actionpack 5.1.7 → 5.2.0.beta1

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -106,6 +106,7 @@
 
     .line {
       padding-left: 10px;
+      white-space: pre;
     }
 
     .line:hover {

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -17,6 +17,10 @@
     line-height: 15px;
   }
 
+  #route_table thead tr.bottom th input#search {
+    -webkit-appearance: textfield;
+  }
+
   #route_table tbody tr {
     border-bottom: 1px solid #ddd;
   }
@@ -60,7 +64,7 @@
         <%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute url (with the http and domain)"   %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>
       </th>
       <th><%# HTTP Verb %>
       </th>
@@ -93,7 +97,7 @@
       }
     }
 
-    // get JSON from url and invoke callback with result
+    // get JSON from URL and invoke callback with result
     function getJSON(url, success) {
       var xhr = new XMLHttpRequest();
       xhr.open('GET', url);

data/lib/action_dispatch/railtie.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 require "action_dispatch"
+require "active_support/messages/rotation_configuration"
 
 module ActionDispatch
   class Railtie < Rails::Railtie # :nodoc:
@@ -16,6 +19,8 @@ module ActionDispatch
     config.action_dispatch.signed_cookie_salt = "signed cookie"
     config.action_dispatch.encrypted_cookie_salt = "encrypted cookie"
     config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
+    config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
+    config.action_dispatch.use_authenticated_cookie_encryption = false
     config.action_dispatch.perform_deep_munge = true
 
     config.action_dispatch.default_headers = {
@@ -24,6 +29,8 @@ module ActionDispatch
       "X-Content-Type-Options" => "nosniff"
     }
 
+    config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
+
     config.eager_load_namespaces << ActionDispatch
 
     initializer "action_dispatch.configure" do |app|

data/lib/action_dispatch/request/session.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rack/session/abstract/id"
 
 module ActionDispatch
@@ -7,10 +9,10 @@ module ActionDispatch
       ENV_SESSION_KEY         = Rack::RACK_SESSION # :nodoc:
       ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS # :nodoc:
 
-      # Singleton object used to determine if an optional param wasn't specified
+      # Singleton object used to determine if an optional param wasn't specified.
       Unspecified = Object.new
 
-      # Creates a session hash, merging the properties of the previous session if any
+      # Creates a session hash, merging the properties of the previous session if any.
       def self.create(store, req, default_options)
         session_was = find req
         session     = Request::Session.new(store, req)
@@ -63,7 +65,7 @@ module ActionDispatch
         @req      = req
         @delegate = {}
         @loaded   = false
-        @exists   = nil # we haven't checked yet
+        @exists   = nil # We haven't checked yet.
       end
 
       def id
@@ -79,7 +81,7 @@ module ActionDispatch
         options = self.options || {}
         @by.send(:delete_session, @req, options.id(@req), options)
 
-        # Load the new sid to be written with the response
+        # Load the new sid to be written with the response.
         @loaded = false
         load_for_write!
       end
@@ -101,11 +103,13 @@ module ActionDispatch
 
       # Returns keys of the session as Array.
       def keys
+        load_for_read!
         @delegate.keys
       end
 
       # Returns values of the session as Array.
       def values
+        load_for_read!
         @delegate.values
       end
 

data/lib/action_dispatch/request/utils.rb

@@ -1,8 +1,9 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   class Request
     class Utils # :nodoc:
-      mattr_accessor :perform_deep_munge
-      self.perform_deep_munge = true
+      mattr_accessor :perform_deep_munge, default: true
 
       def self.each_param_value(params, &block)
         case params
@@ -40,7 +41,6 @@ module ActionDispatch
 
       class ParamEncoder # :nodoc:
         # Convert nested Hash to HashWithIndifferentAccess.
-        #
         def self.normalize_encode_params(params)
           case params
           when Array
@@ -63,7 +63,7 @@ module ActionDispatch
         end
       end
 
-      # Remove nils from the params hash
+      # Remove nils from the params hash.
       class NoNilParamEncoder < ParamEncoder # :nodoc:
         def self.handle_array(params)
           list = super

data/lib/action_dispatch/routing.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/string/filters"
 
 module ActionDispatch
@@ -120,7 +122,7 @@ module ActionDispatch
   #   controller :blog do
   #     get 'blog/show'     => :list
   #     get 'blog/delete'   => :delete
-  #     get 'blog/edit' => :edit
+  #     get 'blog/edit'     => :edit
   #   end
   #
   #   # provides named routes for show, delete, and edit

data/lib/action_dispatch/routing/endpoint.rb

@@ -1,10 +1,14 @@
+# frozen_string_literal: true
+
 module ActionDispatch
   module Routing
     class Endpoint # :nodoc:
-      def dispatcher?;   false; end
-      def redirect?;     false; end
-      def matches?(req); true;  end
-      def app;           self;  end
+      def dispatcher?;                           false; end
+      def redirect?;                             false; end
+      def engine?;       rack_app.respond_to?(:routes); end
+      def matches?(req);                          true; end
+      def app;                                    self; end
+      def rack_app;                                app; end
     end
   end
 end

data/lib/action_dispatch/routing/inspector.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "delegate"
 require "active_support/core_ext/string/strip"
 
@@ -13,7 +15,7 @@ module ActionDispatch
       end
 
       def rack_app
-        app.app
+        app.rack_app
       end
 
       def path
@@ -45,7 +47,7 @@ module ActionDispatch
       end
 
       def engine?
-        rack_app.respond_to?(:routes)
+        app.engine?
       end
     end
 
@@ -196,7 +198,7 @@ module ActionDispatch
         @buffer << @view.render(partial: "routes/route", collection: routes)
       end
 
-      # the header is part of the HTML page, so we don't construct it here.
+      # The header is part of the HTML page, so we don't construct it here.
       def header(routes)
       end
 

data/lib/action_dispatch/routing/mapper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/hash/slice"
 require "active_support/core_ext/enumerable"
 require "active_support/core_ext/array/extract_options"
@@ -17,9 +19,9 @@ module ActionDispatch
         CALL  = ->(app, req) { app.call req.env }
 
         def initialize(app, constraints, strategy)
-          # Unwrap Constraints objects.  I don't actually think it's possible
+          # Unwrap Constraints objects. I don't actually think it's possible
           # to pass a Constraints object to this constructor, but there were
-          # multiple places that kept testing children of this object.  I
+          # multiple places that kept testing children of this object. I
           # *think* they were just being defensive, but I have no idea.
           if app.is_a?(self.class)
             constraints += app.constraints
@@ -219,7 +221,7 @@ module ActionDispatch
         private
           def add_wildcard_options(options, formatted, path_ast)
             # Add a constraint for wildcard route to make it non-greedy and match the
-            # optional format part of the route by default
+            # optional format part of the route by default.
             if formatted != false
               path_ast.grep(Journey::Nodes::Star).each_with_object({}) { |node, hash|
                 hash[node.name.to_sym] ||= /.+?/
@@ -306,7 +308,7 @@ module ActionDispatch
           def check_controller_and_action(path_params, controller, action)
             hash = check_part(:controller, controller, path_params, {}) do |part|
               translate_controller(part) {
-                message = "'#{part}' is not a supported controller name. This can lead to potential routing problems."
+                message = "'#{part}' is not a supported controller name. This can lead to potential routing problems.".dup
                 message << " See http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use"
 
                 raise ArgumentError, message
@@ -397,7 +399,7 @@ module ActionDispatch
       end
 
       module Base
-        # Matches a url pattern to one or more routes.
+        # Matches a URL pattern to one or more routes.
         #
         # You should not use the +match+ method in your router
         # without specifying an HTTP method.
@@ -407,7 +409,7 @@ module ActionDispatch
         #   # sets :controller, :action and :id in params
         #   match ':controller/:action/:id', via: [:get, :post]
         #
-        # Note that +:controller+, +:action+ and +:id+ are interpreted as url
+        # Note that +:controller+, +:action+ and +:id+ are interpreted as URL
         # query parameters and thus available through +params+ in an action.
         #
         # If you want to expose your action to GET, use +get+ in the router:
@@ -456,7 +458,7 @@ module ActionDispatch
         #
         # === Options
         #
-        # Any options not seen here are passed on as params with the url.
+        # Any options not seen here are passed on as params with the URL.
         #
         # [:controller]
         #   The route's controller.
@@ -471,7 +473,17 @@ module ActionDispatch
         #   <tt>params[<:param>]</tt>.
         #   In your router:
         #
-        #      resources :user, param: :name
+        #      resources :users, param: :name
+        #
+        #   The +users+ resource here will have the following routes generated for it:
+        #
+        #      GET       /users(.:format)
+        #      POST      /users(.:format)
+        #      GET       /users/new(.:format)
+        #      GET       /users/:name/edit(.:format)
+        #      GET       /users/:name(.:format)
+        #      PATCH/PUT /users/:name(.:format)
+        #      DELETE    /users/:name(.:format)
         #
         #   You can override <tt>ActiveRecord::Base#to_param</tt> of a related
         #   model to construct a URL:
@@ -482,8 +494,8 @@ module ActionDispatch
         #        end
         #      end
         #
-        #   user = User.find_by(name: 'Phusion')
-        #   user_path(user)  # => "/users/Phusion"
+        #      user = User.find_by(name: 'Phusion')
+        #      user_path(user)  # => "/users/Phusion"
         #
         # [:path]
         #   The path prefix for the routes.
@@ -652,7 +664,6 @@ module ActionDispatch
           def define_generate_prefix(app, name)
             _route = @set.named_routes.get name
             _routes = @set
-            _url_helpers = @set.url_helpers
 
             script_namer = ->(options) do
               prefix_options = options.slice(*_route.segment_keys)
@@ -664,7 +675,7 @@ module ActionDispatch
 
               # We must actually delete prefix segment keys to avoid passing them to next url_for.
               _route.segment_keys.each { |k| options.delete(k) }
-              _url_helpers.send("#{name}_path", prefix_options)
+              _routes.url_helpers.send("#{name}_path", prefix_options)
             end
 
             app.routes.define_mounted_helper(name, script_namer)
@@ -1252,7 +1263,7 @@ module ActionDispatch
         #
         #   resource :profile
         #
-        # creates six different routes in your application, all mapping to
+        # This creates six different routes in your application, all mapping to
         # the +Profiles+ controller (note that the controller is named after
         # the plural):
         #
@@ -1264,7 +1275,7 @@ module ActionDispatch
         #   POST      /profile
         #
         # === Options
-        # Takes same options as +resources+.
+        # Takes same options as resources[rdoc-ref:#resources]
         def resource(*resources, &block)
           options = resources.extract_options!.dup
 
@@ -1329,7 +1340,7 @@ module ActionDispatch
         #   DELETE    /photos/:photo_id/comments/:id
         #
         # === Options
-        # Takes same options as <tt>Base#match</tt> as well as:
+        # Takes same options as match[rdoc-ref:Base#match] as well as:
         #
         # [:path_names]
         #   Allows you to change the segment component of the +edit+ and +new+ actions.
@@ -1337,14 +1348,14 @@ module ActionDispatch
         #
         #     resources :posts, path_names: { new: "brand_new" }
         #
-        #   The above example will now change /posts/new to /posts/brand_new
+        #   The above example will now change /posts/new to /posts/brand_new.
         #
         # [:path]
         #   Allows you to change the path prefix for the resource.
         #
         #     resources :posts, path: 'postings'
         #
-        #   The resource and all segments will now route to /postings instead of /posts
+        #   The resource and all segments will now route to /postings instead of /posts.
         #
         # [:only]
         #   Only generate routes for the given actions.
@@ -1539,7 +1550,7 @@ module ActionDispatch
           end
         end
 
-        # See ActionDispatch::Routing::Mapper::Scoping#namespace
+        # See ActionDispatch::Routing::Mapper::Scoping#namespace.
         def namespace(path, options = {})
           if resource_scope?
             nested { super }
@@ -1559,7 +1570,7 @@ module ActionDispatch
           !parent_resource.singleton? && @scope[:shallow]
         end
 
-        # Matches a url pattern to one or more routes.
+        # Matches a URL pattern to one or more routes.
         # For more information, see match[rdoc-ref:Base#match].
         #
         #   match 'path' => 'controller#action', via: patch
@@ -1850,7 +1861,7 @@ module ActionDispatch
             path_types.fetch(String, []).each do |_path|
               route_options = options.dup
               if _path && option_path
-                raise ArgumentError, "Ambigous route definition. Both :path and the route path where specified as strings."
+                raise ArgumentError, "Ambiguous route definition. Both :path and the route path were specified as strings."
               end
               to = get_to_from_path(_path, to, route_options[:action])
               decomposed_match(_path, controller, route_options, _path, to, via, formatted, anchor, options_constraints)
@@ -2017,7 +2028,7 @@ module ActionDispatch
         #     concerns :commentable
         #   end
         #
-        # concerns also work in any routes helper that you want to use:
+        # Concerns also work in any routes helper that you want to use:
         #
         #   namespace :posts do
         #     concerns :commentable
@@ -2035,7 +2046,7 @@ module ActionDispatch
       end
 
       module CustomUrls
-        # Define custom url helpers that will be added to the application's
+        # Define custom URL helpers that will be added to the application's
         # routes. This allows you to override and/or replace the default behavior
         # of routing helpers, e.g:
         #
@@ -2051,37 +2062,37 @@ module ActionDispatch
         #     { controller: "pages", action: "index", subdomain: "www" }
         #   end
         #
-        # The return value from the block passed to `direct` must be a valid set of
-        # arguments for `url_for` which will actually build the url string. This can
+        # The return value from the block passed to +direct+ must be a valid set of
+        # arguments for +url_for+ which will actually build the URL string. This can
         # be one of the following:
         #
-        #   * A string, which is treated as a generated url
-        #   * A hash, e.g. { controller: "pages", action: "index" }
-        #   * An array, which is passed to `polymorphic_url`
-        #   * An Active Model instance
-        #   * An Active Model class
+        # * A string, which is treated as a generated URL
+        # * A hash, e.g. <tt>{ controller: "pages", action: "index" }</tt>
+        # * An array, which is passed to +polymorphic_url+
+        # * An Active Model instance
+        # * An Active Model class
         #
-        # NOTE: Other url helpers can be called in the block but be careful not to invoke
-        # your custom url helper again otherwise it will result in a stack overflow error
+        # NOTE: Other URL helpers can be called in the block but be careful not to invoke
+        # your custom URL helper again otherwise it will result in a stack overflow error.
         #
         # You can also specify default options that will be passed through to
-        # your url helper definition, e.g:
+        # your URL helper definition, e.g:
         #
         #   direct :browse, page: 1, size: 10 do |options|
         #     [ :products, options.merge(params.permit(:page, :size).to_h.symbolize_keys) ]
         #   end
         #
-        # In this instance the `params` object comes from the context in which the the
-        # block is executed, e.g. generating a url inside a controller action or a view.
+        # In this instance the +params+ object comes from the context in which the the
+        # block is executed, e.g. generating a URL inside a controller action or a view.
         # If the block is executed where there isn't a params object such as this:
         #
         #   Rails.application.routes.url_helpers.browse_path
         #
-        # then it will raise a `NameError`. Because of this you need to be aware of the
-        # context in which you will use your custom url helper when defining it.
+        # then it will raise a +NameError+. Because of this you need to be aware of the
+        # context in which you will use your custom URL helper when defining it.
         #
-        # NOTE: The `direct` method can't be used inside of a scope block such as
-        # `namespace` or `scope` and will raise an error if it detects that it is.
+        # NOTE: The +direct+ method can't be used inside of a scope block such as
+        # +namespace+ or +scope+ and will raise an error if it detects that it is.
         def direct(name, options = {}, &block)
           unless @scope.root?
             raise RuntimeError, "The direct method can't be used inside a routes scope block"
@@ -2090,9 +2101,9 @@ module ActionDispatch
           @set.add_url_helper(name, options, &block)
         end
 
-        # Define custom polymorphic mappings of models to urls. This alters the
-        # behavior of `polymorphic_url` and consequently the behavior of
-        # `link_to` and `form_for` when passed a model instance, e.g:
+        # Define custom polymorphic mappings of models to URLs. This alters the
+        # behavior of +polymorphic_url+ and consequently the behavior of
+        # +link_to+ and +form_for+ when passed a model instance, e.g:
         #
         #   resource :basket
         #
@@ -2100,10 +2111,10 @@ module ActionDispatch
         #     [:basket]
         #   end
         #
-        # This will now generate "/basket" when a `Basket` instance is passed to
-        # `link_to` or `form_for` instead of the standard "/baskets/:id".
+        # This will now generate "/basket" when a +Basket+ instance is passed to
+        # +link_to+ or +form_for+ instead of the standard "/baskets/:id".
         #
-        # NOTE: This custom behavior only applies to simple polymorphic urls where
+        # NOTE: This custom behavior only applies to simple polymorphic URLs where
         # a single model instance is passed and not more complicated forms, e.g:
         #
         #   # config/routes.rb
@@ -2118,8 +2129,8 @@ module ActionDispatch
         #   link_to "Profile", @current_user
         #   link_to "Profile", [:admin, @current_user]
         #
-        # The first `link_to` will generate "/profile" but the second will generate
-        # the standard polymorphic url of "/admin/users/1".
+        # The first +link_to+ will generate "/profile" but the second will generate
+        # the standard polymorphic URL of "/admin/users/1".
         #
         # You can pass options to a polymorphic mapping - the arity for the block
         # needs to be two as the instance is passed as the first argument, e.g:
@@ -2128,12 +2139,12 @@ module ActionDispatch
         #     [:basket, options]
         #   end
         #
-        # This generates the url "/basket#items" because when the last item in an
-        # array passed to `polymorphic_url` is a hash then it's treated as options
-        # to the url helper that gets called.
+        # This generates the URL "/basket#items" because when the last item in an
+        # array passed to +polymorphic_url+ is a hash then it's treated as options
+        # to the URL helper that gets called.
         #
-        # NOTE: The `resolve` method can't be used inside of a scope block such as
-        # `namespace` or `scope` and will raise an error if it detects that it is.
+        # NOTE: The +resolve+ method can't be used inside of a scope block such as
+        # +namespace+ or +scope+ and will raise an error if it detects that it is.
         def resolve(*args, &block)
           unless @scope.root?
             raise RuntimeError, "The resolve method can't be used inside a routes scope block"