actionpack 3.2.22.5 → 5.2.4

data/lib/action_controller/metal/exceptions.rb

@@ -1,40 +1,44 @@
+# frozen_string_literal: true
+
 module ActionController
   class ActionControllerError < StandardError #:nodoc:
   end
 
+  class BadRequest < ActionControllerError #:nodoc:
+    def initialize(msg = nil)
+      super(msg)
+      set_backtrace $!.backtrace if $!
+    end
+  end
+
   class RenderError < ActionControllerError #:nodoc:
   end
 
   class RoutingError < ActionControllerError #:nodoc:
     attr_reader :failures
-    def initialize(message, failures=[])
+    def initialize(message, failures = [])
       super(message)
       @failures = failures
     end
   end
 
-  class MethodNotAllowed < ActionControllerError #:nodoc:
-    attr_reader :allowed_methods
+  class ActionController::UrlGenerationError < ActionControllerError #:nodoc:
+  end
 
+  class MethodNotAllowed < ActionControllerError #:nodoc:
     def initialize(*allowed_methods)
-      super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.")
+      super("Only #{allowed_methods.to_sentence(locale: :en)} requests are allowed.")
     end
   end
 
   class NotImplemented < MethodNotAllowed #:nodoc:
   end
 
-  class UnknownController < ActionControllerError #:nodoc:
-  end
-
   class MissingFile < ActionControllerError #:nodoc:
   end
 
-  class RenderError < ActionControllerError #:nodoc:
-  end
-
   class SessionOverflowError < ActionControllerError #:nodoc:
-    DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.'
+    DEFAULT_MESSAGE = "Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data."
 
     def initialize(message = nil)
       super(message || DEFAULT_MESSAGE)
@@ -43,4 +47,7 @@ module ActionController
 
   class UnknownHttpMethod < ActionControllerError #:nodoc:
   end
-end
+
+  class UnknownFormat < ActionControllerError #:nodoc:
+  end
+end

data/lib/action_controller/metal/flash.rb

@@ -1,21 +1,54 @@
+# frozen_string_literal: true
+
 module ActionController #:nodoc:
   module Flash
     extend ActiveSupport::Concern
 
     included do
-      delegate :flash, :to => :request
-      delegate :alert, :notice, :to => "request.flash"
-      helper_method :alert, :notice
+      class_attribute :_flash_types, instance_accessor: false, default: []
+
+      delegate :flash, to: :request
+      add_flash_types(:alert, :notice)
     end
 
-    protected
-      def redirect_to(options = {}, response_status_and_flash = {}) #:doc:
-        if alert = response_status_and_flash.delete(:alert)
-          flash[:alert] = alert
+    module ClassMethods
+      # Creates new flash types. You can pass as many types as you want to create
+      # flash types other than the default <tt>alert</tt> and <tt>notice</tt> in
+      # your controllers and views. For instance:
+      #
+      #   # in application_controller.rb
+      #   class ApplicationController < ActionController::Base
+      #     add_flash_types :warning
+      #   end
+      #
+      #   # in your controller
+      #   redirect_to user_path(@user), warning: "Incomplete profile"
+      #
+      #   # in your view
+      #   <%= warning %>
+      #
+      # This method will automatically define a new method for each of the given
+      # names, and it will be available in your views.
+      def add_flash_types(*types)
+        types.each do |type|
+          next if _flash_types.include?(type)
+
+          define_method(type) do
+            request.flash[type]
+          end
+          helper_method type
+
+          self._flash_types += [type]
         end
+      end
+    end
 
-        if notice = response_status_and_flash.delete(:notice)
-          flash[:notice] = notice
+    private
+      def redirect_to(options = {}, response_status_and_flash = {}) #:doc:
+        self.class._flash_types.each do |flash_type|
+          if type = response_status_and_flash.delete(flash_type)
+            flash[flash_type] = type
+          end
         end
 
         if other_flashes = response_status_and_flash.delete(:flash)

data/lib/action_controller/metal/force_ssl.rb

@@ -1,39 +1,99 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/hash/except"
+require "active_support/core_ext/hash/slice"
+
 module ActionController
-  # This module provides a method which will redirect browser to use HTTPS
-  # protocol. This will ensure that user's sensitive information will be
-  # transferred safely over the internet. You _should_ always force browser
+  # This module provides a method which will redirect the browser to use the secured HTTPS
+  # protocol. This will ensure that users' sensitive information will be
+  # transferred safely over the internet. You _should_ always force the browser
   # to use HTTPS when you're transferring sensitive information such as
   # user authentication, account information, or credit card information.
   #
   # Note that if you are really concerned about your application security,
   # you might consider using +config.force_ssl+ in your config file instead.
-  # That will ensure all the data transferred via HTTPS protocol and prevent
-  # user from getting session hijacked when accessing the site under unsecured
-  # HTTP protocol.
+  # That will ensure all the data is transferred via HTTPS, and will
+  # prevent the user from getting their session hijacked when accessing the
+  # site over unsecured HTTP protocol.
   module ForceSSL
     extend ActiveSupport::Concern
     include AbstractController::Callbacks
 
+    ACTION_OPTIONS = [:only, :except, :if, :unless]
+    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
+    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
+
     module ClassMethods
       # Force the request to this particular controller or specified actions to be
-      # under HTTPS protocol.
+      # through the HTTPS protocol.
+      #
+      # If you need to disable this for any reason (e.g. development) then you can use
+      # an +:if+ or +:unless+ condition.
+      #
+      #     class AccountsController < ApplicationController
+      #       force_ssl if: :ssl_configured?
+      #
+      #       def ssl_configured?
+      #         !Rails.env.development?
+      #       end
+      #     end
+      #
+      # ==== URL Options
+      # You can pass any of the following options to affect the redirect URL
+      # * <tt>host</tt>       - Redirect to a different host name
+      # * <tt>subdomain</tt>  - Redirect to a different subdomain
+      # * <tt>domain</tt>     - Redirect to a different domain
+      # * <tt>port</tt>       - Redirect to a non-standard port
+      # * <tt>path</tt>       - Redirect to a different path
       #
-      # Note that this method will not be effective on development environment.
+      # ==== Redirect Options
+      # You can pass any of the following options to affect the redirect status and response
+      # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
+      # * <tt>flash</tt>      - Set a flash message when redirecting
+      # * <tt>alert</tt>      - Set an alert message when redirecting
+      # * <tt>notice</tt>     - Set a notice message when redirecting
       #
-      # ==== Options
-      # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except</tt>  - The callback should be run for all actions except this action
+      # ==== Action Options
+      # You can pass any of the following options to affect the before_action callback
+      # * <tt>only</tt>       - The callback should be run only for this action
+      # * <tt>except</tt>     - The callback should be run for all actions except this action
+      # * <tt>if</tt>         - A symbol naming an instance method or a proc; the
+      #   callback will be called only when it returns a true value.
+      # * <tt>unless</tt>     - A symbol naming an instance method or a proc; the
+      #   callback will be called only when it returns a false value.
       def force_ssl(options = {})
-        host = options.delete(:host)
-        before_filter(options) do
-          if !request.ssl? && !Rails.env.development?
-            redirect_options = {:protocol => 'https://', :status => :moved_permanently}
-            redirect_options.merge!(:host => host) if host
-            redirect_options.merge!(:params => request.query_parameters)
-            redirect_to redirect_options
-          end
+        action_options = options.slice(*ACTION_OPTIONS)
+        redirect_options = options.except(*ACTION_OPTIONS)
+        before_action(action_options) do
+          force_ssl_redirect(redirect_options)
         end
       end
     end
+
+    # Redirect the existing request to use the HTTPS protocol.
+    #
+    # ==== Parameters
+    # * <tt>host_or_options</tt> - Either a host name or any of the URL and
+    #   redirect options available to the <tt>force_ssl</tt> method.
+    def force_ssl_redirect(host_or_options = nil)
+      unless request.ssl?
+        options = {
+          protocol: "https://",
+          host: request.host,
+          path: request.fullpath,
+          status: :moved_permanently
+        }
+
+        if host_or_options.is_a?(Hash)
+          options.merge!(host_or_options)
+        elsif host_or_options
+          options[:host] = host_or_options
+        end
+
+        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
+        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
+        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
+      end
+    end
   end
 end

data/lib/action_controller/metal/head.rb

@@ -1,35 +1,60 @@
+# frozen_string_literal: true
+
 module ActionController
   module Head
-    extend ActiveSupport::Concern
-
-    # Return a response that has no content (merely headers). The options
+    # Returns a response that has no content (merely headers). The options
     # argument is interpreted to be a hash of header names and values.
     # This allows you to easily return a response that consists only of
     # significant headers:
     #
-    #   head :created, :location => person_path(@person)
+    #   head :created, location: person_path(@person)
     #
-    #   head :created, :location => @person
+    #   head :created, location: @person
     #
     # It can also be used to return exceptional conditions:
     #
     #   return head(:method_not_allowed) unless request.post?
     #   return head(:bad_request) unless valid_request?
     #   render
+    #
+    # See Rack::Utils::SYMBOL_TO_STATUS_CODE for a full list of valid +status+ symbols.
     def head(status, options = {})
-      options, status = status, nil if status.is_a?(Hash)
-      status ||= options.delete(:status) || :ok
+      if status.is_a?(Hash)
+        raise ArgumentError, "#{status.inspect} is not a valid value for `status`."
+      end
+
+      status ||= :ok
+
       location = options.delete(:location)
       content_type = options.delete(:content_type)
 
       options.each do |key, value|
-        headers[key.to_s.dasherize.split('-').each { |v| v[0] = v[0].chr.upcase }.join('-')] = value.to_s
+        headers[key.to_s.dasherize.split("-").each { |v| v[0] = v[0].chr.upcase }.join("-")] = value.to_s
       end
 
       self.status = status
       self.location = url_for(location) if location
-      self.content_type = content_type || (Mime[formats.first] if formats)
-      self.response_body = " "
+
+      self.response_body = ""
+
+      if include_content?(response_code)
+        self.content_type = content_type || (Mime[formats.first] if formats)
+        response.charset = false
+      end
+
+      true
     end
+
+    private
+      def include_content?(status)
+        case status
+        when 100..199
+          false
+        when 204, 205, 304
+          false
+        else
+          true
+        end
+      end
   end
 end

data/lib/action_controller/metal/helpers.rb

@@ -1,5 +1,4 @@
-require 'active_support/core_ext/array/wrap'
-require 'active_support/core_ext/class/attribute'
+# frozen_string_literal: true
 
 module ActionController
   # The \Rails framework provides a large number of helpers for working with assets, dates, forms,
@@ -8,16 +7,15 @@ module ActionController
   #
   # In addition to using the standard template helpers provided, creating custom helpers to
   # extract complicated logic or reusable functionality is strongly encouraged. By default, each controller
-  # will include all helpers.
+  # will include all helpers. These helpers are only accessible on the controller through <tt>#helpers</tt>
   #
-  # In previous versions of \Rails the controller will include a helper whose
-  # name matches that of the controller, e.g., <tt>MyController</tt> will automatically
+  # In previous versions of \Rails the controller will include a helper which
+  # matches the name of the controller, e.g., <tt>MyController</tt> will automatically
   # include <tt>MyHelper</tt>. To return old behavior set +config.action_controller.include_all_helpers+ to +false+.
   #
   # Additional helpers can be specified using the +helper+ class method in ActionController::Base or any
   # controller which inherits from it.
   #
-  # ==== Examples
   # The +to_s+ method from the \Time class can be wrapped in a helper method to display a custom message if
   # a \Time object is blank:
   #
@@ -48,17 +46,17 @@ module ActionController
   # the output might look like this:
   #
   #   23 Aug 11:30 | Carolina Railhawks Soccer Match
-  #   N/A | Carolina Railhaws Training Workshop
+  #   N/A | Carolina Railhawks Training Workshop
   #
   module Helpers
     extend ActiveSupport::Concern
 
+    class << self; attr_accessor :helpers_path; end
     include AbstractController::Helpers
 
     included do
-      class_attribute :helpers_path, :include_all_helpers
-      self.helpers_path ||= []
-      self.include_all_helpers = true
+      class_attribute :helpers_path, default: []
+      class_attribute :include_all_helpers, default: true
     end
 
     module ClassMethods
@@ -74,9 +72,13 @@ module ActionController
         attrs.flatten.each { |attr| helper_method(attr, "#{attr}=") }
       end
 
-      # Provides a proxy to access helpers methods from outside the view.
+      # Provides a proxy to access helper methods from outside the view.
       def helpers
-        @helper_proxy ||= ActionView::Base.new.extend(_helpers)
+        @helper_proxy ||= begin
+          proxy = ActionView::Base.new
+          proxy.config = config.inheritable_copy
+          proxy.extend(_helpers)
+        end
       end
 
       # Overwrite modules_for_helpers to accept :all as argument, which loads
@@ -92,22 +94,30 @@ module ActionController
         super(args)
       end
 
+      # Returns a list of helper names in a given path.
+      #
+      #   ActionController::Base.all_helpers_from_path 'app/helpers'
+      #   # => ["application", "chart", "rubygems"]
       def all_helpers_from_path(path)
-        helpers = []
-        Array.wrap(path).each do |_path|
-          extract  = /^#{Regexp.quote(_path.to_s)}\/?(.*)_helper.rb$/
-          helpers += Dir["#{_path}/**/*_helper.rb"].map { |file| file.sub(extract, '\1') }
+        helpers = Array(path).flat_map do |_path|
+          extract = /^#{Regexp.quote(_path.to_s)}\/?(.*)_helper.rb$/
+          names = Dir["#{_path}/**/*_helper.rb"].map { |file| file.sub(extract, '\1'.freeze) }
+          names.sort!
         end
-        helpers.sort!
         helpers.uniq!
         helpers
       end
 
       private
-      # Extract helper names from files in <tt>app/helpers/**/*_helper.rb</tt>
-      def all_application_helpers
-        all_helpers_from_path(helpers_path)
-      end
+        # Extract helper names from files in <tt>app/helpers/**/*_helper.rb</tt>
+        def all_application_helpers
+          all_helpers_from_path(helpers_path)
+        end
+    end
+
+    # Provides a proxy to access helper methods from outside the view.
+    def helpers
+      @_helper_proxy ||= view_context
     end
   end
 end