RubyGems - actionpack - Versions diffs - 5.2.6 → 6.1.4.4 - Mend

actionpack 5.2.6 → 6.1.4.4

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (155) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +327 -335
data/MIT-LICENSE +1 -1
data/README.rdoc +4 -3
data/lib/abstract_controller/base.rb +38 -4
data/lib/abstract_controller/caching/fragments.rb +6 -22
data/lib/abstract_controller/caching.rb +1 -1
data/lib/abstract_controller/callbacks.rb +14 -2
data/lib/abstract_controller/collector.rb +1 -2
data/lib/abstract_controller/helpers.rb +106 -90
data/lib/abstract_controller/railties/routes_helpers.rb +17 -1
data/lib/abstract_controller/rendering.rb +9 -9
data/lib/abstract_controller/translation.rb +11 -5
data/lib/abstract_controller.rb +1 -0
data/lib/action_controller/api.rb +4 -3
data/lib/action_controller/base.rb +6 -9
data/lib/action_controller/caching.rb +1 -3
data/lib/action_controller/log_subscriber.rb +10 -7
data/lib/action_controller/metal/basic_implicit_render.rb +1 -1
data/lib/action_controller/metal/conditional_get.rb +19 -5
data/lib/action_controller/metal/content_security_policy.rb +1 -2
data/lib/action_controller/metal/cookies.rb +3 -1
data/lib/action_controller/metal/data_streaming.rb +6 -7
data/lib/action_controller/metal/default_headers.rb +17 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +4 -6
data/lib/action_controller/metal/exceptions.rb +56 -2
data/lib/action_controller/metal/flash.rb +5 -5
data/lib/action_controller/metal/head.rb +7 -4
data/lib/action_controller/metal/helpers.rb +14 -5
data/lib/action_controller/metal/http_authentication.rb +24 -23
data/lib/action_controller/metal/implicit_render.rb +5 -15
data/lib/action_controller/metal/instrumentation.rb +13 -14
data/lib/action_controller/metal/live.rb +39 -32
data/lib/action_controller/metal/logging.rb +20 -0
data/lib/action_controller/metal/mime_responds.rb +19 -4
data/lib/action_controller/metal/parameter_encoding.rb +35 -4
data/lib/action_controller/metal/params_wrapper.rb +32 -22
data/lib/action_controller/metal/permissions_policy.rb +46 -0
data/lib/action_controller/metal/redirecting.rb +6 -6
data/lib/action_controller/metal/renderers.rb +4 -4
data/lib/action_controller/metal/rendering.rb +8 -3
data/lib/action_controller/metal/request_forgery_protection.rb +26 -49
data/lib/action_controller/metal/rescue.rb +1 -1
data/lib/action_controller/metal/streaming.rb +0 -1
data/lib/action_controller/metal/strong_parameters.rb +167 -58
data/lib/action_controller/metal/url_for.rb +1 -1
data/lib/action_controller/metal.rb +10 -8
data/lib/action_controller/railties/helpers.rb +1 -1
data/lib/action_controller/renderer.rb +37 -13
data/lib/action_controller/template_assertions.rb +1 -1
data/lib/action_controller/test_case.rb +71 -63
data/lib/action_controller.rb +7 -4
data/lib/action_dispatch/http/cache.rb +31 -27
data/lib/action_dispatch/http/content_disposition.rb +45 -0
data/lib/action_dispatch/http/content_security_policy.rb +33 -19
data/lib/action_dispatch/http/filter_parameters.rb +9 -8
data/lib/action_dispatch/http/filter_redirect.rb +2 -3
data/lib/action_dispatch/http/headers.rb +4 -4
data/lib/action_dispatch/http/mime_negotiation.rb +26 -13
data/lib/action_dispatch/http/mime_type.rb +43 -24
data/lib/action_dispatch/http/parameters.rb +14 -23
data/lib/action_dispatch/http/permissions_policy.rb +173 -0
data/lib/action_dispatch/http/request.rb +45 -22
data/lib/action_dispatch/http/response.rb +45 -25
data/lib/action_dispatch/http/upload.rb +9 -1
data/lib/action_dispatch/http/url.rb +82 -82
data/lib/action_dispatch/journey/formatter.rb +55 -31
data/lib/action_dispatch/journey/gtg/builder.rb +22 -37
data/lib/action_dispatch/journey/gtg/simulator.rb +8 -7
data/lib/action_dispatch/journey/gtg/transition_table.rb +6 -5
data/lib/action_dispatch/journey/nfa/dot.rb +0 -11
data/lib/action_dispatch/journey/nodes/node.rb +13 -11
data/lib/action_dispatch/journey/parser.rb +13 -13
data/lib/action_dispatch/journey/parser.y +1 -1
data/lib/action_dispatch/journey/path/pattern.rb +19 -21
data/lib/action_dispatch/journey/route.rb +10 -20
data/lib/action_dispatch/journey/router/utils.rb +14 -12
data/lib/action_dispatch/journey/router.rb +26 -34
data/lib/action_dispatch/journey/routes.rb +0 -2
data/lib/action_dispatch/journey/scanner.rb +10 -4
data/lib/action_dispatch/journey/visitors.rb +1 -4
data/lib/action_dispatch/journey.rb +0 -2
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/callbacks.rb +2 -4
data/lib/action_dispatch/middleware/cookies.rb +128 -109
data/lib/action_dispatch/middleware/debug_exceptions.rb +43 -66
data/lib/action_dispatch/middleware/debug_locks.rb +5 -5
data/lib/action_dispatch/middleware/debug_view.rb +66 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +75 -30
data/lib/action_dispatch/middleware/flash.rb +1 -1
data/lib/action_dispatch/middleware/host_authorization.rb +141 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +6 -3
data/lib/action_dispatch/middleware/remote_ip.rb +14 -16
data/lib/action_dispatch/middleware/request_id.rb +5 -6
data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -3
data/lib/action_dispatch/middleware/session/cookie_store.rb +3 -9
data/lib/action_dispatch/middleware/show_exceptions.rb +3 -2
data/lib/action_dispatch/middleware/ssl.rb +20 -15
data/lib/action_dispatch/middleware/stack.rb +56 -2
data/lib/action_dispatch/middleware/static.rb +153 -93
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +3 -1
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +4 -2
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +45 -35
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +5 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +23 -4
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +6 -3
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +4 -1
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +104 -8
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +24 -1
data/lib/action_dispatch/railtie.rb +8 -2
data/lib/action_dispatch/request/session.rb +11 -10
data/lib/action_dispatch/request/utils.rb +26 -2
data/lib/action_dispatch/routing/inspector.rb +100 -52
data/lib/action_dispatch/routing/mapper.rb +155 -103
data/lib/action_dispatch/routing/polymorphic_routes.rb +13 -15
data/lib/action_dispatch/routing/redirection.rb +4 -4
data/lib/action_dispatch/routing/route_set.rb +71 -69
data/lib/action_dispatch/routing/url_for.rb +2 -2
data/lib/action_dispatch/routing.rb +21 -20
data/lib/action_dispatch/system_test_case.rb +54 -11
data/lib/action_dispatch/system_testing/browser.rb +53 -16
data/lib/action_dispatch/system_testing/driver.rb +11 -3
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +49 -7
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +8 -10
data/lib/action_dispatch/testing/assertion_response.rb +0 -1
data/lib/action_dispatch/testing/assertions/response.rb +4 -7
data/lib/action_dispatch/testing/assertions/routing.rb +20 -8
data/lib/action_dispatch/testing/assertions.rb +1 -1
data/lib/action_dispatch/testing/integration.rb +60 -28
data/lib/action_dispatch/testing/request_encoder.rb +2 -2
data/lib/action_dispatch/testing/test_process.rb +29 -4
data/lib/action_dispatch/testing/test_request.rb +3 -3
data/lib/action_dispatch/testing/test_response.rb +4 -32
data/lib/action_dispatch.rb +9 -3
data/lib/action_pack/gem_version.rb +4 -4
data/lib/action_pack.rb +1 -1
metadata +35 -23
data/lib/action_controller/metal/force_ssl.rb +0 -99
data/lib/action_dispatch/http/parameter_filter.rb +0 -86
data/lib/action_dispatch/journey/nfa/builder.rb +0 -78
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -49
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -120
data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +0 -26

data/lib/action_dispatch/routing/inspector.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 require "delegate"
-require "active_support/core_ext/string/strip"
+require "io/console/size"
 module ActionDispatch
   module Routing
@@ -53,7 +53,7 @@ module ActionDispatch
     ##
     # This class is just used for displaying route information when someone
-    # executes `rails routes` or looks at the RoutingError page.
+    # executes `bin/rails routes` or looks at the RoutingError page.
     # People should not use this class.
     class RoutesInspector # :nodoc:
       def initialize(routes)
@@ -61,11 +61,11 @@ module ActionDispatch
         @routes = routes
       end
-      def format(formatter, filter = nil)
+      def format(formatter, filter = {})
         routes_to_display = filter_routes(normalize_filter(filter))
         routes = collect_routes(routes_to_display)
         if routes.none?
-          formatter.no_routes(collect_routes(@routes))
+          formatter.no_routes(collect_routes(@routes), filter)
           return formatter.result
         end
@@ -81,12 +81,12 @@ module ActionDispatch
       end
       private
         def normalize_filter(filter)
-          if filter.is_a?(Hash) && filter[:controller]
+          if filter[:controller]
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
-          elsif filter
-            { controller: /#{filter}/, action: /#{filter}/, verb: /#{filter}/, name: /#{filter}/, path: /#{filter}/ }
+          elsif filter[:grep]
+            { controller: /#{filter[:grep]}/, action: /#{filter[:grep]}/,
+              verb: /#{filter[:grep]}/, name: /#{filter[:grep]}/, path: /#{filter[:grep]}/ }
           end
         end
@@ -94,7 +94,7 @@ module ActionDispatch
           if filter
             @routes.select do |route|
               route_wrapper = RouteWrapper.new(route)
-              filter.any? { |default, value| route_wrapper.send(default) =~ value }
+              filter.any? { |default, value| value.match?(route_wrapper.send(default)) }
             end
           else
             @routes
@@ -126,62 +126,110 @@ module ActionDispatch
         end
     end
-    class ConsoleFormatter
-      def initialize
-        @buffer = []
-      end
+    module ConsoleFormatter
+      class Base
+        def initialize
+          @buffer = []
+        end
-      def result
-        @buffer.join("\n")
-      end
+        def result
+          @buffer.join("\n")
+        end
-      def section_title(title)
-        @buffer << "\n#{title}:"
-      end
+        def section_title(title)
+        end
-      def section(routes)
-        @buffer << draw_section(routes)
-      end
+        def section(routes)
+        end
-      def header(routes)
-        @buffer << draw_header(routes)
-      end
+        def header(routes)
+        end
-      def no_routes(routes)
-        @buffer <<
-        if routes.none?
-          <<-MESSAGE.strip_heredoc
-          You don't have any routes defined!
+        def no_routes(routes, filter)
+          @buffer <<
+            if routes.none?
+              <<~MESSAGE
+                You don't have any routes defined!
+                Please add some routes in config/routes.rb.
+              MESSAGE
+            elsif filter.key?(:controller)
+              "No routes were found for this controller."
+            elsif filter.key?(:grep)
+              "No routes were found for this grep pattern."
+            end
-          Please add some routes in config/routes.rb.
-          MESSAGE
-        else
-          "No routes were found for this controller"
+          @buffer << "For more information about routes, see the Rails guide: https://guides.rubyonrails.org/routing.html."
         end
-        @buffer << "For more information about routes, see the Rails guide: http://guides.rubyonrails.org/routing.html."
       end
-      private
-        def draw_section(routes)
-          header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
-          name_width, verb_width, path_width = widths(routes).zip(header_lengths).map(&:max)
+      class Sheet < Base
+        def section_title(title)
+          @buffer << "\n#{title}:"
+        end
-          routes.map do |r|
-            "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:path].ljust(path_width)} #{r[:reqs]}"
-          end
+        def section(routes)
+          @buffer << draw_section(routes)
+        end
+        def header(routes)
+          @buffer << draw_header(routes)
         end
-        def draw_header(routes)
-          name_width, verb_width, path_width = widths(routes)
+        private
+          def draw_section(routes)
+            header_lengths = ["Prefix", "Verb", "URI Pattern"].map(&:length)
+            name_width, verb_width, path_width = widths(routes).zip(header_lengths).map(&:max)
+            routes.map do |r|
+              "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:path].ljust(path_width)} #{r[:reqs]}"
+            end
+          end
+          def draw_header(routes)
+            name_width, verb_width, path_width = widths(routes)
+            "#{"Prefix".rjust(name_width)} #{"Verb".ljust(verb_width)} #{"URI Pattern".ljust(path_width)} Controller#Action"
+          end
+          def widths(routes)
+            [routes.map { |r| r[:name].length }.max || 0,
+             routes.map { |r| r[:verb].length }.max || 0,
+             routes.map { |r| r[:path].length }.max || 0]
+          end
+      end
-          "#{"Prefix".rjust(name_width)} #{"Verb".ljust(verb_width)} #{"URI Pattern".ljust(path_width)} Controller#Action"
+      class Expanded < Base
+        def initialize(width: IO.console_size[1])
+          @width = width
+          super()
         end
-        def widths(routes)
-          [routes.map { |r| r[:name].length }.max || 0,
-           routes.map { |r| r[:verb].length }.max || 0,
-           routes.map { |r| r[:path].length }.max || 0]
+        def section_title(title)
+          @buffer << "\n#{"[ #{title} ]"}"
         end
+        def section(routes)
+          @buffer << draw_expanded_section(routes)
+        end
+        private
+          def draw_expanded_section(routes)
+            routes.map.each_with_index do |r, i|
+              <<~MESSAGE.chomp
+                #{route_header(index: i + 1)}
+                Prefix            | #{r[:name]}
+                Verb              | #{r[:verb]}
+                URI               | #{r[:path]}
+                Controller#Action | #{r[:reqs]}
+              MESSAGE
+            end
+          end
+          def route_header(index:)
+            "--[ Route #{index} ]".ljust(@width, "-")
+          end
+      end
     end
     class HtmlTableFormatter
@@ -203,16 +251,16 @@ module ActionDispatch
       end
       def no_routes(*)
-        @buffer << <<-MESSAGE.strip_heredoc
+        @buffer << <<~MESSAGE
           <p>You don't have any routes defined!</p>
           <ul>
             <li>Please add some routes in <tt>config/routes.rb</tt>.</li>
             <li>
               For more information about routes, please see the Rails guide
-              <a href="http://guides.rubyonrails.org/routing.html">Rails Routing from the Outside In</a>.
+              <a href="https://guides.rubyonrails.org/routing.html">Rails Routing from the Outside In</a>.
             </li>
           </ul>
-          MESSAGE
+        MESSAGE
       end
       def result