actionpack 4.2.10 → 6.1.3.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

Files changed (187) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +291 -479
  3. data/MIT-LICENSE +1 -1
  4. data/README.rdoc +9 -9
  5. data/lib/abstract_controller/asset_paths.rb +2 -0
  6. data/lib/abstract_controller/base.rb +81 -51
  7. data/lib/{action_controller → abstract_controller}/caching/fragments.rb +64 -17
  8. data/lib/abstract_controller/caching.rb +66 -0
  9. data/lib/abstract_controller/callbacks.rb +61 -33
  10. data/lib/abstract_controller/collector.rb +9 -13
  11. data/lib/abstract_controller/error.rb +6 -0
  12. data/lib/abstract_controller/helpers.rb +115 -99
  13. data/lib/abstract_controller/logger.rb +2 -0
  14. data/lib/abstract_controller/railties/routes_helpers.rb +21 -3
  15. data/lib/abstract_controller/rendering.rb +48 -47
  16. data/lib/abstract_controller/translation.rb +17 -8
  17. data/lib/abstract_controller/url_for.rb +2 -0
  18. data/lib/abstract_controller.rb +13 -5
  19. data/lib/action_controller/api/api_rendering.rb +16 -0
  20. data/lib/action_controller/api.rb +150 -0
  21. data/lib/action_controller/base.rb +29 -24
  22. data/lib/action_controller/caching.rb +12 -57
  23. data/lib/action_controller/form_builder.rb +50 -0
  24. data/lib/action_controller/log_subscriber.rb +17 -19
  25. data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
  26. data/lib/action_controller/metal/conditional_get.rb +134 -46
  27. data/lib/action_controller/metal/content_security_policy.rb +51 -0
  28. data/lib/action_controller/metal/cookies.rb +6 -4
  29. data/lib/action_controller/metal/data_streaming.rb +30 -50
  30. data/lib/action_controller/metal/default_headers.rb +17 -0
  31. data/lib/action_controller/metal/etag_with_flash.rb +18 -0
  32. data/lib/action_controller/metal/etag_with_template_digest.rb +21 -16
  33. data/lib/action_controller/metal/exceptions.rb +63 -15
  34. data/lib/action_controller/metal/flash.rb +9 -8
  35. data/lib/action_controller/metal/head.rb +26 -21
  36. data/lib/action_controller/metal/helpers.rb +37 -18
  37. data/lib/action_controller/metal/http_authentication.rb +81 -73
  38. data/lib/action_controller/metal/implicit_render.rb +53 -9
  39. data/lib/action_controller/metal/instrumentation.rb +32 -35
  40. data/lib/action_controller/metal/live.rb +102 -120
  41. data/lib/action_controller/metal/logging.rb +20 -0
  42. data/lib/action_controller/metal/mime_responds.rb +49 -47
  43. data/lib/action_controller/metal/parameter_encoding.rb +82 -0
  44. data/lib/action_controller/metal/params_wrapper.rb +83 -66
  45. data/lib/action_controller/metal/permissions_policy.rb +46 -0
  46. data/lib/action_controller/metal/redirecting.rb +53 -32
  47. data/lib/action_controller/metal/renderers.rb +87 -44
  48. data/lib/action_controller/metal/rendering.rb +77 -50
  49. data/lib/action_controller/metal/request_forgery_protection.rb +267 -103
  50. data/lib/action_controller/metal/rescue.rb +10 -17
  51. data/lib/action_controller/metal/streaming.rb +12 -11
  52. data/lib/action_controller/metal/strong_parameters.rb +714 -186
  53. data/lib/action_controller/metal/testing.rb +2 -17
  54. data/lib/action_controller/metal/url_for.rb +19 -10
  55. data/lib/action_controller/metal.rb +104 -87
  56. data/lib/action_controller/railtie.rb +28 -10
  57. data/lib/action_controller/railties/helpers.rb +3 -1
  58. data/lib/action_controller/renderer.rb +141 -0
  59. data/lib/action_controller/template_assertions.rb +11 -0
  60. data/lib/action_controller/test_case.rb +296 -422
  61. data/lib/action_controller.rb +34 -23
  62. data/lib/action_dispatch/http/cache.rb +107 -56
  63. data/lib/action_dispatch/http/content_disposition.rb +45 -0
  64. data/lib/action_dispatch/http/content_security_policy.rb +286 -0
  65. data/lib/action_dispatch/http/filter_parameters.rb +32 -25
  66. data/lib/action_dispatch/http/filter_redirect.rb +10 -12
  67. data/lib/action_dispatch/http/headers.rb +55 -22
  68. data/lib/action_dispatch/http/mime_negotiation.rb +82 -50
  69. data/lib/action_dispatch/http/mime_type.rb +153 -121
  70. data/lib/action_dispatch/http/mime_types.rb +20 -6
  71. data/lib/action_dispatch/http/parameters.rb +90 -40
  72. data/lib/action_dispatch/http/permissions_policy.rb +173 -0
  73. data/lib/action_dispatch/http/rack_cache.rb +2 -0
  74. data/lib/action_dispatch/http/request.rb +226 -121
  75. data/lib/action_dispatch/http/response.rb +248 -113
  76. data/lib/action_dispatch/http/upload.rb +21 -7
  77. data/lib/action_dispatch/http/url.rb +182 -100
  78. data/lib/action_dispatch/journey/formatter.rb +90 -43
  79. data/lib/action_dispatch/journey/gtg/builder.rb +28 -41
  80. data/lib/action_dispatch/journey/gtg/simulator.rb +11 -16
  81. data/lib/action_dispatch/journey/gtg/transition_table.rb +23 -21
  82. data/lib/action_dispatch/journey/nfa/dot.rb +3 -14
  83. data/lib/action_dispatch/journey/nodes/node.rb +29 -15
  84. data/lib/action_dispatch/journey/parser.rb +17 -16
  85. data/lib/action_dispatch/journey/parser.y +4 -3
  86. data/lib/action_dispatch/journey/parser_extras.rb +12 -4
  87. data/lib/action_dispatch/journey/path/pattern.rb +58 -54
  88. data/lib/action_dispatch/journey/route.rb +100 -32
  89. data/lib/action_dispatch/journey/router/utils.rb +29 -18
  90. data/lib/action_dispatch/journey/router.rb +55 -51
  91. data/lib/action_dispatch/journey/routes.rb +17 -17
  92. data/lib/action_dispatch/journey/scanner.rb +26 -17
  93. data/lib/action_dispatch/journey/visitors.rb +98 -54
  94. data/lib/action_dispatch/journey.rb +5 -5
  95. data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
  96. data/lib/action_dispatch/middleware/callbacks.rb +3 -6
  97. data/lib/action_dispatch/middleware/cookies.rb +347 -217
  98. data/lib/action_dispatch/middleware/debug_exceptions.rb +135 -63
  99. data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
  100. data/lib/action_dispatch/middleware/debug_view.rb +66 -0
  101. data/lib/action_dispatch/middleware/exception_wrapper.rb +115 -71
  102. data/lib/action_dispatch/middleware/executor.rb +21 -0
  103. data/lib/action_dispatch/middleware/flash.rb +78 -54
  104. data/lib/action_dispatch/middleware/host_authorization.rb +130 -0
  105. data/lib/action_dispatch/middleware/public_exceptions.rb +32 -27
  106. data/lib/action_dispatch/middleware/reloader.rb +5 -91
  107. data/lib/action_dispatch/middleware/remote_ip.rb +53 -45
  108. data/lib/action_dispatch/middleware/request_id.rb +17 -10
  109. data/lib/action_dispatch/middleware/session/abstract_store.rb +41 -26
  110. data/lib/action_dispatch/middleware/session/cache_store.rb +24 -14
  111. data/lib/action_dispatch/middleware/session/cookie_store.rb +74 -75
  112. data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -2
  113. data/lib/action_dispatch/middleware/show_exceptions.rb +28 -23
  114. data/lib/action_dispatch/middleware/ssl.rb +118 -35
  115. data/lib/action_dispatch/middleware/stack.rb +82 -41
  116. data/lib/action_dispatch/middleware/static.rb +156 -89
  117. data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
  118. data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
  119. data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
  120. data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +4 -14
  121. data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
  122. data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +4 -2
  123. data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
  124. data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +45 -35
  125. data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -0
  126. data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -0
  127. data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +23 -4
  128. data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +1 -1
  129. data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
  130. data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +15 -0
  131. data/lib/action_dispatch/middleware/templates/rescues/layout.erb +105 -8
  132. data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
  133. data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
  134. data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +2 -2
  135. data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +1 -1
  136. data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +3 -3
  137. data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
  138. data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
  139. data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
  140. data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +87 -64
  141. data/lib/action_dispatch/railtie.rb +27 -13
  142. data/lib/action_dispatch/request/session.rb +109 -61
  143. data/lib/action_dispatch/request/utils.rb +90 -23
  144. data/lib/action_dispatch/routing/endpoint.rb +9 -2
  145. data/lib/action_dispatch/routing/inspector.rb +141 -102
  146. data/lib/action_dispatch/routing/mapper.rb +811 -473
  147. data/lib/action_dispatch/routing/polymorphic_routes.rb +167 -143
  148. data/lib/action_dispatch/routing/redirection.rb +37 -27
  149. data/lib/action_dispatch/routing/route_set.rb +363 -331
  150. data/lib/action_dispatch/routing/routes_proxy.rb +32 -5
  151. data/lib/action_dispatch/routing/url_for.rb +66 -26
  152. data/lib/action_dispatch/routing.rb +36 -36
  153. data/lib/action_dispatch/system_test_case.rb +190 -0
  154. data/lib/action_dispatch/system_testing/browser.rb +86 -0
  155. data/lib/action_dispatch/system_testing/driver.rb +67 -0
  156. data/lib/action_dispatch/system_testing/server.rb +31 -0
  157. data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +138 -0
  158. data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +29 -0
  159. data/lib/action_dispatch/testing/assertion_response.rb +46 -0
  160. data/lib/action_dispatch/testing/assertions/response.rb +44 -22
  161. data/lib/action_dispatch/testing/assertions/routing.rb +47 -31
  162. data/lib/action_dispatch/testing/assertions.rb +6 -4
  163. data/lib/action_dispatch/testing/integration.rb +391 -220
  164. data/lib/action_dispatch/testing/request_encoder.rb +55 -0
  165. data/lib/action_dispatch/testing/test_process.rb +53 -22
  166. data/lib/action_dispatch/testing/test_request.rb +27 -34
  167. data/lib/action_dispatch/testing/test_response.rb +11 -11
  168. data/lib/action_dispatch.rb +35 -21
  169. data/lib/action_pack/gem_version.rb +6 -4
  170. data/lib/action_pack/version.rb +3 -1
  171. data/lib/action_pack.rb +4 -2
  172. metadata +78 -49
  173. data/lib/action_controller/metal/force_ssl.rb +0 -97
  174. data/lib/action_controller/metal/hide_actions.rb +0 -40
  175. data/lib/action_controller/metal/rack_delegation.rb +0 -32
  176. data/lib/action_controller/middleware.rb +0 -39
  177. data/lib/action_controller/model_naming.rb +0 -12
  178. data/lib/action_dispatch/http/parameter_filter.rb +0 -72
  179. data/lib/action_dispatch/journey/backwards.rb +0 -5
  180. data/lib/action_dispatch/journey/nfa/builder.rb +0 -76
  181. data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
  182. data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -163
  183. data/lib/action_dispatch/journey/router/strexp.rb +0 -27
  184. data/lib/action_dispatch/middleware/params_parser.rb +0 -60
  185. data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
  186. data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
  187. data/lib/action_dispatch/testing/assertions/tag.rb +0 -3
@@ -1,12 +1,19 @@
1
- require 'uri'
2
- require 'active_support/core_ext/hash/indifferent_access'
3
- require 'active_support/core_ext/string/access'
4
- require 'action_controller/metal/exceptions'
1
+ # frozen_string_literal: true
2
+
3
+ require "uri"
4
+ require "active_support/core_ext/hash/indifferent_access"
5
+ require "active_support/core_ext/string/access"
6
+ require "action_controller/metal/exceptions"
5
7
 
6
8
  module ActionDispatch
7
9
  module Assertions
8
10
  # Suite of assertions to test routes generated by \Rails and the handling of requests made to them.
9
11
  module RoutingAssertions
12
+ def setup # :nodoc:
13
+ @routes ||= nil
14
+ super
15
+ end
16
+
10
17
  # Asserts that the routing of the given +path+ was handled correctly and that the parsed options (given in the +expected_options+ hash)
11
18
  # match +path+. Basically, it asserts that \Rails recognizes the route given by +expected_options+.
12
19
  #
@@ -14,14 +21,14 @@ module ActionDispatch
14
21
  # requiring a specific HTTP method. The hash should contain a :path with the incoming request path
15
22
  # and a :method containing the required HTTP verb.
16
23
  #
17
- # # assert that POSTing to /items will call the create action on ItemsController
24
+ # # Asserts that POSTing to /items will call the create action on ItemsController
18
25
  # assert_recognizes({controller: 'items', action: 'create'}, {path: 'items', method: :post})
19
26
  #
20
27
  # You can also pass in +extras+ with a hash containing URL parameters that would normally be in the query string. This can be used
21
- # to assert that values in the query string string will end up in the params hash correctly. To test query strings you must use the
22
- # extras argument, appending the query string on the path directly will not work. For example:
28
+ # to assert that values in the query string will end up in the params hash correctly. To test query strings you must use the extras
29
+ # argument because appending the query string on the path directly will not work. For example:
23
30
  #
24
- # # assert that a path of '/items/list/1?view=print' returns the correct options
31
+ # # Asserts that a path of '/items/list/1?view=print' returns the correct options
25
32
  # assert_recognizes({controller: 'items', action: 'list', id: '1', view: 'print'}, 'items/list/1', { view: "print" })
26
33
  #
27
34
  # The +message+ parameter allows you to pass in an error message that is displayed upon failure.
@@ -37,7 +44,7 @@ module ActionDispatch
37
44
  #
38
45
  # # Test a custom route
39
46
  # assert_recognizes({controller: 'items', action: 'show', id: '1'}, 'view/item1')
40
- def assert_recognizes(expected_options, path, extras={}, msg=nil)
47
+ def assert_recognizes(expected_options, path, extras = {}, msg = nil)
41
48
  if path.is_a?(Hash) && path[:method].to_s == "all"
42
49
  [:get, :post, :put, :delete].each do |method|
43
50
  assert_recognizes(expected_options, path.merge(method: method), extras, msg)
@@ -75,19 +82,19 @@ module ActionDispatch
75
82
  #
76
83
  # # Asserts that the generated route gives us our custom route
77
84
  # assert_generates "changesets/12", { controller: 'scm', action: 'show_diff', revision: "12" }
78
- def assert_generates(expected_path, options, defaults={}, extras={}, message=nil)
79
- if expected_path =~ %r{://}
85
+ def assert_generates(expected_path, options, defaults = {}, extras = {}, message = nil)
86
+ if %r{://}.match?(expected_path)
80
87
  fail_on(URI::InvalidURIError, message) do
81
88
  uri = URI.parse(expected_path)
82
89
  expected_path = uri.path.to_s.empty? ? "/" : uri.path
83
90
  end
84
91
  else
85
- expected_path = "/#{expected_path}" unless expected_path.first == '/'
92
+ expected_path = "/#{expected_path}" unless expected_path.start_with?("/")
86
93
  end
87
- # Load routes.rb if it hasn't been loaded.
88
94
 
89
- generated_path, extra_keys = @routes.generate_extras(options, defaults)
90
- found_extras = options.reject { |k, _| ! extra_keys.include? k }
95
+ options = options.clone
96
+ generated_path, query_string_keys = @routes.generate_extras(options, defaults)
97
+ found_extras = options.reject { |k, _| ! query_string_keys.include? k }
91
98
 
92
99
  msg = message || sprintf("found extras <%s>, not <%s>", found_extras, extras)
93
100
  assert_equal(extras, found_extras, msg)
@@ -104,21 +111,21 @@ module ActionDispatch
104
111
  # The +extras+ hash allows you to specify options that would normally be provided as a query string to the action. The
105
112
  # +message+ parameter allows you to specify a custom error message to display upon failure.
106
113
  #
107
- # # Assert a basic route: a controller with the default action (index)
114
+ # # Asserts a basic route: a controller with the default action (index)
108
115
  # assert_routing '/home', controller: 'home', action: 'index'
109
116
  #
110
117
  # # Test a route generated with a specific controller, action, and parameter (id)
111
118
  # assert_routing '/entries/show/23', controller: 'entries', action: 'show', id: 23
112
119
  #
113
- # # Assert a basic route (controller + default action), with an error message if it fails
120
+ # # Asserts a basic route (controller + default action), with an error message if it fails
114
121
  # assert_routing '/store', { controller: 'store', action: 'index' }, {}, {}, 'Route for store index not generated properly'
115
122
  #
116
123
  # # Tests a route, providing a defaults hash
117
124
  # assert_routing 'controller/action/9', {id: "9", item: "square"}, {controller: "controller", action: "action"}, {}, {item: "square"}
118
125
  #
119
- # # Tests a route with a HTTP method
126
+ # # Tests a route with an HTTP method
120
127
  # assert_routing({ method: 'put', path: '/product/321' }, { controller: "product", action: "update", id: "321" })
121
- def assert_routing(path, options, defaults={}, extras={}, message=nil)
128
+ def assert_routing(path, options, defaults = {}, extras = {}, message = nil)
122
129
  assert_recognizes(options, path, extras, message)
123
130
 
124
131
  controller, default_controller = options[:controller], defaults[:controller]
@@ -126,13 +133,12 @@ module ActionDispatch
126
133
  options[:controller] = "/#{controller}"
127
134
  end
128
135
 
129
- generate_options = options.dup.delete_if{ |k, _| defaults.key?(k) }
136
+ generate_options = options.dup.delete_if { |k, _| defaults.key?(k) }
130
137
  assert_generates(path.is_a?(Hash) ? path[:path] : path, generate_options, defaults, extras, message)
131
138
  end
132
139
 
133
140
  # A helper to make it easier to test different route configurations.
134
- # This method temporarily replaces @routes
135
- # with a new RouteSet instance.
141
+ # This method temporarily replaces @routes with a new RouteSet instance.
136
142
  #
137
143
  # The new instance is yielded to the passed block. Typically the block
138
144
  # will create some routes using <tt>set.draw { match ... }</tt>:
@@ -150,9 +156,19 @@ module ActionDispatch
150
156
  old_controller, @controller = @controller, @controller.clone
151
157
  _routes = @routes
152
158
 
153
- @controller.singleton_class.send(:include, _routes.url_helpers)
154
- @controller.view_context_class = Class.new(@controller.view_context_class) do
155
- include _routes.url_helpers
159
+ @controller.singleton_class.include(_routes.url_helpers)
160
+
161
+ if @controller.respond_to? :view_context_class
162
+ view_context_class = Class.new(@controller.view_context_class) do
163
+ include _routes.url_helpers
164
+ end
165
+
166
+ custom_view_context = Module.new {
167
+ define_method(:view_context_class) do
168
+ view_context_class
169
+ end
170
+ }
171
+ @controller.extend(custom_view_context)
156
172
  end
157
173
  end
158
174
  yield @routes
@@ -166,7 +182,7 @@ module ActionDispatch
166
182
  # ROUTES TODO: These assertions should really work in an integration context
167
183
  def method_missing(selector, *args, &block)
168
184
  if defined?(@controller) && @controller && defined?(@routes) && @routes && @routes.named_routes.route_defined?(selector)
169
- @controller.send(selector, *args, &block)
185
+ @controller.public_send(selector, *args, &block)
170
186
  else
171
187
  super
172
188
  end
@@ -182,10 +198,10 @@ module ActionDispatch
182
198
  method = :get
183
199
  end
184
200
 
185
- # Assume given controller
186
- request = ActionController::TestRequest.new
201
+ controller = @controller if defined?(@controller)
202
+ request = ActionController::TestRequest.create controller&.class
187
203
 
188
- if path =~ %r{://}
204
+ if %r{://}.match?(path)
189
205
  fail_on(URI::InvalidURIError, msg) do
190
206
  uri = URI.parse(path)
191
207
  request.env["rack.url_scheme"] = uri.scheme || "http"
@@ -194,14 +210,14 @@ module ActionDispatch
194
210
  request.path = uri.path.to_s.empty? ? "/" : uri.path
195
211
  end
196
212
  else
197
- path = "/#{path}" unless path.first == "/"
213
+ path = "/#{path}" unless path.start_with?("/")
198
214
  request.path = path
199
215
  end
200
216
 
201
217
  request.request_method = method if method
202
218
 
203
219
  params = fail_on(ActionController::RoutingError, msg) do
204
- @routes.recognize_path(path, { :method => method, :extras => extras })
220
+ @routes.recognize_path(path, method: method, extras: extras)
205
221
  end
206
222
  request.path_parameters = params.with_indifferent_access
207
223
 
@@ -1,9 +1,11 @@
1
- require 'rails-dom-testing'
1
+ # frozen_string_literal: true
2
+
3
+ require "rails-dom-testing"
2
4
 
3
5
  module ActionDispatch
4
6
  module Assertions
5
- autoload :ResponseAssertions, 'action_dispatch/testing/assertions/response'
6
- autoload :RoutingAssertions, 'action_dispatch/testing/assertions/routing'
7
+ autoload :ResponseAssertions, "action_dispatch/testing/assertions/response"
8
+ autoload :RoutingAssertions, "action_dispatch/testing/assertions/routing"
7
9
 
8
10
  extend ActiveSupport::Concern
9
11
 
@@ -12,7 +14,7 @@ module ActionDispatch
12
14
  include Rails::Dom::Testing::Assertions
13
15
 
14
16
  def html_document
15
- @html_document ||= if @response.content_type.to_s =~ /xml$/
17
+ @html_document ||= if @response.media_type&.end_with?("xml")
16
18
  Nokogiri::XML::Document.parse(@response.body)
17
19
  else
18
20
  Nokogiri::HTML::Document.parse(@response.body)