actionpack 4.1.7 → 4.2.1

data/lib/action_controller/metal/etag_with_template_digest.rb

@@ -0,0 +1,50 @@
+module ActionController
+  # When our views change, they should bubble up into HTTP cache freshness
+  # and bust browser caches. So the template digest for the current action
+  # is automatically included in the ETag.
+  #
+  # Enabled by default for apps that use Action View. Disable by setting
+  #
+  #   config.action_controller.etag_with_template_digest = false
+  #
+  # Override the template to digest by passing +:template+ to +fresh_when+
+  # and +stale?+ calls. For example:
+  #
+  #   # We're going to render widgets/show, not posts/show
+  #   fresh_when @post, template: 'widgets/show'
+  #
+  #   # We're not going to render a template, so omit it from the ETag.
+  #   fresh_when @post, template: false
+  #
+  module EtagWithTemplateDigest
+    extend ActiveSupport::Concern
+
+    include ActionController::ConditionalGet
+
+    included do
+      class_attribute :etag_with_template_digest
+      self.etag_with_template_digest = true
+
+      ActiveSupport.on_load :action_view, yield: true do |action_view_base|
+        etag do |options|
+          determine_template_etag(options) if etag_with_template_digest
+        end
+      end
+    end
+
+    private
+    def determine_template_etag(options)
+      if template = pick_template_for_etag(options)
+        lookup_and_digest_template(template)
+      end
+    end
+
+    def pick_template_for_etag(options)
+      options.fetch(:template) { "#{controller_name}/#{action_name}" }
+    end
+
+    def lookup_and_digest_template(template)
+      ActionView::Digestor.digest name: template, finder: lookup_context
+    end
+  end
+end

data/lib/action_controller/metal/exceptions.rb

@@ -25,7 +25,7 @@ module ActionController
     end
   end
 
-  class ActionController::UrlGenerationError < RoutingError #:nodoc:
+  class ActionController::UrlGenerationError < ActionControllerError #:nodoc:
   end
 
   class MethodNotAllowed < ActionControllerError #:nodoc:

data/lib/action_controller/metal/force_ssl.rb

@@ -85,7 +85,7 @@ module ActionController
         if host_or_options.is_a?(Hash)
           options.merge!(host_or_options)
         elsif host_or_options
-          options.merge!(:host => host_or_options)
+          options[:host] = host_or_options
         end
 
         secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))

data/lib/action_controller/metal/head.rb

@@ -14,6 +14,8 @@ module ActionController
     #   return head(:method_not_allowed) unless request.post?
     #   return head(:bad_request) unless valid_request?
     #   render
+    #
+    # See Rack::Utils::SYMBOL_TO_STATUS_CODE for a full list of valid +status+ symbols.
     def head(status, options = {})
       options, status = status, nil if status.is_a?(Hash)
       status ||= options.delete(:status) || :ok
@@ -27,15 +29,17 @@ module ActionController
       self.status = status
       self.location = url_for(location) if location
 
-      if include_content?(self._status_code)
+      self.response_body = ""
+
+      if include_content?(self.response_code)
         self.content_type = content_type || (Mime[formats.first] if formats)
         self.response.charset = false if self.response
-        self.response_body = " "
       else
         headers.delete('Content-Type')
         headers.delete('Content-Length')
-        self.response_body = ""
       end
+      
+      true
     end
 
     private

data/lib/action_controller/metal/http_authentication.rb

@@ -53,10 +53,8 @@ module ActionController
     # In your integration tests, you can do something like this:
     #
     #   def test_access_granted_from_xml
-    #     get(
-    #       "/notes/1.xml", nil,
-    #       'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
-    #     )
+    #     @request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password)
+    #     get "/notes/1.xml"
     #
     #     assert_equal 200, status
     #   end
@@ -397,6 +395,7 @@ module ActionController
     #
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Token
+      TOKEN_KEY = 'token='
       TOKEN_REGEX = /^Token /
       AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/
       extend self
@@ -462,16 +461,22 @@ module ActionController
         raw_params.map { |param| param.split %r/=(.+)?/ }
       end
 
-      # This removes the `"` characters wrapping the value.
+      # This removes the <tt>"</tt> characters wrapping the value.
       def rewrite_param_values(array_params)
         array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
       end
 
       # This method takes an authorization body and splits up the key-value
-      # pairs by the standardized `:`, `;`, or `\t` delimiters defined in
-      # `AUTHN_PAIR_DELIMITERS`.
+      # pairs by the standardized <tt>:</tt>, <tt>;</tt>, or <tt>\t</tt>
+      # delimiters defined in +AUTHN_PAIR_DELIMITERS+.
       def raw_params(auth)
-        auth.sub(TOKEN_REGEX, '').split(/"\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
+        _raw_params = auth.sub(TOKEN_REGEX, '').split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
+
+        if !(_raw_params.first =~ %r{\A#{TOKEN_KEY}})
+          _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"
+        end
+
+        _raw_params
       end
 
       # Encodes the given token and options into an Authorization header value.
@@ -481,7 +486,7 @@ module ActionController
       #
       # Returns String.
       def encode_credentials(token, options = {})
-        values = ["token=#{token.to_s.inspect}"] + options.map do |key, value|
+        values = ["#{TOKEN_KEY}#{token.to_s.inspect}"] + options.map do |key, value|
           "#{key}=#{value.to_s.inspect}"
         end
         "Token #{values * ", "}"

data/lib/action_controller/metal/instrumentation.rb

@@ -21,17 +21,20 @@ module ActionController
         :action     => self.action_name,
         :params     => request.filtered_parameters,
         :format     => request.format.try(:ref),
-        :method     => request.method,
+        :method     => request.request_method,
         :path       => (request.fullpath rescue "unknown")
       }
 
       ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload.dup)
 
       ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
-        result = super
-        payload[:status] = response.status
-        append_info_to_payload(payload)
-        result
+        begin
+          result = super
+          payload[:status] = response.status
+          result
+        ensure
+          append_info_to_payload(payload)
+        end
       end
     end
 

data/lib/action_controller/metal/live.rb

@@ -102,16 +102,30 @@ module ActionController
             end
           end
 
-          @stream.write "data: #{json}\n\n"
+          message = json.gsub(/\n/, "\ndata: ")
+          @stream.write "data: #{message}\n\n"
         end
     end
 
+    class ClientDisconnected < RuntimeError
+    end
+
     class Buffer < ActionDispatch::Response::Buffer #:nodoc:
       include MonitorMixin
 
+      # Ignore that the client has disconnected.
+      #
+      # If this value is `true`, calling `write` after the client
+      # disconnects will result in the written content being silently
+      # discarded. If this value is `false` (the default), a
+      # ClientDisconnected exception will be raised.
+      attr_accessor :ignore_disconnect
+
       def initialize(response)
         @error_callback = lambda { true }
         @cv = new_cond
+        @aborted = false
+        @ignore_disconnect = false
         super(response, SizedQueue.new(10))
       end
 
@@ -122,6 +136,17 @@ module ActionController
         end
 
         super
+
+        unless connected?
+          @buf.clear
+
+          unless @ignore_disconnect
+            # Raise ClientDisconnected, which is a RuntimeError (not an
+            # IOError), because that's more appropriate for something beyond
+            # the developer's control.
+            raise ClientDisconnected, "client disconnected"
+          end
+        end
       end
 
       def each
@@ -132,6 +157,10 @@ module ActionController
         @response.sent!
       end
 
+      # Write a 'close' event to the buffer; the producer/writing thread
+      # uses this to notify us that it's finished supplying content.
+      #
+      # See also #abort.
       def close
         synchronize do
           super
@@ -140,6 +169,26 @@ module ActionController
         end
       end
 
+      # Inform the producer/writing thread that the client has
+      # disconnected; the reading thread is no longer interested in
+      # anything that's being written.
+      #
+      # See also #close.
+      def abort
+        synchronize do
+          @aborted = true
+          @buf.clear
+        end
+      end
+
+      # Is the client still connected and waiting for content?
+      #
+      # The result of calling `write` when this is `false` is determined
+      # by `ignore_disconnect`.
+      def connected?
+        !@aborted
+      end
+
       def await_close
         synchronize do
           @cv.wait_until { @closed }
@@ -156,7 +205,7 @@ module ActionController
     end
 
     class Response < ActionDispatch::Response #:nodoc: all
-      class Header < DelegateClass(Hash)
+      class Header < DelegateClass(Hash) # :nodoc:
         def initialize(response, header)
           @response = response
           super(header)
@@ -254,10 +303,12 @@ module ActionController
       logger = ActionController::Base.logger
       return unless logger
 
-      message = "\n#{exception.class} (#{exception.message}):\n"
-      message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
-      message << "  " << exception.backtrace.join("\n  ")
-      logger.fatal("#{message}\n\n")
+      logger.fatal do
+        message = "\n#{exception.class} (#{exception.message}):\n"
+        message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
+        message << "  " << exception.backtrace.join("\n  ")
+        "#{message}\n\n"
+      end
     end
 
     def response_body=(body)

data/lib/action_controller/metal/mime_responds.rb

@@ -1,60 +1,25 @@
-require 'active_support/core_ext/array/extract_options'
 require 'abstract_controller/collector'
 
 module ActionController #:nodoc:
   module MimeResponds
     extend ActiveSupport::Concern
 
-    included do
-      class_attribute :responder, :mimes_for_respond_to
-      self.responder = ActionController::Responder
-      clear_respond_to
-    end
-
     module ClassMethods
-      # Defines mime types that are rendered by default when invoking
-      # <tt>respond_with</tt>.
-      #
-      #   respond_to :html, :xml, :json
-      #
-      # Specifies that all actions in the controller respond to requests
-      # for <tt>:html</tt>, <tt>:xml</tt> and <tt>:json</tt>.
-      #
-      # To specify on per-action basis, use <tt>:only</tt> and
-      # <tt>:except</tt> with an array of actions or a single action:
-      #
-      #   respond_to :html
-      #   respond_to :xml, :json, except: [ :edit ]
-      #
-      # This specifies that all actions respond to <tt>:html</tt>
-      # and all actions except <tt>:edit</tt> respond to <tt>:xml</tt> and
-      # <tt>:json</tt>.
-      #
-      #   respond_to :json, only: :create
-      #
-      # This specifies that the <tt>:create</tt> action and no other responds
-      # to <tt>:json</tt>.
-      def respond_to(*mimes)
-        options = mimes.extract_options!
-
-        only_actions   = Array(options.delete(:only)).map(&:to_s)
-        except_actions = Array(options.delete(:except)).map(&:to_s)
-
-        new = mimes_for_respond_to.dup
-        mimes.each do |mime|
-          mime = mime.to_sym
-          new[mime]          = {}
-          new[mime][:only]   = only_actions   unless only_actions.empty?
-          new[mime][:except] = except_actions unless except_actions.empty?
-        end
-        self.mimes_for_respond_to = new.freeze
+      def respond_to(*)
+        raise NoMethodError, "The controller-level `respond_to' feature has " \
+          "been extracted to the `responders` gem. Add it to your Gemfile to " \
+          "continue using this feature:\n" \
+          "  gem 'responders', '~> 2.0'\n" \
+          "Consult the Rails upgrade guide for details."
       end
+    end
 
-      # Clear all mime types in <tt>respond_to</tt>.
-      #
-      def clear_respond_to
-        self.mimes_for_respond_to = Hash.new.freeze
-      end
+    def respond_with(*)
+      raise NoMethodError, "The `respond_with' feature has been extracted " \
+        "to the `responders` gem. Add it to your Gemfile to continue using " \
+        "this feature:\n" \
+        "  gem 'responders', '~> 2.0'\n" \
+        "Consult the Rails upgrade guide for details."
     end
 
     # Without web-service support, an action which collects the data for displaying a list of people
@@ -169,18 +134,6 @@ module ActionController #:nodoc:
     #
     #   render json: @people
     #
-    # Since this is a common pattern, you can use the class method respond_to
-    # with the respond_with method to have the same results:
-    #
-    #   class PeopleController < ApplicationController
-    #     respond_to :html, :xml, :json
-    #
-    #     def index
-    #       @people = Person.all
-    #       respond_with(@people)
-    #     end
-    #   end
-    #
     # Formats can have different variants.
     #
     # The request variant is a specialization of the request format, like <tt>:tablet</tt>,
@@ -217,7 +170,7 @@ module ActionController #:nodoc:
     #     format.html.phone { redirect_to progress_path }
     #     format.html.none  { render "trash" }
     #   end
-    # 
+    #
     # Variants also support common `any`/`all` block that formats have.
     #
     # It works for both inline:
@@ -248,194 +201,18 @@ module ActionController #:nodoc:
     #     format.html.phone # this gets rendered
     #   end
     #
-    # Be sure to check the documentation of +respond_with+ and
-    # <tt>ActionController::MimeResponds.respond_to</tt> for more examples.
-    def respond_to(*mimes, &block)
+    # Be sure to check the documentation of <tt>ActionController::MimeResponds.respond_to</tt>
+    # for more examples.
+    def respond_to(*mimes)
       raise ArgumentError, "respond_to takes either types or a block, never both" if mimes.any? && block_given?
 
-      if collector = retrieve_collector_from_mimes(mimes, &block)
-        response = collector.response
-        response ? response.call : render({})
-      end
-    end
-
-    # For a given controller action, respond_with generates an appropriate
-    # response based on the mime-type requested by the client.
-    #
-    # If the method is called with just a resource, as in this example -
-    #
-    #   class PeopleController < ApplicationController
-    #     respond_to :html, :xml, :json
-    #
-    #     def index
-    #       @people = Person.all
-    #       respond_with @people
-    #     end
-    #   end
-    #
-    # then the mime-type of the response is typically selected based on the
-    # request's Accept header and the set of available formats declared
-    # by previous calls to the controller's class method +respond_to+. Alternatively
-    # the mime-type can be selected by explicitly setting <tt>request.format</tt> in
-    # the controller.
-    #
-    # If an acceptable format is not identified, the application returns a
-    # '406 - not acceptable' status. Otherwise, the default response is to render
-    # a template named after the current action and the selected format,
-    # e.g. <tt>index.html.erb</tt>. If no template is available, the behavior
-    # depends on the selected format:
-    #
-    # * for an html response - if the request method is +get+, an exception
-    #   is raised but for other requests such as +post+ the response
-    #   depends on whether the resource has any validation errors (i.e.
-    #   assuming that an attempt has been made to save the resource,
-    #   e.g. by a +create+ action) -
-    #   1. If there are no errors, i.e. the resource
-    #      was saved successfully, the response +redirect+'s to the resource
-    #      i.e. its +show+ action.
-    #   2. If there are validation errors, the response
-    #      renders a default action, which is <tt>:new</tt> for a
-    #      +post+ request or <tt>:edit</tt> for +patch+ or +put+.
-    #   Thus an example like this -
-    #
-    #     respond_to :html, :xml
-    #
-    #     def create
-    #       @user = User.new(params[:user])
-    #       flash[:notice] = 'User was successfully created.' if @user.save
-    #       respond_with(@user)
-    #     end
-    #
-    #   is equivalent, in the absence of <tt>create.html.erb</tt>, to -
-    #
-    #     def create
-    #       @user = User.new(params[:user])
-    #       respond_to do |format|
-    #         if @user.save
-    #           flash[:notice] = 'User was successfully created.'
-    #           format.html { redirect_to(@user) }
-    #           format.xml { render xml: @user }
-    #         else
-    #           format.html { render action: "new" }
-    #           format.xml { render xml: @user }
-    #         end
-    #       end
-    #     end
-    #
-    # * for a javascript request - if the template isn't found, an exception is
-    #   raised.
-    # * for other requests - i.e. data formats such as xml, json, csv etc, if
-    #   the resource passed to +respond_with+ responds to <code>to_<format></code>,
-    #   the method attempts to render the resource in the requested format
-    #   directly, e.g. for an xml request, the response is equivalent to calling
-    #   <code>render xml: resource</code>.
-    #
-    # === Nested resources
-    #
-    # As outlined above, the +resources+ argument passed to +respond_with+
-    # can play two roles. It can be used to generate the redirect url
-    # for successful html requests (e.g. for +create+ actions when
-    # no template exists), while for formats other than html and javascript
-    # it is the object that gets rendered, by being converted directly to the
-    # required format (again assuming no template exists).
-    #
-    # For redirecting successful html requests, +respond_with+ also supports
-    # the use of nested resources, which are supplied in the same way as
-    # in <code>form_for</code> and <code>polymorphic_url</code>. For example -
-    #
-    #   def create
-    #     @project = Project.find(params[:project_id])
-    #     @task = @project.comments.build(params[:task])
-    #     flash[:notice] = 'Task was successfully created.' if @task.save
-    #     respond_with(@project, @task)
-    #   end
-    #
-    # This would cause +respond_with+ to redirect to <code>project_task_url</code>
-    # instead of <code>task_url</code>. For request formats other than html or
-    # javascript, if multiple resources are passed in this way, it is the last
-    # one specified that is rendered.
-    #
-    # === Customizing response behavior
-    #
-    # Like +respond_to+, +respond_with+ may also be called with a block that
-    # can be used to overwrite any of the default responses, e.g. -
-    #
-    #   def create
-    #     @user = User.new(params[:user])
-    #     flash[:notice] = "User was successfully created." if @user.save
-    #
-    #     respond_with(@user) do |format|
-    #       format.html { render }
-    #     end
-    #   end
-    #
-    # The argument passed to the block is an ActionController::MimeResponds::Collector
-    # object which stores the responses for the formats defined within the
-    # block. Note that formats with responses defined explicitly in this way
-    # do not have to first be declared using the class method +respond_to+.
-    #
-    # Also, a hash passed to +respond_with+ immediately after the specified
-    # resource(s) is interpreted as a set of options relevant to all
-    # formats. Any option accepted by +render+ can be used, e.g.
-    #   respond_with @people, status: 200
-    # However, note that these options are ignored after an unsuccessful attempt
-    # to save a resource, e.g. when automatically rendering <tt>:new</tt>
-    # after a post request.
-    #
-    # Two additional options are relevant specifically to +respond_with+ -
-    # 1. <tt>:location</tt> - overwrites the default redirect location used after
-    #    a successful html +post+ request.
-    # 2. <tt>:action</tt> - overwrites the default render action used after an
-    #    unsuccessful html +post+ request.
-    def respond_with(*resources, &block)
-      if self.class.mimes_for_respond_to.empty?
-        raise "In order to use respond_with, first you need to declare the " \
-          "formats your controller responds to in the class level."
-      end
-
-      if collector = retrieve_collector_from_mimes(&block)
-        options = resources.size == 1 ? {} : resources.extract_options!
-        options = options.clone
-        options[:default_response] = collector.response
-        (options.delete(:responder) || self.class.responder).call(self, resources, options)
-      end
-    end
-
-  protected
-
-    # Collect mimes declared in the class method respond_to valid for the
-    # current action.
-    def collect_mimes_from_class_level #:nodoc:
-      action = action_name.to_s
-
-      self.class.mimes_for_respond_to.keys.select do |mime|
-        config = self.class.mimes_for_respond_to[mime]
-
-        if config[:except]
-          !config[:except].include?(action)
-        elsif config[:only]
-          config[:only].include?(action)
-        else
-          true
-        end
-      end
-    end
-
-    # Returns a Collector object containing the appropriate mime-type response
-    # for the current request, based on the available responses defined by a block.
-    # In typical usage this is the block passed to +respond_with+ or +respond_to+.
-    #
-    # Sends :not_acceptable to the client and returns nil if no suitable format
-    # is available.
-    def retrieve_collector_from_mimes(mimes=nil, &block) #:nodoc:
-      mimes ||= collect_mimes_from_class_level
       collector = Collector.new(mimes, request.variant)
-      block.call(collector) if block_given?
-      format = collector.negotiate_format(request)
+      yield collector if block_given?
 
-      if format
+      if format = collector.negotiate_format(request)
         _process_format(format)
-        collector
+        response = collector.response
+        response ? response.call : render({})
       else
         raise ActionController::UnknownFormat
       end
@@ -444,8 +221,8 @@ module ActionController #:nodoc:
     # A container for responses available from the current controller for
     # requests for different mime-types sent to a particular action.
     #
-    # The public controller methods +respond_with+ and +respond_to+ may be called
-    # with a block that is used to define responses to different mime-types, e.g.
+    # The public controller methods +respond_to+ may be called with a block
+    # that is used to define responses to different mime-types, e.g.
     # for +respond_to+ :
     #
     #   respond_to do |format|