actionpack 5.0.7.2 → 5.1.0.beta1

data/lib/action_controller/metal/http_authentication.rb

@@ -1,5 +1,5 @@
-require 'base64'
-require 'active_support/security_utils'
+require "base64"
+require "active_support/security_utils"
 
 module ActionController
   # Makes it dead easy to do HTTP Basic, Digest and Token authentication.
@@ -28,7 +28,7 @@ module ActionController
     #   class ApplicationController < ActionController::Base
     #     before_action :set_account, :authenticate
     #
-    #     protected
+    #     private
     #       def set_account
     #         @account = Account.find_by(url_name: request.subdomains.first)
     #       end
@@ -99,23 +99,23 @@ module ActionController
       end
 
       def has_basic_credentials?(request)
-        request.authorization.present? && (auth_scheme(request).downcase == 'basic')
+        request.authorization.present? && (auth_scheme(request).downcase == "basic")
       end
 
       def user_name_and_password(request)
-        decode_credentials(request).split(':', 2)
+        decode_credentials(request).split(":", 2)
       end
 
       def decode_credentials(request)
-        ::Base64.decode64(auth_param(request) || '')
+        ::Base64.decode64(auth_param(request) || "")
       end
 
       def auth_scheme(request)
-        request.authorization.to_s.split(' ', 2).first
+        request.authorization.to_s.split(" ", 2).first
       end
 
       def auth_param(request)
-        request.authorization.to_s.split(' ', 2).second
+        request.authorization.to_s.split(" ", 2).second
       end
 
       def encode_credentials(user_name, password)
@@ -208,7 +208,7 @@ module ActionController
           password = password_procedure.call(credentials[:username])
           return false unless password
 
-          method = request.get_header('rack.methodoverride.original_method') || request.get_header('REQUEST_METHOD')
+          method = request.get_header("rack.methodoverride.original_method") || request.get_header("REQUEST_METHOD")
           uri    = credentials[:uri]
 
           [true, false].any? do |trailing_question_mark|
@@ -224,19 +224,19 @@ module ActionController
       # Returns the expected response for a request of +http_method+ to +uri+ with the decoded +credentials+ and the expected +password+
       # Optional parameter +password_is_ha1+ is set to +true+ by default, since best practice is to store ha1 digest instead
       # of a plain-text password.
-      def expected_response(http_method, uri, credentials, password, password_is_ha1=true)
+      def expected_response(http_method, uri, credentials, password, password_is_ha1 = true)
         ha1 = password_is_ha1 ? password : ha1(credentials, password)
-        ha2 = ::Digest::MD5.hexdigest([http_method.to_s.upcase, uri].join(':'))
-        ::Digest::MD5.hexdigest([ha1, credentials[:nonce], credentials[:nc], credentials[:cnonce], credentials[:qop], ha2].join(':'))
+        ha2 = ::Digest::MD5.hexdigest([http_method.to_s.upcase, uri].join(":"))
+        ::Digest::MD5.hexdigest([ha1, credentials[:nonce], credentials[:nc], credentials[:cnonce], credentials[:qop], ha2].join(":"))
       end
 
       def ha1(credentials, password)
-        ::Digest::MD5.hexdigest([credentials[:username], credentials[:realm], password].join(':'))
+        ::Digest::MD5.hexdigest([credentials[:username], credentials[:realm], password].join(":"))
       end
 
       def encode_credentials(http_method, credentials, password, password_is_ha1)
         credentials[:response] = expected_response(http_method, credentials[:uri], credentials, password, password_is_ha1)
-        "Digest " + credentials.sort_by {|x| x[0].to_s }.map {|v| "#{v[0]}='#{v[1]}'" }.join(', ')
+        "Digest " + credentials.sort_by { |x| x[0].to_s }.map { |v| "#{v[0]}='#{v[1]}'" }.join(", ")
       end
 
       def decode_credentials_header(request)
@@ -244,9 +244,9 @@ module ActionController
       end
 
       def decode_credentials(header)
-        ActiveSupport::HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/, '').split(',').map do |pair|
-          key, value = pair.split('=', 2)
-          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
+        ActiveSupport::HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/, "").split(",").map do |pair|
+          key, value = pair.split("=", 2)
+          [key.strip, value.to_s.gsub(/^"|"$/, "").delete('\'')]
         end]
       end
 
@@ -314,7 +314,7 @@ module ActionController
       # Can be much shorter if the Stale directive is implemented. This would
       # allow a user to use new nonce without prompting the user again for their
       # username and password.
-      def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
+      def validate_nonce(secret_key, request, value, seconds_to_timeout = 5 * 60)
         return false if value.nil?
         t = ::Base64.decode64(value).split(":").first.to_i
         nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
@@ -324,7 +324,6 @@ module ActionController
       def opaque(secret_key)
         ::Digest::MD5.hexdigest(secret_key)
       end
-
     end
 
     # Makes it dead easy to do HTTP Token authentication.
@@ -364,7 +363,7 @@ module ActionController
     #   class ApplicationController < ActionController::Base
     #     before_action :set_account, :authenticate
     #
-    #     protected
+    #     private
     #       def set_account
     #         @account = Account.find_by(url_name: request.subdomains.first)
     #       end
@@ -406,7 +405,7 @@ module ActionController
     #
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Token
-      TOKEN_KEY = 'token='
+      TOKEN_KEY = "token="
       TOKEN_REGEX = /^(Token|Bearer)\s+/
       AUTHN_PAIR_DELIMITERS = /(?:,|;|\t+)/
       extend self
@@ -476,14 +475,14 @@ module ActionController
 
       # This removes the <tt>"</tt> characters wrapping the value.
       def rewrite_param_values(array_params)
-        array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, '' }
+        array_params.each { |param| (param[1] || "").gsub! %r/^"|"$/, "" }
       end
 
       # This method takes an authorization body and splits up the key-value
       # pairs by the standardized <tt>:</tt>, <tt>;</tt>, or <tt>\t</tt>
       # delimiters defined in +AUTHN_PAIR_DELIMITERS+.
       def raw_params(auth)
-        _raw_params = auth.sub(TOKEN_REGEX, '').split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
+        _raw_params = auth.sub(TOKEN_REGEX, "").split(/\s*#{AUTHN_PAIR_DELIMITERS}\s*/)
 
         if !(_raw_params.first =~ %r{\A#{TOKEN_KEY}})
           _raw_params[0] = "#{TOKEN_KEY}#{_raw_params.first}"

data/lib/action_controller/metal/implicit_render.rb

@@ -1,5 +1,3 @@
-require 'active_support/core_ext/string/strip'
-
 module ActionController
   # Handles implicit rendering for a controller action that does not
   # explicitly respond with +render+, +respond_to+, +redirect+, or +head+.
@@ -27,7 +25,6 @@ module ActionController
   # Finally, if we DON'T find a template AND the request isn't a browser page
   # load, then we implicitly respond with 204 No Content.
   module ImplicitRender
-
     # :stopdoc:
     include BasicImplicitRender
 
@@ -62,8 +59,8 @@ module ActionController
 
     def method_for_action(action_name)
       super || if template_exists?(action_name.to_s, _prefixes)
-        "default_render"
-      end
+                 "default_render"
+               end
     end
 
     private

data/lib/action_controller/metal/instrumentation.rb

@@ -1,5 +1,5 @@
-require 'benchmark'
-require 'abstract_controller/logger'
+require "benchmark"
+require "abstract_controller/logger"
 
 module ActionController
   # Adds instrumentation to several ends in ActionController::Base. It also provides
@@ -16,13 +16,13 @@ module ActionController
 
     def process_action(*args)
       raw_payload = {
-        :controller => self.class.name,
-        :action     => self.action_name,
-        :params     => request.filtered_parameters,
-        :headers    => request.headers,
-        :format     => request.format.ref,
-        :method     => request.request_method,
-        :path       => request.fullpath
+        controller: self.class.name,
+        action: action_name,
+        params: request.filtered_parameters,
+        headers: request.headers,
+        format: request.format.ref,
+        method: request.request_method,
+        path: request.fullpath
       }
 
       ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload.dup)
@@ -46,9 +46,9 @@ module ActionController
       render_output
     end
 
-    def send_file(path, options={})
+    def send_file(path, options = {})
       ActiveSupport::Notifications.instrument("send_file.action_controller",
-        options.merge(:path => path)) do
+        options.merge(path: path)) do
         super
       end
     end
@@ -72,7 +72,7 @@ module ActionController
 
     # A hook invoked every time a before callback is halted.
     def halted_callback_hook(filter)
-      ActiveSupport::Notifications.instrument("halted_callback.action_controller", :filter => filter)
+      ActiveSupport::Notifications.instrument("halted_callback.action_controller", filter: filter)
     end
 
     # A hook which allows you to clean up any time, wrongly taken into account in
@@ -83,14 +83,14 @@ module ActionController
     #   end
     #
     # :api: plugin
-    def cleanup_view_runtime #:nodoc:
+    def cleanup_view_runtime
       yield
     end
 
     # Every time after an action is processed, this method is invoked
     # with the payload, so you can add more information.
     # :api: plugin
-    def append_info_to_payload(payload) #:nodoc:
+    def append_info_to_payload(payload)
       payload[:view_runtime] = view_runtime
     end
 

data/lib/action_controller/metal/live.rb

@@ -1,6 +1,6 @@
-require 'action_dispatch/http/response'
-require 'delegate'
-require 'active_support/json'
+require "action_dispatch/http/response"
+require "delegate"
+require "active_support/json"
 
 module ActionController
   # Mix this module into your controller, and all actions in that controller
@@ -84,7 +84,6 @@ module ActionController
     # Note: SSEs are not currently supported by IE. However, they are supported
     # by Chrome, Firefox, Opera, and Safari.
     class SSE
-
       WHITELISTED_OPTIONS = %w( retry event id )
 
       def initialize(stream, options = {})
@@ -220,18 +219,18 @@ module ActionController
     class Response < ActionDispatch::Response #:nodoc: all
       private
 
-      def before_committed
-        super
-        jar = request.cookie_jar
-        # The response can be committed multiple times
-        jar.write self unless committed?
-      end
+        def before_committed
+          super
+          jar = request.cookie_jar
+          # The response can be committed multiple times
+          jar.write self unless committed?
+        end
 
-      def build_buffer(response, body)
-        buf = Live::Buffer.new response
-        body.each { |part| buf.write part }
-        buf
-      end
+        def build_buffer(response, body)
+          buf = Live::Buffer.new response
+          body.each { |part| buf.write part }
+          buf
+        end
     end
 
     def process(name)
@@ -248,7 +247,7 @@ module ActionController
 
           # Since we're processing the view in a different thread, copy the
           # thread locals from the main thread to the child thread. :'(
-          locals.each { |k,v| t2[k] = v }
+          locals.each { |k, v| t2[k] = v }
 
           begin
             super(name)

data/lib/action_controller/metal/mime_responds.rb

@@ -1,4 +1,4 @@
-require 'abstract_controller/collector'
+require "abstract_controller/collector"
 
 module ActionController #:nodoc:
   module MimeResponds
@@ -280,8 +280,8 @@ module ActionController #:nodoc:
 
         def any(*args, &block)
           if block_given?
-            if args.any? && args.none?{ |a| a == @variant }
-              args.each{ |v| @variants[v] = block }
+            if args.any? && args.none? { |a| a == @variant }
+              args.each { |v| @variants[v] = block }
             else
               @variants[:any] = block
             end

data/lib/action_controller/metal/parameter_encoding.rb

@@ -0,0 +1,49 @@
+module ActionController
+  # Specify binary encoding for parameters for a given action.
+  module ParameterEncoding
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def inherited(klass) # :nodoc:
+        super
+        klass.setup_param_encode
+      end
+
+      def setup_param_encode # :nodoc:
+        @_parameter_encodings = {}
+      end
+
+      def binary_params_for?(action) # :nodoc:
+        @_parameter_encodings[action.to_s]
+      end
+
+      # Specify that a given action's parameters should all be encoded as
+      # ASCII-8BIT (it "skips" the encoding default of UTF-8).
+      #
+      # For example, a controller would use it like this:
+      #
+      #   class RepositoryController < ActionController::Base
+      #     skip_parameter_encoding :show
+      #
+      #     def show
+      #       @repo = Repository.find_by_filesystem_path params[:file_path]
+      #
+      #       # `repo_name` is guaranteed to be UTF-8, but was ASCII-8BIT, so
+      #       # tag it as such
+      #       @repo_name = params[:repo_name].force_encoding 'UTF-8'
+      #     end
+      #
+      #     def index
+      #       @repositories = Repository.all
+      #     end
+      #   end
+      #
+      # The show action in the above controller would have all parameter values
+      # encoded as ASCII-8BIT.  This is useful in the case where an application
+      # must handle data but encoding of the data is unknown, like file system data.
+      def skip_parameter_encoding(action)
+        @_parameter_encodings[action.to_s] = true
+      end
+    end
+  end
+end

data/lib/action_controller/metal/params_wrapper.rb

@@ -1,7 +1,7 @@
-require 'active_support/core_ext/hash/slice'
-require 'active_support/core_ext/hash/except'
-require 'active_support/core_ext/module/anonymous'
-require 'action_dispatch/http/mime_type'
+require "active_support/core_ext/hash/slice"
+require "active_support/core_ext/hash/except"
+require "active_support/core_ext/module/anonymous"
+require "action_dispatch/http/mime_type"
 
 module ActionController
   # Wraps the parameters hash into a nested hash. This will allow clients to
@@ -71,7 +71,7 @@ module ActionController
 
     EXCLUDE_PARAMETERS = %w(authenticity_token _method utf8)
 
-    require 'mutex_m'
+    require "mutex_m"
 
     class Options < Struct.new(:name, :format, :include, :exclude, :klass, :model) # :nodoc:
       include Mutex_m
@@ -128,30 +128,30 @@ module ActionController
       end
 
       private
-      # Determine the wrapper model from the controller's name. By convention,
-      # this could be done by trying to find the defined model that has the
-      # same singular name as the controller. For example, +UsersController+
-      # will try to find if the +User+ model exists.
-      #
-      # This method also does namespace lookup. Foo::Bar::UsersController will
-      # try to find Foo::Bar::User, Foo::User and finally User.
-      def _default_wrap_model #:nodoc:
-        return nil if klass.anonymous?
-        model_name = klass.name.sub(/Controller$/, '').classify
-
-        begin
-          if model_klass = model_name.safe_constantize
-            model_klass
-          else
-            namespaces = model_name.split("::")
-            namespaces.delete_at(-2)
-            break if namespaces.last == model_name
-            model_name = namespaces.join("::")
-          end
-        end until model_klass
+        # Determine the wrapper model from the controller's name. By convention,
+        # this could be done by trying to find the defined model that has the
+        # same singular name as the controller. For example, +UsersController+
+        # will try to find if the +User+ model exists.
+        #
+        # This method also does namespace lookup. Foo::Bar::UsersController will
+        # try to find Foo::Bar::User, Foo::User and finally User.
+        def _default_wrap_model
+          return nil if klass.anonymous?
+          model_name = klass.name.sub(/Controller$/, "").classify
+
+          begin
+            if model_klass = model_name.safe_constantize
+              model_klass
+            else
+              namespaces = model_name.split("::")
+              namespaces.delete_at(-2)
+              break if namespaces.last == model_name
+              model_name = namespaces.join("::")
+            end
+          end until model_klass
 
-        model_klass
-      end
+          model_klass
+        end
     end
 
     included do
@@ -198,14 +198,14 @@ module ActionController
         when Hash
           options = name_or_model_or_options
         when false
-          options = options.merge(:format => [])
+          options = options.merge(format: [])
         when Symbol, String
-          options = options.merge(:name => name_or_model_or_options)
+          options = options.merge(name: name_or_model_or_options)
         else
           model = name_or_model_or_options
         end
 
-        opts   = Options.from_hash _wrapper_options.to_h.slice(:format).merge(options)
+        opts = Options.from_hash _wrapper_options.to_h.slice(:format).merge(options)
         opts.model = model
         opts.klass = self
 
@@ -279,7 +279,7 @@ module ActionController
         return false unless request.has_content_type?
 
         ref = request.content_mime_type.ref
-        _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters.key?(_wrapper_key)
+        _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key]
       end
   end
 end