actionpack 6.1.7.5 → 7.1.3.1

data/lib/action_controller/metal/testing.rb

@@ -2,10 +2,17 @@
 
 module ActionController
   module Testing
-    extend ActiveSupport::Concern
-
     # Behavior specific to functional tests
     module Functional # :nodoc:
+      def clear_instance_variables_between_requests
+        if defined?(@_ivars)
+          new_ivars = instance_variables - @_ivars
+          new_ivars.each { |ivar| remove_instance_variable(ivar) }
+        end
+
+        @_ivars = instance_variables
+      end
+
       def recycle!
         @_url_options = nil
         self.formats = nil

data/lib/action_controller/metal/url_for.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
 module ActionController
+  # = Action Controller \UrlFor
+  #
   # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing
   # the <tt>_routes</tt> method. Otherwise, an exception will be raised.
   #
-  # In addition to <tt>AbstractController::UrlFor</tt>, this module accesses the HTTP layer to define
+  # In addition to AbstractController::UrlFor, this module accesses the HTTP layer to define
   # URL options like the +host+. In order to do so, this module requires the host class
-  # to implement +env+ which needs to be Rack-compatible and +request+
-  # which is either an instance of +ActionDispatch::Request+ or an object
-  # that responds to the +host+, +optional_port+, +protocol+ and
-  # +symbolized_path_parameter+ methods.
+  # to implement +env+ which needs to be Rack-compatible, and +request+ which
+  # returns an ActionDispatch::Request instance.
   #
   #   class RootUrl
   #     include ActionController::UrlFor
@@ -27,6 +27,11 @@ module ActionController
 
     include AbstractController::UrlFor
 
+    def initialize(...)
+      super
+      @_url_options = nil
+    end
+
     def url_options
       @_url_options ||= {
         host: request.host,

data/lib/action_controller/metal.rb

@@ -2,10 +2,10 @@
 
 require "active_support/core_ext/array/extract_options"
 require "action_dispatch/middleware/stack"
-require "action_dispatch/http/request"
-require "action_dispatch/http/response"
 
 module ActionController
+  # = Action Controller \MiddlewareStack
+  #
   # Extend ActionDispatch middleware stack to make it aware of options
   # allowing the following syntax in controllers:
   #
@@ -13,8 +13,8 @@ module ActionController
   #     use AuthenticationMiddleware, except: [:index, :show]
   #   end
   #
-  class MiddlewareStack < ActionDispatch::MiddlewareStack #:nodoc:
-    class Middleware < ActionDispatch::MiddlewareStack::Middleware #:nodoc:
+  class MiddlewareStack < ActionDispatch::MiddlewareStack # :nodoc:
+    class Middleware < ActionDispatch::MiddlewareStack::Middleware # :nodoc:
       def initialize(klass, args, actions, strategy, block)
         @actions = actions
         @strategy = strategy
@@ -60,9 +60,11 @@ module ActionController
       end
   end
 
-  # <tt>ActionController::Metal</tt> is the simplest possible controller, providing a
+  # = Action Controller \Metal
+  #
+  # +ActionController::Metal+ is the simplest possible controller, providing a
   # valid Rack interface without the additional niceties provided by
-  # <tt>ActionController::Base</tt>.
+  # ActionController::Base.
   #
   # A sample metal controller might look like this:
   #
@@ -80,9 +82,9 @@ module ActionController
   # The +action+ method returns a valid Rack application for the \Rails
   # router to dispatch to.
   #
-  # == Rendering Helpers
+  # == \Rendering \Helpers
   #
-  # <tt>ActionController::Metal</tt> by default provides no utilities for rendering
+  # +ActionController::Metal+ by default provides no utilities for rendering
   # views, partials, or other responses aside from explicitly calling of
   # <tt>response_body=</tt>, <tt>content_type=</tt>, and <tt>status=</tt>. To
   # add the render helpers you're used to having in a normal controller, you
@@ -98,7 +100,7 @@ module ActionController
   #     end
   #   end
   #
-  # == Redirection Helpers
+  # == Redirection \Helpers
   #
   # To add redirection helpers to your metal controller, do the following:
   #
@@ -111,17 +113,17 @@ module ActionController
   #     end
   #   end
   #
-  # == Other Helpers
+  # == Other \Helpers
   #
-  # You can refer to the modules included in <tt>ActionController::Base</tt> to see
+  # You can refer to the modules included in ActionController::Base to see
   # other features you can bring into your metal controller.
   #
   class Metal < AbstractController::Base
     abstract!
 
     # Returns the last part of the controller's name, underscored, without the ending
-    # <tt>Controller</tt>. For instance, PostsController returns <tt>posts</tt>.
-    # Namespaces are left out, so Admin::PostsController returns <tt>posts</tt> as well.
+    # <tt>Controller</tt>. For instance, +PostsController+ returns <tt>posts</tt>.
+    # Namespaces are left out, so +Admin::PostsController+ returns <tt>posts</tt> as well.
     #
     # ==== Returns
     # * <tt>string</tt>
@@ -139,20 +141,53 @@ module ActionController
       false
     end
 
-    # Delegates to the class' <tt>controller_name</tt>.
+    class << self
+      private
+        def inherited(subclass)
+          super
+          subclass.middleware_stack = middleware_stack.dup
+          subclass.class_eval do
+            @controller_name = nil
+          end
+        end
+    end
+
+    # Delegates to the class's ::controller_name.
     def controller_name
       self.class.controller_name
     end
 
-    attr_internal :response, :request
+    ##
+    # :attr_reader: request
+    #
+    # The ActionDispatch::Request instance for the current request.
+    attr_internal :request
+
+    ##
+    # :attr_reader: response
+    #
+    # The ActionDispatch::Response instance for the current response.
+    attr_internal_reader :response
+
+    ##
+    # The ActionDispatch::Request::Session instance for the current request.
+    # See further details in the
+    # {Active Controller Session guide}[https://guides.rubyonrails.org/action_controller_overview.html#session].
     delegate :session, to: "@_request"
-    delegate :headers, :status=, :location=, :content_type=,
+
+    ##
+    # Delegates to ActionDispatch::Response#headers.
+    delegate :headers, to: "@_response"
+
+    delegate :status=, :location=, :content_type=,
              :status, :location, :content_type, :media_type, to: "@_response"
 
     def initialize
       @_request = nil
       @_response = nil
+      @_response_body = nil
       @_routes = nil
+      @_params = nil
       super
     end
 
@@ -166,17 +201,19 @@ module ActionController
 
     alias :response_code :status # :nodoc:
 
-    # Basic url_for that can be overridden for more robust functionality.
+    # Basic \url_for that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
 
     def response_body=(body)
-      body = [body] unless body.nil? || body.respond_to?(:each)
-      response.reset_body!
-      return unless body
-      response.body = body
-      super
+      if body
+        body = [body] if body.is_a?(String)
+        response.body = body
+        super
+      else
+        response.reset_body!
+      end
     end
 
     # Tests if render or redirect has already happened.
@@ -184,7 +221,7 @@ module ActionController
       response_body || response.committed?
     end
 
-    def dispatch(name, request, response) #:nodoc:
+    def dispatch(name, request, response) # :nodoc:
       set_request!(request)
       set_response!(response)
       process(name)
@@ -193,15 +230,28 @@ module ActionController
     end
 
     def set_response!(response) # :nodoc:
+      if @_response
+        _, _, body = @_response
+        body.close if body.respond_to?(:close)
+      end
+
       @_response = response
     end
 
-    def set_request!(request) #:nodoc:
+    # Assign the response and mark it as committed. No further processing will occur.
+    def response=(response)
+      set_response!(response)
+
+      # Force `performed?` to return true:
+      @_response_body = true
+    end
+
+    def set_request!(request) # :nodoc:
       @_request = request
       @_request.controller_instance = self
     end
 
-    def to_a #:nodoc:
+    def to_a # :nodoc:
       response.to_a
     end
 
@@ -211,21 +261,26 @@ module ActionController
 
     class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new
 
-    def self.inherited(base) # :nodoc:
-      base.middleware_stack = middleware_stack.dup
-      super
-    end
-
     class << self
       # Pushes the given Rack middleware and its arguments to the bottom of the
       # middleware stack.
-      def use(*args, &block)
-        middleware_stack.use(*args, &block)
+      def use(...)
+        middleware_stack.use(...)
       end
-      ruby2_keywords(:use) if respond_to?(:ruby2_keywords, true)
     end
 
-    # Alias for +middleware_stack+.
+    # The middleware stack used by this controller.
+    #
+    # By default uses a variation of ActionDispatch::MiddlewareStack which
+    # allows for the following syntax:
+    #
+    #   class PostsController < ApplicationController
+    #     use AuthenticationMiddleware, except: [:index, :show]
+    #   end
+    #
+    # Read more about {Rails middleware
+    # stack}[https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack]
+    # in the guides.
     def self.middleware
       middleware_stack
     end

data/lib/action_controller/railtie.rb

@@ -8,11 +8,19 @@ require "action_controller/railties/helpers"
 require "action_view/railtie"
 
 module ActionController
-  class Railtie < Rails::Railtie #:nodoc:
+  class Railtie < Rails::Railtie # :nodoc:
     config.action_controller = ActiveSupport::OrderedOptions.new
+    config.action_controller.raise_on_open_redirects = false
+    config.action_controller.log_query_tags_around_actions = true
+    config.action_controller.wrap_parameters_by_default = false
 
+    config.eager_load_namespaces << AbstractController
     config.eager_load_namespaces << ActionController
 
+    initializer "action_controller.deprecator", before: :load_environment_config do |app|
+      app.deprecators[:action_controller] = ActionController.deprecator
+    end
+
     initializer "action_controller.assets_config", group: :all do |app|
       app.config.action_controller.assets_dir ||= app.config.paths["public"].first
     end
@@ -25,13 +33,23 @@ module ActionController
       options = app.config.action_controller
 
       ActiveSupport.on_load(:action_controller, run_once: true) do
-        ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
+        ActionController::Parameters.permit_all_parameters = options.permit_all_parameters || false
         if app.config.action_controller[:always_permitted_parameters]
           ActionController::Parameters.always_permitted_parameters =
-            app.config.action_controller.delete(:always_permitted_parameters)
+            app.config.action_controller.always_permitted_parameters
         end
-        ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
-          (Rails.env.test? || Rails.env.development?) ? :log : false
+
+        action_on_unpermitted_parameters = options.action_on_unpermitted_parameters
+
+        if action_on_unpermitted_parameters.nil?
+          action_on_unpermitted_parameters = Rails.env.local? ? :log : false
+        end
+
+        ActionController::Parameters.action_on_unpermitted_parameters = action_on_unpermitted_parameters
+
+        unless options.allow_deprecated_parameters_hash_equality.nil?
+          ActionController::Parameters.allow_deprecated_parameters_hash_equality =
+            options.allow_deprecated_parameters_hash_equality
         end
       end
     end
@@ -55,7 +73,19 @@ module ActionController
         extend ::AbstractController::Railties::RoutesHelpers.with(app.routes)
         extend ::ActionController::Railties::Helpers
 
-        options.each do |k, v|
+        wrap_parameters format: [:json] if options.wrap_parameters_by_default && respond_to?(:wrap_parameters)
+
+        # Configs used in other initializers
+        filtered_options = options.except(
+          :log_query_tags_around_actions,
+          :permit_all_parameters,
+          :action_on_unpermitted_parameters,
+          :always_permitted_parameters,
+          :wrap_parameters_by_default,
+          :allow_deprecated_parameters_hash_equality
+        )
+
+        filtered_options.each do |k, v|
           k = "#{k}="
           if respond_to?(k)
             send(k, v)
@@ -80,9 +110,36 @@ module ActionController
       end
     end
 
-    initializer "action_controller.eager_load_actions" do
-      ActiveSupport.on_load(:after_initialize) do
-        ActionController::Metal.descendants.each(&:action_methods) if config.eager_load
+    initializer "action_controller.query_log_tags" do |app|
+      query_logs_tags_enabled = app.config.respond_to?(:active_record) &&
+        app.config.active_record.query_log_tags_enabled &&
+        app.config.action_controller.log_query_tags_around_actions
+
+      if query_logs_tags_enabled
+        app.config.active_record.query_log_tags |= [:controller] unless app.config.active_record.query_log_tags.include?(:namespaced_controller)
+        app.config.active_record.query_log_tags |= [:action]
+
+        ActiveSupport.on_load(:active_record) do
+          ActiveRecord::QueryLogs.taggings.merge!(
+            controller:            ->(context) { context[:controller]&.controller_name },
+            action:                ->(context) { context[:controller]&.action_name },
+            namespaced_controller: ->(context) {
+              if context[:controller]
+                controller_class = context[:controller].class
+                # based on ActionController::Metal#controller_name, but does not demodulize
+                unless controller_class.anonymous?
+                  controller_class.name.delete_suffix("Controller").underscore
+                end
+              end
+            }
+          )
+        end
+      end
+    end
+
+    initializer "action_controller.test_case" do |app|
+      ActiveSupport.on_load(:action_controller_test_case) do
+        ActionController::TestCase.executor_around_each_request = app.config.active_support.executor_around_test_case
       end
     end
   end

data/lib/action_controller/renderer.rb

@@ -1,97 +1,127 @@
 # frozen_string_literal: true
 
 module ActionController
-  # ActionController::Renderer allows you to render arbitrary templates
-  # without requirement of being in controller actions.
+  # = Action Controller \Renderer
   #
-  # You get a concrete renderer class by invoking ActionController::Base#renderer.
-  # For example:
+  # ActionController::Renderer allows you to render arbitrary templates without
+  # being inside a controller action.
   #
-  #   ApplicationController.renderer
-  #
-  # It allows you to call method #render directly.
-  #
-  #   ApplicationController.renderer.render template: '...'
-  #
-  # You can use this shortcut in a controller, instead of the previous example:
-  #
-  #   ApplicationController.render template: '...'
-  #
-  # #render allows you to use the same options that you can use when rendering in a controller.
-  # For example:
+  # You can get a renderer instance by calling +renderer+ on a controller class:
   #
-  #   FooController.render :action, locals: { ... }, assigns: { ... }
-  #
-  # The template will be rendered in a Rack environment which is accessible through
-  # ActionController::Renderer#env. You can set it up in two ways:
+  #   ApplicationController.renderer
+  #   PostsController.renderer
   #
-  # *  by changing renderer defaults, like
+  # and render a template by calling the #render method:
   #
-  #       ApplicationController.renderer.defaults # => hash with default Rack environment
+  #   ApplicationController.renderer.render template: "posts/show", assigns: { post: Post.first }
+  #   PostsController.renderer.render :show, assigns: { post: Post.first }
   #
-  # *  by initializing an instance of renderer by passing it a custom environment.
+  # As a shortcut, you can also call +render+ directly on the controller class itself:
   #
-  #       ApplicationController.renderer.new(method: 'post', https: true)
+  #   ApplicationController.render template: "posts/show", assigns: { post: Post.first }
+  #   PostsController.render :show, assigns: { post: Post.first }
   #
   class Renderer
-    attr_reader :defaults, :controller
+    attr_reader :controller
 
     DEFAULTS = {
-      http_host: "example.org",
-      https: false,
       method: "get",
-      script_name: "",
       input: ""
     }.freeze
 
-    # Create a new renderer instance for a specific controller class.
-    def self.for(controller, env = {}, defaults = DEFAULTS.dup)
+    def self.normalize_env(env) # :nodoc:
+      new_env = {}
+
+      env.each_pair do |key, value|
+        case key
+        when :https
+          value = value ? "on" : "off"
+        when :method
+          value = -value.upcase
+        end
+
+        key = RACK_KEY_TRANSLATION[key] || key.to_s
+
+        new_env[key] = value
+      end
+
+      if new_env["HTTP_HOST"]
+        new_env["HTTPS"] ||= "off"
+        new_env["SCRIPT_NAME"] ||= ""
+      end
+
+      if new_env["HTTPS"]
+        new_env["rack.url_scheme"] = new_env["HTTPS"] == "on" ? "https" : "http"
+      end
+
+      new_env
+    end
+
+    # Creates a new renderer using the given controller class. See ::new.
+    def self.for(controller, env = nil, defaults = DEFAULTS)
       new(controller, env, defaults)
     end
 
-    # Create a new renderer for the same controller but with a new env.
-    def new(env = {})
-      self.class.new controller, env, defaults
+    # Creates a new renderer using the same controller, but with a new Rack env.
+    #
+    #   ApplicationController.renderer.new(method: "post")
+    #
+    def new(env = nil)
+      self.class.new controller, env, @defaults
     end
 
-    # Create a new renderer for the same controller but with new defaults.
+    # Creates a new renderer using the same controller, but with the given
+    # defaults merged on top of the previous defaults.
     def with_defaults(defaults)
-      self.class.new controller, @env, self.defaults.merge(defaults)
+      self.class.new controller, @env, @defaults.merge(defaults)
     end
 
-    # Accepts a custom Rack environment to render templates in.
-    # It will be merged with the default Rack environment defined by
-    # +ActionController::Renderer::DEFAULTS+.
+    # Initializes a new Renderer.
+    #
+    # ==== Parameters
+    #
+    # * +controller+ - The controller class to instantiate for rendering.
+    # * +env+ - The Rack env to use for mocking a request when rendering.
+    #   Entries can be typical Rack env keys and values, or they can be any of
+    #   the following, which will be converted appropriately:
+    #   * +:http_host+ - The HTTP host for the incoming request. Converts to
+    #     Rack's +HTTP_HOST+.
+    #   * +:https+ - Boolean indicating whether the incoming request uses HTTPS.
+    #     Converts to Rack's +HTTPS+.
+    #   * +:method+ - The HTTP method for the incoming request, case-insensitive.
+    #     Converts to Rack's +REQUEST_METHOD+.
+    #   * +:script_name+ - The portion of the incoming request's URL path that
+    #     corresponds to the application. Converts to Rack's +SCRIPT_NAME+.
+    #   * +:input+ - The input stream. Converts to Rack's +rack.input+.
+    # * +defaults+ - Default values for the Rack env. Entries are specified in
+    #   the same format as +env+. +env+ will be merged on top of these values.
+    #   +defaults+ will be retained when calling #new on a renderer instance.
+    #
+    # If no +http_host+ is specified, the env HTTP host will be derived from the
+    # routes' +default_url_options+. In this case, the +https+ boolean and the
+    # +script_name+ will also be derived from +default_url_options+ if they were
+    # not specified. Additionally, the +https+ boolean will fall back to
+    # +Rails.application.config.force_ssl+ if +default_url_options+ does not
+    # specify a +protocol+.
     def initialize(controller, env, defaults)
       @controller = controller
       @defaults = defaults
-      @env = normalize_keys defaults, env
+      if env.blank? && @defaults == DEFAULTS
+        @env = DEFAULT_ENV
+      else
+        @env = normalize_env(@defaults)
+        @env.merge!(normalize_env(env)) unless env.blank?
+      end
     end
 
-    # Render templates with any options from ActionController::Base#render_to_string.
-    #
-    # The primary options are:
-    # * <tt>:partial</tt> - See <tt>ActionView::PartialRenderer</tt> for details.
-    # * <tt>:file</tt> - Renders an explicit template file. Add <tt>:locals</tt> to pass in, if so desired.
-    #   It shouldn’t be used directly with unsanitized user input due to lack of validation.
-    # * <tt>:inline</tt> - Renders an ERB template string.
-    # * <tt>:plain</tt> - Renders provided text and sets the content type as <tt>text/plain</tt>.
-    # * <tt>:html</tt> - Renders the provided HTML safe string, otherwise
-    #   performs HTML escape on the string first. Sets the content type as <tt>text/html</tt>.
-    # * <tt>:json</tt> - Renders the provided hash or object in JSON. You don't
-    #   need to call <tt>.to_json</tt> on the object you want to render.
-    # * <tt>:body</tt> - Renders provided text and sets content type of <tt>text/plain</tt>.
-    #
-    # If no <tt>options</tt> hash is passed or if <tt>:update</tt> is specified, then:
-    #
-    # If an object responding to +render_in+ is passed, +render_in+ is called on the object,
-    # passing in the current view context.
-    #
-    # Otherwise, a partial is rendered using the second parameter as the locals hash.
-    def render(*args)
-      raise "missing controller" unless controller
+    def defaults
+      @defaults = @defaults.dup if @defaults.frozen?
+      @defaults
+    end
 
-      request = ActionDispatch::Request.new @env
+    # Renders a template to a string, just like ActionController::Rendering#render_to_string.
+    def render(*args)
+      request = ActionDispatch::Request.new(env_for_request)
       request.routes = controller._routes
 
       instance = controller.new
@@ -102,19 +132,6 @@ module ActionController
     alias_method :render_to_string, :render # :nodoc:
 
     private
-      def normalize_keys(defaults, env)
-        new_env = {}
-        env.each_pair { |k, v| new_env[rack_key_for(k)] = rack_value_for(k, v) }
-
-        defaults.each_pair do |k, v|
-          key = rack_key_for(k)
-          new_env[key] = rack_value_for(k, v) unless new_env.key?(key)
-        end
-
-        new_env["rack.url_scheme"] = new_env["HTTPS"] == "on" ? "https" : "http"
-        new_env
-      end
-
       RACK_KEY_TRANSLATION = {
         http_host:   "HTTP_HOST",
         https:       "HTTPS",
@@ -123,18 +140,15 @@ module ActionController
         input:       "rack.input"
       }
 
-      def rack_key_for(key)
-        RACK_KEY_TRANSLATION[key] || key.to_s
-      end
+      DEFAULT_ENV = normalize_env(DEFAULTS).freeze # :nodoc:
 
-      def rack_value_for(key, value)
-        case key
-        when :https
-          value ? "on" : "off"
-        when :method
-          -value.upcase
+      delegate :normalize_env, to: :class
+
+      def env_for_request
+        if @env.key?("HTTP_HOST") || controller._routes.nil?
+          @env.dup
         else
-          value
+          controller._routes.default_env.merge(@env)
         end
       end
   end