actionpack 5.2.4.5 → 6.0.0.beta1

data/lib/action_dispatch/middleware/ssl.rb

@@ -83,7 +83,7 @@ module ActionDispatch
 
     private
       def set_hsts_header!(headers)
-        headers["Strict-Transport-Security".freeze] ||= @hsts_header
+        headers["Strict-Transport-Security"] ||= @hsts_header
       end
 
       def normalize_hsts_options(options)
@@ -102,23 +102,23 @@ module ActionDispatch
 
       # https://tools.ietf.org/html/rfc6797#section-6.1
       def build_hsts_header(hsts)
-        value = "max-age=#{hsts[:expires].to_i}".dup
+        value = +"max-age=#{hsts[:expires].to_i}"
         value << "; includeSubDomains" if hsts[:subdomains]
         value << "; preload" if hsts[:preload]
         value
       end
 
       def flag_cookies_as_secure!(headers)
-        if cookies = headers["Set-Cookie".freeze]
-          cookies = cookies.split("\n".freeze)
+        if cookies = headers["Set-Cookie"]
+          cookies = cookies.split("\n")
 
-          headers["Set-Cookie".freeze] = cookies.map { |cookie|
-            if cookie !~ /;\s*secure\s*(;|$)/i
+          headers["Set-Cookie"] = cookies.map { |cookie|
+            if !/;\s*secure\s*(;|$)/i.match?(cookie)
               "#{cookie}; secure"
             else
               cookie
             end
-          }.join("\n".freeze)
+          }.join("\n")
         end
       end
 
@@ -141,7 +141,7 @@ module ActionDispatch
         host = @redirect[:host] || request.host
         port = @redirect[:port] || request.port
 
-        location = "https://#{host}".dup
+        location = +"https://#{host}"
         location << ":#{port}" if port != 80 && port != 443
         location << request.fullpath
         location

data/lib/action_dispatch/middleware/stack.rb

@@ -97,8 +97,8 @@ module ActionDispatch
       middlewares.push(build_middleware(klass, args, block))
     end
 
-    def build(app = nil, &block)
-      middlewares.freeze.reverse.inject(app || block) { |a, e| e.build(a) }
+    def build(app = Proc.new)
+      middlewares.freeze.reverse.inject(app) { |a, e| e.build(a) }
     end
 
     private

data/lib/action_dispatch/middleware/static.rb

@@ -41,7 +41,6 @@ module ActionDispatch
         rescue SystemCallError
           false
         end
-
       }
         return ::Rack::Utils.escape_path(match).b
       end
@@ -69,7 +68,7 @@ module ActionDispatch
 
       headers["Vary"] = "Accept-Encoding" if gzip_path
 
-      return [status, headers, body]
+      [status, headers, body]
     ensure
       request.path_info = path
     end
@@ -80,7 +79,7 @@ module ActionDispatch
       end
 
       def content_type(path)
-        ::Rack::Mime.mime_type(::File.extname(path), "text/plain".freeze)
+        ::Rack::Mime.mime_type(::File.extname(path), "text/plain")
       end
 
       def gzip_encoding_accepted?(request)
@@ -90,8 +89,8 @@ module ActionDispatch
       def gzip_file_path(path)
         can_gzip_mime = content_type(path) =~ /\A(?:text\/|application\/javascript)/
         gzip_path     = "#{path}.gz"
-        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path).b))
-          gzip_path.b
+        if can_gzip_mime && File.exist?(File.join(@root, ::Rack::Utils.unescape_path(gzip_path)))
+          gzip_path
         else
           false
         end
@@ -117,7 +116,7 @@ module ActionDispatch
       req = Rack::Request.new env
 
       if req.get? || req.head?
-        path = req.path_info.chomp("/".freeze)
+        path = req.path_info.chomp("/")
         if match = @file_handler.match?(path)
           req.path_info = match
           return @file_handler.serve(req)

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -1,6 +1,8 @@
-<% @source_extracts.each_with_index do |source_extract, index| %>
+<% error_index = local_assigns[:error_index] || 0 %>
+
+<% source_extracts.each_with_index do |source_extract, index| %>
   <% if source_extract[:code] %>
-    <div class="source <%="hidden" if @show_source_idx != index%>" id="frame-source-<%=index%>">
+    <div class="source <%= "hidden" if show_source_idx != index %>" id="frame-source-<%= error_index %>-<%= index %>">
       <div class="info">
         Extracted source (around line <strong>#<%= source_extract[:line_number] %></strong>):
       </div>

data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb

@@ -1,52 +1,62 @@
-<% names = @traces.keys %>
+<% names = traces.keys %>
+<% error_index = local_assigns[:error_index] || 0 %>
 
 <p><code>Rails.root: <%= defined?(Rails) && Rails.respond_to?(:root) ? Rails.root : "unset" %></code></p>
 
-<div id="traces">
+<div id="traces-<%= error_index %>">
   <% names.each do |name| %>
     <%
-      show = "show('#{name.gsub(/\s/, '-')}');"
-      hide = (names - [name]).collect {|hide_name| "hide('#{hide_name.gsub(/\s/, '-')}');"}
+      show = "show('#{name.gsub(/\s/, '-')}-#{error_index}');"
+      hide = (names - [name]).collect {|hide_name| "hide('#{hide_name.gsub(/\s/, '-')}-#{error_index}');"}
     %>
     <a href="#" onclick="<%= hide.join %><%= show %>; return false;"><%= name %></a> <%= '|' unless names.last == name %>
   <% end %>
 
-  <% @traces.each do |name, trace| %>
-    <div id="<%= name.gsub(/\s/, '-') %>" style="display: <%= (name == @trace_to_show) ? 'block' : 'none' %>;">
-      <pre><code><% trace.each do |frame| %><a class="trace-frames" data-frame-id="<%= frame[:id] %>" href="#"><%= frame[:trace] %></a><br><% end %></code></pre>
+  <% traces.each do |name, trace| %>
+    <div id="<%= "#{name.gsub(/\s/, '-')}-#{error_index}" %>" style="display: <%= (name == trace_to_show) ? 'block' : 'none' %>;">
+      <code style="font-size: 11px;">
+        <% trace.each do |frame| %>
+          <a class="trace-frames trace-frames-<%= error_index %>" data-exception-object-id="<%= frame[:exception_object_id] %>" data-frame-id="<%= frame[:id] %>" href="#">
+            <%= frame[:trace] %>
+          </a>
+          <br>
+        <% end %>
+      </code>
     </div>
   <% end %>
 
   <script type="text/javascript">
-    var traceFrames = document.getElementsByClassName('trace-frames');
-    var selectedFrame, currentSource = document.getElementById('frame-source-0');
-
-    // Add click listeners for all stack frames
-    for (var i = 0; i < traceFrames.length; i++) {
-      traceFrames[i].addEventListener('click', function(e) {
-        e.preventDefault();
-        var target = e.target;
-        var frame_id = target.dataset.frameId;
-
-        if (selectedFrame) {
-          selectedFrame.className = selectedFrame.className.replace("selected", "");
-        }
-
-        target.className += " selected";
-        selectedFrame = target;
-
-        // Change the extracted source code
-        changeSourceExtract(frame_id);
-      });
-
-      function changeSourceExtract(frame_id) {
-        var el = document.getElementById('frame-source-' + frame_id);
-        if (currentSource && el) {
-          currentSource.className += " hidden";
-          el.className = el.className.replace(" hidden", "");
-          currentSource = el;
+    (function() {
+      var traceFrames = document.getElementsByClassName('trace-frames-<%= error_index %>');
+      var selectedFrame, currentSource = document.getElementById('frame-source-<%= error_index %>-0');
+
+      // Add click listeners for all stack frames
+      for (var i = 0; i < traceFrames.length; i++) {
+        traceFrames[i].addEventListener('click', function(e) {
+          e.preventDefault();
+          var target = e.target;
+          var frame_id = target.dataset.frameId;
+
+          if (selectedFrame) {
+            selectedFrame.className = selectedFrame.className.replace("selected", "");
+          }
+
+          target.className += " selected";
+          selectedFrame = target;
+
+          // Change the extracted source code
+          changeSourceExtract(frame_id);
+        });
+
+        function changeSourceExtract(frame_id) {
+          var el = document.getElementById('frame-source-<%= error_index %>-' + frame_id);
+          if (currentSource && el) {
+            currentSource.className += " hidden";
+            el.className = el.className.replace(" hidden", "");
+            currentSource = el;
+          }
         }
       }
-    }
+    })();
   </script>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb

@@ -0,0 +1,7 @@
+<header>
+  <h1>Blocked host: <%= @host %></h1>
+</header>
+<div id="container">
+  <h2>To allow requests to <%= @host %>, add the following configuration:</h2>
+  <pre>Rails.application.config.hosts &lt;&lt; "<%= @host %>"</pre>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb

@@ -0,0 +1,5 @@
+Blocked host: <%= @host %>
+
+To allow requests to <%= @host %>, add the following configuration:
+
+  Rails.application.config.hosts << "<%= @host %>"

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb

@@ -10,7 +10,25 @@
 <div id="container">
   <h2><%= h @exception.message %></h2>
 
-  <%= render template: "rescues/_source" %>
-  <%= render template: "rescues/_trace" %>
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx, error_index: 0 %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show, error_index: 0 %>
+
+  <% if @exception.cause %>
+    <h2>Exception Causes</h2>
+  <% end %>
+
+  <% @exception_wrapper.wrapped_causes.each.with_index(1) do |wrapper, index| %>
+    <div class="details">
+      <a class="summary" href="#" style="color: #F0F0F0; text-decoration: none; background: #C52F24; border-bottom: none;" onclick="return toggle(<%= wrapper.exception.object_id %>)">
+        <%= wrapper.exception.class.name %>: <%= h wrapper.exception.message %>
+      </a>
+    </div>
+
+    <div id="<%= wrapper.exception.object_id %>" style="display: none;">
+      <%= render "rescues/source", source_extracts: wrapper.source_extracts, show_source_idx: wrapper.source_to_show_id, error_index: index %>
+      <%= render "rescues/trace", traces: wrapper.traces, trace_to_show: wrapper.trace_to_show, error_index: index %>
+    </div>
+  <% end %>
+
   <%= render template: "rescues/_request_and_response" %>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb

@@ -10,12 +10,12 @@
 <div id="container">
   <h2>
     <%= h @exception.message %>
-    <% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
-      <br />To resolve this issue run: bin/rails active_storage:install
+    <% if @exception.message.match? %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}} %>
+      <br />To resolve this issue run: rails active_storage:install
     <% end %>
   </h2>
 
-  <%= render template: "rescues/_source" %>
-  <%= render template: "rescues/_trace" %>
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb

@@ -4,8 +4,8 @@
 <% end %>
 
 <%= @exception.message %>
-<% if %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}}.match?(@exception.message) %>
-To resolve this issue run: bin/rails active_storage:install
+<% if @exception.message.match? %r{#{ActiveStorage::Blob.table_name}|#{ActiveStorage::Attachment.table_name}} %>
+To resolve this issue run: rails active_storage:install
 <% end %>
 
 <%= render template: "rescues/_source" %>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb

@@ -0,0 +1,19 @@
+<header>
+  <h1>No template for interactive request</h1>
+</header>
+
+<div id="container">
+  <h2><%= h @exception.message %></h2>
+
+  <p class="summary">
+    <strong>NOTE!</strong><br>
+    Unless told otherwise, Rails expects an action to render a template with the same name,<br>
+    contained in a folder named after its controller.
+
+    If this controller is an API responding with 204 (No Content), <br>
+    which does not require a template,
+    then this error will occur when trying to access it via browser,<br>
+    since we expect an HTML template
+    to be rendered for such requests. If that's the case, carry on.
+  </p>
+</div>

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb

@@ -0,0 +1,3 @@
+Missing exact template
+
+<%= @exception.message %>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb

@@ -5,7 +5,7 @@
 <div id="container">
   <h2><%= h @exception.message %></h2>
 
-  <%= render template: "rescues/_source" %>
-  <%= render template: "rescues/_trace" %>
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
 </div>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb

@@ -14,7 +14,7 @@
     </p>
   <% end %>
 
-  <%= render template: "rescues/_trace" %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
 
   <% if @routes_inspector %>
     <h2>

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -11,10 +11,10 @@
   </p>
   <pre><code><%= h @exception.message %></code></pre>
 
-  <%= render template: "rescues/_source" %>
+  <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
 
   <p><%= @exception.sub_template_message %></p>
 
-  <%= render template: "rescues/_trace" %>
+  <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
 </div>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -197,4 +197,7 @@
 
   setupMatchPaths();
   setupRouteToggleHelperLinks();
+
+  // Focus the search input after page has loaded
+  document.getElementById('search').focus();
 </script>

data/lib/action_dispatch/railtie.rb

@@ -21,6 +21,7 @@ module ActionDispatch
     config.action_dispatch.encrypted_signed_cookie_salt = "signed encrypted cookie"
     config.action_dispatch.authenticated_encrypted_cookie_salt = "authenticated encrypted cookie"
     config.action_dispatch.use_authenticated_cookie_encryption = false
+    config.action_dispatch.use_cookies_with_metadata = false
     config.action_dispatch.perform_deep_munge = true
 
     config.action_dispatch.default_headers = {

data/lib/action_dispatch/request/session.rb

@@ -90,13 +90,15 @@ module ActionDispatch
       # +nil+ if the given key is not found in the session.
       def [](key)
         load_for_read!
-        key = key.to_s
+        @delegate[key.to_s]
+      end
 
-        if key == "session_id"
-          id&.public_id
-        else
-          @delegate[key]
-        end
+      # Returns the nested value specified by the sequence of keys, returning
+      # +nil+ if any intermediate step is +nil+.
+      def dig(*keys)
+        load_for_read!
+        keys = keys.map.with_index { |key, i| i.zero? ? key.to_s : key }
+        @delegate.dig(*keys)
       end
 
       # Returns true if the session has the given key or false.

data/lib/action_dispatch/routing.rb

@@ -243,8 +243,9 @@ module ActionDispatch
   #
   #   rails routes
   #
-  # Target specific controllers by prefixing the command with <tt>-c</tt> option.
-  #
+  # Target a specific controller with <tt>-c</tt>, or grep routes
+  # using <tt>-g</tt>. Useful in conjunction with <tt>--expanded</tt>
+  # which displays routes vertically.
   module Routing
     extend ActiveSupport::Autoload
 

data/lib/action_dispatch/routing/inspector.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require "delegate"
-require "active_support/core_ext/string/strip"
+require "io/console/size"
 
 module ActionDispatch
   module Routing
@@ -61,11 +61,11 @@ module ActionDispatch
         @routes = routes
       end
 
-      def format(formatter, filter = nil)
+      def format(formatter, filter = {})
         routes_to_display = filter_routes(normalize_filter(filter))
         routes = collect_routes(routes_to_display)
         if routes.none?
-          formatter.no_routes(collect_routes(@routes))
+          formatter.no_routes(collect_routes(@routes), filter)
           return formatter.result
         end
 
@@ -81,12 +81,12 @@ module ActionDispatch
       end
 
       private
-
         def normalize_filter(filter)
-          if filter.is_a?(Hash) && filter[:controller]
+          if filter[:controller]
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
-          elsif filter
-            { controller: /#{filter}/, action: /#{filter}/, verb: /#{filter}/, name: /#{filter}/, path: /#{filter}/ }
+          elsif filter[:grep]
+            { controller: /#{filter[:grep]}/, action: /#{filter[:grep]}/,
+              verb: /#{filter[:grep]}/, name: /#{filter[:grep]}/, path: /#{filter[:grep]}/ }
           end
         end
 
@@ -126,62 +126,111 @@ module ActionDispatch
         end
     end
 
-    class ConsoleFormatter
-      def initialize
-        @buffer = []
-      end
+    module ConsoleFormatter
+      class Base
+        def initialize
+          @buffer = []
+        end
 
-      def result
-        @buffer.join("\n")
-      end
+        def result
+          @buffer.join("\n")
+        end
 
-      def section_title(title)
-        @buffer << "\n#{title}:"
-      end
+        def section_title(title)
+        end
 
-      def section(routes)
-        @buffer << draw_section(routes)
-      end
+        def section(routes)
+        end
 
-      def header(routes)
-        @buffer << draw_header(routes)
-      end
+        def header(routes)
+        end
 
-      def no_routes(routes)
-        @buffer <<
-        if routes.none?
-          <<-MESSAGE.strip_heredoc
-          You don't have any routes defined!
+        def no_routes(routes, filter)
+          @buffer <<
+            if routes.none?
+              <<~MESSAGE
+                You don't have any routes defined!
+
+                Please add some routes in config/routes.rb.
+              MESSAGE
+            elsif filter.key?(:controller)
+              "No routes were found for this controller."
+            elsif filter.key?(:grep)
+              "No routes were found for this grep pattern."
+            end
 
-          Please add some routes in config/routes.rb.
-          MESSAGE
-        else
-          "No routes were found for this controller"
+          @buffer << "For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html."
         end
-        @buffer << "For more information about routes, see the Rails guide: http://guides.rubyonrails.org/routing.html."
       end
 
-      private
-        def draw_section(routes)
-          header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
-          name_width, verb_width, path_width = widths(routes).zip(header_lengths).map(&:max)
+      class Sheet < Base
+        def section_title(title)
+          @buffer << "\n#{title}:"
+        end
 
-          routes.map do |r|
-            "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:path].ljust(path_width)} #{r[:reqs]}"
-          end
+        def section(routes)
+          @buffer << draw_section(routes)
+        end
+
+        def header(routes)
+          @buffer << draw_header(routes)
         end
 
-        def draw_header(routes)
-          name_width, verb_width, path_width = widths(routes)
+        private
+
+          def draw_section(routes)
+            header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
+            name_width, verb_width, path_width = widths(routes).zip(header_lengths).map(&:max)
+
+            routes.map do |r|
+              "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:path].ljust(path_width)} #{r[:reqs]}"
+            end
+          end
+
+          def draw_header(routes)
+            name_width, verb_width, path_width = widths(routes)
+
+            "#{"Prefix".rjust(name_width)} #{"Verb".ljust(verb_width)} #{"URI Pattern".ljust(path_width)} Controller#Action"
+          end
+
+          def widths(routes)
+            [routes.map { |r| r[:name].length }.max || 0,
+             routes.map { |r| r[:verb].length }.max || 0,
+             routes.map { |r| r[:path].length }.max || 0]
+          end
+      end
 
-          "#{"Prefix".rjust(name_width)} #{"Verb".ljust(verb_width)} #{"URI Pattern".ljust(path_width)} Controller#Action"
+      class Expanded < Base
+        def section_title(title)
+          @buffer << "\n#{"[ #{title} ]"}"
         end
 
-        def widths(routes)
-          [routes.map { |r| r[:name].length }.max || 0,
-           routes.map { |r| r[:verb].length }.max || 0,
-           routes.map { |r| r[:path].length }.max || 0]
+        def section(routes)
+          @buffer << draw_expanded_section(routes)
         end
+
+        private
+
+          def draw_expanded_section(routes)
+            routes.map.each_with_index do |r, i|
+              <<~MESSAGE.chomp
+                #{route_header(index: i + 1)}
+                Prefix            | #{r[:name]}
+                Verb              | #{r[:verb]}
+                URI               | #{r[:path]}
+                Controller#Action | #{r[:reqs]}
+              MESSAGE
+            end
+          end
+
+          def route_header(index:)
+            console_width = IO.console_size.second
+            header_prefix = "--[ Route #{index} ]"
+            dash_remainder = [console_width - header_prefix.size, 0].max
+
+            "#{header_prefix}#{'-' * dash_remainder}"
+          end
+      end
     end
 
     class HtmlTableFormatter
@@ -203,16 +252,16 @@ module ActionDispatch
       end
 
       def no_routes(*)
-        @buffer << <<-MESSAGE.strip_heredoc
+        @buffer << <<~MESSAGE
           <p>You don't have any routes defined!</p>
           <ul>
             <li>Please add some routes in <tt>config/routes.rb</tt>.</li>
             <li>
               For more information about routes, please see the Rails guide
-              <a href="http://guides.rubyonrails.org/routing.html">Rails Routing from the Outside In</a>.
+              <a href="https://guides.rubyonrails.org/routing.html">Rails Routing from the Outside In</a>.
             </li>
           </ul>
-          MESSAGE
+        MESSAGE
       end
 
       def result