RubyGems - omg-actionpack - Versions diffs - 8.0.0.alpha1 - Mend

omg-actionpack 8.0.0.alpha1

Files changed (187) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +129 -0
data/MIT-LICENSE +21 -0
data/README.rdoc +57 -0
data/lib/abstract_controller/asset_paths.rb +14 -0
data/lib/abstract_controller/base.rb +299 -0
data/lib/abstract_controller/caching/fragments.rb +149 -0
data/lib/abstract_controller/caching.rb +68 -0
data/lib/abstract_controller/callbacks.rb +265 -0
data/lib/abstract_controller/collector.rb +44 -0
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +8 -0
data/lib/abstract_controller/helpers.rb +243 -0
data/lib/abstract_controller/logger.rb +16 -0
data/lib/abstract_controller/railties/routes_helpers.rb +25 -0
data/lib/abstract_controller/rendering.rb +126 -0
data/lib/abstract_controller/translation.rb +42 -0
data/lib/abstract_controller/url_for.rb +37 -0
data/lib/abstract_controller.rb +36 -0
data/lib/action_controller/api/api_rendering.rb +18 -0
data/lib/action_controller/api.rb +155 -0
data/lib/action_controller/base.rb +332 -0
data/lib/action_controller/caching.rb +49 -0
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +55 -0
data/lib/action_controller/log_subscriber.rb +96 -0
data/lib/action_controller/metal/allow_browser.rb +123 -0
data/lib/action_controller/metal/basic_implicit_render.rb +17 -0
data/lib/action_controller/metal/conditional_get.rb +341 -0
data/lib/action_controller/metal/content_security_policy.rb +86 -0
data/lib/action_controller/metal/cookies.rb +20 -0
data/lib/action_controller/metal/data_streaming.rb +154 -0
data/lib/action_controller/metal/default_headers.rb +21 -0
data/lib/action_controller/metal/etag_with_flash.rb +22 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +59 -0
data/lib/action_controller/metal/exceptions.rb +106 -0
data/lib/action_controller/metal/flash.rb +67 -0
data/lib/action_controller/metal/head.rb +67 -0
data/lib/action_controller/metal/helpers.rb +129 -0
data/lib/action_controller/metal/http_authentication.rb +565 -0
data/lib/action_controller/metal/implicit_render.rb +67 -0
data/lib/action_controller/metal/instrumentation.rb +120 -0
data/lib/action_controller/metal/live.rb +398 -0
data/lib/action_controller/metal/logging.rb +22 -0
data/lib/action_controller/metal/mime_responds.rb +337 -0
data/lib/action_controller/metal/parameter_encoding.rb +84 -0
data/lib/action_controller/metal/params_wrapper.rb +312 -0
data/lib/action_controller/metal/permissions_policy.rb +38 -0
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +251 -0
data/lib/action_controller/metal/renderers.rb +181 -0
data/lib/action_controller/metal/rendering.rb +260 -0
data/lib/action_controller/metal/request_forgery_protection.rb +667 -0
data/lib/action_controller/metal/rescue.rb +33 -0
data/lib/action_controller/metal/streaming.rb +183 -0
data/lib/action_controller/metal/strong_parameters.rb +1546 -0
data/lib/action_controller/metal/testing.rb +25 -0
data/lib/action_controller/metal/url_for.rb +65 -0
data/lib/action_controller/metal.rb +339 -0
data/lib/action_controller/railtie.rb +149 -0
data/lib/action_controller/railties/helpers.rb +26 -0
data/lib/action_controller/renderer.rb +161 -0
data/lib/action_controller/template_assertions.rb +13 -0
data/lib/action_controller/test_case.rb +691 -0
data/lib/action_controller.rb +80 -0
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +249 -0
data/lib/action_dispatch/http/content_disposition.rb +47 -0
data/lib/action_dispatch/http/content_security_policy.rb +365 -0
data/lib/action_dispatch/http/filter_parameters.rb +80 -0
data/lib/action_dispatch/http/filter_redirect.rb +50 -0
data/lib/action_dispatch/http/headers.rb +134 -0
data/lib/action_dispatch/http/mime_negotiation.rb +187 -0
data/lib/action_dispatch/http/mime_type.rb +389 -0
data/lib/action_dispatch/http/mime_types.rb +54 -0
data/lib/action_dispatch/http/parameters.rb +119 -0
data/lib/action_dispatch/http/permissions_policy.rb +189 -0
data/lib/action_dispatch/http/rack_cache.rb +67 -0
data/lib/action_dispatch/http/request.rb +498 -0
data/lib/action_dispatch/http/response.rb +556 -0
data/lib/action_dispatch/http/upload.rb +107 -0
data/lib/action_dispatch/http/url.rb +344 -0
data/lib/action_dispatch/journey/formatter.rb +226 -0
data/lib/action_dispatch/journey/gtg/builder.rb +149 -0
data/lib/action_dispatch/journey/gtg/simulator.rb +50 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +217 -0
data/lib/action_dispatch/journey/nfa/dot.rb +27 -0
data/lib/action_dispatch/journey/nodes/node.rb +208 -0
data/lib/action_dispatch/journey/parser.rb +103 -0
data/lib/action_dispatch/journey/path/pattern.rb +209 -0
data/lib/action_dispatch/journey/route.rb +189 -0
data/lib/action_dispatch/journey/router/utils.rb +105 -0
data/lib/action_dispatch/journey/router.rb +151 -0
data/lib/action_dispatch/journey/routes.rb +82 -0
data/lib/action_dispatch/journey/scanner.rb +70 -0
data/lib/action_dispatch/journey/visitors.rb +267 -0
data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
data/lib/action_dispatch/journey/visualizer/fsm.js +159 -0
data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
data/lib/action_dispatch/journey.rb +7 -0
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +38 -0
data/lib/action_dispatch/middleware/cookies.rb +719 -0
data/lib/action_dispatch/middleware/debug_exceptions.rb +206 -0
data/lib/action_dispatch/middleware/debug_locks.rb +129 -0
data/lib/action_dispatch/middleware/debug_view.rb +73 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +350 -0
data/lib/action_dispatch/middleware/executor.rb +32 -0
data/lib/action_dispatch/middleware/flash.rb +318 -0
data/lib/action_dispatch/middleware/host_authorization.rb +171 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +64 -0
data/lib/action_dispatch/middleware/reloader.rb +16 -0
data/lib/action_dispatch/middleware/remote_ip.rb +199 -0
data/lib/action_dispatch/middleware/request_id.rb +50 -0
data/lib/action_dispatch/middleware/server_timing.rb +78 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +112 -0
data/lib/action_dispatch/middleware/session/cache_store.rb +66 -0
data/lib/action_dispatch/middleware/session/cookie_store.rb +129 -0
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +34 -0
data/lib/action_dispatch/middleware/show_exceptions.rb +88 -0
data/lib/action_dispatch/middleware/ssl.rb +180 -0
data/lib/action_dispatch/middleware/stack.rb +194 -0
data/lib/action_dispatch/middleware/static.rb +192 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +17 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +36 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +62 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +12 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +35 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +284 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +19 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +232 -0
data/lib/action_dispatch/railtie.rb +77 -0
data/lib/action_dispatch/request/session.rb +283 -0
data/lib/action_dispatch/request/utils.rb +109 -0
data/lib/action_dispatch/routing/endpoint.rb +19 -0
data/lib/action_dispatch/routing/inspector.rb +323 -0
data/lib/action_dispatch/routing/mapper.rb +2372 -0
data/lib/action_dispatch/routing/polymorphic_routes.rb +363 -0
data/lib/action_dispatch/routing/redirection.rb +218 -0
data/lib/action_dispatch/routing/route_set.rb +958 -0
data/lib/action_dispatch/routing/routes_proxy.rb +66 -0
data/lib/action_dispatch/routing/url_for.rb +244 -0
data/lib/action_dispatch/routing.rb +262 -0
data/lib/action_dispatch/system_test_case.rb +206 -0
data/lib/action_dispatch/system_testing/browser.rb +75 -0
data/lib/action_dispatch/system_testing/driver.rb +85 -0
data/lib/action_dispatch/system_testing/server.rb +33 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +164 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +23 -0
data/lib/action_dispatch/testing/assertion_response.rb +48 -0
data/lib/action_dispatch/testing/assertions/response.rb +114 -0
data/lib/action_dispatch/testing/assertions/routing.rb +343 -0
data/lib/action_dispatch/testing/assertions.rb +25 -0
data/lib/action_dispatch/testing/integration.rb +694 -0
data/lib/action_dispatch/testing/request_encoder.rb +60 -0
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +57 -0
data/lib/action_dispatch/testing/test_request.rb +73 -0
data/lib/action_dispatch/testing/test_response.rb +58 -0
data/lib/action_dispatch.rb +147 -0
data/lib/action_pack/gem_version.rb +19 -0
data/lib/action_pack/version.rb +12 -0
data/lib/action_pack.rb +27 -0
metadata +375 -0

data/lib/action_dispatch/http/parameters.rb ADDED Viewed

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+# :markup: markdown
+module ActionDispatch
+  module Http
+    module Parameters
+      extend ActiveSupport::Concern
+      PARAMETERS_KEY = "action_dispatch.request.path_parameters"
+      DEFAULT_PARSERS = {
+        Mime[:json].symbol => -> (raw_post) {
+          data = ActiveSupport::JSON.decode(raw_post)
+          data.is_a?(Hash) ? data : { _json: data }
+        }
+      }
+      # Raised when raw data from the request cannot be parsed by the parser defined
+      # for request's content MIME type.
+      class ParseError < StandardError
+        def initialize(message = $!.message)
+          super(message)
+        end
+      end
+      included do
+        class << self
+          # Returns the parameter parsers.
+          attr_reader :parameter_parsers
+        end
+        self.parameter_parsers = DEFAULT_PARSERS
+      end
+      module ClassMethods
+        # Configure the parameter parser for a given MIME type.
+        #
+        # It accepts a hash where the key is the symbol of the MIME type and the value
+        # is a proc.
+        #
+        #     original_parsers = ActionDispatch::Request.parameter_parsers
+        #     xml_parser = -> (raw_post) { Hash.from_xml(raw_post) || {} }
+        #     new_parsers = original_parsers.merge(xml: xml_parser)
+        #     ActionDispatch::Request.parameter_parsers = new_parsers
+        def parameter_parsers=(parsers)
+          @parameter_parsers = parsers.transform_keys { |key| key.respond_to?(:symbol) ? key.symbol : key }
+        end
+      end
+      # Returns both GET and POST parameters in a single hash.
+      def parameters
+        params = get_header("action_dispatch.request.parameters")
+        return params if params
+        params = begin
+                   request_parameters.merge(query_parameters)
+                 rescue EOFError
+                   query_parameters.dup
+                 end
+        params.merge!(path_parameters)
+        set_header("action_dispatch.request.parameters", params)
+        params
+      end
+      alias :params :parameters
+      def path_parameters=(parameters) # :nodoc:
+        delete_header("action_dispatch.request.parameters")
+        parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
+        # If any of the path parameters has an invalid encoding then raise since it's
+        # likely to trigger errors further on.
+        Request::Utils.check_param_encoding(parameters)
+        set_header PARAMETERS_KEY, parameters
+      rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
+        raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
+      end
+      # Returns a hash with the parameters used to form the path of the request.
+      # Returned hash keys are symbols:
+      #
+      #     { action: "my_action", controller: "my_controller" }
+      def path_parameters
+        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
+      end
+      private
+        def parse_formatted_parameters(parsers)
+          return yield if content_length.zero? || content_mime_type.nil?
+          strategy = parsers.fetch(content_mime_type.symbol) { return yield }
+          begin
+            strategy.call(raw_post)
+          rescue # JSON or Ruby code block errors.
+            log_parse_error_once
+            raise ParseError, "Error occurred while parsing request parameters"
+          end
+        end
+        def log_parse_error_once
+          @parse_error_logged ||= begin
+            parse_logger = logger || ActiveSupport::Logger.new($stderr)
+            parse_logger.debug <<~MSG.chomp
+              Error occurred while parsing request parameters.
+              Contents:
+              #{raw_post}
+            MSG
+          end
+        end
+        def params_parsers
+          ActionDispatch::Request.parameter_parsers
+        end
+    end
+  end
+end

data/lib/action_dispatch/http/permissions_policy.rb ADDED Viewed

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+# :markup: markdown
+require "active_support/core_ext/object/deep_dup"
+module ActionDispatch # :nodoc:
+  # # Action Dispatch PermissionsPolicy
+  #
+  # Configures the HTTP
+  # [Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
+  # response header to specify which browser features the current
+  # document and its iframes can use.
+  #
+  # Example global policy:
+  #
+  #     Rails.application.config.permissions_policy do |policy|
+  #       policy.camera      :none
+  #       policy.gyroscope   :none
+  #       policy.microphone  :none
+  #       policy.usb         :none
+  #       policy.fullscreen  :self
+  #       policy.payment     :self, "https://secure.example.com"
+  #     end
+  #
+  # The Feature-Policy header has been renamed to Permissions-Policy. The
+  # Permissions-Policy requires a different implementation and isn't yet supported
+  # by all browsers. To avoid having to rename this middleware in the future we
+  # use the new name for the middleware but keep the old header name and
+  # implementation for now.
+  class PermissionsPolicy
+    class Middleware
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        _, headers, _ = response = @app.call(env)
+        return response if policy_present?(headers)
+        request = ActionDispatch::Request.new(env)
+        if policy = request.permissions_policy
+          headers[ActionDispatch::Constants::FEATURE_POLICY] = policy.build(request.controller_instance)
+        end
+        if policy_empty?(policy)
+          headers.delete(ActionDispatch::Constants::FEATURE_POLICY)
+        end
+        response
+      end
+      private
+        def policy_present?(headers)
+          headers[ActionDispatch::Constants::FEATURE_POLICY]
+        end
+        def policy_empty?(policy)
+          policy&.directives&.empty?
+        end
+    end
+    module Request
+      POLICY = "action_dispatch.permissions_policy"
+      def permissions_policy
+        get_header(POLICY)
+      end
+      def permissions_policy=(policy)
+        set_header(POLICY, policy)
+      end
+    end
+    MAPPINGS = {
+      self: "'self'",
+      none: "'none'",
+    }.freeze
+    # List of available permissions can be found at
+    # https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md#policy-controlled-features
+    DIRECTIVES = {
+      accelerometer:        "accelerometer",
+      ambient_light_sensor: "ambient-light-sensor",
+      autoplay:             "autoplay",
+      camera:               "camera",
+      display_capture:      "display-capture",
+      encrypted_media:      "encrypted-media",
+      fullscreen:           "fullscreen",
+      geolocation:          "geolocation",
+      gyroscope:            "gyroscope",
+      hid:                  "hid",
+      idle_detection:       "idle-detection",
+      keyboard_map:         "keyboard-map",
+      magnetometer:         "magnetometer",
+      microphone:           "microphone",
+      midi:                 "midi",
+      payment:              "payment",
+      picture_in_picture:   "picture-in-picture",
+      screen_wake_lock:     "screen-wake-lock",
+      serial:               "serial",
+      sync_xhr:             "sync-xhr",
+      usb:                  "usb",
+      web_share:            "web-share",
+    }.freeze
+    private_constant :MAPPINGS, :DIRECTIVES
+    attr_reader :directives
+    def initialize
+      @directives = {}
+      yield self if block_given?
+    end
+    def initialize_copy(other)
+      @directives = other.directives.deep_dup
+    end
+    DIRECTIVES.each do |name, directive|
+      define_method(name) do |*sources|
+        if sources.first
+          @directives[directive] = apply_mappings(sources)
+        else
+          @directives.delete(directive)
+        end
+      end
+    end
+    def build(context = nil)
+      build_directives(context).compact.join("; ")
+    end
+    private
+      def apply_mappings(sources)
+        sources.map do |source|
+          case source
+          when Symbol
+            apply_mapping(source)
+          when String, Proc
+            source
+          else
+            raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}"
+          end
+        end
+      end
+      def apply_mapping(source)
+        MAPPINGS.fetch(source) do
+          raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}"
+        end
+      end
+      def build_directives(context)
+        @directives.map do |directive, sources|
+          if sources.is_a?(Array)
+            "#{directive} #{build_directive(sources, context).join(' ')}"
+          elsif sources
+            directive
+          else
+            nil
+          end
+        end
+      end
+      def build_directive(sources, context)
+        sources.map { |source| resolve_source(source, context) }
+      end
+      def resolve_source(source, context)
+        case source
+        when String
+          source
+        when Symbol
+          source.to_s
+        when Proc
+          if context.nil?
+            raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}"
+          else
+            context.instance_exec(&source)
+          end
+        else
+          raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}"
+        end
+      end
+  end
+end

data/lib/action_dispatch/http/rack_cache.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+# :enddoc:
+# :markup: markdown
+require "rack/cache"
+require "rack/cache/context"
+require "active_support/cache"
+module ActionDispatch
+  class RailsMetaStore < Rack::Cache::MetaStore
+    def self.resolve(uri)
+      new
+    end
+    def initialize(store = Rails.cache)
+      @store = store
+    end
+    def read(key)
+      if data = @store.read(key)
+        Marshal.load(data)
+      else
+        []
+      end
+    end
+    def write(key, value)
+      @store.write(key, Marshal.dump(value))
+    end
+    ::Rack::Cache::MetaStore::RAILS = self
+  end
+  class RailsEntityStore < Rack::Cache::EntityStore
+    def self.resolve(uri)
+      new
+    end
+    def initialize(store = Rails.cache)
+      @store = store
+    end
+    def exist?(key)
+      @store.exist?(key)
+    end
+    def open(key)
+      @store.read(key)
+    end
+    def read(key)
+      body = open(key)
+      body.join if body
+    end
+    def write(body)
+      buf = []
+      key, size = slurp(body) { |part| buf << part }
+      @store.write(key, buf)
+      [key, size]
+    end
+    ::Rack::Cache::EntityStore::RAILS = self
+  end
+end