actionpack 4.2.11.3 → 5.0.0.beta1

data/lib/action_dispatch/middleware/cookies.rb

@@ -1,15 +1,63 @@
 require 'active_support/core_ext/hash/keys'
-require 'active_support/core_ext/module/attribute_accessors'
-require 'active_support/core_ext/object/blank'
 require 'active_support/key_generator'
 require 'active_support/message_verifier'
 require 'active_support/json'
 
 module ActionDispatch
-  class Request < Rack::Request
+  class Request
     def cookie_jar
-      env['action_dispatch.cookies'] ||= Cookies::CookieJar.build(self)
+      fetch_header('action_dispatch.cookies'.freeze) do
+        self.cookie_jar = Cookies::CookieJar.build(self, cookies)
+      end
+    end
+
+    # :stopdoc:
+    prepend Module.new {
+      def commit_cookie_jar!
+        cookie_jar.commit!
+      end
+    }
+
+    def have_cookie_jar?
+      has_header? 'action_dispatch.cookies'.freeze
+    end
+
+    def cookie_jar=(jar)
+      set_header 'action_dispatch.cookies'.freeze, jar
+    end
+
+    def key_generator
+      get_header Cookies::GENERATOR_KEY
+    end
+
+    def signed_cookie_salt
+      get_header Cookies::SIGNED_COOKIE_SALT
+    end
+
+    def encrypted_cookie_salt
+      get_header Cookies::ENCRYPTED_COOKIE_SALT
+    end
+
+    def encrypted_signed_cookie_salt
+      get_header Cookies::ENCRYPTED_SIGNED_COOKIE_SALT
     end
+
+    def secret_token
+      get_header Cookies::SECRET_TOKEN
+    end
+
+    def secret_key_base
+      get_header Cookies::SECRET_KEY_BASE
+    end
+
+    def cookies_serializer
+      get_header Cookies::COOKIES_SERIALIZER
+    end
+
+    def cookies_digest
+      get_header Cookies::COOKIES_DIGEST
+    end
+    # :startdoc:
   end
 
   # \Cookies are read and written through ActionController#cookies.
@@ -35,6 +83,12 @@ module ActionDispatch
   #   # It can be read using the signed method `cookies.signed[:name]`
   #   cookies.signed[:user_id] = current_user.id
   #
+  #   # Sets an encrypted cookie value before sending it to the client which
+  #   # prevent users from reading and tampering with its value.
+  #   # The cookie is signed by your app's `secrets.secret_key_base` value.
+  #   # It can be read using the encrypted method `cookies.encrypted[:name]`
+  #   cookies.encrypted[:discount] = 45
+  #
   #   # Sets a "permanent" cookie (which expires in 20 years from now).
   #   cookies.permanent[:login] = "XJ-122"
   #
@@ -47,6 +101,7 @@ module ActionDispatch
   #   cookies.size                  # => 2
   #   JSON.parse(cookies[:lat_lon]) # => [47.68, -122.37]
   #   cookies.signed[:login]        # => "XJ-122"
+  #   cookies.encrypted[:discount]  # => 45
   #
   # Example for deleting:
   #
@@ -73,12 +128,15 @@ module ActionDispatch
   #   to <tt>:all</tt>. Make sure to specify the <tt>:domain</tt> option with
   #   <tt>:all</tt> or <tt>Array</tt> again when deleting cookies.
   #
-  #     domain: nil  # Does not sets cookie domain. (default)
+  #     domain: nil  # Does not set cookie domain. (default)
   #     domain: :all # Allow the cookie for the top most level
   #                  # domain and subdomains.
   #     domain: %w(.example.com .example.org) # Allow the cookie
   #                                           # for concrete domain names.
   #
+  # * <tt>:tld_length</tt> - When using <tt>:domain => :all</tt>, this option can be used to explicitly
+  #   set the TLD length when using a short (<= 3 character) domain that is being interpreted as part of a TLD.
+  #   For example, to share cookies between user1.lvh.me and user2.lvh.me, set <tt>:tld_length</tt> to 1.
   # * <tt>:expires</tt> - The time at which this cookie expires, as a \Time object.
   # * <tt>:secure</tt> - Whether this cookie is only transmitted to HTTPS servers.
   #   Default is +false+.
@@ -115,7 +173,7 @@ module ActionDispatch
       #   cookies.permanent.signed[:remember_me] = current_user.id
       #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+        @permanent ||= PermanentCookieJar.new(self)
       end
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -135,10 +193,10 @@ module ActionDispatch
       #   cookies.signed[:discount] # => 45
       def signed
         @signed ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacySignedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacySignedCookieJar.new(self)
           else
-            SignedCookieJar.new(self, @key_generator, @options)
+            SignedCookieJar.new(self)
           end
       end
 
@@ -158,10 +216,10 @@ module ActionDispatch
       #   cookies.encrypted[:discount] # => 45
       def encrypted
         @encrypted ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacyEncryptedCookieJar.new(self)
           else
-            EncryptedCookieJar.new(self, @key_generator, @options)
+            EncryptedCookieJar.new(self)
           end
       end
 
@@ -169,12 +227,18 @@ module ActionDispatch
       # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
       def signed_or_encrypted
         @signed_or_encrypted ||=
-          if @options[:secret_key_base].present?
+          if request.secret_key_base.present?
             encrypted
           else
             signed
           end
       end
+
+      private
+
+      def upgrade_legacy_signed_cookies?
+        request.secret_token.present? && request.secret_key_base.present?
+      end
     end
 
     # Passing the ActiveSupport::MessageEncryptor::NullSerializer downstream
@@ -184,7 +248,7 @@ module ActionDispatch
     module VerifyAndUpgradeLegacySignedMessage # :nodoc:
       def initialize(*args)
         super
-        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: ActiveSupport::MessageEncryptor::NullSerializer)
+        @legacy_verifier = ActiveSupport::MessageVerifier.new(request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
       def verify_and_upgrade_legacy_signed_message(name, signed_message)
@@ -194,6 +258,11 @@ module ActionDispatch
       rescue ActiveSupport::MessageVerifier::InvalidSignature
         nil
       end
+
+      private
+        def parse(name, signed_message)
+          super || verify_and_upgrade_legacy_signed_message(name, signed_message)
+        end
     end
 
     class CookieJar #:nodoc:
@@ -213,38 +282,18 @@ module ActionDispatch
       # $& => example.local
       DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
 
-      def self.options_for_env(env) #:nodoc:
-        { signed_cookie_salt: env[SIGNED_COOKIE_SALT] || '',
-          encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT] || '',
-          encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '',
-          secret_token: env[SECRET_TOKEN],
-          secret_key_base: env[SECRET_KEY_BASE],
-          upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
-          serializer: env[COOKIES_SERIALIZER],
-          digest: env[COOKIES_DIGEST]
-        }
-      end
-
-      def self.build(request)
-        env = request.env
-        key_generator = env[GENERATOR_KEY]
-        options = options_for_env env
-
-        host = request.host
-        secure = request.ssl?
-
-        new(key_generator, host, secure, options).tap do |hash|
-          hash.update(request.cookies)
+      def self.build(req, cookies)
+        new(req).tap do |hash|
+          hash.update(cookies)
         end
       end
 
-      def initialize(key_generator, host = nil, secure = false, options = {})
-        @key_generator = key_generator
+      attr_reader :request
+
+      def initialize(request)
         @set_cookies = {}
         @delete_cookies = {}
-        @host = host
-        @secure = secure
-        @options = options
+        @request = request
         @cookies = {}
         @committed = false
       end
@@ -280,21 +329,32 @@ module ActionDispatch
         self
       end
 
+      def update_cookies_from_jar
+        request_jar = @request.cookie_jar.instance_variable_get(:@cookies)
+        set_cookies = request_jar.reject { |k,_| @delete_cookies.key?(k) }
+
+        @cookies.update set_cookies if set_cookies
+      end
+
+      def to_header
+        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
+      end
+
       def handle_options(options) #:nodoc:
         options[:path] ||= "/"
 
-        if options[:domain] == :all
+        if options[:domain] == :all || options[:domain] == 'all'
           # if there is a provided tld length then we use it otherwise default domain regexp
           domain_regexp = options[:tld_length] ? /([^.]+\.?){#{options[:tld_length]}}$/ : DOMAIN_REGEXP
 
           # if host is not ip and matches domain regexp
           # (ip confirms to domain regexp so we explicitly check for ip)
-          options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ domain_regexp)
+          options[:domain] = if (request.host !~ /^[\d.]+$/) && (request.host =~ domain_regexp)
             ".#{$&}"
           end
         elsif options[:domain].is_a? Array
           # if host matches one of the supplied domains without a dot in front of it
-          options[:domain] = options[:domain].find {|domain| @host.include? domain.sub(/^\./, '') }
+          options[:domain] = options[:domain].find {|domain| request.host.include? domain.sub(/^\./, '') }
         end
       end
 
@@ -311,7 +371,7 @@ module ActionDispatch
 
         handle_options(options)
 
-        if @cookies[name.to_s] != value || options[:expires]
+        if @cookies[name.to_s] != value or options[:expires]
           @cookies[name.to_s] = value
           @set_cookies[name.to_s] = options
           @delete_cookies.delete(name.to_s)
@@ -349,47 +409,71 @@ module ActionDispatch
       end
 
       def write(headers)
-        @set_cookies.each { |k, v| ::Rack::Utils.set_cookie_header!(headers, k, v) if write_cookie?(v) }
-        @delete_cookies.each { |k, v| ::Rack::Utils.delete_cookie_header!(headers, k, v) }
-      end
-
-      def recycle! #:nodoc:
-        @set_cookies = {}
-        @delete_cookies = {}
+        if header = make_set_cookie_header(headers[HTTP_HEADER])
+          headers[HTTP_HEADER] = header
+        end
       end
 
       mattr_accessor :always_write_cookie
       self.always_write_cookie = false
 
       private
-        def write_cookie?(cookie)
-          @secure || !cookie[:secure] || always_write_cookie
-        end
+
+      def make_set_cookie_header(header)
+        header = @set_cookies.inject(header) { |m, (k, v)|
+          if write_cookie?(v)
+            ::Rack::Utils.add_cookie_to_header(m, k, v)
+          else
+            m
+          end
+        }
+        @delete_cookies.inject(header) { |m, (k, v)|
+          ::Rack::Utils.add_remove_cookie_to_header(m, k, v)
+        }
+      end
+
+      def write_cookie?(cookie)
+        request.ssl? || !cookie[:secure] || always_write_cookie
+      end
     end
 
-    class PermanentCookieJar #:nodoc:
+    class AbstractCookieJar # :nodoc:
       include ChainedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar)
         @parent_jar = parent_jar
-        @key_generator = key_generator
-        @options = options
       end
 
       def [](name)
-        @parent_jar[name.to_s]
+        if data = @parent_jar[name.to_s]
+          parse name, data
+        end
       end
 
       def []=(name, options)
         if options.is_a?(Hash)
           options.symbolize_keys!
         else
-          options = { :value => options }
+          options = { value: options }
         end
 
-        options[:expires] = 20.years.from_now
+        commit(options)
         @parent_jar[name] = options
       end
+
+      protected
+        def request; @parent_jar.request; end
+
+      private
+        def parse(name, data); data; end
+        def commit(options); end
+    end
+
+    class PermanentCookieJar < AbstractCookieJar # :nodoc:
+      private
+        def commit(options)
+          options[:expires] = 20.years.from_now
+        end
     end
 
     class JsonSerializer # :nodoc:
@@ -407,10 +491,10 @@ module ActionDispatch
 
       protected
         def needs_migration?(value)
-          @options[:serializer] == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
+          request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
         end
 
-        def serialize(name, value)
+        def serialize(value)
           serializer.dump(value)
         end
 
@@ -427,7 +511,7 @@ module ActionDispatch
         end
 
         def serializer
-          serializer = @options[:serializer] || :marshal
+          serializer = request.cookies_serializer || :marshal
           case serializer
           when :marshal
             Marshal
@@ -439,103 +523,71 @@ module ActionDispatch
         end
 
         def digest
-          @options[:digest] || 'SHA1'
+          request.cookies_digest || 'SHA1'
+        end
+
+        def key_generator
+          request.key_generator
         end
     end
 
-    class SignedCookieJar #:nodoc:
-      include ChainedCookieJars
+    class SignedCookieJar < AbstractCookieJar # :nodoc:
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
-        @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:signed_cookie_salt])
+      def initialize(parent_jar)
+        super
+        secret = key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
-      def [](name)
-        if signed_message = @parent_jar[name]
-          deserialize name, verify(signed_message)
-        end
-      end
-
-      def []=(name, options)
-        if options.is_a?(Hash)
-          options.symbolize_keys!
-          options[:value] = @verifier.generate(serialize(name, options[:value]))
-        else
-          options = { :value => @verifier.generate(serialize(name, options)) }
+      private
+        def parse(name, signed_message)
+          deserialize name, @verifier.verified(signed_message)
         end
 
-        raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
-        @parent_jar[name] = options
-      end
+        def commit(options)
+          options[:value] = @verifier.generate(serialize(options[:value]))
 
-      private
-        def verify(signed_message)
-          @verifier.verify(signed_message)
-        rescue ActiveSupport::MessageVerifier::InvalidSignature
-          nil
+          raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
         end
     end
 
     # UpgradeLegacySignedCookieJar is used instead of SignedCookieJar if
     # secrets.secret_token and secrets.secret_key_base are both set. It reads
-    # legacy cookies signed with the old dummy key generator and re-saves
-    # them using the new key generator to provide a smooth upgrade path.
+    # legacy cookies signed with the old dummy key generator and signs and
+    # re-saves them using the new key generator to provide a smooth upgrade path.
     class UpgradeLegacySignedCookieJar < SignedCookieJar #:nodoc:
       include VerifyAndUpgradeLegacySignedMessage
-
-      def [](name)
-        if signed_message = @parent_jar[name]
-          deserialize(name, verify(signed_message)) || verify_and_upgrade_legacy_signed_message(name, signed_message)
-        end
-      end
     end
 
-    class EncryptedCookieJar #:nodoc:
-      include ChainedCookieJars
+    class EncryptedCookieJar < AbstractCookieJar # :nodoc:
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar)
+        super
+
         if ActiveSupport::LegacyKeyGenerator === key_generator
           raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " +
             "Read the upgrade documentation to learn more about this new config option."
         end
 
-        @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:encrypted_cookie_salt])[0, ActiveSupport::MessageEncryptor.key_len]
-        sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
+        secret = key_generator.generate_key(request.encrypted_cookie_salt || '')
+        sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '')
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
-      def [](name)
-        if encrypted_message = @parent_jar[name]
-          deserialize name, decrypt_and_verify(encrypted_message)
-        end
-      end
-
-      def []=(name, options)
-        if options.is_a?(Hash)
-          options.symbolize_keys!
-        else
-          options = { :value => options }
-        end
-
-        options[:value] = @encryptor.encrypt_and_sign(serialize(name, options[:value]))
-
-        raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
-        @parent_jar[name] = options
-      end
-
       private
-        def decrypt_and_verify(encrypted_message)
-          @encryptor.decrypt_and_verify(encrypted_message)
+        def parse(name, encrypted_message)
+          deserialize name, @encryptor.decrypt_and_verify(encrypted_message)
         rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage
           nil
         end
+
+        def commit(options)
+          options[:value] = @encryptor.encrypt_and_sign(serialize(options[:value]))
+
+          raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
+        end
     end
 
     # UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore
@@ -544,12 +596,6 @@ module ActionDispatch
     # encrypts and re-saves them using the new key generator to provide a smooth upgrade path.
     class UpgradeLegacyEncryptedCookieJar < EncryptedCookieJar #:nodoc:
       include VerifyAndUpgradeLegacySignedMessage
-
-      def [](name)
-        if encrypted_or_signed_message = @parent_jar[name]
-          deserialize(name, decrypt_and_verify(encrypted_or_signed_message)) || verify_and_upgrade_legacy_signed_message(name, encrypted_or_signed_message)
-        end
-      end
     end
 
     def initialize(app)
@@ -557,9 +603,12 @@ module ActionDispatch
     end
 
     def call(env)
+      request = ActionDispatch::Request.new env
+
       status, headers, body = @app.call(env)
 
-      if cookie_jar = env['action_dispatch.cookies']
+      if request.have_cookie_jar?
+        cookie_jar = request.cookie_jar
         unless cookie_jar.committed?
           cookie_jar.write(headers)
           if headers[HTTP_HEADER].respond_to?(:join)