activesupport 3.1.12 → 3.2.0.rc1

data/lib/active_support/json/decoding.rb

@@ -9,13 +9,7 @@ module ActiveSupport
   module JSON
     class << self
       def decode(json, options ={})
-        # Can't reliably detect whether MultiJson responds to load, since it's
-        # a reserved word. Use adapter as a proxy for new features.
-        data = if MultiJson.respond_to?(:adapter)
-          MultiJson.load(json, options)
-        else
-          MultiJson.decode(json, options)
-        end
+        data = MultiJson.decode(json, options)
         if ActiveSupport.parse_json_times
           convert_dates_from(data)
         else
@@ -24,20 +18,12 @@ module ActiveSupport
       end
 
       def engine
-        if MultiJson.respond_to?(:adapter)
-          MultiJson.adapter
-        else
-          MultiJson.engine
-        end
+        MultiJson.engine
       end
       alias :backend :engine
 
       def engine=(name)
-        if MultiJson.respond_to?(:use)
-          MultiJson.use name
-        else
-          MultiJson.engine = name
-        end
+        MultiJson.engine = name
       end
       alias :backend= :engine=
 

data/lib/active_support/json/encoding.rb

@@ -1,6 +1,5 @@
 require 'active_support/core_ext/object/to_json'
 require 'active_support/core_ext/module/delegation'
-require 'active_support/deprecation'
 require 'active_support/json/variable'
 require 'active_support/ordered_hash'
 
@@ -14,6 +13,7 @@ require 'time'
 require 'active_support/core_ext/time/conversions'
 require 'active_support/core_ext/date_time/conversions'
 require 'active_support/core_ext/date/conversions'
+require 'set'
 
 module ActiveSupport
   class << self
@@ -38,8 +38,8 @@ module ActiveSupport
         attr_reader :options
 
         def initialize(options = nil)
-          @options = options
-          @seen = []
+          @options = options || {}
+          @seen = Set.new
         end
 
         def encode(value, use_options = true)
@@ -50,16 +50,16 @@ module ActiveSupport
         end
 
         # like encode, but only calls as_json, without encoding to string
-        def as_json(value)
+        def as_json(value, use_options = true)
           check_for_circular_references(value) do
-            value.as_json(options_for(value))
+            use_options ? value.as_json(options_for(value)) : value.as_json
           end
         end
 
         def options_for(value)
           if value.is_a?(Array) || value.is_a?(Hash)
             # hashes and arrays need to get encoder in the options, so that they can detect circular references
-            (options || {}).merge(:encoder => self)
+            options.merge(:encoder => self)
           else
             options
           end
@@ -71,13 +71,12 @@ module ActiveSupport
 
         private
           def check_for_circular_references(value)
-            if @seen.any? { |object| object.equal?(value) }
+            unless @seen.add?(value.__id__)
               raise CircularReferenceError, 'object references itself'
             end
-            @seen.unshift value
             yield
           ensure
-            @seen.shift
+            @seen.delete(value.__id__)
           end
       end
 
@@ -139,8 +138,6 @@ module ActiveSupport
       self.use_standard_json_time_format = true
       self.escape_html_entities_in_json  = false
     end
-
-    CircularReferenceError = Deprecation::DeprecatedConstantProxy.new('ActiveSupport::JSON::CircularReferenceError', Encoding::CircularReferenceError)
   end
 end
 
@@ -215,7 +212,7 @@ class Array
   def as_json(options = nil) #:nodoc:
     # use encoder as a proxy to call as_json on all elements, to protect from circular references
     encoder = options && options[:encoder] || ActiveSupport::JSON::Encoding::Encoder.new(options)
-    map { |v| encoder.as_json(v) }
+    map { |v| encoder.as_json(v, options) }
   end
 
   def encode_json(encoder) #:nodoc:
@@ -242,7 +239,7 @@ class Hash
     # use encoder as a proxy to call as_json on all values in the subset, to protect from circular references
     encoder = options && options[:encoder] || ActiveSupport::JSON::Encoding::Encoder.new(options)
     result = self.is_a?(ActiveSupport::OrderedHash) ? ActiveSupport::OrderedHash : Hash
-    result[subset.map { |k, v| [k.to_s, encoder.as_json(v)] }]
+    result[subset.map { |k, v| [k.to_s, encoder.as_json(v, options)] }]
   end
 
   def encode_json(encoder)
@@ -284,4 +281,4 @@ class DateTime
       strftime('%Y/%m/%d %H:%M:%S %z')
     end
   end
-end
+end

data/lib/active_support/memoizable.rb

@@ -1,8 +1,15 @@
 require 'active_support/core_ext/kernel/singleton_class'
 require 'active_support/core_ext/module/aliasing'
+require 'active_support/deprecation'
 
 module ActiveSupport
   module Memoizable
+    def self.extended(base)
+      ActiveSupport::Deprecation.warn "ActiveSupport::Memoizable is deprecated and will be removed in future releases," \
+        "simply use Ruby memoization pattern instead.", caller
+      super
+    end
+
     def self.memoized_ivar_for(symbol)
       "@_memoized_#{symbol.to_s.sub(/\?\Z/, '_query').sub(/!\Z/, '_bang')}".to_sym
     end
@@ -79,7 +86,11 @@ module ActiveSupport
           else                                                                     # else
             def #{symbol}(*args)                                                   #   def mime_type(*args)
               #{memoized_ivar} ||= {} unless frozen?                               #     @_memoized_mime_type ||= {} unless frozen?
-              reload = args.pop if args.last == true || args.last == :reload       #     reload = args.pop if args.last == true || args.last == :reload
+              args_length = method(:#{original_method}).arity                      #     args_length = method(:_unmemoized_mime_type).arity
+              if args.length == args_length + 1 &&                                 #     if args.length == args_length + 1 &&
+                (args.last == true || args.last == :reload)                        #       (args.last == true || args.last == :reload)
+                reload = args.pop                                                  #       reload = args.pop
+              end                                                                  #     end
                                                                                    #
               if defined?(#{memoized_ivar}) && #{memoized_ivar}                    #     if defined?(@_memoized_mime_type) && @_memoized_mime_type
                 if !reload && #{memoized_ivar}.has_key?(args)                      #       if !reload && @_memoized_mime_type.has_key?(args)

data/lib/active_support/message_encryptor.rb

@@ -10,15 +10,58 @@ module ActiveSupport
   # This can be used in situations similar to the <tt>MessageVerifier</tt>, but where you don't
   # want users to be able to determine the value of the payload.
   class MessageEncryptor
+    module NullSerializer #:nodoc:
+      def self.load(value)
+        value
+      end
+
+      def self.dump(value)
+        value
+      end
+    end
+
     class InvalidMessage < StandardError; end
     OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
 
-    def initialize(secret, cipher = 'aes-256-cbc')
+    def initialize(secret, options = {})
+      unless options.is_a?(Hash)
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to specify the cipher algorithm."
+        options = { :cipher => options }
+      end
+
       @secret = secret
-      @cipher = cipher
+      @cipher = options[:cipher] || 'aes-256-cbc'
+      @verifier = MessageVerifier.new(@secret, :serializer => NullSerializer)
+      @serializer = options[:serializer] || Marshal
     end
 
     def encrypt(value)
+      ActiveSupport::Deprecation.warn "MessageEncryptor#encrypt is deprecated as it is not safe without a signature. " \
+        "Please use MessageEncryptor#encrypt_and_sign instead."
+      _encrypt(value)
+    end
+
+    def decrypt(value)
+      ActiveSupport::Deprecation.warn "MessageEncryptor#decrypt is deprecated as it is not safe without a signature. " \
+        "Please use MessageEncryptor#decrypt_and_verify instead."
+      _decrypt(value)
+    end
+
+    # Encrypt and sign a message. We need to sign the message in order to avoid padding attacks.
+    # Reference: http://www.limited-entropy.com/padding-oracle-attacks
+    def encrypt_and_sign(value)
+      verifier.generate(_encrypt(value))
+    end
+
+    # Decrypt and verify a message. We need to verify the message in order to avoid padding attacks.
+    # Reference: http://www.limited-entropy.com/padding-oracle-attacks
+    def decrypt_and_verify(value)
+      _decrypt(verifier.verify(value))
+    end
+
+    private
+
+    def _encrypt(value)
       cipher = new_cipher
       # Rely on OpenSSL for the initialization vector
       iv = cipher.random_iv
@@ -27,13 +70,13 @@ module ActiveSupport
       cipher.key = @secret
       cipher.iv  = iv
 
-      encrypted_data = cipher.update(Marshal.dump(value))
+      encrypted_data = cipher.update(@serializer.dump(value))
       encrypted_data << cipher.final
 
       [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
     end
 
-    def decrypt(encrypted_message)
+    def _decrypt(encrypted_message)
       cipher = new_cipher
       encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)}
 
@@ -44,28 +87,17 @@ module ActiveSupport
       decrypted_data = cipher.update(encrypted_data)
       decrypted_data << cipher.final
 
-      Marshal.load(decrypted_data)
+      @serializer.load(decrypted_data)
     rescue OpenSSLCipherError, TypeError
       raise InvalidMessage
     end
 
-    def encrypt_and_sign(value)
-      verifier.generate(encrypt(value))
+    def new_cipher
+      OpenSSL::Cipher::Cipher.new(@cipher)
     end
 
-    def decrypt_and_verify(value)
-      decrypt(verifier.verify(value))
+    def verifier
+      @verifier
     end
-
-
-
-    private
-      def new_cipher
-        OpenSSL::Cipher::Cipher.new(@cipher)
-      end
-
-      def verifier
-        MessageVerifier.new(@secret)
-      end
   end
 end

data/lib/active_support/message_verifier.rb

@@ -18,12 +18,23 @@ module ActiveSupport
   #     self.current_user = User.find(id)
   #   end
   #
+  # By default it uses Marshal to serialize the message. If you want to use another 
+  # serialization method, you can set the serializer attribute to something that responds
+  # to dump and load, e.g.:
+  #
+  #   @verifier.serializer = YAML
   class MessageVerifier
     class InvalidSignature < StandardError; end
 
-    def initialize(secret, digest = 'SHA1')
+    def initialize(secret, options = {})
+      unless options.is_a?(Hash)
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to specify the digest algorithm."
+        options = { :digest => options }
+      end
+
       @secret = secret
-      @digest = digest
+      @digest = options[:digest] || 'SHA1'
+      @serializer = options[:serializer] || Marshal
     end
 
     def verify(signed_message)
@@ -31,14 +42,14 @@ module ActiveSupport
 
       data, digest = signed_message.split("--")
       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
-        Marshal.load(ActiveSupport::Base64.decode64(data))
+        @serializer.load(ActiveSupport::Base64.decode64(data))
       else
         raise InvalidSignature
       end
     end
 
     def generate(value)
-      data = ActiveSupport::Base64.encode64s(Marshal.dump(value))
+      data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
       "#{data}--#{generate_digest(data)}"
     end
 

data/lib/active_support/notifications.rb

@@ -1,36 +1,102 @@
 module ActiveSupport
-  # Notifications provides an instrumentation API for Ruby. To instrument an
-  # action in Ruby you just need to do:
+  # = Notifications
   #
-  #   ActiveSupport::Notifications.instrument(:render, :extra => :information) do
+  # +ActiveSupport::Notifications+ provides an instrumentation API for Ruby.
+  #
+  # == Instrumenters
+  #
+  # To instrument an event you just need to do:
+  #
+  #   ActiveSupport::Notifications.instrument("render", :extra => :information) do
   #     render :text => "Foo"
   #   end
   #
+  # That executes the block first and notifies all subscribers once done.
+  #
+  # In the example above "render" is the name of the event, and the rest is called
+  # the _payload_. The payload is a mechanism that allows instrumenters to pass
+  # extra information to subscribers. Payloads consist of a hash whose contents
+  # are arbitrary and generally depend on the event.
+  #
+  # == Subscribers
+  #
   # You can consume those events and the information they provide by registering
-  # a log subscriber. For instance, let's store all instrumented events in an array:
+  # a subscriber. For instance, let's store all "render" events in an array:
   #
-  #   @events = []
+  #   events = []
   #
-  #   ActiveSupport::Notifications.subscribe do |*args|
-  #     @events << ActiveSupport::Notifications::Event.new(*args)
+  #   ActiveSupport::Notifications.subscribe("render") do |*args|
+  #     events << ActiveSupport::Notifications::Event.new(*args)
   #   end
   #
-  #   ActiveSupport::Notifications.instrument(:render, :extra => :information) do
+  # That code returns right away, you are just subscribing to "render" events.
+  # The block will be called asynchronously whenever someone instruments "render":
+  #
+  #   ActiveSupport::Notifications.instrument("render", :extra => :information) do
   #     render :text => "Foo"
   #   end
   #
-  #   event = @events.first
-  #   event.name      # => :render
+  #   event = events.first
+  #   event.name      # => "render"
   #   event.duration  # => 10 (in milliseconds)
   #   event.payload   # => { :extra => :information }
   #
-  # When subscribing to Notifications, you can pass a pattern, to only consume
-  # events that match the pattern:
+  # The block in the +subscribe+ call gets the name of the event, start
+  # timestamp, end timestamp, a string with a unique identifier for that event
+  # (something like "535801666f04d0298cd6"), and a hash with the payload, in
+  # that order.
   #
-  #   ActiveSupport::Notifications.subscribe(/render/) do |event|
-  #     @render_events << event
+  # If an exception happens during that particular instrumentation the payload will
+  # have a key +:exception+ with an array of two elements as value: a string with
+  # the name of the exception class, and the exception message.
+  #
+  # As the previous example depicts, the class +ActiveSupport::Notifications::Event+
+  # is able to take the arguments as they come and provide an object-oriented
+  # interface to that data.
+  #
+  # You can also subscribe to all events whose name matches a certain regexp:
+  #
+  #   ActiveSupport::Notifications.subscribe(/render/) do |*args|
+  #     ...
   #   end
   #
+  # and even pass no argument to +subscribe+, in which case you are subscribing
+  # to all events.
+  #
+  # == Temporary Subscriptions
+  #
+  # Sometimes you do not want to subscribe to an event for the entire life of
+  # the application. There are two ways to unsubscribe.
+  #
+  # === Subscribe While a Block Runs
+  #
+  # You can subscribe to some event temporarily while some block runs. For
+  # example, in
+  #
+  #   callback = lambda {|*args| ... }
+  #   ActiveSupport::Notifications.subscribed(callback, "sql.active_record") do
+  #     ...
+  #   end
+  #
+  # the callback will be called for all "sql.active_record" events instrumented
+  # during the execution of the block. The callback is unsubscribed automatically
+  # after that.
+  #
+  # === Manual Unsubscription
+  #
+  # The +subscribe+ method returns a subscriber object:
+  #
+  #   subscriber = ActiveSupport::Notifications.subscribe("render") do |*args|
+  #     ...
+  #   end
+  #
+  # To prevent that block from being called anymore, just unsubscribe passing
+  # that reference:
+  #
+  #   ActiveSupport::Notifications.unsubscribe(subscriber)
+  #
+  # == Default Queue
+  #
   # Notifications ships with a queue implementation that consumes and publish events
   # to log subscribers in a thread. You can use any queue implementation you want.
   #
@@ -62,6 +128,13 @@ module ActiveSupport
         end
       end
 
+      def subscribed(callback, *args, &block)
+        subscriber = subscribe(*args, &callback)
+        yield
+      ensure
+        unsubscribe(subscriber)
+      end
+
       def unsubscribe(args)
         notifier.unsubscribe(args)
         @instrumenters.clear

data/lib/active_support/notifications/instrumenter.rb

@@ -1,4 +1,3 @@
-require 'active_support/secure_random'
 require 'active_support/core_ext/module/delegation'
 
 module ActiveSupport
@@ -29,7 +28,7 @@ module ActiveSupport
 
       private
         def unique_id
-          ::SecureRandom.hex(10)
+          SecureRandom.hex(10)
         end
     end