actionpack 3.2.22.5 → 4.0.0.beta1

data/lib/action_dispatch/middleware/session/mem_cache_store.rb

@@ -1,14 +1,19 @@
 require 'action_dispatch/middleware/session/abstract_store'
-require 'rack/session/memcache'
+begin
+  require 'rack/session/dalli'
+rescue LoadError => e
+  $stderr.puts "You don't have dalli installed in your application. Please add it to your Gemfile and run bundle install"
+  raise e
+end
 
 module ActionDispatch
   module Session
-    class MemCacheStore < Rack::Session::Memcache
+    class MemCacheStore < Rack::Session::Dalli
       include Compatibility
       include StaleSessionCheck
+      include SessionObject
 
       def initialize(app, options = {})
-        require 'memcache'
         options[:expire_after] ||= options[:expires]
         super
       end

data/lib/action_dispatch/middleware/show_exceptions.rb

@@ -1,73 +1,40 @@
 require 'action_dispatch/http/request'
 require 'action_dispatch/middleware/exception_wrapper'
-require 'active_support/deprecation'
 
 module ActionDispatch
   # This middleware rescues any exception returned by the application
   # and calls an exceptions app that will wrap it in a format for the end user.
   #
   # The exceptions app should be passed as parameter on initialization
-  # of ShowExceptions. Everytime there is an exception, ShowExceptions will
+  # of ShowExceptions. Every time there is an exception, ShowExceptions will
   # store the exception in env["action_dispatch.exception"], rewrite the
   # PATH_INFO to the exception status code and call the rack app.
-  # 
+  #
   # If the application returns a "X-Cascade" pass response, this middleware
   # will send an empty response as result with the correct status code.
   # If any exception happens inside the exceptions app, this middleware
   # catches the exceptions and returns a FAILSAFE_RESPONSE.
   class ShowExceptions
-    FAILSAFE_RESPONSE = [500, {'Content-Type' => 'text/html'},
-      ["<html><body><h1>500 Internal Server Error</h1>" <<
-       "If you are the administrator of this website, then please read this web " <<
-       "application's log file and/or the web server's log file to find out what " <<
-       "went wrong.</body></html>"]]
-
-    class << self
-      def rescue_responses
-        ActiveSupport::Deprecation.warn "ActionDispatch::ShowExceptions.rescue_responses is deprecated. " \
-          "Please configure your exceptions using a railtie or in your application config instead."
-        ExceptionWrapper.rescue_responses
-      end
-
-      def rescue_templates
-        ActiveSupport::Deprecation.warn "ActionDispatch::ShowExceptions.rescue_templates is deprecated. " \
-          "Please configure your exceptions using a railtie or in your application config instead."
-        ExceptionWrapper.rescue_templates
-      end
-    end
-
-    def initialize(app, exceptions_app = nil)
-      if [true, false].include?(exceptions_app)
-        ActiveSupport::Deprecation.warn "Passing consider_all_requests_local option to ActionDispatch::ShowExceptions middleware no longer works"
-        exceptions_app = nil
-      end
-
-      if exceptions_app.nil?
-        raise ArgumentError, "You need to pass an exceptions_app when initializing ActionDispatch::ShowExceptions. " \
-          "In case you want to render pages from a public path, you can use ActionDispatch::PublicExceptions.new('path/to/public')"
-      end
+    FAILSAFE_RESPONSE = [500, { 'Content-Type' => 'text/plain' },
+      ["500 Internal Server Error\n" \
+       "If you are the administrator of this website, then please read this web " \
+       "application's log file and/or the web server's log file to find out what " \
+       "went wrong."]]
 
+    def initialize(app, exceptions_app)
       @app = app
       @exceptions_app = exceptions_app
     end
 
     def call(env)
-      begin
-        response  = @app.call(env)
-      rescue Exception => exception
-        raise exception if env['action_dispatch.show_exceptions'] == false
-      end
-
-      response || render_exception(env, exception)
+      @app.call(env)
+    rescue Exception => exception
+      raise exception if env['action_dispatch.show_exceptions'] == false
+      render_exception(env, exception)
     end
 
     private
 
-    # Define this method because some plugins were monkey patching it.
-    # Remove this after 3.2 is out with the other deprecations in this class.
-    def status_code(*)
-    end
-
     def render_exception(env, exception)
       wrapper = ExceptionWrapper.new(env, exception)
       status  = wrapper.status_code

data/lib/action_dispatch/middleware/ssl.rb

@@ -0,0 +1,70 @@
+module ActionDispatch
+  class SSL
+    YEAR = 31536000
+
+    def self.default_hsts_options
+      { :expires => YEAR, :subdomains => false }
+    end
+
+    def initialize(app, options = {})
+      @app = app
+
+      @hsts = options.fetch(:hsts, {})
+      @hsts = {} if @hsts == true
+      @hsts = self.class.default_hsts_options.merge(@hsts) if @hsts
+
+      @host    = options[:host]
+      @port    = options[:port]
+    end
+
+    def call(env)
+      request = Request.new(env)
+
+      if request.ssl?
+        status, headers, body = @app.call(env)
+        headers = hsts_headers.merge(headers)
+        flag_cookies_as_secure!(headers)
+        [status, headers, body]
+      else
+        redirect_to_https(request)
+      end
+    end
+
+    private
+      def redirect_to_https(request)
+        url        = URI(request.url)
+        url.scheme = "https"
+        url.host   = @host if @host
+        url.port   = @port if @port
+        headers    = hsts_headers.merge('Content-Type' => 'text/html',
+                                        'Location'     => url.to_s)
+
+        [301, headers, []]
+      end
+
+      # http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02
+      def hsts_headers
+        if @hsts
+          value = "max-age=#{@hsts[:expires].to_i}"
+          value += "; includeSubDomains" if @hsts[:subdomains]
+          { 'Strict-Transport-Security' => value }
+        else
+          {}
+        end
+      end
+
+      def flag_cookies_as_secure!(headers)
+        if cookies = headers['Set-Cookie']
+          cookies = cookies.split("\n")
+
+          headers['Set-Cookie'] = cookies.map { |cookie|
+            if cookie !~ /;\s+secure(;|$)/
+              "#{cookie}; secure"
+            else
+              cookie
+            end
+          }.join("\n")
+        end
+      end
+  end
+end

data/lib/action_dispatch/middleware/stack.rb

@@ -75,6 +75,11 @@ module ActionDispatch
       middlewares[i]
     end
 
+    def unshift(*args, &block)
+      middleware = self.class::Middleware.new(*args, &block)
+      middlewares.unshift(middleware)
+    end
+
     def initialize_copy(other)
       self.middlewares = other.middlewares.dup
     end
@@ -110,7 +115,7 @@ module ActionDispatch
     def build(app = nil, &block)
       app ||= block
       raise "MiddlewareStack#build requires an app" unless app
-      middlewares.reverse.inject(app) { |a, e| e.build(a) }
+      middlewares.freeze.reverse.inject(app) { |a, e| e.build(a) }
     end
 
   protected

data/lib/action_dispatch/middleware/static.rb

@@ -1,4 +1,5 @@
 require 'rack/utils'
+require 'active_support/core_ext/uri'
 
 module ActionDispatch
   class FileHandler
@@ -12,11 +13,11 @@ module ActionDispatch
     def match?(path)
       path = path.dup
 
-      full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(clean_path_info(unescape_path(path))))
+      full_path = path.empty? ? @root : File.join(@root, escape_glob_chars(unescape_path(path)))
       paths = "#{full_path}#{ext}"
 
       matches = Dir[paths]
-      match = matches.detect { |m| File.file?(m) && File.readable?(m) }
+      match = matches.detect { |m| File.file?(m) }
       if match
         match.sub!(@compiled_root, '')
         ::Rack::Utils.escape(match)
@@ -29,7 +30,7 @@ module ActionDispatch
 
     def ext
       @ext ||= begin
-        ext = ::ActionController::Base.page_cache_extension
+        ext = ::ActionController::Base.default_static_extension
         "{,#{ext},/index#{ext}}"
       end
     end
@@ -40,27 +41,7 @@ module ActionDispatch
 
     def escape_glob_chars(path)
       path.force_encoding('binary') if path.respond_to? :force_encoding
-      path.gsub(/[*?{}\[\]\\]/, "\\\\\\&")
-    end
-
-    private
-
-    PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact)
-
-    def clean_path_info(path_info)
-      path_info.force_encoding('binary') if path_info.respond_to? :force_encoding
-      parts = path_info.split PATH_SEPS
-
-      clean = []
-
-      parts.each do |part|
-        next if part.empty? || part == '.'
-        part == '..' ? clean.pop : clean << part
-      end
-
-      clean.unshift '/' if parts.empty? || parts.first.empty?
-
-      ::File.join(*clean)
+      path.gsub(/[*?{}\[\]]/, "\\\\\\&")
     end
   end
 

data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb

@@ -1,8 +1,8 @@
 <% unless @exception.blamed_files.blank? %>
   <% if (hide = @exception.blamed_files.length > 8) %>
-    <a href="#" onclick="document.getElementById('blame_trace').style.display='block'; return false;">Show blamed files</a>
+    <a href="#" onclick="return toggleTrace()">Toggle blamed files</a>
   <% end %>
-  <pre id="blame_trace" <%='style="display:none"' if hide %>><code><%=h @exception.describe_blame %></code></pre>
+  <pre id="blame_trace" <%='style="display:none"' if hide %>><code><%= @exception.describe_blame %></code></pre>
 <% end %>
 
 <%
@@ -12,20 +12,23 @@
 
   request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n")
 
-  def debug_hash(hash)
-    hash.sort_by { |k, v| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
+  def debug_hash(object)
+    object.to_hash.sort_by { |k, v| k.to_s }.map { |k, v| "#{k}: #{v.inspect rescue $!.message}" }.join("\n")
   end unless self.class.method_defined?(:debug_hash)
 %>
 
 <h2 style="margin-top: 30px">Request</h2>
-<p><b>Parameters</b>: <pre><%=h request_dump %></pre></p>
+<p><b>Parameters</b>:</p> <pre><%= request_dump %></pre>
 
-<p><a href="#" onclick="document.getElementById('session_dump').style.display='block'; return false;">Show session dump</a></p>
-<div id="session_dump" style="display:none"><pre><%= debug_hash @request.session %></pre></div>
-
-<p><a href="#" onclick="document.getElementById('env_dump').style.display='block'; return false;">Show env dump</a></p>
-<div id="env_dump" style="display:none"><pre><%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %></pre></div>
+<div class="details">
+  <div class="summary"><a href="#" onclick="return toggleSessionDump()">Toggle session dump</a></div>
+  <div id="session_dump" style="display:none"><pre><%= debug_hash @request.session %></pre></div>
+</div>
 
+<div class="details">
+  <div class="summary"><a href="#" onclick="return toggleEnvDump()">Toggle env dump</a></div>
+  <div id="env_dump" style="display:none"><pre><%= debug_hash @request.env.slice(*@request.class::ENV_METHODS) %></pre></div>
+</div>
 
 <h2 style="margin-top: 30px">Response</h2>
-<p><b>Headers</b>: <pre><%=h defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %></pre></p>
+<p><b>Headers</b>:</p> <pre><%= defined?(@response) ? @response.headers.inspect.gsub(',', ",\n") : 'None' %></pre>

data/lib/action_dispatch/middleware/templates/rescues/_source.erb

@@ -0,0 +1,25 @@
+<% if @source_extract %>
+<div class="source">
+<div class="info">
+  Extracted source (around line <strong>#<%= @line_number %></strong>):
+</div>
+<div class="data">
+  <table cellpadding="0" cellspacing="0" class="lines">
+      <tr>
+        <td>
+          <pre class="line_numbers">
+            <% @source_extract.keys.each do |line_number| %>
+<span><%= line_number -%></span>
+            <% end %>
+          </pre>
+        </td>
+<td width="100%">
+<pre>
+<% @source_extract.each do |line, source| -%><div class="line<%= " active" if line == @line_number -%>"><%= source -%></div><% end -%>
+</pre>
+</td>
+    </tr>
+  </table>
+</div>
+</div>
+<% end %>

data/lib/action_dispatch/middleware/templates/rescues/_trace.erb

@@ -12,15 +12,15 @@
 <div id="traces">
   <% names.each do |name| %>
     <%
-      show = "document.getElementById('#{name.gsub(/\s/, '-')}').style.display='block';"
-      hide = (names - [name]).collect {|hide_name| "document.getElementById('#{hide_name.gsub(/\s/, '-')}').style.display='none';"}
+      show = "show('#{name.gsub(/\s/, '-')}');"
+      hide = (names - [name]).collect {|hide_name| "hide('#{hide_name.gsub(/\s/, '-')}');"}
     %>
     <a href="#" onclick="<%= hide.join %><%= show %>; return false;"><%= name %></a> <%= '|' unless names.last == name %>
   <% end %>
 
   <% traces.each do |name, trace| %>
     <div id="<%= name.gsub(/\s/, '-') %>" style="display: <%= (name == "Application Trace") ? 'block' : 'none' %>;">
-      <pre><code><%=h trace.join "\n" %></code></pre>
+      <pre><code><%= trace.join "\n" %></code></pre>
     </div>
   <% end %>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb

@@ -1,10 +1,16 @@
-<h1>
-  <%=h @exception.class.to_s %>
-  <% if @request.parameters['controller'] %>
-    in <%=h @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%=h @request.parameters['action'] %><% end %>
-  <% end %>
-</h1>
-<pre><%=h @exception.message %></pre>
+<header>
+  <h1>
+    <%= @exception.class.to_s %>
+    <% if @request.parameters['controller'] %>
+      in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
+    <% end %>
+  </h1>
+</header>
 
-<%= render :template => "rescues/_trace" %>
-<%= render :template => "rescues/_request_and_response" %>
+<div id="container">
+  <h2><%= @exception.message %></h2>
+
+  <%= render template: "rescues/_source" %>
+  <%= render template: "rescues/_trace" %>
+  <%= render template: "rescues/_request_and_response" %>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -4,7 +4,11 @@
   <meta charset="utf-8" />
   <title>Action Controller: Exception caught</title>
   <style>
-    body { background-color: #fff; color: #333; }
+    body {
+      background-color: #FAFAFA;
+      color: #333;
+      margin: 0px;
+    }
 
     body, p, ol, ul, td {
       font-family: helvetica, verdana, arial, sans-serif;
@@ -13,16 +17,128 @@
     }
 
     pre {
-      background-color: #eee;
-      padding: 10px;
       font-size: 11px;
       white-space: pre-wrap;
     }
 
-    a { color: #000; }
+    pre.box {
+      border: 1px solid #EEE;
+      padding: 10px;
+      margin: 0px;
+      width: 958px;
+    }
+
+    header {
+      color: #F0F0F0;
+      background: #C52F24;
+      padding: 0.5em 1.5em;
+    }
+
+    h2 {
+      color: #C52F24;
+      line-height: 25px;
+    }
+
+    .details {
+      border: 1px solid #D0D0D0;
+      border-radius: 4px;
+      margin: 1em 0px;
+      display: block;
+      width: 978px;
+    }
+
+    .summary {
+      padding: 8px 15px;
+      border-bottom: 1px solid #D0D0D0;
+      display: block;
+    }
+
+    .details pre {
+      margin: 5px;
+      border: none;
+    }
+
+    #container {
+      box-sizing: border-box;
+      width: 100%;
+      padding: 0 1.5em;
+    }
+
+    .source * {
+      margin: 0px;
+      padding: 0px;
+    }
+
+    .source {
+      border: 1px solid #D9D9D9;
+      background: #ECECEC;
+      width: 978px;
+    }
+
+    .source pre {
+      padding: 10px 0px;
+      border: none;
+    }
+
+    .source .data {
+      font-size: 80%;
+      overflow: auto;
+      background-color: #FFF;
+    }
+
+    .info {
+      padding: 0.5em;
+    }
+
+    .source .data .line_numbers {
+      background-color: #ECECEC;
+      color: #AAA;
+      padding: 1em .5em;
+      border-right: 1px solid #DDD;
+      text-align: right;
+    }
+
+    .line {
+      padding-left: 10px;
+    }
+
+    .line:hover {
+      background-color: #F6F6F6;
+    }
+
+    .line.active {
+      background-color: #FFCCCC;
+    }
+
+    a { color: #980905; }
     a:visited { color: #666; }
-    a:hover { color: #fff; background-color:#000; }
+    a:hover { color: #C52F24; }
+
+    <%= yield :style %>
   </style>
+
+  <script>
+    var toggle = function(id) {
+      var s = document.getElementById(id).style;
+      s.display = s.display == 'none' ? 'block' : 'none';
+      return false;
+    }
+    var show = function(id) {
+      document.getElementById(id).style.display = 'block';
+    }
+    var hide = function(id) {
+      document.getElementById(id).style.display = 'none';
+    }
+    var toggleTrace = function() {
+      return toggle('blame_trace');
+    }
+    var toggleSessionDump = function() {
+      return toggle('session_dump');
+    }
+    var toggleEnvDump = function() {
+      return toggle('env_dump');
+    }
+  </script>
 </head>
 <body>