actionpack 7.0.4 → 7.1.5.1

data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb

@@ -1,9 +1,9 @@
-<%= @exception.class.to_s %><%
+<%= @exception_wrapper.exception_class_name %><%
   if params_valid? && @request.parameters['controller']
 %> in <%= @request.parameters['controller'].camelize %>Controller<% if @request.parameters['action'] %>#<%= @request.parameters['action'] %><% end %>
 <% end %>
 
-<%= @exception.message %>
+<%= @exception_wrapper.message %>
 <%= render template: "rescues/_source" %>
 <%= render template: "rescues/_trace" %>
 <%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/layout.erb

@@ -3,6 +3,7 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1">
+  <meta name="turbo-visit-control" content="reload">
   <title>Action Controller: Exception caught</title>
   <style>
     body {
@@ -148,6 +149,18 @@
       background-color: #FCC;
     }
 
+    .error_highlight {
+      display: inline-block;
+      background-color: #FF9;
+      text-decoration: #F00 wavy underline;
+    }
+
+    .error_highlight_tip {
+      color: #666;
+      padding: 2px 2px;
+      font-size: 10px;
+    }
+
     .button_to {
       display: inline-block;
       margin-top: 0.75em;
@@ -225,6 +238,10 @@
         background-color: #900;
       }
 
+      .error_highlight {
+        color: #333;
+      }
+
       input[type="submit"] {
         box-shadow: 0 3px #800;
       }

data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb

@@ -1,19 +1,23 @@
 <header role="banner">
-  <h1>No template for interactive request</h1>
+  <h1>No view template for interactive request</h1>
 </header>
 
 <main id="container">
   <h2><%= h @exception.message %></h2>
 
-  <p class="summary">
-    <strong>NOTE!</strong><br>
-    Unless told otherwise, Rails expects an action to render a template with the same name,<br>
-    contained in a folder named after its controller.
-
-    If this controller is an API responding with 204 (No Content), <br>
-    which does not require a template,
-    then this error will occur when trying to access it via browser,<br>
-    since we expect an HTML template
-    to be rendered for such requests. If that's the case, carry on.
-  </p>
+  <div class="summary">
+    <p>
+      <strong>NOTE:</strong> Rails usually expects a controller action to render a view template with the same name.
+    </p>
+    <p>
+      For example, a <code><%= @exception.controller %>#<%= @exception.action_name %></code> action defined in <code>app/controllers/<%= @exception.controller.controller_path %>_controller.rb</code> should have a corresponding view template
+      in a file named <code>app/views/<%= @exception.controller.controller_path %>/<%= @exception.action_name %>.html.erb</code>.
+    </p>
+    <p>
+      However, if this controller is an API endpoint responding with 204 (No Content), which does not require a view template because it doesn't serve an HTML response, then this error will occur when trying to access it with a browser. In this particular scenario, you can ignore this error.
+    </p>
+    <p>
+      You can find more about view template rendering conventions in the <a href="https://guides.rubyonrails.org/layouts_and_rendering.html#rendering-by-default-convention-over-configuration-in-action">Rails Guides on Layouts and Rendering in Rails</a>.
+    </p>
+  </div>
 </main>

data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb

@@ -3,7 +3,7 @@
 </header>
 
 <main role="main" id="container">
-  <h2><%= h @exception.message %></h2>
+  <h2><%= h @exception_wrapper.message %></h2>
 
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>

data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb

@@ -2,12 +2,12 @@
   <h1>Routing Error</h1>
 </header>
 <main role="main" id="container">
-  <h2><%= h @exception.message %></h2>
-  <% unless @exception.failures.empty? %>
+  <h2><%= h @exception_wrapper.message %></h2>
+  <% unless @exception_wrapper.failures.empty? %>
     <p>
       <h2>Failure reasons:</h2>
       <ol>
-      <% @exception.failures.each do |route, reason| %>
+      <% @exception_wrapper.failures.each do |route, reason| %>
         <li><code><%= route.inspect.delete('\\') %></code> failed because <%= reason.downcase %></li>
       <% end %>
       </ol>

data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb

@@ -1,19 +1,19 @@
 <header role="banner">
   <h1>
-    <%= @exception.cause.class.to_s %> in
+    <%= @exception_wrapper.exception_name %> in
     <%= @request.parameters["controller"].camelize if @request.parameters["controller"] %>#<%= @request.parameters["action"] %>
   </h1>
 </header>
 
 <main role="main" id="container">
   <p>
-    Showing <i><%= @exception.file_name %></i> where line <b>#<%= @exception.line_number %></b> raised:
+    Showing <i><%= @exception_wrapper.file_name %></i> where line <b>#<%= @exception_wrapper.line_number %></b> raised:
   </p>
-  <pre><code><%= h @exception.message %></code></pre>
+  <pre><code><%= h @exception_wrapper.message %></code></pre>
 
   <%= render "rescues/source", source_extracts: @source_extracts, show_source_idx: @show_source_idx %>
 
-  <p><%= @exception.sub_template_message %></p>
+  <p><%= @exception_wrapper.sub_template_message %></p>
 
   <%= render "rescues/trace", traces: @traces, trace_to_show: @trace_to_show %>
   <%= render template: "rescues/_request_and_response" %>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb

@@ -2,5 +2,5 @@
   <h1>Unknown action</h1>
 </header>
 <main role="main" id="container">
-  <%= render "rescues/message_and_suggestions", exception: @exception %>
+  <%= render "rescues/message_and_suggestions", exception: @exception, exception_wrapper: @exception_wrapper %>
 </main>

data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb

@@ -1,3 +1,3 @@
 Unknown action
 
-<%= @exception.message %>
+<%= @exception_wrapper.message %>

data/lib/action_dispatch/middleware/templates/routes/_route.html.erb

@@ -13,4 +13,7 @@
   <td>
     <%=simple_format route[:reqs] %>
   </td>
+  <td>
+    <%=simple_format route[:source_location] %>
+  </td>
 </tr>

data/lib/action_dispatch/middleware/templates/routes/_table.html.erb

@@ -1,24 +1,45 @@
 <% content_for :style do %>
+  h2, p {
+    padding-left: 30px;
+  }
+
   #route_table {
     margin: 0;
     border-collapse: collapse;
+    word-wrap:break-word;
+    table-layout: fixed;
+    width:100%;
   }
 
   #route_table thead tr {
     border-bottom: 2px solid #ddd;
   }
 
+  #route_table th {
+    padding-left: 30px;
+    text-align: left;
+  }
+
   #route_table thead tr.bottom {
     border-bottom: none;
   }
 
   #route_table thead tr.bottom th {
-    padding: 10px 0;
+    padding: 10px 30px;
     line-height: 15px;
   }
 
-  #route_table thead tr.bottom th input#search {
+  #route_table #search_container {
+    padding: 7px 30px;
+  }
+
+  #route_table thead tr th input#search {
     -webkit-appearance: textfield;
+    width:100%;
+  }
+
+  #route_table thead th.http-verb {
+    width: 10%;
   }
 
   #route_table tbody tr {
@@ -45,11 +66,6 @@
     padding: 4px 30px;
   }
 
-  #path_search {
-    width: 80%;
-    font-size: inherit;
-  }
-
   @media (prefers-color-scheme: dark) {
     #route_table tbody tr:nth-child(odd) {
       background: #282828;
@@ -62,28 +78,22 @@
   }
 <% end %>
 
-<table id='route_table' class='route_table'>
+<table id='route_table'>
   <thead>
     <tr>
-      <th>Helper</th>
-      <th>HTTP Verb</th>
-      <th>Path</th>
-      <th>Controller#Action</th>
-    </tr>
-    <tr class='bottom'>
-      <th><%# Helper %>
-        <%= link_to "Path", "#", 'data-route-helper' => '_path',
+      <th>Helper
+        (<%= link_to "Path", "#", 'data-route-helper' => '_path',
                     title: "Returns a relative path (without the http or domain)" %> /
         <%= link_to "Url", "#", 'data-route-helper' => '_url',
-                    title: "Returns an absolute URL (with the http and domain)"   %>
-      </th>
-      <th><%# HTTP Verb %>
-      </th>
-      <th><%# Path %>
-        <%= search_field(:path, nil, id: 'search', placeholder: "Path Match") %>
-      </th>
-      <th><%# Controller#action %>
+                    title: "Returns an absolute URL (with the http and domain)"   %>)
       </th>
+      <th class="http-verb">HTTP Verb</th>
+      <th>Path</th>
+      <th>Controller#Action</th>
+      <th>Source Location</th>
+    </tr>
+    <tr>
+      <th colspan="5" id="search_container"><%= search_field(:query, nil, id: 'search', placeholder: "Search") %></th>
     </tr>
   </thead>
   <tbody class='exact_matches' id='exact_matches'>
@@ -99,12 +109,12 @@
   // support forEach iterator on NodeList
   NodeList.prototype.forEach = Array.prototype.forEach;
 
-  // Enables path search functionality
-  function setupMatchPaths() {
+  // Enables query search functionality
+  function setupMatchingRoutes() {
     // Check if there are any matched results in a section
-    function checkNoMatch(section, noMatchText) {
+    function checkNoMatch(section, trElement) {
       if (section.children.length <= 1) {
-        section.innerHTML += noMatchText;
+        section.appendChild(trElement);
       }
     }
 
@@ -128,8 +138,8 @@
     }
 
     // remove params or fragments
-    function sanitizePath(path) {
-      return path.replace(/[#?].*/, '');
+    function sanitizeQuery(query) {
+      return query.replace(/[#?].*/, '');
     }
 
     var pathElements = document.querySelectorAll('#route_table [data-route-path]'),
@@ -145,26 +155,34 @@
       }
     }
 
+    function buildTr(string) {
+      var tr = document.createElement('tr');
+      var th = document.createElement('th');
+      th.setAttribute('colspan', 4);
+      tr.appendChild(th);
+      th.innerText = string;
+      return tr;
+    }
+
     // On key press perform a search for matching paths
     delayedKeyup(searchElem, function() {
-      var path = sanitizePath(searchElem.value),
-          defaultExactMatch = '<tr><th colspan="4">Paths Matching (' + path +'):</th></tr>',
-          defaultFuzzyMatch = '<tr><th colspan="4">Paths Containing (' + path +'):</th></tr>',
-          noExactMatch      = '<tr><th colspan="4">No Exact Matches Found</th></tr>',
-          noFuzzyMatch      = '<tr><th colspan="4">No Fuzzy Matches Found</th></tr>';
+      var query = sanitizeQuery(searchElem.value),
+          defaultExactMatch = buildTr("Routes matching '" + query + "':"),
+          defaultFuzzyMatch = buildTr("Routes containing '" + query + "':"),
+          noExactMatch      = buildTr('No exact matches found'),
+          noFuzzyMatch      = buildTr('No fuzzy matches found');
 
-      if (!path)
+      if (!query)
         return searchElem.onblur();
 
-      getJSON('/rails/info/routes?path=' + path, function(matches){
+      getJSON('/rails/info/routes?query=' + query, function(matches){
         // Clear out results section
-        exactSection.innerHTML = defaultExactMatch;
-        fuzzySection.innerHTML = defaultFuzzyMatch;
+        exactSection.replaceChildren(defaultExactMatch);
+        fuzzySection.replaceChildren(defaultFuzzyMatch);
 
         // Display exact matches and fuzzy matches
         pathElements.forEach(function(elem) {
           var elemPath = elem.getAttribute('data-route-path');
-
           if (matches['exact'].indexOf(elemPath) != -1)
             exactSection.appendChild(elem.parentNode.cloneNode(true));
 
@@ -206,7 +224,7 @@
     });
   }
 
-  setupMatchPaths();
+  setupMatchingRoutes();
   setupRouteToggleHelperLinks();
 
   // Focus the search input after page has loaded

data/lib/action_dispatch/railtie.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "action_dispatch"
+require "action_dispatch/log_subscriber"
 require "active_support/messages/rotation_configuration"
 
 module ActionDispatch
@@ -8,7 +9,7 @@ module ActionDispatch
     config.action_dispatch = ActiveSupport::OrderedOptions.new
     config.action_dispatch.x_sendfile_header = nil
     config.action_dispatch.ip_spoofing_check = true
-    config.action_dispatch.show_exceptions = true
+    config.action_dispatch.show_exceptions = :all
     config.action_dispatch.tld_length = 1
     config.action_dispatch.ignore_accept_header = false
     config.action_dispatch.rescue_templates = {}
@@ -23,9 +24,9 @@ module ActionDispatch
     config.action_dispatch.use_authenticated_cookie_encryption = false
     config.action_dispatch.use_cookies_with_metadata = false
     config.action_dispatch.perform_deep_munge = true
-    config.action_dispatch.request_id_header = "X-Request-Id"
-    config.action_dispatch.return_only_request_media_type_on_content_type = true
+    config.action_dispatch.request_id_header = ActionDispatch::Constants::X_REQUEST_ID
     config.action_dispatch.log_rescued_responses = true
+    config.action_dispatch.debug_exception_log_level = :fatal
 
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
@@ -40,13 +41,19 @@ module ActionDispatch
 
     config.eager_load_namespaces << ActionDispatch
 
+    initializer "action_dispatch.deprecator", before: :load_environment_config do |app|
+      app.deprecators[:action_dispatch] = ActionDispatch.deprecator
+    end
+
     initializer "action_dispatch.configure" do |app|
       ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
 
       ActiveSupport.on_load(:action_dispatch_request) do
         self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
-        self.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_request_media_type_on_content_type
+        unless app.config.action_dispatch.respond_to?(:return_only_request_media_type_on_content_type)
+          self.return_only_media_type_on_content_type = app.config.action_dispatch.return_only_request_media_type_on_content_type
+        end
         ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
       end
 
@@ -61,6 +68,8 @@ module ActionDispatch
       config.action_dispatch.always_write_cookie = Rails.env.development? if config.action_dispatch.always_write_cookie.nil?
       ActionDispatch::Cookies::CookieJar.always_write_cookie = config.action_dispatch.always_write_cookie
 
+      ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
+
       ActionDispatch.test_app = app
     end
   end

data/lib/action_dispatch/request/session.rb

@@ -78,6 +78,8 @@ module ActionDispatch
         @loaded   = false
         @exists   = nil # We haven't checked yet.
         @enabled  = enabled
+        @id_was = nil
+        @id_was_initialized = false
       end
 
       def id
@@ -176,9 +178,14 @@ module ActionDispatch
       #   session.to_hash
       #   # => {"session_id"=>"e29b9ea315edf98aad94cc78c34cc9b2", "foo" => "bar"}
       def update(hash)
+        unless hash.respond_to?(:to_hash)
+          raise TypeError, "no implicit conversion of #{hash.class.name} into Hash"
+        end
+
         load_for_write!
-        @delegate.update hash.stringify_keys
+        @delegate.update hash.to_hash.stringify_keys
       end
+      alias :merge! :update
 
       # Deletes given key from the session.
       def delete(key)
@@ -232,15 +239,15 @@ module ActionDispatch
         @delegate.empty?
       end
 
-      def merge!(other)
-        load_for_write!
-        @delegate.merge!(other)
-      end
-
       def each(&block)
         to_hash.each(&block)
       end
 
+      def id_was
+        load_for_read!
+        @id_was
+      end
+
       private
         def load_for_read!
           load! if !loaded? && exists?
@@ -260,10 +267,13 @@ module ActionDispatch
 
         def load!
           if enabled?
+            @id_was_initialized = true unless exists?
             id, session = @by.load_session @req
             options[:id] = id
             @delegate.replace(session.stringify_keys)
+            @id_was = id unless @id_was_initialized
           end
+          @id_was_initialized = true
           @loaded = true
         end
     end

data/lib/action_dispatch/request/utils.rb

@@ -55,9 +55,11 @@ module ActionDispatch
             if params.has_key?(:tempfile)
               ActionDispatch::Http::UploadedFile.new(params)
             else
-              params.transform_values do |val|
-                normalize_encode_params(val)
-              end.with_indifferent_access
+              hwia = ActiveSupport::HashWithIndifferentAccess.new
+              params.each_pair do |key, val|
+                hwia[key] = normalize_encode_params(val)
+              end
+              hwia
             end
           else
             params
@@ -83,6 +85,9 @@ module ActionDispatch
           return params unless controller && controller.valid_encoding? && encoding_template = action_encoding_template(request, controller, action)
           params.except(:controller, :action).each do |key, value|
             ActionDispatch::Request::Utils.each_param_value(value) do |param|
+              # If `param` is frozen, it comes from the router defaults
+              next if param.frozen?
+
               if encoding_template[key.to_s]
                 param.force_encoding(encoding_template[key.to_s])
               end

data/lib/action_dispatch/routing/inspector.rb

@@ -6,8 +6,21 @@ require "io/console/size"
 module ActionDispatch
   module Routing
     class RouteWrapper < SimpleDelegator # :nodoc:
+      def matches_filter?(filter, value)
+        return __getobj__.path.match(value) if filter == :exact_path_match
+
+        value.match?(public_send(filter))
+      end
+
       def endpoint
-        app.dispatcher? ? "#{controller}##{action}" : rack_app.inspect
+        case
+        when app.dispatcher?
+          "#{controller}##{action}"
+        when rack_app.is_a?(Proc)
+          "Inline handler (Proc/Lambda)"
+        else
+          rack_app.inspect
+        end
       end
 
       def constraints
@@ -85,8 +98,18 @@ module ActionDispatch
           if filter[:controller]
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
           elsif filter[:grep]
-            { controller: /#{filter[:grep]}/, action: /#{filter[:grep]}/,
-              verb: /#{filter[:grep]}/, name: /#{filter[:grep]}/, path: /#{filter[:grep]}/ }
+            grep_pattern = Regexp.new(filter[:grep])
+            path = RFC2396_PARSER.escape(filter[:grep])
+            normalized_path = ("/" + path).squeeze("/")
+
+            {
+              controller: grep_pattern,
+              action: grep_pattern,
+              verb: grep_pattern,
+              name: grep_pattern,
+              path: grep_pattern,
+              exact_path_match: normalized_path,
+            }
           end
         end
 
@@ -94,7 +117,7 @@ module ActionDispatch
           if filter
             @routes.select do |route|
               route_wrapper = RouteWrapper.new(route)
-              filter.any? { |default, value| value.match?(route_wrapper.send(default)) }
+              filter.any? { |filter_type, value| route_wrapper.matches_filter?(filter_type, value) }
             end
           else
             @routes
@@ -110,7 +133,8 @@ module ActionDispatch
             { name: route.name,
               verb: route.verb,
               path: route.path,
-              reqs: route.reqs }
+              reqs: route.reqs,
+              source_location: route.source_location }
           end
         end
 
@@ -216,13 +240,16 @@ module ActionDispatch
         private
           def draw_expanded_section(routes)
             routes.map.each_with_index do |r, i|
-              <<~MESSAGE.chomp
+              route_rows = <<~MESSAGE.chomp
                 #{route_header(index: i + 1)}
                 Prefix            | #{r[:name]}
                 Verb              | #{r[:verb]}
                 URI               | #{r[:path]}
                 Controller#Action | #{r[:reqs]}
               MESSAGE
+              source_location = "\nSource Location   | #{r[:source_location]}"
+              route_rows += source_location if r[:source_location].present?
+              route_rows
             end
           end
 
@@ -230,6 +257,27 @@ module ActionDispatch
             "--[ Route #{index} ]".ljust(@width, "-")
           end
       end
+
+      class Unused < Sheet
+        def header(routes)
+          @buffer << <<~MSG
+            Found #{routes.count} unused #{"route".pluralize(routes.count)}:
+          MSG
+
+          super
+        end
+
+        def no_routes(routes, filter)
+          @buffer <<
+            if filter.none?
+              "No unused routes found."
+            elsif filter.key?(:controller)
+              "No unused routes found for this controller."
+            elsif filter.key?(:grep)
+              "No unused routes found for this grep pattern."
+            end
+        end
+      end
     end
 
     class HtmlTableFormatter