actionpack 7.1.5.1 → 8.1.2

data/lib/action_controller/metal/testing.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module Testing
     # Behavior specific to functional tests

data/lib/action_controller/metal/url_for.rb

@@ -1,27 +1,29 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
-  # = Action Controller \UrlFor
+  # # Action Controller UrlFor
   #
-  # Includes +url_for+ into the host class. The class has to provide a +RouteSet+ by implementing
-  # the <tt>_routes</tt> method. Otherwise, an exception will be raised.
+  # Includes `url_for` into the host class. The class has to provide a `RouteSet`
+  # by implementing the `_routes` method. Otherwise, an exception will be raised.
   #
-  # In addition to AbstractController::UrlFor, this module accesses the HTTP layer to define
-  # URL options like the +host+. In order to do so, this module requires the host class
-  # to implement +env+ which needs to be Rack-compatible, and +request+ which
-  # returns an ActionDispatch::Request instance.
+  # In addition to AbstractController::UrlFor, this module accesses the HTTP layer
+  # to define URL options like the `host`. In order to do so, this module requires
+  # the host class to implement `env` which needs to be Rack-compatible, and
+  # `request` which returns an ActionDispatch::Request instance.
   #
-  #   class RootUrl
-  #     include ActionController::UrlFor
-  #     include Rails.application.routes.url_helpers
+  #     class RootUrl
+  #       include ActionController::UrlFor
+  #       include Rails.application.routes.url_helpers
   #
-  #     delegate :env, :request, to: :controller
+  #       delegate :env, :request, to: :controller
   #
-  #     def initialize(controller)
-  #       @controller = controller
-  #       @url        = root_path # named route from the application.
+  #       def initialize(controller)
+  #         @controller = controller
+  #         @url        = root_path # named route from the application.
+  #       end
   #     end
-  #   end
   module UrlFor
     extend ActiveSupport::Concern
 

data/lib/action_controller/metal.rb

@@ -1,17 +1,19 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/core_ext/array/extract_options"
 require "action_dispatch/middleware/stack"
 
 module ActionController
-  # = Action Controller \MiddlewareStack
+  # # Action Controller MiddlewareStack
   #
-  # Extend ActionDispatch middleware stack to make it aware of options
-  # allowing the following syntax in controllers:
+  # Extend ActionDispatch middleware stack to make it aware of options allowing
+  # the following syntax in controllers:
   #
-  #   class PostsController < ApplicationController
-  #     use AuthenticationMiddleware, except: [:index, :show]
-  #   end
+  #     class PostsController < ApplicationController
+  #       use AuthenticationMiddleware, except: [:index, :show]
+  #     end
   #
   class MiddlewareStack < ActionDispatch::MiddlewareStack # :nodoc:
     class Middleware < ActionDispatch::MiddlewareStack::Middleware # :nodoc:
@@ -60,73 +62,71 @@ module ActionController
       end
   end
 
-  # = Action Controller \Metal
+  # # Action Controller Metal
   #
-  # +ActionController::Metal+ is the simplest possible controller, providing a
+  # `ActionController::Metal` is the simplest possible controller, providing a
   # valid Rack interface without the additional niceties provided by
   # ActionController::Base.
   #
   # A sample metal controller might look like this:
   #
-  #   class HelloController < ActionController::Metal
-  #     def index
-  #       self.response_body = "Hello World!"
+  #     class HelloController < ActionController::Metal
+  #       def index
+  #         self.response_body = "Hello World!"
+  #       end
   #     end
-  #   end
   #
-  # And then to route requests to your metal controller, you would add
-  # something like this to <tt>config/routes.rb</tt>:
+  # And then to route requests to your metal controller, you would add something
+  # like this to `config/routes.rb`:
   #
-  #   get 'hello', to: HelloController.action(:index)
+  #     get 'hello', to: HelloController.action(:index)
   #
-  # The +action+ method returns a valid Rack application for the \Rails
-  # router to dispatch to.
+  # The ::action method returns a valid Rack application for the Rails router to
+  # dispatch to.
   #
-  # == \Rendering \Helpers
+  # ## Rendering Helpers
   #
-  # +ActionController::Metal+ by default provides no utilities for rendering
-  # views, partials, or other responses aside from explicitly calling of
-  # <tt>response_body=</tt>, <tt>content_type=</tt>, and <tt>status=</tt>. To
-  # add the render helpers you're used to having in a normal controller, you
-  # can do the following:
+  # By default, `ActionController::Metal` provides no utilities for rendering
+  # views, partials, or other responses aside from some low-level setters such
+  # as #response_body=, #content_type=, and #status=. To add the render helpers
+  # you're used to having in a normal controller, you can do the following:
   #
-  #   class HelloController < ActionController::Metal
-  #     include AbstractController::Rendering
-  #     include ActionView::Layouts
-  #     append_view_path "#{Rails.root}/app/views"
+  #     class HelloController < ActionController::Metal
+  #       include AbstractController::Rendering
+  #       include ActionView::Layouts
+  #       append_view_path "#{Rails.root}/app/views"
   #
-  #     def index
-  #       render "hello/index"
+  #       def index
+  #         render "hello/index"
+  #       end
   #     end
-  #   end
   #
-  # == Redirection \Helpers
+  # ## Redirection Helpers
   #
   # To add redirection helpers to your metal controller, do the following:
   #
-  #   class HelloController < ActionController::Metal
-  #     include ActionController::Redirecting
-  #     include Rails.application.routes.url_helpers
+  #     class HelloController < ActionController::Metal
+  #       include ActionController::Redirecting
+  #       include Rails.application.routes.url_helpers
   #
-  #     def index
-  #       redirect_to root_url
+  #       def index
+  #         redirect_to root_url
+  #       end
   #     end
-  #   end
   #
-  # == Other \Helpers
-  #
-  # You can refer to the modules included in ActionController::Base to see
-  # other features you can bring into your metal controller.
+  # ## Other Helpers
   #
+  # You can refer to the modules included in ActionController::Base to see other
+  # features you can bring into your metal controller.
   class Metal < AbstractController::Base
     abstract!
 
-    # Returns the last part of the controller's name, underscored, without the ending
-    # <tt>Controller</tt>. For instance, +PostsController+ returns <tt>posts</tt>.
-    # Namespaces are left out, so +Admin::PostsController+ returns <tt>posts</tt> as well.
+    # Returns the last part of the controller's name, underscored, without the
+    # ending `Controller`. For instance, `PostsController` returns `posts`.
+    # Namespaces are left out, so `Admin::PostsController` returns `posts` as well.
     #
-    # ==== Returns
-    # * <tt>string</tt>
+    # #### Returns
+    # *   `string`
     def self.controller_name
       @controller_name ||= (name.demodulize.delete_suffix("Controller").underscore unless anonymous?)
     end
@@ -172,15 +172,40 @@ module ActionController
     ##
     # The ActionDispatch::Request::Session instance for the current request.
     # See further details in the
-    # {Active Controller Session guide}[https://guides.rubyonrails.org/action_controller_overview.html#session].
+    # [Active Controller Session guide](https://guides.rubyonrails.org/action_controller_overview.html#session).
     delegate :session, to: "@_request"
 
     ##
     # Delegates to ActionDispatch::Response#headers.
     delegate :headers, to: "@_response"
 
-    delegate :status=, :location=, :content_type=,
-             :status, :location, :content_type, :media_type, to: "@_response"
+    ##
+    # Delegates to ActionDispatch::Response#status=
+    delegate :status=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#location=
+    delegate :location=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#content_type=
+    delegate :content_type=, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#status
+    delegate :status, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#location
+    delegate :location, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#content_type
+    delegate :content_type, to: "@_response"
+
+    ##
+    # Delegates to ActionDispatch::Response#media_type
+    delegate :media_type, to: "@_response"
 
     def initialize
       @_request = nil
@@ -201,7 +226,7 @@ module ActionController
 
     alias :response_code :status # :nodoc:
 
-    # Basic \url_for that can be overridden for more robust functionality.
+    # Basic `url_for` that can be overridden for more robust functionality.
     def url_for(string)
       string
     end
@@ -238,7 +263,8 @@ module ActionController
       @_response = response
     end
 
-    # Assign the response and mark it as committed. No further processing will occur.
+    # Assign the response and mark it as committed. No further processing will
+    # occur.
     def response=(response)
       set_response!(response)
 
@@ -271,15 +297,15 @@ module ActionController
 
     # The middleware stack used by this controller.
     #
-    # By default uses a variation of ActionDispatch::MiddlewareStack which
-    # allows for the following syntax:
+    # By default uses a variation of ActionDispatch::MiddlewareStack which allows
+    # for the following syntax:
     #
-    #   class PostsController < ApplicationController
-    #     use AuthenticationMiddleware, except: [:index, :show]
-    #   end
+    #     class PostsController < ApplicationController
+    #       use AuthenticationMiddleware, except: [:index, :show]
+    #     end
     #
-    # Read more about {Rails middleware
-    # stack}[https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack]
+    # Read more about [Rails middleware stack]
+    # (https://guides.rubyonrails.org/rails_on_rack.html#action-dispatcher-middleware-stack)
     # in the guides.
     def self.middleware
       middleware_stack
@@ -300,8 +326,8 @@ module ActionController
       end
     end
 
-    # Direct dispatch to the controller. Instantiates the controller, then
-    # executes the action named +name+.
+    # Direct dispatch to the controller. Instantiates the controller, then executes
+    # the action named `name`.
     def self.dispatch(name, req, res)
       if middleware_stack.any?
         middleware_stack.build(name) { |env| new.dispatch(name, req, res) }.call req.env

data/lib/action_controller/railtie.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
@@ -10,9 +12,11 @@ require "action_view/railtie"
 module ActionController
   class Railtie < Rails::Railtie # :nodoc:
     config.action_controller = ActiveSupport::OrderedOptions.new
-    config.action_controller.raise_on_open_redirects = false
+    config.action_controller.action_on_open_redirect = :log
+    config.action_controller.action_on_path_relative_redirect = :log
     config.action_controller.log_query_tags_around_actions = true
     config.action_controller.wrap_parameters_by_default = false
+    config.action_controller.allowed_redirect_hosts = []
 
     config.eager_load_namespaces << AbstractController
     config.eager_load_namespaces << ActionController
@@ -29,6 +33,10 @@ module ActionController
       ActionController::Helpers.helpers_path = app.helpers_paths
     end
 
+    initializer "action_controller.live_streaming_excluded_keys" do |app|
+      ActionController::Live.live_streaming_excluded_keys = app.config.action_controller.live_streaming_excluded_keys
+    end
+
     initializer "action_controller.parameters_config" do |app|
       options = app.config.action_controller
 
@@ -46,11 +54,6 @@ module ActionController
         end
 
         ActionController::Parameters.action_on_unpermitted_parameters = action_on_unpermitted_parameters
-
-        unless options.allow_deprecated_parameters_hash_equality.nil?
-          ActionController::Parameters.allow_deprecated_parameters_hash_equality =
-            options.allow_deprecated_parameters_hash_equality
-        end
       end
     end
 
@@ -58,7 +61,8 @@ module ActionController
       paths   = app.config.paths
       options = app.config.action_controller
 
-      options.logger      ||= Rails.logger
+      options.logger = options.fetch(:logger, Rails.logger)
+
       options.cache_store ||= Rails.cache
 
       options.javascripts_dir ||= paths["public/javascripts"].first
@@ -77,12 +81,13 @@ module ActionController
 
         # Configs used in other initializers
         filtered_options = options.except(
+          :default_protect_from_forgery,
           :log_query_tags_around_actions,
           :permit_all_parameters,
           :action_on_unpermitted_parameters,
           :always_permitted_parameters,
           :wrap_parameters_by_default,
-          :allow_deprecated_parameters_hash_equality
+          :live_streaming_excluded_keys
         )
 
         filtered_options.each do |k, v|
@@ -96,12 +101,6 @@ module ActionController
       end
     end
 
-    initializer "action_controller.compile_config_methods" do
-      ActiveSupport.on_load(:action_controller) do
-        config.compile_methods! if config.respond_to?(:compile_methods!)
-      end
-    end
-
     initializer "action_controller.request_forgery_protection" do |app|
       ActiveSupport.on_load(:action_controller_base) do
         if app.config.action_controller.default_protect_from_forgery
@@ -110,6 +109,22 @@ module ActionController
       end
     end
 
+    initializer "action_controller.open_redirects" do |app|
+      ActiveSupport.on_load(:action_controller, run_once: true) do
+        if app.config.action_controller.has_key?(:raise_on_open_redirects)
+          ActiveSupport.deprecator.warn(<<~MSG.squish)
+            `raise_on_open_redirects` is deprecated and will be removed in a future Rails version.
+            Use `config.action_controller.action_on_open_redirect = :raise` instead.
+          MSG
+
+          # Fallback to the default behavior in case of `load_default` set `action_on_open_redirect`, but apps set `raise_on_open_redirects`.
+          if app.config.action_controller.raise_on_open_redirects == false && app.config.action_controller.action_on_open_redirect == :raise
+            self.action_on_open_redirect = :log
+          end
+        end
+      end
+    end
+
     initializer "action_controller.query_log_tags" do |app|
       query_logs_tags_enabled = app.config.respond_to?(:active_record) &&
         app.config.active_record.query_log_tags_enabled &&
@@ -120,7 +135,7 @@ module ActionController
         app.config.active_record.query_log_tags |= [:action]
 
         ActiveSupport.on_load(:active_record) do
-          ActiveRecord::QueryLogs.taggings.merge!(
+          ActiveRecord::QueryLogs.taggings = ActiveRecord::QueryLogs.taggings.merge(
             controller:            ->(context) { context[:controller]&.controller_name },
             action:                ->(context) { context[:controller]&.action_name },
             namespaced_controller: ->(context) {
@@ -142,5 +157,11 @@ module ActionController
         ActionController::TestCase.executor_around_each_request = app.config.active_support.executor_around_test_case
       end
     end
+
+    initializer "action_controller.backtrace_cleaner" do
+      ActiveSupport.on_load(:action_controller) do
+        ActionController::LogSubscriber.backtrace_cleaner = Rails.backtrace_cleaner
+      end
+    end
   end
 end

data/lib/action_controller/railties/helpers.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module Railties
     module Helpers

data/lib/action_controller/renderer.rb

@@ -1,25 +1,28 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
-  # = Action Controller \Renderer
+  # # Action Controller Renderer
   #
   # ActionController::Renderer allows you to render arbitrary templates without
   # being inside a controller action.
   #
-  # You can get a renderer instance by calling +renderer+ on a controller class:
+  # You can get a renderer instance by calling `renderer` on a controller class:
   #
-  #   ApplicationController.renderer
-  #   PostsController.renderer
+  #     ApplicationController.renderer
+  #     PostsController.renderer
   #
   # and render a template by calling the #render method:
   #
-  #   ApplicationController.renderer.render template: "posts/show", assigns: { post: Post.first }
-  #   PostsController.renderer.render :show, assigns: { post: Post.first }
+  #     ApplicationController.renderer.render template: "posts/show", assigns: { post: Post.first }
+  #     PostsController.renderer.render :show, assigns: { post: Post.first }
   #
-  # As a shortcut, you can also call +render+ directly on the controller class itself:
+  # As a shortcut, you can also call `render` directly on the controller class
+  # itself:
   #
-  #   ApplicationController.render template: "posts/show", assigns: { post: Post.first }
-  #   PostsController.render :show, assigns: { post: Post.first }
+  #     ApplicationController.render template: "posts/show", assigns: { post: Post.first }
+  #     PostsController.render :show, assigns: { post: Post.first }
   #
   class Renderer
     attr_reader :controller
@@ -64,45 +67,46 @@ module ActionController
 
     # Creates a new renderer using the same controller, but with a new Rack env.
     #
-    #   ApplicationController.renderer.new(method: "post")
+    #     ApplicationController.renderer.new(method: "post")
     #
     def new(env = nil)
       self.class.new controller, env, @defaults
     end
 
-    # Creates a new renderer using the same controller, but with the given
-    # defaults merged on top of the previous defaults.
+    # Creates a new renderer using the same controller, but with the given defaults
+    # merged on top of the previous defaults.
     def with_defaults(defaults)
       self.class.new controller, @env, @defaults.merge(defaults)
     end
 
     # Initializes a new Renderer.
     #
-    # ==== Parameters
+    # #### Parameters
+    #
+    # *   `controller` - The controller class to instantiate for rendering.
+    # *   `env` - The Rack env to use for mocking a request when rendering. Entries
+    #     can be typical Rack env keys and values, or they can be any of the
+    #     following, which will be converted appropriately:
+    #     *   `:http_host` - The HTTP host for the incoming request. Converts to
+    #         Rack's `HTTP_HOST`.
+    #     *   `:https` - Boolean indicating whether the incoming request uses HTTPS.
+    #         Converts to Rack's `HTTPS`.
+    #     *   `:method` - The HTTP method for the incoming request,
+    #         case-insensitive. Converts to Rack's `REQUEST_METHOD`.
+    #     *   `:script_name` - The portion of the incoming request's URL path that
+    #         corresponds to the application. Converts to Rack's `SCRIPT_NAME`.
+    #     *   `:input` - The input stream. Converts to Rack's `rack.input`.
+    # *   `defaults` - Default values for the Rack env. Entries are specified in the
+    #     same format as `env`. `env` will be merged on top of these values.
+    #     `defaults` will be retained when calling #new on a renderer instance.
     #
-    # * +controller+ - The controller class to instantiate for rendering.
-    # * +env+ - The Rack env to use for mocking a request when rendering.
-    #   Entries can be typical Rack env keys and values, or they can be any of
-    #   the following, which will be converted appropriately:
-    #   * +:http_host+ - The HTTP host for the incoming request. Converts to
-    #     Rack's +HTTP_HOST+.
-    #   * +:https+ - Boolean indicating whether the incoming request uses HTTPS.
-    #     Converts to Rack's +HTTPS+.
-    #   * +:method+ - The HTTP method for the incoming request, case-insensitive.
-    #     Converts to Rack's +REQUEST_METHOD+.
-    #   * +:script_name+ - The portion of the incoming request's URL path that
-    #     corresponds to the application. Converts to Rack's +SCRIPT_NAME+.
-    #   * +:input+ - The input stream. Converts to Rack's +rack.input+.
-    # * +defaults+ - Default values for the Rack env. Entries are specified in
-    #   the same format as +env+. +env+ will be merged on top of these values.
-    #   +defaults+ will be retained when calling #new on a renderer instance.
     #
-    # If no +http_host+ is specified, the env HTTP host will be derived from the
-    # routes' +default_url_options+. In this case, the +https+ boolean and the
-    # +script_name+ will also be derived from +default_url_options+ if they were
-    # not specified. Additionally, the +https+ boolean will fall back to
-    # +Rails.application.config.force_ssl+ if +default_url_options+ does not
-    # specify a +protocol+.
+    # If no `http_host` is specified, the env HTTP host will be derived from the
+    # routes' `default_url_options`. In this case, the `https` boolean and the
+    # `script_name` will also be derived from `default_url_options` if they were not
+    # specified. Additionally, the `https` boolean will fall back to
+    # `Rails.application.config.force_ssl` if `default_url_options` does not specify
+    # a `protocol`.
     def initialize(controller, env, defaults)
       @controller = controller
       @defaults = defaults
@@ -119,7 +123,8 @@ module ActionController
       @defaults
     end
 
-    # Renders a template to a string, just like ActionController::Rendering#render_to_string.
+    # Renders a template to a string, just like
+    # ActionController::Rendering#render_to_string.
     def render(*args)
       request = ActionDispatch::Request.new(env_for_request)
       request.routes = controller._routes

data/lib/action_controller/structured_event_subscriber.rb

@@ -0,0 +1,116 @@
+# frozen_string_literal: true
+
+module ActionController
+  class StructuredEventSubscriber < ActiveSupport::StructuredEventSubscriber # :nodoc:
+    INTERNAL_PARAMS = %w(controller action format _method only_path)
+
+    def start_processing(event)
+      payload = event.payload
+      params = {}
+      payload[:params].each_pair do |k, v|
+        params[k] = v unless INTERNAL_PARAMS.include?(k)
+      end
+      format = payload[:format]
+      format = format.to_s.upcase if format.is_a?(Symbol)
+      format = "*/*" if format.nil?
+
+      emit_event("action_controller.request_started",
+        controller: payload[:controller],
+        action: payload[:action],
+        format:,
+        params:,
+      )
+    end
+
+    def process_action(event)
+      payload = event.payload
+      status = payload[:status]
+
+      if status.nil? && (exception_class_name = payload[:exception]&.first)
+        status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
+      end
+
+      emit_event("action_controller.request_completed", {
+        controller: payload[:controller],
+        action: payload[:action],
+        status: status,
+        **additions_for(payload),
+        duration_ms: event.duration.round(2),
+        gc_time_ms: event.gc_time.round(1),
+      }.compact)
+    end
+
+    def halted_callback(event)
+      emit_event("action_controller.callback_halted", filter: event.payload[:filter])
+    end
+
+    def rescue_from_callback(event)
+      exception = event.payload[:exception]
+
+      exception_backtrace = exception.backtrace&.first
+      exception_backtrace = exception_backtrace&.delete_prefix("#{Rails.root}/") if defined?(Rails.root) && Rails.root
+
+      emit_event("action_controller.rescue_from_handled",
+        exception_class: exception.class.name,
+        exception_message: exception.message,
+        exception_backtrace:
+      )
+    end
+
+    def send_file(event)
+      emit_event("action_controller.file_sent", path: event.payload[:path], duration_ms: event.duration.round(1))
+    end
+
+    def redirect_to(event)
+      emit_event("action_controller.redirected", location: event.payload[:location])
+    end
+
+    def send_data(event)
+      emit_event("action_controller.data_sent", filename: event.payload[:filename], duration_ms: event.duration.round(1))
+    end
+
+    def unpermitted_parameters(event)
+      unpermitted_keys = event.payload[:keys]
+      context = event.payload[:context]
+
+      emit_debug_event("action_controller.unpermitted_parameters",
+        unpermitted_keys:,
+        context: context.except(:request)
+      )
+    end
+    debug_only :unpermitted_parameters
+
+    def write_fragment(event)
+      fragment_cache(__method__, event)
+    end
+
+    def read_fragment(event)
+      fragment_cache(__method__, event)
+    end
+
+    def exist_fragment?(event)
+      fragment_cache(__method__, event)
+    end
+
+    def expire_fragment(event)
+      fragment_cache(__method__, event)
+    end
+
+    private
+      def fragment_cache(method_name, event)
+        key = ActiveSupport::Cache.expand_cache_key(event.payload[:key] || event.payload[:path])
+
+        emit_event("action_controller.fragment_cache",
+          method: "#{method_name}",
+          key: key,
+          duration_ms: event.duration.round(1)
+        )
+      end
+
+      def additions_for(payload)
+        payload.slice(:view_runtime, :db_runtime, :queries_count, :cached_queries_count)
+      end
+  end
+end
+
+ActionController::StructuredEventSubscriber.attach_to :action_controller

data/lib/action_controller/template_assertions.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module TemplateAssertions # :nodoc:
     def assert_template(options = {}, message = nil)
       raise NoMethodError,
-        "assert_template has been extracted to a gem. To continue using it,
-        add `gem 'rails-controller-testing'` to your Gemfile."
+        'assert_template has been extracted to a gem. To continue using it,
+        add `gem "rails-controller-testing"` to your Gemfile.'
     end
   end
 end