RubyGems - actionpack - Versions diffs - 4.2.10 → 7.2.0.rc1 - Mend

actionpack 4.2.10 → 7.2.0.rc1

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (202) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +86 -600
data/MIT-LICENSE +1 -1
data/README.rdoc +13 -14
data/lib/abstract_controller/asset_paths.rb +5 -1
data/lib/abstract_controller/base.rb +166 -136
data/lib/abstract_controller/caching/fragments.rb +149 -0
data/lib/abstract_controller/caching.rb +68 -0
data/lib/abstract_controller/callbacks.rb +126 -57
data/lib/abstract_controller/collector.rb +13 -15
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +8 -0
data/lib/abstract_controller/helpers.rb +181 -132
data/lib/abstract_controller/logger.rb +5 -1
data/lib/abstract_controller/railties/routes_helpers.rb +10 -3
data/lib/abstract_controller/rendering.rb +56 -56
data/lib/abstract_controller/translation.rb +29 -15
data/lib/abstract_controller/url_for.rb +15 -11
data/lib/abstract_controller.rb +21 -5
data/lib/action_controller/api/api_rendering.rb +18 -0
data/lib/action_controller/api.rb +154 -0
data/lib/action_controller/base.rb +219 -155
data/lib/action_controller/caching.rb +28 -68
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +55 -0
data/lib/action_controller/log_subscriber.rb +35 -22
data/lib/action_controller/metal/allow_browser.rb +119 -0
data/lib/action_controller/metal/basic_implicit_render.rb +17 -0
data/lib/action_controller/metal/conditional_get.rb +259 -122
data/lib/action_controller/metal/content_security_policy.rb +86 -0
data/lib/action_controller/metal/cookies.rb +9 -5
data/lib/action_controller/metal/data_streaming.rb +87 -104
data/lib/action_controller/metal/default_headers.rb +21 -0
data/lib/action_controller/metal/etag_with_flash.rb +22 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +35 -26
data/lib/action_controller/metal/exceptions.rb +71 -24
data/lib/action_controller/metal/flash.rb +26 -19
data/lib/action_controller/metal/head.rb +45 -36
data/lib/action_controller/metal/helpers.rb +80 -64
data/lib/action_controller/metal/http_authentication.rb +297 -244
data/lib/action_controller/metal/implicit_render.rb +57 -9
data/lib/action_controller/metal/instrumentation.rb +76 -64
data/lib/action_controller/metal/live.rb +238 -176
data/lib/action_controller/metal/logging.rb +22 -0
data/lib/action_controller/metal/mime_responds.rb +177 -166
data/lib/action_controller/metal/parameter_encoding.rb +84 -0
data/lib/action_controller/metal/params_wrapper.rb +145 -118
data/lib/action_controller/metal/permissions_policy.rb +38 -0
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +203 -64
data/lib/action_controller/metal/renderers.rb +108 -65
data/lib/action_controller/metal/rendering.rb +216 -56
data/lib/action_controller/metal/request_forgery_protection.rb +496 -163
data/lib/action_controller/metal/rescue.rb +19 -21
data/lib/action_controller/metal/streaming.rb +179 -138
data/lib/action_controller/metal/strong_parameters.rb +1058 -382
data/lib/action_controller/metal/testing.rb +11 -17
data/lib/action_controller/metal/url_for.rb +37 -21
data/lib/action_controller/metal.rb +236 -138
data/lib/action_controller/railtie.rb +89 -11
data/lib/action_controller/railties/helpers.rb +5 -1
data/lib/action_controller/renderer.rb +161 -0
data/lib/action_controller/template_assertions.rb +13 -0
data/lib/action_controller/test_case.rb +425 -497
data/lib/action_controller.rb +44 -22
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +119 -63
data/lib/action_dispatch/http/content_disposition.rb +47 -0
data/lib/action_dispatch/http/content_security_policy.rb +364 -0
data/lib/action_dispatch/http/filter_parameters.rb +36 -34
data/lib/action_dispatch/http/filter_redirect.rb +24 -12
data/lib/action_dispatch/http/headers.rb +66 -31
data/lib/action_dispatch/http/mime_negotiation.rb +106 -75
data/lib/action_dispatch/http/mime_type.rb +196 -136
data/lib/action_dispatch/http/mime_types.rb +25 -7
data/lib/action_dispatch/http/parameters.rb +97 -45
data/lib/action_dispatch/http/permissions_policy.rb +187 -0
data/lib/action_dispatch/http/rack_cache.rb +6 -0
data/lib/action_dispatch/http/request.rb +299 -170
data/lib/action_dispatch/http/response.rb +311 -160
data/lib/action_dispatch/http/upload.rb +52 -23
data/lib/action_dispatch/http/url.rb +201 -125
data/lib/action_dispatch/journey/formatter.rb +110 -50
data/lib/action_dispatch/journey/gtg/builder.rb +37 -50
data/lib/action_dispatch/journey/gtg/simulator.rb +20 -17
data/lib/action_dispatch/journey/gtg/transition_table.rb +96 -36
data/lib/action_dispatch/journey/nfa/dot.rb +5 -14
data/lib/action_dispatch/journey/nodes/node.rb +100 -20
data/lib/action_dispatch/journey/parser.rb +19 -17
data/lib/action_dispatch/journey/parser.y +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +14 -4
data/lib/action_dispatch/journey/path/pattern.rb +79 -63
data/lib/action_dispatch/journey/route.rb +108 -44
data/lib/action_dispatch/journey/router/utils.rb +41 -29
data/lib/action_dispatch/journey/router.rb +64 -57
data/lib/action_dispatch/journey/routes.rb +23 -21
data/lib/action_dispatch/journey/scanner.rb +28 -17
data/lib/action_dispatch/journey/visitors.rb +100 -54
data/lib/action_dispatch/journey/visualizer/fsm.js +49 -24
data/lib/action_dispatch/journey/visualizer/index.html.erb +1 -1
data/lib/action_dispatch/journey.rb +7 -5
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +7 -6
data/lib/action_dispatch/middleware/cookies.rb +471 -328
data/lib/action_dispatch/middleware/debug_exceptions.rb +149 -66
data/lib/action_dispatch/middleware/debug_locks.rb +129 -0
data/lib/action_dispatch/middleware/debug_view.rb +73 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +275 -73
data/lib/action_dispatch/middleware/executor.rb +32 -0
data/lib/action_dispatch/middleware/flash.rb +143 -101
data/lib/action_dispatch/middleware/host_authorization.rb +171 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +36 -27
data/lib/action_dispatch/middleware/reloader.rb +10 -92
data/lib/action_dispatch/middleware/remote_ip.rb +133 -107
data/lib/action_dispatch/middleware/request_id.rb +29 -15
data/lib/action_dispatch/middleware/server_timing.rb +78 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +49 -27
data/lib/action_dispatch/middleware/session/cache_store.rb +33 -16
data/lib/action_dispatch/middleware/session/cookie_store.rb +86 -80
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +15 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +66 -36
data/lib/action_dispatch/middleware/ssl.rb +134 -36
data/lib/action_dispatch/middleware/stack.rb +109 -44
data/lib/action_dispatch/middleware/static.rb +159 -90
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +7 -24
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +36 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +46 -36
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +12 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +26 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +139 -15
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +6 -6
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +9 -9
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +7 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +125 -93
data/lib/action_dispatch/railtie.rb +44 -16
data/lib/action_dispatch/request/session.rb +159 -69
data/lib/action_dispatch/request/utils.rb +97 -23
data/lib/action_dispatch/routing/endpoint.rb +11 -2
data/lib/action_dispatch/routing/inspector.rb +195 -106
data/lib/action_dispatch/routing/mapper.rb +1338 -955
data/lib/action_dispatch/routing/polymorphic_routes.rb +234 -201
data/lib/action_dispatch/routing/redirection.rb +78 -51
data/lib/action_dispatch/routing/route_set.rb +460 -374
data/lib/action_dispatch/routing/routes_proxy.rb +36 -12
data/lib/action_dispatch/routing/url_for.rb +172 -124
data/lib/action_dispatch/routing.rb +159 -158
data/lib/action_dispatch/system_test_case.rb +206 -0
data/lib/action_dispatch/system_testing/browser.rb +84 -0
data/lib/action_dispatch/system_testing/driver.rb +85 -0
data/lib/action_dispatch/system_testing/server.rb +33 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +164 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +23 -0
data/lib/action_dispatch/testing/assertion_response.rb +48 -0
data/lib/action_dispatch/testing/assertions/response.rb +71 -39
data/lib/action_dispatch/testing/assertions/routing.rb +228 -103
data/lib/action_dispatch/testing/assertions.rb +9 -6
data/lib/action_dispatch/testing/integration.rb +486 -306
data/lib/action_dispatch/testing/request_encoder.rb +60 -0
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +35 -22
data/lib/action_dispatch/testing/test_request.rb +29 -34
data/lib/action_dispatch/testing/test_response.rb +48 -15
data/lib/action_dispatch.rb +82 -40
data/lib/action_pack/gem_version.rb +8 -4
data/lib/action_pack/version.rb +6 -2
data/lib/action_pack.rb +21 -18
metadata +146 -56
data/lib/action_controller/caching/fragments.rb +0 -103
data/lib/action_controller/metal/force_ssl.rb +0 -97
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/http/parameter_filter.rb +0 -72
data/lib/action_dispatch/journey/backwards.rb +0 -5
data/lib/action_dispatch/journey/nfa/builder.rb +0 -76
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -163
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/middleware/params_parser.rb +0 -60
data/lib/action_dispatch/middleware/templates/rescues/_source.erb +0 -27
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_controller/metal/rendering.rb CHANGED Viewed

@@ -1,26 +1,180 @@
+# frozen_string_literal: true
+# :markup: markdown
 module ActionController
   module Rendering
     extend ActiveSupport::Concern
-    RENDER_FORMATS_IN_PRIORITY = [:body, :text, :plain, :html]
+    RENDER_FORMATS_IN_PRIORITY = [:body, :plain, :html]
-    # Before processing, set the request formats in current controller formats.
-    def process_action(*) #:nodoc:
-      self.formats = request.formats.map(&:ref).compact
-      super
+    module ClassMethods
+      # Documentation at ActionController::Renderer#render
+      delegate :render, to: :renderer
+      # Returns a renderer instance (inherited from ActionController::Renderer) for
+      # the controller.
+      attr_reader :renderer
+      def setup_renderer! # :nodoc:
+        @renderer = Renderer.for(self)
+      end
+      def inherited(klass)
+        klass.setup_renderer!
+        super
+      end
     end
+    # Renders a template and assigns the result to `self.response_body`.
+    #
+    # If no rendering mode option is specified, the template will be derived from
+    # the first argument.
+    #
+    #     render "posts/show"
+    #     # => renders app/views/posts/show.html.erb
+    #
+    #     # In a PostsController action...
+    #     render :show
+    #     # => renders app/views/posts/show.html.erb
+    #
+    # If the first argument responds to `render_in`, the template will be rendered
+    # by calling `render_in` with the current view context.
+    #
+    #     class Greeting
+    #       def render_in(view_context)
+    #         view_context.render html: "<h1>Hello, World</h1>"
+    #       end
+    #
+    #       def format
+    #         :html
+    #       end
+    #     end
+    #
+    #     render(Greeting.new)
+    #     # => "<h1>Hello, World</h1>"
+    #
+    #     render(renderable: Greeting.new)
+    #     # => "<h1>Hello, World</h1>"
+    #
+    # #### Rendering Mode
+    #
+    # `:partial`
+    # :   See ActionView::PartialRenderer for details.
+    #
+    #         render partial: "posts/form", locals: { post: Post.new }
+    #         # => renders app/views/posts/_form.html.erb
+    #
+    # `:file`
+    # :   Renders the contents of a file. This option should **not** be used with
+    #     unsanitized user input.
+    #
+    #         render file: "/path/to/some/file"
+    #         # => renders /path/to/some/file
+    #
+    # `:inline`
+    # :   Renders an ERB template string.
+    #
+    #         @name = "World"
+    #         render inline: "<h1>Hello, <%= @name %>!</h1>"
+    #         # => renders "<h1>Hello, World!</h1>"
+    #
+    # `:body`
+    # :   Renders the provided text, and sets the content type as `text/plain`.
+    #
+    #         render body: "Hello, World!"
+    #         # => renders "Hello, World!"
+    #
+    # `:plain`
+    # :   Renders the provided text, and sets the content type as `text/plain`.
+    #
+    #         render plain: "Hello, World!"
+    #         # => renders "Hello, World!"
+    #
+    # `:html`
+    # :   Renders the provided HTML string, and sets the content type as
+    #     `text/html`. If the string is not `html_safe?`, performs HTML escaping on
+    #     the string before rendering.
+    #
+    #         render html: "<h1>Hello, World!</h1>".html_safe
+    #         # => renders "<h1>Hello, World!</h1>"
+    #
+    #         render html: "<h1>Hello, World!</h1>"
+    #         # => renders "&lt;h1&gt;Hello, World!&lt;/h1&gt;"
+    #
+    # `:json`
+    # :   Renders the provided object as JSON, and sets the content type as
+    #     `application/json`. If the object is not a string, it will be converted to
+    #     JSON by calling `to_json`.
+    #
+    #         render json: { hello: "world" }
+    #         # => renders "{\"hello\":\"world\"}"
+    #
+    # `:renderable`
+    # :   Renders the provided object by calling `render_in` with the current view
+    #     context. The response format is determined by calling `format` on the
+    #     renderable if it responds to `format`, falling back to `text/html` by
+    #     default.
+    #
+    #         render renderable: Greeting.new
+    #         # => renders "<h1>Hello, World</h1>"
+    #
+    #
+    # By default, when a rendering mode is specified, no layout template is
+    # rendered.
+    #
+    # #### Options
+    #
+    # `:assigns`
+    # :   Hash of instance variable assignments for the template.
+    #
+    #         render inline: "<h1>Hello, <%= @name %>!</h1>", assigns: { name: "World" }
+    #         # => renders "<h1>Hello, World!</h1>"
+    #
+    # `:locals`
+    # :   Hash of local variable assignments for the template.
+    #
+    #         render inline: "<h1>Hello, <%= name %>!</h1>", locals: { name: "World" }
+    #         # => renders "<h1>Hello, World!</h1>"
+    #
+    # `:layout`
+    # :   The layout template to render. Can also be `false` or `true` to disable or
+    #     (re)enable the default layout template.
+    #
+    #         render "posts/show", layout: "holiday"
+    #         # => renders app/views/posts/show.html.erb with the app/views/layouts/holiday.html.erb layout
+    #
+    #         render "posts/show", layout: false
+    #         # => renders app/views/posts/show.html.erb with no layout
+    #
+    #         render inline: "<h1>Hello, World!</h1>", layout: true
+    #         # => renders "<h1>Hello, World!</h1>" with the default layout
+    #
+    # `:status`
+    # :   The HTTP status code to send with the response. Can be specified as a
+    #     number or as the status name in Symbol form. Defaults to 200.
+    #
+    #         render "posts/new", status: 422
+    #         # => renders app/views/posts/new.html.erb with HTTP status code 422
+    #
+    #         render "posts/new", status: :unprocessable_entity
+    #         # => renders app/views/posts/new.html.erb with HTTP status code 422
+    #
+    #--
     # Check for double render errors and set the content_type after rendering.
-    def render(*args) #:nodoc:
-      raise ::AbstractController::DoubleRenderError if self.response_body
+    def render(*args)
+      raise ::AbstractController::DoubleRenderError if response_body
       super
     end
-    # Overwrite render_to_string because body can now be set to a rack body.
+    # Similar to #render, but only returns the rendered template as a string,
+    # instead of setting `self.response_body`.
+    #--
+    # Override render_to_string because body can now be set to a Rack body.
     def render_to_string(*)
       result = super
       if result.respond_to?(:each)
-        string = ""
+        string = +""
         result.each { |r| string << r }
         string
       else
@@ -28,73 +182,79 @@ module ActionController
       end
     end
-    def render_to_body(options = {})
-      super || _render_in_priorities(options) || ' '
+    def render_to_body(options = {}) # :nodoc:
+      super || _render_in_priorities(options) || " "
     end
     private
-    def _render_in_priorities(options)
-      RENDER_FORMATS_IN_PRIORITY.each do |format|
-        return options[format] if options.key?(format)
+      # Before processing, set the request formats in current controller formats.
+      def process_action(*) # :nodoc:
+        self.formats = request.formats.filter_map(&:ref)
+        super
       end
-      nil
-    end
-    def _process_format(format, options = {})
-      super
-      if options[:plain]
-        self.content_type = Mime::TEXT
-      else
-        self.content_type ||= format.to_s
+      def _process_variant(options)
+        if defined?(request) && !request.nil? && request.variant.present?
+          options[:variant] = request.variant
+        end
       end
-    end
-    # Normalize arguments by catching blocks and setting them on :update.
-    def _normalize_args(action=nil, options={}, &blk) #:nodoc:
-      options = super
-      options[:update] = blk if block_given?
-      options
-    end
+      def _render_in_priorities(options)
+        RENDER_FORMATS_IN_PRIORITY.each do |format|
+          return options[format] if options.key?(format)
+        end
-    # Normalize both text and status options.
-    def _normalize_options(options) #:nodoc:
-      _normalize_text(options)
+        nil
+      end
-      if options[:html]
-        options[:html] = ERB::Util.html_escape(options[:html])
+      def _set_html_content_type
+        self.content_type = Mime[:html].to_s
       end
-      if options.delete(:nothing)
-        options[:body] = nil
+      def _set_rendered_content_type(format)
+        if format && !response.media_type
+          self.content_type = format.to_s
+        end
       end
-      if options[:status]
-        options[:status] = Rack::Utils.status_code(options[:status])
+      def _set_vary_header
+        if response.headers["Vary"].blank? && request.should_apply_vary_header?
+          response.headers["Vary"] = "Accept"
+        end
       end
-      super
-    end
+      # Normalize both text and status options.
+      def _normalize_options(options)
+        _normalize_text(options)
+        if options[:html]
+          options[:html] = ERB::Util.html_escape(options[:html])
+        end
-    def _normalize_text(options)
-      RENDER_FORMATS_IN_PRIORITY.each do |format|
-        if options.key?(format) && options[format].respond_to?(:to_text)
-          options[format] = options[format].to_text
+        if options[:status]
+          options[:status] = Rack::Utils.status_code(options[:status])
+        end
+        super
+      end
+      def _normalize_text(options)
+        RENDER_FORMATS_IN_PRIORITY.each do |format|
+          if options.key?(format) && options[format].respond_to?(:to_text)
+            options[format] = options[format].to_text
+          end
         end
       end
-    end
-    # Process controller specific options, as status, content-type and location.
-    def _process_options(options) #:nodoc:
-      status, content_type, location = options.values_at(:status, :content_type, :location)
+      # Process controller specific options, as status, content-type and location.
+      def _process_options(options)
+        status, content_type, location = options.values_at(:status, :content_type, :location)
-      self.status = status if status
-      self.content_type = content_type if content_type
-      self.headers["Location"] = url_for(location) if location
+        self.status = status if status
+        self.content_type = content_type if content_type
+        headers["Location"] = url_for(location) if location
-      super
-    end
+        super
+      end
   end
 end