actionpack 3.0.0.beta2 → 3.0.0.beta3

data/CHANGELOG

@@ -1,3 +1,40 @@
+*Rails 3.0.0 [beta 3] (April 13th, 2010)*
+
+* New option :as added to form_for allows to change the object name. The old <% form_for :client, @post %> becomes <% form_for @post, :as => :client %> [spastorino]
+
+* Removed verify method in controllers. [JV]
+  It's now available as a plugin at http://github.com/rails/verification
+
+* Removed input, form, error_messages_for and error_message_on from views. [JV]
+  It's now available as a plugin at http://github.com/rails/dynamic_form
+
+* Routes can be scoped by controller module. [Jeremy Kemper]
+
+    # /session => Auth::SessionsController
+    scope :module => 'auth' do
+      resource :session
+    end
+
+* Added #favicon_link_tag, it uses #image_path so in particular the favicon gets an asset ID [fxn]
+
+* Fixed that default locale templates should be used if the current locale template is missing [DHH]
+
+* Added all the new HTML5 form types as individual form tag methods (search, url, number, etc) #3646 [Stephen Celis]
+
+* Changed the object used in routing constraints to be an instance of
+  ActionDispatch::Request rather than Rack::Request [YK]
+
+* Changed ActionDispatch::Request#method to return a String, to be compatible
+  with Rack::Request. Added ActionDispatch::Request#method_symbol to
+  return a symbol form of the request method. [YK]
+
+* Changed ActionDispatch::Request#method to return the original
+  method and #request_method to return the overridden method in the
+  case of methodoverride being used (this means that #method returns
+  "HEAD" and #request_method returns "GET" in HEAD requests). This
+  is for compatibility with Rack::Request [YK]
+
+
 *Rails 3.0.0 [beta 2] (April 1st, 2010)*
 
 * #concat is now deprecated in favor of using <%= %> helpers [YK]

data/lib/abstract_controller/rendering.rb

@@ -24,8 +24,7 @@ module AbstractController
     end
 
     def locale=(value)
-      @i18n_config.locale = value
-      @lookup_context.update_details(:locale => @i18n_config.locale)
+      @lookup_context.locale = value
     end
   end
 
@@ -89,9 +88,16 @@ module AbstractController
     # Normalize arguments, options and then delegates render_to_body and
     # sticks the result in self.response_body.
     def render(*args, &block)
+      self.response_body = render_to_string(*args, &block)
+    end
+
+    # Raw rendering of a template to a string. Just convert the results of
+    # render_to_body into a String.
+    # :api: plugin
+    def render_to_string(*args, &block)
       options = _normalize_args(*args, &block)
       _normalize_options(options)
-      self.response_body = render_to_body(options)
+      render_to_body(options)
     end
 
     # Raw rendering of a template to a Rack-compatible body.
@@ -101,14 +107,6 @@ module AbstractController
       _render_template(options)
     end
 
-    # Raw rendering of a template to a string. Just convert the results of
-    # render_to_body into a String.
-    # :api: plugin
-    def render_to_string(options={})
-      _normalize_options(options)
-      render_to_body(options)
-    end
-
     # Find and renders a template based on the options given.
     # :api: private
     def _render_template(options) #:nodoc:

data/lib/action_controller.rb

@@ -33,7 +33,6 @@ module ActionController
     autoload :Streaming
     autoload :Testing
     autoload :UrlFor
-    autoload :Verification
   end
 
   autoload :Dispatcher,      'action_controller/deprecated/dispatcher'

data/lib/action_controller/base.rb

@@ -2,48 +2,58 @@ module ActionController
   class Base < Metal
     abstract!
 
-    include AbstractController::Layouts
-    include AbstractController::Translation
+    def self.without_modules(*modules)
+      modules = modules.map do |m|
+        m.is_a?(Symbol) ? ActionController.const_get(m) : m
+      end
 
-    include ActionController::Helpers
-    
-    include ActionController::HideActions
-    include ActionController::UrlFor
-    include ActionController::Redirecting
-    include ActionController::Rendering
-    include ActionController::Renderers::All
-    include ActionController::ConditionalGet
-    include ActionController::RackDelegation
+      MODULES - modules
+    end
 
-    # Legacy modules
-    include SessionManagement
-    include ActionController::Caching
-    include ActionController::MimeResponds
-    include ActionController::PolymorphicRoutes
+    MODULES = [
+      AbstractController::Layouts,
+      AbstractController::Translation,
 
-    # Rails 2.x compatibility
-    include ActionController::Compatibility
-    include ActionController::ImplicitRender
+      Helpers,
+      HideActions,
+      UrlFor,
+      Redirecting,
+      Rendering,
+      Renderers::All,
+      ConditionalGet,
+      RackDelegation,
+      SessionManagement,
+      Caching,
+      MimeResponds,
+      PolymorphicRoutes,
+      ImplicitRender,
+
+      Cookies,
+      Flash,
+      RequestForgeryProtection,
+      Streaming,
+      RecordIdentifier,
+      HttpAuthentication::Basic::ControllerMethods,
+      HttpAuthentication::Digest::ControllerMethods,
+
+      # Add instrumentations hooks at the bottom, to ensure they instrument
+      # all the methods properly.
+      Instrumentation,
 
-    include ActionController::Cookies
-    include ActionController::Flash
-    include ActionController::Verification
-    include ActionController::RequestForgeryProtection
-    include ActionController::Streaming
-    include ActionController::RecordIdentifier
-    include ActionController::HttpAuthentication::Basic::ControllerMethods
-    include ActionController::HttpAuthentication::Digest::ControllerMethods
+      # Before callbacks should also be executed the earliest as possible, so
+      # also include them at the bottom.
+      AbstractController::Callbacks,
 
-    # Add instrumentations hooks at the bottom, to ensure they instrument
-    # all the methods properly.
-    include ActionController::Instrumentation
+      # The same with rescue, append it at the end to wrap as much as possible.
+      Rescue
+    ]
 
-    # Before callbacks should also be executed the earliest as possible, so
-    # also include them at the bottom.
-    include AbstractController::Callbacks
+    MODULES.each do |mod|
+      include mod
+    end
 
-    # The same with rescue, append it at the end to wrap as much as possible.
-    include ActionController::Rescue
+    # Rails 2.x compatibility
+    include ActionController::Compatibility
 
     def self.inherited(klass)
       ::ActionController::Base.subclasses << klass.to_s
@@ -55,15 +65,6 @@ module ActionController
       @subclasses ||= []
     end
 
-    # This method has been moved to ActionDispatch::Request.filter_parameters
-    def self.filter_parameter_logging(*args, &block)
-      ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller)
-      filter = Rails.application.config.filter_parameters
-      filter.concat(args)
-      filter << block if block
-      filter
-    end
-
     ActiveSupport.run_load_hooks(:action_controller, self)
   end
 end

data/lib/action_controller/caching/pages.rb

@@ -38,22 +38,22 @@ module ActionController #:nodoc:
       extend ActiveSupport::Concern
 
       included do
-        @@page_cache_directory = defined?(Rails.public_path) ? Rails.public_path : ""
         ##
         # :singleton-method:
         # The cache directory should be the document root for the web server and is set using <tt>Base.page_cache_directory = "/document/root"</tt>.
         # For Rails, this directory has already been set to Rails.public_path (which is usually set to <tt>RAILS_ROOT + "/public"</tt>). Changing
         # this setting can be useful to avoid naming conflicts with files in <tt>public/</tt>, but doing so will likely require configuring your
         # web server to look in the new location for cached files.
+        @@page_cache_directory = ''
         cattr_accessor :page_cache_directory
 
-        @@page_cache_extension = '.html'
         ##
         # :singleton-method:
         # Most Rails requests do not have an extension, such as <tt>/weblog/new</tt>. In these cases, the page caching mechanism will add one in
         # order to make it easy for the cached files to be picked up properly by the web server. By default, this cache extension is <tt>.html</tt>.
         # If you want something else, like <tt>.php</tt> or <tt>.shtml</tt>, just set Base.page_cache_extension. In cases where a request already has an
         # extension, such as <tt>.xml</tt> or <tt>.rss</tt>, page caching will not add an extension. This allows it to work well with RESTful apps.
+        @@page_cache_extension = '.html'
         cattr_accessor :page_cache_extension
       end
 

data/lib/action_controller/deprecated/base.rb

@@ -68,14 +68,11 @@ module ActionController
 
       def cookie_verifier_secret=(value)
         ActiveSupport::Deprecation.warn "ActionController::Base.cookie_verifier_secret= is deprecated. " <<
-          "Please configure it on your application with config.cookie_secret=", caller
-        ActionController::Base.config.secret = value
+          "Please configure it on your application with config.secret_token=", caller
       end
 
       def cookie_verifier_secret
-        ActiveSupport::Deprecation.warn "ActionController::Base.cookie_verifier_secret is deprecated. " <<
-          "Please use ActionController::Base.config.secret instead.", caller
-        ActionController::Base.config.secret
+        ActiveSupport::Deprecation.warn "ActionController::Base.cookie_verifier_secret is deprecated.", caller
       end
 
       def trusted_proxies=(value)
@@ -130,6 +127,25 @@ module ActionController
       end
     end
 
+    module DeprecatedBehavior
+      # This method has been moved to ActionDispatch::Request.filter_parameters
+      def filter_parameter_logging(*args, &block)
+        ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller)
+        filter = Rails.application.config.filter_parameters
+        filter.concat(args)
+        filter << block if block
+        filter
+      end
+
+      # This was moved to a plugin
+      def verify(*args)
+        ActiveSupport::Deprecation.warn "verify was removed from Rails and is now available as a plugin. " <<
+          "Please install it with `rails plugin install git://github.com/rails/verification.git`.", caller
+      end
+    end
+
+    extend DeprecatedBehavior
+
     deprecated_config_writer :session_store
     deprecated_config_writer :session_options
     deprecated_config_accessor :relative_url_root, "relative_url_root is ineffective. Please stop using it"

data/lib/action_controller/metal/compatibility.rb

@@ -32,8 +32,6 @@ module ActionController
       def rescue_action(env)
         raise env["action_dispatch.rescue.exception"]
       end
-
-      self.page_cache_directory = defined?(Rails.public_path) ? Rails.public_path : ""
     end
 
     # For old tests

data/lib/action_controller/metal/cookies.rb

@@ -7,7 +7,7 @@ module ActionController #:nodoc:
     included do
       helper_method :cookies
     end
-    
+
     private
       def cookies
         request.cookie_jar

data/lib/action_controller/metal/helpers.rb

@@ -36,7 +36,7 @@ module ActionController
   #
   #   <% @events.each do |event| -%>
   #     <p>
-  #       <% format_time(event.time, :short, "N/A") %> | <%= event.name %>
+  #       <%= format_time(event.time, :short, "N/A") %> | <%= event.name %>
   #     </p>
   #   <% end -%>
   #

data/lib/action_controller/metal/http_authentication.rb

@@ -159,7 +159,7 @@ module ActionController
 
         # Authenticate with HTTP Digest, returns true or false
         def authenticate_with_http_digest(realm = "Application", &password_procedure)
-          HttpAuthentication::Digest.authenticate(config.secret, request, realm, &password_procedure)
+          HttpAuthentication::Digest.authenticate(request, realm, &password_procedure)
         end
 
         # Render output including the HTTP Digest authentication header
@@ -169,14 +169,15 @@ module ActionController
       end
 
       # Returns false on a valid response, true otherwise
-      def authenticate(secret_key, request, realm, &password_procedure)
-        request.authorization && validate_digest_response(secret_key, request, realm, &password_procedure)
+      def authenticate(request, realm, &password_procedure)
+        request.authorization && validate_digest_response(request, realm, &password_procedure)
       end
 
       # Returns false unless the request credentials response value matches the expected value.
       # First try the password as a ha1 digest password. If this fails, then try it as a plain
       # text password.
-      def validate_digest_response(secret_key, request, realm, &password_procedure)
+      def validate_digest_response(request, realm, &password_procedure)
+        secret_key  = secret_token(request)
         credentials = decode_credentials_header(request)
         valid_nonce = validate_nonce(secret_key, request, credentials[:nonce])
 
@@ -225,7 +226,7 @@ module ActionController
       end
 
       def authentication_header(controller, realm)
-        secret_key = controller.config.secret
+        secret_key = secret_token(controller.request)
         nonce = self.nonce(secret_key)
         opaque = opaque(secret_key)
         controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}")
@@ -238,6 +239,12 @@ module ActionController
         controller.status = 401
       end
 
+      def secret_token(request)
+        secret = request.env["action_dispatch.secret_token"]
+        raise "You must set config.secret_token in your app's config" if secret.blank?
+        secret
+      end
+
       # Uses an MD5 digest based on time to generate a value to be used only once.
       #
       # A server-specified data string which should be uniquely generated each time a 401 response is made.

data/lib/action_controller/metal/responder.rb

@@ -135,7 +135,6 @@ module ActionController #:nodoc:
     def to_format
       default_render
     rescue ActionView::MissingTemplate => e
-      raise unless resourceful?
       api_behavior(e)
     end
 
@@ -154,6 +153,8 @@ module ActionController #:nodoc:
 
     # This is the common behavior for "API" requests, like :xml and :json.
     def api_behavior(error)
+      raise error unless resourceful?
+
       if get?
         display resource
       elsif has_errors?
@@ -216,7 +217,7 @@ module ActionController #:nodoc:
     # the verb is POST.
     #
     def default_action
-      @action ||= ACTIONS_FOR_VERBS[request.method]
+      @action ||= ACTIONS_FOR_VERBS[request.method_symbol]
     end
   end
 end

data/lib/action_controller/polymorphic_routes.rb

@@ -120,7 +120,7 @@ module ActionController
     end
 
     %w(edit new).each do |action|
-      module_eval <<-EOT, __FILE__, __LINE__
+      module_eval <<-EOT, __FILE__, __LINE__ + 1
         def #{action}_polymorphic_url(record_or_hash, options = {})         # def edit_polymorphic_url(record_or_hash, options = {})
           polymorphic_url(                                                  #   polymorphic_url(
             record_or_hash,                                                 #     record_or_hash,

data/lib/action_controller/railtie.rb

@@ -44,6 +44,12 @@ module ActionController
       ActiveSupport.on_load(:action_controller) { self.logger ||= Rails.logger }
     end
 
+    initializer "action_controller.page_cache_directory" do
+      ActiveSupport.on_load(:action_controller) do
+        self.page_cache_directory = Rails.public_path
+      end
+    end
+
     initializer "action_controller.set_configs" do |app|
       paths = app.config.paths
       ac = app.config.action_controller
@@ -51,7 +57,6 @@ module ActionController
       ac.assets_dir      = paths.public.to_a.first
       ac.javascripts_dir = paths.public.javascripts.to_a.first
       ac.stylesheets_dir = paths.public.stylesheets.to_a.first
-      ac.secret          = app.config.cookie_secret
 
       ActiveSupport.on_load(:action_controller) do
         self.config.merge!(ac)

data/lib/action_controller/record_identifier.rb

@@ -6,10 +6,10 @@ module ActionController
   # the view actions to a higher logical level. Example:
   #
   #   # routes
-  #   map.resources :posts
+  #   resources :posts
   #
   #   # view
-  #   <% div_for(post) do %>     <div id="post_45" class="post">
+  #   <%= div_for(post) do %>    <div id="post_45" class="post">
   #     <%= post.body %>           What a wonderful world!
   #   <% end %>                  </div>
   #

data/lib/action_controller/test_case.rb

@@ -284,6 +284,8 @@ module ActionController
     include ActionDispatch::TestProcess
     include ActionController::TemplateAssertions
 
+    attr_reader :response, :request
+
     # Executes a request simulating GET HTTP method and set/volley the response
     def get(action, parameters = nil, session = nil, flash = nil)
       process(action, parameters, session, flash, "GET")

data/lib/action_dispatch/http/mime_negotiation.rb

@@ -48,7 +48,7 @@ module ActionDispatch
         @env["action_dispatch.request.formats"] ||=
           if parameters[:format]
             Array(Mime[parameters[:format]])
-          elsif xhr? || (accept && !accept.include?(?,))
+          elsif xhr? || (accept && accept !~ /,\s*\*\/\*/)
             accepts
           else
             [Mime::HTML]
@@ -87,4 +87,4 @@ module ActionDispatch
       end
     end
   end
-end
+end

data/lib/action_dispatch/http/request.rb

@@ -45,47 +45,65 @@ module ActionDispatch
     HTTP_METHODS = %w(get head put post delete options)
     HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h }
 
-    # Returns the true HTTP request \method as a lowercase symbol, such as
-    # <tt>:get</tt>. If the request \method is not listed in the HTTP_METHODS
-    # constant above, an UnknownHttpMethod exception is raised.
+    # Returns the HTTP \method that the application should see.
+    # In the case where the \method was overridden by a middleware
+    # (for instance, if a HEAD request was converted to a GET,
+    # or if a _method parameter was used to determine the \method
+    # the application should use), this \method returns the overridden
+    # value, not the original.
     def request_method
-      method = env["rack.methodoverride.original_method"] || env["REQUEST_METHOD"]
+      method = env["REQUEST_METHOD"]
       HTTP_METHOD_LOOKUP[method] || raise(ActionController::UnknownHttpMethod, "#{method}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
+      method
+    end
+
+    # Returns a symbol form of the #request_method
+    def request_method_symbol
+      HTTP_METHOD_LOOKUP[request_method]
     end
 
-    # Returns the HTTP request \method used for action processing as a
-    # lowercase symbol, such as <tt>:post</tt>. (Unlike #request_method, this
-    # method returns <tt>:get</tt> for a HEAD request because the two are
-    # functionally equivalent from the application's perspective.)
+    # Returns the original value of the environment's REQUEST_METHOD,
+    # even if it was overridden by middleware. See #request_method for
+    # more information.
     def method
-      method = env["REQUEST_METHOD"]
+      method = env["rack.methodoverride.original_method"] || env['REQUEST_METHOD']
       HTTP_METHOD_LOOKUP[method] || raise(ActionController::UnknownHttpMethod, "#{method}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
+      method
+    end
+
+    # Returns a symbol form of the #method
+    def method_symbol
+      HTTP_METHOD_LOOKUP[method]
     end
 
-    # Is this a GET (or HEAD) request?  Equivalent to <tt>request.method == :get</tt>.
+    # Is this a GET (or HEAD) request?
+    # Equivalent to <tt>request.request_method == :get</tt>.
     def get?
-      method == :get
+      HTTP_METHOD_LOOKUP[request_method] == :get
     end
 
-    # Is this a POST request?  Equivalent to <tt>request.method == :post</tt>.
+    # Is this a POST request?
+    # Equivalent to <tt>request.request_method == :post</tt>.
     def post?
-      method == :post
+      HTTP_METHOD_LOOKUP[request_method] == :post
     end
 
-    # Is this a PUT request?  Equivalent to <tt>request.method == :put</tt>.
+    # Is this a PUT request?
+    # Equivalent to <tt>request.request_method == :put</tt>.
     def put?
-      method == :put
+      HTTP_METHOD_LOOKUP[request_method] == :put
     end
 
-    # Is this a DELETE request?  Equivalent to <tt>request.method == :delete</tt>.
+    # Is this a DELETE request?
+    # Equivalent to <tt>request.request_method == :delete</tt>.
     def delete?
-      method == :delete
+      HTTP_METHOD_LOOKUP[request_method] == :delete
     end
 
-    # Is this a HEAD request? Since <tt>request.method</tt> sees HEAD as <tt>:get</tt>,
-    # this \method checks the actual HTTP \method directly.
+    # Is this a HEAD request?
+    # Equivalent to <tt>request.method == :head</tt>.
     def head?
-      request_method == :head
+      HTTP_METHOD_LOOKUP[method] == :head
     end
 
     # Provides access to the request's HTTP headers, for example:
@@ -96,7 +114,7 @@ module ActionDispatch
     end
 
     def forgery_whitelisted?
-      method == :get || xhr? || content_mime_type.nil? || !content_mime_type.verify_request?
+      get? || xhr? || content_mime_type.nil? || !content_mime_type.verify_request?
     end
 
     def media_type