rack 2.0.1 → 2.2.17

data/Rakefile

@@ -1,7 +1,10 @@
-# Rakefile for Rack.  -*-ruby-*-
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
 
 desc "Run all the tests"
-task :default => [:test]
+task default: :test
 
 desc "Install gem dependencies"
 task :deps do
@@ -16,9 +19,9 @@ task :deps do
 end
 
 desc "Make an archive as .tar.gz"
-task :dist => %w[chmod ChangeLog SPEC rdoc] do
+task dist: %w[chmod changelog spec rdoc] do
   sh "git archive --format=tar --prefix=#{release}/ HEAD^{tree} >#{release}.tar"
-  sh "pax -waf #{release}.tar -s ':^:#{release}/:' SPEC ChangeLog doc rack.gemspec"
+  sh "pax -waf #{release}.tar -s ':^:#{release}/:' SPEC.rdoc ChangeLog doc rack.gemspec"
   sh "gzip -f -9 #{release}.tar"
 end
 
@@ -31,12 +34,12 @@ task :officialrelease do
   sh "mv stage/#{release}.tar.gz stage/#{release}.gem ."
 end
 
-task :officialrelease_really => %w[SPEC dist gem] do
+task officialrelease_really: %w[spec dist gem] do
   sh "shasum #{release}.tar.gz #{release}.gem"
 end
 
 def release
-  "rack-" + File.read('lib/rack.rb')[/RELEASE += +([\"\'])([\d][\w\.]+)\1/, 2]
+  "rack-" + File.read('lib/rack/version.rb')[/RELEASE += +([\"\'])([\d][\w\.]+)\1/, 2]
 end
 
 desc "Make binaries executable"
@@ -46,7 +49,7 @@ task :chmod do
 end
 
 desc "Generate a ChangeLog"
-task :changelog => %w[ChangeLog]
+task changelog: "ChangeLog"
 
 file '.git/index'
 file "ChangeLog" => '.git/index' do
@@ -68,48 +71,59 @@ file "ChangeLog" => '.git/index' do
   }
 end
 
-file 'lib/rack/lint.rb'
 desc "Generate Rack Specification"
-file "SPEC" => 'lib/rack/lint.rb' do
-  File.open("SPEC", "wb") { |file|
+task spec: "SPEC.rdoc"
+
+file 'lib/rack/lint.rb'
+file "SPEC.rdoc" => 'lib/rack/lint.rb' do
+  File.open("SPEC.rdoc", "wb") { |file|
     IO.foreach("lib/rack/lint.rb") { |line|
-      if line =~ /## (.*)/
+      if line =~ /^\s*## ?(.*)/
         file.puts $1
       end
     }
   }
 end
 
-desc "Run all the fast + platform agnostic tests"
-task :test => 'SPEC' do
-  opts     = ENV['TEST'] || ''
-  specopts = ENV['TESTOPTS']
+Rake::TestTask.new("test:regular") do |t|
+  t.libs << "test"
+  t.test_files = FileList["test/**/*_test.rb", "test/**/spec_*.rb", "test/gemloader.rb"]
+  t.warning = false
+  t.verbose = true
+end
 
-  sh "ruby -I./lib:./test -S minitest #{opts} #{specopts} test/gemloader.rb test/spec*.rb"
+desc "Run tests with coverage"
+task "test_cov" do
+  ENV['COVERAGE'] = '1'
+  Rake::Task['test:regular'].invoke
 end
 
+desc "Run all the fast + platform agnostic tests"
+task test: %w[spec test:regular]
+
 desc "Run all the tests we run on CI"
-task :ci => :test
+task ci: :test
 
-task :gem => ["SPEC"] do
+task gem: :spec do
   sh "gem build rack.gemspec"
 end
 
-task :doc => :rdoc
+task doc: :rdoc
+
 desc "Generate RDoc documentation"
-task :rdoc => %w[ChangeLog SPEC] do
+task rdoc: %w[changelog spec] do
   sh(*%w{rdoc --line-numbers --main README.rdoc
               --title 'Rack\ Documentation' --charset utf-8 -U -o doc} +
-              %w{README.rdoc KNOWN-ISSUES SPEC ChangeLog} +
+              %w{README.rdoc KNOWN-ISSUES SPEC.rdoc ChangeLog} +
               `git ls-files lib/\*\*/\*.rb`.strip.split)
   cp "contrib/rdoc.css", "doc/rdoc.css"
 end
 
-task :pushdoc => %w[rdoc] do
+task pushdoc: :rdoc do
   sh "rsync -avz doc/ rack.rubyforge.org:/var/www/gforge-projects/rack/doc/"
 end
 
-task :pushsite => %w[pushdoc] do
+task pushsite: :pushdoc do
   sh "cd site && git gc"
   sh "rsync -avz site/ rack.rubyforge.org:/var/www/gforge-projects/rack/"
   sh "cd site && git push"

data/{SPEC → SPEC.rdoc}

@@ -1,5 +1,6 @@
 This specification aims to formalize the Rack protocol.  You
 can (and should) use Rack::Lint to enforce it.
+
 When you develop middleware, be sure to add a Lint before and
 after to catch all mistakes.
 = Rack applications
@@ -11,9 +12,10 @@ The *status*,
 the *headers*,
 and the *body*.
 == The Environment
-The environment must be an instance of Hash that includes
+The environment must be an unfrozen instance of Hash that includes
 CGI-like headers.  The application is free to modify the
 environment.
+
 The environment is required to include these variables
 (adopted from PEP333), except when they'd be empty, but see
 below.
@@ -40,17 +42,18 @@ below.
 <tt>QUERY_STRING</tt>:: The portion of the request URL that
                         follows the <tt>?</tt>, if any. May be
                         empty, but is always required!
-<tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
-                       When combined with <tt>SCRIPT_NAME</tt> and
+<tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
                        <tt>PATH_INFO</tt>, these variables can be
                        used to complete the URL. Note, however,
                        that <tt>HTTP_HOST</tt>, if present,
                        should be used in preference to
                        <tt>SERVER_NAME</tt> for reconstructing
                        the request URL.
-                       <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
-                       can never be empty strings, and so
-                       are always required.
+                       <tt>SERVER_NAME</tt> can never be an empty
+                       string, and so is always required.
+<tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
+                       server is running on. Should be specified if
+                       the server is running on a non-standard port.
 <tt>HTTP_</tt> Variables:: Variables corresponding to the
                            client-supplied HTTP request
                            headers (i.e., variables whose
@@ -60,9 +63,8 @@ below.
                            the presence or absence of the
                            appropriate HTTP header in the
                            request. See
-                           {https://tools.ietf.org/html/rfc3875#section-4.1.18
-                           RFC3875 section 4.1.18} for
-                           specific behavior.
+                           {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
+                           for specific behavior.
 In addition to this, the Rack environment must include these
 Rack-specific variables:
 <tt>rack.version</tt>:: The Array representing this version of Rack
@@ -98,12 +100,14 @@ Rack-specific variables:
 Additional environment specifications have approved to
 standardized middleware APIs.  None of these are required to
 be implemented by the server.
-<tt>rack.session</tt>:: A hash like interface for storing request session data.
+<tt>rack.session</tt>:: A hash like interface for storing
+                        request session data.
                         The store must implement:
-                         store(key, value)         (aliased as []=);
-                         fetch(key, default = nil) (aliased as []);
-                         delete(key);
-                         clear;
+                        store(key, value)         (aliased as []=);
+                        fetch(key, default = nil) (aliased as []);
+                        delete(key);
+                        clear;
+                        to_hash (returning unfrozen Hash instance);
 <tt>rack.logger</tt>:: A common object interface for logging messages.
                        The object must implement:
                         info(message, &block)
@@ -118,10 +122,16 @@ environment, too.  The keys must contain at least one dot,
 and should be prefixed uniquely.  The prefix <tt>rack.</tt>
 is reserved for use with the Rack core distribution and other
 accepted specifications and must not be used otherwise.
+
+The <tt>SERVER_PORT</tt> must be an Integer if set.
+The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
+The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
 The environment must not contain the keys
 <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
 (use the versions without <tt>HTTP_</tt>).
 The CGI keys (named without a period) must have String values.
+If the string values for CGI keys contain non-ASCII characters,
+they should use ASCII-8BIT encoding.
 There are the following restrictions:
 * <tt>rack.version</tt> must be an array of Integers.
 * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
@@ -137,6 +147,7 @@ There are the following restrictions:
   <tt>SCRIPT_NAME</tt> is empty.
   <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
 === The Input Stream
+
 The input stream is an IO-like object which contains the raw HTTP
 POST data.
 When applicable, its external encoding must be "ASCII-8BIT" and it
@@ -146,14 +157,19 @@ The input stream must respond to +gets+, +each+, +read+ and +rewind+.
   or +nil+ on EOF.
 * +read+ behaves like IO#read.
   Its signature is <tt>read([length, [buffer]])</tt>.
+
   If given, +length+ must be a non-negative Integer (>= 0) or +nil+,
   and +buffer+ must be a String and may not be nil.
+
   If +length+ is given and not nil, then this method reads at most
   +length+ bytes from the input stream.
+
   If +length+ is not given or nil, then this method reads
   all data until EOF.
+
   When EOF is reached, this method returns nil if +length+ is given
   and not nil, or "" if +length+ is not given or is nil.
+
   If +buffer+ is given, then the read data will be placed
   into +buffer+ instead of a newly created String object.
 * +each+ must be called without arguments and only yield Strings.
@@ -175,16 +191,20 @@ The error stream must respond to +puts+, +write+ and +flush+.
 If rack.hijack? is true then rack.hijack must respond to #call.
 rack.hijack must return the io that will also be assigned (or is
 already present, in rack.hijack_io.
+
 rack.hijack_io must respond to:
 <tt>read, write, read_nonblock, write_nonblock, flush, close,
 close_read, close_write, closed?</tt>
+
 The semantics of these IO methods must be a best effort match to
 those of a normal ruby IO or Socket object, using standard
 arguments and raising standard exceptions. Servers are encouraged
 to simply pass on real IO objects, although it is recognized that
 this approach is not directly compatible with SPDY and HTTP 2.0.
+
 IO provided in rack.hijack_io should preference the
 IO::WaitReadable and IO::WaitWritable APIs wherever supported.
+
 There is a deliberate lack of full specification around
 rack.hijack_io, as semantics will change from server to server.
 Users are encouraged to utilize this API with a knowledge of their
@@ -192,7 +212,9 @@ server choice, and servers may extend the functionality of
 hijack_io to provide additional features to users. The purpose of
 rack.hijack is for Rack to "get out of the way", as such, Rack only
 provides the minimum of specification and support.
+
 If rack.hijack? is false, then rack.hijack should not be set.
+
 If rack.hijack? is false, then rack.hijack_io should not be set.
 ==== Response (after headers)
 It is also possible to hijack a response after the status and headers
@@ -201,6 +223,7 @@ In order to do this, an application may set the special header
 <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
 accepting an argument that conforms to the <tt>rack.hijack_io</tt>
 protocol.
+
 After the headers have been sent, and this hijack callback has been
 called, the application is now responsible for the remaining lifecycle
 of the IO. The application is also responsible for maintaining HTTP
@@ -209,8 +232,10 @@ applications will have wanted to specify the header Connection:close in
 HTTP/1.1, and not Connection:keep-alive, as there is no protocol for
 returning hijacked sockets to the web server. For that purpose, use the
 body streaming API instead (progressively yielding strings via each).
+
 Servers must ignore the <tt>body</tt> part of the response tuple when
 the <tt>rack.hijack</tt> response API is in use.
+
 The special response header <tt>rack.hijack</tt> must only be set
 if the request env has <tt>rack.hijack?</tt> <tt>true</tt>.
 ==== Conventions
@@ -225,9 +250,9 @@ This is an HTTP status. When parsed as integer (+to_i+), it must be
 greater than or equal to 100.
 === The Headers
 The header must respond to +each+, and yield values of key and value.
+The header keys must be Strings.
 Special headers starting "rack." are for communicating with the
 server, and must not be sent back to the client.
-The header keys must be Strings.
 The header must not contain a +Status+ key.
 The header must conform to RFC7230 token specification, i.e. cannot
 contain non-printable ASCII, DQUOTE or "(),/:;<=>?@[\]{}".
@@ -237,23 +262,27 @@ consisting of lines (for multiple header values, e.g. multiple
 The lines must not contain characters below 037.
 === The Content-Type
 There must not be a <tt>Content-Type</tt>, when the +Status+ is 1xx,
-204, 205 or 304.
+204 or 304.
 === The Content-Length
 There must not be a <tt>Content-Length</tt> header when the
-+Status+ is 1xx, 204, 205 or 304.
++Status+ is 1xx, 204 or 304.
 === The Body
 The Body must respond to +each+
 and must only yield String values.
+
 The Body itself should not be an instance of String, as this will
 break in Ruby 1.9.
+
 If the Body responds to +close+, it will be called after iteration. If
 the body is replaced by a middleware after action, the original body
 must be closed first, if it responds to close.
+
 If the Body responds to +to_path+, it must return a String
 identifying the location of a file whose contents are identical
 to that produced by calling +each+; this may be used by the
 server as an alternative, possibly more efficient way to
 transport the response.
+
 The Body commonly is an Array of Strings, the application
 instance itself, or a File-like object.
 == Thanks

data/bin/rackup

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require "rack"
 Rack::Server.start

data/example/lobster.ru

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack/lobster'
 
 use Rack::ShowExceptions

data/example/protectedlobster.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack'
 require 'rack/lobster'
 
@@ -11,4 +13,4 @@ protected_lobster.realm = 'Lobster 2.0'
 
 pretty_protected_lobster = Rack::ShowStatus.new(Rack::ShowExceptions.new(protected_lobster))
 
-Rack::Server.start :app => pretty_protected_lobster, :Port => 9292
+Rack::Server.start app: pretty_protected_lobster, Port: 9292

data/example/protectedlobster.ru

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rack/lobster'
 
 use Rack::ShowExceptions

data/lib/rack/auth/abstract/handler.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Auth
     # Rack::Auth::AbstractHandler implements common authentication functionality.
@@ -8,7 +10,7 @@ module Rack
 
       attr_accessor :realm
 
-      def initialize(app, realm=nil, &authenticator)
+      def initialize(app, realm = nil, &authenticator)
         @app, @realm, @authenticator = app, realm, authenticator
       end
 

data/lib/rack/auth/abstract/request.rb

@@ -1,4 +1,4 @@
-require 'rack/request'
+# frozen_string_literal: true
 
 module Rack
   module Auth

data/lib/rack/auth/basic.rb

@@ -1,5 +1,7 @@
-require 'rack/auth/abstract/handler'
-require 'rack/auth/abstract/request'
+# frozen_string_literal: true
+
+require_relative 'abstract/handler'
+require_relative 'abstract/request'
 
 module Rack
   module Auth
@@ -41,11 +43,11 @@ module Rack
 
       class Request < Auth::AbstractRequest
         def basic?
-          "basic" == scheme
+          "basic" == scheme && credentials.length == 2
         end
 
         def credentials
-          @credentials ||= params.unpack("m*").first.split(/:/, 2)
+          @credentials ||= params.unpack("m").first.split(':', 2)
         end
 
         def username

data/lib/rack/auth/digest/md5.rb

@@ -1,7 +1,9 @@
-require 'rack/auth/abstract/handler'
-require 'rack/auth/digest/request'
-require 'rack/auth/digest/params'
-require 'rack/auth/digest/nonce'
+# frozen_string_literal: true
+
+require_relative '../abstract/handler'
+require_relative 'request'
+require_relative 'params'
+require_relative 'nonce'
 require 'digest/md5'
 
 module Rack
@@ -21,7 +23,7 @@ module Rack
 
         attr_writer :passwords_hashed
 
-        def initialize(app, realm=nil, opaque=nil, &authenticator)
+        def initialize(app, realm = nil, opaque = nil, &authenticator)
           @passwords_hashed = nil
           if opaque.nil? and realm.respond_to? :values_at
             realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed
@@ -47,7 +49,7 @@ module Rack
 
           if valid?(auth)
             if auth.nonce.stale?
-              return unauthorized(challenge(:stale => true))
+              return unauthorized(challenge(stale: true))
             else
               env['REMOTE_USER'] = auth.username
 
@@ -61,7 +63,7 @@ module Rack
 
         private
 
-        QOP = 'auth'.freeze
+        QOP = 'auth'
 
         def params(hash = {})
           Params.new do |params|
@@ -106,21 +108,21 @@ module Rack
         alias :H :md5
 
         def KD(secret, data)
-          H([secret, data] * ':')
+          H "#{secret}:#{data}"
         end
 
         def A1(auth, password)
-          [ auth.username, auth.realm, password ] * ':'
+          "#{auth.username}:#{auth.realm}:#{password}"
         end
 
         def A2(auth)
-          [ auth.method, auth.uri ] * ':'
+          "#{auth.method}:#{auth.uri}"
         end
 
         def digest(auth, password)
           password_hash = passwords_hashed? ? password : H(A1(auth, password))
 
-          KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+          KD password_hash, "#{auth.nonce}:#{auth.nc}:#{auth.cnonce}:#{QOP}:#{H A2(auth)}"
         end
 
       end

data/lib/rack/auth/digest/nonce.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'digest/md5'
 
 module Rack
@@ -18,7 +20,7 @@ module Rack
         end
 
         def self.parse(string)
-          new(*string.unpack("m*").first.split(' ', 2))
+          new(*string.unpack("m").first.split(' ', 2))
         end
 
         def initialize(timestamp = Time.now, given_digest = nil)
@@ -26,11 +28,11 @@ module Rack
         end
 
         def to_s
-          [([ @timestamp, digest ] * ' ')].pack("m*").strip
+          ["#{@timestamp} #{digest}"].pack("m").strip
         end
 
         def digest
-          ::Digest::MD5.hexdigest([ @timestamp, self.class.private_key ] * ':')
+          ::Digest::MD5.hexdigest("#{@timestamp}:#{self.class.private_key}")
         end
 
         def valid?

data/lib/rack/auth/digest/params.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Auth
     module Digest
@@ -38,12 +40,12 @@ module Rack
 
         def to_s
           map do |k, v|
-            "#{k}=" << (UNQUOTED.include?(k) ? v.to_s : quote(v))
+            "#{k}=#{(UNQUOTED.include?(k) ? v.to_s : quote(v))}"
           end.join(', ')
         end
 
         def quote(str) # From WEBrick::HTTPUtils
-          '"' << str.gsub(/[\\\"]/o, "\\\1") << '"'
+          '"' + str.gsub(/[\\\"]/o, "\\\1") + '"'
         end
 
       end

data/lib/rack/auth/digest/request.rb

@@ -1,6 +1,8 @@
-require 'rack/auth/abstract/request'
-require 'rack/auth/digest/params'
-require 'rack/auth/digest/nonce'
+# frozen_string_literal: true
+
+require_relative '../abstract/request'
+require_relative 'params'
+require_relative 'nonce'
 
 module Rack
   module Auth

data/lib/rack/body_proxy.rb

@@ -1,19 +1,25 @@
+# frozen_string_literal: true
+
 module Rack
+  # Proxy for response bodies allowing calling a block when
+  # the response body is closed (after the response has been fully
+  # sent to the client).
   class BodyProxy
+    # Set the response body to wrap, and the block to call when the
+    # response has been fully sent.
     def initialize(body, &block)
       @body = body
       @block = block
       @closed = false
     end
 
-    def respond_to?(method_name, include_all=false)
-      case method_name
-      when :to_ary, 'to_ary'
-        return false
-      end
+    # Return whether the wrapped body responds to the method.
+    def respond_to_missing?(method_name, include_all = false)
       super or @body.respond_to?(method_name, include_all)
     end
 
+    # If not already closed, close the wrapped body and
+    # then call the block the proxy was initialized with.
     def close
       return if @closed
       @closed = true
@@ -24,21 +30,16 @@ module Rack
       end
     end
 
+    # Whether the proxy is closed.  The proxy starts as not closed,
+    # and becomes closed on the first call to close.
     def closed?
       @closed
     end
 
-    # N.B. This method is a special case to address the bug described by #434.
-    # We are applying this special case for #each only. Future bugs of this
-    # class will be handled by requesting users to patch their ruby
-    # implementation, to save adding too many methods in this class.
-    def each
-      @body.each { |body| yield body }
-    end
-
+    # Delegate missing methods to the wrapped body.
     def method_missing(method_name, *args, &block)
-      super if :to_ary == method_name
       @body.__send__(method_name, *args, &block)
     end
+    ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
   end
 end