actionpack 7.2.2.1 → 8.0.5

data/lib/action_dispatch/http/url.rb

@@ -272,7 +272,7 @@ module ActionDispatch
         end
       end
 
-      # Returns whether this request is using the standard port
+      # Returns whether this request is using the standard port.
       #
       #     req = ActionDispatch::Request.new 'HTTP_HOST' => 'example.com:80'
       #     req.standard_port? # => true
@@ -307,7 +307,7 @@ module ActionDispatch
         standard_port? ? "" : ":#{port}"
       end
 
-      # Returns the requested port, such as 8080, based on SERVER_PORT
+      # Returns the requested port, such as 8080, based on SERVER_PORT.
       #
       #     req = ActionDispatch::Request.new 'SERVER_PORT' => '80'
       #     req.server_port # => 80

data/lib/action_dispatch/journey/formatter.rb

@@ -60,8 +60,13 @@ module ActionDispatch
 
       def generate(name, options, path_parameters)
         original_options = options.dup
-        path_params = options.delete(:path_params) || {}
-        options = path_params.merge(options)
+        path_params = options.delete(:path_params)
+        if path_params.is_a?(Hash)
+          options = path_params.merge(options)
+        else
+          path_params = nil
+          options = options.dup
+        end
         constraints = path_parameters.merge(options)
         missing_keys = nil
 
@@ -79,7 +84,7 @@ module ActionDispatch
             # top-level params' normal behavior of generating query_params should be
             # preserved even if the same key is also a bind_param
             parameterized_parts.key?(key) || route.defaults.key?(key) ||
-              (path_params.key?(key) && !original_options.key?(key))
+              (path_params&.key?(key) && !original_options.key?(key))
           end
 
           defaults       = route.defaults

data/lib/action_dispatch/journey/gtg/transition_table.rb

@@ -107,10 +107,10 @@ module ActionDispatch
           end
 
           {
-            regexp_states:   simple_regexp,
-            string_states:   @string_states,
-            stdparam_states: @stdparam_states,
-            accepting:       @accepting
+            regexp_states:   simple_regexp.stringify_keys,
+            string_states:   @string_states.stringify_keys,
+            stdparam_states: @stdparam_states.stringify_keys,
+            accepting:       @accepting.stringify_keys
           }
         end
 

data/lib/action_dispatch/journey/parser.rb

@@ -1,200 +1,103 @@
-#
-# DO NOT MODIFY!!!!
-# This file is automatically generated by Racc 1.4.16 from
-# Racc grammar file "".
+# frozen_string_literal: true
 
-# :markup: markdown
+require "action_dispatch/journey/scanner"
+require "action_dispatch/journey/nodes/node"
 
-require 'racc/parser.rb'
-
-# :stopdoc:
-
-require "action_dispatch/journey/parser_extras"
 module ActionDispatch
-  module Journey
-    class Parser < Racc::Parser
-##### State transition tables begin ###
-
-racc_action_table = [
-    13,    15,    14,     7,    19,    16,     8,    19,    13,    15,
-    14,     7,    17,    16,     8,    13,    15,    14,     7,    21,
-    16,     8,    13,    15,    14,     7,    24,    16,     8 ]
-
-racc_action_check = [
-     2,     2,     2,     2,    22,     2,     2,     2,    19,    19,
-    19,    19,     1,    19,    19,     7,     7,     7,     7,    17,
-     7,     7,     0,     0,     0,     0,    20,     0,     0 ]
-
-racc_action_pointer = [
-    20,    12,    -2,   nil,   nil,   nil,   nil,    13,   nil,   nil,
-   nil,   nil,   nil,   nil,   nil,   nil,   nil,    19,   nil,     6,
-    20,   nil,    -5,   nil,   nil ]
-
-racc_action_default = [
-   -19,   -19,    -2,    -3,    -4,    -5,    -6,   -19,   -10,   -11,
-   -12,   -13,   -14,   -15,   -16,   -17,   -18,   -19,    -1,   -19,
-   -19,    25,    -8,    -9,    -7 ]
-
-racc_goto_table = [
-     1,    22,    18,    23,   nil,   nil,   nil,    20 ]
-
-racc_goto_check = [
-     1,     2,     1,     3,   nil,   nil,   nil,     1 ]
-
-racc_goto_pointer = [
-   nil,     0,   -18,   -16,   nil,   nil,   nil,   nil,   nil,   nil,
-   nil ]
-
-racc_goto_default = [
-   nil,   nil,     2,     3,     4,     5,     6,     9,    10,    11,
-    12 ]
-
-racc_reduce_table = [
-  0, 0, :racc_error,
-  2, 11, :_reduce_1,
-  1, 11, :_reduce_2,
-  1, 11, :_reduce_none,
-  1, 12, :_reduce_none,
-  1, 12, :_reduce_none,
-  1, 12, :_reduce_none,
-  3, 15, :_reduce_7,
-  3, 13, :_reduce_8,
-  3, 13, :_reduce_9,
-  1, 16, :_reduce_10,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 14, :_reduce_none,
-  1, 19, :_reduce_15,
-  1, 17, :_reduce_16,
-  1, 18, :_reduce_17,
-  1, 20, :_reduce_18 ]
-
-racc_reduce_n = 19
-
-racc_shift_n = 25
-
-racc_token_table = {
-  false => 0,
-  :error => 1,
-  :SLASH => 2,
-  :LITERAL => 3,
-  :SYMBOL => 4,
-  :LPAREN => 5,
-  :RPAREN => 6,
-  :DOT => 7,
-  :STAR => 8,
-  :OR => 9 }
-
-racc_nt_base = 10
-
-racc_use_result_var = false
-
-Racc_arg = [
-  racc_action_table,
-  racc_action_check,
-  racc_action_default,
-  racc_action_pointer,
-  racc_goto_table,
-  racc_goto_check,
-  racc_goto_default,
-  racc_goto_pointer,
-  racc_nt_base,
-  racc_reduce_table,
-  racc_token_table,
-  racc_shift_n,
-  racc_reduce_n,
-  racc_use_result_var ]
-
-Racc_token_to_s_table = [
-  "$end",
-  "error",
-  "SLASH",
-  "LITERAL",
-  "SYMBOL",
-  "LPAREN",
-  "RPAREN",
-  "DOT",
-  "STAR",
-  "OR",
-  "$start",
-  "expressions",
-  "expression",
-  "or",
-  "terminal",
-  "group",
-  "star",
-  "symbol",
-  "literal",
-  "slash",
-  "dot" ]
-
-Racc_debug_parser = false
-
-##### State transition tables end #####
-
-# reduce 0 omitted
-
-def _reduce_1(val, _values)
- Cat.new(val.first, val.last)
-end
-
-def _reduce_2(val, _values)
- val.first
-end
-
-# reduce 3 omitted
-
-# reduce 4 omitted
-
-# reduce 5 omitted
-
-# reduce 6 omitted
-
-def _reduce_7(val, _values)
- Group.new(val[1])
-end
-
-def _reduce_8(val, _values)
- Or.new([val.first, val.last])
-end
-
-def _reduce_9(val, _values)
- Or.new([val.first, val.last])
-end
-
-def _reduce_10(val, _values)
- Star.new(Symbol.new(val.last, Symbol::GREEDY_EXP))
+  module Journey # :nodoc:
+    class Parser # :nodoc:
+      include Journey::Nodes
+
+      def self.parse(string)
+        new.parse string
+      end
+
+      def initialize
+        @scanner = Scanner.new
+        @next_token = nil
+      end
+
+      def parse(string)
+        @scanner.scan_setup(string)
+        advance_token
+        do_parse
+      end
+
+      private
+        def advance_token
+          @next_token = @scanner.next_token
+        end
+
+        def do_parse
+          parse_expressions
+        end
+
+        def parse_expressions
+          node = parse_expression
+
+          while @next_token
+            case @next_token
+            when :RPAREN
+              break
+            when :OR
+              node = parse_or(node)
+            else
+              node = Cat.new(node, parse_expressions)
+            end
+          end
+
+          node
+        end
+
+        def parse_or(lhs)
+          advance_token
+          node = parse_expression
+          Or.new([lhs, node])
+        end
+
+        def parse_expression
+          if @next_token == :STAR
+            parse_star
+          elsif @next_token == :LPAREN
+            parse_group
+          else
+            parse_terminal
+          end
+        end
+
+        def parse_star
+          node = Star.new(Symbol.new(@scanner.last_string, Symbol::GREEDY_EXP))
+          advance_token
+          node
+        end
+
+        def parse_group
+          advance_token
+          node = parse_expressions
+          if @next_token == :RPAREN
+            node = Group.new(node)
+            advance_token
+            node
+          else
+            raise ArgumentError, "missing right parenthesis."
+          end
+        end
+
+        def parse_terminal
+          node = case @next_token
+          when :SYMBOL
+            Symbol.new(@scanner.last_string)
+          when :LITERAL
+            Literal.new(@scanner.last_literal)
+          when :SLASH
+            Slash.new("/")
+          when :DOT
+            Dot.new(".")
+          end
+
+          advance_token
+          node
+        end
+    end
+  end
 end
-
-# reduce 11 omitted
-
-# reduce 12 omitted
-
-# reduce 13 omitted
-
-# reduce 14 omitted
-
-def _reduce_15(val, _values)
- Slash.new(val.first)
-end
-
-def _reduce_16(val, _values)
- Symbol.new(val.first)
-end
-
-def _reduce_17(val, _values)
- Literal.new(val.first)
-end
-
-def _reduce_18(val, _values)
- Dot.new(val.first)
-end
-
-def _reduce_none(val, _values)
-  val[0]
-end
-
-    end   # class Parser
-  end   # module Journey
-end   # module ActionDispatch

data/lib/action_dispatch/journey/scanner.rb

@@ -7,66 +7,68 @@ require "strscan"
 module ActionDispatch
   module Journey # :nodoc:
     class Scanner # :nodoc:
+      STATIC_TOKENS = Array.new(150)
+      STATIC_TOKENS[".".ord] = :DOT
+      STATIC_TOKENS["/".ord] = :SLASH
+      STATIC_TOKENS["(".ord] = :LPAREN
+      STATIC_TOKENS[")".ord] = :RPAREN
+      STATIC_TOKENS["|".ord] = :OR
+      STATIC_TOKENS[":".ord] = :SYMBOL
+      STATIC_TOKENS["*".ord] = :STAR
+      STATIC_TOKENS.freeze
+
+      class Scanner < StringScanner
+        unless method_defined?(:peek_byte) # https://github.com/ruby/strscan/pull/89
+          def peek_byte
+            string.getbyte(pos)
+          end
+        end
+      end
+
       def initialize
-        @ss = nil
+        @scanner = nil
+        @length = nil
       end
 
       def scan_setup(str)
-        @ss = StringScanner.new(str)
+        @scanner = Scanner.new(str)
       end
 
-      def eos?
-        @ss.eos?
-      end
+      def next_token
+        return if @scanner.eos?
 
-      def pos
-        @ss.pos
+        until token = scan || @scanner.eos?; end
+        token
       end
 
-      def pre_match
-        @ss.pre_match
+      def last_string
+        -@scanner.string.byteslice(@scanner.pos - @length, @length)
       end
 
-      def next_token
-        return if @ss.eos?
-
-        until token = scan || @ss.eos?; end
-        token
+      def last_literal
+        last_str = @scanner.string.byteslice(@scanner.pos - @length, @length)
+        last_str.tr! "\\", ""
+        -last_str
       end
 
       private
-        # takes advantage of String @- deduping capabilities in Ruby 2.5 upwards see:
-        # https://bugs.ruby-lang.org/issues/13077
-        def dedup_scan(regex)
-          r = @ss.scan(regex)
-          r ? -r : nil
-        end
-
         def scan
+          next_byte = @scanner.peek_byte
           case
-            # /
-          when @ss.skip(/\//)
-            [:SLASH, "/"]
-          when @ss.skip(/\(/)
-            [:LPAREN, "("]
-          when @ss.skip(/\)/)
-            [:RPAREN, ")"]
-          when @ss.skip(/\|/)
-            [:OR, "|"]
-          when @ss.skip(/\./)
-            [:DOT, "."]
-          when text = dedup_scan(/:\w+/)
-            [:SYMBOL, text]
-          when text = dedup_scan(/\*\w+/)
-            [:STAR, text]
-          when text = @ss.scan(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
-            text.tr! "\\", ""
-            [:LITERAL, -text]
-            # any char
-          when text = dedup_scan(/./)
-            [:LITERAL, text]
+          when (token = STATIC_TOKENS[next_byte]) && (token != :SYMBOL || next_byte_is_not_a_token?)
+            @scanner.pos += 1
+            @length = @scanner.skip(/\w+/).to_i + 1 if token == :SYMBOL || token == :STAR
+            token
+          when @length = @scanner.skip(/(?:[\w%\-~!$&'*+,;=@]|\\[:()])+/)
+            :LITERAL
+          when @length = @scanner.skip(/./)
+            :LITERAL
           end
         end
+
+        def next_byte_is_not_a_token?
+          !STATIC_TOKENS[@scanner.string.getbyte(@scanner.pos + 1)]
+        end
     end
   end
 end

data/lib/action_dispatch/middleware/cookies.rb

@@ -116,13 +116,15 @@ module ActionDispatch
   #     cookies[:login] = { value: "XJ-122", expires: Time.utc(2020, 10, 15, 5) }
   #
   #     # Sets a signed cookie, which prevents users from tampering with its value.
-  #     # It can be read using the signed method `cookies.signed[:name]`
   #     cookies.signed[:user_id] = current_user.id
+  #     # It can be read using the signed method.
+  #     cookies.signed[:user_id] # => 123
   #
   #     # Sets an encrypted cookie value before sending it to the client which
   #     # prevent users from reading and tampering with its value.
-  #     # It can be read using the encrypted method `cookies.encrypted[:name]`
   #     cookies.encrypted[:discount] = 45
+  #     # It can be read using the encrypted method.
+  #     cookies.encrypted[:discount] # => 45
   #
   #     # Sets a "permanent" cookie (which expires in 20 years from now).
   #     cookies.permanent[:login] = "XJ-122"

data/lib/action_dispatch/middleware/debug_exceptions.rb

@@ -65,7 +65,9 @@ module ActionDispatch
             content_type = Mime[:text]
           end
 
-          if api_request?(content_type)
+          if request.raw_request_method == "HEAD"
+            render(wrapper.status_code, "", content_type)
+          elsif api_request?(content_type)
             render_for_api_request(content_type, wrapper)
           else
             render_for_browser_request(request, wrapper)
@@ -142,17 +144,30 @@ module ActionDispatch
 
         message = []
         message << "  "
-        message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         if wrapper.has_cause?
-          message << "\nCauses:"
+          message << "#{wrapper.exception_class_name} (#{wrapper.message})"
           wrapper.wrapped_causes.each do |wrapped_cause|
-            message << "#{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
+            message << "Caused by: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message})"
           end
+
+          message << "\nInformation for: #{wrapper.exception_class_name} (#{wrapper.message}):"
+        else
+          message << "#{wrapper.exception_class_name} (#{wrapper.message}):"
         end
+
         message.concat(wrapper.annotated_source_code)
         message << "  "
         message.concat(trace)
 
+        if wrapper.has_cause?
+          wrapper.wrapped_causes.each do |wrapped_cause|
+            message << "\nInformation for cause: #{wrapped_cause.exception_class_name} (#{wrapped_cause.message}):"
+            message.concat(wrapped_cause.annotated_source_code)
+            message << "  "
+            message.concat(wrapped_cause.exception_trace)
+          end
+        end
+
         log_array(logger, message, request)
       end
 

data/lib/action_dispatch/middleware/debug_view.rb

@@ -15,17 +15,12 @@ module ActionDispatch
       paths = RESCUES_TEMPLATE_PATHS.dup
       lookup_context = ActionView::LookupContext.new(paths)
       super(lookup_context, assigns, nil)
-      @exception_wrapper = assigns[:exception_wrapper]
     end
 
     def compiled_method_container
       self.class
     end
 
-    def error_highlight_available?
-      @exception_wrapper.error_highlight_available?
-    end
-
     def debug_params(params)
       clean_params = params.clone
       clean_params.delete("action")

data/lib/action_dispatch/middleware/exception_wrapper.rb

@@ -18,8 +18,8 @@ module ActionDispatch
       "ActionController::UnknownFormat"                    => :not_acceptable,
       "ActionDispatch::Http::MimeNegotiation::InvalidType" => :not_acceptable,
       "ActionController::MissingExactTemplate"             => :not_acceptable,
-      "ActionController::InvalidAuthenticityToken"         => :unprocessable_entity,
-      "ActionController::InvalidCrossOriginRequest"        => :unprocessable_entity,
+      "ActionController::InvalidAuthenticityToken"         => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
+      "ActionController::InvalidCrossOriginRequest"        => ActionDispatch::Constants::UNPROCESSABLE_CONTENT,
       "ActionDispatch::Http::Parameters::ParseError"       => :bad_request,
       "ActionController::BadRequest"                       => :bad_request,
       "ActionController::ParameterMissing"                 => :bad_request,
@@ -173,7 +173,7 @@ module ActionDispatch
     end
 
     def self.status_code_for_exception(class_name)
-      Rack::Utils.status_code(@@rescue_responses[class_name])
+      ActionDispatch::Response.rack_status_code(@@rescue_responses[class_name])
     end
 
     def show?(request)
@@ -201,12 +201,6 @@ module ActionDispatch
       end
     end
 
-    def error_highlight_available?
-      # ErrorHighlight.spot with backtrace_location keyword is available since
-      # error_highlight 0.4.0
-      defined?(ErrorHighlight) && Gem::Version.new(ErrorHighlight::VERSION) >= Gem::Version.new("0.4.0")
-    end
-
     def trace_to_show
       if traces["Application Trace"].empty? && rescue_template != "routing_error"
         "Full Trace"

data/lib/action_dispatch/middleware/executor.rb

@@ -21,8 +21,11 @@ module ActionDispatch
         end
 
         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
-      rescue => error
-        @executor.error_reporter.report(error, handled: false, source: "application.action_dispatch")
+      rescue Exception => error
+        request = ActionDispatch::Request.new env
+        backtrace_cleaner = request.get_header("action_dispatch.backtrace_cleaner")
+        wrapper = ExceptionWrapper.new(backtrace_cleaner, error)
+        @executor.error_reporter.report(wrapper.unwrapped_exception, handled: false, source: "application.action_dispatch")
         raise
       ensure
         state.complete! unless returned

data/lib/action_dispatch/middleware/public_exceptions.rb

@@ -32,7 +32,11 @@ module ActionDispatch
       end
       body = { status: status, error: Rack::Utils::HTTP_STATUS_CODES.fetch(status, Rack::Utils::HTTP_STATUS_CODES[500]) }
 
-      render(status, content_type, body)
+      if env["action_dispatch.original_request_method"] == "HEAD"
+        render_format(status, content_type, "")
+      else
+        render(status, content_type, body)
+      end
     end
 
     private

data/lib/action_dispatch/middleware/request_id.rb

@@ -25,11 +25,12 @@ module ActionDispatch
     def initialize(app, header:)
       @app = app
       @header = header
+      @env_header = "HTTP_#{header.upcase.tr("-", "_")}"
     end
 
     def call(env)
       req = ActionDispatch::Request.new env
-      req.request_id = make_request_id(req.headers[@header])
+      req.request_id = make_request_id(req.get_header(@env_header))
       @app.call(env).tap { |_status, headers, _body| headers[@header] = req.request_id }
     end
 

data/lib/action_dispatch/middleware/ssl.rb

@@ -11,9 +11,11 @@ module ActionDispatch
   #
   # 1.  **TLS redirect**: Permanently redirects `http://` requests to `https://`
   #     with the same URL host, path, etc. Enabled by default. Set
-  #     `config.ssl_options` to modify the destination URL (e.g. `redirect: {
-  #     host: "secure.widgets.com", port: 8080 }`), or set `redirect: false` to
-  #     disable this feature.
+  #     `config.ssl_options` to modify the destination URL:
+  #
+  #         config.ssl_options = { redirect: { host: "secure.widgets.com", port: 8080 }`
+  #
+  #     Or set `redirect: false` to disable redirection.
   #
   #     Requests can opt-out of redirection with `exclude`:
   #
@@ -21,6 +23,14 @@ module ActionDispatch
   #
   #     Cookies will not be flagged as secure for excluded requests.
   #
+  #     When proxying through a load balancer that terminates SSL, the forwarded
+  #     request will appear as though it's HTTP instead of HTTPS to the application.
+  #     This makes redirects and cookie security target HTTP instead of HTTPS.
+  #     To make the server assume that the proxy already terminated SSL, and
+  #     that the request really is HTTPS, set `config.assume_ssl` to `true`:
+  #
+  #         config.assume_ssl = true
+  #
   # 2.  **Secure cookies**: Sets the `secure` flag on cookies to tell browsers
   #     they must not be sent along with `http://` requests. Enabled by default.
   #     Set `config.ssl_options` with `secure_cookies: false` to disable this

data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb

@@ -28,9 +28,6 @@
           </tr>
         </table>
       </div>
-      <%- unless self.error_highlight_available? -%>
-        <p class="error_highlight_tip">Tip: You may want to add <code>gem "error_highlight", "&gt;= 0.4.0"</code> into your Gemfile, which will display the fine-grained error location.</p>
-      <%- end -%>
     </div>
   <% end %>
 <% end %>