actionpack 7.0.8.1 → 7.2.2.1

data/lib/action_controller/metal/testing.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module Testing
     # Behavior specific to functional tests

data/lib/action_controller/metal/url_for.rb

@@ -1,30 +1,39 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
-  # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing
-  # the <tt>_routes</tt> method. Otherwise, an exception will be raised.
+  # # Action Controller UrlFor
+  #
+  # Includes `url_for` into the host class. The class has to provide a `RouteSet`
+  # by implementing the `_routes` method. Otherwise, an exception will be raised.
   #
-  # In addition to AbstractController::UrlFor, this module accesses the HTTP layer to define
-  # URL options like the +host+. In order to do so, this module requires the host class
-  # to implement +env+ which needs to be Rack-compatible, and +request+ which
-  # returns an ActionDispatch::Request instance.
+  # In addition to AbstractController::UrlFor, this module accesses the HTTP layer
+  # to define URL options like the `host`. In order to do so, this module requires
+  # the host class to implement `env` which needs to be Rack-compatible, and
+  # `request` which returns an ActionDispatch::Request instance.
   #
-  #   class RootUrl
-  #     include ActionController::UrlFor
-  #     include Rails.application.routes.url_helpers
+  #     class RootUrl
+  #       include ActionController::UrlFor
+  #       include Rails.application.routes.url_helpers
   #
-  #     delegate :env, :request, to: :controller
+  #       delegate :env, :request, to: :controller
   #
-  #     def initialize(controller)
-  #       @controller = controller
-  #       @url        = root_path # named route from the application.
+  #       def initialize(controller)
+  #         @controller = controller
+  #         @url        = root_path # named route from the application.
+  #       end
   #     end
-  #   end
   module UrlFor
     extend ActiveSupport::Concern
 
     include AbstractController::UrlFor
 
+    def initialize(...)
+      super
+      @_url_options = nil
+    end
+
     def url_options
       @_url_options ||= {
         host: request.host,

data/lib/action_controller/metal.rb

@@ -1,15 +1,19 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/array/extract_options"
 require "action_dispatch/middleware/stack"
 
 module ActionController
-  # Extend ActionDispatch middleware stack to make it aware of options
-  # allowing the following syntax in controllers:
+  # # Action Controller MiddlewareStack
+  #
+  # Extend ActionDispatch middleware stack to make it aware of options allowing
+  # the following syntax in controllers:
   #
-  #   class PostsController < ApplicationController
-  #     use AuthenticationMiddleware, except: [:index, :show]
-  #   end
+  #     class PostsController < ApplicationController
+  #       use AuthenticationMiddleware, except: [:index, :show]
+  #     end
   #
   class MiddlewareStack < ActionDispatch::MiddlewareStack # :nodoc:
     class Middleware < ActionDispatch::MiddlewareStack::Middleware # :nodoc:
@@ -58,71 +62,71 @@ module ActionController
       end
   end
 
-  # <tt>ActionController::Metal</tt> is the simplest possible controller, providing a
+  # # Action Controller Metal
+  #
+  # `ActionController::Metal` is the simplest possible controller, providing a
   # valid Rack interface without the additional niceties provided by
   # ActionController::Base.
   #
   # A sample metal controller might look like this:
   #
-  #   class HelloController < ActionController::Metal
-  #     def index
-  #       self.response_body = "Hello World!"
+  #     class HelloController < ActionController::Metal
+  #       def index
+  #         self.response_body = "Hello World!"
+  #       end
   #     end
-  #   end
   #
-  # And then to route requests to your metal controller, you would add
-  # something like this to <tt>config/routes.rb</tt>:
+  # And then to route requests to your metal controller, you would add something
+  # like this to `config/routes.rb`:
   #
-  #   get 'hello', to: HelloController.action(:index)
+  #     get 'hello', to: HelloController.action(:index)
   #
-  # The +action+ method returns a valid Rack application for the \Rails
-  # router to dispatch to.
+  # The ::action method returns a valid Rack application for the Rails router to
+  # dispatch to.
   #
-  # == Rendering Helpers
+  # ## Rendering Helpers
   #
-  # <tt>ActionController::Metal</tt> by default provides no utilities for rendering
-  # views, partials, or other responses aside from explicitly calling of
-  # <tt>response_body=</tt>, <tt>content_type=</tt>, and <tt>status=</tt>. To
-  # add the render helpers you're used to having in a normal controller, you
-  # can do the following:
+  # By default, `ActionController::Metal` provides no utilities for rendering
+  # views, partials, or other responses aside from some low-level setters such
+  # as #response_body=, #content_type=, and #status=. To add the render helpers
+  # you're used to having in a normal controller, you can do the following:
   #
-  #   class HelloController < ActionController::Metal
-  #     include AbstractController::Rendering
-  #     include ActionView::Layouts
-  #     append_view_path "#{Rails.root}/app/views"
+  #     class HelloController < ActionController::Metal
+  #       include AbstractController::Rendering
+  #       include ActionView::Layouts
+  #       append_view_path "#{Rails.root}/app/views"
   #
-  #     def index
-  #       render "hello/index"
+  #       def index
+  #         render "hello/index"
+  #       end
   #     end
-  #   end
   #
-  # == Redirection Helpers
+  # ## Redirection Helpers
   #
   # To add redirection helpers to your metal controller, do the following:
   #
-  #   class HelloController < ActionController::Metal
-  #     include ActionController::Redirecting
-  #     include Rails.application.routes.url_helpers
+  #     class HelloController < ActionController::Metal
+  #       include ActionController::Redirecting
+  #       include Rails.application.routes.url_helpers
   #
-  #     def index
-  #       redirect_to root_url
+  #       def index
+  #         redirect_to root_url
+  #       end
   #     end
-  #   end
-  #
-  # == Other Helpers
   #
-  # You can refer to the modules included in ActionController::Base to see
-  # other features you can bring into your metal controller.
+  # ## Other Helpers
   #
+  # You can refer to the modules included in ActionController::Base to see other
+  # features you can bring into your metal controller.
   class Metal < AbstractController::Base
     abstract!
 
-    # Returns the last part of the controller's name, underscored, without the ending
-    # <tt>Controller</tt>. For instance, PostsController returns <tt>posts</tt>.
-    # Namespaces are left out, so Admin::PostsController returns <tt>posts</tt> as well.
+    # Returns the last part of the controller's name, underscored, without the
+    # ending `Controller`. For instance, `PostsController` returns `posts`.
+    # Namespaces are left out, so `Admin::PostsController` returns `posts` as well.
     #
-    # ==== Returns
-    # * <tt>string</tt>
+    # #### Returns
+    # *   `string`
     def self.controller_name
       @controller_name ||= (name.demodulize.delete_suffix("Controller").underscore unless anonymous?)
     end
@@ -137,20 +141,78 @@ module ActionController
       false
     end
 
+    class << self
+      private
+        def inherited(subclass)
+          super
+          subclass.middleware_stack = middleware_stack.dup
+          subclass.class_eval do
+            @controller_name = nil
+          end
+        end
+    end
+
     # Delegates to the class's ::controller_name.
     def controller_name
       self.class.controller_name
     end
 
-    attr_internal :response, :request
+    ##
+    # :attr_reader: request
+    #
+    # The ActionDispatch::Request instance for the current request.
+    attr_internal :request
+
+    ##
+    # :attr_reader: response
+    #
+    # The ActionDispatch::Response instance for the current response.
+    attr_internal_reader :response
+
+    ##
+    # The ActionDispatch::Request::Session instance for the current request.
+    # See further details in the
+    # [Active Controller Session guide](https://guides.rubyonrails.org/action_controller_overview.html#session).
     delegate :session, to: "@_request"
-    delegate :headers, :status=, :location=, :content_type=,
-             :status, :location, :content_type, :media_type, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#headers.
+    delegate :headers, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#status=
+    delegate :status=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#location=
+    delegate :location=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#content_type=
+    delegate :content_type=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#status
+    delegate :status, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#location
+    delegate :location, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#content_type
+    delegate :content_type, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#media_type
+    delegate :media_type, to: "@_response"
 
     def initialize
       @_request = nil
       @_response = nil
+      @_response_body = nil
       @_routes = nil
+      @_params = nil
       super
     end
 
@@ -164,17 +226,19 @@ module ActionController
 
     alias :response_code :status # :nodoc:
 
-    # Basic url_for that can be overridden for more robust functionality.
+    # Basic `url_for` that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
 
     def response_body=(body)
-      body = [body] unless body.nil? || body.respond_to?(:each)
-      response.reset_body!
-      return unless body
-      response.body = body
-      super
+      if body
+        body = [body] if body.is_a?(String)
+        response.body = body
+        super
+      else
+        response.reset_body!
+      end
     end
 
     # Tests if render or redirect has already happened.
@@ -191,9 +255,23 @@ module ActionController
     end
 
     def set_response!(response) # :nodoc:
+      if @_response
+        _, _, body = @_response
+        body.close if body.respond_to?(:close)
+      end
+
       @_response = response
     end
 
+    # Assign the response and mark it as committed. No further processing will
+    # occur.
+    def response=(response)
+      set_response!(response)
+
+      # Force `performed?` to return true:
+      @_response_body = true
+    end
+
     def set_request!(request) # :nodoc:
       @_request = request
       @_request.controller_instance = self
@@ -209,11 +287,6 @@ module ActionController
 
     class_attribute :middleware_stack, default: ActionController::MiddlewareStack.new
 
-    def self.inherited(base) # :nodoc:
-      base.middleware_stack = middleware_stack.dup
-      super
-    end
-
     class << self
       # Pushes the given Rack middleware and its arguments to the bottom of the
       # middleware stack.
@@ -222,7 +295,18 @@ module ActionController
       end
     end
 
-    # Alias for +middleware_stack+.
+    # The middleware stack used by this controller.
+    #
+    # By default uses a variation of ActionDispatch::MiddlewareStack which allows
+    # for the following syntax:
+    #
+    #     class PostsController < ApplicationController
+    #       use AuthenticationMiddleware, except: [:index, :show]
+    #     end
+    #
+    # Read more about [Rails middleware stack]
+    # (https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack)
+    # in the guides.
     def self.middleware
       middleware_stack
     end
@@ -242,8 +326,8 @@ module ActionController
       end
     end
 
-    # Direct dispatch to the controller. Instantiates the controller, then
-    # executes the action named +name+.
+    # Direct dispatch to the controller. Instantiates the controller, then executes
+    # the action named `name`.
     def self.dispatch(name, req, res)
       if middleware_stack.any?
         middleware_stack.build(name) { |env| new.dispatch(name, req, res) }.call req.env

data/lib/action_controller/railtie.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
@@ -14,8 +16,13 @@ module ActionController
     config.action_controller.log_query_tags_around_actions = true
     config.action_controller.wrap_parameters_by_default = false
 
+    config.eager_load_namespaces << AbstractController
     config.eager_load_namespaces << ActionController
 
+    initializer "action_controller.deprecator", before: :load_environment_config do |app|
+      app.deprecators[:action_controller] = ActionController.deprecator
+    end
+
     initializer "action_controller.assets_config", group: :all do |app|
       app.config.action_controller.assets_dir ||= app.config.paths["public"].first
     end
@@ -37,10 +44,15 @@ module ActionController
         action_on_unpermitted_parameters = options.action_on_unpermitted_parameters
 
         if action_on_unpermitted_parameters.nil?
-          action_on_unpermitted_parameters = (Rails.env.test? || Rails.env.development?) ? :log : false
+          action_on_unpermitted_parameters = Rails.env.local? ? :log : false
         end
 
         ActionController::Parameters.action_on_unpermitted_parameters = action_on_unpermitted_parameters
+
+        unless options.allow_deprecated_parameters_hash_equality.nil?
+          ActionController::Parameters.allow_deprecated_parameters_hash_equality =
+            options.allow_deprecated_parameters_hash_equality
+        end
       end
     end
 
@@ -67,11 +79,13 @@ module ActionController
 
         # Configs used in other initializers
         filtered_options = options.except(
+          :default_protect_from_forgery,
           :log_query_tags_around_actions,
           :permit_all_parameters,
           :action_on_unpermitted_parameters,
           :always_permitted_parameters,
-          :wrap_parameters_by_default
+          :wrap_parameters_by_default,
+          :allow_deprecated_parameters_hash_equality
         )
 
         filtered_options.each do |k, v|
@@ -99,12 +113,6 @@ module ActionController
       end
     end
 
-    initializer "action_controller.eager_load_actions" do
-      ActiveSupport.on_load(:after_initialize) do
-        ActionController::Metal.descendants.each(&:action_methods) if config.eager_load
-      end
-    end
-
     initializer "action_controller.query_log_tags" do |app|
       query_logs_tags_enabled = app.config.respond_to?(:active_record) &&
         app.config.active_record.query_log_tags_enabled &&
@@ -118,7 +126,15 @@ module ActionController
           ActiveRecord::QueryLogs.taggings.merge!(
             controller:            ->(context) { context[:controller]&.controller_name },
             action:                ->(context) { context[:controller]&.action_name },
-            namespaced_controller: ->(context) { context[:controller].class.name if context[:controller] }
+            namespaced_controller: ->(context) {
+              if context[:controller]
+                controller_class = context[:controller].class
+                # based on ActionController::Metal#controller_name, but does not demodulize
+                unless controller_class.anonymous?
+                  controller_class.name.delete_suffix("Controller").underscore
+                end
+              end
+            }
           )
         end
       end

data/lib/action_controller/railties/helpers.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module Railties
     module Helpers