVerifier::InvalidSignature,
+             ActiveSupport::MessageEncryptor::InvalidMessage
+        nil
+      end
 
-        if secret.length < SECRET_MIN_LENGTH
-          raise ArgumentError, "Secret should be something secure, " +
-            "like \"#{SecureRandom.hex(16)}\". The value you " +
-            "provided, \"#{secret}\", is shorter than the minimum length " +
-            "of #{SECRET_MIN_LENGTH} characters"
+      def []=(key, options)
+        if options.is_a?(Hash)
+          options.symbolize_keys!
+        else
+          options = { :value => options }
         end
+        options[:value] = @encryptor.encrypt_and_sign(options[:value])
+
+        raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
+        @parent_jar[key] = options
+      end
+
+      def permanent
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+      end
+
+      def signed
+        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
+      end
+
+      def encrypted
+        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
+      end
+
+      def method_missing(method, *arguments, &block)
+        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
+          "You probably want to try this method over the parent CookieJar."
       end
     end
 
@@ -337,7 +449,6 @@ module ActionDispatch
     end
 
     def call(env)
-      cookie_jar = nil
       status, headers, body = @app.call(env)
 
       if cookie_jar = env['action_dispatch.cookies']