RubyGems - actionpack - Versions diffs - 7.0.8 → 7.2.0 - Mend

actionpack 7.0.8 → 7.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +76 -520
data/MIT-LICENSE +1 -1
data/README.rdoc +2 -2
data/lib/abstract_controller/asset_paths.rb +2 -0
data/lib/abstract_controller/base.rb +119 -106
data/lib/abstract_controller/caching/fragments.rb +51 -52
data/lib/abstract_controller/caching.rb +2 -0
data/lib/abstract_controller/callbacks.rb +94 -67
data/lib/abstract_controller/collector.rb +6 -6
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +2 -0
data/lib/abstract_controller/helpers.rb +119 -91
data/lib/abstract_controller/logger.rb +2 -0
data/lib/abstract_controller/railties/routes_helpers.rb +3 -16
data/lib/abstract_controller/rendering.rb +14 -13
data/lib/abstract_controller/translation.rb +15 -11
data/lib/abstract_controller/url_for.rb +9 -5
data/lib/abstract_controller.rb +8 -0
data/lib/action_controller/api/api_rendering.rb +2 -0
data/lib/action_controller/api.rb +77 -73
data/lib/action_controller/base.rb +199 -141
data/lib/action_controller/caching.rb +16 -11
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +21 -16
data/lib/action_controller/log_subscriber.rb +19 -5
data/lib/action_controller/metal/allow_browser.rb +123 -0
data/lib/action_controller/metal/basic_implicit_render.rb +2 -0
data/lib/action_controller/metal/conditional_get.rb +188 -174
data/lib/action_controller/metal/content_security_policy.rb +26 -25
data/lib/action_controller/metal/cookies.rb +4 -2
data/lib/action_controller/metal/data_streaming.rb +65 -54
data/lib/action_controller/metal/default_headers.rb +6 -2
data/lib/action_controller/metal/etag_with_flash.rb +4 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +18 -14
data/lib/action_controller/metal/exceptions.rb +19 -9
data/lib/action_controller/metal/flash.rb +12 -10
data/lib/action_controller/metal/head.rb +20 -16
data/lib/action_controller/metal/helpers.rb +64 -67
data/lib/action_controller/metal/http_authentication.rb +216 -199
data/lib/action_controller/metal/implicit_render.rb +21 -17
data/lib/action_controller/metal/instrumentation.rb +22 -12
data/lib/action_controller/metal/live.rb +122 -92
data/lib/action_controller/metal/logging.rb +6 -4
data/lib/action_controller/metal/mime_responds.rb +151 -142
data/lib/action_controller/metal/parameter_encoding.rb +34 -32
data/lib/action_controller/metal/params_wrapper.rb +58 -58
data/lib/action_controller/metal/permissions_policy.rb +14 -13
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +110 -84
data/lib/action_controller/metal/renderers.rb +50 -49
data/lib/action_controller/metal/rendering.rb +103 -82
data/lib/action_controller/metal/request_forgery_protection.rb +279 -161
data/lib/action_controller/metal/rescue.rb +12 -8
data/lib/action_controller/metal/streaming.rb +174 -132
data/lib/action_controller/metal/strong_parameters.rb +598 -473
data/lib/action_controller/metal/testing.rb +2 -0
data/lib/action_controller/metal/url_for.rb +23 -14
data/lib/action_controller/metal.rb +145 -61
data/lib/action_controller/railtie.rb +25 -9
data/lib/action_controller/railties/helpers.rb +2 -0
data/lib/action_controller/renderer.rb +105 -66
data/lib/action_controller/template_assertions.rb +4 -2
data/lib/action_controller/test_case.rb +155 -125
data/lib/action_controller.rb +17 -3
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +28 -29
data/lib/action_dispatch/http/content_disposition.rb +2 -0
data/lib/action_dispatch/http/content_security_policy.rb +52 -45
data/lib/action_dispatch/http/filter_parameters.rb +18 -8
data/lib/action_dispatch/http/filter_redirect.rb +15 -1
data/lib/action_dispatch/http/headers.rb +23 -21
data/lib/action_dispatch/http/mime_negotiation.rb +37 -48
data/lib/action_dispatch/http/mime_type.rb +60 -30
data/lib/action_dispatch/http/mime_types.rb +5 -1
data/lib/action_dispatch/http/parameters.rb +12 -10
data/lib/action_dispatch/http/permissions_policy.rb +32 -34
data/lib/action_dispatch/http/rack_cache.rb +4 -0
data/lib/action_dispatch/http/request.rb +113 -79
data/lib/action_dispatch/http/response.rb +136 -103
data/lib/action_dispatch/http/upload.rb +19 -15
data/lib/action_dispatch/http/url.rb +75 -73
data/lib/action_dispatch/journey/formatter.rb +19 -6
data/lib/action_dispatch/journey/gtg/builder.rb +4 -3
data/lib/action_dispatch/journey/gtg/simulator.rb +2 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +10 -8
data/lib/action_dispatch/journey/nfa/dot.rb +2 -0
data/lib/action_dispatch/journey/nodes/node.rb +6 -5
data/lib/action_dispatch/journey/parser.rb +4 -3
data/lib/action_dispatch/journey/parser_extras.rb +2 -0
data/lib/action_dispatch/journey/path/pattern.rb +18 -15
data/lib/action_dispatch/journey/route.rb +12 -9
data/lib/action_dispatch/journey/router/utils.rb +16 -15
data/lib/action_dispatch/journey/router.rb +13 -10
data/lib/action_dispatch/journey/routes.rb +6 -4
data/lib/action_dispatch/journey/scanner.rb +4 -2
data/lib/action_dispatch/journey/visitors.rb +2 -0
data/lib/action_dispatch/journey.rb +2 -0
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +7 -6
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +4 -0
data/lib/action_dispatch/middleware/cookies.rb +192 -194
data/lib/action_dispatch/middleware/debug_exceptions.rb +36 -27
data/lib/action_dispatch/middleware/debug_locks.rb +18 -13
data/lib/action_dispatch/middleware/debug_view.rb +9 -2
data/lib/action_dispatch/middleware/exception_wrapper.rb +181 -27
data/lib/action_dispatch/middleware/executor.rb +9 -1
data/lib/action_dispatch/middleware/flash.rb +65 -46
data/lib/action_dispatch/middleware/host_authorization.rb +22 -17
data/lib/action_dispatch/middleware/public_exceptions.rb +12 -8
data/lib/action_dispatch/middleware/reloader.rb +9 -5
data/lib/action_dispatch/middleware/remote_ip.rb +89 -83
data/lib/action_dispatch/middleware/request_id.rb +15 -8
data/lib/action_dispatch/middleware/server_timing.rb +8 -6
data/lib/action_dispatch/middleware/session/abstract_store.rb +7 -0
data/lib/action_dispatch/middleware/session/cache_store.rb +14 -7
data/lib/action_dispatch/middleware/session/cookie_store.rb +32 -25
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +9 -3
data/lib/action_dispatch/middleware/show_exceptions.rb +42 -28
data/lib/action_dispatch/middleware/ssl.rb +60 -45
data/lib/action_dispatch/middleware/stack.rb +15 -9
data/lib/action_dispatch/middleware/static.rb +40 -34
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +8 -1
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +7 -7
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +2 -2
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +17 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +16 -12
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +3 -3
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +47 -38
data/lib/action_dispatch/railtie.rb +12 -4
data/lib/action_dispatch/request/session.rb +39 -27
data/lib/action_dispatch/request/utils.rb +10 -3
data/lib/action_dispatch/routing/endpoint.rb +2 -0
data/lib/action_dispatch/routing/inspector.rb +59 -9
data/lib/action_dispatch/routing/mapper.rb +684 -638
data/lib/action_dispatch/routing/polymorphic_routes.rb +70 -61
data/lib/action_dispatch/routing/redirection.rb +52 -38
data/lib/action_dispatch/routing/route_set.rb +105 -61
data/lib/action_dispatch/routing/routes_proxy.rb +16 -19
data/lib/action_dispatch/routing/url_for.rb +131 -122
data/lib/action_dispatch/routing.rb +152 -150
data/lib/action_dispatch/system_test_case.rb +91 -81
data/lib/action_dispatch/system_testing/browser.rb +27 -19
data/lib/action_dispatch/system_testing/driver.rb +16 -22
data/lib/action_dispatch/system_testing/server.rb +2 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +53 -31
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +2 -0
data/lib/action_dispatch/testing/assertion_response.rb +9 -7
data/lib/action_dispatch/testing/assertions/response.rb +36 -26
data/lib/action_dispatch/testing/assertions/routing.rb +203 -95
data/lib/action_dispatch/testing/assertions.rb +5 -1
data/lib/action_dispatch/testing/integration.rb +240 -229
data/lib/action_dispatch/testing/request_encoder.rb +6 -1
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +14 -9
data/lib/action_dispatch/testing/test_request.rb +4 -2
data/lib/action_dispatch/testing/test_response.rb +34 -19
data/lib/action_dispatch.rb +49 -22
data/lib/action_pack/gem_version.rb +5 -3
data/lib/action_pack/version.rb +3 -1
data/lib/action_pack.rb +18 -17
metadata +88 -29

data/lib/action_dispatch/journey/router.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 require "action_dispatch/journey/router/utils"
 require "action_dispatch/journey/routes"
 require "action_dispatch/journey/formatter"
@@ -22,14 +24,14 @@ module ActionDispatch
       end
       def eager_load!
-        # Eagerly trigger the simulator's initialization so
-        # it doesn't happen during a request cycle.
+        # Eagerly trigger the simulator's initialization so it doesn't happen during a
+        # request cycle.
         simulator
         nil
       end
       def serve(req)
-        find_routes(req).each do |match, parameters, route|
+        find_routes(req) do |match, parameters, route|
           set_params  = req.path_parameters
           path_info   = req.path_info
           script_name = req.script_name
@@ -46,24 +48,25 @@ module ActionDispatch
           }
           req.path_parameters = tmp_params
+          req.route_uri_pattern = route.path.spec.to_s
-          status, headers, body = route.app.serve(req)
+          _, headers, _ = response = route.app.serve(req)
-          if "pass" == headers["X-Cascade"]
+          if "pass" == headers[Constants::X_CASCADE]
             req.script_name     = script_name
             req.path_info       = path_info
             req.path_parameters = set_params
             next
           end
-          return [status, headers, body]
+          return response
         end
-        [404, { "X-Cascade" => "pass" }, ["Not Found"]]
+        [404, { Constants::X_CASCADE => "pass" }, ["Not Found"]]
       end
       def recognize(rails_req)
-        find_routes(rails_req).each do |match, parameters, route|
+        find_routes(rails_req) do |match, parameters, route|
           unless route.path.anchored
             rails_req.script_name = match.to_s
             rails_req.path_info   = match.post_match
@@ -120,14 +123,14 @@ module ActionDispatch
           routes.sort_by!(&:precedence)
-          routes.map! { |r|
+          routes.each { |r|
             match_data = r.path.match(path_info)
             path_parameters = {}
             match_data.names.each_with_index { |name, i|
               val = match_data[i + 1]
               path_parameters[name.to_sym] = Utils.unescape_uri(val) if val
             }
-            [match_data, path_parameters, r]
+            yield [match_data, path_parameters, r]
           }
         end

data/lib/action_dispatch/journey/routes.rb CHANGED Viewed

@@ -1,16 +1,18 @@
 # frozen_string_literal: true
+# :markup: markdown
 module ActionDispatch
   module Journey # :nodoc:
-    # The Routing table. Contains all routes for a system. Routes can be
-    # added to the table by calling Routes#add_route.
+    # The Routing table. Contains all routes for a system. Routes can be added to
+    # the table by calling Routes#add_route.
     class Routes # :nodoc:
       include Enumerable
       attr_reader :routes, :custom_routes, :anchored_routes
-      def initialize
-        @routes             = []
+      def initialize(routes = [])
+        @routes             = routes
         @ast                = nil
         @anchored_routes    = []
         @custom_routes      = []

data/lib/action_dispatch/journey/scanner.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 require "strscan"
 module ActionDispatch
@@ -33,8 +35,8 @@ module ActionDispatch
       end
       private
-        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards
-        # see: https://bugs.ruby-lang.org/issues/13077
+        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards see:
+        # https://bugs.ruby-lang.org/issues/13077
         def dedup_scan(regex)
           r = @ss.scan(regex)
           r ? -r : nil

data/lib/action_dispatch/journey/visitors.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 module ActionDispatch
   # :stopdoc:
   module Journey

data/lib/action_dispatch/journey.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+# :markup: markdown
 require "action_dispatch/journey/router"
 require "action_dispatch/journey/gtg/builder"
 require "action_dispatch/journey/gtg/simulator"

data/lib/action_dispatch/log_subscriber.rb ADDED Viewed

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+# :markup: markdown
+module ActionDispatch
+  class LogSubscriber < ActiveSupport::LogSubscriber
+    def redirect(event)
+      payload = event.payload
+      info { "Redirected to #{payload[:location]}" }
+      info do
+        status = payload[:status]
+        message = +"Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << "\n\n" if defined?(Rails.env) && Rails.env.development?
+        message
+      end
+    end
+    subscribe_log_level :redirect, :info
+  end
+end
+ActionDispatch::LogSubscriber.attach_to :action_dispatch

data/lib/action_dispatch/middleware/actionable_exceptions.rb CHANGED Viewed

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
-require "erb"
+# :markup: markdown
 require "uri"
 require "active_support/actionable_error"
@@ -30,15 +31,15 @@ module ActionDispatch
         uri = URI.parse location
         if uri.relative? || uri.scheme == "http" || uri.scheme == "https"
-          body = "<html><body>You are being <a href=\"#{ERB::Util.unwrapped_html_escape(location)}\">redirected</a>.</body></html>"
+          body = ""
         else
-          return [400, { "Content-Type" => "text/plain" }, ["Invalid redirection URI"]]
+          return [400, { Rack::CONTENT_TYPE => "text/plain; charset=utf-8" }, ["Invalid redirection URI"]]
         end
         [302, {
-          "Content-Type" => "text/html; charset=#{Response.default_charset}",
-          "Content-Length" => body.bytesize.to_s,
-          "Location" => location,
+          Rack::CONTENT_TYPE => "text/html; charset=#{Response.default_charset}",
+          Rack::CONTENT_LENGTH => body.bytesize.to_s,
+          ActionDispatch::Constants::LOCATION => location,
         }, [body]]
       end
   end

data/lib/action_dispatch/middleware/assume_ssl.rb ADDED Viewed

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+# :markup: markdown
+module ActionDispatch
+  # # Action Dispatch AssumeSSL
+  #
+  # When proxying through a load balancer that terminates SSL, the forwarded
+  # request will appear as though it's HTTP instead of HTTPS to the application.
+  # This makes redirects and cookie security target HTTP instead of HTTPS. This
+  # middleware makes the server assume that the proxy already terminated SSL, and
+  # that the request really is HTTPS.
+  class AssumeSSL
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      env["HTTPS"] = "on"
+      env["HTTP_X_FORWARDED_PORT"] = "443"
+      env["HTTP_X_FORWARDED_PROTO"] = "https"
+      env["rack.url_scheme"] = "https"
+      @app.call(env)
+    end
+  end
+end

data/lib/action_dispatch/middleware/callbacks.rb CHANGED Viewed

@@ -1,6 +1,10 @@
 # frozen_string_literal: true
+# :markup: markdown
 module ActionDispatch
+  # # Action Dispatch Callbacks
+  #
   # Provides callbacks to be executed before and after dispatching the request.
   class Callbacks
     include ActiveSupport::Callbacks