actionpack 5.0.0.beta1.1 → 5.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9c08a2a9ff55bdc33124d0f4381c07760230e956
-  data.tar.gz: 553434784aa0485a9da3040c51620d132e9f6cd9
+  metadata.gz: 9b471942b30689112172143f0c7f110a47bb07c1
+  data.tar.gz: 96f4cb5ab8175de829b41313fca5068e8d37e081
 SHA512:
-  metadata.gz: 92aa1f71eb971a0a949a6192c634f2bbab1ee06a8a103ac12b723d3875bdb57c461529dad3121b449944d55dc3f03cb4ceed23e6512cbbed833e42c2a98357a4
-  data.tar.gz: 0ca4502fde02f1cd4f31402fc760250e1a3583790def111feab5dce600e68a6486dd39cdfe0adf40ed07b1a704f24b8fbd05f2ef9147a0485c9ab10df8bf7849
+  metadata.gz: dd1182095560e1b846a1fa4d793481ace31c98481efc8027f37815a0c1d98196e04b77466849bdcb13563e7c9345739461088cbb0d365dcfa945034619001f88
+  data.tar.gz: 1932992f247727b865f236e20d8a286d1aeb8641c10e351386e976dad9f8a69f9cfb869d27b73cded695632de855be978c75de88be55a9abd8cbe36b8c87ee97

data/CHANGELOG.md

@@ -1,7 +1,64 @@
-## Rails 5.0.0.beta1 (December 18, 2015) ##
+## Rails 5.0.0.beta2 (February 01, 2016) ##
+
+*   Add `-g` and `-c` (short for _grep_ and _controller_ respectively) options
+    to `bin/rake routes`. These options return the url `name`, `verb` and
+    `path` field that match the pattern or match a specific controller.
+
+    Deprecate `CONTROLLER` env variable in `bin/rake routes`.
+
+    See #18902.
+
+    *Anton Davydov* & *Vipul A M*
+
+*   Response etags to always be weak: Prefixes 'W/' to value returned by
+   `ActionDispatch::Http::Cache::Response#etag=`, such that etags set in
+   `fresh_when` and `stale?` are weak.
+
+    Fixes #17556.
+
+    *Abhishek Yadav*
+
+*   Provide the name of HTTP Status code in assertions.
+
+    *Sean Collins*
+
+*   More explicit error message when running `rake routes`. `CONTROLLER` argument
+    can now be supplied in different ways:
+    `Rails::WelcomeController`, `Rails::Welcome`, `rails/welcome`.
+
+    Fixes #22918.
+
+    *Edouard Chin*
+
+*   Allow `ActionController::Parameters` instances as an argument to URL
+    helper methods. An `ArgumentError` will be raised if the passed parameters
+    are not secure.
+
+    Fixes #22832.
+
+    *Prathamesh Sonpatki*
 
-*   No changes.
+*   Add option for per-form CSRF tokens.
 
+    *Greg Ose & Ben Toews*
+
+*   Add tests and documentation for `ActionController::Renderers::use_renderers`.
+
+    *Benjamin Fleischer*
+
+*   Fix `ActionController::Parameters#convert_parameters_to_hashes` to return filtered
+    or unfiltered values based on from where it is called, `to_h` or `to_unsafe_h`
+    respectively.
+
+    Fixes #22841.
+
+    *Prathamesh Sonpatki*
+
+*   Add `ActionController::Parameters#include?`
+
+    *Justin Coyne*
+
+## Rails 5.0.0.beta1 (December 18, 2015) ##
 
 *   Deprecate `redirect_to :back` in favor of `redirect_back`, which accepts a
     required `fallback_location` argument, thus eliminating the possibility of a
@@ -37,13 +94,13 @@
 
     *Jorge Bejar*
 
-*   Change the `protect_from_forgery` prepend default to `false`
+*   Change the `protect_from_forgery` prepend default to `false`.
 
     Per this comment
     https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want
     `protect_from_forgery` to default to `prepend: false`.
 
-    `protect_from_forgery` will now be insterted into the callback chain at the
+    `protect_from_forgery` will now be inserted into the callback chain at the
     point it is called in your application. This is useful for cases where you
     want to `protect_from_forgery` after you perform required authentication
     callbacks or other callbacks that are required to run after forgery protection.
@@ -85,26 +142,29 @@
 
     *Agis Anastasopoulos*
 
-*   Add the ability of returning arbitrary headers to ActionDispatch::Static
+*   Add the ability of returning arbitrary headers to `ActionDispatch::Static`.
 
     Now ActionDispatch::Static can accept HTTP headers so that developers
     will have control of returning arbitrary headers like
     'Access-Control-Allow-Origin' when a response is delivered. They can be
     configured with `#config`:
 
-      config.public_file_server.headers = {
-        "Cache-Control"               => "public, max-age=60",
-        "Access-Control-Allow-Origin" => "http://rubyonrails.org"
-      }
+    Example:
+
+        config.public_file_server.headers = {
+          "Cache-Control"               => "public, max-age=60",
+          "Access-Control-Allow-Origin" => "http://rubyonrails.org"
+        }
 
     *Yuki Nishijima*
 
 *   Allow multiple `root` routes in same scope level. Example:
 
-    ```ruby
-    root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
-    root 'landing#show'
-    ```
+    Example:
+
+        root 'blog#show', constraints: ->(req) { Hostname.blog_site?(req.host) }
+        root 'landing#show'
+
     *Rafael Sales*
 
 *   Fix regression in mounted engine named routes generation for app deployed to
@@ -115,12 +175,12 @@
 
     *Matthew Erhard*
 
-*   ActionDispatch::Response#new no longer applies default headers.  If you want
+*   `ActionDispatch::Response#new` no longer applies default headers. If you want
     default headers applied to the response object, then call
-    `ActionDispatch::Response.create`.  This change only impacts people who are
+    `ActionDispatch::Response.create`. This change only impacts people who are
     directly constructing an `ActionDispatch::Response` object.
 
-*   Accessing mime types via constants like `Mime::HTML` is deprecated.  Please
+*   Accessing mime types via constants like `Mime::HTML` is deprecated. Please
     change code like this:
 
       Mime::HTML
@@ -173,7 +233,7 @@
 
     *Jeremy Friesen*
 
-*   Using strings or symbols for middleware class names is deprecated.  Convert
+*   Using strings or symbols for middleware class names is deprecated. Convert
     things like this:
 
       middleware.use "Foo::Bar"
@@ -182,10 +242,10 @@
 
       middleware.use Foo::Bar
 
-*   ActionController::TestSession now accepts a default value as well as
+*   `ActionController::TestSession` now accepts a default value as well as
     a block for generating a default value based off the key provided.
 
-    This fixes calls to session#fetch in ApplicationController instances that
+    This fixes calls to `session#fetch` in `ApplicationController` instances that
     take more two arguments or a block from raising `ArgumentError: wrong
     number of arguments (2 for 1)` when performing controller tests.
 
@@ -236,10 +296,10 @@
     *Grey Baker*
 
 *   Add support for API only apps.
-    ActionController::API is added as a replacement of
-    ActionController::Base for this kind of applications.
+    `ActionController::API` is added as a replacement of
+    `ActionController::Base` for this kind of applications.
 
-    *Santiago Pastorino & Jorge Bejar*
+    *Santiago Pastorino*, *Jorge Bejar*
 
 *   Remove `assigns` and `assert_template`. Both methods have been extracted
     into a gem at https://github.com/rails/rails-controller-testing.
@@ -314,7 +374,7 @@
 
 *   Allow `Bearer` as token-keyword in `Authorization-Header`.
 
-    Aditionally to `Token`, the keyword `Bearer` is acceptable as a keyword
+    Additionally to `Token`, the keyword `Bearer` is acceptable as a keyword
     for the auth-token. The `Bearer` keyword is described in the original
     OAuth RFC and used in libraries like Angular-JWT.
 
@@ -322,7 +382,7 @@
 
     *Peter Schröder*
 
-*   Drop request class from RouteSet constructor.
+*   Drop request class from `RouteSet` constructor.
 
     If you would like to use a custom request class, please subclass and implement
     the `request_class` method.
@@ -351,7 +411,7 @@
 
     *Jeremy Kemper*, *Yves Senn*
 
-*   Deprecate AbstractController#skip_action_callback in favor of individual skip_callback methods
+*   Deprecate `AbstractController#skip_action_callback` in favor of individual skip_callback methods
     (which can be made to raise an error if no callback was removed).
 
     *Iain Beeston*
@@ -557,9 +617,7 @@
     Fixes an issue where when an exception is raised in the request the additional
     payload data is not available.
 
-    See:
-    * #14903
-    * https://github.com/roidrage/lograge/issues/37
+    See #14903.
 
     *Dieter Komendera*, *Margus Pärt*
 

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2004-2015 David Heinemeier Hansson
+Copyright (c) 2004-2016 David Heinemeier Hansson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/lib/abstract_controller/base.rb

@@ -49,7 +49,7 @@ module AbstractController
       # instance methods on that abstract class. Public instance methods of
       # a controller would normally be considered action methods, so methods
       # declared on abstract classes are being removed.
-      # (ActionController::Metal and ActionController::Base are defined as abstract)
+      # (<tt>ActionController::Metal</tt> and ActionController::Base are defined as abstract)
       def internal_methods
         controller = self
 
@@ -80,7 +80,7 @@ module AbstractController
 
       # action_methods are cached and there is sometimes need to refresh
       # them. ::clear_action_methods! allows you to do that, so next time
-      # you run action_methods, they will be recalculated
+      # you run action_methods, they will be recalculated.
       def clear_action_methods!
         @action_methods = nil
       end

data/lib/abstract_controller/rendering.rb

@@ -82,13 +82,13 @@ module AbstractController
     # <tt>render :file => "foo/bar"</tt>.
     # :api: plugin
     def _normalize_args(action=nil, options={})
-      case action
-      when ActionController::Parameters
-        unless action.permitted?
+      if action.respond_to?(:permitted?)
+        if action.permitted?
+          action
+        else
           raise ArgumentError, "render parameters are not permitted"
         end
-        action
-      when Hash
+      elsif action.is_a?(Hash)
         action
       else
         options

data/lib/action_controller.rb

@@ -41,6 +41,10 @@ module ActionController
     autoload :UrlFor
   end
 
+  autoload_under "api" do
+    autoload :ApiRendering
+  end
+
   autoload :TestCase,           'action_controller/test_case'
   autoload :TemplateAssertions, 'action_controller/test_case'
 

data/lib/action_controller/api.rb

@@ -112,7 +112,7 @@ module ActionController
 
       UrlFor,
       Redirecting,
-      Rendering,
+      ApiRendering,
       Renderers::All,
       ConditionalGet,
       BasicImplicitRender,

data/lib/action_controller/api/api_rendering.rb

@@ -0,0 +1,14 @@
+module ActionController
+  module ApiRendering
+    extend ActiveSupport::Concern
+
+    included do
+      include Rendering
+    end
+
+    def render_to_body(options = {})
+      _process_options(options)
+      super
+    end
+  end
+end

data/lib/action_controller/metal.rb

@@ -166,7 +166,7 @@ module ActionController
 
     alias :response_code :status # :nodoc:
 
-    # Basic url_for that can be overridden for more robust functionality
+    # Basic url_for that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
@@ -174,6 +174,7 @@ module ActionController
     def response_body=(body)
       body = [body] unless body.nil? || body.respond_to?(:each)
       response.reset_body!
+      return unless body
       body.each { |part|
         next if part.empty?
         response.write part

data/lib/action_controller/metal/conditional_get.rb

@@ -228,7 +228,7 @@ module ActionController
       expires_in 100.years, public: public
 
       yield if stale?(etag: "#{version}-#{request.fullpath}",
-                      last_modified: Time.parse('2011-01-01').utc,
+                      last_modified: Time.new(2011, 1, 1).utc,
                       public: public)
     end
 

data/lib/action_controller/metal/head.rb

@@ -50,7 +50,6 @@ module ActionController
     end
 
     private
-    # :nodoc:
     def include_content?(status)
       case status
       when 100..199

data/lib/action_controller/metal/mime_responds.rb

@@ -9,6 +9,13 @@ module ActionController #:nodoc:
     #     @people = Person.all
     #   end
     #
+    # That action implicitly responds to all formats, but formats can also be whitelisted:
+    #
+    #   def index
+    #     @people = Person.all
+    #     respond_to :html, :js
+    #   end
+    #
     # Here's the same action, with web-service support baked in:
     #
     #   def index
@@ -16,11 +23,12 @@ module ActionController #:nodoc:
     #
     #     respond_to do |format|
     #       format.html
+    #       format.js
     #       format.xml { render xml: @people }
     #     end
     #   end
     #
-    # What that says is, "if the client wants HTML in response to this action, just respond as we
+    # What that says is, "if the client wants HTML or JS in response to this action, just respond as we
     # would have before, but if the client wants XML, return them the list of people in XML format."
     # (Rails determines the desired response format from the HTTP Accept header submitted by the client.)
     #
@@ -180,9 +188,6 @@ module ActionController #:nodoc:
     #     format.html.none
     #     format.html.phone # this gets rendered
     #   end
-    #
-    # Be sure to check the documentation of <tt>ActionController::MimeResponds.respond_to</tt>
-    # for more examples.
     def respond_to(*mimes)
       raise ArgumentError, "respond_to takes either types or a block, never both" if mimes.any? && block_given?
 

data/lib/action_controller/metal/renderers.rb

@@ -11,6 +11,7 @@ module ActionController
     Renderers.remove(key)
   end
 
+  # See <tt>Responder#api_behavior</tt>
   class MissingRenderer < LoadError
     def initialize(format)
       super "No renderer defined for format: #{format}"
@@ -20,40 +21,25 @@ module ActionController
   module Renderers
     extend ActiveSupport::Concern
 
+    # A Set containing renderer names that correspond to available renderer procs.
+    # Default values are <tt>:json</tt>, <tt>:js</tt>, <tt>:xml</tt>.
+    RENDERERS = Set.new
+
     included do
       class_attribute :_renderers
       self._renderers = Set.new.freeze
     end
 
-    module ClassMethods
-      def use_renderers(*args)
-        renderers = _renderers + args
-        self._renderers = renderers.freeze
-      end
-      alias use_renderer use_renderers
-    end
-
-    def render_to_body(options)
-      _render_to_body_with_renderer(options) || super
-    end
+    # Used in <tt>ActionController::Base</tt>
+    # and <tt>ActionController::API</tt> to include all
+    # renderers by default.
+    module All
+      extend ActiveSupport::Concern
+      include Renderers
 
-    def _render_to_body_with_renderer(options)
-      _renderers.each do |name|
-        if options.key?(name)
-          _process_options(options)
-          method_name = Renderers._render_with_renderer_method_name(name)
-          return send(method_name, options.delete(name), options)
-        end
+      included do
+        self._renderers = RENDERERS
       end
-      nil
-    end
-
-    # A Set containing renderer names that correspond to available renderer procs.
-    # Default values are <tt>:json</tt>, <tt>:js</tt>, <tt>:xml</tt>.
-    RENDERERS = Set.new
-
-    def self._render_with_renderer_method_name(key)
-      "_render_with_renderer_#{key}"
     end
 
     # Adds a new renderer to call within controller actions.
@@ -103,13 +89,70 @@ module ActionController
       remove_method(method_name) if method_defined?(method_name)
     end
 
-    module All
-      extend ActiveSupport::Concern
-      include Renderers
+    def self._render_with_renderer_method_name(key)
+      "_render_with_renderer_#{key}"
+    end
 
-      included do
-        self._renderers = RENDERERS
+    module ClassMethods
+
+      # Adds, by name, a renderer or renderers to the +_renderers+ available
+      # to call within controller actions.
+      #
+      # It is useful when rendering from an <tt>ActionController::Metal</tt> controller or
+      # otherwise to add an available renderer proc to a specific controller.
+      #
+      # Both <tt>ActionController::Base</tt> and <tt>ActionController::API</tt>
+      # include <tt>ActionController::Renderers::All</tt>, making all renderers
+      # avaialable in the controller. See <tt>Renderers::RENDERERS</tt> and <tt>Renderers.add</tt>.
+      #
+      # Since <tt>ActionController::Metal</tt> controllers cannot render, the controller
+      # must include <tt>AbstractController::Rendering</tt>, <tt>ActionController::Rendering</tt>,
+      # and <tt>ActionController::Renderers</tt>, and have at lest one renderer.
+      #
+      # Rather than including <tt>ActionController::Renderers::All</tt> and including all renderers,
+      # you may specify which renderers to include by passing the renderer name or names to
+      # +use_renderers+. For example, a controller that includes only the <tt>:json</tt> renderer
+      # (+_render_with_renderer_json+) might look like:
+      #
+      #   class MetalRenderingController < ActionController::Metal
+      #     include AbstractController::Rendering
+      #     include ActionController::Rendering
+      #     include ActionController::Renderers
+      #
+      #     use_renderers :json
+      #
+      #     def show
+      #       render json: record
+      #     end
+      #   end
+      #
+      # You must specify a +use_renderer+, else the +controller.renderer+ and
+      # +controller._renderers+ will be <tt>nil</tt>, and the action will fail.
+      def use_renderers(*args)
+        renderers = _renderers + args
+        self._renderers = renderers.freeze
       end
+      alias use_renderer use_renderers
+    end
+
+    # Called by +render+ in <tt>AbstractController::Rendering</tt>
+    # which sets the return value as the +response_body+.
+    #
+    # If no renderer is found, +super+ returns control to
+    # <tt>ActionView::Rendering.render_to_body</tt>, if present.
+    def render_to_body(options)
+      _render_to_body_with_renderer(options) || super
+    end
+
+    def _render_to_body_with_renderer(options)
+      _renderers.each do |name|
+        if options.key?(name)
+          _process_options(options)
+          method_name = Renderers._render_with_renderer_method_name(name)
+          return send(method_name, options.delete(name), options)
+        end
+      end
+      nil
     end
 
     add :json do |json, options|