actionpack 7.0.5 → 7.1.3.4

data/lib/action_dispatch/http/response.rb

@@ -6,23 +6,23 @@ require "action_dispatch/http/cache"
 require "monitor"
 
 module ActionDispatch # :nodoc:
+  # = Action Dispatch \Response
+  #
   # Represents an HTTP response generated by a controller action. Use it to
   # retrieve the current state of the response, or customize the response. It can
   # either represent a real HTTP response (i.e. one that is meant to be sent
   # back to the web browser) or a TestResponse (i.e. one that is generated
   # from integration tests).
   #
-  # \Response is mostly a Ruby on \Rails framework implementation detail, and
-  # should never be used directly in controllers. Controllers should use the
-  # methods defined in ActionController::Base instead. For example, if you want
-  # to set the HTTP response's content MIME type, then use
-  # ActionControllerBase#headers instead of Response#headers.
+  # The \Response object for the current request is exposed on controllers as
+  # ActionController::Metal#response. ActionController::Metal also provides a
+  # few additional methods that delegate to attributes of the \Response such as
+  # ActionController::Metal#headers.
   #
-  # Nevertheless, integration tests may want to inspect controller responses in
-  # more detail, and that's when \Response can be useful for application
-  # developers. Integration test methods such as
-  # Integration::RequestHelpers#get and Integration::RequestHelpers#post return
-  # objects of type TestResponse (which are of course also of type \Response).
+  # Integration tests will likely also want to inspect responses in
+  # more detail. Methods such as Integration::RequestHelpers#get
+  # and Integration::RequestHelpers#post return instances of
+  # TestResponse (which inherits from \Response) for this purpose.
   #
   # For example, the following demo integration test prints the body of the
   # controller response to the console:
@@ -34,41 +34,43 @@ module ActionDispatch # :nodoc:
   #    end
   #  end
   class Response
-    class Header < DelegateClass(Hash) # :nodoc:
-      def initialize(response, header)
-        @response = response
-        super(header)
-      end
-
-      def []=(k, v)
-        if @response.sending? || @response.sent?
-          raise ActionDispatch::IllegalStateError, "header already sent"
-        end
-
-        super
-      end
-
-      def merge(other)
-        self.class.new @response, __getobj__.merge(other)
-      end
-
-      def to_hash
-        __getobj__.dup
-      end
+    begin
+      # For `Rack::Headers` (Rack 3+):
+      require "rack/headers"
+      Headers = ::Rack::Headers
+    rescue LoadError
+      # For `Rack::Utils::HeaderHash`:
+      require "rack/utils"
+      Headers = ::Rack::Utils::HeaderHash
     end
 
+    # To be deprecated:
+    Header = Headers
+
     # The request that the response is responding to.
     attr_accessor :request
 
     # The HTTP status code.
     attr_reader :status
 
-    # Get headers for this response.
-    attr_reader :header
+    # The headers for the response.
+    #
+    #   header["Content-Type"] # => "text/plain"
+    #   header["Content-Type"] = "application/json"
+    #   header["Content-Type"] # => "application/json"
+    #
+    # Also aliased as +headers+.
+    #
+    #   headers["Content-Type"] # => "text/plain"
+    #   headers["Content-Type"] = "application/json"
+    #   headers["Content-Type"] # => "application/json"
+    #
+    # Also aliased as +header+ for compatibility.
+    attr_reader :headers
 
-    alias_method :headers,  :header
+    alias_method :header, :headers
 
-    delegate :[], :[]=, to: :@header
+    delegate :[], :[]=, to: :@headers
 
     def each(&block)
       sending!
@@ -79,7 +81,6 @@ module ActionDispatch # :nodoc:
 
     CONTENT_TYPE = "Content-Type"
     SET_COOKIE   = "Set-Cookie"
-    LOCATION     = "Location"
     NO_CONTENT_CODES = [100, 101, 102, 103, 204, 205, 304]
 
     cattr_accessor :default_charset, default: "utf-8"
@@ -102,6 +103,12 @@ module ActionDispatch # :nodoc:
         @str_body = nil
       end
 
+      def to_ary
+        @buf.respond_to?(:to_ary) ?
+          @buf.to_ary :
+          @buf.each
+      end
+
       def body
         @str_body ||= begin
           buf = +""
@@ -117,6 +124,7 @@ module ActionDispatch # :nodoc:
         @response.commit!
         @buf.push string
       end
+      alias_method :<<, :write
 
       def each(&block)
         if @str_body
@@ -146,9 +154,9 @@ module ActionDispatch # :nodoc:
         end
     end
 
-    def self.create(status = 200, header = {}, body = [], default_headers: self.default_headers)
-      header = merge_default_headers(header, default_headers)
-      new status, header, body
+    def self.create(status = 200, headers = {}, body = [], default_headers: self.default_headers)
+      headers = merge_default_headers(headers, default_headers)
+      new status, headers, body
     end
 
     def self.merge_default_headers(original, default)
@@ -158,10 +166,14 @@ module ActionDispatch # :nodoc:
     # The underlying body, as a streamable object.
     attr_reader :stream
 
-    def initialize(status = 200, header = {}, body = [])
+    def initialize(status = 200, headers = nil, body = [])
       super()
 
-      @header = Header.new(self, header)
+      @headers = Headers.new
+
+      headers&.each do |key, value|
+        @headers[key] = value
+      end
 
       self.body, self.status = body, status
 
@@ -175,10 +187,10 @@ module ActionDispatch # :nodoc:
       yield self if block_given?
     end
 
-    def has_header?(key);   headers.key? key;   end
-    def get_header(key);    headers[key];       end
-    def set_header(key, v); headers[key] = v;   end
-    def delete_header(key); headers.delete key; end
+    def has_header?(key);   @headers.key? key;   end
+    def get_header(key);    @headers[key];       end
+    def set_header(key, v); @headers[key] = v;   end
+    def delete_header(key); @headers.delete key; end
 
     def await_commit
       synchronize do
@@ -281,7 +293,7 @@ module ActionDispatch # :nodoc:
       @status
     end
 
-    # Returns a string to ensure compatibility with <tt>Net::HTTPResponse</tt>.
+    # Returns a string to ensure compatibility with +Net::HTTPResponse+.
     def code
       @status.to_s
     end
@@ -384,7 +396,7 @@ module ActionDispatch # :nodoc:
     #   status, headers, body = *response
     def to_a
       commit!
-      rack_response @status, @header.to_hash
+      rack_response @status, @headers.to_hash
     end
     alias prepare! to_a
 
@@ -451,8 +463,7 @@ module ActionDispatch # :nodoc:
       # our last chance.
       commit! unless committed?
 
-      headers.freeze
-      request.commit_cookie_jar! unless committed?
+      @request.commit_cookie_jar! unless committed?
     end
 
     def build_buffer(response, body)
@@ -476,10 +487,6 @@ module ActionDispatch # :nodoc:
         @response = response
       end
 
-      def each(*args, &block)
-        @response.each(*args, &block)
-      end
-
       def close
         # Rack "close" maps to Response#abort, and *not* Response#close
         # (which is used when the controller's finished writing)
@@ -490,14 +497,28 @@ module ActionDispatch # :nodoc:
         @response.body
       end
 
+      BODY_METHODS = { to_ary: true, each: true, call: true, to_path: true }
+
       def respond_to?(method, include_private = false)
-        if method.to_sym == :to_path
+        if BODY_METHODS.key?(method)
           @response.stream.respond_to?(method)
         else
           super
         end
       end
 
+      def to_ary
+        @response.stream.to_ary
+      end
+
+      def each(*args, &block)
+        @response.each(*args, &block)
+      end
+
+      def call(*arguments, &block)
+        @response.stream.call(*arguments, &block)
+      end
+
       def to_path
         @response.stream.to_path
       end
@@ -505,16 +526,16 @@ module ActionDispatch # :nodoc:
 
     def handle_no_content!
       if NO_CONTENT_CODES.include?(@status)
-        @header.delete CONTENT_TYPE
-        @header.delete "Content-Length"
+        @headers.delete CONTENT_TYPE
+        @headers.delete "Content-Length"
       end
     end
 
-    def rack_response(status, header)
+    def rack_response(status, headers)
       if NO_CONTENT_CODES.include?(status)
-        [status, header, []]
+        [status, headers, []]
       else
-        [status, header, RackBody.new(self)]
+        [status, headers, RackBody.new(self)]
       end
     end
   end

data/lib/action_dispatch/http/upload.rb

@@ -2,6 +2,8 @@
 
 module ActionDispatch
   module Http
+    # = Action Dispatch HTTP \UploadedFile
+    #
     # Models uploaded files.
     #
     # The actual file is accessible via the +tempfile+ accessor, though some

data/lib/action_dispatch/journey/formatter.rb

@@ -57,6 +57,9 @@ module ActionDispatch
       end
 
       def generate(name, options, path_parameters)
+        original_options = options.dup
+        path_params = options.delete(:path_params) || {}
+        options = path_params.merge(options)
         constraints = path_parameters.merge(options)
         missing_keys = nil
 
@@ -70,8 +73,11 @@ module ActionDispatch
 
           missing_keys = missing_keys(route, parameterized_parts)
           next if missing_keys && !missing_keys.empty?
-          params = options.dup.delete_if do |key, _|
-            parameterized_parts.key?(key) || route.defaults.key?(key)
+          params = options.delete_if do |key, _|
+            # top-level params' normal behavior of generating query_params
+            # should be preserved even if the same key is also a bind_param
+            parameterized_parts.key?(key) || route.defaults.key?(key) ||
+              (path_params.key?(key) && !original_options.key?(key))
           end
 
           defaults       = route.defaults

data/lib/action_dispatch/journey/path/pattern.rb

@@ -183,22 +183,22 @@ module ActionDispatch
           end
 
           def offsets
-            return @offsets if @offsets
-
-            @offsets = [0]
-
-            spec.find_all(&:symbol?).each do |node|
-              node = node.to_sym
-
-              if @requirements.key?(node)
-                re = /#{Regexp.union(@requirements[node])}|/
-                @offsets.push((re.match("").length - 1) + @offsets.last)
-              else
-                @offsets << @offsets.last
+            @offsets ||= begin
+              offsets = [0]
+
+              spec.find_all(&:symbol?).each do |node|
+                node = node.to_sym
+
+                if @requirements.key?(node)
+                  re = /#{Regexp.union(@requirements[node])}|/
+                  offsets.push((re.match("").length - 1) + offsets.last)
+                else
+                  offsets << offsets.last
+                end
               end
-            end
 
-            @offsets
+              offsets
+            end
           end
       end
     end

data/lib/action_dispatch/journey/route.rb

@@ -5,7 +5,7 @@ module ActionDispatch
   module Journey
     class Route
       attr_reader :app, :path, :defaults, :name, :precedence, :constraints,
-                  :internal, :scope_options, :ast
+                  :internal, :scope_options, :ast, :source_location
 
       alias :conditions :constraints
 
@@ -53,7 +53,7 @@ module ActionDispatch
       ##
       # +path+ is a path constraint.
       # +constraints+ is a hash of constraints to be applied to this route.
-      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, request_method_match: nil, precedence: 0, scope_options: {}, internal: false)
+      def initialize(name:, app: nil, path:, constraints: {}, required_defaults: [], defaults: {}, request_method_match: nil, precedence: 0, scope_options: {}, internal: false, source_location: nil)
         @name        = name
         @app         = app
         @path        = path
@@ -69,6 +69,7 @@ module ActionDispatch
         @path_formatter    = @path.build_formatter
         @scope_options     = scope_options
         @internal          = internal
+        @source_location   = source_location
 
         @ast = @path.ast.root
         @path.ast.route = self

data/lib/action_dispatch/journey/router.rb

@@ -29,7 +29,7 @@ module ActionDispatch
       end
 
       def serve(req)
-        find_routes(req).each do |match, parameters, route|
+        find_routes(req) do |match, parameters, route|
           set_params  = req.path_parameters
           path_info   = req.path_info
           script_name = req.script_name
@@ -46,24 +46,25 @@ module ActionDispatch
           }
 
           req.path_parameters = tmp_params
+          req.route_uri_pattern = route.path.spec.to_s
 
-          status, headers, body = route.app.serve(req)
+          _, headers, _ = response = route.app.serve(req)
 
-          if "pass" == headers["X-Cascade"]
+          if "pass" == headers[Constants::X_CASCADE]
             req.script_name     = script_name
             req.path_info       = path_info
             req.path_parameters = set_params
             next
           end
 
-          return [status, headers, body]
+          return response
         end
 
-        [404, { "X-Cascade" => "pass" }, ["Not Found"]]
+        [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
 
       def recognize(rails_req)
-        find_routes(rails_req).each do |match, parameters, route|
+        find_routes(rails_req) do |match, parameters, route|
           unless route.path.anchored
             rails_req.script_name = match.to_s
             rails_req.path_info   = match.post_match
@@ -120,14 +121,14 @@ module ActionDispatch
 
           routes.sort_by!(&:precedence)
 
-          routes.map! { |r|
+          routes.each { |r|
             match_data = r.path.match(path_info)
             path_parameters = {}
             match_data.names.each_with_index { |name, i|
               val = match_data[i + 1]
               path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
             }
-            [match_data, path_parameters, r]
+            yield [match_data, path_parameters, r]
           }
         end
 

data/lib/action_dispatch/journey/routes.rb

@@ -9,8 +9,8 @@ module ActionDispatch
 
       attr_reader :routes, :custom_routes, :anchored_routes
 
-      def initialize
-        @routes             = []
+      def initialize(routes = [])
+        @routes             = routes
         @ast                = nil
         @anchored_routes    = []
         @custom_routes      = []

data/lib/action_dispatch/log_subscriber.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  class LogSubscriber < ActiveSupport::LogSubscriber
+    def redirect(event)
+      payload = event.payload
+
+      info { "Redirected to #{payload[:location]}" }
+
+      info do
+        status = payload[:status]
+
+        message = +"Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << "\n\n" if defined?(Rails.env) && Rails.env.development?
+
+        message
+      end
+    end
+    subscribe_log_level :redirect, :info
+  end
+end
+
+ActionDispatch::LogSubscriber.attach_to :action_dispatch

data/lib/action_dispatch/middleware/actionable_exceptions.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require "erb"
 require "uri"
 require "active_support/actionable_error"
 
@@ -30,15 +29,15 @@ module ActionDispatch
         uri = URI.parse location
 
         if uri.relative? || uri.scheme == "http" || uri.scheme == "https"
-          body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>"
+          body = ""
         else
-          return [400, { "Content-Type" => "text/plain" }, ["Invalid redirection URI"]]
+          return [400, { Rack::CONTENT_TYPE => "text/plain; charset=utf-8" }, ["Invalid redirection URI"]]
         end
 
         [302, {
-          "Content-Type" => "text/html; charset=#{Response.default_charset}",
-          "Content-Length" => body.bytesize.to_s,
-          "Location" => location,
+          Rack::CONTENT_TYPE => "text/html; charset=#{Response.default_charset}",
+          Rack::CONTENT_LENGTH => body.bytesize.to_s,
+          ActionDispatch::Constants::LOCATION => location,
         }, [body]]
       end
   end

data/lib/action_dispatch/middleware/assume_ssl.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ActionDispatch
+  # = Action Dispatch \AssumeSSL
+  #
+  # When proxying through a load balancer that terminates SSL, the forwarded request will appear
+  # as though it's HTTP instead of HTTPS to the application. This makes redirects and cookie
+  # security target HTTP instead of HTTPS. This middleware makes the server assume that the
+  # proxy already terminated SSL, and that the request really is HTTPS.
+  class AssumeSSL
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      env["HTTPS"] = "on"
+      env["HTTP_X_FORWARDED_PORT"] = "443"
+      env["HTTP_X_FORWARDED_PROTO"] = "https"
+      env["rack.url_scheme"] = "https"
+
+      @app.call(env)
+    end
+  end
+end

data/lib/action_dispatch/middleware/callbacks.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 module ActionDispatch
+  # = Action Dispatch \Callbacks
+  #
   # Provides callbacks to be executed before and after dispatching the request.
   class Callbacks
     include ActiveSupport::Callbacks