actionpack 4.2.10 → 7.2.0.rc1

data/lib/action_controller/metal/data_streaming.rb

@@ -1,6 +1,13 @@
-require 'action_controller/metal/exceptions'
+# frozen_string_literal: true
 
-module ActionController #:nodoc:
+# :markup: markdown
+
+require "action_controller/metal/exceptions"
+require "action_dispatch/http/content_disposition"
+
+module ActionController # :nodoc:
+  # # Action Controller Data Streaming
+  #
   # Methods for sending arbitrary data and for streaming files to the browser,
   # instead of rendering.
   module DataStreaming
@@ -8,132 +15,120 @@ module ActionController #:nodoc:
 
     include ActionController::Rendering
 
-    DEFAULT_SEND_FILE_TYPE        = 'application/octet-stream'.freeze #:nodoc:
-    DEFAULT_SEND_FILE_DISPOSITION = 'attachment'.freeze #:nodoc:
+    DEFAULT_SEND_FILE_TYPE        = "application/octet-stream" # :nodoc:
+    DEFAULT_SEND_FILE_DISPOSITION = "attachment" # :nodoc:
 
-    protected
-      # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
-      # via the Rack::Sendfile middleware. The header to use is set via
-      # +config.action_dispatch.x_sendfile_header+.
-      # Your server can also configure this for you by setting the X-Sendfile-Type header.
+    private
+      # Sends the file. This uses a server-appropriate method (such as `X-Sendfile`)
+      # via the `Rack::Sendfile` middleware. The header to use is set via
+      # `config.action_dispatch.x_sendfile_header`. Your server can also configure
+      # this for you by setting the `X-Sendfile-Type` header.
       #
-      # Be careful to sanitize the path parameter if it is coming from a web
-      # page. <tt>send_file(params[:path])</tt> allows a malicious user to
-      # download any file on your server.
+      # Be careful to sanitize the path parameter if it is coming from a web page.
+      # `send_file(params[:path])` allows a malicious user to download any file on
+      # your server.
       #
       # Options:
-      # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      #   Defaults to <tt>File.basename(path)</tt>.
-      # * <tt>:type</tt> - specifies an HTTP content type.
-      #   You can specify either a string or a symbol for a registered type register with
-      #   <tt>Mime::Type.register</tt>, for example :json
-      #   If omitted, type will be guessed from the file extension specified in <tt>:filename</tt>.
-      #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
-      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
-      #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
-      # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
-      #   the URL, which is necessary for i18n filenames on certain browsers
-      #   (setting <tt>:filename</tt> overrides this option).
-      #
-      # The default Content-Type and Content-Disposition headers are
-      # set to download arbitrary binary files in as many browsers as
-      # possible. IE versions 4, 5, 5.5, and 6 are all known to have
-      # a variety of quirks (especially when downloading over SSL).
+      # *   `:filename` - suggests a filename for the browser to use. Defaults to
+      #     `File.basename(path)`.
+      # *   `:type` - specifies an HTTP content type. You can specify either a string
+      #     or a symbol for a registered type with `Mime::Type.register`, for example
+      #     `:json`. If omitted, the type will be inferred from the file extension
+      #     specified in `:filename`. If no content type is registered for the
+      #     extension, the default type `application/octet-stream` will be used.
+      # *   `:disposition` - specifies whether the file will be shown inline or
+      #     downloaded. Valid values are `"inline"` and `"attachment"` (default).
+      # *   `:status` - specifies the status code to send with the response. Defaults
+      #     to 200.
+      # *   `:url_based_filename` - set to `true` if you want the browser to guess the
+      #     filename from the URL, which is necessary for i18n filenames on certain
+      #     browsers (setting `:filename` overrides this option).
+      #
+      #
+      # The default `Content-Type` and `Content-Disposition` headers are set to
+      # download arbitrary binary files in as many browsers as possible. IE versions
+      # 4, 5, 5.5, and 6 are all known to have a variety of quirks (especially when
+      # downloading over SSL).
       #
       # Simple download:
       #
-      #   send_file '/path/to.zip'
+      #     send_file '/path/to.zip'
       #
       # Show a JPEG in the browser:
       #
-      #   send_file '/path/to.jpeg', type: 'image/jpeg', disposition: 'inline'
+      #     send_file '/path/to.jpeg', type: 'image/jpeg', disposition: 'inline'
       #
       # Show a 404 page in the browser:
       #
-      #   send_file '/path/to/404.html', type: 'text/html; charset=utf-8', status: 404
-      #
-      # Read about the other Content-* HTTP headers if you'd like to
-      # provide the user with more information (such as Content-Description) in
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
-      #
-      # Also be aware that the document may be cached by proxies and browsers.
-      # The Pragma and Cache-Control headers declare how the file may be cached
-      # by intermediaries. They default to require clients to validate with
-      # the server before releasing cached responses. See
-      # http://www.mnot.net/cache_docs/ for an overview of web caching and
-      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
-      # for the Cache-Control header spec.
-      def send_file(path, options = {}) #:doc:
-        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path)
+      #     send_file '/path/to/404.html', type: 'text/html; charset=utf-8', disposition: 'inline', status: 404
+      #
+      # You can use other `Content-*` HTTP headers to provide additional information
+      # to the client. See MDN for a [list of HTTP
+      # headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers).
+      #
+      # Also be aware that the document may be cached by proxies and browsers. The
+      # `Pragma` and `Cache-Control` headers declare how the file may be cached by
+      # intermediaries. They default to require clients to validate with the server
+      # before releasing cached responses. See https://www.mnot.net/cache_docs/ for an
+      # overview of web caching and [RFC
+      # 9111](https://www.rfc-editor.org/rfc/rfc9111.html#name-cache-control) for the
+      # `Cache-Control` header spec.
+      def send_file(path, options = {}) # :doc:
+        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) && File.readable?(path)
 
         options[:filename] ||= File.basename(path) unless options[:url_based_filename]
         send_file_headers! options
 
         self.status = options[:status] || 200
         self.content_type = options[:content_type] if options.key?(:content_type)
-        self.response_body = FileBody.new(path)
+        response.send_file path
       end
 
-      # Avoid having to pass an open file handle as the response body.
-      # Rack::Sendfile will usually intercept the response and uses
-      # the path directly, so there is no reason to open the file.
-      class FileBody #:nodoc:
-        attr_reader :to_path
-
-        def initialize(path)
-          @to_path = path
-        end
-
-        # Stream the file's contents if Rack::Sendfile isn't present.
-        def each
-          File.open(to_path, 'rb') do |file|
-            while chunk = file.read(16384)
-              yield chunk
-            end
-          end
-        end
-      end
-
-      # Sends the given binary data to the browser. This method is similar to
-      # <tt>render plain: data</tt>, but also allows you to specify whether
-      # the browser should display the response as a file attachment (i.e. in a
-      # download dialog) or as inline data. You may also set the content type,
-      # the apparent file name, and other things.
+      # Sends the given binary data to the browser. This method is similar to `render
+      # plain: data`, but also allows you to specify whether the browser should
+      # display the response as a file attachment (i.e. in a download dialog) or as
+      # inline data. You may also set the content type, the file name, and other
+      # things.
       #
       # Options:
-      # * <tt>:filename</tt> - suggests a filename for the browser to use.
-      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
-      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
-      #   If omitted, type will be guessed from the file extension specified in <tt>:filename</tt>.
-      #   If no content type is registered for the extension, default type 'application/octet-stream' will be used.
-      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
-      #   Valid values are 'inline' and 'attachment' (default).
-      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to 200.
+      # *   `:filename` - suggests a filename for the browser to use.
+      # *   `:type` - specifies an HTTP content type. Defaults to
+      #     `application/octet-stream`. You can specify either a string or a symbol
+      #     for a registered type with `Mime::Type.register`, for example `:json`. If
+      #     omitted, type will be inferred from the file extension specified in
+      #     `:filename`. If no content type is registered for the extension, the
+      #     default type `application/octet-stream` will be used.
+      # *   `:disposition` - specifies whether the file will be shown inline or
+      #     downloaded. Valid values are `"inline"` and `"attachment"` (default).
+      # *   `:status` - specifies the status code to send with the response. Defaults
+      #     to 200.
+      #
       #
       # Generic data download:
       #
-      #   send_data buffer
+      #     send_data buffer
       #
       # Download a dynamically-generated tarball:
       #
-      #   send_data generate_tgz('dir'), filename: 'dir.tgz'
+      #     send_data generate_tgz('dir'), filename: 'dir.tgz'
       #
       # Display an image Active Record in the browser:
       #
-      #   send_data image.data, type: image.content_type, disposition: 'inline'
+      #     send_data image.data, type: image.content_type, disposition: 'inline'
       #
-      # See +send_file+ for more information on HTTP Content-* headers and caching.
-      def send_data(data, options = {}) #:doc:
+      # See `send_file` for more information on HTTP `Content-*` headers and caching.
+      def send_data(data, options = {}) # :doc:
         send_file_headers! options
-        render options.slice(:status, :content_type).merge(:text => data)
+        render options.slice(:status, :content_type).merge(body: data)
       end
 
-    private
       def send_file_headers!(options)
         type_provided = options.has_key?(:type)
 
         content_type = options.fetch(:type, DEFAULT_SEND_FILE_TYPE)
+        self.content_type = content_type
+        response.sending_file = true
+
         raise ArgumentError, ":type option required" if content_type.nil?
 
         if content_type.is_a?(Symbol)
@@ -143,29 +138,17 @@ module ActionController #:nodoc:
         else
           if !type_provided && options[:filename]
             # If type wasn't provided, try guessing from file extension.
-            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete('.')) || content_type
+            content_type = Mime::Type.lookup_by_extension(File.extname(options[:filename]).downcase.delete(".")) || content_type
           end
           self.content_type = content_type
         end
 
         disposition = options.fetch(:disposition, DEFAULT_SEND_FILE_DISPOSITION)
-        unless disposition.nil?
-          disposition  = disposition.to_s
-          disposition += %(; filename="#{options[:filename]}") if options[:filename]
-          headers['Content-Disposition'] = disposition
+        if disposition
+          headers["Content-Disposition"] = ActionDispatch::Http::ContentDisposition.format(disposition: disposition, filename: options[:filename])
         end
 
-        headers['Content-Transfer-Encoding'] = 'binary'
-
-        response.sending_file = true
-
-        # Fix a problem with IE 6.0 on opening downloaded files:
-        # If Cache-Control: no-cache is set (which Rails does by default),
-        # IE removes the file it just downloaded from its cache immediately
-        # after it displays the "open/save" dialog, which means that if you
-        # hit "open" the file isn't there anymore when the application that
-        # is called for handling the download is run, so let's workaround that
-        response.cache_control[:public] ||= false
+        headers["Content-Transfer-Encoding"] = "binary"
       end
   end
 end

data/lib/action_controller/metal/default_headers.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionController
+  # # Action Controller Default Headers
+  #
+  # Allows configuring default headers that will be automatically merged into each
+  # response.
+  module DefaultHeaders
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def make_response!(request)
+        ActionDispatch::Response.create.tap do |res|
+          res.request = request
+        end
+      end
+    end
+  end
+end

data/lib/action_controller/metal/etag_with_flash.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionController
+  # # Action Controller Etag With Flash
+  #
+  # When you're using the flash, it's generally used as a conditional on the view.
+  # This means the content of the view depends on the flash. Which in turn means
+  # that the ETag for a response should be computed with the content of the flash
+  # in mind. This does that by including the content of the flash as a component
+  # in the ETag that's generated for a response.
+  module EtagWithFlash
+    extend ActiveSupport::Concern
+
+    include ActionController::ConditionalGet
+
+    included do
+      etag { flash if request.respond_to?(:flash) && !flash.empty? }
+    end
+  end
+end

data/lib/action_controller/metal/etag_with_template_digest.rb

@@ -1,20 +1,26 @@
+# frozen_string_literal: true
+
+# :markup: markdown
+
 module ActionController
-  # When our views change, they should bubble up into HTTP cache freshness
-  # and bust browser caches. So the template digest for the current action
-  # is automatically included in the ETag.
+  # # Action Controller Etag With Template Digest
+  #
+  # When our views change, they should bubble up into HTTP cache freshness and
+  # bust browser caches. So the template digest for the current action is
+  # automatically included in the ETag.
   #
   # Enabled by default for apps that use Action View. Disable by setting
   #
-  #   config.action_controller.etag_with_template_digest = false
+  #     config.action_controller.etag_with_template_digest = false
   #
-  # Override the template to digest by passing +:template+ to +fresh_when+
-  # and +stale?+ calls. For example:
+  # Override the template to digest by passing `:template` to `fresh_when` and
+  # `stale?` calls. For example:
   #
-  #   # We're going to render widgets/show, not posts/show
-  #   fresh_when @post, template: 'widgets/show'
+  #     # We're going to render widgets/show, not posts/show
+  #     fresh_when @post, template: 'widgets/show'
   #
-  #   # We're not going to render a template, so omit it from the ETag.
-  #   fresh_when @post, template: false
+  #     # We're not going to render a template, so omit it from the ETag.
+  #     fresh_when @post, template: false
   #
   module EtagWithTemplateDigest
     extend ActiveSupport::Concern
@@ -22,29 +28,32 @@ module ActionController
     include ActionController::ConditionalGet
 
     included do
-      class_attribute :etag_with_template_digest
-      self.etag_with_template_digest = true
+      class_attribute :etag_with_template_digest, default: true
 
-      ActiveSupport.on_load :action_view, yield: true do |action_view_base|
-        etag do |options|
-          determine_template_etag(options) if etag_with_template_digest
-        end
+      etag do |options|
+        determine_template_etag(options) if etag_with_template_digest
       end
     end
 
     private
-    def determine_template_etag(options)
-      if template = pick_template_for_etag(options)
-        lookup_and_digest_template(template)
+      def determine_template_etag(options)
+        if template = pick_template_for_etag(options)
+          lookup_and_digest_template(template)
+        end
       end
-    end
 
-    def pick_template_for_etag(options)
-      options.fetch(:template) { "#{controller_name}/#{action_name}" }
-    end
+      # Pick the template digest to include in the ETag. If the `:template` option is
+      # present, use the named template. If `:template` is `nil` or absent, use the
+      # default controller/action template. If `:template` is false, omit the template
+      # digest from the ETag.
+      def pick_template_for_etag(options)
+        unless options[:template] == false
+          options[:template] || lookup_context.find_all(action_name, _prefixes).first&.virtual_path
+        end
+      end
 
-    def lookup_and_digest_template(template)
-      ActionView::Digestor.digest name: template, finder: lookup_context
-    end
+      def lookup_and_digest_template(template)
+        ActionView::Digestor.digest name: template, format: nil, finder: lookup_context
+      end
   end
 end

data/lib/action_controller/metal/exceptions.rb

@@ -1,59 +1,106 @@
-module ActionController
-  class ActionControllerError < StandardError #:nodoc:
-  end
+# frozen_string_literal: true
 
-  class BadRequest < ActionControllerError #:nodoc:
-    attr_reader :original_exception
+# :markup: markdown
 
-    def initialize(type = nil, e = nil)
-      return super() unless type && e
+module ActionController
+  class ActionControllerError < StandardError # :nodoc:
+  end
 
-      super("Invalid #{type} parameters: #{e.message}")
-      @original_exception = e
-      set_backtrace e.backtrace
+  class BadRequest < ActionControllerError # :nodoc:
+    def initialize(msg = nil)
+      super(msg)
+      set_backtrace $!.backtrace if $!
     end
   end
 
-  class RenderError < ActionControllerError #:nodoc:
+  class RenderError < ActionControllerError # :nodoc:
   end
 
-  class RoutingError < ActionControllerError #:nodoc:
+  class RoutingError < ActionControllerError # :nodoc:
     attr_reader :failures
-    def initialize(message, failures=[])
+    def initialize(message, failures = [])
       super(message)
       @failures = failures
     end
   end
 
-  class ActionController::UrlGenerationError < ActionControllerError #:nodoc:
+  class UrlGenerationError < ActionControllerError # :nodoc:
+    attr_reader :routes, :route_name, :method_name
+
+    def initialize(message, routes = nil, route_name = nil, method_name = nil)
+      @routes      = routes
+      @route_name  = route_name
+      @method_name = method_name
+
+      super(message)
+    end
+
+    if defined?(DidYouMean::Correctable) && defined?(DidYouMean::SpellChecker)
+      include DidYouMean::Correctable
+
+      def corrections
+        @corrections ||= begin
+          maybe_these = routes&.named_routes&.helper_names&.grep(/#{route_name}/) || []
+          maybe_these -= [method_name.to_s] # remove exact match
+
+          DidYouMean::SpellChecker.new(dictionary: maybe_these).correct(route_name)
+        end
+      end
+    end
   end
 
-  class MethodNotAllowed < ActionControllerError #:nodoc:
+  class MethodNotAllowed < ActionControllerError # :nodoc:
     def initialize(*allowed_methods)
-      super("Only #{allowed_methods.to_sentence(:locale => :en)} requests are allowed.")
+      super("Only #{allowed_methods.to_sentence} requests are allowed.")
     end
   end
 
-  class NotImplemented < MethodNotAllowed #:nodoc:
+  class NotImplemented < MethodNotAllowed # :nodoc:
   end
 
-  class UnknownController < ActionControllerError #:nodoc:
+  class MissingFile < ActionControllerError # :nodoc:
   end
 
-  class MissingFile < ActionControllerError #:nodoc:
+  class SessionOverflowError < ActionControllerError # :nodoc:
+    DEFAULT_MESSAGE = "Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data."
+
+    def initialize(message = nil)
+      super(message || DEFAULT_MESSAGE)
+    end
+  end
+
+  class UnknownHttpMethod < ActionControllerError # :nodoc:
   end
 
-  class SessionOverflowError < ActionControllerError #:nodoc:
-    DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.'
+  class UnknownFormat < ActionControllerError # :nodoc:
+  end
+
+  # Raised when a nested respond_to is triggered and the content types of each are
+  # incompatible. For example:
+  #
+  #     respond_to do |outer_type|
+  #       outer_type.js do
+  #         respond_to do |inner_type|
+  #           inner_type.html { render body: "HTML" }
+  #         end
+  #       end
+  #     end
+  class RespondToMismatchError < ActionControllerError
+    DEFAULT_MESSAGE = "respond_to was called multiple times and matched with conflicting formats in this action. Please note that you may only call respond_to and match on a single format per action."
 
     def initialize(message = nil)
       super(message || DEFAULT_MESSAGE)
     end
   end
 
-  class UnknownHttpMethod < ActionControllerError #:nodoc:
-  end
+  class MissingExactTemplate < UnknownFormat # :nodoc:
+    attr_reader :controller, :action_name
 
-  class UnknownFormat < ActionControllerError #:nodoc:
+    def initialize(message, controller, action_name)
+      @controller  = controller
+      @action_name = action_name
+
+      super(message)
+    end
   end
 end

data/lib/action_controller/metal/flash.rb

@@ -1,10 +1,13 @@
-module ActionController #:nodoc:
+# frozen_string_literal: true
+
+# :markup: markdown
+
+module ActionController # :nodoc:
   module Flash
     extend ActiveSupport::Concern
 
     included do
-      class_attribute :_flash_types, instance_accessor: false
-      self._flash_types = []
+      class_attribute :_flash_types, instance_accessor: false, default: []
 
       delegate :flash, to: :request
       add_flash_types(:alert, :notice)
@@ -12,19 +15,19 @@ module ActionController #:nodoc:
 
     module ClassMethods
       # Creates new flash types. You can pass as many types as you want to create
-      # flash types other than the default <tt>alert</tt> and <tt>notice</tt> in
-      # your controllers and views. For instance:
+      # flash types other than the default `alert` and `notice` in your controllers
+      # and views. For instance:
       #
-      #   # in application_controller.rb
-      #   class ApplicationController < ActionController::Base
-      #     add_flash_types :warning
-      #   end
+      #     # in application_controller.rb
+      #     class ApplicationController < ActionController::Base
+      #       add_flash_types :warning
+      #     end
       #
-      #   # in your controller
-      #   redirect_to user_path(@user), warning: "Incomplete profile"
+      #     # in your controller
+      #     redirect_to user_path(@user), warning: "Incomplete profile"
       #
-      #   # in your view
-      #   <%= warning %>
+      #     # in your view
+      #     <%= warning %>
       #
       # This method will automatically define a new method for each of the given
       # names, and it will be available in your views.
@@ -35,26 +38,30 @@ module ActionController #:nodoc:
           define_method(type) do
             request.flash[type]
           end
-          helper_method type
+          helper_method(type) if respond_to?(:helper_method)
 
           self._flash_types += [type]
         end
       end
+
+      def action_methods # :nodoc:
+        @action_methods ||= super - _flash_types.map(&:to_s).to_set
+      end
     end
 
-    protected
-      def redirect_to(options = {}, response_status_and_flash = {}) #:doc:
+    private
+      def redirect_to(options = {}, response_options_and_flash = {}) # :doc:
         self.class._flash_types.each do |flash_type|
-          if type = response_status_and_flash.delete(flash_type)
+          if type = response_options_and_flash.delete(flash_type)
             flash[flash_type] = type
           end
         end
 
-        if other_flashes = response_status_and_flash.delete(:flash)
+        if other_flashes = response_options_and_flash.delete(:flash)
           flash.update(other_flashes)
         end
 
-        super(options, response_status_and_flash)
+        super(options, response_options_and_flash)
       end
   end
 end