RubyGems - actionpack - Versions diffs - 4.2.11.3 → 5.0.0.beta1 - Mend

actionpack 4.2.11.3 → 5.0.0.beta1

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (125) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +379 -462
data/MIT-LICENSE +1 -1
data/README.rdoc +2 -3
data/lib/abstract_controller.rb +0 -2
data/lib/abstract_controller/base.rb +17 -32
data/lib/abstract_controller/callbacks.rb +52 -19
data/lib/abstract_controller/collector.rb +4 -9
data/lib/abstract_controller/helpers.rb +2 -2
data/lib/abstract_controller/railties/routes_helpers.rb +2 -2
data/lib/abstract_controller/rendering.rb +27 -22
data/lib/abstract_controller/translation.rb +8 -7
data/lib/action_controller.rb +4 -3
data/lib/action_controller/api.rb +146 -0
data/lib/action_controller/base.rb +6 -10
data/lib/action_controller/caching.rb +1 -3
data/lib/action_controller/caching/fragments.rb +48 -3
data/lib/action_controller/form_builder.rb +48 -0
data/lib/action_controller/log_subscriber.rb +1 -10
data/lib/action_controller/metal.rb +89 -62
data/lib/action_controller/metal/basic_implicit_render.rb +11 -0
data/lib/action_controller/metal/conditional_get.rb +65 -24
data/lib/action_controller/metal/cookies.rb +0 -2
data/lib/action_controller/metal/data_streaming.rb +2 -22
data/lib/action_controller/metal/etag_with_template_digest.rb +1 -1
data/lib/action_controller/metal/exceptions.rb +11 -6
data/lib/action_controller/metal/force_ssl.rb +6 -6
data/lib/action_controller/metal/head.rb +14 -7
data/lib/action_controller/metal/helpers.rb +9 -5
data/lib/action_controller/metal/http_authentication.rb +37 -38
data/lib/action_controller/metal/implicit_render.rb +23 -6
data/lib/action_controller/metal/instrumentation.rb +0 -1
data/lib/action_controller/metal/live.rb +17 -55
data/lib/action_controller/metal/mime_responds.rb +17 -37
data/lib/action_controller/metal/params_wrapper.rb +8 -8
data/lib/action_controller/metal/redirecting.rb +32 -9
data/lib/action_controller/metal/renderers.rb +10 -8
data/lib/action_controller/metal/rendering.rb +38 -6
data/lib/action_controller/metal/request_forgery_protection.rb +67 -35
data/lib/action_controller/metal/rescue.rb +2 -4
data/lib/action_controller/metal/streaming.rb +4 -4
data/lib/action_controller/metal/strong_parameters.rb +231 -78
data/lib/action_controller/metal/testing.rb +1 -12
data/lib/action_controller/metal/url_for.rb +12 -5
data/lib/action_controller/renderer.rb +111 -0
data/lib/action_controller/template_assertions.rb +9 -0
data/lib/action_controller/test_case.rb +267 -363
data/lib/action_dispatch.rb +2 -1
data/lib/action_dispatch/http/cache.rb +23 -26
data/lib/action_dispatch/http/filter_parameters.rb +6 -8
data/lib/action_dispatch/http/filter_redirect.rb +7 -8
data/lib/action_dispatch/http/headers.rb +28 -11
data/lib/action_dispatch/http/mime_negotiation.rb +40 -26
data/lib/action_dispatch/http/mime_type.rb +92 -61
data/lib/action_dispatch/http/mime_types.rb +1 -4
data/lib/action_dispatch/http/parameter_filter.rb +18 -8
data/lib/action_dispatch/http/parameters.rb +45 -41
data/lib/action_dispatch/http/request.rb +146 -82
data/lib/action_dispatch/http/response.rb +180 -99
data/lib/action_dispatch/http/url.rb +117 -8
data/lib/action_dispatch/journey/formatter.rb +34 -28
data/lib/action_dispatch/journey/gtg/transition_table.rb +1 -1
data/lib/action_dispatch/journey/nfa/dot.rb +0 -2
data/lib/action_dispatch/journey/nfa/transition_table.rb +1 -46
data/lib/action_dispatch/journey/nodes/node.rb +14 -4
data/lib/action_dispatch/journey/parser_extras.rb +4 -0
data/lib/action_dispatch/journey/path/pattern.rb +37 -41
data/lib/action_dispatch/journey/route.rb +71 -17
data/lib/action_dispatch/journey/router.rb +5 -6
data/lib/action_dispatch/journey/router/utils.rb +5 -5
data/lib/action_dispatch/journey/routes.rb +14 -15
data/lib/action_dispatch/journey/visitors.rb +86 -43
data/lib/action_dispatch/middleware/cookies.rb +184 -135
data/lib/action_dispatch/middleware/debug_exceptions.rb +115 -45
data/lib/action_dispatch/middleware/exception_wrapper.rb +21 -20
data/lib/action_dispatch/middleware/flash.rb +61 -45
data/lib/action_dispatch/middleware/load_interlock.rb +21 -0
data/lib/action_dispatch/middleware/params_parser.rb +30 -46
data/lib/action_dispatch/middleware/public_exceptions.rb +2 -2
data/lib/action_dispatch/middleware/reloader.rb +2 -4
data/lib/action_dispatch/middleware/remote_ip.rb +29 -19
data/lib/action_dispatch/middleware/request_id.rb +11 -6
data/lib/action_dispatch/middleware/session/abstract_store.rb +23 -11
data/lib/action_dispatch/middleware/session/cache_store.rb +9 -6
data/lib/action_dispatch/middleware/session/cookie_store.rb +29 -23
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +4 -0
data/lib/action_dispatch/middleware/show_exceptions.rb +11 -9
data/lib/action_dispatch/middleware/ssl.rb +93 -36
data/lib/action_dispatch/middleware/stack.rb +43 -48
data/lib/action_dispatch/middleware/static.rb +52 -40
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +2 -14
data/lib/action_dispatch/middleware/templates/rescues/{_source.erb → _source.html.erb} +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +59 -63
data/lib/action_dispatch/railtie.rb +0 -2
data/lib/action_dispatch/request/session.rb +66 -34
data/lib/action_dispatch/request/utils.rb +51 -19
data/lib/action_dispatch/routing.rb +3 -8
data/lib/action_dispatch/routing/inspector.rb +6 -30
data/lib/action_dispatch/routing/mapper.rb +447 -322
data/lib/action_dispatch/routing/polymorphic_routes.rb +8 -14
data/lib/action_dispatch/routing/redirection.rb +3 -3
data/lib/action_dispatch/routing/route_set.rb +124 -227
data/lib/action_dispatch/routing/url_for.rb +27 -10
data/lib/action_dispatch/testing/assertions.rb +1 -1
data/lib/action_dispatch/testing/assertions/response.rb +27 -9
data/lib/action_dispatch/testing/assertions/routing.rb +9 -9
data/lib/action_dispatch/testing/integration.rb +237 -76
data/lib/action_dispatch/testing/test_process.rb +5 -5
data/lib/action_dispatch/testing/test_request.rb +12 -21
data/lib/action_dispatch/testing/test_response.rb +1 -4
data/lib/action_pack.rb +1 -1
data/lib/action_pack/gem_version.rb +4 -4
metadata +26 -25
data/lib/action_controller/metal/hide_actions.rb +0 -40
data/lib/action_controller/metal/rack_delegation.rb +0 -32
data/lib/action_controller/middleware.rb +0 -39
data/lib/action_controller/model_naming.rb +0 -12
data/lib/action_dispatch/journey/router/strexp.rb +0 -27
data/lib/action_dispatch/testing/assertions/dom.rb +0 -3
data/lib/action_dispatch/testing/assertions/selector.rb +0 -3
data/lib/action_dispatch/testing/assertions/tag.rb +0 -3

data/lib/action_dispatch/http/mime_type.rb CHANGED

@@ -1,29 +1,37 @@
-require 'set'
 require 'singleton'
 require 'active_support/core_ext/module/attribute_accessors'
 require 'active_support/core_ext/string/starts_ends_with'
 module Mime
-  class Mimes < Array
-    def symbols
-      @symbols ||= map { |m| m.to_sym }
+  class Mimes
+    include Enumerable
+    def initialize
+      @mimes = []
+      @symbols = nil
     end
-    %w(<< concat shift unshift push pop []= clear compact! collect!
-    delete delete_at delete_if flatten! map! insert reject! reverse!
-    replace slice! sort! uniq!).each do |method|
-      module_eval <<-CODE, __FILE__, __LINE__ + 1
-        def #{method}(*)
-          @symbols = nil
-          super
-        end
-      CODE
+    def each
+      @mimes.each { |x| yield x }
+    end
+    def <<(type)
+      @mimes << type
+      @symbols = nil
+    end
+    def delete_if
+      @mimes.delete_if { |x| yield x }.tap { @symbols = nil }
+    end
+    def symbols
+      @symbols ||= map(&:to_sym)
     end
   end
   SET              = Mimes.new
   EXTENSION_LOOKUP = {}
-  LOOKUP           = {}
+  LOOKUP           = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
   class << self
     def [](type)
@@ -35,6 +43,32 @@ module Mime
       return type if type.is_a?(Type)
       EXTENSION_LOOKUP.fetch(type.to_s) { |k| yield k }
     end
+    def const_missing(sym)
+      ext = sym.downcase
+      if Mime[ext]
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          Accessing mime types via constants is deprecated.
+          Please change `Mime::#{sym}` to `Mime[:#{ext}]`.
+        MSG
+        Mime[ext]
+      else
+        super
+      end
+    end
+    def const_defined?(sym, inherit = true)
+      ext = sym.downcase
+      if Mime[ext]
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          Accessing mime types via constants is deprecated.
+          Please change `Mime.const_defined?(#{sym})` to `Mime[:#{ext}]`.
+        MSG
+        true
+      else
+        super
+      end
+    end
   end
   # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
@@ -45,15 +79,12 @@ module Mime
   #
   #       respond_to do |format|
   #         format.html
-  #         format.ics { render text: @post.to_ics, mime_type: Mime::Type["text/calendar"]  }
+  #         format.ics { render body: @post.to_ics, mime_type: Mime::Type.lookup("text/calendar")  }
   #         format.xml { render xml: @post }
   #       end
   #     end
   #   end
   class Type
-    @@html_types = Set.new [:html, :all]
-    cattr_reader :html_types
     attr_reader :symbol
     @register_callbacks = []
@@ -66,7 +97,7 @@ module Mime
       def initialize(index, name, q = nil)
         @index = index
         @name = name
-        q ||= 0.0 if @name == Mime::ALL.to_s # default wildcard match to end of list
+        q ||= 0.0 if @name == '*/*'.freeze # default wildcard match to end of list
         @q = ((q || 1.0).to_f * 100).to_i
       end
@@ -91,7 +122,7 @@ module Mime
           exchange_xml_items if app_xml_idx > text_xml_idx  # make sure app_xml is ahead of text_xml in the list
           delete_at(text_xml_idx)                 # delete text_xml from the list
         elsif text_xml_idx
-          text_xml.name = Mime::XML.to_s
+          text_xml.name = Mime[:xml].to_s
         end
         # Look for more specific XML-based types and sort them ahead of app/xml
@@ -120,7 +151,7 @@ module Mime
         end
         def app_xml_idx
-          @app_xml_idx ||= index(Mime::XML.to_s)
+          @app_xml_idx ||= index(Mime[:xml].to_s)
         end
         def text_xml
@@ -146,7 +177,7 @@ module Mime
       end
       def lookup(string)
-        LOOKUP[string] || Type.new(string)
+        LOOKUP[string]
       end
       def lookup_by_extension(extension)
@@ -160,17 +191,17 @@ module Mime
       end
       def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false)
-        Mime.const_set(symbol.upcase, Type.new(string, symbol, mime_type_synonyms))
+        new_mime = Type.new(string, symbol, mime_type_synonyms)
-        new_mime = Mime.const_get(symbol.upcase)
         SET << new_mime
-        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = SET.last } unless skip_lookup
-        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = SET.last }
+        ([string] + mime_type_synonyms).each { |str| LOOKUP[str] = new_mime } unless skip_lookup
+        ([symbol] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext.to_s] = new_mime }
         @register_callbacks.each do |callback|
           callback.call(new_mime)
         end
+        new_mime
       end
       def parse(accept_header)
@@ -200,37 +231,33 @@ module Mime
         parse_data_with_trailing_star($1) if accept_header =~ TRAILING_STAR_REGEXP
       end
-      # For an input of <tt>'text'</tt>, returns <tt>[Mime::JSON, Mime::XML, Mime::ICS,
-      # Mime::HTML, Mime::CSS, Mime::CSV, Mime::JS, Mime::YAML, Mime::TEXT]</tt>.
+      # For an input of <tt>'text'</tt>, returns <tt>[Mime[:json], Mime[:xml], Mime[:ics],
+      # Mime[:html], Mime[:css], Mime[:csv], Mime[:js], Mime[:yaml], Mime[:text]</tt>.
       #
-      # For an input of <tt>'application'</tt>, returns <tt>[Mime::HTML, Mime::JS,
-      # Mime::XML, Mime::YAML, Mime::ATOM, Mime::JSON, Mime::RSS, Mime::URL_ENCODED_FORM]</tt>.
-      def parse_data_with_trailing_star(input)
-        Mime::SET.select { |m| m =~ input }
+      # For an input of <tt>'application'</tt>, returns <tt>[Mime[:html], Mime[:js],
+      # Mime[:xml], Mime[:yaml], Mime[:atom], Mime[:json], Mime[:rss], Mime[:url_encoded_form]</tt>.
+      def parse_data_with_trailing_star(type)
+        Mime::SET.select { |m| m =~ type }
       end
       # This method is opposite of register method.
       #
-      # Usage:
+      # To unregister a MIME type:
       #
       #   Mime::Type.unregister(:mobile)
       def unregister(symbol)
-        symbol = symbol.upcase
-        mime = Mime.const_get(symbol)
-        Mime.instance_eval { remove_const(symbol) }
-        SET.delete_if { |v| v.eql?(mime) }
-        LOOKUP.delete_if { |_,v| v.eql?(mime) }
-        EXTENSION_LOOKUP.delete_if { |_,v| v.eql?(mime) }
+        symbol = symbol.downcase
+        if mime = Mime[symbol]
+          SET.delete_if { |v| v.eql?(mime) }
+          LOOKUP.delete_if { |_, v| v.eql?(mime) }
+          EXTENSION_LOOKUP.delete_if { |_, v| v.eql?(mime) }
+        end
       end
     end
-    attr_reader :hash
     def initialize(string, symbol = nil, synonyms = [])
       @symbol, @synonyms = symbol, synonyms
       @string = string
-      @hash = [@string, @synonyms, @symbol].hash
     end
     def to_s
@@ -246,7 +273,7 @@ module Mime
     end
     def ref
-      to_sym || to_s
+      symbol || to_s
     end
     def ===(list)
@@ -258,35 +285,23 @@ module Mime
     end
     def ==(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       (@synonyms + [ self ]).any? do |synonym|
         synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym
       end
     end
-    def eql?(other)
-      super || (self.class == other.class &&
-                @string    == other.string &&
-                @synonyms  == other.synonyms &&
-                @symbol    == other.symbol)
-    end
     def =~(mime_type)
-      return false if mime_type.blank?
+      return false unless mime_type
       regexp = Regexp.new(Regexp.quote(mime_type.to_s))
-      (@synonyms + [ self ]).any? do |synonym|
-        synonym.to_s =~ regexp
-      end
+      @synonyms.any? { |synonym| synonym.to_s =~ regexp } || @string =~ regexp
     end
     def html?
-      @@html_types.include?(to_sym) || @string =~ /html/
+      symbol == :html || @string =~ /html/
     end
-    protected
-    attr_reader :string, :synonyms
+    def all?; false; end
     private
@@ -306,6 +321,22 @@ module Mime
     end
   end
+  class AllType < Type
+    include Singleton
+    def initialize
+      super '*/*', :all
+    end
+    def all?; true; end
+    def html?; true; end
+  end
+  # ALL isn't a real MIME type, so we don't register it for lookup with the
+  # other concrete types. It's a wildcard match that we use for `respond_to`
+  # negotiation internals.
+  ALL = AllType.instance
   class NullType
     include Singleton

data/lib/action_dispatch/http/mime_types.rb CHANGED

@@ -27,10 +27,7 @@ Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
 # http://www.ietf.org/rfc/rfc4627.txt
 # http://www.json.org/JSONRequest.html
-Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest )
+Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest application/vnd.api+json )
 Mime::Type.register "application/pdf", :pdf, [], %w(pdf)
 Mime::Type.register "application/zip", :zip, [], %w(zip)
-# Create Mime::ALL but do not add it to the SET.
-Mime::ALL = Mime::Type.new("*/*", :all, [])

data/lib/action_dispatch/http/parameter_filter.rb CHANGED

@@ -30,36 +30,46 @@ module ActionDispatch
             when Regexp
               regexps << item
             else
-              strings << item.to_s
+              strings << Regexp.escape(item.to_s)
             end
           end
-          regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
-          new regexps, blocks
+          deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
+          deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
+          regexps << Regexp.new(strings.join('|'.freeze), true) unless strings.empty?
+          deep_regexps << Regexp.new(deep_strings.join('|'.freeze), true) unless deep_strings.empty?
+          new regexps, deep_regexps, blocks
         end
-        attr_reader :regexps, :blocks
+        attr_reader :regexps, :deep_regexps, :blocks
-        def initialize(regexps, blocks)
+        def initialize(regexps, deep_regexps, blocks)
           @regexps = regexps
+          @deep_regexps = deep_regexps.any? ? deep_regexps : nil
           @blocks  = blocks
         end
-        def call(original_params)
+        def call(original_params, parents = [])
           filtered_params = {}
           original_params.each do |key, value|
+            parents.push(key) if deep_regexps
             if regexps.any? { |r| key =~ r }
               value = FILTERED
+            elsif deep_regexps && (joined = parents.join('.')) && deep_regexps.any? { |r| joined =~ r }
+              value = FILTERED
             elsif value.is_a?(Hash)
-              value = call(value)
+              value = call(value, parents)
             elsif value.is_a?(Array)
-              value = value.map { |v| v.is_a?(Hash) ? call(v) : v }
+              value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
             elsif blocks.any?
               key = key.dup if key.duplicable?
               value = value.dup if value.duplicable?
               blocks.each { |b| b.call(key, value) }
             end
+            parents.pop if deep_regexps
             filtered_params[key] = value
           end

data/lib/action_dispatch/http/parameters.rb CHANGED

@@ -1,35 +1,41 @@
-require 'active_support/core_ext/hash/keys'
-require 'active_support/core_ext/hash/indifferent_access'
-require 'active_support/deprecation'
 module ActionDispatch
   module Http
     module Parameters
       PARAMETERS_KEY = 'action_dispatch.request.path_parameters'
+      DEFAULT_PARSERS = {
+        Mime[:json] => lambda { |raw_post|
+          data = ActiveSupport::JSON.decode(raw_post)
+          data.is_a?(Hash) ? data : {:_json => data}
+        }
+      }
+      def self.included(klass)
+        class << klass
+          attr_accessor :parameter_parsers
+        end
+        klass.parameter_parsers = DEFAULT_PARSERS
+      end
       # Returns both GET and POST \parameters in a single hash.
       def parameters
-        @env["action_dispatch.request.parameters"] ||= begin
-          params = begin
-            request_parameters.merge(query_parameters)
-          rescue EOFError
-            query_parameters.dup
-          end
-          params.merge!(path_parameters)
-        end
+        params = get_header("action_dispatch.request.parameters")
+        return params if params
+        params = begin
+                   request_parameters.merge(query_parameters)
+                 rescue EOFError
+                   query_parameters.dup
+                 end
+        params.merge!(path_parameters)
+        set_header("action_dispatch.request.parameters", params)
+        params
       end
       alias :params :parameters
       def path_parameters=(parameters) #:nodoc:
-        @env.delete('action_dispatch.request.parameters')
-        @env[PARAMETERS_KEY] = parameters
-      end
-      def symbolized_path_parameters
-        ActiveSupport::Deprecation.warn(
-          '`symbolized_path_parameters` is deprecated. Please use `path_parameters`.'
-        )
-        path_parameters
+        delete_header('action_dispatch.request.parameters')
+        set_header PARAMETERS_KEY, parameters
       end
       # Returns a hash with the \parameters used to form the \path of the request.
@@ -37,31 +43,29 @@ module ActionDispatch
       #
       #   {'action' => 'my_action', 'controller' => 'my_controller'}
       def path_parameters
-        @env[PARAMETERS_KEY] ||= {}
+        get_header(PARAMETERS_KEY) || {}
       end
-    private
+      private
-      # Convert nested Hash to HashWithIndifferentAccess.
-      #
-      def normalize_encode_params(params)
-        case params
-        when Hash
-          if params.has_key?(:tempfile)
-            UploadedFile.new(params)
-          else
-            params.each_with_object({}) do |(key, val), new_hash|
-              new_hash[key] = if val.is_a?(Array)
-                val.map! { |el| normalize_encode_params(el) }
-              else
-                normalize_encode_params(val)
-              end
-            end.with_indifferent_access
-          end
-        else
-          params
+      def parse_formatted_parameters(parsers)
+        return yield if content_length.zero?
+        strategy = parsers.fetch(content_mime_type) { return yield }
+        begin
+          strategy.call(raw_post)
+        rescue # JSON or Ruby code block errors
+          my_logger = logger || ActiveSupport::Logger.new($stderr)
+          my_logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{raw_post}"
+          raise ParamsParser::ParseError
         end
       end
+      def params_parsers
+        ActionDispatch::Request.parameter_parsers
+      end
     end
   end
 end