RubyGems - actionpack - Versions diffs - 4.2.11.1 → 6.1.3.2 - Mend

actionpack 4.2.11.1 → 6.1.3.2

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (187) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +291 -489
data/MIT-LICENSE +1 -1
data/README.rdoc +9 -9
data/lib/abstract_controller/asset_paths.rb +2 -0
data/lib/abstract_controller/base.rb +81 -51
data/lib/{action_controller → abstract_controller}/caching/fragments.rb +64 -17
data/lib/abstract_controller/caching.rb +66 -0
data/lib/abstract_controller/callbacks.rb +61 -33
data/lib/abstract_controller/collector.rb +9 -13
data/lib/abstract_controller/error.rb +6 -0
data/lib/abstract_controller/helpers.rb +115 -99
data/lib/abstract_controller/logger.rb +2 -0
data/lib/abstract_controller/railties/routes_helpers.rb +21 -3
data/lib/abstract_controller/rendering.rb +48 -47
data/lib/abstract_controller/translation.rb +17 -8
data/lib/abstract_controller/url_for.rb +2 -0
data/lib/abstract_controller.rb +13 -5
data/lib/action_controller/api/api_rendering.rb +16 -0
data/lib/action_controller/api.rb +150 -0
data/lib/action_controller/base.rb +29 -24
data/lib/action_controller/caching.rb +12 -57
data/lib/action_controller/form_builder.rb +50 -0
data/lib/action_controller/log_subscriber.rb +17 -19
data/lib/action_controller/metal/basic_implicit_render.rb +13 -0
data/lib/action_controller/metal/conditional_get.rb +134 -46
data/lib/action_controller/metal/content_security_policy.rb +51 -0
data/lib/action_controller/metal/cookies.rb +6 -4
data/lib/action_controller/metal/data_streaming.rb +30 -50
data/lib/action_controller/metal/default_headers.rb +17 -0
data/lib/action_controller/metal/etag_with_flash.rb +18 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +21 -16
data/lib/action_controller/metal/exceptions.rb +63 -15
data/lib/action_controller/metal/flash.rb +9 -8
data/lib/action_controller/metal/head.rb +26 -21
data/lib/action_controller/metal/helpers.rb +37 -18
data/lib/action_controller/metal/http_authentication.rb +81 -73
data/lib/action_controller/metal/implicit_render.rb +53 -9
data/lib/action_controller/metal/instrumentation.rb +32 -35
data/lib/action_controller/metal/live.rb +102 -120
data/lib/action_controller/metal/logging.rb +20 -0
data/lib/action_controller/metal/mime_responds.rb +49 -47
data/lib/action_controller/metal/parameter_encoding.rb +82 -0
data/lib/action_controller/metal/params_wrapper.rb +83 -66
data/lib/action_controller/metal/permissions_policy.rb +46 -0
data/lib/action_controller/metal/redirecting.rb +53 -32
data/lib/action_controller/metal/renderers.rb +87 -44
data/lib/action_controller/metal/rendering.rb +77 -50
data/lib/action_controller/metal/request_forgery_protection.rb +267 -103
data/lib/action_controller/metal/rescue.rb +10 -17
data/lib/action_controller/metal/streaming.rb +12 -11
data/lib/action_controller/metal/strong_parameters.rb +714 -186
data/lib/action_controller/metal/testing.rb +2 -17
data/lib/action_controller/metal/url_for.rb +19 -10
data/lib/action_controller/metal.rb +104 -87
data/lib/action_controller/railtie.rb +28 -10
data/lib/action_controller/railties/helpers.rb +3 -1
data/lib/action_controller/renderer.rb +141 -0
data/lib/action_controller/template_assertions.rb +11 -0
data/lib/action_controller/test_case.rb +296 -422
data/lib/action_controller.rb +34 -23
data/lib/action_dispatch/http/cache.rb +107 -56
data/lib/action_dispatch/http/content_disposition.rb +45 -0
data/lib/action_dispatch/http/content_security_policy.rb +286 -0
data/lib/action_dispatch/http/filter_parameters.rb +32 -25
data/lib/action_dispatch/http/filter_redirect.rb +10 -12
data/lib/action_dispatch/http/headers.rb +55 -22
data/lib/action_dispatch/http/mime_negotiation.rb +79 -51
data/lib/action_dispatch/http/mime_type.rb +153 -121
data/lib/action_dispatch/http/mime_types.rb +20 -6
data/lib/action_dispatch/http/parameters.rb +90 -40
data/lib/action_dispatch/http/permissions_policy.rb +173 -0
data/lib/action_dispatch/http/rack_cache.rb +2 -0
data/lib/action_dispatch/http/request.rb +226 -121
data/lib/action_dispatch/http/response.rb +248 -113
data/lib/action_dispatch/http/upload.rb +21 -7
data/lib/action_dispatch/http/url.rb +182 -100
data/lib/action_dispatch/journey/formatter.rb +90 -43
data/lib/action_dispatch/journey/gtg/builder.rb +28 -41
data/lib/action_dispatch/journey/gtg/simulator.rb +11 -16
data/lib/action_dispatch/journey/gtg/transition_table.rb +23 -21
data/lib/action_dispatch/journey/nfa/dot.rb +3 -14
data/lib/action_dispatch/journey/nodes/node.rb +29 -15
data/lib/action_dispatch/journey/parser.rb +17 -16
data/lib/action_dispatch/journey/parser.y +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +12 -4
data/lib/action_dispatch/journey/path/pattern.rb +58 -54
data/lib/action_dispatch/journey/route.rb +100 -32
data/lib/action_dispatch/journey/router/utils.rb +29 -18
data/lib/action_dispatch/journey/router.rb +55 -51
data/lib/action_dispatch/journey/routes.rb +17 -17
data/lib/action_dispatch/journey/scanner.rb +26 -17
data/lib/action_dispatch/journey/visitors.rb +98 -54
data/lib/action_dispatch/journey.rb +5 -5
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/callbacks.rb +3 -6
data/lib/action_dispatch/middleware/cookies.rb +347 -217
data/lib/action_dispatch/middleware/debug_exceptions.rb +135 -63
data/lib/action_dispatch/middleware/debug_locks.rb +124 -0
data/lib/action_dispatch/middleware/debug_view.rb +66 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +115 -71
data/lib/action_dispatch/middleware/executor.rb +21 -0
data/lib/action_dispatch/middleware/flash.rb +78 -54
data/lib/action_dispatch/middleware/host_authorization.rb +130 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +32 -27
data/lib/action_dispatch/middleware/reloader.rb +5 -91
data/lib/action_dispatch/middleware/remote_ip.rb +53 -45
data/lib/action_dispatch/middleware/request_id.rb +17 -10
data/lib/action_dispatch/middleware/session/abstract_store.rb +41 -26
data/lib/action_dispatch/middleware/session/cache_store.rb +24 -14
data/lib/action_dispatch/middleware/session/cookie_store.rb +74 -75
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +8 -2
data/lib/action_dispatch/middleware/show_exceptions.rb +28 -23
data/lib/action_dispatch/middleware/ssl.rb +118 -35
data/lib/action_dispatch/middleware/stack.rb +82 -41
data/lib/action_dispatch/middleware/static.rb +156 -89
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +4 -14
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +4 -2
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +45 -35
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +23 -4
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +15 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +105 -8
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +87 -64
data/lib/action_dispatch/railtie.rb +27 -13
data/lib/action_dispatch/request/session.rb +109 -61
data/lib/action_dispatch/request/utils.rb +90 -23
data/lib/action_dispatch/routing/endpoint.rb +9 -2
data/lib/action_dispatch/routing/inspector.rb +141 -102
data/lib/action_dispatch/routing/mapper.rb +811 -473
data/lib/action_dispatch/routing/polymorphic_routes.rb +167 -143
data/lib/action_dispatch/routing/redirection.rb +37 -27
data/lib/action_dispatch/routing/route_set.rb +363 -331
data/lib/action_dispatch/routing/routes_proxy.rb +32 -5
data/lib/action_dispatch/routing/url_for.rb +66 -26
data/lib/action_dispatch/routing.rb +36 -36
data/lib/action_dispatch/system_test_case.rb +190 -0
data/lib/action_dispatch/system_testing/browser.rb +86 -0
data/lib/action_dispatch/system_testing/driver.rb +67 -0
data/lib/action_dispatch/system_testing/server.rb +31 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +138 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +29 -0
data/lib/action_dispatch/testing/assertion_response.rb +46 -0
data/lib/action_dispatch/testing/assertions/response.rb +44 -22
data/lib/action_dispatch/testing/assertions/routing.rb +47 -31
data/lib/action_dispatch/testing/assertions.rb +6 -4
data/lib/action_dispatch/testing/integration.rb +391 -220
data/lib/action_dispatch/testing/request_encoder.rb +55 -0
data/lib/action_dispatch/testing/test_process.rb +53 -22
data/lib/action_dispatch/testing/test_request.rb +27 -34
data/lib/action_dispatch/testing/test_response.rb +11 -11
data/lib/action_dispatch.rb +35 -21
data/lib/action_pack/gem_version.rb +6 -4
data/lib/action_pack/version.rb +3 -1
data/lib/action_pack.rb +4 -2
metadata +78 -48
data/lib/action_controller/metal/force_ssl.rb +0 -97
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/http/parameter_filter.rb +0 -72
data/lib/action_dispatch/journey/backwards.rb +0 -5
data/lib/action_dispatch/journey/nfa/builder.rb +0 -76
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -163
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/middleware/params_parser.rb +0 -60
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_controller/metal/testing.rb CHANGED Viewed

@@ -1,31 +1,16 @@
+# frozen_string_literal: true
 module ActionController
   module Testing
     extend ActiveSupport::Concern
-    include RackDelegation
-    # TODO : Rewrite tests using controller.headers= to use Rack env
-    def headers=(new_headers)
-      @_response ||= ActionDispatch::Response.new
-      @_response.headers.replace(new_headers)
-    end
     # Behavior specific to functional tests
     module Functional # :nodoc:
-      def set_response!(request)
-      end
       def recycle!
         @_url_options = nil
         self.formats = nil
         self.params = nil
       end
     end
-    module ClassMethods
-      def before_filters
-        _process_action_callbacks.find_all{|x| x.kind == :before}.map{|x| x.name}
-      end
-    end
   end
 end

data/lib/action_controller/metal/url_for.rb CHANGED Viewed

@@ -1,10 +1,15 @@
+# frozen_string_literal: true
 module ActionController
   # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing
   # the <tt>_routes</tt> method. Otherwise, an exception will be raised.
   #
   # In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define
-  # url options like the +host+. In order to do so, this module requires the host class
-  # to implement +env+ and +request+, which need to be a Rack-compatible.
+  # URL options like the +host+. In order to do so, this module requires the host class
+  # to implement +env+ which needs to be Rack-compatible and +request+
+  # which is either an instance of +ActionDispatch::Request+ or an object
+  # that responds to the +host+, +optional_port+, +protocol+ and
+  # +symbolized_path_parameter+ methods.
   #
   #   class RootUrl
   #     include ActionController::UrlFor
@@ -24,21 +29,25 @@ module ActionController
     def url_options
       @_url_options ||= {
-        :host => request.host,
-        :port => request.optional_port,
-        :protocol => request.protocol,
-        :_recall => request.path_parameters
+        host: request.host,
+        port: request.optional_port,
+        protocol: request.protocol,
+        _recall: request.path_parameters
       }.merge!(super).freeze
-      if (same_origin = _routes.equal?(env["action_dispatch.routes".freeze])) ||
-         (script_name = env["ROUTES_#{_routes.object_id}_SCRIPT_NAME"]) ||
-         (original_script_name = env['ORIGINAL_SCRIPT_NAME'.freeze])
+      if (same_origin = _routes.equal?(request.routes)) ||
+         (script_name = request.engine_script_name(_routes)) ||
+         (original_script_name = request.original_script_name)
         options = @_url_options.dup
         if original_script_name
           options[:original_script_name] = original_script_name
         else
-          options[:script_name] = same_origin ? request.script_name.dup : script_name
+          if same_origin
+            options[:script_name] = request.script_name.empty? ? "" : request.script_name.dup
+          else
+            options[:script_name] = script_name
+          end
         end
         options.freeze
       else

data/lib/action_controller/metal.rb CHANGED Viewed

@@ -1,5 +1,9 @@
-require 'active_support/core_ext/array/extract_options'
-require 'action_dispatch/middleware/stack'
+# frozen_string_literal: true
+require "active_support/core_ext/array/extract_options"
+require "action_dispatch/middleware/stack"
+require "action_dispatch/http/request"
+require "action_dispatch/http/response"
 module ActionController
   # Extend ActionDispatch middleware stack to make it aware of options
@@ -11,32 +15,49 @@ module ActionController
   #
   class MiddlewareStack < ActionDispatch::MiddlewareStack #:nodoc:
     class Middleware < ActionDispatch::MiddlewareStack::Middleware #:nodoc:
-      def initialize(klass, *args, &block)
-        options = args.extract_options!
-        @only   = Array(options.delete(:only)).map(&:to_s)
-        @except = Array(options.delete(:except)).map(&:to_s)
-        args << options unless options.empty?
-        super
+      def initialize(klass, args, actions, strategy, block)
+        @actions = actions
+        @strategy = strategy
+        super(klass, args, block)
       end
       def valid?(action)
-        if @only.present?
-          @only.include?(action)
-        elsif @except.present?
-          !@except.include?(action)
-        else
-          true
-        end
+        @strategy.call @actions, action
       end
     end
-    def build(action, app = Proc.new)
+    def build(action, app = nil, &block)
       action = action.to_s
-      middlewares.reverse.inject(app) do |a, middleware|
+      middlewares.reverse.inject(app || block) do |a, middleware|
         middleware.valid?(action) ? middleware.build(a) : a
       end
     end
+    private
+      INCLUDE = ->(list, action) { list.include? action }
+      EXCLUDE = ->(list, action) { !list.include? action }
+      NULL    = ->(list, action) { true }
+      def build_middleware(klass, args, block)
+        options = args.extract_options!
+        only   = Array(options.delete(:only)).map(&:to_s)
+        except = Array(options.delete(:except)).map(&:to_s)
+        args << options unless options.empty?
+        strategy = NULL
+        list     = nil
+        if only.any?
+          strategy = INCLUDE
+          list     = only
+        elsif except.any?
+          strategy = EXCLUDE
+          list     = except
+        end
+        Middleware.new(klass, args, list, strategy, block)
+      end
   end
   # <tt>ActionController::Metal</tt> is the simplest possible controller, providing a
@@ -98,12 +119,6 @@ module ActionController
   class Metal < AbstractController::Base
     abstract!
-    attr_internal_writer :env
-    def env
-      @_env ||= {}
-    end
     # Returns the last part of the controller's name, underscored, without the ending
     # <tt>Controller</tt>. For instance, PostsController returns <tt>posts</tt>.
     # Namespaces are left out, so Admin::PostsController returns <tt>posts</tt> as well.
@@ -111,26 +126,30 @@ module ActionController
     # ==== Returns
     # * <tt>string</tt>
     def self.controller_name
-      @controller_name ||= name.demodulize.sub(/Controller$/, '').underscore
+      @controller_name ||= (name.demodulize.delete_suffix("Controller").underscore unless anonymous?)
     end
-    # Delegates to the class' <tt>controller_name</tt>
+    def self.make_response!(request)
+      ActionDispatch::Response.new.tap do |res|
+        res.request = request
+      end
+    end
+    def self.action_encoding_template(action) # :nodoc:
+      false
+    end
+    # Delegates to the class' <tt>controller_name</tt>.
     def controller_name
       self.class.controller_name
     end
-    # The details below can be overridden to support a specific
-    # Request and Response object. The default ActionController::Base
-    # implementation includes RackDelegation, which makes a request
-    # and response object available. You might wish to control the
-    # environment and response manually for performance reasons.
-    attr_internal :headers, :response, :request
-    delegate :session, :to => "@_request"
+    attr_internal :response, :request
+    delegate :session, to: "@_request"
+    delegate :headers, :status=, :location=, :content_type=,
+             :status, :location, :content_type, :media_type, to: "@_response"
     def initialize
-      @_headers = {"Content-Type" => "text/html"}
-      @_status = 200
       @_request = nil
       @_response = nil
       @_routes = nil
@@ -145,74 +164,65 @@ module ActionController
       @_params = val
     end
-    # Basic implementations for content_type=, location=, and headers are
-    # provided to reduce the dependency on the RackDelegation module
-    # in Renderer and Redirector.
-    def content_type=(type)
-      headers["Content-Type"] = type.to_s
-    end
-    def content_type
-      headers["Content-Type"]
-    end
-    def location
-      headers["Location"]
-    end
-    def location=(url)
-      headers["Location"] = url
-    end
+    alias :response_code :status # :nodoc:
-    # Basic url_for that can be overridden for more robust functionality
+    # Basic url_for that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
-    def status
-      @_status
-    end
-    alias :response_code :status # :nodoc:
-    def status=(status)
-      @_status = Rack::Utils.status_code(status)
-    end
     def response_body=(body)
       body = [body] unless body.nil? || body.respond_to?(:each)
+      response.reset_body!
+      return unless body
+      response.body = body
       super
     end
     # Tests if render or redirect has already happened.
     def performed?
-      response_body || (response && response.committed?)
+      response_body || response.committed?
     end
-    def dispatch(name, request) #:nodoc:
-      @_request = request
-      @_env = request.env
-      @_env['action_controller.instance'] = self
+    def dispatch(name, request, response) #:nodoc:
+      set_request!(request)
+      set_response!(response)
       process(name)
+      request.commit_flash
       to_a
     end
+    def set_response!(response) # :nodoc:
+      @_response = response
+    end
+    def set_request!(request) #:nodoc:
+      @_request = request
+      @_request.controller_instance = self
+    end
     def to_a #:nodoc:
-      response ? response.to_a : [status, headers, response_body]
+      response.to_a
     end
-    class_attribute :middleware_stack
-    self.middleware_stack = ActionController::MiddlewareStack.new
+    def reset_session
+      @_request.reset_session
+    end
+    class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new
     def self.inherited(base) # :nodoc:
       base.middleware_stack = middleware_stack.dup
       super
     end
-    # Pushes the given Rack middleware and its arguments to the bottom of the
-    # middleware stack.
-    def self.use(*args, &block)
-      middleware_stack.use(*args, &block)
+    class << self
+      # Pushes the given Rack middleware and its arguments to the bottom of the
+      # middleware stack.
+      def use(*args, &block)
+        middleware_stack.use(*args, &block)
+      end
+      ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
     end
     # Alias for +middleware_stack+.
@@ -220,21 +230,28 @@ module ActionController
       middleware_stack
     end
-    # Makes the controller a Rack endpoint that runs the action in the given
-    # +env+'s +action_dispatch.request.path_parameters+ key.
-    def self.call(env)
-      req = ActionDispatch::Request.new env
-      action(req.path_parameters[:action]).call(env)
+    # Returns a Rack endpoint for the given action name.
+    def self.action(name)
+      app = lambda { |env|
+        req = ActionDispatch::Request.new(env)
+        res = make_response! req
+        new.dispatch(name, req, res)
+      }
+      if middleware_stack.any?
+        middleware_stack.build(name, app)
+      else
+        app
+      end
     end
-    # Returns a Rack endpoint for the given action name.
-    def self.action(name, klass = ActionDispatch::Request)
+    # Direct dispatch to the controller. Instantiates the controller, then
+    # executes the action named +name+.
+    def self.dispatch(name, req, res)
       if middleware_stack.any?
-        middleware_stack.build(name) do |env|
-          new.dispatch(name, klass.new(env))
-        end
+        middleware_stack.build(name) { |env| new.dispatch(name, req, res) }.call req.env
       else
-        lambda { |env| new.dispatch(name, klass.new(env)) }
+        new.dispatch(name, req, res)
       end
     end
   end

data/lib/action_controller/railtie.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
@@ -11,7 +13,7 @@ module ActionController
     config.eager_load_namespaces << ActionController
-    initializer "action_controller.assets_config", :group => :all do |app|
+    initializer "action_controller.assets_config", group: :all do |app|
       app.config.action_controller.assets_dir ||= app.config.paths["public"].first
     end
@@ -22,13 +24,15 @@ module ActionController
     initializer "action_controller.parameters_config" do |app|
       options = app.config.action_controller
-      ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
-      if app.config.action_controller[:always_permitted_parameters]
-        ActionController::Parameters.always_permitted_parameters =
-          app.config.action_controller.delete(:always_permitted_parameters)
-      end
-      ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
-        (Rails.env.test? || Rails.env.development?) ? :log : false
+      ActiveSupport.on_load(:action_controller, run_once: true) do
+        ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
+        if app.config.action_controller[:always_permitted_parameters]
+          ActionController::Parameters.always_permitted_parameters =
+            app.config.action_controller.delete(:always_permitted_parameters)
+        end
+        ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
+          (Rails.env.test? || Rails.env.development?) ? :log : false
+        end
       end
     end
@@ -42,7 +46,7 @@ module ActionController
       options.javascripts_dir ||= paths["public/javascripts"].first
       options.stylesheets_dir ||= paths["public/stylesheets"].first
-      # Ensure readers methods get compiled
+      # Ensure readers methods get compiled.
       options.asset_host        ||= app.config.asset_host
       options.relative_url_root ||= app.config.relative_url_root
@@ -51,7 +55,7 @@ module ActionController
         extend ::AbstractController::Railties::RoutesHelpers.with(app.routes)
         extend ::ActionController::Railties::Helpers
-        options.each do |k,v|
+        options.each do |k, v|
           k = "#{k}="
           if respond_to?(k)
             send(k, v)
@@ -67,5 +71,19 @@ module ActionController
         config.compile_methods! if config.respond_to?(:compile_methods!)
       end
     end
+    initializer "action_controller.request_forgery_protection" do |app|
+      ActiveSupport.on_load(:action_controller_base) do
+        if app.config.action_controller.default_protect_from_forgery
+          protect_from_forgery with: :exception
+        end
+      end
+    end
+    initializer "action_controller.eager_load_actions" do
+      ActiveSupport.on_load(:after_initialize) do
+        ActionController::Metal.descendants.each(&:action_methods) if config.eager_load
+      end
+    end
   end
 end

data/lib/action_controller/railties/helpers.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module ActionController
   module Railties
     module Helpers
@@ -5,7 +7,7 @@ module ActionController
         super
         return unless klass.respond_to?(:helpers_path=)
-        if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
+        if namespace = klass.module_parents.detect { |m| m.respond_to?(:railtie_helpers_paths) }
           paths = namespace.railtie_helpers_paths
         else
           paths = ActionController::Helpers.helpers_path

data/lib/action_controller/renderer.rb ADDED Viewed

@@ -0,0 +1,141 @@
+# frozen_string_literal: true
+module ActionController
+  # ActionController::Renderer allows you to render arbitrary templates
+  # without requirement of being in controller actions.
+  #
+  # You get a concrete renderer class by invoking ActionController::Base#renderer.
+  # For example:
+  #
+  #   ApplicationController.renderer
+  #
+  # It allows you to call method #render directly.
+  #
+  #   ApplicationController.renderer.render template: '...'
+  #
+  # You can use this shortcut in a controller, instead of the previous example:
+  #
+  #   ApplicationController.render template: '...'
+  #
+  # #render allows you to use the same options that you can use when rendering in a controller.
+  # For example:
+  #
+  #   FooController.render :action, locals: { ... }, assigns: { ... }
+  #
+  # The template will be rendered in a Rack environment which is accessible through
+  # ActionController::Renderer#env. You can set it up in two ways:
+  #
+  # *  by changing renderer defaults, like
+  #
+  #       ApplicationController.renderer.defaults # => hash with default Rack environment
+  #
+  # *  by initializing an instance of renderer by passing it a custom environment.
+  #
+  #       ApplicationController.renderer.new(method: 'post', https: true)
+  #
+  class Renderer
+    attr_reader :defaults, :controller
+    DEFAULTS = {
+      http_host: "example.org",
+      https: false,
+      method: "get",
+      script_name: "",
+      input: ""
+    }.freeze
+    # Create a new renderer instance for a specific controller class.
+    def self.for(controller, env = {}, defaults = DEFAULTS.dup)
+      new(controller, env, defaults)
+    end
+    # Create a new renderer for the same controller but with a new env.
+    def new(env = {})
+      self.class.new controller, env, defaults
+    end
+    # Create a new renderer for the same controller but with new defaults.
+    def with_defaults(defaults)
+      self.class.new controller, @env, self.defaults.merge(defaults)
+    end
+    # Accepts a custom Rack environment to render templates in.
+    # It will be merged with the default Rack environment defined by
+    # +ActionController::Renderer::DEFAULTS+.
+    def initialize(controller, env, defaults)
+      @controller = controller
+      @defaults = defaults
+      @env = normalize_keys defaults, env
+    end
+    # Render templates with any options from ActionController::Base#render_to_string.
+    #
+    # The primary options are:
+    # * <tt>:partial</tt> - See <tt>ActionView::PartialRenderer</tt> for details.
+    # * <tt>:file</tt> - Renders an explicit template file. Add <tt>:locals</tt> to pass in, if so desired.
+    #   It shouldn’t be used directly with unsanitized user input due to lack of validation.
+    # * <tt>:inline</tt> - Renders an ERB template string.
+    # * <tt>:plain</tt> - Renders provided text and sets the content type as <tt>text/plain</tt>.
+    # * <tt>:html</tt> - Renders the provided HTML safe string, otherwise
+    #   performs HTML escape on the string first. Sets the content type as <tt>text/html</tt>.
+    # * <tt>:json</tt> - Renders the provided hash or object in JSON. You don't
+    #   need to call <tt>.to_json</tt> on the object you want to render.
+    # * <tt>:body</tt> - Renders provided text and sets content type of <tt>text/plain</tt>.
+    #
+    # If no <tt>options</tt> hash is passed or if <tt>:update</tt> is specified, then:
+    #
+    # If an object responding to +render_in+ is passed, +render_in+ is called on the object,
+    # passing in the current view context.
+    #
+    # Otherwise, a partial is rendered using the second parameter as the locals hash.
+    def render(*args)
+      raise "missing controller" unless controller
+      request = ActionDispatch::Request.new @env
+      request.routes = controller._routes
+      instance = controller.new
+      instance.set_request! request
+      instance.set_response! controller.make_response!(request)
+      instance.render_to_string(*args)
+    end
+    alias_method :render_to_string, :render # :nodoc:
+    private
+      def normalize_keys(defaults, env)
+        new_env = {}
+        env.each_pair { |k, v| new_env[rack_key_for(k)] = rack_value_for(k, v) }
+        defaults.each_pair do |k, v|
+          key = rack_key_for(k)
+          new_env[key] = rack_value_for(k, v) unless new_env.key?(key)
+        end
+        new_env["rack.url_scheme"] = new_env["HTTPS"] == "on" ? "https" : "http"
+        new_env
+      end
+      RACK_KEY_TRANSLATION = {
+        http_host:   "HTTP_HOST",
+        https:       "HTTPS",
+        method:      "REQUEST_METHOD",
+        script_name: "SCRIPT_NAME",
+        input:       "rack.input"
+      }
+      def rack_key_for(key)
+        RACK_KEY_TRANSLATION[key] || key.to_s
+      end
+      def rack_value_for(key, value)
+        case key
+        when :https
+          value ? "on" : "off"
+        when :method
+          -value.upcase
+        else
+          value
+        end
+      end
+  end
+end

data/lib/action_controller/template_assertions.rb ADDED Viewed

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+module ActionController
+  module TemplateAssertions # :nodoc:
+    def assert_template(options = {}, message = nil)
+      raise NoMethodError,
+        "assert_template has been extracted to a gem. To continue using it,
+        add `gem 'rails-controller-testing'` to your Gemfile."
+    end
+  end
+end