actionpack 4.0.0.beta1 → 4.0.0.rc1

data/lib/action_dispatch/http/parameters.rb

@@ -18,7 +18,7 @@ module ActionDispatch
             query_parameters.dup
           end
           params.merge!(path_parameters)
-          encode_params(params).with_indifferent_access
+          params.with_indifferent_access
         end
       end
       alias :params :parameters
@@ -50,40 +50,33 @@ module ActionDispatch
 
     private
 
+      # Convert nested Hash to HashWithIndifferentAccess
+      # and UTF-8 encode both keys and values in nested Hash.
+      #
       # TODO: Validate that the characters are UTF-8. If they aren't,
       # you'll get a weird error down the road, but our form handling
       # should really prevent that from happening
-      def encode_params(params)
+      def normalize_encode_params(params)
         if params.is_a?(String)
           return params.force_encoding(Encoding::UTF_8).encode!
         elsif !params.is_a?(Hash)
           return params
         end
 
+        new_hash = {}
         params.each do |k, v|
-          case v
-          when Hash
-            encode_params(v)
-          when Array
-            v.map! {|el| encode_params(el) }
-          else
-            encode_params(v)
-          end
-        end
-      end
-
-      # Convert nested Hash to ActiveSupport::HashWithIndifferentAccess
-      def normalize_parameters(value)
-        case value
-        when Hash
-          h = {}
-          value.each { |k, v| h[k] = normalize_parameters(v) }
-          h.with_indifferent_access
-        when Array
-          value.map { |e| normalize_parameters(e) }
-        else
-          value
+          new_key = k.is_a?(String) ? k.dup.force_encoding("UTF-8").encode! : k
+          new_hash[new_key] =
+            case v
+            when Hash
+              normalize_encode_params(v)
+            when Array
+              v.map! {|el| normalize_encode_params(el) }
+            else
+              normalize_encode_params(v)
+            end
         end
+        new_hash.with_indifferent_access
       end
     end
   end

data/lib/action_dispatch/http/request.rb

@@ -156,14 +156,29 @@ module ActionDispatch
       @original_fullpath ||= (env["ORIGINAL_FULLPATH"] || fullpath)
     end
 
+    # Returns the +String+ full path including params of the last URL requested.
+    #
+    #    # get "/articles"
+    #    request.fullpath # => "/articles"
+    #
+    #    # get "/articles?page=2"
+    #    request.fullpath # => "/articles?page=2"
     def fullpath
       @fullpath ||= super
     end
 
+    # Returns the original request URL as a +String+.
+    #
+    #    # get "/articles?page=2"
+    #    request.original_url # => "http://www.example.com/articles?page=2"
     def original_url
       base_url + original_fullpath
     end
 
+    # The +String+ MIME type of the request.
+    #
+    #    # get "/articles"
+    #    request.media_type # => "application/x-www-form-urlencoded"
     def media_type
       content_mime_type.to_s
     end
@@ -256,7 +271,7 @@ module ActionDispatch
 
     # Override Rack's GET method to support indifferent access
     def GET
-      @env["action_dispatch.request.query_parameters"] ||= (normalize_parameters(super) || {})
+      @env["action_dispatch.request.query_parameters"] ||= (normalize_encode_params(super) || {})
     rescue TypeError => e
       raise ActionController::BadRequest.new(:query, e)
     end
@@ -264,7 +279,7 @@ module ActionDispatch
 
     # Override Rack's POST method to support indifferent access
     def POST
-      @env["action_dispatch.request.request_parameters"] ||= (normalize_parameters(super) || {})
+      @env["action_dispatch.request.request_parameters"] ||= (normalize_encode_params(super) || {})
     rescue TypeError => e
       raise ActionController::BadRequest.new(:request, e)
     end

data/lib/action_dispatch/http/response.rb

@@ -55,6 +55,7 @@ module ActionDispatch # :nodoc:
     CONTENT_TYPE = "Content-Type".freeze
     SET_COOKIE   = "Set-Cookie".freeze
     LOCATION     = "Location".freeze
+    NO_CONTENT_CODES = [204, 304]
 
     cattr_accessor(:default_charset) { "utf-8" }
     cattr_accessor(:default_headers)
@@ -289,7 +290,7 @@ module ActionDispatch # :nodoc:
 
       header[SET_COOKIE] = header[SET_COOKIE].join("\n") if header[SET_COOKIE].respond_to?(:join)
 
-      if [204, 304].include?(@status)
+      if NO_CONTENT_CODES.include?(@status)
         header.delete CONTENT_TYPE
         [status, header, []]
       else

data/lib/action_dispatch/http/upload.rb

@@ -6,7 +6,7 @@ module ActionDispatch
     # of its interface is available directly for convenience.
     #
     # Uploaded files are temporary files whose lifespan is one request. When
-    # the object is finalized Ruby unlinks the file, so there is not need to
+    # the object is finalized Ruby unlinks the file, so there is no need to
     # clean them with a separate maintenance task.
     class UploadedFile
       # The basename of the file in the client.
@@ -75,16 +75,16 @@ module ActionDispatch
     end
 
     module Upload # :nodoc:
-      # Convert nested Hash to ActiveSupport::HashWithIndifferentAccess and replace
-      # file upload hash with UploadedFile objects
-      def normalize_parameters(value)
+      # Replace file upload hash with UploadedFile objects
+      # when normalize and encode parameters.
+      def normalize_encode_params(value)
         if Hash === value && value.has_key?(:tempfile)
           UploadedFile.new(value)
         else
           super
         end
       end
-      private :normalize_parameters
+      private :normalize_encode_params
     end
   end
 end

data/lib/action_dispatch/http/url.rb

@@ -4,7 +4,9 @@ require 'active_support/core_ext/hash/slice'
 module ActionDispatch
   module Http
     module URL
-      IP_HOST_REGEXP = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
+      IP_HOST_REGEXP  = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
+      HOST_REGEXP     = /(^.*:\/\/)?([^:]+)(?::(\d+$))?/
+      PROTOCOL_REGEXP = /^([^:]+)(:)?(\/\/)?$/
 
       mattr_accessor :tld_length
       self.tld_length = 1
@@ -28,6 +30,7 @@ module ActionDispatch
         end
 
         def url_for(options = {})
+          options = options.dup
           path  = options.delete(:script_name).to_s.chomp("/")
           path << options.delete(:path).to_s
 
@@ -59,14 +62,20 @@ module ActionDispatch
           result = ""
 
           unless options[:only_path]
-            unless options[:protocol] == false
-              result << (options[:protocol] || "http")
-              result << ":" unless result.match(%r{:|//})
+            if match = options[:host].match(HOST_REGEXP)
+              options[:protocol] ||= match[1] unless options[:protocol] == false
+              options[:host]       = match[2]
+              options[:port]       = match[3] unless options.key?(:port)
             end
-            result << "//" unless result.match("//")
+
+            options[:protocol] = normalize_protocol(options)
+            options[:host]     = normalize_host(options)
+            options[:port]     = normalize_port(options)
+
+            result << options[:protocol]
             result << rewrite_authentication(options)
-            result << host_or_subdomain_and_domain(options)
-            result << ":#{options.delete(:port)}" if options[:port]
+            result << options[:host]
+            result << ":#{options[:port]}" if options[:port]
           end
           result
         end
@@ -75,6 +84,10 @@ module ActionDispatch
           host && IP_HOST_REGEXP !~ host
         end
 
+        def same_host?(options)
+          (options[:subdomain] == true || !options.key?(:subdomain)) && options[:domain].nil?
+        end
+
         def rewrite_authentication(options)
           if options[:user] && options[:password]
             "#{Rack::Utils.escape(options[:user])}:#{Rack::Utils.escape(options[:password])}@"
@@ -83,19 +96,47 @@ module ActionDispatch
           end
         end
 
-        def host_or_subdomain_and_domain(options)
-          return options[:host] if !named_host?(options[:host]) || (options[:subdomain].nil? && options[:domain].nil?)
+        def normalize_protocol(options)
+          case options[:protocol]
+          when nil
+            "http://"
+          when false, "//"
+            "//"
+          when PROTOCOL_REGEXP
+            "#{$1}://"
+          else
+            raise ArgumentError, "Invalid :protocol option: #{options[:protocol].inspect}"
+          end
+        end
+
+        def normalize_host(options)
+          return options[:host] if !named_host?(options[:host]) || same_host?(options)
 
           tld_length = options[:tld_length] || @@tld_length
 
           host = ""
-          unless options[:subdomain] == false
-            host << (options[:subdomain] || extract_subdomain(options[:host], tld_length)).to_param
-            host << "."
+          if options[:subdomain] == true || !options.key?(:subdomain)
+            host << extract_subdomain(options[:host], tld_length).to_param
+          elsif options[:subdomain].present?
+            host << options[:subdomain].to_param
           end
+          host << "." unless host.empty?
           host << (options[:domain] || extract_domain(options[:host], tld_length))
           host
         end
+
+        def normalize_port(options)
+          return nil if options[:port].nil? || options[:port] == false
+
+          case options[:protocol]
+          when "//"
+            nil
+          when "https://"
+            options[:port].to_i == 443 ? nil : options[:port]
+          else
+            options[:port].to_i == 80 ? nil : options[:port]
+          end
+        end
       end
 
       def initialize(env)

data/lib/action_dispatch/journey/formatter.rb

@@ -58,7 +58,7 @@ module ActionDispatch
             end
           end
 
-          parameterized_parts.keep_if { |_, v| v  }
+          parameterized_parts.keep_if { |_, v| v }
           parameterized_parts
         end
 

data/lib/action_dispatch/journey/path/pattern.rb

@@ -20,7 +20,7 @@ module ActionDispatch
             @separators   = strexp.separators.join
             @anchored     = strexp.anchor
           else
-            raise "wtf bro: #{strexp}"
+            raise ArgumentError, "Bad expression: #{strexp}"
           end
 
           @names          = nil

data/lib/action_dispatch/journey/route.rb

@@ -71,6 +71,10 @@ module ActionDispatch
         Visitors::Formatter.new(path_options).accept(path.spec)
       end
 
+      def optimized_path
+        Visitors::OptimizedPath.new.accept(path.spec)
+      end
+
       def optional_parts
         path.optional_names.map { |n| n.to_sym }
       end
@@ -98,6 +102,10 @@ module ActionDispatch
             value === request.send(method).to_s
           when Array
             value.include?(request.send(method))
+          when TrueClass
+            request.send(method).present?
+          when FalseClass
+            request.send(method).blank?
           else
             value === request.send(method)
           end

data/lib/action_dispatch/journey/router.rb

@@ -38,7 +38,9 @@ module ActionDispatch
           env['REMOTE_ADDR']
         end
 
-        def [](k); env[k]; end
+        def [](k)
+          env[k]
+        end
       end
 
       attr_reader :request_class, :formatter

data/lib/action_dispatch/journey/visitors.rb

@@ -74,6 +74,14 @@ module ActionDispatch
         end
       end
 
+      class OptimizedPath < String # :nodoc:
+        private
+
+        def visit_GROUP(node)
+          ""
+        end
+      end
+
       # Used for formatting urls (url_for)
       class Formatter < Visitor # :nodoc:
         attr_reader :options, :consumed

data/lib/action_dispatch/middleware/cookies.rb

@@ -1,5 +1,6 @@
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/module/attribute_accessors'
+require 'active_support/core_ext/object/blank'
 require 'active_support/key_generator'
 require 'active_support/message_verifier'
 
@@ -30,7 +31,7 @@ module ActionDispatch
   #
   #   # Sets a signed cookie, which prevents users from tampering with its value.
   #   # The cookie is signed by your app's <tt>config.secret_key_base</tt> value.
-  #   # It can be read using the signed method <tt>cookies.signed[:key]</tt>
+  #   # It can be read using the signed method <tt>cookies.signed[:name]</tt>
   #   cookies.signed[:user_id] = current_user.id
   #
   #   # Sets a "permanent" cookie (which expires in 20 years from now).
@@ -52,13 +53,13 @@ module ActionDispatch
   #
   # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:
   #
-  #  cookies[:key] = {
+  #  cookies[:name] = {
   #    value: 'a yummy cookie',
   #    expires: 1.year.from_now,
   #    domain: 'domain.com'
   #  }
   #
-  #  cookies.delete(:key, domain: 'domain.com')
+  #  cookies.delete(:name, domain: 'domain.com')
   #
   # The option symbols for setting cookies are:
   #
@@ -69,7 +70,7 @@ module ActionDispatch
   #   restrict to the domain level. If you use a schema like www.example.com
   #   and want to share session with user.example.com set <tt>:domain</tt>
   #   to <tt>:all</tt>. Make sure to specify the <tt>:domain</tt> option with
-  #   <tt>:all</tt> again when deleting keys.
+  #   <tt>:all</tt> again when deleting cookies.
   #
   #     domain: nil  # Does not sets cookie domain. (default)
   #     domain: :all # Allow the cookie for the top most level
@@ -86,7 +87,8 @@ module ActionDispatch
     SIGNED_COOKIE_SALT = "action_dispatch.signed_cookie_salt".freeze
     ENCRYPTED_COOKIE_SALT = "action_dispatch.encrypted_cookie_salt".freeze
     ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze
-    TOKEN_KEY   = "action_dispatch.secret_token".freeze
+    SECRET_TOKEN = "action_dispatch.secret_token".freeze
+    SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze
 
     # Cookies can typically store 4096 bytes.
     MAX_COOKIE_SIZE = 4096
@@ -94,8 +96,99 @@ module ActionDispatch
     # Raised when storing more than 4K of session data.
     CookieOverflow = Class.new StandardError
 
+    # Include in a cookie jar to allow chaining, e.g. cookies.permanent.signed
+    module ChainedCookieJars
+      # Returns a jar that'll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
+      #
+      #   cookies.permanent[:prefers_open_id] = true
+      #   # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+      #
+      # This jar is only meant for writing. You'll read permanent cookies through the regular accessor.
+      #
+      # This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
+      #
+      #   cookies.permanent.signed[:remember_me] = current_user.id
+      #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+      def permanent
+        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+      end
+
+      # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
+      # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
+      # cookie was tampered with by the user (or a 3rd party), nil will be returned.
+      #
+      # If +config.secret_key_base+ and +config.secret_token+ (deprecated) are both set,
+      # legacy cookies signed with the old key generator will be transparently upgraded.
+      #
+      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
+      #
+      # Example:
+      #
+      #   cookies.signed[:discount] = 45
+      #   # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
+      #
+      #   cookies.signed[:discount] # => 45
+      def signed
+        @signed ||=
+          if @options[:upgrade_legacy_signed_cookies]
+            UpgradeLegacySignedCookieJar.new(self, @key_generator, @options)
+          else
+            SignedCookieJar.new(self, @key_generator, @options)
+          end
+      end
+
+      # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
+      # If the cookie was tampered with by the user (or a 3rd party), nil will be returned.
+      #
+      # If +config.secret_key_base+ and +config.secret_token+ (deprecated) are both set,
+      # legacy cookies signed with the old key generator will be transparently upgraded.
+      #
+      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
+      #
+      # Example:
+      #
+      #   cookies.encrypted[:discount] = 45
+      #   # => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
+      #
+      #   cookies.encrypted[:discount] # => 45
+      def encrypted
+        @encrypted ||=
+          if @options[:upgrade_legacy_signed_cookies]
+            UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options)
+          else
+            EncryptedCookieJar.new(self, @key_generator, @options)
+          end
+      end
+
+      # Returns the +signed+ or +encrypted jar, preferring +encrypted+ if +secret_key_base+ is set.
+      # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
+      def signed_or_encrypted
+        @signed_or_encrypted ||=
+          if @options[:secret_key_base].present?
+            encrypted
+          else
+            signed
+          end
+      end
+    end
+
+    module VerifyAndUpgradeLegacySignedMessage
+      def initialize(*args)
+        super
+        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token])
+      end
+
+      def verify_and_upgrade_legacy_signed_message(name, signed_message)
+        @legacy_verifier.verify(signed_message).tap do |value|
+          self[name] = value
+        end
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        nil
+      end
+    end
+
     class CookieJar #:nodoc:
-      include Enumerable
+      include Enumerable, ChainedCookieJars
 
       # This regular expression is used to split the levels of a domain.
       # The top level domain can be any string without a period or
@@ -115,7 +208,10 @@ module ActionDispatch
         { signed_cookie_salt: env[SIGNED_COOKIE_SALT] || '',
           encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT] || '',
           encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '',
-          token_key: env[TOKEN_KEY] }
+          secret_token: env[SECRET_TOKEN],
+          secret_key_base: env[SECRET_KEY_BASE],
+          upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?
+        }
       end
 
       def self.build(request)
@@ -184,7 +280,7 @@ module ActionDispatch
 
       # Sets the cookie named +name+. The second argument may be the very cookie
       # value, or a hash of options as documented above.
-      def []=(key, options)
+      def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
           value = options[:value]
@@ -195,36 +291,36 @@ module ActionDispatch
 
         handle_options(options)
 
-        if @cookies[key.to_s] != value or options[:expires]
-          @cookies[key.to_s] = value
-          @set_cookies[key.to_s] = options
-          @delete_cookies.delete(key.to_s)
+        if @cookies[name.to_s] != value or options[:expires]
+          @cookies[name.to_s] = value
+          @set_cookies[name.to_s] = options
+          @delete_cookies.delete(name.to_s)
         end
 
         value
       end
 
       # Removes the cookie on the client machine by setting the value to an empty string
-      # and setting its expiration date into the past. Like <tt>[]=</tt>, you can pass in
+      # and the expiration date in the past. Like <tt>[]=</tt>, you can pass in
       # an options hash to delete cookies with extra data such as a <tt>:path</tt>.
-      def delete(key, options = {})
-        return unless @cookies.has_key? key.to_s
+      def delete(name, options = {})
+        return unless @cookies.has_key? name.to_s
 
         options.symbolize_keys!
         handle_options(options)
 
-        value = @cookies.delete(key.to_s)
-        @delete_cookies[key.to_s] = options
+        value = @cookies.delete(name.to_s)
+        @delete_cookies[name.to_s] = options
         value
       end
 
       # Whether the given cookie is to be deleted by this CookieJar.
       # Like <tt>[]=</tt>, you can pass in an options hash to test if a
       # deletion applies to a specific <tt>:path</tt>, <tt>:domain</tt> etc.
-      def deleted?(key, options = {})
+      def deleted?(name, options = {})
         options.symbolize_keys!
         handle_options(options)
-        @delete_cookies[key.to_s] == options
+        @delete_cookies[name.to_s] == options
       end
 
       # Removes all cookies on the client machine by calling <tt>delete</tt> for each cookie
@@ -232,59 +328,6 @@ module ActionDispatch
         @cookies.each_key{ |k| delete(k, options) }
       end
 
-      # Returns a jar that'll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
-      #
-      #   cookies.permanent[:prefers_open_id] = true
-      #   # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
-      #
-      # This jar is only meant for writing. You'll read permanent cookies through the regular accessor.
-      #
-      # This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
-      #
-      #   cookies.permanent.signed[:remember_me] = current_user.id
-      #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
-      def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
-      end
-
-      # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
-      # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
-      # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
-      # be raised.
-      #
-      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
-      #
-      # Example:
-      #
-      #   cookies.signed[:discount] = 45
-      #   # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
-      #
-      #   cookies.signed[:discount] # => 45
-      def signed
-        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
-      end
-
-      # Only needed for supporting the +UpgradeSignatureToEncryptionCookieStore+, users and plugin authors should not use this
-      def signed_using_old_secret #:nodoc:
-        @signed_using_old_secret ||= SignedCookieJar.new(self, ActiveSupport::DummyKeyGenerator.new(@options[:token_key]), @options)
-      end
-
-      # Returns a jar that'll automatically encrypt cookie values before sending them to the client and will decrypt them for read.
-      # If the cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception
-      # will be raised.
-      #
-      # This jar requires that you set a suitable secret for the verification on your app's +config.secret_key_base+.
-      #
-      # Example:
-      #
-      #   cookies.encrypted[:discount] = 45
-      #   # => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/
-      #
-      #   cookies.encrypted[:discount] # => 45
-      def encrypted
-        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
-      end
-
       def write(headers)
         @set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) if write_cookie?(v) }
         @delete_cookies.each { |k, v| ::Rack::Utils.delete_cookie_header!(headers, k, v) }
@@ -299,24 +342,25 @@ module ActionDispatch
       self.always_write_cookie = false
 
       private
-
         def write_cookie?(cookie)
           @secure || !cookie[:secure] || always_write_cookie
         end
     end
 
     class PermanentCookieJar #:nodoc:
+      include ChainedCookieJars
+
       def initialize(parent_jar, key_generator, options = {})
         @parent_jar = parent_jar
         @key_generator = key_generator
         @options = options
       end
 
-      def [](key)
+      def [](name)
         @parent_jar[name.to_s]
       end
 
-      def []=(key, options)
+      def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
         else
@@ -324,28 +368,13 @@ module ActionDispatch
         end
 
         options[:expires] = 20.years.from_now
-        @parent_jar[key] = options
-      end
-
-      def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
-      end
-
-      def signed
-        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
-      end
-
-      def encrypted
-        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
-      end
-
-      def method_missing(method, *arguments, &block)
-        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
-          "You probably want to try this method over the parent CookieJar."
+        @parent_jar[name] = options
       end
     end
 
     class SignedCookieJar #:nodoc:
+      include ChainedCookieJars
+
       def initialize(parent_jar, key_generator, options = {})
         @parent_jar = parent_jar
         @options = options
@@ -355,13 +384,11 @@ module ActionDispatch
 
       def [](name)
         if signed_message = @parent_jar[name]
-          @verifier.verify(signed_message)
+          verify(signed_message)
         end
-      rescue ActiveSupport::MessageVerifier::InvalidSignature
-        nil
       end
 
-      def []=(key, options)
+      def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
           options[:value] = @verifier.generate(options[:value])
@@ -370,32 +397,38 @@ module ActionDispatch
         end
 
         raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
-        @parent_jar[key] = options
+        @parent_jar[name] = options
       end
 
-      def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
-      end
-
-      def signed
-        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
-      end
+      private
+        def verify(signed_message)
+          @verifier.verify(signed_message)
+        rescue ActiveSupport::MessageVerifier::InvalidSignature
+          nil
+        end
+    end
 
-      def encrypted
-        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
-      end
+    # UpgradeLegacySignedCookieJar is used instead of SignedCookieJar if
+    # config.secret_token and config.secret_key_base are both set. It reads
+    # legacy cookies signed with the old dummy key generator and re-saves
+    # them using the new key generator to provide a smooth upgrade path.
+    class UpgradeLegacySignedCookieJar < SignedCookieJar #:nodoc:
+      include VerifyAndUpgradeLegacySignedMessage
 
-      def method_missing(method, *arguments, &block)
-        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
-          "You probably want to try this method over the parent CookieJar."
+      def [](name)
+        if signed_message = @parent_jar[name]
+          verify(signed_message) || verify_and_upgrade_legacy_signed_message(name, signed_message)
+        end
       end
     end
 
     class EncryptedCookieJar #:nodoc:
+      include ChainedCookieJars
+
       def initialize(parent_jar, key_generator, options = {})
-        if ActiveSupport::DummyKeyGenerator === key_generator
-          raise "Encrypted Cookies must be used in conjunction with config.secret_key_base." +
-                "Set config.secret_key_base in config/initializers/secret_token.rb"
+        if ActiveSupport::LegacyKeyGenerator === key_generator
+          raise "You didn't set config.secret_key_base, which is required for this cookie jar. " +
+            "Read the upgrade documentation to learn more about this new config option."
         end
 
         @parent_jar = parent_jar
@@ -405,16 +438,13 @@ module ActionDispatch
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
       end
 
-      def [](key)
-        if encrypted_message = @parent_jar[key]
-          @encryptor.decrypt_and_verify(encrypted_message)
+      def [](name)
+        if encrypted_message = @parent_jar[name]
+          decrypt_and_verify(encrypted_message)
         end
-      rescue ActiveSupport::MessageVerifier::InvalidSignature,
-             ActiveSupport::MessageEncryptor::InvalidMessage
-        nil
       end
 
-      def []=(key, options)
+      def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
         else
@@ -423,24 +453,28 @@ module ActionDispatch
         options[:value] = @encryptor.encrypt_and_sign(options[:value])
 
         raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
-        @parent_jar[key] = options
+        @parent_jar[name] = options
       end
 
-      def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
-      end
-
-      def signed
-        @signed ||= SignedCookieJar.new(self, @key_generator, @options)
-      end
+      private
+        def decrypt_and_verify(encrypted_message)
+          @encryptor.decrypt_and_verify(encrypted_message)
+        rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage
+          nil
+        end
+    end
 
-      def encrypted
-        @encrypted ||= EncryptedCookieJar.new(self, @key_generator, @options)
-      end
+    # UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore
+    # instead of EncryptedCookieJar if config.secret_token and config.secret_key_base
+    # are both set. It reads legacy cookies signed with the old dummy key generator and
+    # encrypts and re-saves them using the new key generator to provide a smooth upgrade path.
+    class UpgradeLegacyEncryptedCookieJar < EncryptedCookieJar #:nodoc:
+      include VerifyAndUpgradeLegacySignedMessage
 
-      def method_missing(method, *arguments, &block)
-        ActiveSupport::Deprecation.warn "#{method} is deprecated with no replacement. " +
-          "You probably want to try this method over the parent CookieJar."
+      def [](name)
+        if encrypted_or_signed_message = @parent_jar[name]
+          decrypt_and_verify(encrypted_or_signed_message) || verify_and_upgrade_legacy_signed_message(name, encrypted_or_signed_message)
+        end
       end
     end