actionpack 5.2.4.4 → 6.1.1

data/lib/action_controller/metal/force_ssl.rb

@@ -1,99 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/core_ext/hash/except"
-require "active_support/core_ext/hash/slice"
-
-module ActionController
-  # This module provides a method which will redirect the browser to use the secured HTTPS
-  # protocol. This will ensure that users' sensitive information will be
-  # transferred safely over the internet. You _should_ always force the browser
-  # to use HTTPS when you're transferring sensitive information such as
-  # user authentication, account information, or credit card information.
-  #
-  # Note that if you are really concerned about your application security,
-  # you might consider using +config.force_ssl+ in your config file instead.
-  # That will ensure all the data is transferred via HTTPS, and will
-  # prevent the user from getting their session hijacked when accessing the
-  # site over unsecured HTTP protocol.
-  module ForceSSL
-    extend ActiveSupport::Concern
-    include AbstractController::Callbacks
-
-    ACTION_OPTIONS = [:only, :except, :if, :unless]
-    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
-    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
-
-    module ClassMethods
-      # Force the request to this particular controller or specified actions to be
-      # through the HTTPS protocol.
-      #
-      # If you need to disable this for any reason (e.g. development) then you can use
-      # an +:if+ or +:unless+ condition.
-      #
-      #     class AccountsController < ApplicationController
-      #       force_ssl if: :ssl_configured?
-      #
-      #       def ssl_configured?
-      #         !Rails.env.development?
-      #       end
-      #     end
-      #
-      # ==== URL Options
-      # You can pass any of the following options to affect the redirect URL
-      # * <tt>host</tt>       - Redirect to a different host name
-      # * <tt>subdomain</tt>  - Redirect to a different subdomain
-      # * <tt>domain</tt>     - Redirect to a different domain
-      # * <tt>port</tt>       - Redirect to a non-standard port
-      # * <tt>path</tt>       - Redirect to a different path
-      #
-      # ==== Redirect Options
-      # You can pass any of the following options to affect the redirect status and response
-      # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
-      # * <tt>flash</tt>      - Set a flash message when redirecting
-      # * <tt>alert</tt>      - Set an alert message when redirecting
-      # * <tt>notice</tt>     - Set a notice message when redirecting
-      #
-      # ==== Action Options
-      # You can pass any of the following options to affect the before_action callback
-      # * <tt>only</tt>       - The callback should be run only for this action
-      # * <tt>except</tt>     - The callback should be run for all actions except this action
-      # * <tt>if</tt>         - A symbol naming an instance method or a proc; the
-      #   callback will be called only when it returns a true value.
-      # * <tt>unless</tt>     - A symbol naming an instance method or a proc; the
-      #   callback will be called only when it returns a false value.
-      def force_ssl(options = {})
-        action_options = options.slice(*ACTION_OPTIONS)
-        redirect_options = options.except(*ACTION_OPTIONS)
-        before_action(action_options) do
-          force_ssl_redirect(redirect_options)
-        end
-      end
-    end
-
-    # Redirect the existing request to use the HTTPS protocol.
-    #
-    # ==== Parameters
-    # * <tt>host_or_options</tt> - Either a host name or any of the URL and
-    #   redirect options available to the <tt>force_ssl</tt> method.
-    def force_ssl_redirect(host_or_options = nil)
-      unless request.ssl?
-        options = {
-          protocol: "https://",
-          host: request.host,
-          path: request.fullpath,
-          status: :moved_permanently
-        }
-
-        if host_or_options.is_a?(Hash)
-          options.merge!(host_or_options)
-        elsif host_or_options
-          options[:host] = host_or_options
-        end
-
-        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
-        flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
-        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
-      end
-    end
-  end
-end

data/lib/action_dispatch/http/parameter_filter.rb

@@ -1,86 +0,0 @@
-# frozen_string_literal: true
-
-require "active_support/core_ext/object/duplicable"
-
-module ActionDispatch
-  module Http
-    class ParameterFilter
-      FILTERED = "[FILTERED]".freeze # :nodoc:
-
-      def initialize(filters = [])
-        @filters = filters
-      end
-
-      def filter(params)
-        compiled_filter.call(params)
-      end
-
-    private
-
-      def compiled_filter
-        @compiled_filter ||= CompiledFilter.compile(@filters)
-      end
-
-      class CompiledFilter # :nodoc:
-        def self.compile(filters)
-          return lambda { |params| params.dup } if filters.empty?
-
-          strings, regexps, blocks = [], [], []
-
-          filters.each do |item|
-            case item
-            when Proc
-              blocks << item
-            when Regexp
-              regexps << item
-            else
-              strings << Regexp.escape(item.to_s)
-            end
-          end
-
-          deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.".freeze) }
-          deep_strings, strings = strings.partition { |s| s.include?("\\.".freeze) }
-
-          regexps << Regexp.new(strings.join("|".freeze), true) unless strings.empty?
-          deep_regexps << Regexp.new(deep_strings.join("|".freeze), true) unless deep_strings.empty?
-
-          new regexps, deep_regexps, blocks
-        end
-
-        attr_reader :regexps, :deep_regexps, :blocks
-
-        def initialize(regexps, deep_regexps, blocks)
-          @regexps = regexps
-          @deep_regexps = deep_regexps.any? ? deep_regexps : nil
-          @blocks = blocks
-        end
-
-        def call(original_params, parents = [])
-          filtered_params = original_params.class.new
-
-          original_params.each do |key, value|
-            parents.push(key) if deep_regexps
-            if regexps.any? { |r| key =~ r }
-              value = FILTERED
-            elsif deep_regexps && (joined = parents.join(".")) && deep_regexps.any? { |r| joined =~ r }
-              value = FILTERED
-            elsif value.is_a?(Hash)
-              value = call(value, parents)
-            elsif value.is_a?(Array)
-              value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v }
-            elsif blocks.any?
-              key = key.dup if key.duplicable?
-              value = value.dup if value.duplicable?
-              blocks.each { |b| b.call(key, value) }
-            end
-            parents.pop if deep_regexps
-
-            filtered_params[key] = value
-          end
-
-          filtered_params
-        end
-      end
-    end
-  end
-end

data/lib/action_dispatch/journey/nfa/builder.rb

@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require "action_dispatch/journey/nfa/transition_table"
-require "action_dispatch/journey/gtg/transition_table"
-
-module ActionDispatch
-  module Journey # :nodoc:
-    module NFA # :nodoc:
-      class Visitor < Visitors::Visitor # :nodoc:
-        def initialize(tt)
-          @tt = tt
-          @i  = -1
-        end
-
-        def visit_CAT(node)
-          left  = visit(node.left)
-          right = visit(node.right)
-
-          @tt.merge(left.last, right.first)
-
-          [left.first, right.last]
-        end
-
-        def visit_GROUP(node)
-          from  = @i += 1
-          left  = visit(node.left)
-          to    = @i += 1
-
-          @tt.accepting = to
-
-          @tt[from, left.first] = nil
-          @tt[left.last, to] = nil
-          @tt[from, to] = nil
-
-          [from, to]
-        end
-
-        def visit_OR(node)
-          from = @i += 1
-          children = node.children.map { |c| visit(c) }
-          to = @i += 1
-
-          children.each do |child|
-            @tt[from, child.first] = nil
-            @tt[child.last, to]    = nil
-          end
-
-          @tt.accepting = to
-
-          [from, to]
-        end
-
-        def terminal(node)
-          from_i = @i += 1 # new state
-          to_i   = @i += 1 # new state
-
-          @tt[from_i, to_i] = node
-          @tt.accepting = to_i
-          @tt.add_memo(to_i, node.memo)
-
-          [from_i, to_i]
-        end
-      end
-
-      class Builder # :nodoc:
-        def initialize(ast)
-          @ast = ast
-        end
-
-        def transition_table
-          tt = TransitionTable.new
-          Visitor.new(tt).accept(@ast)
-          tt
-        end
-      end
-    end
-  end
-end

data/lib/action_dispatch/journey/nfa/simulator.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "strscan"
-
-module ActionDispatch
-  module Journey # :nodoc:
-    module NFA # :nodoc:
-      class MatchData # :nodoc:
-        attr_reader :memos
-
-        def initialize(memos)
-          @memos = memos
-        end
-      end
-
-      class Simulator # :nodoc:
-        attr_reader :tt
-
-        def initialize(transition_table)
-          @tt = transition_table
-        end
-
-        def simulate(string)
-          input = StringScanner.new(string)
-          state = tt.eclosure(0)
-          until input.eos?
-            sym   = input.scan(%r([/.?]|[^/.?]+))
-
-            # FIXME: tt.eclosure is not needed for the GTG
-            state = tt.eclosure(tt.move(state, sym))
-          end
-
-          acceptance_states = state.find_all { |s|
-            tt.accepting?(tt.eclosure(s).sort.last)
-          }
-
-          return if acceptance_states.empty?
-
-          memos = acceptance_states.flat_map { |x| tt.memo(x) }.compact
-
-          MatchData.new(memos)
-        end
-
-        alias :=~    :simulate
-        alias :match :simulate
-      end
-    end
-  end
-end

data/lib/action_dispatch/journey/nfa/transition_table.rb

@@ -1,120 +0,0 @@
-# frozen_string_literal: true
-
-require "action_dispatch/journey/nfa/dot"
-
-module ActionDispatch
-  module Journey # :nodoc:
-    module NFA # :nodoc:
-      class TransitionTable # :nodoc:
-        include Journey::NFA::Dot
-
-        attr_accessor :accepting
-        attr_reader :memos
-
-        def initialize
-          @table     = Hash.new { |h, f| h[f] = {} }
-          @memos     = {}
-          @accepting = nil
-          @inverted  = nil
-        end
-
-        def accepting?(state)
-          accepting == state
-        end
-
-        def accepting_states
-          [accepting]
-        end
-
-        def add_memo(idx, memo)
-          @memos[idx] = memo
-        end
-
-        def memo(idx)
-          @memos[idx]
-        end
-
-        def []=(i, f, s)
-          @table[f][i] = s
-        end
-
-        def merge(left, right)
-          @memos[right] = @memos.delete(left)
-          @table[right] = @table.delete(left)
-        end
-
-        def states
-          (@table.keys + @table.values.flat_map(&:keys)).uniq
-        end
-
-        # Returns set of NFA states to which there is a transition on ast symbol
-        # +a+ from some state +s+ in +t+.
-        def following_states(t, a)
-          Array(t).flat_map { |s| inverted[s][a] }.uniq
-        end
-
-        # Returns set of NFA states to which there is a transition on ast symbol
-        # +a+ from some state +s+ in +t+.
-        def move(t, a)
-          Array(t).map { |s|
-            inverted[s].keys.compact.find_all { |sym|
-              sym === a
-            }.map { |sym| inverted[s][sym] }
-          }.flatten.uniq
-        end
-
-        def alphabet
-          inverted.values.flat_map(&:keys).compact.uniq.sort_by(&:to_s)
-        end
-
-        # Returns a set of NFA states reachable from some NFA state +s+ in set
-        # +t+ on nil-transitions alone.
-        def eclosure(t)
-          stack = Array(t)
-          seen  = {}
-          children = []
-
-          until stack.empty?
-            s = stack.pop
-            next if seen[s]
-
-            seen[s] = true
-            children << s
-
-            stack.concat(inverted[s][nil])
-          end
-
-          children.uniq
-        end
-
-        def transitions
-          @table.flat_map { |to, hash|
-            hash.map { |from, sym| [from, sym, to] }
-          }
-        end
-
-        private
-
-          def inverted
-            return @inverted if @inverted
-
-            @inverted = Hash.new { |h, from|
-              h[from] = Hash.new { |j, s| j[s] = [] }
-            }
-
-            @table.each { |to, hash|
-              hash.each { |from, sym|
-                if sym
-                  sym = Nodes::Symbol === sym ? sym.regexp : sym.left
-                end
-
-                @inverted[from][sym] << to
-              }
-            }
-
-            @inverted
-          end
-      end
-    end
-  end
-end

data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module ActionDispatch
-  module SystemTesting
-    module TestHelpers
-      module UndefMethods # :nodoc:
-        extend ActiveSupport::Concern
-        included do
-          METHODS = %i(get post put patch delete).freeze
-
-          METHODS.each do |verb|
-            undef_method verb
-          end
-
-          def method_missing(method, *args, &block)
-            if METHODS.include?(method)
-              raise NoMethodError, "System tests cannot make direct requests via ##{method}; use #visit and #click_on instead. See http://www.rubydoc.info/github/teamcapybara/capybara/master#The_DSL for more information."
-            else
-              super
-            end
-          end
-        end
-      end
-    end
-  end
-end