actionpack 7.2.2.1 → 8.0.5

data/lib/action_dispatch/railtie.rb

@@ -29,6 +29,10 @@ module ActionDispatch
     config.action_dispatch.request_id_header = ActionDispatch::Constants::X_REQUEST_ID
     config.action_dispatch.log_rescued_responses = true
     config.action_dispatch.debug_exception_log_level = :fatal
+    config.action_dispatch.strict_freshness = false
+
+    config.action_dispatch.ignore_leading_brackets = nil
+    config.action_dispatch.strict_query_string_separator = nil
 
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
@@ -51,6 +55,9 @@ module ActionDispatch
       ActionDispatch::Http::URL.secure_protocol = app.config.force_ssl
       ActionDispatch::Http::URL.tld_length = app.config.action_dispatch.tld_length
 
+      ActionDispatch::ParamBuilder.ignore_leading_brackets = app.config.action_dispatch.ignore_leading_brackets
+      ActionDispatch::QueryParser.strict_query_string_separator = app.config.action_dispatch.strict_query_string_separator
+
       ActiveSupport.on_load(:action_dispatch_request) do
         self.ignore_accept_header = app.config.action_dispatch.ignore_accept_header
         ActionDispatch::Request::Utils.perform_deep_munge = app.config.action_dispatch.perform_deep_munge
@@ -69,6 +76,7 @@ module ActionDispatch
 
       ActionDispatch::Routing::Mapper.route_source_locations = Rails.env.development?
 
+      ActionDispatch::Http::Cache::Request.strict_freshness = app.config.action_dispatch.strict_freshness
       ActionDispatch.test_app = app
     end
   end

data/lib/action_dispatch/request/session.rb

@@ -155,6 +155,7 @@ module ActionDispatch
         load_for_write!
         @delegate[key.to_s] = value
       end
+      alias store []=
 
       # Clears the session.
       def clear

data/lib/action_dispatch/request/utils.rb

@@ -83,8 +83,8 @@ module ActionDispatch
       end
 
       class CustomParamEncoder # :nodoc:
-        def self.encode(request, params, controller, action)
-          return params unless controller && controller.valid_encoding? && encoding_template = action_encoding_template(request, controller, action)
+        def self.encode_for_template(params, encoding_template)
+          return params unless encoding_template
           params.except(:controller, :action).each do |key, value|
             ActionDispatch::Request::Utils.each_param_value(value) do |param|
               # If `param` is frozen, it comes from the router defaults
@@ -98,8 +98,14 @@ module ActionDispatch
           params
         end
 
+        def self.encode(request, params, controller, action)
+          encoding_template = action_encoding_template(request, controller, action)
+          encode_for_template(params, encoding_template)
+        end
+
         def self.action_encoding_template(request, controller, action) # :nodoc:
-          request.controller_class_for(controller).action_encoding_template(action)
+          controller && controller.valid_encoding? &&
+            request.controller_class_for(controller).action_encoding_template(action)
         rescue MissingController
           nil
         end

data/lib/action_dispatch/routing/inspector.rb

@@ -101,7 +101,7 @@ module ActionDispatch
             { controller: /#{filter[:controller].underscore.sub(/_?controller\z/, "")}/ }
           elsif filter[:grep]
             grep_pattern = Regexp.new(filter[:grep])
-            path = RFC2396_PARSER.escape(filter[:grep])
+            path = URI::RFC2396_PARSER.escape(filter[:grep])
             normalized_path = ("/" + path).squeeze("/")
 
             {

data/lib/action_dispatch/routing/mapper.rb

@@ -375,35 +375,18 @@ module ActionDispatch
             Routing::RouteSet::Dispatcher.new raise_on_name_error
           end
 
-          if Thread.respond_to?(:each_caller_location)
-            def route_source_location
-              if Mapper.route_source_locations
-                action_dispatch_dir = File.expand_path("..", __dir__)
-                Thread.each_caller_location do |location|
-                  next if location.path.start_with?(action_dispatch_dir)
+          def route_source_location
+            if Mapper.route_source_locations
+              action_dispatch_dir = File.expand_path("..", __dir__)
+              Thread.each_caller_location do |location|
+                next if location.path.start_with?(action_dispatch_dir)
 
-                  cleaned_path = Mapper.backtrace_cleaner.clean_frame(location.path)
-                  next if cleaned_path.nil?
+                cleaned_path = Mapper.backtrace_cleaner.clean_frame(location.path)
+                next if cleaned_path.nil?
 
-                  return "#{cleaned_path}:#{location.lineno}"
-                end
-                nil
-              end
-            end
-          else
-            def route_source_location
-              if Mapper.route_source_locations
-                action_dispatch_dir = File.expand_path("..", __dir__)
-                caller_locations.each do |location|
-                  next if location.path.start_with?(action_dispatch_dir)
-
-                  cleaned_path = Mapper.backtrace_cleaner.clean_frame(location.path)
-                  next if cleaned_path.nil?
-
-                  return "#{cleaned_path}:#{location.lineno}"
-                end
-                nil
+                return "#{cleaned_path}:#{location.lineno}"
               end
+              nil
             end
           end
       end
@@ -470,7 +453,6 @@ module ActionDispatch
         # When a pattern points to an internal route, the route's `:action` and
         # `:controller` should be set in options or hash shorthand. Examples:
         #
-        #     match 'photos/:id' => 'photos#show', via: :get
         #     match 'photos/:id', to: 'photos#show', via: :get
         #     match 'photos/:id', controller: 'photos', action: 'show', via: :get
         #
@@ -614,10 +596,6 @@ module ActionDispatch
         #
         #     mount SomeRackApp, at: "some_route"
         #
-        # Alternatively:
-        #
-        #     mount(SomeRackApp => "some_route")
-        #
         # For options, see `match`, as `mount` uses it internally.
         #
         # All mounted applications come with routing helpers to access them. These are
@@ -625,7 +603,7 @@ module ActionDispatch
         # `some_rack_app_path` or `some_rack_app_url`. To customize this helper's name,
         # use the `:as` option:
         #
-        #     mount(SomeRackApp => "some_route", as: "exciting")
+        #     mount(SomeRackApp, at: "some_route", as: "exciting")
         #
         # This will generate the `exciting_path` and `exciting_url` helpers which can be
         # used to navigate to this mounted app.
@@ -773,6 +751,16 @@ module ActionDispatch
           map_method(:options, args, &block)
         end
 
+        # Define a route that recognizes HTTP CONNECT (and GET) requests. More
+        # specifically this recognizes HTTP/1 protocol upgrade requests and HTTP/2
+        # CONNECT requests with the protocol pseudo header. For supported arguments,
+        # see [match](rdoc-ref:Base#match)
+        #
+        #     connect 'live', to: 'live#index'
+        def connect(*args, &block)
+          map_method([:get, :connect], args, &block)
+        end
+
         private
           def map_method(method, args, &block)
             options = args.extract_options!
@@ -852,7 +840,7 @@ module ActionDispatch
         #
         # Takes same options as `Base#match` and `Resources#resources`.
         #
-        #     # route /posts (without the prefix /admin) to +Admin::PostsController+
+        #     # route /posts (without the prefix /admin) to Admin::PostsController
         #     scope module: "admin" do
         #       resources :posts
         #     end
@@ -862,7 +850,7 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # prefix the routing helper name: +sekret_posts_path+ instead of +posts_path+
+        #     # prefix the routing helper name: sekret_posts_path instead of posts_path
         #     scope as: "sekret" do
         #       resources :posts
         #     end
@@ -961,12 +949,12 @@ module ActionDispatch
         #       resources :posts
         #     end
         #
-        #     # maps to +Sekret::PostsController+ rather than +Admin::PostsController+
+        #     # maps to Sekret::PostsController rather than Admin::PostsController
         #     namespace :admin, module: "sekret" do
         #       resources :posts
         #     end
         #
-        #     # generates +sekret_posts_path+ rather than +admin_posts_path+
+        #     # generates sekret_posts_path rather than admin_posts_path
         #     namespace :admin, as: "sekret" do
         #       resources :posts
         #     end
@@ -1174,6 +1162,16 @@ module ActionDispatch
         CANONICAL_ACTIONS = %w(index create new show update destroy)
 
         class Resource # :nodoc:
+          class << self
+            def default_actions(api_only)
+              if api_only
+                [:index, :create, :show, :update, :destroy]
+              else
+                [:index, :create, :new, :show, :update, :destroy, :edit]
+              end
+            end
+          end
+
           attr_reader :controller, :path, :param
 
           def initialize(entities, api_only, shallow, options = {})
@@ -1181,6 +1179,12 @@ module ActionDispatch
               raise ArgumentError, ":param option can't contain colons"
             end
 
+            valid_actions = self.class.default_actions(false) # ignore api_only for this validation
+            if invalid_actions = invalid_only_except_options(options, valid_actions).presence
+              error_prefix = "Route `resource#{"s" unless singleton?} :#{entities}`"
+              raise ArgumentError, "#{error_prefix} - :only and :except must include only #{valid_actions}, but also included #{invalid_actions}"
+            end
+
             @name       = entities.to_s
             @path       = (options[:path] || @name).to_s
             @controller = (options[:controller] || @name).to_s
@@ -1194,11 +1198,7 @@ module ActionDispatch
           end
 
           def default_actions
-            if @api_only
-              [:index, :create, :show, :update, :destroy]
-            else
-              [:index, :create, :new, :show, :update, :destroy, :edit]
-            end
+            self.class.default_actions(@api_only)
           end
 
           def actions
@@ -1266,9 +1266,24 @@ module ActionDispatch
           end
 
           def singleton?; false; end
+
+          private
+            def invalid_only_except_options(options, valid_actions)
+              options.values_at(:only, :except).flatten.compact.uniq.map(&:to_sym) - valid_actions
+            end
         end
 
         class SingletonResource < Resource # :nodoc:
+          class << self
+            def default_actions(api_only)
+              if api_only
+                [:show, :create, :update, :destroy]
+              else
+                [:show, :create, :update, :destroy, :new, :edit]
+              end
+            end
+          end
+
           def initialize(entities, api_only, shallow, options)
             super
             @as         = nil
@@ -1277,11 +1292,7 @@ module ActionDispatch
           end
 
           def default_actions
-            if @api_only
-              [:show, :create, :update, :destroy]
-            else
-              [:show, :create, :update, :destroy, :new, :edit]
-            end
+            self.class.default_actions(@api_only)
           end
 
           def plural
@@ -1342,7 +1353,7 @@ module ActionDispatch
           end
 
           with_scope_level(:resource) do
-            options = apply_action_options options
+            options = apply_action_options :resource, options
             resource_scope(SingletonResource.new(resources.pop, api_only?, @scope[:shallow], options)) do
               yield if block_given?
 
@@ -1499,7 +1510,7 @@ module ActionDispatch
         #
         # ### Examples
         #
-        #     # routes call +Admin::PostsController+
+        #     # routes call Admin::PostsController
         #     resources :posts, module: "admin"
         #
         #     # resource actions are at /admin/posts.
@@ -1512,7 +1523,7 @@ module ActionDispatch
           end
 
           with_scope_level(:resources) do
-            options = apply_action_options options
+            options = apply_action_options :resources, options
             resource_scope(Resource.new(resources.pop, api_only?, @scope[:shallow], options)) do
               yield if block_given?
 
@@ -1673,7 +1684,6 @@ module ActionDispatch
         # Matches a URL pattern to one or more routes. For more information, see
         # [match](rdoc-ref:Base#match).
         #
-        #     match 'path' => 'controller#action', via: :patch
         #     match 'path', to: 'controller#action', via: :post
         #     match 'path', 'otherpath', on: :member, via: :get
         def match(path, *rest, &block)
@@ -1782,17 +1792,32 @@ module ActionDispatch
             false
           end
 
-          def apply_action_options(options)
+          def apply_action_options(method, options)
             return options if action_options? options
-            options.merge scope_action_options
+            options.merge scope_action_options(method)
           end
 
           def action_options?(options)
             options[:only] || options[:except]
           end
 
-          def scope_action_options
-            @scope[:action_options] || {}
+          def scope_action_options(method)
+            return {} unless @scope[:action_options]
+
+            actions = applicable_actions_for(method)
+            @scope[:action_options].dup.tap do |options|
+              (options[:only] = Array(options[:only]) & actions) if options[:only]
+              (options[:except] = Array(options[:except]) & actions) if options[:except]
+            end
+          end
+
+          def applicable_actions_for(method)
+            case method
+            when :resource
+              SingletonResource.default_actions(api_only?)
+            when :resources
+              Resource.default_actions(api_only?)
+            end
           end
 
           def resource_scope?
@@ -1935,6 +1960,11 @@ module ActionDispatch
           end
 
           def map_match(paths, options)
+            ActionDispatch.deprecator.warn(<<-MSG.squish) if paths.count > 1
+              Mapping a route with multiple paths is deprecated and
+              will be removed in Rails 8.1. Please use multiple method calls instead.
+            MSG
+
             if (on = options[:on]) && !VALID_ON_OPTIONS.include?(on)
               raise ArgumentError, "Unknown scope #{on.inspect} given to :on"
             end
@@ -2025,7 +2055,7 @@ module ActionDispatch
               name_for_action(options.delete(:as), action)
             end
 
-            path = Mapping.normalize_path RFC2396_PARSER.escape(path), formatted
+            path = Mapping.normalize_path URI::RFC2396_PARSER.escape(path), formatted
             ast = Journey::Parser.parse path
 
             mapping = Mapping.build(@scope, @set, ast, controller, default_action, to, via, formatted, options_constraints, anchor, options)
@@ -2200,8 +2230,8 @@ module ActionDispatch
         end
 
         # Define custom polymorphic mappings of models to URLs. This alters the behavior
-        # of `polymorphic_url` and consequently the behavior of `link_to` and `form_for`
-        # when passed a model instance, e.g:
+        # of `polymorphic_url` and consequently the behavior of `link_to`, `form_with`
+        # and `form_for` when passed a model instance, e.g:
         #
         #     resource :basket
         #
@@ -2210,7 +2240,7 @@ module ActionDispatch
         #     end
         #
         # This will now generate "/basket" when a `Basket` instance is passed to
-        # `link_to` or `form_for` instead of the standard "/baskets/:id".
+        # `link_to`, `form_with` or `form_for` instead of the standard "/baskets/:id".
         #
         # NOTE: This custom behavior only applies to simple polymorphic URLs where a
         # single model instance is passed and not more complicated forms, e.g:
@@ -2267,9 +2297,9 @@ module ActionDispatch
 
         attr_reader :parent, :scope_level
 
-        def initialize(hash, parent = NULL, scope_level = nil)
-          @hash = hash
+        def initialize(hash, parent = ROOT, scope_level = nil)
           @parent = parent
+          @hash = parent ? parent.frame.merge(hash) : hash
           @scope_level = scope_level
         end
 
@@ -2282,7 +2312,7 @@ module ActionDispatch
         end
 
         def root?
-          @parent.null?
+          @parent == ROOT
         end
 
         def resources?
@@ -2327,23 +2357,22 @@ module ActionDispatch
         end
 
         def [](key)
-          scope = find { |node| node.frame.key? key }
-          scope && scope.frame[key]
+          frame[key]
         end
 
+        def frame; @hash; end
+
         include Enumerable
 
         def each
           node = self
-          until node.equal? NULL
+          until node.equal? ROOT
             yield node
             node = node.parent
           end
         end
 
-        def frame; @hash; end
-
-        NULL = Scope.new(nil, nil)
+        ROOT = Scope.new({}, nil)
       end
 
       def initialize(set) # :nodoc:

data/lib/action_dispatch/routing/polymorphic_routes.rb

@@ -31,7 +31,7 @@ module ActionDispatch
     # *   `url_for`, so you can use it with a record as the argument, e.g.
     #     `url_for(@article)`;
     # *   ActionView::Helpers::FormHelper uses `polymorphic_path`, so you can write
-    #     `form_for(@article)` without having to specify `:url` parameter for the
+    #     `form_with(model: @article)` without having to specify `:url` parameter for the
     #     form action;
     # *   `redirect_to` (which, in fact, uses `url_for`) so you can write
     #     `redirect_to(post)` in your controllers;
@@ -61,7 +61,7 @@ module ActionDispatch
     # argument to the method. For example:
     #
     #     polymorphic_url([blog, @post])  # calls blog.post_path(@post)
-    #     form_for([blog, @post])         # => "/blog/posts/1"
+    #     form_with(model: [blog, @post]) # => "/blog/posts/1"
     #
     module PolymorphicRoutes
       # Constructs a call to a named RESTful route for the given record and returns

data/lib/action_dispatch/routing/route_set.rb

@@ -29,7 +29,7 @@ module ActionDispatch
       def from_requirements(requirements)
         routes.find { |route| route.requirements == requirements }
       end
-      # :stopdoc:
+      # :enddoc:
 
       # Since the router holds references to many parts of the system like engines,
       # controllers and the application itself, inspecting the route set can actually
@@ -351,7 +351,7 @@ module ActionDispatch
       PATH    = ->(options) { ActionDispatch::Http::URL.path_for(options) }
       UNKNOWN = ->(options) { ActionDispatch::Http::URL.url_for(options) }
 
-      attr_accessor :formatter, :set, :named_routes, :default_scope, :router
+      attr_accessor :formatter, :set, :named_routes, :router
       attr_accessor :disable_clear_and_finalize, :resources_path_names
       attr_accessor :default_url_options, :draw_paths
       attr_reader :env_key, :polymorphic_mappings
@@ -363,7 +363,7 @@ module ActionDispatch
       end
 
       def self.new_with_config(config)
-        route_set_config = DEFAULT_CONFIG
+        route_set_config = DEFAULT_CONFIG.dup
 
         # engines apparently don't have this set
         if config.respond_to? :relative_url_root
@@ -374,14 +374,18 @@ module ActionDispatch
           route_set_config.api_only = config.api_only
         end
 
+        if config.respond_to? :default_scope
+          route_set_config.default_scope = config.default_scope
+        end
+
         new route_set_config
       end
 
-      Config = Struct.new :relative_url_root, :api_only
+      Config = Struct.new :relative_url_root, :api_only, :default_scope
 
-      DEFAULT_CONFIG = Config.new(nil, false)
+      DEFAULT_CONFIG = Config.new(nil, false, nil)
 
-      def initialize(config = DEFAULT_CONFIG)
+      def initialize(config = DEFAULT_CONFIG.dup)
         self.named_routes = NamedRouteCollection.new
         self.resources_path_names = self.class.default_resources_path_names
         self.default_url_options = {}
@@ -416,6 +420,14 @@ module ActionDispatch
         @config.api_only
       end
 
+      def default_scope
+        @config.default_scope
+      end
+
+      def default_scope=(new_default_scope)
+        @config.default_scope = new_default_scope
+      end
+
       def request_class
         ActionDispatch::Request
       end
@@ -647,14 +659,14 @@ module ActionDispatch
         if route.segment_keys.include?(:controller)
           ActionDispatch.deprecator.warn(<<-MSG.squish)
             Using a dynamic :controller segment in a route is deprecated and
-            will be removed in Rails 7.2.
+            will be removed in Rails 8.1.
           MSG
         end
 
         if route.segment_keys.include?(:action)
           ActionDispatch.deprecator.warn(<<-MSG.squish)
             Using a dynamic :action segment in a route is deprecated and
-            will be removed in Rails 7.2.
+            will be removed in Rails 8.1.
           MSG
         end
 
@@ -917,7 +929,7 @@ module ActionDispatch
           params.each do |key, value|
             if value.is_a?(String)
               value = value.dup.force_encoding(Encoding::BINARY)
-              params[key] = RFC2396_PARSER.unescape(value)
+              params[key] = URI::RFC2396_PARSER.unescape(value)
             end
           end
           req.path_parameters = params
@@ -941,6 +953,5 @@ module ActionDispatch
         end
       end
     end
-    # :startdoc:
   end
 end

data/lib/action_dispatch/routing/routes_proxy.rb

@@ -54,6 +54,7 @@ module ActionDispatch
       # dependent part.
       def merge_script_names(previous_script_name, new_script_name)
         return new_script_name unless previous_script_name
+        new_script_name = new_script_name.chomp("/")
 
         resolved_parts = new_script_name.count("/")
         previous_parts = previous_script_name.count("/")

data/lib/action_dispatch/system_testing/browser.rb

@@ -9,7 +9,6 @@ module ActionDispatch
 
       def initialize(name)
         @name = name
-        set_default_options
       end
 
       def type
@@ -27,9 +26,9 @@ module ActionDispatch
         @options ||=
           case type
           when :chrome
-            ::Selenium::WebDriver::Chrome::Options.new
+            default_chrome_options
           when :firefox
-            ::Selenium::WebDriver::Firefox::Options.new
+            default_firefox_options
           end
       end
 
@@ -49,26 +48,18 @@ module ActionDispatch
       end
 
       private
-        def set_default_options
-          case name
-          when :headless_chrome
-            set_headless_chrome_browser_options
-          when :headless_firefox
-            set_headless_firefox_browser_options
-          end
+        def default_chrome_options
+          options = ::Selenium::WebDriver::Chrome::Options.new
+          options.add_argument("--disable-search-engine-choice-screen")
+          options.add_argument("--headless") if name == :headless_chrome
+          options.add_argument("--disable-gpu") if Gem.win_platform?
+          options
         end
 
-        def set_headless_chrome_browser_options
-          configure do |capabilities|
-            capabilities.add_argument("--headless")
-            capabilities.add_argument("--disable-gpu") if Gem.win_platform?
-          end
-        end
-
-        def set_headless_firefox_browser_options
-          configure do |capabilities|
-            capabilities.add_argument("-headless")
-          end
+        def default_firefox_options
+          options = ::Selenium::WebDriver::Firefox::Options.new
+          options.add_argument("-headless") if name == :headless_firefox
+          options
         end
 
         def resolve_driver_path(namespace)

data/lib/action_dispatch/testing/assertion_response.rb

@@ -38,7 +38,7 @@ module ActionDispatch
 
     private
       def code_from_name(name)
-        GENERIC_RESPONSE_CODES[name] || Rack::Utils.status_code(name)
+        GENERIC_RESPONSE_CODES[name] || ActionDispatch::Response.rack_status_code(name)
       end
 
       def name_from_code(code)

data/lib/action_dispatch/testing/assertions/response.rb

@@ -87,8 +87,13 @@ module ActionDispatch
         end
 
         def generate_response_message(expected, actual = @response.response_code)
-          (+"Expected response to be a <#{code_with_name(expected)}>,"\
-          " but was a <#{code_with_name(actual)}>").concat(location_if_redirected).concat(response_body_if_short)
+          lambda do
+            (+"Expected response to be a <#{code_with_name(expected)}>,"\
+             " but was a <#{code_with_name(actual)}>").
+              concat(location_if_redirected).
+              concat(exception_if_present).
+              concat(response_body_if_short)
+          end
         end
 
         def response_body_if_short
@@ -96,6 +101,11 @@ module ActionDispatch
           "\nResponse body: #{@response.body}"
         end
 
+        def exception_if_present
+          return "" unless ex = @request&.env&.[]("action_dispatch.exception")
+          "\n\nException while processing request: #{Minitest::UnexpectedError.new(ex).message}\n"
+        end
+
         def location_if_redirected
           return "" unless @response.redirection? && @response.location.present?
           location = normalize_argument_to_redirection(@response.location)