actionpack 4.2.11.1 → 5.2.4

data/lib/abstract_controller/helpers.rb

@@ -1,15 +1,14 @@
-require 'active_support/dependencies'
+# frozen_string_literal: true
+
+require "active_support/dependencies"
 
 module AbstractController
   module Helpers
     extend ActiveSupport::Concern
 
     included do
-      class_attribute :_helpers
-      self._helpers = Module.new
-
-      class_attribute :_helper_methods
-      self._helper_methods = Array.new
+      class_attribute :_helpers, default: Module.new
+      class_attribute :_helper_methods, default: Array.new
     end
 
     class MissingHelperError < LoadError
@@ -38,7 +37,8 @@ module AbstractController
       end
 
       # Declare a controller method as a helper. For example, the following
-      # makes the +current_user+ controller method available to the view:
+      # makes the +current_user+ and +logged_in?+ controller methods available
+      # to the view:
       #   class ApplicationController < ActionController::Base
       #     helper_method :current_user, :logged_in?
       #
@@ -170,25 +170,25 @@ module AbstractController
       end
 
       private
-      # Makes all the (instance) methods in the helper module available to templates
-      # rendered through this controller.
-      #
-      # ==== Parameters
-      # * <tt>module</tt> - The module to include into the current helper module
-      #   for the class
-      def add_template_helper(mod)
-        _helpers.module_eval { include mod }
-      end
+        # Makes all the (instance) methods in the helper module available to templates
+        # rendered through this controller.
+        #
+        # ==== Parameters
+        # * <tt>module</tt> - The module to include into the current helper module
+        #   for the class
+        def add_template_helper(mod)
+          _helpers.module_eval { include mod }
+        end
 
-      def default_helper_module!
-        module_name = name.sub(/Controller$/, '')
-        module_path = module_name.underscore
-        helper module_path
-      rescue MissingSourceFile => e
-        raise e unless e.is_missing? "helpers/#{module_path}_helper"
-      rescue NameError => e
-        raise e unless e.missing_name? "#{module_name}Helper"
-      end
+        def default_helper_module!
+          module_name = name.sub(/Controller$/, "".freeze)
+          module_path = module_name.underscore
+          helper module_path
+        rescue LoadError => e
+          raise e unless e.is_missing? "helpers/#{module_path}_helper"
+        rescue NameError => e
+          raise e unless e.missing_name? "#{module_name}Helper"
+        end
     end
   end
 end

data/lib/abstract_controller/logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/benchmarkable"
 
 module AbstractController

data/lib/abstract_controller/railties/routes_helpers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module AbstractController
   module Railties
     module RoutesHelpers
@@ -6,9 +8,9 @@ module AbstractController
           define_method(:inherited) do |klass|
             super(klass)
             if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_routes_url_helpers) }
-              klass.send(:include, namespace.railtie_routes_url_helpers(include_path_helpers))
+              klass.include(namespace.railtie_routes_url_helpers(include_path_helpers))
             else
-              klass.send(:include, routes.url_helpers(include_path_helpers))
+              klass.include(routes.url_helpers(include_path_helpers))
             end
           end
         end

data/lib/abstract_controller/rendering.rb

@@ -1,8 +1,9 @@
-require 'active_support/concern'
-require 'active_support/core_ext/class/attribute'
-require 'action_view'
-require 'action_view/view_paths'
-require 'set'
+# frozen_string_literal: true
+
+require "abstract_controller/error"
+require "action_view"
+require "action_view/view_paths"
+require "set"
 
 module AbstractController
   class DoubleRenderError < Error
@@ -17,52 +18,49 @@ module AbstractController
     extend ActiveSupport::Concern
     include ActionView::ViewPaths
 
-    # Normalize arguments, options and then delegates render_to_body and
-    # sticks the result in self.response_body.
-    # :api: public
+    # Normalizes arguments, options and then delegates render_to_body and
+    # sticks the result in <tt>self.response_body</tt>.
     def render(*args, &block)
       options = _normalize_render(*args, &block)
-      self.response_body = render_to_body(options)
-      _process_format(rendered_format, options) if rendered_format
-      self.response_body
+      rendered_body = render_to_body(options)
+      if options[:html]
+        _set_html_content_type
+      else
+        _set_rendered_content_type rendered_format
+      end
+      self.response_body = rendered_body
     end
 
     # Raw rendering of a template to a string.
     #
     # It is similar to render, except that it does not
-    # set the response_body and it should be guaranteed
+    # set the +response_body+ and it should be guaranteed
     # to always return a string.
     #
-    # If a component extends the semantics of response_body
-    # (as Action Controller extends it to be anything that
+    # If a component extends the semantics of +response_body+
+    # (as ActionController extends it to be anything that
     # responds to the method each), this method needs to be
     # overridden in order to still return a string.
-    # :api: plugin
     def render_to_string(*args, &block)
       options = _normalize_render(*args, &block)
       render_to_body(options)
     end
 
     # Performs the actual template rendering.
-    # :api: public
     def render_to_body(options = {})
     end
 
-    # Returns Content-Type of rendered content
-    # :api: public
+    # Returns Content-Type of rendered content.
     def rendered_format
-      Mime::TEXT
+      Mime[:text]
     end
 
-    DEFAULT_PROTECTED_INSTANCE_VARIABLES = Set.new %w(
-      @_action_name @_response_body @_formats @_prefixes @_config
-      @_view_context_class @_view_renderer @_lookup_context
-      @_routes @_db_runtime
-    ).map(&:to_sym)
+    DEFAULT_PROTECTED_INSTANCE_VARIABLES = Set.new %i(
+      @_action_name @_response_body @_formats @_prefixes
+    )
 
     # This method should return a hash with assigns.
     # You can overwrite this configuration per controller.
-    # :api: public
     def view_assigns
       protected_vars = _protected_ivars
       variables      = instance_variables
@@ -73,10 +71,11 @@ module AbstractController
       }
     end
 
-    # Normalize args by converting render "foo" to render :action => "foo" and
-    # render "foo/bar" to render :file => "foo/bar".
-    # :api: plugin
-    def _normalize_args(action=nil, options={})
+  private
+    # Normalize args by converting <tt>render "foo"</tt> to
+    # <tt>render :action => "foo"</tt> and <tt>render "foo/bar"</tt> to
+    # <tt>render :file => "foo/bar"</tt>.
+    def _normalize_args(action = nil, options = {}) # :doc:
       if action.respond_to?(:permitted?)
         if action.permitted?
           action
@@ -91,30 +90,32 @@ module AbstractController
     end
 
     # Normalize options.
-    # :api: plugin
-    def _normalize_options(options)
+    def _normalize_options(options) # :doc:
       options
     end
 
     # Process extra options.
-    # :api: plugin
-    def _process_options(options)
+    def _process_options(options) # :doc:
       options
     end
 
     # Process the rendered format.
-    # :api: private
-    def _process_format(format, options = {})
+    def _process_format(format) # :nodoc:
+    end
+
+    def _process_variant(options)
+    end
+
+    def _set_html_content_type # :nodoc:
+    end
+
+    def _set_rendered_content_type(format) # :nodoc:
     end
 
     # Normalize args and options.
-    # :api: private
-    def _normalize_render(*args, &block)
+    def _normalize_render(*args, &block) # :nodoc:
       options = _normalize_args(*args, &block)
-      #TODO: remove defined? when we restore AP <=> AV dependency
-      if defined?(request) && request && request.variant.present?
-        options[:variant] = request.variant
-      end
+      _process_variant(options)
       _normalize_options(options)
       options
     end

data/lib/abstract_controller/translation.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module AbstractController
   module Translation
     # Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
@@ -8,14 +10,15 @@ module AbstractController
     # <tt>I18n.translate("people.index.foo")</tt>. This makes it less repetitive
     # to translate many keys within the same controller / action and gives you a
     # simple framework for scoping them consistently.
-    def translate(*args)
-      key = args.first
-      if key.is_a?(String) && (key[0] == '.')
-        key = "#{ controller_path.tr('/', '.') }.#{ action_name }#{ key }"
-        args[0] = key
+    def translate(key, options = {})
+      if key.to_s.first == "."
+        path = controller_path.tr("/", ".")
+        defaults = [:"#{path}#{key}"]
+        defaults << options[:default] if options[:default]
+        options[:default] = defaults.flatten
+        key = "#{path}.#{action_name}#{key}"
       end
-
-      I18n.translate(*args)
+      I18n.translate(key, options)
     end
     alias :t :translate
 

data/lib/abstract_controller/url_for.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module AbstractController
   # Includes +url_for+ into the host class (e.g. an abstract controller or mailer). The class
   # has to provide a +RouteSet+ by implementing the <tt>_routes</tt> methods. Otherwise, an

data/lib/abstract_controller.rb

@@ -1,13 +1,15 @@
-require 'action_pack'
-require 'active_support/rails'
-require 'active_support/core_ext/module/attr_internal'
-require 'active_support/core_ext/module/anonymous'
-require 'active_support/i18n'
+# frozen_string_literal: true
+
+require "action_pack"
+require "active_support/rails"
+require "active_support/i18n"
 
 module AbstractController
   extend ActiveSupport::Autoload
 
+  autoload :ActionNotFound, "abstract_controller/base"
   autoload :Base
+  autoload :Caching
   autoload :Callbacks
   autoload :Collector
   autoload :DoubleRenderError, "abstract_controller/rendering"
@@ -17,4 +19,9 @@ module AbstractController
   autoload :Translation
   autoload :AssetPaths
   autoload :UrlFor
+
+  def self.eager_load!
+    super
+    AbstractController::Caching.eager_load!
+  end
 end

data/lib/action_controller/api/api_rendering.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module ActionController
+  module ApiRendering
+    extend ActiveSupport::Concern
+
+    included do
+      include Rendering
+    end
+
+    def render_to_body(options = {})
+      _process_options(options)
+      super
+    end
+  end
+end

data/lib/action_controller/api.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+require "action_view"
+require "action_controller"
+require "action_controller/log_subscriber"
+
+module ActionController
+  # API Controller is a lightweight version of <tt>ActionController::Base</tt>,
+  # created for applications that don't require all functionalities that a complete
+  # \Rails controller provides, allowing you to create controllers with just the
+  # features that you need for API only applications.
+  #
+  # An API Controller is different from a normal controller in the sense that
+  # by default it doesn't include a number of features that are usually required
+  # by browser access only: layouts and templates rendering, cookies, sessions,
+  # flash, assets, and so on. This makes the entire controller stack thinner,
+  # suitable for API applications. It doesn't mean you won't have such
+  # features if you need them: they're all available for you to include in
+  # your application, they're just not part of the default API controller stack.
+  #
+  # Normally, +ApplicationController+ is the only controller that inherits from
+  # <tt>ActionController::API</tt>. All other controllers in turn inherit from
+  # +ApplicationController+.
+  #
+  # A sample controller could look like this:
+  #
+  #   class PostsController < ApplicationController
+  #     def index
+  #       posts = Post.all
+  #       render json: posts
+  #     end
+  #   end
+  #
+  # Request, response, and parameters objects all work the exact same way as
+  # <tt>ActionController::Base</tt>.
+  #
+  # == Renders
+  #
+  # The default API Controller stack includes all renderers, which means you
+  # can use <tt>render :json</tt> and brothers freely in your controllers. Keep
+  # in mind that templates are not going to be rendered, so you need to ensure
+  # your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
+  # all actions, otherwise it will return 204 No Content.
+  #
+  #   def show
+  #     post = Post.find(params[:id])
+  #     render json: post
+  #   end
+  #
+  # == Redirects
+  #
+  # Redirects are used to move from one action to another. You can use the
+  # <tt>redirect_to</tt> method in your controllers in the same way as in
+  # <tt>ActionController::Base</tt>. For example:
+  #
+  #   def create
+  #     redirect_to root_url and return if not_authorized?
+  #     # do stuff here
+  #   end
+  #
+  # == Adding New Behavior
+  #
+  # In some scenarios you may want to add back some functionality provided by
+  # <tt>ActionController::Base</tt> that is not present by default in
+  # <tt>ActionController::API</tt>, for instance <tt>MimeResponds</tt>. This
+  # module gives you the <tt>respond_to</tt> method. Adding it is quite simple,
+  # you just need to include the module in a specific controller or in
+  # +ApplicationController+ in case you want it available in your entire
+  # application:
+  #
+  #   class ApplicationController < ActionController::API
+  #     include ActionController::MimeResponds
+  #   end
+  #
+  #   class PostsController < ApplicationController
+  #     def index
+  #       posts = Post.all
+  #
+  #       respond_to do |format|
+  #         format.json { render json: posts }
+  #         format.xml  { render xml: posts }
+  #       end
+  #     end
+  #   end
+  #
+  # Make sure to check the modules included in <tt>ActionController::Base</tt>
+  # if you want to use any other functionality that is not provided
+  # by <tt>ActionController::API</tt> out of the box.
+  class API < Metal
+    abstract!
+
+    # Shortcut helper that returns all the ActionController::API modules except
+    # the ones passed as arguments:
+    #
+    #   class MyAPIBaseController < ActionController::Metal
+    #     ActionController::API.without_modules(:ForceSSL, :UrlFor).each do |left|
+    #       include left
+    #     end
+    #   end
+    #
+    # This gives better control over what you want to exclude and makes it easier
+    # to create an API controller class, instead of listing the modules required
+    # manually.
+    def self.without_modules(*modules)
+      modules = modules.map do |m|
+        m.is_a?(Symbol) ? ActionController.const_get(m) : m
+      end
+
+      MODULES - modules
+    end
+
+    MODULES = [
+      AbstractController::Rendering,
+
+      UrlFor,
+      Redirecting,
+      ApiRendering,
+      Renderers::All,
+      ConditionalGet,
+      BasicImplicitRender,
+      StrongParameters,
+
+      ForceSSL,
+      DataStreaming,
+
+      # Before callbacks should also be executed as early as possible, so
+      # also include them at the bottom.
+      AbstractController::Callbacks,
+
+      # Append rescue at the bottom to wrap as much as possible.
+      Rescue,
+
+      # Add instrumentations hooks at the bottom, to ensure they instrument
+      # all the methods properly.
+      Instrumentation,
+
+      # Params wrapper should come before instrumentation so they are
+      # properly showed in logs
+      ParamsWrapper
+    ]
+
+    MODULES.each do |mod|
+      include mod
+    end
+
+    ActiveSupport.run_load_hooks(:action_controller_api, self)
+    ActiveSupport.run_load_hooks(:action_controller, self)
+  end
+end

data/lib/action_controller/base.rb

@@ -1,4 +1,6 @@
-require 'action_view'
+# frozen_string_literal: true
+
+require "action_view"
 require "action_controller/log_subscriber"
 require "action_controller/metal/params_wrapper"
 
@@ -8,7 +10,7 @@ module ActionController
   # on the controller, which will automatically be made accessible to the web-server through \Rails Routes.
   #
   # By default, only the ApplicationController in a \Rails application inherits from <tt>ActionController::Base</tt>. All other
-  # controllers in turn inherit from ApplicationController. This gives you one class to configure things such as
+  # controllers inherit from ApplicationController. This gives you one class to configure things such as
   # request forgery protection and filtering of sensitive request parameters.
   #
   # A sample controller could look like this:
@@ -30,9 +32,9 @@ module ActionController
   #
   # Unlike index, the create action will not render a template. After performing its main purpose (creating a
   # new post), it initiates a redirect instead. This redirect works by returning an external
-  # "302 Moved" HTTP response that takes the user to the index action.
+  # <tt>302 Moved</tt> HTTP response that takes the user to the index action.
   #
-  # These two methods represent the two basic action archetypes used in Action Controllers. Get-and-show and do-and-redirect.
+  # These two methods represent the two basic action archetypes used in Action Controllers: Get-and-show and do-and-redirect.
   # Most actions are variations on these themes.
   #
   # == Requests
@@ -50,17 +52,17 @@ module ActionController
   #
   # == Parameters
   #
-  # All request parameters, whether they come from a GET or POST request, or from the URL, are available through the params method
-  # which returns a hash. For example, an action that was performed through <tt>/posts?category=All&limit=5</tt> will include
-  # <tt>{ "category" => "All", "limit" => "5" }</tt> in params.
+  # All request parameters, whether they come from a query string in the URL or form data submitted through a POST request are
+  # available through the <tt>params</tt> method which returns a hash. For example, an action that was performed through
+  # <tt>/posts?category=All&limit=5</tt> will include <tt>{ "category" => "All", "limit" => "5" }</tt> in <tt>params</tt>.
   #
   # It's also possible to construct multi-dimensional parameter hashes by specifying keys using brackets, such as:
   #
   #   <input type="text" name="post[name]" value="david">
   #   <input type="text" name="post[address]" value="hyacintvej">
   #
-  # A request stemming from a form holding these inputs will include <tt>{ "post" => { "name" => "david", "address" => "hyacintvej" } }</tt>.
-  # If the address input had been named <tt>post[address][street]</tt>, the params would have included
+  # A request coming from a form holding these inputs will include <tt>{ "post" => { "name" => "david", "address" => "hyacintvej" } }</tt>.
+  # If the address input had been named <tt>post[address][street]</tt>, the <tt>params</tt> would have included
   # <tt>{ "post" => { "address" => { "street" => "hyacintvej" } } }</tt>. There's no limit to the depth of the nesting.
   #
   # == Sessions
@@ -74,7 +76,7 @@ module ActionController
   #
   #   session[:person] = Person.authenticate(user_name, password)
   #
-  # And retrieved again through the same hash:
+  # You can retrieve it again through the same hash:
   #
   #   Hello #{session[:person]}
   #
@@ -206,7 +208,6 @@ module ActionController
       AbstractController::AssetPaths,
 
       Helpers,
-      HideActions,
       UrlFor,
       Redirecting,
       ActionView::Layouts,
@@ -214,15 +215,17 @@ module ActionController
       Renderers::All,
       ConditionalGet,
       EtagWithTemplateDigest,
-      RackDelegation,
+      EtagWithFlash,
       Caching,
       MimeResponds,
       ImplicitRender,
       StrongParameters,
-
+      ParameterEncoding,
       Cookies,
       Flash,
+      FormBuilder,
       RequestForgeryProtection,
+      ContentSecurityPolicy,
       ForceSSL,
       Streaming,
       DataStreaming,
@@ -230,7 +233,7 @@ module ActionController
       HttpAuthentication::Digest::ControllerMethods,
       HttpAuthentication::Token::ControllerMethods,
 
-      # Before callbacks should also be executed the earliest as possible, so
+      # Before callbacks should also be executed as early as possible, so
       # also include them at the bottom.
       AbstractController::Callbacks,
 
@@ -249,20 +252,25 @@ module ActionController
     MODULES.each do |mod|
       include mod
     end
+    setup_renderer!
 
     # Define some internal variables that should not be propagated to the view.
-    PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES + [
-      :@_status, :@_headers, :@_params, :@_env, :@_response, :@_request,
-      :@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout ]
+    PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES + %i(
+      @_params @_response @_request @_config @_url_options @_action_has_layout @_view_context_class
+      @_view_renderer @_lookup_context @_routes @_view_runtime @_db_runtime @_helper_proxy
+    )
 
     def _protected_ivars # :nodoc:
       PROTECTED_IVARS
     end
 
-    def self.protected_instance_variables
-      PROTECTED_IVARS
+    def self.make_response!(request)
+      ActionDispatch::Response.create.tap do |res|
+        res.request = request
+      end
     end
 
+    ActiveSupport.run_load_hooks(:action_controller_base, self)
     ActiveSupport.run_load_hooks(:action_controller, self)
   end
 end