actionpack 5.0.7.2 → 5.1.0.beta1

data/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -1,34 +1,23 @@
-require 'rack/utils'
-require 'rack/request'
-require 'rack/session/abstract/id'
-require 'action_dispatch/middleware/cookies'
-require 'action_dispatch/request/session'
+require "rack/utils"
+require "rack/request"
+require "rack/session/abstract/id"
+require "action_dispatch/middleware/cookies"
+require "action_dispatch/request/session"
 
 module ActionDispatch
   module Session
     class SessionRestoreError < StandardError #:nodoc:
-
-      def initialize(const_error = nil)
-        if const_error
-          ActiveSupport::Deprecation.warn("Passing #original_exception is deprecated and has no effect. " \
-                                          "Exceptions will automatically capture the original exception.", caller)
-        end
-
-        super("Session contains objects whose class definition isn't available.\n" +
-          "Remember to require the classes for all objects kept in the session.\n" +
+      def initialize
+        super("Session contains objects whose class definition isn't available.\n" \
+          "Remember to require the classes for all objects kept in the session.\n" \
           "(Original exception: #{$!.message} [#{$!.class}])\n")
         set_backtrace $!.backtrace
       end
-
-      def original_exception
-        ActiveSupport::Deprecation.warn("#original_exception is deprecated. Use #cause instead.", caller)
-        cause
-      end
     end
 
     module Compatibility
       def initialize(app, options = {})
-        options[:key] ||= '_session_id'
+        options[:key] ||= "_session_id"
         super
       end
 
@@ -38,14 +27,13 @@ module ActionDispatch
         sid
       end
 
-    protected
+    private
 
-      def initialize_sid
+      def initialize_sid # :doc:
         @default_options.delete(:sidbits)
         @default_options.delete(:secure_random)
       end
 
-      private
       def make_request(env)
         ActionDispatch::Request.new env
       end
@@ -94,9 +82,9 @@ module ActionDispatch
 
       private
 
-      def set_cookie(request, session_id, cookie)
-        request.cookie_jar[key] = cookie
-      end
+        def set_cookie(request, session_id, cookie)
+          request.cookie_jar[key] = cookie
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/session/cache_store.rb

@@ -1,4 +1,4 @@
-require 'action_dispatch/middleware/session/abstract_store'
+require "action_dispatch/middleware/session/abstract_store"
 
 module ActionDispatch
   module Session
@@ -19,7 +19,7 @@ module ActionDispatch
 
       # Get a session from the cache.
       def find_session(env, sid)
-        unless sid and session = @cache.read(cache_key(sid))
+        unless sid && (session = @cache.read(cache_key(sid)))
           sid, session = generate_sid, {}
         end
         [sid, session]
@@ -29,7 +29,7 @@ module ActionDispatch
       def write_session(env, sid, session, options)
         key = cache_key(sid)
         if session
-          @cache.write(key, session, :expires_in => options[:expire_after])
+          @cache.write(key, session, expires_in: options[:expire_after])
         else
           @cache.delete(key)
         end

data/lib/action_dispatch/middleware/session/cookie_store.rb

@@ -1,6 +1,6 @@
-require 'active_support/core_ext/hash/keys'
-require 'action_dispatch/middleware/session/abstract_store'
-require 'rack/session/cookie'
+require "active_support/core_ext/hash/keys"
+require "action_dispatch/middleware/session/abstract_store"
+require "rack/session/cookie"
 
 module ActionDispatch
   module Session
@@ -63,8 +63,8 @@ module ActionDispatch
     # Other useful options include <tt>:key</tt>, <tt>:secure</tt> and
     # <tt>:httponly</tt>.
     class CookieStore < AbstractStore
-      def initialize(app, options={})
-        super(app, options.merge!(:cookie_only => true))
+      def initialize(app, options = {})
+        super(app, options.merge!(cookie_only: true))
       end
 
       def delete_session(req, session_id, options)
@@ -84,46 +84,46 @@ module ActionDispatch
 
       private
 
-      def extract_session_id(req)
-        stale_session_check! do
-          unpacked_cookie_data(req)["session_id"]
+        def extract_session_id(req)
+          stale_session_check! do
+            unpacked_cookie_data(req)["session_id"]
+          end
         end
-      end
 
-      def unpacked_cookie_data(req)
-        req.fetch_header("action_dispatch.request.unsigned_session_cookie") do |k|
-          v = stale_session_check! do
-            if data = get_cookie(req)
-              data.stringify_keys!
+        def unpacked_cookie_data(req)
+          req.fetch_header("action_dispatch.request.unsigned_session_cookie") do |k|
+            v = stale_session_check! do
+              if data = get_cookie(req)
+                data.stringify_keys!
+              end
+              data || {}
             end
-            data || {}
+            req.set_header k, v
           end
-          req.set_header k, v
         end
-      end
 
-      def persistent_session_id!(data, sid=nil)
-        data ||= {}
-        data["session_id"] ||= sid || generate_sid
-        data
-      end
+        def persistent_session_id!(data, sid = nil)
+          data ||= {}
+          data["session_id"] ||= sid || generate_sid
+          data
+        end
 
-      def write_session(req, sid, session_data, options)
-        session_data["session_id"] = sid
-        session_data
-      end
+        def write_session(req, sid, session_data, options)
+          session_data["session_id"] = sid
+          session_data
+        end
 
-      def set_cookie(request, session_id, cookie)
-        cookie_jar(request)[@key] = cookie
-      end
+        def set_cookie(request, session_id, cookie)
+          cookie_jar(request)[@key] = cookie
+        end
 
-      def get_cookie(req)
-        cookie_jar(req)[@key]
-      end
+        def get_cookie(req)
+          cookie_jar(req)[@key]
+        end
 
-      def cookie_jar(request)
-        request.cookie_jar.signed_or_encrypted
-      end
+        def cookie_jar(request)
+          request.cookie_jar.signed_or_encrypted
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/session/mem_cache_store.rb

@@ -1,6 +1,6 @@
-require 'action_dispatch/middleware/session/abstract_store'
+require "action_dispatch/middleware/session/abstract_store"
 begin
-  require 'rack/session/dalli'
+  require "rack/session/dalli"
 rescue LoadError => e
   $stderr.puts "You don't have dalli installed in your application. Please add it to your Gemfile and run bundle install"
   raise e

data/lib/action_dispatch/middleware/show_exceptions.rb

@@ -1,5 +1,5 @@
-require 'action_dispatch/http/request'
-require 'action_dispatch/middleware/exception_wrapper'
+require "action_dispatch/http/request"
+require "action_dispatch/middleware/exception_wrapper"
 
 module ActionDispatch
   # This middleware rescues any exception returned by the application
@@ -15,7 +15,7 @@ module ActionDispatch
   # If any exception happens inside the exceptions app, this middleware
   # catches the exceptions and returns a FAILSAFE_RESPONSE.
   class ShowExceptions
-    FAILSAFE_RESPONSE = [500, { 'Content-Type' => 'text/plain' },
+    FAILSAFE_RESPONSE = [500, { "Content-Type" => "text/plain" },
       ["500 Internal Server Error\n" \
        "If you are the administrator of this website, then please read this web " \
        "application's log file and/or the web server's log file to find out what " \
@@ -39,22 +39,22 @@ module ActionDispatch
 
     private
 
-    def render_exception(request, exception)
-      backtrace_cleaner = request.get_header 'action_dispatch.backtrace_cleaner'
-      wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
-      status  = wrapper.status_code
-      request.set_header "action_dispatch.exception", wrapper.exception
-      request.set_header "action_dispatch.original_path", request.path_info
-      request.path_info = "/#{status}"
-      response = @exceptions_app.call(request.env)
-      response[1]['X-Cascade'] == 'pass' ? pass_response(status) : response
-    rescue Exception => failsafe_error
-      $stderr.puts "Error during failsafe response: #{failsafe_error}\n  #{failsafe_error.backtrace * "\n  "}"
-      FAILSAFE_RESPONSE
-    end
+      def render_exception(request, exception)
+        backtrace_cleaner = request.get_header "action_dispatch.backtrace_cleaner"
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
+        status  = wrapper.status_code
+        request.set_header "action_dispatch.exception", wrapper.exception
+        request.set_header "action_dispatch.original_path", request.path_info
+        request.path_info = "/#{status}"
+        response = @exceptions_app.call(request.env)
+        response[1]["X-Cascade"] == "pass" ? pass_response(status) : response
+      rescue Exception => failsafe_error
+        $stderr.puts "Error during failsafe response: #{failsafe_error}\n  #{failsafe_error.backtrace * "\n  "}"
+        FAILSAFE_RESPONSE
+      end
 
-    def pass_response(status)
-      [status, {"Content-Type" => "text/html; charset=#{Response.default_charset}", "Content-Length" => "0"}, []]
-    end
+      def pass_response(status)
+        [status, { "Content-Type" => "text/html; charset=#{Response.default_charset}", "Content-Length" => "0" }, []]
+      end
   end
 end

data/lib/action_dispatch/middleware/ssl.rb

@@ -23,7 +23,7 @@ module ActionDispatch
   #     `180.days` (recommended).
   #   * `subdomains`: Set to `true` to tell the browser to apply these settings
   #     to all subdomains. This protects your cookies from interception by a
-  #     vulnerable site on a subdomain. Defaults to `false`.
+  #     vulnerable site on a subdomain. Defaults to `true`.
   #   * `preload`: Advertise that this site may be included in browsers'
   #     preloaded HSTS lists. HSTS protects your site on every visit *except the
   #     first visit* since it hasn't seen your HSTS header yet. To close this
@@ -45,35 +45,17 @@ module ActionDispatch
     HSTS_EXPIRES_IN = 15552000
 
     def self.default_hsts_options
-      { expires: HSTS_EXPIRES_IN, subdomains: false, preload: false }
+      { expires: HSTS_EXPIRES_IN, subdomains: true, preload: false }
     end
 
-    def initialize(app, redirect: {}, hsts: {}, secure_cookies: true, **options)
+    def initialize(app, redirect: {}, hsts: {}, secure_cookies: true)
       @app = app
 
-      if options[:host] || options[:port]
-        ActiveSupport::Deprecation.warn <<-end_warning.strip_heredoc
-          The `:host` and `:port` options are moving within `:redirect`:
-          `config.ssl_options = { redirect: { host: …, port: … } }`.
-        end_warning
-        @redirect = options.slice(:host, :port)
-      else
-        @redirect = redirect
-      end
+      @redirect = redirect
 
       @exclude = @redirect && @redirect[:exclude] || proc { !@redirect }
       @secure_cookies = secure_cookies
 
-      if hsts != true && hsts != false && hsts[:subdomains].nil?
-        hsts[:subdomains] = false
-
-        ActiveSupport::Deprecation.warn <<-end_warning.strip_heredoc
-          In Rails 5.1, The `:subdomains` option of HSTS config will be treated as true if
-          unspecified. Set `config.ssl_options = { hsts: { subdomains: false } }` to opt out
-          of this behavior.
-        end_warning
-      end
-
       @hsts_header = build_hsts_header(normalize_hsts_options(hsts))
     end
 
@@ -93,7 +75,7 @@ module ActionDispatch
 
     private
       def set_hsts_header!(headers)
-        headers['Strict-Transport-Security'.freeze] ||= @hsts_header
+        headers["Strict-Transport-Security".freeze] ||= @hsts_header
       end
 
       def normalize_hsts_options(options)
@@ -119,10 +101,10 @@ module ActionDispatch
       end
 
       def flag_cookies_as_secure!(headers)
-        if cookies = headers['Set-Cookie'.freeze]
+        if cookies = headers["Set-Cookie".freeze]
           cookies = cookies.split("\n".freeze)
 
-          headers['Set-Cookie'.freeze] = cookies.map { |cookie|
+          headers["Set-Cookie".freeze] = cookies.map { |cookie|
             if cookie !~ /;\s*secure\s*(;|$)/i
               "#{cookie}; secure"
             else
@@ -134,8 +116,8 @@ module ActionDispatch
 
       def redirect_to_https(request)
         [ @redirect.fetch(:status, redirection_status(request)),
-          { 'Content-Type' => 'text/html',
-            'Location' => https_location_for(request) },
+          { "Content-Type" => "text/html",
+            "Location" => https_location_for(request) },
           @redirect.fetch(:body, []) ]
       end
 

data/lib/action_dispatch/middleware/stack.rb

@@ -88,7 +88,6 @@ module ActionDispatch
     end
 
     def delete(target)
-      target = get_class target
       middlewares.delete_if { |m| m.klass == target }
     end
 
@@ -102,32 +101,14 @@ module ActionDispatch
 
     private
 
-    def assert_index(index, where)
-      index = get_class index
-      i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
-      raise "No such middleware to insert #{where}: #{index.inspect}" unless i
-      i
-    end
-
-    def get_class(klass)
-      if klass.is_a?(String) || klass.is_a?(Symbol)
-        classcache = ActiveSupport::Dependencies::Reference
-        converted_klass = classcache[klass.to_s]
-        ActiveSupport::Deprecation.warn <<-eowarn
-Passing strings or symbols to the middleware builder is deprecated, please change
-them to actual class references.  For example:
-
-  "#{klass}" => #{converted_klass}
-
-        eowarn
-        converted_klass
-      else
-        klass
+      def assert_index(index, where)
+        i = index.is_a?(Integer) ? index : middlewares.index { |m| m.klass == index }
+        raise "No such middleware to insert #{where}: #{index.inspect}" unless i
+        i
       end
-    end
 
-    def build_middleware(klass, args, block)
-      Middleware.new(get_class(klass), args, block)
-    end
+      def build_middleware(klass, args, block)
+        Middleware.new(klass, args, block)
+      end
   end
 end

data/lib/action_dispatch/middleware/static.rb

@@ -1,5 +1,5 @@
-require 'rack/utils'
-require 'active_support/core_ext/uri'
+require "rack/utils"
+require "active_support/core_ext/uri"
 
 module ActionDispatch
   # This middleware returns a file's contents from disk in the body response.
@@ -13,8 +13,8 @@ module ActionDispatch
   # located at `public/assets/application.js` if the file exists. If the file
   # does not exist, a 404 "File not Found" response will be returned.
   class FileHandler
-    def initialize(root, index: 'index', headers: {})
-      @root          = root.chomp('/')
+    def initialize(root, index: "index", headers: {})
+      @root          = root.chomp("/")
       @file_server   = ::Rack::File.new(@root, headers)
       @index         = index
     end
@@ -27,13 +27,13 @@ module ActionDispatch
     # in the server's `public/` directory (see Static#call).
     def match?(path)
       path = ::Rack::Utils.unescape_path path
-      return false unless valid_path?(path)
-      path = Rack::Utils.clean_path_info path
+      return false unless ::Rack::Utils.valid_path? path
+      path = ::Rack::Utils.clean_path_info path
 
       paths = [path, "#{path}#{ext}", "#{path}/#{@index}#{ext}"]
 
       if match = paths.detect { |p|
-        path = File.join(@root, p.force_encoding('UTF-8'.freeze))
+        path = File.join(@root, p.force_encoding(Encoding::UTF_8))
         begin
           File.file?(path) && File.readable?(path)
         rescue SystemCallError
@@ -59,13 +59,13 @@ module ActionDispatch
         if status == 304
           return [status, headers, body]
         end
-        headers['Content-Encoding'] = 'gzip'
-        headers['Content-Type']     = content_type(path)
+        headers["Content-Encoding"] = "gzip"
+        headers["Content-Type"]     = content_type(path)
       else
         status, headers, body = @file_server.call(request.env)
       end
 
-      headers['Vary'] = 'Accept-Encoding' if gzip_path
+      headers["Vary"] = "Accept-Encoding" if gzip_path
 
       return [status, headers, body]
     ensure
@@ -78,7 +78,7 @@ module ActionDispatch
       end
 
       def content_type(path)
-        ::Rack::Mime.mime_type(::File.extname(path), 'text/plain'.freeze)
+        ::Rack::Mime.mime_type(::File.extname(path), "text/plain".freeze)
       end
 
       def gzip_encoding_accepted?(request)
@@ -94,10 +94,6 @@ module ActionDispatch
           false
         end
       end
-
-      def valid_path?(path)
-        path.valid_encoding? && !path.include?("\0")
-      end
   end
 
   # This middleware will attempt to return the contents of a file's body from
@@ -110,14 +106,7 @@ module ActionDispatch
   # produce a directory traversal using this middleware. Only 'GET' and 'HEAD'
   # requests will result in a file being returned.
   class Static
-    def initialize(app, path, deprecated_cache_control = :not_set, index: 'index', headers: {})
-      if deprecated_cache_control != :not_set
-        ActiveSupport::Deprecation.warn("The `cache_control` argument is deprecated," \
-                                        "replaced by `headers: { 'Cache-Control' => #{deprecated_cache_control} }`, " \
-                                        " and will be removed in Rails 5.1.")
-        headers['Cache-Control'.freeze] = deprecated_cache_control
-      end
-
+    def initialize(app, path, index: "index", headers: {})
       @app = app
       @file_handler = FileHandler.new(path, index: index, headers: headers)
     end
@@ -126,7 +115,7 @@ module ActionDispatch
       req = Rack::Request.new env
 
       if req.get? || req.head?
-        path = req.path_info.chomp('/'.freeze)
+        path = req.path_info.chomp("/".freeze)
         if match = @file_handler.match?(path)
           req.path_info = match
           return @file_handler.serve(req)