actionpack 3.2.22.5 → 5.2.4

data/lib/action_dispatch/middleware/flash.rb

@@ -1,23 +1,18 @@
-module ActionDispatch
-  class Request
-    # Access the contents of the flash. Use <tt>flash["notice"]</tt> to
-    # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
-    # to put a new one.
-    def flash
-      @env[Flash::KEY] ||= (session["flash"] || Flash::FlashHash.new)
-    end
-  end
+# frozen_string_literal: true
 
-  # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed
+require "active_support/core_ext/hash/keys"
+
+module ActionDispatch
+  # The flash provides a way to pass temporary primitive-types (String, Array, Hash) between actions. Anything you place in the flash will be exposed
   # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create
   # action that sets <tt>flash[:notice] = "Post successfully created"</tt> before redirecting to a display action that can
-  # then expose the flash to its template. Actually, that exposure is automatically done. Example:
+  # then expose the flash to its template. Actually, that exposure is automatically done.
   #
   #   class PostsController < ActionController::Base
   #     def create
   #       # save post
   #       flash[:notice] = "Post successfully created"
-  #       redirect_to posts_path(@post)
+  #       redirect_to @post
   #     end
   #
   #     def show
@@ -35,12 +30,54 @@ module ActionDispatch
   #   flash.alert = "You must be logged in"
   #   flash.notice = "Post successfully created"
   #
-  # This example just places a string in the flash, but you can put any object in there. And of course, you can put as
-  # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed.
+  # This example places a string in the flash. And of course, you can put as many as you like at a time too. If you want to pass
+  # non-primitive types, you will have to handle that in your application. Example: To show messages with links, you will have to
+  # use sanitize helper.
+  #
+  # Just remember: They'll be gone by the time the next action has been performed.
   #
   # See docs on the FlashHash class for more details about the flash.
   class Flash
-    KEY = 'action_dispatch.request.flash_hash'.freeze
+    KEY = "action_dispatch.request.flash_hash".freeze
+
+    module RequestMethods
+      # Access the contents of the flash. Use <tt>flash["notice"]</tt> to
+      # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
+      # to put a new one.
+      def flash
+        flash = flash_hash
+        return flash if flash
+        self.flash = Flash::FlashHash.from_session_value(session["flash"])
+      end
+
+      def flash=(flash)
+        set_header Flash::KEY, flash
+      end
+
+      def flash_hash # :nodoc:
+        get_header Flash::KEY
+      end
+
+      def commit_flash # :nodoc:
+        session    = self.session || {}
+        flash_hash = self.flash_hash
+
+        if flash_hash && (flash_hash.present? || session.key?("flash"))
+          session["flash"] = flash_hash.to_session_value
+          self.flash = flash_hash.dup
+        end
+
+        if (!session.respond_to?(:loaded?) || session.loaded?) && # reset_session uses {}, which doesn't implement #loaded?
+            session.key?("flash") && session["flash"].nil?
+          session.delete("flash")
+        end
+      end
+
+      def reset_session # :nodoc:
+        super
+        self.flash = nil
+      end
+    end
 
     class FlashNow #:nodoc:
       attr_accessor :flash
@@ -50,37 +87,60 @@ module ActionDispatch
       end
 
       def []=(k, v)
+        k = k.to_s
         @flash[k] = v
         @flash.discard(k)
         v
       end
 
       def [](k)
-        @flash[k]
+        @flash[k.to_s]
       end
 
-      # Convenience accessor for flash.now[:alert]=
+      # Convenience accessor for <tt>flash.now[:alert]=</tt>.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for flash.now[:notice]=
+      # Convenience accessor for <tt>flash.now[:notice]=</tt>.
       def notice=(message)
         self[:notice] = message
       end
     end
 
-    # Implementation detail: please do not change the signature of the
-    # FlashHash class. Doing that will likely affect all Rails apps in
-    # production as the FlashHash currently stored in their sessions will
-    # become invalid.
     class FlashHash
       include Enumerable
 
-      def initialize #:nodoc:
-        @used    = Set.new
-        @closed  = false
-        @flashes = {}
+      def self.from_session_value(value) #:nodoc:
+        case value
+        when FlashHash # Rails 3.1, 3.2
+          flashes = value.instance_variable_get(:@flashes)
+          if discard = value.instance_variable_get(:@used)
+            flashes.except!(*discard)
+          end
+          new(flashes, flashes.keys)
+        when Hash # Rails 4.0
+          flashes = value["flashes"]
+          if discard = value["discard"]
+            flashes.except!(*discard)
+          end
+          new(flashes, flashes.keys)
+        else
+          new
+        end
+      end
+
+      # Builds a hash containing the flashes to keep for the next request.
+      # If there are none to keep, returns +nil+.
+      def to_session_value #:nodoc:
+        flashes_to_keep = @flashes.except(*@discard)
+        return nil if flashes_to_keep.empty?
+        { "discard" => [], "flashes" => flashes_to_keep }
+      end
+
+      def initialize(flashes = {}, discard = []) #:nodoc:
+        @discard = Set.new(stringify_array(discard))
+        @flashes = flashes.stringify_keys
         @now     = nil
       end
 
@@ -92,18 +152,19 @@ module ActionDispatch
         super
       end
 
-      def []=(k, v) #:nodoc:
-        keep(k)
+      def []=(k, v)
+        k = k.to_s
+        @discard.delete k
         @flashes[k] = v
       end
 
       def [](k)
-        @flashes[k]
+        @flashes[k.to_s]
       end
 
       def update(h) #:nodoc:
-        h.keys.each { |k| keep(k) }
-        @flashes.update h
+        @discard.subtract stringify_array(h.keys)
+        @flashes.update h.stringify_keys
         self
       end
 
@@ -112,10 +173,12 @@ module ActionDispatch
       end
 
       def key?(name)
-        @flashes.key? name
+        @flashes.key? name.to_s
       end
 
       def delete(key)
+        key = key.to_s
+        @discard.delete key
         @flashes.delete key
         self
       end
@@ -129,6 +192,7 @@ module ActionDispatch
       end
 
       def clear
+        @discard.clear
         @flashes.clear
       end
 
@@ -139,8 +203,8 @@ module ActionDispatch
       alias :merge! :update
 
       def replace(h) #:nodoc:
-        @used = Set.new
-        @flashes.replace h
+        @discard.clear
+        @flashes.replace h.stringify_keys
         self
       end
 
@@ -154,6 +218,14 @@ module ActionDispatch
       # vanish when the current action is done.
       #
       # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>.
+      #
+      # Also, brings two convenience accessors:
+      #
+      #   flash.now.alert = "Beware now!"
+      #   # Equivalent to flash.now[:alert] = "Beware now!"
+      #
+      #   flash.now.notice = "Good luck now!"
+      #   # Equivalent to flash.now[:notice] = "Good luck now!"
       def now
         @now ||= FlashNow.new(self)
       end
@@ -163,7 +235,9 @@ module ActionDispatch
       #    flash.keep            # keeps the entire flash
       #    flash.keep(:notice)   # keeps only the "notice" entry, the rest of the flash is discarded
       def keep(k = nil)
-        use(k, false)
+        k = k.to_s if k
+        @discard.subtract Array(k || keys)
+        k ? self[k] : self
       end
 
       # Marks the entire flash or a single flash entry to be discarded by the end of the current action:
@@ -171,93 +245,56 @@ module ActionDispatch
       #     flash.discard              # discard the entire flash at the end of the current action
       #     flash.discard(:warning)    # discard only the "warning" entry at the end of the current action
       def discard(k = nil)
-        use(k)
+        k = k.to_s if k
+        @discard.merge Array(k || keys)
+        k ? self[k] : self
       end
 
       # Mark for removal entries that were kept, and delete unkept ones.
       #
       # This method is called automatically by filters, so you generally don't need to care about it.
       def sweep #:nodoc:
-        keys.each do |k|
-          unless @used.include?(k)
-            @used << k
-          else
-            delete(k)
-            @used.delete(k)
-          end
-        end
-
-        # clean up after keys that could have been left over by calling reject! or shift on the flash
-        (@used - keys).each{ |k| @used.delete(k) }
+        @discard.each { |k| @flashes.delete k }
+        @discard.replace @flashes.keys
       end
 
-      # Convenience accessor for flash[:alert]
+      # Convenience accessor for <tt>flash[:alert]</tt>.
       def alert
         self[:alert]
       end
 
-      # Convenience accessor for flash[:alert]=
+      # Convenience accessor for <tt>flash[:alert]=</tt>.
       def alert=(message)
         self[:alert] = message
       end
 
-      # Convenience accessor for flash[:notice]
+      # Convenience accessor for <tt>flash[:notice]</tt>.
       def notice
         self[:notice]
       end
 
-      # Convenience accessor for flash[:notice]=
+      # Convenience accessor for <tt>flash[:notice]=</tt>.
       def notice=(message)
         self[:notice] = message
       end
 
       protected
-
         def now_is_loaded?
-          !!@now
+          @now
         end
 
-        # Used internally by the <tt>keep</tt> and <tt>discard</tt> methods
-        #     use()               # marks the entire flash as used
-        #     use('msg')          # marks the "msg" entry as used
-        #     use(nil, false)     # marks the entire flash as unused (keeps it around for one more action)
-        #     use('msg', false)   # marks the "msg" entry as unused (keeps it around for one more action)
-        # Returns the single value for the key you asked to be marked (un)used or the FlashHash itself
-        # if no key is passed.
-        def use(key = nil, used = true)
-          Array(key || keys).each { |k| used ? @used << k : @used.delete(k) }
-          return key ? self[key] : self
+      private
+        def stringify_array(array) # :doc:
+          array.map do |item|
+            item.kind_of?(Symbol) ? item.to_s : item
+          end
         end
     end
 
-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      if (session = env['rack.session']) && (flash = session['flash'])
-        flash.sweep
-      end
-
-      @app.call(env)
-    ensure
-      session    = env['rack.session'] || {}
-      flash_hash = env[KEY]
-
-      if flash_hash
-        if !flash_hash.empty? || session.key?('flash')
-          session["flash"] = flash_hash
-          new_hash = flash_hash.dup
-        else
-          new_hash = flash_hash
-        end
-
-        env[KEY] = new_hash
-      end
+    def self.new(app) app; end
+  end
 
-      if session.key?('flash') && session['flash'].empty?
-        session.delete('flash')
-      end
-    end
+  class Request
+    prepend Flash::RequestMethods
   end
 end

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -1,5 +1,16 @@
+# frozen_string_literal: true
+
 module ActionDispatch
-  # A simple Rack application that renders exceptions in the given public path.
+  # When called, this middleware renders an error page. By default if an HTML
+  # response is expected it will render static error pages from the <tt>/public</tt>
+  # directory. For example when this middleware receives a 500 response it will
+  # render the template found in <tt>/public/500.html</tt>.
+  # If an internationalized locale is set, this middleware will attempt to render
+  # the template in <tt>/public/500.<locale>.html</tt>. If an internationalized template
+  # is not found it will fall back on <tt>/public/500.html</tt>.
+  #
+  # When a request with a content type other than HTML is made, this middleware
+  # will attempt to convert error information into the appropriate response type.
   class PublicExceptions
     attr_accessor :public_path
 
@@ -8,23 +19,39 @@ module ActionDispatch
     end
 
     def call(env)
-      status      = env["PATH_INFO"][1..-1]
-      locale_path = "#{public_path}/#{status}.#{I18n.locale}.html" if I18n.locale
-      path        = "#{public_path}/#{status}.html"
-
-      if locale_path && File.exist?(locale_path)
-        render(status, File.read(locale_path))
-      elsif File.exist?(path)
-        render(status, File.read(path))
-      else
-        [404, { "X-Cascade" => "pass" }, []]
-      end
+      request      = ActionDispatch::Request.new(env)
+      status       = request.path_info[1..-1].to_i
+      content_type = request.formats.first
+      body         = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
+
+      render(status, content_type, body)
     end
 
     private
 
-    def render(status, body)
-      [status, {'Content-Type' => "text/html; charset=#{Response.default_charset}", 'Content-Length' => body.bytesize.to_s}, [body]]
-    end
+      def render(status, content_type, body)
+        format = "to_#{content_type.to_sym}" if content_type
+        if format && body.respond_to?(format)
+          render_format(status, content_type, body.public_send(format))
+        else
+          render_html(status)
+        end
+      end
+
+      def render_format(status, content_type, body)
+        [status, { "Content-Type" => "#{content_type}; charset=#{ActionDispatch::Response.default_charset}",
+                  "Content-Length" => body.bytesize.to_s }, [body]]
+      end
+
+      def render_html(status)
+        path = "#{public_path}/#{status}.#{I18n.locale}.html"
+        path = "#{public_path}/#{status}.html" unless (found = File.exist?(path))
+
+        if found || File.exist?(path)
+          render_format(status, "text/html", File.read(path))
+        else
+          [404, { "X-Cascade" => "pass" }, []]
+        end
+      end
   end
-end
+end

data/lib/action_dispatch/middleware/reloader.rb

@@ -1,89 +1,12 @@
-require 'action_dispatch/middleware/body_proxy'
+# frozen_string_literal: true
 
 module ActionDispatch
-  # ActionDispatch::Reloader provides prepare and cleanup callbacks,
-  # intended to assist with code reloading during development.
-  #
-  # Prepare callbacks are run before each request, and cleanup callbacks
-  # after each request. In this respect they are analogs of ActionDispatch::Callback's
-  # before and after callbacks. However, cleanup callbacks are not called until the
-  # request is fully complete -- that is, after #close has been called on
-  # the response body. This is important for streaming responses such as the
-  # following:
-  #
-  #     self.response_body = lambda { |response, output|
-  #       # code here which refers to application models
-  #     }
-  #
-  # Cleanup callbacks will not be called until after the response_body lambda
-  # is evaluated, ensuring that it can refer to application models and other
-  # classes before they are unloaded.
+  # ActionDispatch::Reloader wraps the request with callbacks provided by ActiveSupport::Reloader
+  # callbacks, intended to assist with code reloading during development.
   #
   # By default, ActionDispatch::Reloader is included in the middleware stack
-  # only in the development environment; specifically, when config.cache_classes
-  # is false. Callbacks may be registered even when it is not included in the
-  # middleware stack, but are executed only when +ActionDispatch::Reloader.prepare!+
-  # or +ActionDispatch::Reloader.cleanup!+ are called manually.
-  #
-  class Reloader
-    include ActiveSupport::Callbacks
-
-    define_callbacks :prepare, :scope => :name
-    define_callbacks :cleanup, :scope => :name
-
-    # Add a prepare callback. Prepare callbacks are run before each request, prior
-    # to ActionDispatch::Callback's before callbacks.
-    def self.to_prepare(*args, &block)
-      set_callback(:prepare, *args, &block)
-    end
-
-    # Add a cleanup callback. Cleanup callbacks are run after each request is
-    # complete (after #close is called on the response body).
-    def self.to_cleanup(*args, &block)
-      set_callback(:cleanup, *args, &block)
-    end
-
-    # Execute all prepare callbacks.
-    def self.prepare!
-      new(nil).prepare!
-    end
-
-    # Execute all cleanup callbacks.
-    def self.cleanup!
-      new(nil).cleanup!
-    end
-
-    def initialize(app, condition=nil)
-      @app = app
-      @condition = condition || lambda { true }
-      @validated = true
-    end
-
-    def call(env)
-      @validated = @condition.call
-      prepare!
-      response = @app.call(env)
-      response[2] = ActionDispatch::BodyProxy.new(response[2]) { cleanup! }
-      response
-    rescue Exception
-      cleanup!
-      raise
-    end
-
-    def prepare! #:nodoc:
-      run_callbacks :prepare if validated?
-    end
-
-    def cleanup! #:nodoc:
-      run_callbacks :cleanup if validated?
-    ensure
-      @validated = true
-    end
-
-    private
-
-    def validated? #:nodoc:
-      @validated
-    end
+  # only in the development environment; specifically, when +config.cache_classes+
+  # is false.
+  class Reloader < Executor
   end
 end