actionpack 5.2.8.1 → 6.0.6

data/lib/action_dispatch/http/url.rb

@@ -67,7 +67,7 @@ module ActionDispatch
         end
 
         def path_for(options)
-          path = options[:script_name].to_s.chomp("/".freeze)
+          path = options[:script_name].to_s.chomp("/")
           path << options[:path] if options.key?(:path)
 
           add_trailing_slash(path) if options[:trailing_slash]
@@ -78,109 +78,108 @@ module ActionDispatch
         end
 
         private
-
-        def add_params(path, params)
-          params = { params: params } unless params.is_a?(Hash)
-          params.reject! { |_, v| v.to_param.nil? }
-          query = params.to_query
-          path << "?#{query}" unless query.empty?
-        end
-
-        def add_anchor(path, anchor)
-          if anchor
-            path << "##{Journey::Router::Utils.escape_fragment(anchor.to_param)}"
+          def add_params(path, params)
+            params = { params: params } unless params.is_a?(Hash)
+            params.reject! { |_, v| v.to_param.nil? }
+            query = params.to_query
+            path << "?#{query}" unless query.empty?
           end
-        end
 
-        def extract_domain_from(host, tld_length)
-          host.split(".").last(1 + tld_length).join(".")
-        end
+          def add_anchor(path, anchor)
+            if anchor
+              path << "##{Journey::Router::Utils.escape_fragment(anchor.to_param)}"
+            end
+          end
 
-        def extract_subdomains_from(host, tld_length)
-          parts = host.split(".")
-          parts[0..-(tld_length + 2)]
-        end
+          def extract_domain_from(host, tld_length)
+            host.split(".").last(1 + tld_length).join(".")
+          end
 
-        def add_trailing_slash(path)
-          if path.include?("?")
-            path.sub!(/\?/, '/\&')
-          elsif !path.include?(".")
-            path.sub!(/[^\/]\z|\A\z/, '\&/')
+          def extract_subdomains_from(host, tld_length)
+            parts = host.split(".")
+            parts[0..-(tld_length + 2)]
           end
-        end
 
-        def build_host_url(host, port, protocol, options, path)
-          if match = host.match(HOST_REGEXP)
-            protocol ||= match[1] unless protocol == false
-            host       = match[2]
-            port       = match[3] unless options.key? :port
+          def add_trailing_slash(path)
+            if path.include?("?")
+              path.sub!(/\?/, '/\&')
+            elsif !path.include?(".")
+              path.sub!(/[^\/]\z|\A\z/, '\&/')
+            end
           end
 
-          protocol = normalize_protocol protocol
-          host     = normalize_host(host, options)
+          def build_host_url(host, port, protocol, options, path)
+            if match = host.match(HOST_REGEXP)
+              protocol ||= match[1] unless protocol == false
+              host       = match[2]
+              port       = match[3] unless options.key? :port
+            end
 
-          result = protocol.dup
+            protocol = normalize_protocol protocol
+            host     = normalize_host(host, options)
 
-          if options[:user] && options[:password]
-            result << "#{Rack::Utils.escape(options[:user])}:#{Rack::Utils.escape(options[:password])}@"
-          end
+            result = protocol.dup
 
-          result << host
-          normalize_port(port, protocol) { |normalized_port|
-            result << ":#{normalized_port}"
-          }
+            if options[:user] && options[:password]
+              result << "#{Rack::Utils.escape(options[:user])}:#{Rack::Utils.escape(options[:password])}@"
+            end
 
-          result.concat path
-        end
+            result << host
+            normalize_port(port, protocol) { |normalized_port|
+              result << ":#{normalized_port}"
+            }
 
-        def named_host?(host)
-          IP_HOST_REGEXP !~ host
-        end
+            result.concat path
+          end
 
-        def normalize_protocol(protocol)
-          case protocol
-          when nil
-            "http://"
-          when false, "//"
-            "//"
-          when PROTOCOL_REGEXP
-            "#{$1}://"
-          else
-            raise ArgumentError, "Invalid :protocol option: #{protocol.inspect}"
+          def named_host?(host)
+            IP_HOST_REGEXP !~ host
           end
-        end
 
-        def normalize_host(_host, options)
-          return _host unless named_host?(_host)
+          def normalize_protocol(protocol)
+            case protocol
+            when nil
+              "http://"
+            when false, "//"
+              "//"
+            when PROTOCOL_REGEXP
+              "#{$1}://"
+            else
+              raise ArgumentError, "Invalid :protocol option: #{protocol.inspect}"
+            end
+          end
+
+          def normalize_host(_host, options)
+            return _host unless named_host?(_host)
 
-          tld_length = options[:tld_length] || @@tld_length
-          subdomain  = options.fetch :subdomain, true
-          domain     = options[:domain]
+            tld_length = options[:tld_length] || @@tld_length
+            subdomain  = options.fetch :subdomain, true
+            domain     = options[:domain]
 
-          host = "".dup
-          if subdomain == true
-            return _host if domain.nil?
+            host = +""
+            if subdomain == true
+              return _host if domain.nil?
 
-            host << extract_subdomains_from(_host, tld_length).join(".")
-          elsif subdomain
-            host << subdomain.to_param
+              host << extract_subdomains_from(_host, tld_length).join(".")
+            elsif subdomain
+              host << subdomain.to_param
+            end
+            host << "." unless host.empty?
+            host << (domain || extract_domain_from(_host, tld_length))
+            host
           end
-          host << "." unless host.empty?
-          host << (domain || extract_domain_from(_host, tld_length))
-          host
-        end
 
-        def normalize_port(port, protocol)
-          return unless port
+          def normalize_port(port, protocol)
+            return unless port
 
-          case protocol
-          when "//" then yield port
-          when "https://"
-            yield port unless port.to_i == 443
-          else
-            yield port unless port.to_i == 80
+            case protocol
+            when "//" then yield port
+            when "https://"
+              yield port unless port.to_i == 443
+            else
+              yield port unless port.to_i == 80
+            end
           end
-        end
       end
 
       def initialize
@@ -231,7 +230,7 @@ module ActionDispatch
       #   req = ActionDispatch::Request.new 'HTTP_HOST' => 'example.com:8080'
       #   req.host # => "example.com"
       def host
-        raw_host_with_port.sub(/:\d+$/, "".freeze)
+        raw_host_with_port.sub(/:\d+$/, "")
       end
 
       # Returns a \host:\port string for this request, such as "example.com" or

data/lib/action_dispatch/journey/formatter.rb

@@ -50,7 +50,7 @@ module ActionDispatch
         unmatched_keys = (missing_keys || []) & constraints.keys
         missing_keys = (missing_keys || []) - unmatched_keys
 
-        message = "No route matches #{Hash[constraints.sort_by { |k, v| k.to_s }].inspect}".dup
+        message = +"No route matches #{Hash[constraints.sort_by { |k, v| k.to_s }].inspect}"
         message << ", missing required keys: #{missing_keys.sort.inspect}" if missing_keys && !missing_keys.empty?
         message << ", possible unmatched constraints: #{unmatched_keys.sort.inspect}" if unmatched_keys && !unmatched_keys.empty?
 
@@ -62,12 +62,11 @@ module ActionDispatch
       end
 
       private
-
         def extract_parameterized_parts(route, options, recall, parameterize = nil)
           parameterized_parts = recall.merge(options)
 
           keys_to_keep = route.parts.reverse_each.drop_while { |part|
-            !options.key?(part) || (options[part] || recall[part]).nil?
+            !(options.key?(part) || route.scope_options.key?(part)) || (options[part] || recall[part]).nil?
           } | route.required_parts
 
           parameterized_parts.delete_if do |bad_key, _|

data/lib/action_dispatch/journey/gtg/builder.rb

@@ -128,7 +128,6 @@ module ActionDispatch
         end
 
         private
-
           def followpos_table
             @followpos ||= build_followpos
           end

data/lib/action_dispatch/journey/gtg/transition_table.rb

@@ -141,7 +141,6 @@ module ActionDispatch
         end
 
         private
-
           def states_hash_for(sym)
             case sym
             when String

data/lib/action_dispatch/journey/nfa/simulator.rb

@@ -25,8 +25,6 @@ module ActionDispatch
           state = tt.eclosure(0)
           until input.eos?
             sym   = input.scan(%r([/.?]|[^/.?]+))
-
-            # FIXME: tt.eclosure is not needed for the GTG
             state = tt.eclosure(tt.move(state, sym))
           end
 

data/lib/action_dispatch/journey/nfa/transition_table.rb

@@ -94,7 +94,6 @@ module ActionDispatch
         end
 
         private
-
           def inverted
             return @inverted if @inverted
 

data/lib/action_dispatch/journey/nodes/node.rb

@@ -32,7 +32,7 @@ module ActionDispatch
         end
 
         def name
-          left.tr "*:".freeze, "".freeze
+          -left.tr("*:", "")
         end
 
         def type
@@ -65,12 +65,12 @@ module ActionDispatch
         def literal?; false; end
       end
 
-      %w{ Symbol Slash Dot }.each do |t|
-        class_eval <<-eoruby, __FILE__, __LINE__ + 1
-          class #{t} < Terminal;
-            def type; :#{t.upcase}; end
-          end
-        eoruby
+      class Slash < Terminal # :nodoc:
+        def type; :SLASH; end
+      end
+
+      class Dot < Terminal # :nodoc:
+        def type; :DOT; end
       end
 
       class Symbol < Terminal # :nodoc:
@@ -82,13 +82,14 @@ module ActionDispatch
         def initialize(left)
           super
           @regexp = DEFAULT_EXP
-          @name = left.tr "*:".freeze, "".freeze
+          @name = -left.tr("*:", "")
         end
 
         def default_regexp?
           regexp == DEFAULT_EXP
         end
 
+        def type; :SYMBOL; end
         def symbol?; true; end
       end
 

data/lib/action_dispatch/journey/path/pattern.rb

@@ -90,7 +90,7 @@ module ActionDispatch
             return @separator_re unless @matchers.key?(node)
 
             re = @matchers[node]
-            "(#{re})"
+            "(#{Regexp.union(re)})"
           end
 
           def visit_GROUP(node)
@@ -137,6 +137,10 @@ module ActionDispatch
             Array.new(length - 1) { |i| self[i + 1] }
           end
 
+          def named_captures
+            @names.zip(captures).to_h
+          end
+
           def [](x)
             idx = @offsets[x - 1] + x
             @match[idx]
@@ -170,7 +174,6 @@ module ActionDispatch
         end
 
         private
-
           def regexp_visitor
             @anchored ? AnchoredRegexp : UnanchoredRegexp
           end
@@ -184,7 +187,7 @@ module ActionDispatch
               node = node.to_sym
 
               if @requirements.key?(node)
-                re = /#{@requirements[node]}|/
+                re = /#{Regexp.union(@requirements[node])}|/
                 @offsets.push((re.match("").length - 1) + @offsets.last)
               else
                 @offsets << @offsets.last

data/lib/action_dispatch/journey/route.rb

@@ -4,9 +4,9 @@ module ActionDispatch
   # :stopdoc:
   module Journey
     class Route
-      attr_reader :app, :path, :defaults, :name, :precedence
+      attr_reader :app, :path, :defaults, :name, :precedence, :constraints,
+                  :internal, :scope_options
 
-      attr_reader :constraints, :internal
       alias :conditions :constraints
 
       module VerbMatchers
@@ -51,13 +51,13 @@ module ActionDispatch
 
       def self.build(name, app, path, constraints, required_defaults, defaults)
         request_method_match = verb_matcher(constraints.delete(:request_method))
-        new name, app, path, constraints, required_defaults, defaults, request_method_match, 0
+        new name, app, path, constraints, required_defaults, defaults, request_method_match, 0, {}
       end
 
       ##
       # +path+ is a path constraint.
       # +constraints+ is a hash of constraints to be applied to this route.
-      def initialize(name, app, path, constraints, required_defaults, defaults, request_method_match, precedence, internal = false)
+      def initialize(name, app, path, constraints, required_defaults, defaults, request_method_match, precedence, scope_options, internal = false)
         @name        = name
         @app         = app
         @path        = path
@@ -72,6 +72,7 @@ module ActionDispatch
         @decorated_ast     = nil
         @precedence        = precedence
         @path_formatter    = @path.build_formatter
+        @scope_options     = scope_options
         @internal          = internal
       end
 

data/lib/action_dispatch/journey/router/utils.rb

@@ -17,11 +17,11 @@ module ActionDispatch
         def self.normalize_path(path)
           path ||= ""
           encoding = path.encoding
-          path = "/#{path}".dup
-          path.squeeze!("/".freeze)
-          path.sub!(%r{/+\Z}, "".freeze)
+          path = +"/#{path}"
+          path.squeeze!("/")
+          path.sub!(%r{/+\Z}, "")
           path.gsub!(/(%[a-f0-9]{2})/) { $1.upcase }
-          path = "/".dup if path == "".freeze
+          path = +"/" if path == ""
           path.force_encoding(encoding)
           path
         end
@@ -29,16 +29,16 @@ module ActionDispatch
         # URI path and fragment escaping
         # https://tools.ietf.org/html/rfc3986
         class UriEncoder # :nodoc:
-          ENCODE   = "%%%02X".freeze
+          ENCODE   = "%%%02X"
           US_ASCII = Encoding::US_ASCII
           UTF_8    = Encoding::UTF_8
-          EMPTY    = "".dup.force_encoding(US_ASCII).freeze
+          EMPTY    = (+"").force_encoding(US_ASCII).freeze
           DEC2HEX  = (0..255).to_a.map { |i| ENCODE % i }.map { |s| s.force_encoding(US_ASCII) }
 
-          ALPHA = "a-zA-Z".freeze
-          DIGIT = "0-9".freeze
-          UNRESERVED = "#{ALPHA}#{DIGIT}\\-\\._~".freeze
-          SUB_DELIMS = "!\\$&'\\(\\)\\*\\+,;=".freeze
+          ALPHA = "a-zA-Z"
+          DIGIT = "0-9"
+          UNRESERVED = "#{ALPHA}#{DIGIT}\\-\\._~"
+          SUB_DELIMS = "!\\$&'\\(\\)\\*\\+,;="
 
           ESCAPED  = /%[a-zA-Z0-9]{2}/.freeze
 

data/lib/action_dispatch/journey/router.rb

@@ -15,9 +15,6 @@ require "action_dispatch/journey/path/pattern"
 module ActionDispatch
   module Journey # :nodoc:
     class Router # :nodoc:
-      class RoutingError < ::StandardError # :nodoc:
-      end
-
       attr_accessor :routes
 
       def initialize(routes)
@@ -84,7 +81,6 @@ module ActionDispatch
       end
 
       private
-
         def partitioned_routes
           routes.partition { |r|
             r.path.anchored && r.ast.grep(Nodes::Symbol).all? { |n| n.default_regexp?  }

data/lib/action_dispatch/journey/routes.rb

@@ -56,7 +56,6 @@ module ActionDispatch
       end
 
       def simulator
-        return if ast.nil?
         @simulator ||= begin
           gtg = GTG::Builder.new(ast).transition_table
           GTG::Simulator.new(gtg)
@@ -72,7 +71,6 @@ module ActionDispatch
       end
 
       private
-
         def clear_cache!
           @ast                = nil
           @simulator          = nil

data/lib/action_dispatch/journey/scanner.rb

@@ -33,6 +33,12 @@ module ActionDispatch
       end
 
       private
+        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards
+        # see: https://bugs.ruby-lang.org/issues/13077
+        def dedup_scan(regex)
+          r = @ss.scan(regex)
+          r ? -r : nil
+        end
 
         def scan
           case
@@ -47,15 +53,15 @@ module ActionDispatch
             [:OR, "|"]
           when @ss.skip(/\./)
             [:DOT, "."]
-          when text = @ss.scan(/:\w+/)
+          when text = dedup_scan(/:\w+/)
             [:SYMBOL, text]
-          when text = @ss.scan(/\*\w+/)
+          when text = dedup_scan(/\*\w+/)
             [:STAR, text]
           when text = @ss.scan(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
             text.tr! "\\", ""
-            [:LITERAL, text]
+            [:LITERAL, -text]
             # any char
-          when text = @ss.scan(/./)
+          when text = dedup_scan(/./)
             [:LITERAL, text]
           end
         end

data/lib/action_dispatch/journey/visitors.rb

@@ -40,7 +40,7 @@ module ActionDispatch
         @parameters.each do |index|
           param = parts[index]
           value = hash[param.name]
-          return "".freeze unless value
+          return "" unless value
           parts[index] = param.escape value
         end
 
@@ -59,7 +59,6 @@ module ActionDispatch
         end
 
         private
-
           def visit(node)
             send(DISPATCH_CACHE[node.type], node)
           end
@@ -168,7 +167,6 @@ module ActionDispatch
 
       class String < FunctionalVisitor # :nodoc:
         private
-
           def binary(node, seed)
             visit(node.right, visit(node.left, seed))
           end
@@ -214,7 +212,6 @@ module ActionDispatch
         end
 
         private
-
           def binary(node, seed)
             seed.last.concat node.children.map { |c|
               "#{node.object_id} -> #{c.object_id};"

data/lib/action_dispatch/middleware/actionable_exceptions.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "erb"
+require "uri"
+require "action_dispatch/http/request"
+require "active_support/actionable_error"
+
+module ActionDispatch
+  class ActionableExceptions # :nodoc:
+    cattr_accessor :endpoint, default: "/rails/actions"
+
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request = ActionDispatch::Request.new(env)
+      return @app.call(env) unless actionable_request?(request)
+
+      ActiveSupport::ActionableError.dispatch(request.params[:error].to_s.safe_constantize, request.params[:action])
+
+      redirect_to request.params[:location]
+    end
+
+    private
+      def actionable_request?(request)
+        request.get_header("action_dispatch.show_detailed_exceptions")  && request.post? && request.path == endpoint
+      end
+
+      def redirect_to(location)
+        uri = URI.parse location
+
+        if uri.relative? || uri.scheme == "http" || uri.scheme == "https"
+          body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>"
+        else
+          return [400, { "Content-Type" => "text/plain" }, ["Invalid redirection URI"]]
+        end
+
+        [302, {
+          "Content-Type" => "text/html; charset=#{Response.default_charset}",
+          "Content-Length" => body.bytesize.to_s,
+          "Location" => location,
+        }, [body]]
+      end
+  end
+end

data/lib/action_dispatch/middleware/callbacks.rb

@@ -24,10 +24,8 @@ module ActionDispatch
     def call(env)
       error = nil
       result = run_callbacks :call do
-        begin
-          @app.call(env)
-        rescue => error
-        end
+        @app.call(env)
+      rescue => error
       end
       raise error if error
       result