actionpack 6.0.3.4 → 6.1.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of actionpack might be problematic. Click here for more details.

Files changed (117) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +274 -223
  3. data/MIT-LICENSE +1 -1
  4. data/README.rdoc +1 -1
  5. data/lib/abstract_controller.rb +1 -0
  6. data/lib/abstract_controller/base.rb +35 -2
  7. data/lib/abstract_controller/callbacks.rb +2 -2
  8. data/lib/abstract_controller/helpers.rb +105 -90
  9. data/lib/abstract_controller/rendering.rb +9 -9
  10. data/lib/abstract_controller/translation.rb +8 -2
  11. data/lib/action_controller.rb +2 -3
  12. data/lib/action_controller/api.rb +2 -2
  13. data/lib/action_controller/base.rb +4 -2
  14. data/lib/action_controller/caching.rb +0 -1
  15. data/lib/action_controller/log_subscriber.rb +3 -3
  16. data/lib/action_controller/metal.rb +2 -2
  17. data/lib/action_controller/metal/conditional_get.rb +11 -3
  18. data/lib/action_controller/metal/content_security_policy.rb +1 -1
  19. data/lib/action_controller/metal/cookies.rb +3 -1
  20. data/lib/action_controller/metal/data_streaming.rb +1 -1
  21. data/lib/action_controller/metal/etag_with_template_digest.rb +2 -4
  22. data/lib/action_controller/metal/exceptions.rb +33 -0
  23. data/lib/action_controller/metal/head.rb +7 -4
  24. data/lib/action_controller/metal/helpers.rb +11 -1
  25. data/lib/action_controller/metal/http_authentication.rb +4 -2
  26. data/lib/action_controller/metal/implicit_render.rb +1 -1
  27. data/lib/action_controller/metal/instrumentation.rb +11 -9
  28. data/lib/action_controller/metal/live.rb +1 -1
  29. data/lib/action_controller/metal/logging.rb +20 -0
  30. data/lib/action_controller/metal/mime_responds.rb +6 -2
  31. data/lib/action_controller/metal/parameter_encoding.rb +35 -4
  32. data/lib/action_controller/metal/params_wrapper.rb +14 -8
  33. data/lib/action_controller/metal/permissions_policy.rb +46 -0
  34. data/lib/action_controller/metal/redirecting.rb +1 -1
  35. data/lib/action_controller/metal/rendering.rb +6 -0
  36. data/lib/action_controller/metal/request_forgery_protection.rb +48 -24
  37. data/lib/action_controller/metal/rescue.rb +1 -1
  38. data/lib/action_controller/metal/strong_parameters.rb +103 -15
  39. data/lib/action_controller/renderer.rb +24 -13
  40. data/lib/action_controller/test_case.rb +62 -56
  41. data/lib/action_dispatch.rb +3 -2
  42. data/lib/action_dispatch/http/cache.rb +12 -10
  43. data/lib/action_dispatch/http/content_disposition.rb +2 -2
  44. data/lib/action_dispatch/http/content_security_policy.rb +5 -1
  45. data/lib/action_dispatch/http/filter_parameters.rb +1 -1
  46. data/lib/action_dispatch/http/filter_redirect.rb +1 -1
  47. data/lib/action_dispatch/http/headers.rb +3 -2
  48. data/lib/action_dispatch/http/mime_negotiation.rb +20 -8
  49. data/lib/action_dispatch/http/mime_type.rb +28 -15
  50. data/lib/action_dispatch/http/parameters.rb +1 -19
  51. data/lib/action_dispatch/http/permissions_policy.rb +173 -0
  52. data/lib/action_dispatch/http/request.rb +26 -8
  53. data/lib/action_dispatch/http/response.rb +17 -16
  54. data/lib/action_dispatch/http/url.rb +3 -2
  55. data/lib/action_dispatch/journey.rb +0 -2
  56. data/lib/action_dispatch/journey/formatter.rb +53 -28
  57. data/lib/action_dispatch/journey/gtg/builder.rb +22 -36
  58. data/lib/action_dispatch/journey/gtg/simulator.rb +8 -7
  59. data/lib/action_dispatch/journey/gtg/transition_table.rb +6 -4
  60. data/lib/action_dispatch/journey/nfa/dot.rb +0 -11
  61. data/lib/action_dispatch/journey/nodes/node.rb +4 -3
  62. data/lib/action_dispatch/journey/parser.rb +13 -13
  63. data/lib/action_dispatch/journey/parser.y +1 -1
  64. data/lib/action_dispatch/journey/path/pattern.rb +13 -18
  65. data/lib/action_dispatch/journey/route.rb +7 -18
  66. data/lib/action_dispatch/journey/router.rb +26 -30
  67. data/lib/action_dispatch/journey/router/utils.rb +6 -4
  68. data/lib/action_dispatch/middleware/actionable_exceptions.rb +2 -2
  69. data/lib/action_dispatch/middleware/cookies.rb +74 -33
  70. data/lib/action_dispatch/middleware/debug_exceptions.rb +10 -17
  71. data/lib/action_dispatch/middleware/debug_view.rb +1 -1
  72. data/lib/action_dispatch/middleware/exception_wrapper.rb +29 -17
  73. data/lib/action_dispatch/middleware/host_authorization.rb +25 -5
  74. data/lib/action_dispatch/middleware/public_exceptions.rb +1 -1
  75. data/lib/action_dispatch/middleware/remote_ip.rb +5 -4
  76. data/lib/action_dispatch/middleware/request_id.rb +4 -5
  77. data/lib/action_dispatch/middleware/session/abstract_store.rb +2 -2
  78. data/lib/action_dispatch/middleware/session/cookie_store.rb +2 -2
  79. data/lib/action_dispatch/middleware/show_exceptions.rb +2 -0
  80. data/lib/action_dispatch/middleware/ssl.rb +12 -7
  81. data/lib/action_dispatch/middleware/stack.rb +18 -0
  82. data/lib/action_dispatch/middleware/static.rb +154 -93
  83. data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
  84. data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +2 -5
  85. data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +2 -2
  86. data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +2 -2
  87. data/lib/action_dispatch/middleware/templates/rescues/layout.erb +100 -8
  88. data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
  89. data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +21 -1
  90. data/lib/action_dispatch/railtie.rb +3 -2
  91. data/lib/action_dispatch/request/session.rb +2 -8
  92. data/lib/action_dispatch/request/utils.rb +26 -2
  93. data/lib/action_dispatch/routing/inspector.rb +8 -7
  94. data/lib/action_dispatch/routing/mapper.rb +102 -71
  95. data/lib/action_dispatch/routing/polymorphic_routes.rb +12 -11
  96. data/lib/action_dispatch/routing/redirection.rb +3 -3
  97. data/lib/action_dispatch/routing/route_set.rb +49 -41
  98. data/lib/action_dispatch/routing/url_for.rb +1 -0
  99. data/lib/action_dispatch/system_test_case.rb +29 -24
  100. data/lib/action_dispatch/system_testing/browser.rb +33 -27
  101. data/lib/action_dispatch/system_testing/driver.rb +6 -7
  102. data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +47 -6
  103. data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +4 -7
  104. data/lib/action_dispatch/testing/assertions.rb +1 -1
  105. data/lib/action_dispatch/testing/assertions/response.rb +2 -4
  106. data/lib/action_dispatch/testing/assertions/routing.rb +5 -5
  107. data/lib/action_dispatch/testing/integration.rb +38 -27
  108. data/lib/action_dispatch/testing/test_process.rb +29 -4
  109. data/lib/action_dispatch/testing/test_request.rb +3 -3
  110. data/lib/action_pack.rb +1 -1
  111. data/lib/action_pack/gem_version.rb +3 -3
  112. metadata +18 -19
  113. data/lib/action_controller/metal/force_ssl.rb +0 -58
  114. data/lib/action_dispatch/http/parameter_filter.rb +0 -12
  115. data/lib/action_dispatch/journey/nfa/builder.rb +0 -78
  116. data/lib/action_dispatch/journey/nfa/simulator.rb +0 -47
  117. data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -119
@@ -1,58 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "active_support/core_ext/hash/except"
4
- require "active_support/core_ext/hash/slice"
5
-
6
- module ActionController
7
- # This module is deprecated in favor of +config.force_ssl+ in your environment
8
- # config file. This will ensure all endpoints not explicitly marked otherwise
9
- # will have all communication served over HTTPS.
10
- module ForceSSL # :nodoc:
11
- extend ActiveSupport::Concern
12
- include AbstractController::Callbacks
13
-
14
- ACTION_OPTIONS = [:only, :except, :if, :unless]
15
- URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
16
- REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
17
-
18
- module ClassMethods # :nodoc:
19
- def force_ssl(options = {})
20
- ActiveSupport::Deprecation.warn(<<-MESSAGE.squish)
21
- Controller-level `force_ssl` is deprecated and will be removed from
22
- Rails 6.1. Please enable `config.force_ssl` in your environment
23
- configuration to enable the ActionDispatch::SSL middleware to more
24
- fully enforce that your application communicate over HTTPS. If needed,
25
- you can use `config.ssl_options` to exempt matching endpoints from
26
- being redirected to HTTPS.
27
- MESSAGE
28
-
29
- action_options = options.slice(*ACTION_OPTIONS)
30
- redirect_options = options.except(*ACTION_OPTIONS)
31
- before_action(action_options) do
32
- force_ssl_redirect(redirect_options)
33
- end
34
- end
35
- end
36
-
37
- def force_ssl_redirect(host_or_options = nil)
38
- unless request.ssl?
39
- options = {
40
- protocol: "https://",
41
- host: request.host,
42
- path: request.fullpath,
43
- status: :moved_permanently,
44
- }
45
-
46
- if host_or_options.is_a?(Hash)
47
- options.merge!(host_or_options)
48
- elsif host_or_options
49
- options[:host] = host_or_options
50
- end
51
-
52
- secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
53
- flash.keep if respond_to?(:flash) && request.respond_to?(:flash)
54
- redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
55
- end
56
- end
57
- end
58
- end
@@ -1,12 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "active_support/deprecation/constant_accessor"
4
- require "active_support/parameter_filter"
5
-
6
- module ActionDispatch
7
- module Http
8
- include ActiveSupport::Deprecation::DeprecatedConstantAccessor
9
- deprecate_constant "ParameterFilter", "ActiveSupport::ParameterFilter",
10
- message: "ActionDispatch::Http::ParameterFilter is deprecated and will be removed from Rails 6.1. Use ActiveSupport::ParameterFilter instead."
11
- end
12
- end
@@ -1,78 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "action_dispatch/journey/nfa/transition_table"
4
- require "action_dispatch/journey/gtg/transition_table"
5
-
6
- module ActionDispatch
7
- module Journey # :nodoc:
8
- module NFA # :nodoc:
9
- class Visitor < Visitors::Visitor # :nodoc:
10
- def initialize(tt)
11
- @tt = tt
12
- @i = -1
13
- end
14
-
15
- def visit_CAT(node)
16
- left = visit(node.left)
17
- right = visit(node.right)
18
-
19
- @tt.merge(left.last, right.first)
20
-
21
- [left.first, right.last]
22
- end
23
-
24
- def visit_GROUP(node)
25
- from = @i += 1
26
- left = visit(node.left)
27
- to = @i += 1
28
-
29
- @tt.accepting = to
30
-
31
- @tt[from, left.first] = nil
32
- @tt[left.last, to] = nil
33
- @tt[from, to] = nil
34
-
35
- [from, to]
36
- end
37
-
38
- def visit_OR(node)
39
- from = @i += 1
40
- children = node.children.map { |c| visit(c) }
41
- to = @i += 1
42
-
43
- children.each do |child|
44
- @tt[from, child.first] = nil
45
- @tt[child.last, to] = nil
46
- end
47
-
48
- @tt.accepting = to
49
-
50
- [from, to]
51
- end
52
-
53
- def terminal(node)
54
- from_i = @i += 1 # new state
55
- to_i = @i += 1 # new state
56
-
57
- @tt[from_i, to_i] = node
58
- @tt.accepting = to_i
59
- @tt.add_memo(to_i, node.memo)
60
-
61
- [from_i, to_i]
62
- end
63
- end
64
-
65
- class Builder # :nodoc:
66
- def initialize(ast)
67
- @ast = ast
68
- end
69
-
70
- def transition_table
71
- tt = TransitionTable.new
72
- Visitor.new(tt).accept(@ast)
73
- tt
74
- end
75
- end
76
- end
77
- end
78
- end
@@ -1,47 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "strscan"
4
-
5
- module ActionDispatch
6
- module Journey # :nodoc:
7
- module NFA # :nodoc:
8
- class MatchData # :nodoc:
9
- attr_reader :memos
10
-
11
- def initialize(memos)
12
- @memos = memos
13
- end
14
- end
15
-
16
- class Simulator # :nodoc:
17
- attr_reader :tt
18
-
19
- def initialize(transition_table)
20
- @tt = transition_table
21
- end
22
-
23
- def simulate(string)
24
- input = StringScanner.new(string)
25
- state = tt.eclosure(0)
26
- until input.eos?
27
- sym = input.scan(%r([/.?]|[^/.?]+))
28
- state = tt.eclosure(tt.move(state, sym))
29
- end
30
-
31
- acceptance_states = state.find_all { |s|
32
- tt.accepting?(tt.eclosure(s).sort.last)
33
- }
34
-
35
- return if acceptance_states.empty?
36
-
37
- memos = acceptance_states.flat_map { |x| tt.memo(x) }.compact
38
-
39
- MatchData.new(memos)
40
- end
41
-
42
- alias :=~ :simulate
43
- alias :match :simulate
44
- end
45
- end
46
- end
47
- end
@@ -1,119 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "action_dispatch/journey/nfa/dot"
4
-
5
- module ActionDispatch
6
- module Journey # :nodoc:
7
- module NFA # :nodoc:
8
- class TransitionTable # :nodoc:
9
- include Journey::NFA::Dot
10
-
11
- attr_accessor :accepting
12
- attr_reader :memos
13
-
14
- def initialize
15
- @table = Hash.new { |h, f| h[f] = {} }
16
- @memos = {}
17
- @accepting = nil
18
- @inverted = nil
19
- end
20
-
21
- def accepting?(state)
22
- accepting == state
23
- end
24
-
25
- def accepting_states
26
- [accepting]
27
- end
28
-
29
- def add_memo(idx, memo)
30
- @memos[idx] = memo
31
- end
32
-
33
- def memo(idx)
34
- @memos[idx]
35
- end
36
-
37
- def []=(i, f, s)
38
- @table[f][i] = s
39
- end
40
-
41
- def merge(left, right)
42
- @memos[right] = @memos.delete(left)
43
- @table[right] = @table.delete(left)
44
- end
45
-
46
- def states
47
- (@table.keys + @table.values.flat_map(&:keys)).uniq
48
- end
49
-
50
- # Returns set of NFA states to which there is a transition on ast symbol
51
- # +a+ from some state +s+ in +t+.
52
- def following_states(t, a)
53
- Array(t).flat_map { |s| inverted[s][a] }.uniq
54
- end
55
-
56
- # Returns set of NFA states to which there is a transition on ast symbol
57
- # +a+ from some state +s+ in +t+.
58
- def move(t, a)
59
- Array(t).map { |s|
60
- inverted[s].keys.compact.find_all { |sym|
61
- sym === a
62
- }.map { |sym| inverted[s][sym] }
63
- }.flatten.uniq
64
- end
65
-
66
- def alphabet
67
- inverted.values.flat_map(&:keys).compact.uniq.sort_by(&:to_s)
68
- end
69
-
70
- # Returns a set of NFA states reachable from some NFA state +s+ in set
71
- # +t+ on nil-transitions alone.
72
- def eclosure(t)
73
- stack = Array(t)
74
- seen = {}
75
- children = []
76
-
77
- until stack.empty?
78
- s = stack.pop
79
- next if seen[s]
80
-
81
- seen[s] = true
82
- children << s
83
-
84
- stack.concat(inverted[s][nil])
85
- end
86
-
87
- children.uniq
88
- end
89
-
90
- def transitions
91
- @table.flat_map { |to, hash|
92
- hash.map { |from, sym| [from, sym, to] }
93
- }
94
- end
95
-
96
- private
97
- def inverted
98
- return @inverted if @inverted
99
-
100
- @inverted = Hash.new { |h, from|
101
- h[from] = Hash.new { |j, s| j[s] = [] }
102
- }
103
-
104
- @table.each { |to, hash|
105
- hash.each { |from, sym|
106
- if sym
107
- sym = Nodes::Symbol === sym ? sym.regexp : sym.left
108
- end
109
-
110
- @inverted[from][sym] << to
111
- }
112
- }
113
-
114
- @inverted
115
- end
116
- end
117
- end
118
- end
119
- end