RubyGems - actionpack - Versions diffs - 4.2.10 → 7.2.0.rc1 - Mend

actionpack 4.2.10 → 7.2.0.rc1

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (202) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +86 -600
data/MIT-LICENSE +1 -1
data/README.rdoc +13 -14
data/lib/abstract_controller/asset_paths.rb +5 -1
data/lib/abstract_controller/base.rb +166 -136
data/lib/abstract_controller/caching/fragments.rb +149 -0
data/lib/abstract_controller/caching.rb +68 -0
data/lib/abstract_controller/callbacks.rb +126 -57
data/lib/abstract_controller/collector.rb +13 -15
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +8 -0
data/lib/abstract_controller/helpers.rb +181 -132
data/lib/abstract_controller/logger.rb +5 -1
data/lib/abstract_controller/railties/routes_helpers.rb +10 -3
data/lib/abstract_controller/rendering.rb +56 -56
data/lib/abstract_controller/translation.rb +29 -15
data/lib/abstract_controller/url_for.rb +15 -11
data/lib/abstract_controller.rb +21 -5
data/lib/action_controller/api/api_rendering.rb +18 -0
data/lib/action_controller/api.rb +154 -0
data/lib/action_controller/base.rb +219 -155
data/lib/action_controller/caching.rb +28 -68
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +55 -0
data/lib/action_controller/log_subscriber.rb +35 -22
data/lib/action_controller/metal/allow_browser.rb +119 -0
data/lib/action_controller/metal/basic_implicit_render.rb +17 -0
data/lib/action_controller/metal/conditional_get.rb +259 -122
data/lib/action_controller/metal/content_security_policy.rb +86 -0
data/lib/action_controller/metal/cookies.rb +9 -5
data/lib/action_controller/metal/data_streaming.rb +87 -104
data/lib/action_controller/metal/default_headers.rb +21 -0
data/lib/action_controller/metal/etag_with_flash.rb +22 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +35 -26
data/lib/action_controller/metal/exceptions.rb +71 -24
data/lib/action_controller/metal/flash.rb +26 -19
data/lib/action_controller/metal/head.rb +45 -36
data/lib/action_controller/metal/helpers.rb +80 -64
data/lib/action_controller/metal/http_authentication.rb +297 -244
data/lib/action_controller/metal/implicit_render.rb +57 -9
data/lib/action_controller/metal/instrumentation.rb +76 -64
data/lib/action_controller/metal/live.rb +238 -176
data/lib/action_controller/metal/logging.rb +22 -0
data/lib/action_controller/metal/mime_responds.rb +177 -166
data/lib/action_controller/metal/parameter_encoding.rb +84 -0
data/lib/action_controller/metal/params_wrapper.rb +145 -118
data/lib/action_controller/metal/permissions_policy.rb +38 -0
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +203 -64
data/lib/action_controller/metal/renderers.rb +108 -65
data/lib/action_controller/metal/rendering.rb +216 -56
data/lib/action_controller/metal/request_forgery_protection.rb +496 -163
data/lib/action_controller/metal/rescue.rb +19 -21
data/lib/action_controller/metal/streaming.rb +179 -138
data/lib/action_controller/metal/strong_parameters.rb +1058 -382
data/lib/action_controller/metal/testing.rb +11 -17
data/lib/action_controller/metal/url_for.rb +37 -21
data/lib/action_controller/metal.rb +236 -138
data/lib/action_controller/railtie.rb +89 -11
data/lib/action_controller/railties/helpers.rb +5 -1
data/lib/action_controller/renderer.rb +161 -0
data/lib/action_controller/template_assertions.rb +13 -0
data/lib/action_controller/test_case.rb +425 -497
data/lib/action_controller.rb +44 -22
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +119 -63
data/lib/action_dispatch/http/content_disposition.rb +47 -0
data/lib/action_dispatch/http/content_security_policy.rb +364 -0
data/lib/action_dispatch/http/filter_parameters.rb +36 -34
data/lib/action_dispatch/http/filter_redirect.rb +24 -12
data/lib/action_dispatch/http/headers.rb +66 -31
data/lib/action_dispatch/http/mime_negotiation.rb +106 -75
data/lib/action_dispatch/http/mime_type.rb +196 -136
data/lib/action_dispatch/http/mime_types.rb +25 -7
data/lib/action_dispatch/http/parameters.rb +97 -45
data/lib/action_dispatch/http/permissions_policy.rb +187 -0
data/lib/action_dispatch/http/rack_cache.rb +6 -0
data/lib/action_dispatch/http/request.rb +299 -170
data/lib/action_dispatch/http/response.rb +311 -160
data/lib/action_dispatch/http/upload.rb +52 -23
data/lib/action_dispatch/http/url.rb +201 -125
data/lib/action_dispatch/journey/formatter.rb +110 -50
data/lib/action_dispatch/journey/gtg/builder.rb +37 -50
data/lib/action_dispatch/journey/gtg/simulator.rb +20 -17
data/lib/action_dispatch/journey/gtg/transition_table.rb +96 -36
data/lib/action_dispatch/journey/nfa/dot.rb +5 -14
data/lib/action_dispatch/journey/nodes/node.rb +100 -20
data/lib/action_dispatch/journey/parser.rb +19 -17
data/lib/action_dispatch/journey/parser.y +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +14 -4
data/lib/action_dispatch/journey/path/pattern.rb +79 -63
data/lib/action_dispatch/journey/route.rb +108 -44
data/lib/action_dispatch/journey/router/utils.rb +41 -29
data/lib/action_dispatch/journey/router.rb +64 -57
data/lib/action_dispatch/journey/routes.rb +23 -21
data/lib/action_dispatch/journey/scanner.rb +28 -17
data/lib/action_dispatch/journey/visitors.rb +100 -54
data/lib/action_dispatch/journey/visualizer/fsm.js +49 -24
data/lib/action_dispatch/journey/visualizer/index.html.erb +1 -1
data/lib/action_dispatch/journey.rb +7 -5
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +7 -6
data/lib/action_dispatch/middleware/cookies.rb +471 -328
data/lib/action_dispatch/middleware/debug_exceptions.rb +149 -66
data/lib/action_dispatch/middleware/debug_locks.rb +129 -0
data/lib/action_dispatch/middleware/debug_view.rb +73 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +275 -73
data/lib/action_dispatch/middleware/executor.rb +32 -0
data/lib/action_dispatch/middleware/flash.rb +143 -101
data/lib/action_dispatch/middleware/host_authorization.rb +171 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +36 -27
data/lib/action_dispatch/middleware/reloader.rb +10 -92
data/lib/action_dispatch/middleware/remote_ip.rb +133 -107
data/lib/action_dispatch/middleware/request_id.rb +29 -15
data/lib/action_dispatch/middleware/server_timing.rb +78 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +49 -27
data/lib/action_dispatch/middleware/session/cache_store.rb +33 -16
data/lib/action_dispatch/middleware/session/cookie_store.rb +86 -80
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +15 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +66 -36
data/lib/action_dispatch/middleware/ssl.rb +134 -36
data/lib/action_dispatch/middleware/stack.rb +109 -44
data/lib/action_dispatch/middleware/static.rb +159 -90
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +7 -24
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +36 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +46 -36
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +12 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +26 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +139 -15
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +6 -6
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +9 -9
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +7 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +125 -93
data/lib/action_dispatch/railtie.rb +44 -16
data/lib/action_dispatch/request/session.rb +159 -69
data/lib/action_dispatch/request/utils.rb +97 -23
data/lib/action_dispatch/routing/endpoint.rb +11 -2
data/lib/action_dispatch/routing/inspector.rb +195 -106
data/lib/action_dispatch/routing/mapper.rb +1338 -955
data/lib/action_dispatch/routing/polymorphic_routes.rb +234 -201
data/lib/action_dispatch/routing/redirection.rb +78 -51
data/lib/action_dispatch/routing/route_set.rb +460 -374
data/lib/action_dispatch/routing/routes_proxy.rb +36 -12
data/lib/action_dispatch/routing/url_for.rb +172 -124
data/lib/action_dispatch/routing.rb +159 -158
data/lib/action_dispatch/system_test_case.rb +206 -0
data/lib/action_dispatch/system_testing/browser.rb +84 -0
data/lib/action_dispatch/system_testing/driver.rb +85 -0
data/lib/action_dispatch/system_testing/server.rb +33 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +164 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +23 -0
data/lib/action_dispatch/testing/assertion_response.rb +48 -0
data/lib/action_dispatch/testing/assertions/response.rb +71 -39
data/lib/action_dispatch/testing/assertions/routing.rb +228 -103
data/lib/action_dispatch/testing/assertions.rb +9 -6
data/lib/action_dispatch/testing/integration.rb +486 -306
data/lib/action_dispatch/testing/request_encoder.rb +60 -0
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +35 -22
data/lib/action_dispatch/testing/test_request.rb +29 -34
data/lib/action_dispatch/testing/test_response.rb +48 -15
data/lib/action_dispatch.rb +82 -40
data/lib/action_pack/gem_version.rb +8 -4
data/lib/action_pack/version.rb +6 -2
data/lib/action_pack.rb +21 -18
metadata +146 -56
data/lib/action_controller/caching/fragments.rb +0 -103
data/lib/action_controller/metal/force_ssl.rb +0 -97
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/http/parameter_filter.rb +0 -72
data/lib/action_dispatch/journey/backwards.rb +0 -5
data/lib/action_dispatch/journey/nfa/builder.rb +0 -76
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -163
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/middleware/params_parser.rb +0 -60
data/lib/action_dispatch/middleware/templates/rescues/_source.erb +0 -27
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_dispatch/routing/redirection.rb CHANGED Viewed

@@ -1,9 +1,11 @@
-require 'action_dispatch/http/request'
-require 'active_support/core_ext/uri'
-require 'active_support/core_ext/array/extract_options'
-require 'rack/utils'
-require 'action_controller/metal/exceptions'
-require 'action_dispatch/routing/endpoint'
+# frozen_string_literal: true
+# :markup: markdown
+require "active_support/core_ext/array/extract_options"
+require "rack/utils"
+require "action_controller/metal/exceptions"
+require "action_dispatch/routing/endpoint"
 module ActionDispatch
   module Routing
@@ -18,13 +20,21 @@ module ActionDispatch
       def redirect?; true; end
       def call(env)
-        serve Request.new env
+        ActiveSupport::Notifications.instrument("redirect.action_dispatch") do |payload|
+          request = Request.new(env)
+          response = build_response(request)
+          payload[:status] = @status
+          payload[:location] = response.headers["Location"]
+          payload[:request] = request
+          response.to_a
+        end
       end
-      def serve(req)
-        req.check_path_parameters!
+      def build_response(req)
         uri = URI.parse(path(req.path_parameters, req))
         unless uri.host
           if relative_path?(uri.path)
             uri.path = "#{req.script_name}/#{uri.path}"
@@ -32,20 +42,22 @@ module ActionDispatch
             uri.path = req.script_name.empty? ? "/" : req.script_name
           end
         end
         uri.scheme ||= req.scheme
         uri.host   ||= req.host
         uri.port   ||= req.port unless req.standard_port?
-        body = %(<html><body>You are being <a href="#{ERB::Util.unwrapped_html_escape(uri.to_s)}">redirected</a>.</body></html>)
+        req.commit_flash
+        body = ""
         headers = {
-          'Location' => uri.to_s,
-          'Content-Type' => 'text/html',
-          'Content-Length' => body.length.to_s
+          "Location" => uri.to_s,
+          "Content-Type" => "text/html; charset=#{ActionDispatch::Response.default_charset}",
+          "Content-Length" => body.length.to_s
         }
-        [ status, headers, [body] ]
+        ActionDispatch::Response.new(status, headers, body)
       end
       def path(params, request)
@@ -58,19 +70,19 @@ module ActionDispatch
       private
         def relative_path?(path)
-          path && !path.empty? && path[0] != '/'
+          path && !path.empty? && !path.start_with?("/")
         end
         def escape(params)
-          Hash[params.map{ |k,v| [k, Rack::Utils.escape(v)] }]
+          params.transform_values { |v| Rack::Utils.escape(v) }
         end
         def escape_fragment(params)
-          Hash[params.map{ |k,v| [k, Journey::Router::Utils.escape_fragment(v)] }]
+          params.transform_values { |v| Journey::Router::Utils.escape_fragment(v) }
         end
         def escape_path(params)
-          Hash[params.map{ |k,v| [k, Journey::Router::Utils.escape_path(v)] }]
+          params.transform_values { |v| Journey::Router::Utils.escape_path(v) }
         end
     end
@@ -104,11 +116,11 @@ module ActionDispatch
       def path(params, request)
         url_options = {
-          :protocol => request.protocol,
-          :host     => request.host,
-          :port     => request.optional_port,
-          :path     => request.path,
-          :params   => request.query_parameters
+          protocol: request.protocol,
+          host: request.host,
+          port: request.optional_port,
+          path: request.path,
+          params: request.query_parameters
         }.merge! options
         if !params.empty? && url_options[:path].match(/%\{\w*\}/)
@@ -124,55 +136,70 @@ module ActionDispatch
             url_options[:script_name] = request.script_name
           end
         end
         ActionDispatch::Http::URL.url_for url_options
       end
       def inspect
-        "redirect(#{status}, #{options.map{ |k,v| "#{k}: #{v}" }.join(', ')})"
+        "redirect(#{status}, #{options.map { |k, v| "#{k}: #{v}" }.join(', ')})"
       end
     end
     module Redirection
       # Redirect any path to another path:
       #
-      #   get "/stories" => redirect("/posts")
+      #     get "/stories" => redirect("/posts")
+      #
+      # This will redirect the user, while ignoring certain parts of the request,
+      # including query string, etc. `/stories`, `/stories?foo=bar`, etc all redirect
+      # to `/posts`.
+      #
+      # The redirect will use a `301 Moved Permanently` status code by default. This
+      # can be overridden with the `:status` option:
+      #
+      #     get "/stories" => redirect("/posts", status: 307)
       #
       # You can also use interpolation in the supplied redirect argument:
       #
-      #   get 'docs/:article', to: redirect('/wiki/%{article}')
+      #     get 'docs/:article', to: redirect('/wiki/%{article}')
       #
-      # Note that if you return a path without a leading slash then the url is prefixed with the
-      # current SCRIPT_NAME environment variable. This is typically '/' but may be different in
-      # a mounted engine or where the application is deployed to a subdirectory of a website.
+      # Note that if you return a path without a leading slash then the URL is
+      # prefixed with the current SCRIPT_NAME environment variable. This is typically
+      # '/' but may be different in a mounted engine or where the application is
+      # deployed to a subdirectory of a website.
       #
       # Alternatively you can use one of the other syntaxes:
       #
-      # The block version of redirect allows for the easy encapsulation of any logic associated with
-      # the redirect in question. Either the params and request are supplied as arguments, or just
-      # params, depending of how many arguments your block accepts. A string is required as a
-      # return value.
+      # The block version of redirect allows for the easy encapsulation of any logic
+      # associated with the redirect in question. Either the params and request are
+      # supplied as arguments, or just params, depending of how many arguments your
+      # block accepts. A string is required as a return value.
+      #
+      #     get 'jokes/:number', to: redirect { |params, request|
+      #       path = (params[:number].to_i.even? ? "wheres-the-beef" : "i-love-lamp")
+      #       "http://#{request.host_with_port}/#{path}"
+      #     }
       #
-      #   get 'jokes/:number', to: redirect { |params, request|
-      #     path = (params[:number].to_i.even? ? "wheres-the-beef" : "i-love-lamp")
-      #     "http://#{request.host_with_port}/#{path}"
-      #   }
+      # Note that the `do end` syntax for the redirect block wouldn't work, as Ruby
+      # would pass the block to `get` instead of `redirect`. Use `{ ... }` instead.
       #
-      # Note that the +do end+ syntax for the redirect block wouldn't work, as Ruby would pass
-      # the block to +get+ instead of +redirect+. Use <tt>{ ... }</tt> instead.
+      # The options version of redirect allows you to supply only the parts of the URL
+      # which need to change, it also supports interpolation of the path similar to
+      # the first example.
       #
-      # The options version of redirect allows you to supply only the parts of the url which need
-      # to change, it also supports interpolation of the path similar to the first example.
+      #     get 'stores/:name',       to: redirect(subdomain: 'stores', path: '/%{name}')
+      #     get 'stores/:name(*all)', to: redirect(subdomain: 'stores', path: '/%{name}%{all}')
+      #     get '/stories', to: redirect(path: '/posts')
       #
-      #   get 'stores/:name',       to: redirect(subdomain: 'stores', path: '/%{name}')
-      #   get 'stores/:name(*all)', to: redirect(subdomain: 'stores', path: '/%{name}%{all}')
+      # This will redirect the user, while changing only the specified parts of the
+      # request, for example the `path` option in the last example. `/stories`,
+      # `/stories?foo=bar`, redirect to `/posts` and `/posts?foo=bar` respectively.
       #
-      # Finally, an object which responds to call can be supplied to redirect, allowing you to reuse
-      # common redirect routes. The call method must accept two arguments, params and request, and return
-      # a string.
+      # Finally, an object which responds to call can be supplied to redirect,
+      # allowing you to reuse common redirect routes. The call method must accept two
+      # arguments, params and request, and return a string.
       #
-      #   get 'accounts/:name' => redirect(SubdomainRedirector.new('api'))
+      #     get 'accounts/:name' => redirect(SubdomainRedirector.new('api'))
       #
       def redirect(*args, &block)
         options = args.extract_options!