actionpack 6.1.7.5 → 7.1.3.1

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb

@@ -1,11 +1,11 @@
-<header>
+<header role="banner">
   <h1>Template is missing</h1>
 </header>
 
-<div id="container">
-  <h2><%= h @exception.message %></h2>
+<main role="main" id="container">
+  <h2><%= h @exception_wrapper.message %></h2>
 
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
-</div>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb

@@ -1,13 +1,13 @@
-<header>
+<header role="banner">
   <h1>Routing Error</h1>
 </header>
-<div id="container">
-  <h2><%= h @exception.message %></h2>
-  <% unless @exception.failures.empty? %>
+<main role="main" id="container">
+  <h2><%= h @exception_wrapper.message %></h2>
+  <% unless @exception_wrapper.failures.empty? %>
     <p>
       <h2>Failure reasons:</h2>
       <ol>
-      <% @exception.failures.each do |route, reason| %>
+      <% @exception_wrapper.failures.each do |route, reason| %>
         <li><code><%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %></li>
       <% end %>
       </ol>
@@ -29,4 +29,4 @@
   <% end %>
 
   <%= render template: "rescues/_request_and_response" %>
-</div>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -1,20 +1,20 @@
-<header>
+<header role="banner">
   <h1>
-    <%= @exception.cause.class.to_s %> in
+    <%= @exception_wrapper.exception_name %> in
     <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
   </h1>
 </header>
 
-<div id="container">
+<main role="main" id="container">
   <p>
-    Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
+    Showing <i><%= @exception_wrapper.file_name %></i> where line <b>#<%= @exception_wrapper.line_number %></b> raised:
   </p>
-  <pre><code><%= h @exception.message %></code></pre>
+  <pre><code><%= h @exception_wrapper.message %></code></pre>
 
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
 
-  <p><%= @exception.sub_template_message %></p>
+  <p><%= @exception_wrapper.sub_template_message %></p>
 
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>
-</div>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb

@@ -1,6 +1,6 @@
-<header>
+<header role="banner">
   <h1>Unknown action</h1>
 </header>
-<div id="container">
-  <%= render "rescues/message_and_suggestions", exception: @exception %>
-</div>
+<main role="main" id="container">
+  <%= render "rescues/message_and_suggestions", exception: @exception, exception_wrapper: @exception_wrapper %>
+</main>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb

@@ -1,3 +1,3 @@
 Unknown action
 
-<%= @exception.message %>
+<%= @exception_wrapper.message %>

data/lib/action_dispatch/middleware/templates/routes/_route.html.erb

@@ -13,4 +13,7 @@
   <td>
     <%=simple_format route[:reqs] %>
   </td>
+  <td>
+    <%=simple_format route[:source_location] %>
+  </td>
 </tr>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -1,24 +1,45 @@
 <% content_for :style do %>
+  h2, p {
+    padding-left: 30px;
+  }
+
   #route_table {
     margin: 0;
     border-collapse: collapse;
+    word-wrap:break-word;
+    table-layout: fixed;
+    width:100%;
   }
 
   #route_table thead tr {
     border-bottom: 2px solid #ddd;
   }
 
+  #route_table th {
+    padding-left: 30px;
+    text-align: left;
+  }
+
   #route_table thead tr.bottom {
     border-bottom: none;
   }
 
   #route_table thead tr.bottom th {
-    padding: 10px 0;
+    padding: 10px 30px;
     line-height: 15px;
   }
 
-  #route_table thead tr.bottom th input#search {
+  #route_table #search_container {
+    padding: 7px 30px;
+  }
+
+  #route_table thead tr th input#search {
     -webkit-appearance: textfield;
+    width:100%;
+  }
+
+  #route_table thead th.http-verb {
+    width: 10%;
   }
 
   #route_table tbody tr {
@@ -45,54 +66,34 @@
     padding: 4px 30px;
   }
 
-  #path_search {
-    width: 80%;
-    font-size: inherit;
-  }
-
   @media (prefers-color-scheme: dark) {
-    body {
-      background-color: #222;
-      color: #ECECEC;
-    }
-
     #route_table tbody tr:nth-child(odd) {
-      background: #333;
-    }
-
-    #route_table tbody tr:nth-child(even) {
-      background: #444;
+      background: #282828;
     }
 
-    #route_table tbody.exact_matches,
-    #route_table tbody.fuzzy_matches {
-      color: #333;
+    #route_table tbody.exact_matches tr,
+    #route_table tbody.fuzzy_matches tr {
+      background: DarkSlateGrey;
     }
   }
 <% end %>
 
-<table id='route_table' class='route_table'>
+<table id='route_table'>
   <thead>
     <tr>
-      <th>Helper</th>
-      <th>HTTP Verb</th>
-      <th>Path</th>
-      <th>Controller#Action</th>
-    </tr>
-    <tr class='bottom'>
-      <th><%# Helper %>
-        <%= link_to "Path", "#", 'data-route-helper' => '_path',
+      <th>Helper
+        (<%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute URL (with the http and domain)"   %>
-      </th>
-      <th><%# HTTP Verb %>
-      </th>
-      <th><%# Path %>
-        <%= search_field(:path, nil, id: 'search', placeholder: "Path Match") %>
-      </th>
-      <th><%# Controller#action %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>)
       </th>
+      <th class="http-verb">HTTP Verb</th>
+      <th>Path</th>
+      <th>Controller#Action</th>
+      <th>Source Location</th>
+    </tr>
+    <tr>
+      <th colspan="5" id="search_container"><%= search_field(:query, nil, id: 'search', placeholder: "Search") %></th>
     </tr>
   </thead>
   <tbody class='exact_matches' id='exact_matches'>
@@ -104,16 +105,16 @@
   </tbody>
 </table>
 
-<script type='text/javascript'>
+<script>
   // support forEach iterator on NodeList
   NodeList.prototype.forEach = Array.prototype.forEach;
 
-  // Enables path search functionality
-  function setupMatchPaths() {
+  // Enables query search functionality
+  function setupMatchingRoutes() {
     // Check if there are any matched results in a section
-    function checkNoMatch(section, noMatchText) {
+    function checkNoMatch(section, trElement) {
       if (section.children.length <= 1) {
-        section.innerHTML += noMatchText;
+        section.appendChild(trElement);
       }
     }
 
@@ -137,8 +138,8 @@
     }
 
     // remove params or fragments
-    function sanitizePath(path) {
-      return path.replace(/[#?].*/, '');
+    function sanitizeQuery(query) {
+      return query.replace(/[#?].*/, '');
     }
 
     var pathElements = document.querySelectorAll('#route_table [data-route-path]'),
@@ -154,26 +155,34 @@
       }
     }
 
+    function buildTr(string) {
+      var tr = document.createElement('tr');
+      var th = document.createElement('th');
+      th.setAttribute('colspan', 4);
+      tr.appendChild(th);
+      th.innerText = string;
+      return tr;
+    }
+
     // On key press perform a search for matching paths
     delayedKeyup(searchElem, function() {
-      var path = sanitizePath(searchElem.value),
-          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + path +'):</th></tr>',
-          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + path +'):</th></tr>',
-          noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
-          noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
+      var query = sanitizeQuery(searchElem.value),
+          defaultExactMatch = buildTr("Routes matching '" + query + "':"),
+          defaultFuzzyMatch = buildTr("Routes containing '" + query + "':"),
+          noExactMatch      = buildTr('No exact matches found'),
+          noFuzzyMatch      = buildTr('No fuzzy matches found');
 
-      if (!path)
+      if (!query)
         return searchElem.onblur();
 
-      getJSON('/rails/info/routes?path=' + path, function(matches){
+      getJSON('/rails/info/routes?query=' + query, function(matches){
         // Clear out results section
-        exactSection.innerHTML = defaultExactMatch;
-        fuzzySection.innerHTML = defaultFuzzyMatch;
+        exactSection.replaceChildren(defaultExactMatch);
+        fuzzySection.replaceChildren(defaultFuzzyMatch);
 
         // Display exact matches and fuzzy matches
         pathElements.forEach(function(elem) {
           var elemPath = elem.getAttribute('data-route-path');
-
           if (matches['exact'].indexOf(elemPath) != -1)
             exactSection.appendChild(elem.parentNode.cloneNode(true));
 
@@ -215,7 +224,7 @@
     });
   }
 
-  setupMatchPaths();
+  setupMatchingRoutes();
   setupRouteToggleHelperLinks();
 
   // Focus the search input after page has loaded

data/lib/action_dispatch/railtie.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "action_dispatch"
+require "action_dispatch/log_subscriber"
 require "active_support/messages/rotation_configuration"
 
 module ActionDispatch
@@ -8,7 +9,7 @@ module ActionDispatch
     config.action_dispatch = ActiveSupport::OrderedOptions.new
     config.action_dispatch.x_sendfile_header = nil
     config.action_dispatch.ip_spoofing_check = true
-    config.action_dispatch.show_exceptions = true
+    config.action_dispatch.show_exceptions = :all
     config.action_dispatch.tld_length = 1
     config.action_dispatch.ignore_accept_header = false
     config.action_dispatch.rescue_templates = {}
@@ -23,7 +24,9 @@ module ActionDispatch
     config.action_dispatch.use_authenticated_cookie_encryption = false
     config.action_dispatch.use_cookies_with_metadata = false
     config.action_dispatch.perform_deep_munge = true
-    config.action_dispatch.request_id_header = "X-Request-Id"
+    config.action_dispatch.request_id_header = ActionDispatch::Constants::X_REQUEST_ID
+    config.action_dispatch.log_rescued_responses = true
+    config.action_dispatch.debug_exception_log_level = :fatal
 
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
@@ -38,11 +41,21 @@ module ActionDispatch
 
     config.eager_load_namespaces << ActionDispatch
 
+    initializer "action_dispatch.deprecator", before: :load_environment_config do |app|
+      app.deprecators[:action_dispatch] = ActionDispatch.deprecator
+    end
+
     initializer "action_dispatch.configure" do |app|
       ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
-      ActionDispatch::Request.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
-      ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
+
+      ActiveSupport.on_load(:action_dispatch_request) do
+        self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
+        unless app.config.action_dispatch.respond_to?(:return_only_request_media_type_on_content_type)
+          self.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_request_media_type_on_content_type
+        end
+        ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
+      end
 
       ActiveSupport.on_load(:action_dispatch_response) do
         self.default_charset = app.config.action_dispatch.default_charset || app.config.encoding
@@ -55,6 +68,9 @@ module ActionDispatch
       config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
 
+      ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
+      ActionDispatch::Routing::Mapper.backtrace_cleaner = Rails.backtrace_cleaner
+
       ActionDispatch.test_app = app
     end
   end

data/lib/action_dispatch/request/session.rb

@@ -6,6 +6,7 @@ module ActionDispatch
   class Request
     # Session is responsible for lazily loading the session from store.
     class Session # :nodoc:
+      DisabledSessionError    = Class.new(StandardError)
       ENV_SESSION_KEY         = Rack::RACK_SESSION # :nodoc:
       ENV_SESSION_OPTIONS_KEY = Rack::RACK_SESSION_OPTIONS # :nodoc:
 
@@ -23,6 +24,12 @@ module ActionDispatch
         session
       end
 
+      def self.disabled(req)
+        new(nil, req, enabled: false).tap do
+          Session::Options.set(req, Session::Options.new(nil, { id: nil }))
+        end
+      end
+
       def self.find(req)
         req.get_header ENV_SESSION_KEY
       end
@@ -31,7 +38,11 @@ module ActionDispatch
         req.set_header ENV_SESSION_KEY, session
       end
 
-      class Options #:nodoc:
+      def self.delete(req)
+        req.delete_header ENV_SESSION_KEY
+      end
+
+      class Options # :nodoc:
         def self.set(req, options)
           req.set_header ENV_SESSION_OPTIONS_KEY, options
         end
@@ -60,30 +71,40 @@ module ActionDispatch
         def values_at(*args); @delegate.values_at(*args); end
       end
 
-      def initialize(by, req)
+      def initialize(by, req, enabled: true)
         @by       = by
         @req      = req
         @delegate = {}
         @loaded   = false
         @exists   = nil # We haven't checked yet.
+        @enabled  = enabled
+        @id_was = nil
+        @id_was_initialized = false
       end
 
       def id
         options.id(@req)
       end
 
+      def enabled?
+        @enabled
+      end
+
       def options
         Options.find @req
       end
 
       def destroy
         clear
-        options = self.options || {}
-        @by.send(:delete_session, @req, options.id(@req), options)
 
-        # Load the new sid to be written with the response.
-        @loaded = false
-        load_for_write!
+        if enabled?
+          options = self.options || {}
+          @by.send(:delete_session, @req, options.id(@req), options)
+
+          # Load the new sid to be written with the response.
+          @loaded = false
+          load_for_write!
+        end
       end
 
       # Returns value of the key stored in the session or
@@ -135,7 +156,7 @@ module ActionDispatch
 
       # Clears the session.
       def clear
-        load_for_write!
+        load_for_delete!
         @delegate.clear
       end
 
@@ -157,13 +178,18 @@ module ActionDispatch
       #   session.to_hash
       #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
       def update(hash)
+        unless hash.respond_to?(:to_hash)
+          raise TypeError, "no implicit conversion of #{hash.class.name} into Hash"
+        end
+
         load_for_write!
-        @delegate.update hash.stringify_keys
+        @delegate.update hash.to_hash.stringify_keys
       end
+      alias :merge! :update
 
       # Deletes given key from the session.
       def delete(key)
-        load_for_write!
+        load_for_delete!
         @delegate.delete key.to_s
       end
 
@@ -199,6 +225,7 @@ module ActionDispatch
       end
 
       def exists?
+        return false unless enabled?
         return @exists unless @exists.nil?
         @exists = @by.send(:session_exists?, @req)
       end
@@ -212,28 +239,41 @@ module ActionDispatch
         @delegate.empty?
       end
 
-      def merge!(other)
-        load_for_write!
-        @delegate.merge!(other)
-      end
-
       def each(&block)
         to_hash.each(&block)
       end
 
+      def id_was
+        load_for_read!
+        @id_was
+      end
+
       private
         def load_for_read!
           load! if !loaded? && exists?
         end
 
         def load_for_write!
-          load! unless loaded?
+          if enabled?
+            load! unless loaded?
+          else
+            raise DisabledSessionError, "Your application has sessions disabled. To write to the session you must first configure a session store"
+          end
+        end
+
+        def load_for_delete!
+          load! if enabled? && !loaded?
         end
 
         def load!
-          id, session = @by.load_session @req
-          options[:id] = id
-          @delegate.replace(session.stringify_keys)
+          if enabled?
+            @id_was_initialized = true unless exists?
+            id, session = @by.load_session @req
+            options[:id] = id
+            @delegate.replace(session.stringify_keys)
+            @id_was = id unless @id_was_initialized
+          end
+          @id_was_initialized = true
           @loaded = true
         end
     end

data/lib/action_dispatch/request/utils.rb

@@ -55,9 +55,11 @@ module ActionDispatch
             if params.has_key?(:tempfile)
               ActionDispatch::Http::UploadedFile.new(params)
             else
-              params.transform_values do |val|
-                normalize_encode_params(val)
-              end.with_indifferent_access
+              hwia = ActiveSupport::HashWithIndifferentAccess.new
+              params.each_pair do |key, val|
+                hwia[key] = normalize_encode_params(val)
+              end
+              hwia
             end
           else
             params
@@ -83,6 +85,9 @@ module ActionDispatch
           return params unless controller && controller.valid_encoding? && encoding_template = action_encoding_template(request, controller, action)
           params.except(:controller, :action).each do |key, value|
             ActionDispatch::Request::Utils.each_param_value(value) do |param|
+              # If `param` is frozen, it comes from the router defaults
+              next if param.frozen?
+
               if encoding_template[key.to_s]
                 param.force_encoding(encoding_template[key.to_s])
               end

data/lib/action_dispatch/routing/inspector.rb

@@ -5,9 +5,22 @@ require "io/console/size"
 
 module ActionDispatch
   module Routing
-    class RouteWrapper < SimpleDelegator
+    class RouteWrapper < SimpleDelegator # :nodoc:
+      def matches_filter?(filter, value)
+        return __getobj__.path.match(value) if filter == :exact_path_match
+
+        value.match?(public_send(filter))
+      end
+
       def endpoint
-        app.dispatcher? ? "#{controller}##{action}" : rack_app.inspect
+        case
+        when app.dispatcher?
+          "#{controller}##{action}"
+        when rack_app.is_a?(Proc)
+          "Inline handler (Proc/Lambda)"
+        else
+          rack_app.inspect
+        end
       end
 
       def constraints
@@ -85,8 +98,18 @@ module ActionDispatch
           if filter[:controller]
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
           elsif filter[:grep]
-            { controller: /#{filter[:grep]}/, action: /#{filter[:grep]}/,
-              verb: /#{filter[:grep]}/, name: /#{filter[:grep]}/, path: /#{filter[:grep]}/ }
+            grep_pattern = Regexp.new(filter[:grep])
+            path = URI::DEFAULT_PARSER.escape(filter[:grep])
+            normalized_path = ("/" + path).squeeze("/")
+
+            {
+              controller: grep_pattern,
+              action: grep_pattern,
+              verb: grep_pattern,
+              name: grep_pattern,
+              path: grep_pattern,
+              exact_path_match: normalized_path,
+            }
           end
         end
 
@@ -94,7 +117,7 @@ module ActionDispatch
           if filter
             @routes.select do |route|
               route_wrapper = RouteWrapper.new(route)
-              filter.any? { |default, value| value.match?(route_wrapper.send(default)) }
+              filter.any? { |filter_type, value| route_wrapper.matches_filter?(filter_type, value) }
             end
           else
             @routes
@@ -110,7 +133,8 @@ module ActionDispatch
             { name: route.name,
               verb: route.verb,
               path: route.path,
-              reqs: route.reqs }
+              reqs: route.reqs,
+              source_location: route.source_location }
           end
         end
 
@@ -216,13 +240,16 @@ module ActionDispatch
         private
           def draw_expanded_section(routes)
             routes.map.each_with_index do |r, i|
-              <<~MESSAGE.chomp
+              route_rows = <<~MESSAGE.chomp
                 #{route_header(index: i + 1)}
                 Prefix            | #{r[:name]}
                 Verb              | #{r[:verb]}
                 URI               | #{r[:path]}
                 Controller#Action | #{r[:reqs]}
               MESSAGE
+              source_location = "\nSource Location   | #{r[:source_location]}"
+              route_rows += source_location if r[:source_location].present?
+              route_rows
             end
           end
 
@@ -230,6 +257,27 @@ module ActionDispatch
             "--[ Route #{index} ]".ljust(@width, "-")
           end
       end
+
+      class Unused < Sheet
+        def header(routes)
+          @buffer << <<~MSG
+            Found #{routes.count} unused #{"route".pluralize(routes.count)}:
+          MSG
+
+          super
+        end
+
+        def no_routes(routes, filter)
+          @buffer <<
+            if filter.none?
+              "No unused routes found."
+            elsif filter.key?(:controller)
+              "No unused routes found for this controller."
+            elsif filter.key?(:grep)
+              "No unused routes found for this grep pattern."
+            end
+        end
+      end
     end
 
     class HtmlTableFormatter