actionpack 4.2.11.3 → 5.0.0.beta1

data/lib/action_controller/metal/rendering.rb

@@ -1,9 +1,29 @@
+require 'active_support/core_ext/string/filters'
+
 module ActionController
   module Rendering
     extend ActiveSupport::Concern
 
     RENDER_FORMATS_IN_PRIORITY = [:body, :text, :plain, :html]
 
+    module ClassMethods
+      # Documentation at ActionController::Renderer#render
+      delegate :render, to: :renderer
+
+      # Returns a renderer instance (inherited from ActionController::Renderer)
+      # for the controller.
+      attr_reader :renderer
+
+      def setup_renderer! # :nodoc:
+        @renderer = Renderer.for(self)
+      end
+
+      def inherited(klass)
+        klass.setup_renderer!
+        super
+      end
+    end
+
     # Before processing, set the request formats in current controller formats.
     def process_action(*) #:nodoc:
       self.formats = request.formats.map(&:ref).compact
@@ -42,13 +62,13 @@ module ActionController
       nil
     end
 
-    def _process_format(format, options = {})
-      super
+    def _set_html_content_type
+      self.content_type = Mime[:html].to_s
+    end
 
-      if options[:plain]
-        self.content_type = Mime::TEXT
-      else
-        self.content_type ||= format.to_s
+    def _set_rendered_content_type(format)
+      unless response.content_type
+        self.content_type = format.to_s
       end
     end
 
@@ -63,11 +83,23 @@ module ActionController
     def _normalize_options(options) #:nodoc:
       _normalize_text(options)
 
+      if options[:text]
+        ActiveSupport::Deprecation.warn <<-WARNING.squish
+          `render :text` is deprecated because it does not actually render a
+          `text/plain` response. Switch to `render plain: 'plain text'` to
+          render as `text/plain`, `render html: '<strong>HTML</strong>'` to
+          render as `text/html`, or `render body: 'raw'` to match the deprecated
+          behavior and render with the default Content-Type, which is
+          `text/plain`.
+        WARNING
+      end
+
       if options[:html]
         options[:html] = ERB::Util.html_escape(options[:html])
       end
 
       if options.delete(:nothing)
+        ActiveSupport::Deprecation.warn("`:nothing` option is deprecated and will be removed in Rails 5.1. Use `head` method to respond with empty response body.")
         options[:body] = nil
       end
 

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -13,9 +13,14 @@ module ActionController #:nodoc:
   # by including a token in the rendered HTML for your application. This token is
   # stored as a random string in the session, to which an attacker does not have
   # access. When a request reaches your application, \Rails verifies the received
-  # token with the token in the session. Only HTML and JavaScript requests are checked,
-  # so this will not protect your XML API (presumably you'll have a different
-  # authentication scheme there anyway).
+  # token with the token in the session. All requests are checked except GET requests
+  # as these should be idempotent. Keep in mind that all session-oriented requests
+  # should be CSRF protected, including JavaScript and HTML requests.
+  #
+  # Since HTML and JavaScript requests are typically made from the browser, we
+  # need to ensure to verify request authenticity for the web browser. We can
+  # use session-oriented authentication for these types of requests, by using
+  # the `protect_from_forgery` method in our controllers.
   #
   # GET requests are not protected since they don't have side effects like writing
   # to the database and don't leak sensitive information. JavaScript requests are
@@ -26,22 +31,21 @@ module ActionController #:nodoc:
   # Ajax) requests are allowed to make GET requests for JavaScript responses.
   #
   # It's important to remember that XML or JSON requests are also affected and if
-  # you're building an API you'll need something like:
+  # you're building an API you should change forgery protection method in
+  # <tt>ApplicationController</tt> (by default: <tt>:exception</tt>):
   #
   #   class ApplicationController < ActionController::Base
-  #     protect_from_forgery
-  #     skip_before_action :verify_authenticity_token, if: :json_request?
-  #
-  #     protected
-  #
-  #     def json_request?
-  #       request.format.json?
-  #     end
+  #     protect_from_forgery unless: -> { request.format.json? }
   #   end
   #
-  # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method,
-  # which checks the token and resets the session if it doesn't match what was expected.
-  # A call to this method is generated for new \Rails applications by default.
+  # CSRF protection is turned on with the <tt>protect_from_forgery</tt> method.
+  # By default <tt>protect_from_forgery</tt> protects your session with
+  # <tt>:null_session</tt> method, which provides an empty session
+  # during request.
+  #
+  # We may want to disable CSRF protection for APIs since they are typically
+  # designed to be state-less. That is, the request API client will handle
+  # the session for you instead of Rails.
   #
   # The token parameter is named <tt>authenticity_token</tt> by default. The name and
   # value of this token must be added to every layout that renders forms by including
@@ -73,6 +77,10 @@ module ActionController #:nodoc:
       config_accessor :log_warning_on_csrf_failure
       self.log_warning_on_csrf_failure = true
 
+      # Controls whether the Origin header is checked in addition to the CSRF token.
+      config_accessor :forgery_protection_origin_check
+      self.forgery_protection_origin_check = false
+
       helper_method :form_authenticity_token
       helper_method :protect_against_forgery?
     end
@@ -86,13 +94,21 @@ module ActionController #:nodoc:
       #
       #   class FooController < ApplicationController
       #     protect_from_forgery except: :index
+      #   end
+      #
+      # You can disable forgery protection on controller by skipping the verification before_action:
       #
-      # You can disable CSRF protection on controller by skipping the verification before_action:
       #   skip_before_action :verify_authenticity_token
       #
       # Valid Options:
       #
-      # * <tt>:only/:except</tt> - Passed to the <tt>before_action</tt> call. Set which actions are verified.
+      # * <tt>:only/:except</tt> - Only apply forgery protection to a subset of actions. For example <tt>only: [ :create, :create_all ]</tt>.
+      # * <tt>:if/:unless</tt> - Turn off the forgery protection entirely depending on the passed Proc or method reference.
+      # * <tt>:prepend</tt> - By default, the verification of the authentication token will be added at the position of the
+      #    protect_from_forgery call in your application. This means any callbacks added before are run first. This is useful
+      #    when you want your forgery protection to depend on other callbacks, like authentication methods (Oauth vs Cookie auth).
+      #
+      #    If you need to add verification to the beginning of the callback chain, use <tt>prepend: true</tt>.
       # * <tt>:with</tt> - Set the method to handle unverified request.
       #
       # Valid unverified request handling methods are:
@@ -100,9 +116,11 @@ module ActionController #:nodoc:
       # * <tt>:reset_session</tt> - Resets the session.
       # * <tt>:null_session</tt> - Provides an empty session during request but doesn't reset it completely. Used as default if <tt>:with</tt> option is not specified.
       def protect_from_forgery(options = {})
+        options = options.reverse_merge(prepend: false)
+
         self.forgery_protection_strategy = protection_method_class(options[:with] || :null_session)
         self.request_forgery_protection_token ||= :authenticity_token
-        prepend_before_action :verify_authenticity_token, options
+        before_action :verify_authenticity_token, options
         append_after_action :verify_same_origin_request
       end
 
@@ -124,17 +142,17 @@ module ActionController #:nodoc:
         # This is the method that defines the application behavior when a request is found to be unverified.
         def handle_unverified_request
           request = @controller.request
-          request.session = NullSessionHash.new(request.env)
-          request.env['action_dispatch.request.flash_hash'] = nil
-          request.env['rack.session.options'] = { skip: true }
-          request.env['action_dispatch.cookies'] = NullCookieJar.build(request)
+          request.session = NullSessionHash.new(request)
+          request.flash = nil
+          request.session_options = { skip: true }
+          request.cookie_jar = NullCookieJar.build(request, {})
         end
 
         protected
 
         class NullSessionHash < Rack::Session::Abstract::SessionHash #:nodoc:
-          def initialize(env)
-            super(nil, env)
+          def initialize(req)
+            super(nil, req)
             @data = {}
             @loaded = true
           end
@@ -148,14 +166,6 @@ module ActionController #:nodoc:
         end
 
         class NullCookieJar < ActionDispatch::Cookies::CookieJar #:nodoc:
-          def self.build(request)
-            key_generator = request.env[ActionDispatch::Cookies::GENERATOR_KEY]
-            host          = request.host
-            secure        = request.ssl?
-
-            new(key_generator, host, secure, options_for_env({}))
-          end
-
           def write(*)
             # nothing
           end
@@ -246,13 +256,24 @@ module ActionController #:nodoc:
 
       # Returns true or false if a request is verified. Checks:
       #
-      # * is it a GET or HEAD request?  Gets should be safe and idempotent
+      # * Is it a GET or HEAD request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?
       # * Does the X-CSRF-Token header match the form_authenticity_token
       def verified_request?
         !protect_against_forgery? || request.get? || request.head? ||
-          valid_authenticity_token?(session, form_authenticity_param) ||
-          valid_authenticity_token?(session, request.headers['X-CSRF-Token'])
+          (valid_request_origin? && any_authenticity_token_valid?)
+      end
+
+      # Checks if any of the authenticity tokens from the request are valid.
+      def any_authenticity_token_valid?
+        request_authenticity_tokens.any? do |token|
+          valid_authenticity_token?(session, token)
+        end
+      end
+
+      # Possible authenticity tokens sent in the request.
+      def request_authenticity_tokens
+        [form_authenticity_param, request.x_csrf_token]
       end
 
       # Sets the token value for the current session.
@@ -330,5 +351,16 @@ module ActionController #:nodoc:
       def protect_against_forgery?
         allow_forgery_protection
       end
+
+      # Checks if the request originated from the same origin by looking at the
+      # Origin header.
+      def valid_request_origin?
+        if forgery_protection_origin_check
+          # We accept blank origin headers because some user agents don't send it.
+          request.origin.nil? || request.origin == request.base_url
+        else
+          true
+        end
+      end
   end
 end

data/lib/action_controller/metal/rescue.rb

@@ -7,10 +7,8 @@ module ActionController #:nodoc:
     include ActiveSupport::Rescuable
 
     def rescue_with_handler(exception)
-      if (exception.respond_to?(:original_exception) &&
-          (orig_exception = exception.original_exception) &&
-          handler_for_rescue(orig_exception))
-        exception = orig_exception
+      if exception.cause && handler_for_rescue(exception.cause)
+        exception = exception.cause
       end
       super(exception)
     end

data/lib/action_controller/metal/streaming.rb

@@ -110,9 +110,9 @@ module ActionController #:nodoc:
   # This means that, if you have <code>yield :title</code> in your layout
   # and you want to use streaming, you would have to render the whole template
   # (and eventually trigger all queries) before streaming the title and all
-  # assets, which kills the purpose of streaming. For this reason Rails 3.1
-  # introduces a new helper called +provide+ that does the same as +content_for+
-  # but tells the layout to stop searching for other entries and continue rendering.
+  # assets, which kills the purpose of streaming. For this purpose, you can use
+  # a helper called +provide+ that does the same as +content_for+ but tells the
+  # layout to stop searching for other entries and continue rendering.
   #
   # For instance, the template above using +provide+ would be:
   #
@@ -199,7 +199,7 @@ module ActionController #:nodoc:
       def _process_options(options) #:nodoc:
         super
         if options[:stream]
-          if env["HTTP_VERSION"] == "HTTP/1.0"
+          if request.version == "HTTP/1.0"
             options.delete(:stream)
           else
             headers["Cache-Control"] ||= "no-cache"

data/lib/action_controller/metal/strong_parameters.rb

@@ -1,9 +1,10 @@
 require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/core_ext/hash/transform_values'
 require 'active_support/core_ext/array/wrap'
 require 'active_support/core_ext/string/filters'
-require 'active_support/deprecation'
 require 'active_support/rescuable'
 require 'action_dispatch/http/upload'
+require 'rack/test'
 require 'stringio'
 require 'set'
 
@@ -12,9 +13,9 @@ module ActionController
   #
   #   params = ActionController::Parameters.new(a: {})
   #   params.fetch(:b)
-  #   # => ActionController::ParameterMissing: param not found: b
+  #   # => ActionController::ParameterMissing: param is missing or the value is empty: b
   #   params.require(:a)
-  #   # => ActionController::ParameterMissing: param not found: a
+  #   # => ActionController::ParameterMissing: param is missing or the value is empty: a
   class ParameterMissing < KeyError
     attr_reader :param # :nodoc:
 
@@ -98,17 +99,18 @@ module ActionController
   # environment they should only be set once at boot-time and never mutated at
   # runtime.
   #
-  # <tt>ActionController::Parameters</tt> inherits from
-  # <tt>ActiveSupport::HashWithIndifferentAccess</tt>, this means
-  # that you can fetch values using either <tt>:key</tt> or <tt>"key"</tt>.
+  # You can fetch values of <tt>ActionController::Parameters</tt> using either
+  # <tt>:key</tt> or <tt>"key"</tt>.
   #
   #   params = ActionController::Parameters.new(key: 'value')
   #   params[:key]  # => "value"
   #   params["key"] # => "value"
-  class Parameters < ActiveSupport::HashWithIndifferentAccess
+  class Parameters
     cattr_accessor :permit_all_parameters, instance_accessor: false
     cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
 
+    delegate :keys, :key?, :has_key?, :empty?, :inspect, to: :@parameters
+
     # By default, never raise an UnpermittedParameters exception if these
     # params are present. The default includes both 'controller' and 'action'
     # because they are added by Rails and should be of no concern. One way
@@ -120,7 +122,7 @@ module ActionController
     self.always_permitted_parameters = %w( controller action )
 
     def self.const_missing(const_name)
-      super unless const_name == :NEVER_UNPERMITTED_PARAMS
+      return super unless const_name == :NEVER_UNPERMITTED_PARAMS
       ActiveSupport::Deprecation.warn(<<-MSG.squish)
         `ActionController::Parameters::NEVER_UNPERMITTED_PARAMS` has been deprecated.
         Use `ActionController::Parameters.always_permitted_parameters` instead.
@@ -145,13 +147,24 @@ module ActionController
     #   params = ActionController::Parameters.new(name: 'Francesco')
     #   params.permitted?  # => true
     #   Person.new(params) # => #<Person id: nil, name: "Francesco">
-    def initialize(attributes = nil)
-      super(attributes)
+    def initialize(parameters = {})
+      @parameters = parameters.with_indifferent_access
       @permitted = self.class.permit_all_parameters
     end
 
-    # Returns a safe +Hash+ representation of this parameter with all
-    # unpermitted keys removed.
+    # Returns true if another +Parameters+ object contains the same content and
+    # permitted flag, or other Hash-like object contains the same content. This
+    # override is in place so you can perform a comparison with `Hash`.
+    def ==(other_hash)
+      if other_hash.respond_to?(:permitted?)
+        super
+      else
+        @parameters == other_hash
+      end
+    end
+
+    # Returns a safe <tt>ActiveSupport::HashWithIndifferentAccess</tt>
+    # representation of this parameter with all unpermitted keys removed.
     #
     #   params = ActionController::Parameters.new({
     #     name: 'Senjougahara Hitagi',
@@ -163,28 +176,27 @@ module ActionController
     #   safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
     def to_h
       if permitted?
-        to_hash
+        convert_parameters_to_hashes(@parameters)
       else
         slice(*self.class.always_permitted_parameters).permit!.to_h
       end
     end
 
-    # Returns an unsafe, unfiltered +Hash+ representation of this parameter.
+    # Returns an unsafe, unfiltered
+    # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of this
+    # parameter.
     def to_unsafe_h
-      to_hash
+      convert_parameters_to_hashes(@parameters)
     end
     alias_method :to_unsafe_hash, :to_unsafe_h
 
     # Convert all hashes in values into parameters, then yield each pair like
     # the same way as <tt>Hash#each_pair</tt>
     def each_pair(&block)
-      super do |key, value|
-        convert_hashes_to_parameters(key, value)
+      @parameters.each_pair do |key, value|
+        yield key, convert_hashes_to_parameters(key, value)
       end
-
-      super
     end
-
     alias_method :each, :each_pair
 
     # Attribute that keeps track of converted arrays, if any, to avoid double
@@ -231,19 +243,58 @@ module ActionController
       self
     end
 
-    # Ensures that a parameter is present. If it's present, returns
-    # the parameter at the given +key+, otherwise raises an
-    # <tt>ActionController::ParameterMissing</tt> error.
+    # This method accepts both a single key and an array of keys.
+    #
+    # When passed a single key, if it exists and its associated value is
+    # either present or the singleton +false+, returns said value:
     #
     #   ActionController::Parameters.new(person: { name: 'Francesco' }).require(:person)
     #   # => {"name"=>"Francesco"}
     #
+    # Otherwise raises <tt>ActionController::ParameterMissing</tt>:
+    #
+    #   ActionController::Parameters.new.require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
     #   ActionController::Parameters.new(person: nil).require(:person)
-    #   # => ActionController::ParameterMissing: param not found: person
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    #   ActionController::Parameters.new(person: "\t").require(:person)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
     #
     #   ActionController::Parameters.new(person: {}).require(:person)
-    #   # => ActionController::ParameterMissing: param not found: person
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    # When given an array of keys, the method tries to require each one of them
+    # in order. If it succeeds, an array with the respective return values is
+    # returned:
+    #
+    #   params = ActionController::Parameters.new(user: { ... }, profile: { ... })
+    #   user_params, profile_params = params.require(:user, :profile)
+    #
+    # Otherwise, the method reraises the first exception found:
+    #
+    #   params = ActionController::Parameters.new(user: {}, profile: {})
+    #   user_params, profile_params = params.require(:user, :profile)
+    #   # ActionController::ParameterMissing: param is missing or the value is empty: user
+    #
+    # Technically this method can be used to fetch terminal values:
+    #
+    #   # CAREFUL
+    #   params = ActionController::Parameters.new(person: { name: 'Finn' })
+    #   name = params.require(:person).require(:name) # CAREFUL
+    #
+    # but take into account that at some point those ones have to be permitted:
+    #
+    #   def person_params
+    #     params.require(:person).permit(:name).tap do |person_params|
+    #       person_params.require(:name) # SAFER
+    #     end
+    #   end
+    #
+    # for example.
     def require(key)
+      return key.map { |k| require(k) } if key.is_a?(Array)
       value = self[key]
       if value.present? || value == false
         value
@@ -271,7 +322,7 @@ module ActionController
     #
     #   params.permit(:name)
     #
-    # +:name+ passes it is a key of +params+ whose associated value is of type
+    # +:name+ passes if it is a key of +params+ whose associated value is of type
     # +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
     # +Date+, +Time+, +DateTime+, +StringIO+, +IO+,
     # +ActionDispatch::Http::UploadedFile+ or +Rack::Test::UploadedFile+.
@@ -348,7 +399,13 @@ module ActionController
     #   params[:person] # => {"name"=>"Francesco"}
     #   params[:none]   # => nil
     def [](key)
-      convert_hashes_to_parameters(key, super)
+      convert_hashes_to_parameters(key, @parameters[key])
+    end
+
+    # Assigns a value to a given +key+. The given key may still get filtered out
+    # when +permit+ is called.
+    def []=(key, value)
+      @parameters[key] = value
     end
 
     # Returns a parameter for the given +key+. If the +key+
@@ -359,13 +416,19 @@ module ActionController
     #
     #   params = ActionController::Parameters.new(person: { name: 'Francesco' })
     #   params.fetch(:person)               # => {"name"=>"Francesco"}
-    #   params.fetch(:none)                 # => ActionController::ParameterMissing: param not found: none
+    #   params.fetch(:none)                 # => ActionController::ParameterMissing: param is missing or the value is empty: none
     #   params.fetch(:none, 'Francesco')    # => "Francesco"
     #   params.fetch(:none) { 'Francesco' } # => "Francesco"
-    def fetch(key, *args)
-      convert_hashes_to_parameters(key, super, false)
-    rescue KeyError
-      raise ActionController::ParameterMissing.new(key)
+    def fetch(key, *args, &block)
+      convert_value_to_parameters(
+        @parameters.fetch(key) {
+          if block_given?
+            yield
+          else
+            args.fetch(0) { raise ActionController::ParameterMissing.new(key) }
+          end
+        }
+      )
     end
 
     # Returns a new <tt>ActionController::Parameters</tt> instance that
@@ -376,7 +439,24 @@ module ActionController
     #   params.slice(:a, :b) # => {"a"=>1, "b"=>2}
     #   params.slice(:d)     # => {}
     def slice(*keys)
-      new_instance_with_inherited_permitted_status(super)
+      new_instance_with_inherited_permitted_status(@parameters.slice(*keys))
+    end
+
+    # Returns current <tt>ActionController::Parameters</tt> instance which
+    # contains only the given +keys+.
+    def slice!(*keys)
+      @parameters.slice!(*keys)
+      self
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # filters out the given +keys+.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.except(:a, :b) # => {"c"=>3}
+    #   params.except(:d)     # => {"a"=>1,"b"=>2,"c"=>3}
+    def except(*keys)
+      new_instance_with_inherited_permitted_status(@parameters.except(*keys))
     end
 
     # Removes and returns the key/value pairs matching the given keys.
@@ -385,7 +465,7 @@ module ActionController
     #   params.extract!(:a, :b) # => {"a"=>1, "b"=>2}
     #   params                  # => {"c"=>3}
     def extract!(*keys)
-      new_instance_with_inherited_permitted_status(super)
+      new_instance_with_inherited_permitted_status(@parameters.extract!(*keys))
     end
 
     # Returns a new <tt>ActionController::Parameters</tt> with the results of
@@ -394,36 +474,80 @@ module ActionController
     #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
     #   params.transform_values { |x| x * 2 }
     #   # => {"a"=>2, "b"=>4, "c"=>6}
-    def transform_values
-      if block_given?
-        new_instance_with_inherited_permitted_status(super)
+    def transform_values(&block)
+      if block
+        new_instance_with_inherited_permitted_status(
+          @parameters.transform_values(&block)
+        )
       else
-        super
+        @parameters.transform_values
       end
     end
 
-    # This method is here only to make sure that the returned object has the
-    # correct +permitted+ status. It should not matter since the parent of
-    # this object is +HashWithIndifferentAccess+
-    def transform_keys # :nodoc:
-      if block_given?
-        new_instance_with_inherited_permitted_status(super)
+    # Performs values transformation and returns the altered
+    # <tt>ActionController::Parameters</tt> instance.
+    def transform_values!(&block)
+      @parameters.transform_values!(&block)
+      self
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance with the
+    # results of running +block+ once for every key. The values are unchanged.
+    def transform_keys(&block)
+      if block
+        new_instance_with_inherited_permitted_status(
+          @parameters.transform_keys(&block)
+        )
       else
-        super
+        @parameters.transform_keys
       end
     end
 
+    # Performs keys transformation and returns the altered
+    # <tt>ActionController::Parameters</tt> instance.
+    def transform_keys!(&block)
+      @parameters.transform_keys!(&block)
+      self
+    end
+
     # Deletes and returns a key-value pair from +Parameters+ whose key is equal
     # to key. If the key is not found, returns the default value. If the
     # optional code block is given and the key is not found, pass in the key
     # and return the result of block.
     def delete(key, &block)
-      convert_hashes_to_parameters(key, super, false)
+      convert_value_to_parameters(@parameters.delete(key))
+    end
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt> with only
+    # items that the block evaluates to true.
+    def select(&block)
+      new_instance_with_inherited_permitted_status(@parameters.select(&block))
     end
 
     # Equivalent to Hash#keep_if, but returns nil if no changes were made.
     def select!(&block)
-      convert_value_to_parameters(super)
+      @parameters.select!(&block)
+      self
+    end
+    alias_method :keep_if, :select!
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt> with items
+    # that the block evaluates to true removed.
+    def reject(&block)
+      new_instance_with_inherited_permitted_status(@parameters.reject(&block))
+    end
+
+    # Removes items that the block evaluates to true and returns self.
+    def reject!(&block)
+      @parameters.reject!(&block)
+      self
+    end
+    alias_method :delete_if, :reject!
+
+    # Returns values that were assigned to the given +keys+. Note that all the
+    # +Hash+ objects will be converted to <tt>ActionController::Parameters</tt>.
+    def values_at(*keys)
+      convert_value_to_parameters(@parameters.values_at(*keys))
     end
 
     # Returns an exact copy of the <tt>ActionController::Parameters</tt>
@@ -440,11 +564,30 @@ module ActionController
       end
     end
 
+    # Returns a new <tt>ActionController::Parameters</tt> with all keys from
+    # +other_hash+ merges into current hash.
+    def merge(other_hash)
+      new_instance_with_inherited_permitted_status(
+        @parameters.merge(other_hash)
+      )
+    end
+
+    # This is required by ActiveModel attribute assignment, so that user can
+    # pass +Parameters+ to a mass assignment methods in a model. It should not
+    # matter as we are using +HashWithIndifferentAccess+ internally.
+    def stringify_keys # :nodoc:
+      dup
+    end
+
     protected
       def permitted=(new_permitted)
         @permitted = new_permitted
       end
 
+      def fields_for_style?
+        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+      end
+
     private
       def new_instance_with_inherited_permitted_status(hash)
         self.class.new(hash).tap do |new_instance|
@@ -452,40 +595,56 @@ module ActionController
         end
       end
 
-      def convert_hashes_to_parameters(key, value, assign_if_converted=true)
+      def convert_parameters_to_hashes(value)
+        case value
+        when Array
+          value.map { |v| convert_parameters_to_hashes(v) }
+        when Hash
+          value.transform_values do |v|
+            convert_parameters_to_hashes(v)
+          end.with_indifferent_access
+        when Parameters
+          value.to_h
+        else
+          value
+        end
+      end
+
+      def convert_hashes_to_parameters(key, value)
         converted = convert_value_to_parameters(value)
-        self[key] = converted if assign_if_converted && !converted.equal?(value)
+        @parameters[key] = converted unless converted.equal?(value)
         converted
       end
 
       def convert_value_to_parameters(value)
-        if value.is_a?(Array) && !converted_arrays.member?(value)
+        case value
+        when Array
+          return value if converted_arrays.member?(value)
           converted = value.map { |_| convert_value_to_parameters(_) }
           converted_arrays << converted
           converted
-        elsif value.is_a?(Parameters) || !value.is_a?(Hash)
-          value
-        else
+        when Hash
           self.class.new(value)
+        else
+          value
         end
       end
 
       def each_element(object)
-        if object.is_a?(Array)
-          object.map { |el| yield el }.compact
-        elsif fields_for_style?(object)
-          hash = object.class.new
-          object.each { |k,v| hash[k] = yield v }
-          hash
-        else
-          yield object
+        case object
+        when Array
+          object.grep(Parameters).map { |el| yield el }.compact
+        when Parameters
+          if object.fields_for_style?
+            hash = object.class.new
+            object.each { |k,v| hash[k] = yield v }
+            hash
+          else
+            yield object
+          end
         end
       end
 
-      def fields_for_style?(object)
-        object.is_a?(Hash) && object.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
-      end
-
       def unpermitted_parameters!(params)
         unpermitted_keys = unpermitted_keys(params)
         if unpermitted_keys.any?
@@ -547,14 +706,8 @@ module ActionController
       end
 
       def array_of_permitted_scalars?(value)
-        if value.is_a?(Array)
-          value.all? {|element| permitted_scalar?(element)}
-        end
-      end
-
-      def array_of_permitted_scalars_filter(params, key)
-        if has_key?(key) && array_of_permitted_scalars?(self[key])
-          params[key] = self[key]
+        if value.is_a?(Array) && value.all? {|element| permitted_scalar?(element)}
+          yield value
         end
       end
 
@@ -565,17 +718,17 @@ module ActionController
         # Slicing filters out non-declared keys.
         slice(*filter.keys).each do |key, value|
           next unless value
+          next unless has_key? key
 
           if filter[key] == EMPTY_ARRAY
             # Declaration { comment_ids: [] }.
-            array_of_permitted_scalars_filter(params, key)
+            array_of_permitted_scalars?(self[key]) do |val|
+              params[key] = val
+            end
           else
             # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
             params[key] = each_element(value) do |element|
-              if element.is_a?(Hash)
-                element = self.class.new(element) unless element.respond_to?(:permit)
-                element.permit(*Array.wrap(filter[key]))
-              end
+              element.permit(*Array.wrap(filter[key]))
             end
           end
         end