RubyGems - omg-actionpack - Versions diffs - 8.0.0.alpha1 - Mend

omg-actionpack 8.0.0.alpha1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +129 -0
data/MIT-LICENSE +21 -0
data/README.rdoc +57 -0
data/lib/abstract_controller/asset_paths.rb +14 -0
data/lib/abstract_controller/base.rb +299 -0
data/lib/abstract_controller/caching/fragments.rb +149 -0
data/lib/abstract_controller/caching.rb +68 -0
data/lib/abstract_controller/callbacks.rb +265 -0
data/lib/abstract_controller/collector.rb +44 -0
data/lib/abstract_controller/deprecator.rb +9 -0
data/lib/abstract_controller/error.rb +8 -0
data/lib/abstract_controller/helpers.rb +243 -0
data/lib/abstract_controller/logger.rb +16 -0
data/lib/abstract_controller/railties/routes_helpers.rb +25 -0
data/lib/abstract_controller/rendering.rb +126 -0
data/lib/abstract_controller/translation.rb +42 -0
data/lib/abstract_controller/url_for.rb +37 -0
data/lib/abstract_controller.rb +36 -0
data/lib/action_controller/api/api_rendering.rb +18 -0
data/lib/action_controller/api.rb +155 -0
data/lib/action_controller/base.rb +332 -0
data/lib/action_controller/caching.rb +49 -0
data/lib/action_controller/deprecator.rb +9 -0
data/lib/action_controller/form_builder.rb +55 -0
data/lib/action_controller/log_subscriber.rb +96 -0
data/lib/action_controller/metal/allow_browser.rb +123 -0
data/lib/action_controller/metal/basic_implicit_render.rb +17 -0
data/lib/action_controller/metal/conditional_get.rb +341 -0
data/lib/action_controller/metal/content_security_policy.rb +86 -0
data/lib/action_controller/metal/cookies.rb +20 -0
data/lib/action_controller/metal/data_streaming.rb +154 -0
data/lib/action_controller/metal/default_headers.rb +21 -0
data/lib/action_controller/metal/etag_with_flash.rb +22 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +59 -0
data/lib/action_controller/metal/exceptions.rb +106 -0
data/lib/action_controller/metal/flash.rb +67 -0
data/lib/action_controller/metal/head.rb +67 -0
data/lib/action_controller/metal/helpers.rb +129 -0
data/lib/action_controller/metal/http_authentication.rb +565 -0
data/lib/action_controller/metal/implicit_render.rb +67 -0
data/lib/action_controller/metal/instrumentation.rb +120 -0
data/lib/action_controller/metal/live.rb +398 -0
data/lib/action_controller/metal/logging.rb +22 -0
data/lib/action_controller/metal/mime_responds.rb +337 -0
data/lib/action_controller/metal/parameter_encoding.rb +84 -0
data/lib/action_controller/metal/params_wrapper.rb +312 -0
data/lib/action_controller/metal/permissions_policy.rb +38 -0
data/lib/action_controller/metal/rate_limiting.rb +62 -0
data/lib/action_controller/metal/redirecting.rb +251 -0
data/lib/action_controller/metal/renderers.rb +181 -0
data/lib/action_controller/metal/rendering.rb +260 -0
data/lib/action_controller/metal/request_forgery_protection.rb +667 -0
data/lib/action_controller/metal/rescue.rb +33 -0
data/lib/action_controller/metal/streaming.rb +183 -0
data/lib/action_controller/metal/strong_parameters.rb +1546 -0
data/lib/action_controller/metal/testing.rb +25 -0
data/lib/action_controller/metal/url_for.rb +65 -0
data/lib/action_controller/metal.rb +339 -0
data/lib/action_controller/railtie.rb +149 -0
data/lib/action_controller/railties/helpers.rb +26 -0
data/lib/action_controller/renderer.rb +161 -0
data/lib/action_controller/template_assertions.rb +13 -0
data/lib/action_controller/test_case.rb +691 -0
data/lib/action_controller.rb +80 -0
data/lib/action_dispatch/constants.rb +34 -0
data/lib/action_dispatch/deprecator.rb +9 -0
data/lib/action_dispatch/http/cache.rb +249 -0
data/lib/action_dispatch/http/content_disposition.rb +47 -0
data/lib/action_dispatch/http/content_security_policy.rb +365 -0
data/lib/action_dispatch/http/filter_parameters.rb +80 -0
data/lib/action_dispatch/http/filter_redirect.rb +50 -0
data/lib/action_dispatch/http/headers.rb +134 -0
data/lib/action_dispatch/http/mime_negotiation.rb +187 -0
data/lib/action_dispatch/http/mime_type.rb +389 -0
data/lib/action_dispatch/http/mime_types.rb +54 -0
data/lib/action_dispatch/http/parameters.rb +119 -0
data/lib/action_dispatch/http/permissions_policy.rb +189 -0
data/lib/action_dispatch/http/rack_cache.rb +67 -0
data/lib/action_dispatch/http/request.rb +498 -0
data/lib/action_dispatch/http/response.rb +556 -0
data/lib/action_dispatch/http/upload.rb +107 -0
data/lib/action_dispatch/http/url.rb +344 -0
data/lib/action_dispatch/journey/formatter.rb +226 -0
data/lib/action_dispatch/journey/gtg/builder.rb +149 -0
data/lib/action_dispatch/journey/gtg/simulator.rb +50 -0
data/lib/action_dispatch/journey/gtg/transition_table.rb +217 -0
data/lib/action_dispatch/journey/nfa/dot.rb +27 -0
data/lib/action_dispatch/journey/nodes/node.rb +208 -0
data/lib/action_dispatch/journey/parser.rb +103 -0
data/lib/action_dispatch/journey/path/pattern.rb +209 -0
data/lib/action_dispatch/journey/route.rb +189 -0
data/lib/action_dispatch/journey/router/utils.rb +105 -0
data/lib/action_dispatch/journey/router.rb +151 -0
data/lib/action_dispatch/journey/routes.rb +82 -0
data/lib/action_dispatch/journey/scanner.rb +70 -0
data/lib/action_dispatch/journey/visitors.rb +267 -0
data/lib/action_dispatch/journey/visualizer/fsm.css +30 -0
data/lib/action_dispatch/journey/visualizer/fsm.js +159 -0
data/lib/action_dispatch/journey/visualizer/index.html.erb +52 -0
data/lib/action_dispatch/journey.rb +7 -0
data/lib/action_dispatch/log_subscriber.rb +25 -0
data/lib/action_dispatch/middleware/actionable_exceptions.rb +46 -0
data/lib/action_dispatch/middleware/assume_ssl.rb +27 -0
data/lib/action_dispatch/middleware/callbacks.rb +38 -0
data/lib/action_dispatch/middleware/cookies.rb +719 -0
data/lib/action_dispatch/middleware/debug_exceptions.rb +206 -0
data/lib/action_dispatch/middleware/debug_locks.rb +129 -0
data/lib/action_dispatch/middleware/debug_view.rb +73 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +350 -0
data/lib/action_dispatch/middleware/executor.rb +32 -0
data/lib/action_dispatch/middleware/flash.rb +318 -0
data/lib/action_dispatch/middleware/host_authorization.rb +171 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +64 -0
data/lib/action_dispatch/middleware/reloader.rb +16 -0
data/lib/action_dispatch/middleware/remote_ip.rb +199 -0
data/lib/action_dispatch/middleware/request_id.rb +50 -0
data/lib/action_dispatch/middleware/server_timing.rb +78 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +112 -0
data/lib/action_dispatch/middleware/session/cache_store.rb +66 -0
data/lib/action_dispatch/middleware/session/cookie_store.rb +129 -0
data/lib/action_dispatch/middleware/session/mem_cache_store.rb +34 -0
data/lib/action_dispatch/middleware/show_exceptions.rb +88 -0
data/lib/action_dispatch/middleware/ssl.rb +180 -0
data/lib/action_dispatch/middleware/stack.rb +194 -0
data/lib/action_dispatch/middleware/static.rb +192 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +17 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +36 -0
data/lib/action_dispatch/middleware/templates/rescues/_source.text.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +62 -0
data/lib/action_dispatch/middleware/templates/rescues/_trace.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +12 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +35 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +9 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +24 -0
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +16 -0
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +284 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +23 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +32 -0
data/lib/action_dispatch/middleware/templates/rescues/routing_error.text.erb +11 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +20 -0
data/lib/action_dispatch/middleware/templates/rescues/template_error.text.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +6 -0
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/routes/_route.html.erb +19 -0
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +232 -0
data/lib/action_dispatch/railtie.rb +77 -0
data/lib/action_dispatch/request/session.rb +283 -0
data/lib/action_dispatch/request/utils.rb +109 -0
data/lib/action_dispatch/routing/endpoint.rb +19 -0
data/lib/action_dispatch/routing/inspector.rb +323 -0
data/lib/action_dispatch/routing/mapper.rb +2372 -0
data/lib/action_dispatch/routing/polymorphic_routes.rb +363 -0
data/lib/action_dispatch/routing/redirection.rb +218 -0
data/lib/action_dispatch/routing/route_set.rb +958 -0
data/lib/action_dispatch/routing/routes_proxy.rb +66 -0
data/lib/action_dispatch/routing/url_for.rb +244 -0
data/lib/action_dispatch/routing.rb +262 -0
data/lib/action_dispatch/system_test_case.rb +206 -0
data/lib/action_dispatch/system_testing/browser.rb +75 -0
data/lib/action_dispatch/system_testing/driver.rb +85 -0
data/lib/action_dispatch/system_testing/server.rb +33 -0
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +164 -0
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +23 -0
data/lib/action_dispatch/testing/assertion_response.rb +48 -0
data/lib/action_dispatch/testing/assertions/response.rb +114 -0
data/lib/action_dispatch/testing/assertions/routing.rb +343 -0
data/lib/action_dispatch/testing/assertions.rb +25 -0
data/lib/action_dispatch/testing/integration.rb +694 -0
data/lib/action_dispatch/testing/request_encoder.rb +60 -0
data/lib/action_dispatch/testing/test_helpers/page_dump_helper.rb +35 -0
data/lib/action_dispatch/testing/test_process.rb +57 -0
data/lib/action_dispatch/testing/test_request.rb +73 -0
data/lib/action_dispatch/testing/test_response.rb +58 -0
data/lib/action_dispatch.rb +147 -0
data/lib/action_pack/gem_version.rb +19 -0
data/lib/action_pack/version.rb +12 -0
data/lib/action_pack.rb +27 -0
metadata +375 -0

data/lib/action_dispatch/http/parameters.rb ADDED Viewed

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+# :markup: markdown
+module ActionDispatch
+  module Http
+    module Parameters
+      extend ActiveSupport::Concern
+      PARAMETERS_KEY = "action_dispatch.request.path_parameters"
+      DEFAULT_PARSERS = {
+        Mime[:json].symbol => -> (raw_post) {
+          data = ActiveSupport::JSON.decode(raw_post)
+          data.is_a?(Hash) ? data : { _json: data }
+        }
+      }
+      # Raised when raw data from the request cannot be parsed by the parser defined
+      # for request's content MIME type.
+      class ParseError < StandardError
+        def initialize(message = $!.message)
+          super(message)
+        end
+      end
+      included do
+        class << self
+          # Returns the parameter parsers.
+          attr_reader :parameter_parsers
+        end
+        self.parameter_parsers = DEFAULT_PARSERS
+      end
+      module ClassMethods
+        # Configure the parameter parser for a given MIME type.
+        #
+        # It accepts a hash where the key is the symbol of the MIME type and the value
+        # is a proc.
+        #
+        #     original_parsers = ActionDispatch::Request.parameter_parsers
+        #     xml_parser = -> (raw_post) { Hash.from_xml(raw_post) || {} }
+        #     new_parsers = original_parsers.merge(xml: xml_parser)
+        #     ActionDispatch::Request.parameter_parsers = new_parsers
+        def parameter_parsers=(parsers)
+          @parameter_parsers = parsers.transform_keys { |key| key.respond_to?(:symbol) ? key.symbol : key }
+        end
+      end
+      # Returns both GET and POST parameters in a single hash.
+      def parameters
+        params = get_header("action_dispatch.request.parameters")
+        return params if params
+        params = begin
+                   request_parameters.merge(query_parameters)
+                 rescue EOFError
+                   query_parameters.dup
+                 end
+        params.merge!(path_parameters)
+        set_header("action_dispatch.request.parameters", params)
+        params
+      end
+      alias :params :parameters
+      def path_parameters=(parameters) # :nodoc:
+        delete_header("action_dispatch.request.parameters")
+        parameters = Request::Utils.set_binary_encoding(self, parameters, parameters[:controller], parameters[:action])
+        # If any of the path parameters has an invalid encoding then raise since it's
+        # likely to trigger errors further on.
+        Request::Utils.check_param_encoding(parameters)
+        set_header PARAMETERS_KEY, parameters
+      rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
+        raise ActionController::BadRequest.new("Invalid path parameters: #{e.message}")
+      end
+      # Returns a hash with the parameters used to form the path of the request.
+      # Returned hash keys are symbols:
+      #
+      #     { action: "my_action", controller: "my_controller" }
+      def path_parameters
+        get_header(PARAMETERS_KEY) || set_header(PARAMETERS_KEY, {})
+      end
+      private
+        def parse_formatted_parameters(parsers)
+          return yield if content_length.zero? || content_mime_type.nil?
+          strategy = parsers.fetch(content_mime_type.symbol) { return yield }
+          begin
+            strategy.call(raw_post)
+          rescue # JSON or Ruby code block errors.
+            log_parse_error_once
+            raise ParseError, "Error occurred while parsing request parameters"
+          end
+        end
+        def log_parse_error_once
+          @parse_error_logged ||= begin
+            parse_logger = logger || ActiveSupport::Logger.new($stderr)
+            parse_logger.debug <<~MSG.chomp
+              Error occurred while parsing request parameters.
+              Contents:
+              #{raw_post}
+            MSG
+          end
+        end
+        def params_parsers
+          ActionDispatch::Request.parameter_parsers
+        end
+    end
+  end
+end

data/lib/action_dispatch/http/permissions_policy.rb ADDED Viewed

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+# :markup: markdown
+require "active_support/core_ext/object/deep_dup"
+module ActionDispatch # :nodoc:
+  # # Action Dispatch PermissionsPolicy
+  #
+  # Configures the HTTP
+  # [Feature-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy)
+  # response header to specify which browser features the current
+  # document and its iframes can use.
+  #
+  # Example global policy:
+  #
+  #     Rails.application.config.permissions_policy do |policy|
+  #       policy.camera      :none
+  #       policy.gyroscope   :none
+  #       policy.microphone  :none
+  #       policy.usb         :none
+  #       policy.fullscreen  :self
+  #       policy.payment     :self, "https://secure.example.com"
+  #     end
+  #
+  # The Feature-Policy header has been renamed to Permissions-Policy. The
+  # Permissions-Policy requires a different implementation and isn't yet supported
+  # by all browsers. To avoid having to rename this middleware in the future we
+  # use the new name for the middleware but keep the old header name and
+  # implementation for now.
+  class PermissionsPolicy
+    class Middleware
+      def initialize(app)
+        @app = app
+      end
+      def call(env)
+        _, headers, _ = response = @app.call(env)
+        return response if policy_present?(headers)
+        request = ActionDispatch::Request.new(env)
+        if policy = request.permissions_policy
+          headers[ActionDispatch::Constants::FEATURE_POLICY] = policy.build(request.controller_instance)
+        end
+        if policy_empty?(policy)
+          headers.delete(ActionDispatch::Constants::FEATURE_POLICY)
+        end
+        response
+      end
+      private
+        def policy_present?(headers)
+          headers[ActionDispatch::Constants::FEATURE_POLICY]
+        end
+        def policy_empty?(policy)
+          policy&.directives&.empty?
+        end
+    end
+    module Request
+      POLICY = "action_dispatch.permissions_policy"
+      def permissions_policy
+        get_header(POLICY)
+      end
+      def permissions_policy=(policy)
+        set_header(POLICY, policy)
+      end
+    end
+    MAPPINGS = {
+      self: "'self'",
+      none: "'none'",
+    }.freeze
+    # List of available permissions can be found at
+    # https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md#policy-controlled-features
+    DIRECTIVES = {
+      accelerometer:        "accelerometer",
+      ambient_light_sensor: "ambient-light-sensor",
+      autoplay:             "autoplay",
+      camera:               "camera",
+      display_capture:      "display-capture",
+      encrypted_media:      "encrypted-media",
+      fullscreen:           "fullscreen",
+      geolocation:          "geolocation",
+      gyroscope:            "gyroscope",
+      hid:                  "hid",
+      idle_detection:       "idle-detection",
+      keyboard_map:         "keyboard-map",
+      magnetometer:         "magnetometer",
+      microphone:           "microphone",
+      midi:                 "midi",
+      payment:              "payment",
+      picture_in_picture:   "picture-in-picture",
+      screen_wake_lock:     "screen-wake-lock",
+      serial:               "serial",
+      sync_xhr:             "sync-xhr",
+      usb:                  "usb",
+      web_share:            "web-share",
+    }.freeze
+    private_constant :MAPPINGS, :DIRECTIVES
+    attr_reader :directives
+    def initialize
+      @directives = {}
+      yield self if block_given?
+    end
+    def initialize_copy(other)
+      @directives = other.directives.deep_dup
+    end
+    DIRECTIVES.each do |name, directive|
+      define_method(name) do |*sources|
+        if sources.first
+          @directives[directive] = apply_mappings(sources)
+        else
+          @directives.delete(directive)
+        end
+      end
+    end
+    def build(context = nil)
+      build_directives(context).compact.join("; ")
+    end
+    private
+      def apply_mappings(sources)
+        sources.map do |source|
+          case source
+          when Symbol
+            apply_mapping(source)
+          when String, Proc
+            source
+          else
+            raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}"
+          end
+        end
+      end
+      def apply_mapping(source)
+        MAPPINGS.fetch(source) do
+          raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}"
+        end
+      end
+      def build_directives(context)
+        @directives.map do |directive, sources|
+          if sources.is_a?(Array)
+            "#{directive} #{build_directive(sources, context).join(' ')}"
+          elsif sources
+            directive
+          else
+            nil
+          end
+        end
+      end
+      def build_directive(sources, context)
+        sources.map { |source| resolve_source(source, context) }
+      end
+      def resolve_source(source, context)
+        case source
+        when String
+          source
+        when Symbol
+          source.to_s
+        when Proc
+          if context.nil?
+            raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}"
+          else
+            context.instance_exec(&source)
+          end
+        else
+          raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}"
+        end
+      end
+  end
+end

data/lib/action_dispatch/http/rack_cache.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+# :enddoc:
+# :markup: markdown
+require "rack/cache"
+require "rack/cache/context"
+require "active_support/cache"
+module ActionDispatch
+  class RailsMetaStore < Rack::Cache::MetaStore
+    def self.resolve(uri)
+      new
+    end
+    def initialize(store = Rails.cache)
+      @store = store
+    end
+    def read(key)
+      if data = @store.read(key)
+        Marshal.load(data)
+      else
+        []
+      end
+    end
+    def write(key, value)
+      @store.write(key, Marshal.dump(value))
+    end
+    ::Rack::Cache::MetaStore::RAILS = self
+  end
+  class RailsEntityStore < Rack::Cache::EntityStore
+    def self.resolve(uri)
+      new
+    end
+    def initialize(store = Rails.cache)
+      @store = store
+    end
+    def exist?(key)
+      @store.exist?(key)
+    end
+    def open(key)
+      @store.read(key)
+    end
+    def read(key)
+      body = open(key)
+      body.join if body
+    end
+    def write(body)
+      buf = []
+      key, size = slurp(body) { |part| buf << part }
+      @store.write(key, buf)
+      [key, size]
+    end
+    ::Rack::Cache::EntityStore::RAILS = self
+  end
+end