actionpack 4.0.0.beta1 → 4.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b3463df116c388c7b2d15a3ac267fea12a100cf1
-  data.tar.gz: ad55681ebfbc24cbb11d1b06a5e31943a4515a96
+  metadata.gz: b2f9e896fa0aab306404dfec0ba34305704d5680
+  data.tar.gz: d36ac14f59dea1d6607b462c3df3c3103c19e3ad
 SHA512:
-  metadata.gz: 83abc4ab5ba7fe34ad23f5f29bc7eee985ae62a7ea949fc84b942b9dbd3b3c8caebd692f5c52765a972c0e993edd1efb18b2a244ffb8917358f3743718ab90f9
-  data.tar.gz: 91d22e18c2143a67a92fa61cf346adce168373835e7636de2a125de336958e3f528ba1a83807417dc7f541ce3156c08c88641273d05dacfc268f5ccea8cc05f5
+  metadata.gz: 61f6cfcae3aa384acba259c7185dc1f2cb4580973f525c4b98303c0bab0f5a9100fd7b73c2adbaa4fadf9f41defc525135306788e4859f40209bb80b92e315d4
+  data.tar.gz: 347a2469a9f69a56a36cf2d96059088b1f34ae3fb74c6d80f909b0cde9f165c647c1399535e794b5d5daebaa23d0fcabd82491caab5230e820fff03a05391fac

data/CHANGELOG.md

@@ -1,3 +1,187 @@
+## Rails 4.0.0 (unreleased) ##
+
+*   Add support for passing custom url options other than `:host` and custom
+    status and flash options to `force_ssl`.
+
+    *Andrew White*
+
+*   The `force_ssl` command now builds the redirect url from `request.fullpath`.
+    This ensures that the format is maintained and it doesn't redirect to a route
+    that has the same parameters but is defined earlier in `routes.rb`. Also any
+    optional segments are maintained.
+
+    Fixes #7528, #9061, #10305.
+
+    *Andrew White*
+
+*   Return a 405 Method Not Allowed response when a request contains an unknown
+    HTTP method.
+
+    *Lewis Marshall*
+
+*   Add support for extracting the port from the `:host` option passed to `url_for`.
+
+    *Andrew White*
+
+*   Add support for removing the subdomain from a url by passing `nil`, `false` or `''`.
+    Fixes #10180.
+
+    *Derek Watson + Andrew White*
+
+*   Element of the collection for `options_from_collection_for_select` helper can
+    optionally contain html attributes as the last element of the array as
+    `options_for_select` helper.
+
+    *Vasiliy Ermolovich*
+
+*   Fix explicit names on multiple file fields. If a file field tag has
+    the multiple option, it is turned into an array field (appending `[]`),
+    but if an explicit name is passed to `file_field` the `[]` is not
+    appended.
+    Fixes #9830.
+
+    *Ryan McGeary*
+
+*   Add block support for the `mail_to` helper, similar to the `link_to` helper.
+
+    *Sam Pohlenz*
+
+*   Automatically configure cookie-based sessions to be encrypted if
+    `secret_key_base` is set, falling back to signed if only `secret_token`
+    is set. Automatically upgrade existing signed cookie-based sessions from
+    Rails 3.x to be encrypted if both `secret_key_base` and `secret_token`
+    are set, or signed with the new key generator if only `secret_token` is
+    set. This leaves only the `config.session_store :cookie_store` option and
+    removes the two new options introduced in 4.0.0.beta1:
+    `encrypted_cookie_store` and `upgrade_signature_to_encryption_cookie_store`.
+
+    *Trevor Turk*
+
+*   Ensure consistent fallback to the default layout lookup for layouts set
+    using symbols or procs that return `nil`.
+
+    All of the following layouts will result in the default layout lookup:
+
+        layout nil
+
+        layout proc { nil }
+
+        layout :returns_nil
+        def returns_nil
+          nil
+        end
+
+    Previously symbols and procs which returned `nil` resulted in no layout which
+    differed from the `layout nil` behavior. To get the "no layout" behavior just
+    return `false` instead of `nil` for `layout`.
+
+    *Chris Nicola*
+
+*   Create `UpgradeLegacySignedCookieJar` to transparently upgrade existing signed
+    cookies generated by Rails 3.x to avoid invalidating them when upgrading to Rails 4.x.
+
+    *Trevor Turk + Neeraj Singh*
+
+*   Raise an `ArgumentError` when a clashing named route is defined.
+
+    *Trevor Turk*
+
+*   Allow default url options to accept host with protocol such as `http://`
+
+        config.action_mailer.default_url_options = { host: "http://mydomain.com" }
+
+    *Richard Schneeman*
+
+*   Ensure that digest authentication responds with a 401 status when a basic
+    header is received.
+
+    *Brad Dunbar*
+
+*   Include I18n locale fallbacks in view lookup.
+    Fixes #3512.
+
+    *Juan Barreneche*
+
+*   Integration and functional tests allow headers and rack env
+    variables to be passed when performing requests.
+    Fixes #6513.
+
+    Example:
+
+        # integration test
+        get "/success", {}, "HTTP_REFERER" => "http://test.com/",
+                            "Accepts" => "text/plain, text/html"
+
+        # functional test
+        @request.headers["Accepts"] = "text/plain, text/html"
+
+    *Yves Senn*
+
+*   Http::Headers respects headers that are not prefixed with HTTP_
+
+    *Yves Senn*
+
+*   Fix incorrectly appended square brackets to a multiple select box
+    if an explicit name has been given and it already ends with "[]"
+
+    Before:
+
+        select(:category, [], {}, multiple: true, name: "post[category][]")
+        # => <select name="post[category][][]" ...>
+
+    After:
+
+        select(:category, [], {}, multiple: true, name: "post[category][]")
+        # => <select name="post[category][]" ...>
+
+    *Olek Janiszewski*
+
+*   Fixed regression when using `assert_template` to verify files sent using
+    `render file: 'README.md'`.
+    Fixes #9464.
+
+    *Justin Coyne*
+
+*   Fixed `ActionView::Helpers::CaptureHelper#content_for` regression when trying to use it in
+    a boolean statement.
+    Fixes #9360.
+
+    *Nikolay Shebanov*
+
+*   `format: true` does not override existing format constraints.
+    Fixes #9466.
+
+    Example:
+
+        # This will force the .json extension.
+        get '/json_only', to: ok, format: true, constraints: { format: /json/ }
+
+    *Yves Senn*
+
+*   Skip valid encoding checks for non-String parameters that come
+    from the matched route's defaults.
+    Fixes #9435.
+
+    Example:
+
+        root to: 'main#posts', page: 1
+
+    *Yves Senn*
+
+*   Don't verify Regexp requirements for non-Regexp `:constraints`.
+    Fixes #9432.
+
+    Example:
+
+        get '/photos.:format' => 'feeds#photos', constraints: {format: 'xml'}
+
+    *Yves Senn*
+
+*   Make `ActionDispatch::Journey::Path::Pattern#new` raise more meaningful exception message.
+
+    *Thierry Zires*
+
+
 ## Rails 4.0.0.beta1 (February 25, 2013) ##
 
 *   Fix `respond_to` not using formats that have no block if all is present. *Michael Grosser*
@@ -190,12 +374,12 @@
     Client-IP and Remote-Addr headers, in that order. Document the rationale
     for that decision, and describe the options that can be passed to the
     RemoteIp middleware to change it.
-    Fix #7979
+    Fixes #7979.
 
     *André Arko*, *Steve Klabnik*, *Alexey Gaziev*
 
 *   Do not append second slash to `root_url` when using `trailing_slash: true`
-    Fix #8700
+    Fixes #8700.
 
     Before:
 
@@ -223,7 +407,7 @@
 
 *   Do not append `charset=` parameter when `head` is called with a
     `:content_type` option.
-    Fix #8661.
+    Fixes #8661.
 
     *Yves Senn*
 
@@ -381,7 +565,7 @@
 
 *   Render every partial with a new `ActionView::PartialRenderer`. This resolves
     issues when rendering nested partials.
-    Fix #8197.
+    Fixes #8197.
 
     *Yves Senn*
 
@@ -389,7 +573,7 @@
     of mime types where template text is not html escaped by default. It prevents `Jack & Joe`
     from rendering as `Jack &amp; Joe` for the whitelisted mime types. The default whitelist
     contains `text/plain`.
-    Fix #7976.
+    Fixes #7976.
 
     *Joost Baaij*
 
@@ -405,7 +589,7 @@
         check_box("post", "comment_ids", { multiple: true, index: "foo" }, 1)
         # => <input name=\"post[foo][comment_ids][]\" type=\"hidden\" value=\"0\" /><input id=\"post_foo_comment_ids_1\" name=\"post[foo][comment_ids][]\" type=\"checkbox\" value=\"1\" />
 
-    Fix #8108.
+    Fixes #8108.
 
     *Daniel Fox, Grant Hutchins & Trace Wax*
 
@@ -428,7 +612,7 @@
     *Josh Peek*
 
 *   `assert_template` can be used to assert on the same template with different locals
-    Fix #3675.
+    Fixes #3675.
 
     *Yves Senn*
 
@@ -439,7 +623,7 @@
 *   Accept `:remote` as symbolic option for `link_to` helper. *Riley Lynch*
 
 *   Warn when the `:locals` option is passed to `assert_template` outside of a view test case
-    Fix #3415.
+    Fixes #3415.
 
     *Yves Senn*
 
@@ -463,12 +647,12 @@
 
 *   Rename internal variables on `ActionController::TemplateAssertions` to prevent
     naming collisions. `@partials`, `@templates` and `@layouts` are now prefixed with an underscore.
-    Fix #7459.
+    Fixes #7459.
 
     *Yves Senn*
 
 *   `resource` and `resources` don't modify the passed options hash.
-    Fix #7777.
+    Fixes #7777.
 
     *Yves Senn*
 
@@ -532,7 +716,7 @@
     *Guillermo Iguaran*
 
 *   Log now displays the correct status code when an exception is raised.
-    Fix #7646.
+    Fixes #7646.
 
     *Yves Senn*
 

data/lib/abstract_controller/base.rb

@@ -35,7 +35,7 @@ module AbstractController
       end
 
       def inherited(klass) # :nodoc:
-        # define the abstract ivar on subclasses so that we don't get
+        # Define the abstract ivar on subclasses so that we don't get
         # uninitialized ivar warnings
         unless klass.instance_variable_defined?(:@abstract)
           klass.instance_variable_set(:@abstract, false)

data/lib/abstract_controller/helpers.rb

@@ -29,7 +29,7 @@ module AbstractController
       #     helper_method :current_user, :logged_in?
       #
       #     def current_user
-      #       @current_user ||= User.find_by_id(session[:user])
+      #       @current_user ||= User.find_by(id: session[:user])
       #     end
       #
       #     def logged_in?
@@ -59,7 +59,7 @@ module AbstractController
       # The +helper+ class method can take a series of helper module names, a block, or both.
       #
       # ==== Options
-      # * <tt>*args</tt> - Module, Symbol, String, :all
+      # * <tt>*args</tt> - Module, Symbol, String
       # * <tt>block</tt> - A block defining helper methods
       #
       # When the argument is a module it will be included directly in the template class.

data/lib/abstract_controller/layouts.rb

@@ -285,10 +285,9 @@ module AbstractController
         remove_possible_method(:_layout)
 
         prefixes    = _implied_layout_name =~ /\blayouts/ ? [] : ["layouts"]
+        default_behavior = "lookup_context.find_all('#{_implied_layout_name}', #{prefixes.inspect}).first || super"
         name_clause = if name
-          <<-RUBY
-            lookup_context.find_all("#{_implied_layout_name}", #{prefixes.inspect}).first || super
-          RUBY
+          default_behavior
         else
           <<-RUBY
             super
@@ -301,6 +300,7 @@ module AbstractController
           when Symbol
             <<-RUBY
               #{_layout}.tap do |layout|
+                return #{default_behavior} if layout.nil?
                 unless layout.is_a?(String) || !layout
                   raise ArgumentError, "Your layout method :#{_layout} returned \#{layout}. It " \
                     "should have returned a String, false, or nil"
@@ -308,8 +308,13 @@ module AbstractController
               end
             RUBY
           when Proc
-              define_method :_layout_from_proc, &_layout
-              _layout.arity == 0 ? "_layout_from_proc" : "_layout_from_proc(self)"
+            define_method :_layout_from_proc, &_layout
+            protected :_layout_from_proc
+            <<-RUBY
+              result = _layout_from_proc(#{_layout.arity == 0 ? '' : 'self'})
+              return #{default_behavior} if result.nil?
+              result
+            RUBY
           when false
             nil
           when true

data/lib/abstract_controller/rendering.rb

@@ -97,15 +97,23 @@ module AbstractController
       self.response_body = render_to_body(options)
     end
 
-    # Raw rendering of a template to a string. Just convert the results of
-    # render_response into a String.
+    # Raw rendering of a template to a string.
+    #
+    # It is similar to render, except that it does not
+    # set the response_body and it should be guaranteed
+    # to always return a string.
+    #
+    # If a component extends the semantics of response_body
+    # (as Action Controller extends it to be anything that
+    # responds to the method each), this method needs to be
+    # overridden in order to still return a string.
     # :api: plugin
     def render_to_string(*args, &block)
       options = _normalize_render(*args, &block)
       render_to_body(options)
     end
 
-    # Raw rendering of a template to a Rack-compatible body.
+    # Raw rendering of a template.
     # :api: plugin
     def render_to_body(options = {})
       _process_options(options)

data/lib/abstract_controller/translation.rb

@@ -11,7 +11,7 @@ module AbstractController
     def translate(*args)
       key = args.first
       if key.is_a?(String) && (key[0] == '.')
-        key = "#{ controller_path.gsub('/', '.') }.#{ action_name }#{ key }"
+        key = "#{ controller_path.tr('/', '.') }.#{ action_name }#{ key }"
         args[0] = key
       end
 

data/lib/action_controller/log_subscriber.rb

@@ -48,6 +48,11 @@ module ActionController
       info("Sent data #{event.payload[:filename]} (#{event.duration.round(1)}ms)")
     end
 
+    def unpermitted_parameters(event)
+      unpermitted_keys = event.payload[:keys]
+      debug("Unpermitted parameters: #{unpermitted_keys.join(", ")}")
+    end
+
     %w(write_fragment read_fragment exist_fragment?
        expire_fragment expire_page write_page).each do |method|
       class_eval <<-METHOD, __FILE__, __LINE__ + 1

data/lib/action_controller/metal.rb

@@ -36,8 +36,7 @@ module ActionController
       raise "MiddlewareStack#build requires an app" unless app
 
       middlewares.reverse.inject(app) do |a, middleware|
-        middleware.valid?(action) ?
-          middleware.build(a) : a
+        middleware.valid?(action) ? middleware.build(a) : a
       end
     end
   end
@@ -57,7 +56,7 @@ module ActionController
   # And then to route requests to your metal controller, you would add
   # something like this to <tt>config/routes.rb</tt>:
   #
-  #   match 'hello', to: HelloController.action(:index)
+  #   get 'hello', to: HelloController.action(:index)
   #
   # The +action+ method returns a valid Rack application for the \Rails
   # router to dispatch to.

data/lib/action_controller/metal/force_ssl.rb

@@ -1,3 +1,6 @@
+require 'active_support/core_ext/hash/except'
+require 'active_support/core_ext/hash/slice'
+
 module ActionController
   # This module provides a method which will redirect browser to use HTTPS
   # protocol. This will ensure that user's sensitive information will be
@@ -14,6 +17,10 @@ module ActionController
     extend ActiveSupport::Concern
     include AbstractController::Callbacks
 
+    ACTION_OPTIONS = [:only, :except, :if, :unless]
+    URL_OPTIONS = [:protocol, :host, :domain, :subdomain, :port, :path]
+    REDIRECT_OPTIONS = [:status, :flash, :alert, :notice]
+
     module ClassMethods
       # Force the request to this particular controller or specified actions to be
       # under HTTPS protocol.
@@ -29,18 +36,34 @@ module ActionController
       #       end
       #     end
       #
-      # ==== Options
-      # * <tt>host</tt>   - Redirect to a different host name
-      # * <tt>only</tt>   - The callback should be run only for this action
-      # * <tt>except</tt> - The callback should be run for all actions except this action
-      # * <tt>if</tt>     - A symbol naming an instance method or a proc; the callback
-      #                     will be called only when it returns a true value.
-      # * <tt>unless</tt> - A symbol naming an instance method or a proc; the callback
-      #                     will be called only when it returns a false value.
+      # ==== URL Options
+      # You can pass any of the following options to affect the redirect url
+      # * <tt>host</tt>       - Redirect to a different host name
+      # * <tt>subdomain</tt>  - Redirect to a different subdomain
+      # * <tt>domain</tt>     - Redirect to a different domain
+      # * <tt>port</tt>       - Redirect to a non-standard port
+      # * <tt>path</tt>       - Redirect to a different path
+      #
+      # ==== Redirect Options
+      # You can pass any of the following options to affect the redirect status and response
+      # * <tt>status</tt>     - Redirect with a custom status (default is 301 Moved Permanently)
+      # * <tt>flash</tt>      - Set a flash message when redirecting
+      # * <tt>alert</tt>      - Set a alert message when redirecting
+      # * <tt>notice</tt>     - Set a notice message when redirecting
+      #
+      # ==== Action Options
+      # You can pass any of the following options to affect the before_action callback
+      # * <tt>only</tt>       - The callback should be run only for this action
+      # * <tt>except</tt>     - The callback should be run for all actions except this action
+      # * <tt>if</tt>         - A symbol naming an instance method or a proc; the callback
+      #                         will be called only when it returns a true value.
+      # * <tt>unless</tt>     - A symbol naming an instance method or a proc; the callback
+      #                         will be called only when it returns a false value.
       def force_ssl(options = {})
-        host = options.delete(:host)
-        before_action(options) do
-          force_ssl_redirect(host)
+        action_options = options.slice(*ACTION_OPTIONS)
+        redirect_options = options.except(*ACTION_OPTIONS)
+        before_action(action_options) do
+          force_ssl_redirect(redirect_options)
         end
       end
     end
@@ -48,14 +71,26 @@ module ActionController
     # Redirect the existing request to use the HTTPS protocol.
     #
     # ==== Parameters
-    # * <tt>host</tt> - Redirect to a different host name
-    def force_ssl_redirect(host = nil)
+    # * <tt>host_or_options</tt> - Either a host name or any of the url & redirect options
+    #                              available to the <tt>force_ssl</tt> method.
+    def force_ssl_redirect(host_or_options = nil)
       unless request.ssl?
-        redirect_options = {:protocol => 'https://', :status => :moved_permanently}
-        redirect_options.merge!(:host => host) if host
-        redirect_options.merge!(:params => request.query_parameters)
+        options = {
+          :protocol => 'https://',
+          :host     => request.host,
+          :path     => request.fullpath,
+          :status   => :moved_permanently
+        }
+
+        if host_or_options.is_a?(Hash)
+          options.merge!(host_or_options)
+        elsif host_or_options
+          options.merge!(:host => host_or_options)
+        end
+
+        secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
         flash.keep if respond_to?(:flash)
-        redirect_to redirect_options
+        redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
       end
     end
   end