actionpack 3.2.22.5 → 5.2.4

data/lib/action_controller/metal/testing.rb

@@ -1,36 +1,15 @@
+# frozen_string_literal: true
+
 module ActionController
   module Testing
     extend ActiveSupport::Concern
 
-    include RackDelegation
-
-    def recycle!
-      @_url_options = nil
-    end
-
-
-    # TODO: Clean this up
-    def process_with_new_base_test(request, response)
-      @_request = request
-      @_response = response
-      @_response.request = request
-      ret = process(request.parameters[:action])
-      if cookies = @_request.env['action_dispatch.cookies']
-        cookies.write(@_response)
-      end
-      @_response.prepare!
-      ret
-    end
-
-    # TODO : Rewrite tests using controller.headers= to use Rack env
-    def headers=(new_headers)
-      @_response ||= ActionDispatch::Response.new
-      @_response.headers.replace(new_headers)
-    end
-
-    module ClassMethods
-      def before_filters
-        _process_action_callbacks.find_all{|x| x.kind == :before}.map{|x| x.name}
+    # Behavior specific to functional tests
+    module Functional # :nodoc:
+      def recycle!
+        @_url_options = nil
+        self.formats = nil
+        self.params = nil
       end
     end
   end

data/lib/action_controller/metal/url_for.rb

@@ -1,47 +1,58 @@
-# Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing 
-# the <tt>_routes</tt> method. Otherwise, an exception will be raised.
-#
-# In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define 
-# url options like the +host+. In order to do so, this module requires the host class
-# to implement +env+ and +request+, which need to be a Rack-compatible.
-#
-# Example:
-#
-#   class RootUrl
-#     include ActionController::UrlFor
-#     include Rails.application.routes.url_helpers
-#
-#     delegate :env, :request, :to => :controller
-#
-#     def initialize(controller)
-#       @controller = controller
-#       @url        = root_path # named route from the application.
-#     end
-#   end
-# 
+# frozen_string_literal: true
+
 module ActionController
+  # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing
+  # the <tt>_routes</tt> method. Otherwise, an exception will be raised.
+  #
+  # In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define
+  # URL options like the +host+. In order to do so, this module requires the host class
+  # to implement +env+ which needs to be Rack-compatible and +request+
+  # which is either an instance of +ActionDispatch::Request+ or an object
+  # that responds to the +host+, +optional_port+, +protocol+ and
+  # +symbolized_path_parameter+ methods.
+  #
+  #   class RootUrl
+  #     include ActionController::UrlFor
+  #     include Rails.application.routes.url_helpers
+  #
+  #     delegate :env, :request, to: :controller
+  #
+  #     def initialize(controller)
+  #       @controller = controller
+  #       @url        = root_path # named route from the application.
+  #     end
+  #   end
   module UrlFor
     extend ActiveSupport::Concern
 
     include AbstractController::UrlFor
 
     def url_options
-      @_url_options ||= super.reverse_merge(
-        :host => request.host,
-        :port => request.optional_port,
-        :protocol => request.protocol,
-        :_path_segments => request.symbolized_path_parameters
-      ).freeze
+      @_url_options ||= {
+        host: request.host,
+        port: request.optional_port,
+        protocol: request.protocol,
+        _recall: request.path_parameters
+      }.merge!(super).freeze
+
+      if (same_origin = _routes.equal?(request.routes)) ||
+         (script_name = request.engine_script_name(_routes)) ||
+         (original_script_name = request.original_script_name)
 
-      if _routes.equal?(env["action_dispatch.routes"])
-        @_url_options.dup.tap do |options|
-          options[:script_name] = request.script_name.dup
-          options.freeze
+        options = @_url_options.dup
+        if original_script_name
+          options[:original_script_name] = original_script_name
+        else
+          if same_origin
+            options[:script_name] = request.script_name.empty? ? "".freeze : request.script_name.dup
+          else
+            options[:script_name] = script_name
+          end
         end
+        options.freeze
       else
         @_url_options
       end
     end
-
   end
 end

data/lib/action_controller/metal.rb

@@ -1,46 +1,64 @@
-require 'active_support/core_ext/class/attribute'
-require 'active_support/core_ext/object/blank'
-require 'action_dispatch/middleware/stack'
+# frozen_string_literal: true
+
+require "active_support/core_ext/array/extract_options"
+require "action_dispatch/middleware/stack"
+require "action_dispatch/http/request"
+require "action_dispatch/http/response"
 
 module ActionController
   # Extend ActionDispatch middleware stack to make it aware of options
   # allowing the following syntax in controllers:
   #
   #   class PostsController < ApplicationController
-  #     use AuthenticationMiddleware, :except => [:index, :show]
+  #     use AuthenticationMiddleware, except: [:index, :show]
   #   end
   #
   class MiddlewareStack < ActionDispatch::MiddlewareStack #:nodoc:
     class Middleware < ActionDispatch::MiddlewareStack::Middleware #:nodoc:
-      def initialize(klass, *args, &block)
-        options = args.extract_options!
-        @only   = Array(options.delete(:only)).map(&:to_s)
-        @except = Array(options.delete(:except)).map(&:to_s)
-        args << options unless options.empty?
-        super
+      def initialize(klass, args, actions, strategy, block)
+        @actions = actions
+        @strategy = strategy
+        super(klass, args, block)
       end
 
       def valid?(action)
-        if @only.present?
-          @only.include?(action)
-        elsif @except.present?
-          !@except.include?(action)
-        else
-          true
-        end
+        @strategy.call @actions, action
       end
     end
 
-    def build(action, app=nil, &block)
-      app  ||= block
+    def build(action, app = nil, &block)
       action = action.to_s
-      raise "MiddlewareStack#build requires an app" unless app
 
-      middlewares.reverse.inject(app) do |a, middleware|
-        middleware.valid?(action) ?
-          middleware.build(a) : a
+      middlewares.reverse.inject(app || block) do |a, middleware|
+        middleware.valid?(action) ? middleware.build(a) : a
       end
     end
+
+    private
+
+      INCLUDE = ->(list, action) { list.include? action }
+      EXCLUDE = ->(list, action) { !list.include? action }
+      NULL    = ->(list, action) { true }
+
+      def build_middleware(klass, args, block)
+        options = args.extract_options!
+        only   = Array(options.delete(:only)).map(&:to_s)
+        except = Array(options.delete(:except)).map(&:to_s)
+        args << options unless options.empty?
+
+        strategy = NULL
+        list     = nil
+
+        if only.any?
+          strategy = INCLUDE
+          list     = only
+        elsif except.any?
+          strategy = EXCLUDE
+          list     = except
+        end
+
+        Middleware.new(klass, args, list, strategy, block)
+      end
   end
 
   # <tt>ActionController::Metal</tt> is the simplest possible controller, providing a
@@ -58,7 +76,7 @@ module ActionController
   # And then to route requests to your metal controller, you would add
   # something like this to <tt>config/routes.rb</tt>:
   #
-  #   match 'hello', :to => HelloController.action(:index)
+  #   get 'hello', to: HelloController.action(:index)
   #
   # The +action+ method returns a valid Rack application for the \Rails
   # router to dispatch to.
@@ -72,7 +90,8 @@ module ActionController
   # can do the following:
   #
   #   class HelloController < ActionController::Metal
-  #     include ActionController::Rendering
+  #     include AbstractController::Rendering
+  #     include ActionView::Layouts
   #     append_view_path "#{Rails.root}/app/views"
   #
   #     def index
@@ -101,12 +120,6 @@ module ActionController
   class Metal < AbstractController::Base
     abstract!
 
-    attr_internal_writer :env
-
-    def env
-      @_env ||= {}
-    end
-
     # Returns the last part of the controller's name, underscored, without the ending
     # <tt>Controller</tt>. For instance, PostsController returns <tt>posts</tt>.
     # Namespaces are left out, so Admin::PostsController returns <tt>posts</tt> as well.
@@ -114,26 +127,30 @@ module ActionController
     # ==== Returns
     # * <tt>string</tt>
     def self.controller_name
-      @controller_name ||= self.name.demodulize.sub(/Controller$/, '').underscore
+      @controller_name ||= name.demodulize.sub(/Controller$/, "").underscore
+    end
+
+    def self.make_response!(request)
+      ActionDispatch::Response.new.tap do |res|
+        res.request = request
+      end
+    end
+
+    def self.binary_params_for?(action) # :nodoc:
+      false
     end
 
-    # Delegates to the class' <tt>controller_name</tt>
+    # Delegates to the class' <tt>controller_name</tt>.
     def controller_name
       self.class.controller_name
     end
 
-    # The details below can be overridden to support a specific
-    # Request and Response object. The default ActionController::Base
-    # implementation includes RackDelegation, which makes a request
-    # and response object available. You might wish to control the
-    # environment and response manually for performance reasons.
-
-    attr_internal :headers, :response, :request
-    delegate :session, :to => "@_request"
+    attr_internal :response, :request
+    delegate :session, to: "@_request"
+    delegate :headers, :status=, :location=, :content_type=,
+             :status, :location, :content_type, to: "@_response"
 
     def initialize
-      @_headers = {"Content-Type" => "text/html"}
-      @_status = 200
       @_request = nil
       @_response = nil
       @_routes = nil
@@ -148,102 +165,91 @@ module ActionController
       @_params = val
     end
 
-    # Basic implementations for content_type=, location=, and headers are
-    # provided to reduce the dependency on the RackDelegation module
-    # in Renderer and Redirector.
-
-    def content_type=(type)
-      headers["Content-Type"] = type.to_s
-    end
+    alias :response_code :status # :nodoc:
 
-    def content_type
-      headers["Content-Type"]
-    end
-
-    def location
-      headers["Location"]
-    end
-
-    def location=(url)
-      headers["Location"] = url
-    end
-
-    # basic url_for that can be overridden for more robust functionality
+    # Basic url_for that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
 
-    def status
-      @_status
+    def response_body=(body)
+      body = [body] unless body.nil? || body.respond_to?(:each)
+      response.reset_body!
+      return unless body
+      response.body = body
+      super
     end
 
-    def status=(status)
-      @_status = Rack::Utils.status_code(status)
+    # Tests if render or redirect has already happened.
+    def performed?
+      response_body || response.committed?
     end
 
-    def response_body=(val)
-      body = if val.is_a?(String)
-        [val]
-      elsif val.nil? || val.respond_to?(:each)
-        val
-      else
-        [val]
-      end
-      super body
+    def dispatch(name, request, response) #:nodoc:
+      set_request!(request)
+      set_response!(response)
+      process(name)
+      request.commit_flash
+      to_a
     end
 
-    def performed?
-      response_body
+    def set_response!(response) # :nodoc:
+      @_response = response
     end
 
-    def dispatch(name, request) #:nodoc:
+    def set_request!(request) #:nodoc:
       @_request = request
-      @_env = request.env
-      @_env['action_controller.instance'] = self
-      process(name)
-      to_a
+      @_request.controller_instance = self
     end
 
     def to_a #:nodoc:
-      response ? response.to_a : [status, headers, response_body]
+      response.to_a
     end
 
-    class_attribute :middleware_stack
-    self.middleware_stack = ActionController::MiddlewareStack.new
+    def reset_session
+      @_request.reset_session
+    end
+
+    class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new
 
-    def self.inherited(base) #nodoc:
-      base.middleware_stack = self.middleware_stack.dup
+    def self.inherited(base) # :nodoc:
+      base.middleware_stack = middleware_stack.dup
       super
     end
 
-    # Adds given middleware class and its args to bottom of middleware_stack
+    # Pushes the given Rack middleware and its arguments to the bottom of the
+    # middleware stack.
     def self.use(*args, &block)
       middleware_stack.use(*args, &block)
     end
 
-    # Alias for middleware_stack
+    # Alias for +middleware_stack+.
     def self.middleware
       middleware_stack
     end
 
-    # Makes the controller a rack endpoint that points to the action in
-    # the given env's action_dispatch.request.path_parameters key.
-    def self.call(env)
-      action(env['action_dispatch.request.path_parameters'][:action]).call(env)
+    # Returns a Rack endpoint for the given action name.
+    def self.action(name)
+      app = lambda { |env|
+        req = ActionDispatch::Request.new(env)
+        res = make_response! req
+        new.dispatch(name, req, res)
+      }
+
+      if middleware_stack.any?
+        middleware_stack.build(name, app)
+      else
+        app
+      end
     end
 
-    # Return a rack endpoint for the given action. Memoize the endpoint, so
-    # multiple calls into MyController.action will return the same object
-    # for the same action.
-    #
-    # ==== Parameters
-    # * <tt>action</tt> - An action name
-    #
-    # ==== Returns
-    # * <tt>proc</tt> - A rack application
-    def self.action(name, klass = ActionDispatch::Request)
-      middleware_stack.build(name.to_s) do |env|
-        new.dispatch(name, klass.new(env))
+    # Direct dispatch to the controller. Instantiates the controller, then
+    # executes the action named +name+.
+    def self.dispatch(name, req, res)
+      if middleware_stack.any?
+        middleware_stack.build(name) { |env| new.dispatch(name, req, res) }.call req.env
+      else
+        new.dispatch(name, req, res)
       end
     end
   end

data/lib/action_controller/railtie.rb

@@ -1,44 +1,68 @@
+# frozen_string_literal: true
+
 require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
-require "action_view/railtie"
 require "abstract_controller/railties/routes_helpers"
-require "action_controller/railties/paths"
+require "action_controller/railties/helpers"
+require "action_view/railtie"
 
 module ActionController
-  class Railtie < Rails::Railtie
+  class Railtie < Rails::Railtie #:nodoc:
     config.action_controller = ActiveSupport::OrderedOptions.new
 
-    initializer "action_controller.logger" do
-      ActiveSupport.on_load(:action_controller) { self.logger ||= Rails.logger }
+    config.eager_load_namespaces << ActionController
+
+    initializer "action_controller.assets_config", group: :all do |app|
+      app.config.action_controller.assets_dir ||= app.config.paths["public"].first
     end
 
-    initializer "action_controller.initialize_framework_caches" do
-      ActiveSupport.on_load(:action_controller) { self.cache_store ||= RAILS_CACHE }
+    initializer "action_controller.set_helpers_path" do |app|
+      ActionController::Helpers.helpers_path = app.helpers_paths
     end
 
-    initializer "action_controller.assets_config", :group => :all do |app|
-      app.config.action_controller.assets_dir ||= app.config.paths["public"].first
+    initializer "action_controller.parameters_config" do |app|
+      options = app.config.action_controller
+
+      ActiveSupport.on_load(:action_controller, run_once: true) do
+        ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
+        if app.config.action_controller[:always_permitted_parameters]
+          ActionController::Parameters.always_permitted_parameters =
+            app.config.action_controller.delete(:always_permitted_parameters)
+        end
+        ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
+          (Rails.env.test? || Rails.env.development?) ? :log : false
+        end
+      end
     end
 
     initializer "action_controller.set_configs" do |app|
       paths   = app.config.paths
       options = app.config.action_controller
 
-      options.javascripts_dir      ||= paths["public/javascripts"].first
-      options.stylesheets_dir      ||= paths["public/stylesheets"].first
-      options.page_cache_directory ||= paths["public"].first
+      options.logger      ||= Rails.logger
+      options.cache_store ||= Rails.cache
 
-      # make sure readers methods get compiled
-      options.asset_path           ||= app.config.asset_path
-      options.asset_host           ||= app.config.asset_host
-      options.relative_url_root    ||= app.config.relative_url_root
+      options.javascripts_dir ||= paths["public/javascripts"].first
+      options.stylesheets_dir ||= paths["public/stylesheets"].first
+
+      # Ensure readers methods get compiled.
+      options.asset_host        ||= app.config.asset_host
+      options.relative_url_root ||= app.config.relative_url_root
 
       ActiveSupport.on_load(:action_controller) do
         include app.routes.mounted_helpers
         extend ::AbstractController::Railties::RoutesHelpers.with(app.routes)
-        extend ::ActionController::Railties::Paths.with(app)
-        options.each { |k,v| send("#{k}=", v) }
+        extend ::ActionController::Railties::Helpers
+
+        options.each do |k, v|
+          k = "#{k}="
+          if respond_to?(k)
+            send(k, v)
+          elsif !Base.respond_to?(k)
+            raise "Invalid option key: #{k}"
+          end
+        end
       end
     end
 
@@ -47,5 +71,19 @@ module ActionController
         config.compile_methods! if config.respond_to?(:compile_methods!)
       end
     end
+
+    initializer "action_controller.request_forgery_protection" do |app|
+      ActiveSupport.on_load(:action_controller_base) do
+        if app.config.action_controller.default_protect_from_forgery
+          protect_from_forgery with: :exception
+        end
+      end
+    end
+
+    initializer "action_controller.eager_load_actions" do
+      ActiveSupport.on_load(:after_initialize) do
+        ActionController::Metal.descendants.each(&:action_methods) if config.eager_load
+      end
+    end
   end
 end

data/lib/action_controller/railties/helpers.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ActionController
+  module Railties
+    module Helpers
+      def inherited(klass)
+        super
+        return unless klass.respond_to?(:helpers_path=)
+
+        if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
+          paths = namespace.railtie_helpers_paths
+        else
+          paths = ActionController::Helpers.helpers_path
+        end
+
+        klass.helpers_path = paths
+
+        if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers
+          klass.helper :all
+        end
+      end
+    end
+  end
+end