sinatra 2.0.0.rc2 → 2.0.0.rc5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fd75c727db7b65c390511a4adeb420a6d8a93e18
-  data.tar.gz: a0be265c79512e4f331270bf1fb71af08a06ee1f
+  metadata.gz: d2244e3562cbc37fb6ff2e06c56844417a7b0fb6
+  data.tar.gz: 06dd9dc2c62f8ac778dcb8e6cbe63bf76a5fa4d3
 SHA512:
-  metadata.gz: f6de783030b6c39cd7d3f0bab6dc7789fc83d714c41f52f89a953014798dfcf4d8c98565a2df4ac53165d077a98c3431b448a89754a7b3a6d029eb83415df5c2
-  data.tar.gz: 3bc6a1b14338af6e723bbdd07dd22ffed9058def429183be213df539cf5b3ec04bb021eb40adae0f66266c8883a827963e42f118ea8eeb4d16f65765111a1909
+  metadata.gz: cbbb5659a7e65970843c4ec9c890c3a42f3e5ac342ef56125e820fefb447a08d799f3f819eaf1da9a49723b86e4059ee1ae8c4f078d8f7d61838b1728bdabdd7
+  data.tar.gz: 3dd1a518d8de680db95f3b84151793404cc042cc40d4db910e3193eaec2b3fedf8fca1e71802fae866bc7e5173502ad32dd4eb2c0fffa81988c5e2e789d82c4c

data/CHANGELOG.md

@@ -1,4 +1,4 @@
-## 2.0.0 / 2016-08-22
+## 2.0.0 / 2017-04-10
 
  * Use Mustermann for patterns #1086 by Konstantin Haase
 
@@ -36,6 +36,32 @@
 
  * Use same `session_secret` for classic and modular apps in development #1245 by Marcus Stollsteimer
 
+ * Make authenticity token length a fixed value of 32 #1181 by Jordan Owens
+
+ * Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3 Directives #1202 by Glenn Rempe
+
+ * Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson
+
+ * Improve BadRequest logic. Raise and handle exceptions if status is 400 #1212 by Mike Pastore
+
+ * Make Rack::Test a development dependency #1232 by Mike Pastore
+
+ * Capture exception messages of raised NotFound and BadRequest #1210 by Mike Pastore
+
+ * Add explicit set method to contrib/cookies to override cookie settings #1240 by Andrew Allen
+
+ * Avoid executing filters even if prefix matches with other namespace #1253 by namusyaka
+
+ * Make `#has_key?` also indifferent in access, can accept String or Symbol #1262 by John Hope
+
+ * Add `allow_if` option to bypass json csrf protection #1265 by Jordan Owens
+
+ * rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by Mike Pastore
+
+ * Add `:strict_paths` option for managing trailing slashes #1273 by namusyaka
+
+ * Add full IndifferentHash implementation to params #1279 by Mike Pastore
+
 ## 1.4.7 / 2016-01-24
 
  * Add Ashley Williams, Trevor Bramble, and Kashyap Kondamudi to team Sinatra.

data/Gemfile

@@ -14,6 +14,7 @@ gem 'rake'
 gem 'rack', git: 'https://github.com/rack/rack.git'
 gem 'rack-test', '>= 0.6.2'
 gem "minitest", "~> 5.0"
+gem 'yard'
 
 gem "rack-protection", path: "rack-protection"
 gem "sinatra-contrib", path: "sinatra-contrib"

data/Rakefile

@@ -9,10 +9,7 @@ task :spec => :test
 CLEAN.include "**/*.rbc"
 
 def source_version
-  @source_version ||= begin
-    load './lib/sinatra/version.rb'
-    Sinatra::VERSION
-  end
+  @source_version ||= File.read(File.expand_path("../VERSION", __FILE__)).strip
 end
 
 def prev_feature
@@ -92,7 +89,7 @@ end
 
 team = ["Ryan Tomayko", "Blake Mizerany", "Simon Rozet", "Konstantin Haase", "Zachary Scott"]
 desc "list of contributors"
-task :thanks, [:release,:backports] do |t, a|
+task :thanks, ['release:all', :backports] do |t, a|
   a.with_defaults :release => "#{prev_version}..HEAD",
     :backports => "#{prev_feature}.0..#{prev_feature}.x"
   included = `git log --format=format:"%aN\t%s" #{a.release}`.lines.map { |l| l.force_encoding('binary') }
@@ -141,54 +138,86 @@ end
 # PACKAGING ============================================================
 
 if defined?(Gem)
-  # Load the gemspec using the same limitations as github
-  def spec
-    require 'rubygems' unless defined? Gem::Specification
-    @spec ||= eval(File.read('sinatra.gemspec'))
+  GEMS_AND_ROOT_DIRECTORIES = {
+    "sinatra" => ".",
+    "sinatra-contrib" => "./sinatra-contrib",
+    "rack-protection" => "./rack-protection"
+  }
+
+  def package(gem, ext='')
+    "pkg/#{gem}-#{source_version}" + ext
   end
 
-  def package(ext='')
-    "pkg/sinatra-#{spec.version}" + ext
-  end
+  directory 'pkg/'
+  CLOBBER.include('pkg')
 
-  desc 'Build packages'
-  task :package => %w[.gem .tar.gz].map {|e| package(e)}
+  GEMS_AND_ROOT_DIRECTORIES.each do |gem, directory|
+    file package(gem, '.gem') => ["pkg/", "#{directory + '/' + gem}.gemspec"] do |f|
+      sh "cd #{directory} && gem build #{gem}.gemspec"
+      mv directory + "/" + File.basename(f.name), f.name
+    end
 
-  desc 'Build and install as local gem'
-  task :install => package('.gem') do
-    sh "gem install #{package('.gem')}"
+    file package(gem, '.tar.gz') => ["pkg/"] do |f|
+      sh <<-SH
+        git archive \
+          --prefix=#{gem}-#{source_version}/ \
+          --format=tar \
+          HEAD -- #{directory} | gzip > #{f.name}
+      SH
+    end
   end
 
-  directory 'pkg/'
-  CLOBBER.include('pkg')
+  namespace :package do
+    GEMS_AND_ROOT_DIRECTORIES.each do |gem, directory|
+      desc "Build #{gem} packages"
+      task gem => %w[.gem .tar.gz].map { |e| package(gem, e) }
+    end
 
-  file package('.gem') => %w[pkg/ sinatra.gemspec] + spec.files do |f|
-    sh "gem build sinatra.gemspec"
-    mv File.basename(f.name), f.name
+    desc "Build all packages"
+    task :all => GEMS_AND_ROOT_DIRECTORIES.keys
   end
 
-  file package('.tar.gz') => %w[pkg/] + spec.files do |f|
-    sh <<-SH
-      git archive \
-        --prefix=sinatra-#{source_version}/ \
-        --format=tar \
-        HEAD | gzip > #{f.name}
-    SH
+  namespace :install do
+    GEMS_AND_ROOT_DIRECTORIES.each do |gem, directory|
+      desc "Build and install #{gem} as local gem"
+      task gem => package(gem, '.gem') do
+        sh "gem install #{package(gem, '.gem')}"
+      end
+    end
+
+    desc "Build and install all of the gems as local gems"
+    task :all => GEMS_AND_ROOT_DIRECTORIES.keys
   end
 
-  task 'release' => ['test', package('.gem')] do
-    if File.binread("CHANGELOG.md") =~ /= \d\.\d\.\d . not yet released$/i
-      fail 'please update the changelog first' unless %x{git symbolic-ref HEAD} == "refs/heads/prerelease\n"
+  namespace :release do
+    GEMS_AND_ROOT_DIRECTORIES.each do |gem, directory|
+      desc "Release #{gem} as a package"
+      task gem => "package:#{gem}" do
+        sh <<-SH
+          gem install #{package(gem, '.gem')} --local &&
+          gem push #{package(gem, '.gem')}
+        SH
+      end
+    end
+
+    desc "Commits the version to github repository"
+    task :commit_version do
+      sh <<-SH
+        sed -i "s/.*VERSION.*/  VERSION = '#{source_version}'/" lib/sinatra/version.rb
+        sed -i "s/.*VERSION.*/    VERSION = '#{source_version}'/" sinatra-contrib/lib/sinatra/contrib/version.rb
+        sed -i "s/.*VERSION.*/    VERSION = '#{source_version}'/" rack-protection/lib/rack/protection/version.rb
+      SH
+
+      sh <<-SH
+        git commit --allow-empty -a -m '#{source_version} release'  &&
+        git tag -s v#{source_version} -m '#{source_version} release'  &&
+        git tag -s #{source_version} -m '#{source_version} release' &&
+        git push && (git push origin || true) &&
+        git push --tags && (git push origin --tags || true)
+      SH
     end
 
-    sh <<-SH
-      gem install #{package('.gem')} --local &&
-      gem push #{package('.gem')}  &&
-      git commit --allow-empty -a -m '#{source_version} release'  &&
-      git tag -s v#{source_version} -m '#{source_version} release'  &&
-      git tag -s #{source_version} -m '#{source_version} release'  &&
-      git push && (git push sinatra || true) &&
-      git push --tags && (git push sinatra --tags || true)
-    SH
+    desc "Release all gems as packages"
+    task :all => [:test, :commit_version] + GEMS_AND_ROOT_DIRECTORIES.keys
   end
 end

data/lib/sinatra/base.rb

@@ -15,6 +15,7 @@ require 'time'
 require 'uri'
 
 # other files we need
+require 'sinatra/indifferent_hash'
 require 'sinatra/show_exceptions'
 require 'sinatra/version'
 
@@ -240,18 +241,6 @@ module Sinatra
     def http_status; 404 end
   end
 
-  class IndifferentHash < Hash
-    def [](key)
-      value = super(key)
-      return super(key.to_s) if value.nil? && Symbol === key
-      value
-    end
-
-    def has_key?(key)
-      super(key) || (Symbol === key && super(key.to_s))
-    end
-  end
-
   # Methods available to routes, before/after filters, and views.
   module Helpers
     # Set or retrieve the response status code.
@@ -1029,6 +1018,7 @@ module Sinatra
     def process_route(pattern, conditions, block = nil, values = [])
       route = @request.path_info
       route = '/' if route.empty? and not settings.empty_path_info?
+      route = route[0..-2] if !settings.strict_paths? && route != '/' && route.end_with?('/')
       return unless params = pattern.params(route)
 
       params.delete("ignore") # TODO: better params handling, maybe turn it into "smart" object or detect changes
@@ -1078,20 +1068,6 @@ module Sinatra
       send_file path, options.merge(:disposition => nil)
     end
 
-    # Enable string or symbol key access to the nested params hash.
-    def indifferent_params(object)
-      case object
-      when Hash
-        new_hash = IndifferentHash.new
-        object.each { |key, value| new_hash[key] = indifferent_params(value) }
-        new_hash
-      when Array
-        object.map { |item| indifferent_params(item) }
-      else
-        object
-      end
-    end
-
     # Run the block with 'throw :halt' support and apply result to the response.
     def invoke
       res = catch(:halt) { yield }
@@ -1110,8 +1086,7 @@ module Sinatra
 
     # Dispatch a request with error handling.
     def dispatch!
-      @params = indifferent_params(@request.params)
-      force_encoding(@params)
+      force_encoding(@params = IndifferentHash[@request.params])
 
       invoke do
         static! if settings.static? && (request.get? || request.head?)
@@ -1845,6 +1820,7 @@ module Sinatra
     set :absolute_redirects, true
     set :prefixed_redirects, false
     set :empty_path_info, nil
+    set :strict_paths, true
 
     set :app_file, nil
     set :root, Proc.new { app_file && File.expand_path(File.dirname(app_file)) }

data/lib/sinatra/indifferent_hash.rb

@@ -0,0 +1,150 @@
+# frozen_string_literal: true
+module Sinatra
+  # A poor man's ActiveSupport::HashWithIndifferentAccess, with all the Rails-y
+  # stuff removed.
+  #
+  # Implements a hash where keys <tt>:foo</tt> and <tt>"foo"</tt> are
+  # considered to be the same.
+  #
+  #   rgb = Sinatra::IndifferentHash.new
+  #
+  #   rgb[:black]    =  '#000000' # symbol assignment
+  #   rgb[:black]  # => '#000000' # symbol retrieval
+  #   rgb['black'] # => '#000000' # string retrieval
+  #
+  #   rgb['white']   =  '#FFFFFF' # string assignment
+  #   rgb[:white]  # => '#FFFFFF' # symbol retrieval
+  #   rgb['white'] # => '#FFFFFF' # string retrieval
+  #
+  # Internally, symbols are mapped to strings when used as keys in the entire
+  # writing interface (calling e.g. <tt>[]=</tt>, <tt>merge</tt>). This mapping
+  # belongs to the public interface. For example, given:
+  #
+  #   hash = Sinatra::IndifferentHash.new(:a=>1)
+  #
+  # You are guaranteed that the key is returned as a string:
+  #
+  #   hash.keys # => ["a"]
+  #
+  # Technically other types of keys are accepted:
+  #
+  #   hash = Sinatra::IndifferentHash.new(:a=>1)
+  #   hash[0] = 0
+  #   hash # => { "a"=>1, 0=>0 }
+  #
+  # But this class is intended for use cases where strings or symbols are the
+  # expected keys and it is convenient to understand both as the same. For
+  # example the +params+ hash in Sinatra.
+  class IndifferentHash < Hash
+    def self.[](*args)
+      new.merge!(Hash[*args])
+    end
+
+    def initialize(*args)
+      super(*args.map(&method(:convert_value)))
+    end
+
+    def default(*args)
+      super(*args.map(&method(:convert_key)))
+    end
+
+    def default=(value)
+      super(convert_value(value))
+    end
+
+    def assoc(key)
+      super(convert_key(key))
+    end
+
+    def rassoc(value)
+      super(convert_value(value))
+    end
+
+    def fetch(key, *args)
+      super(convert_key(key), *args.map(&method(:convert_value)))
+    end
+
+    def [](key)
+      super(convert_key(key))
+    end
+
+    def []=(key, value)
+      super(convert_key(key), convert_value(value))
+    end
+
+    alias_method :store, :[]=
+
+    def key(value)
+      super(convert_value(value))
+    end
+
+    def key?(key)
+      super(convert_key(key))
+    end
+
+    alias_method :has_key?, :key?
+    alias_method :include?, :key?
+    alias_method :member?, :key?
+
+    def value?(value)
+      super(convert_value(value))
+    end
+
+    alias_method :has_value?, :value?
+
+    def delete(key)
+      super(convert_key(key))
+    end
+
+    def dig(key, *other_keys)
+      super(convert_key(key), *other_keys)
+    end if method_defined?(:dig) # Added in Ruby 2.3
+
+    def fetch_values(*keys)
+      super(*keys.map(&method(:convert_key)))
+    end if method_defined?(:fetch_values) # Added in Ruby 2.3
+
+    def values_at(*keys)
+      super(*keys.map(&method(:convert_key)))
+    end
+
+    def merge!(other_hash)
+      return super if other_hash.is_a?(self.class)
+
+      other_hash.each_pair do |key, value|
+        key = convert_key(key)
+        value = yield(key, self[key], value) if block_given? && key?(key)
+        self[key] = convert_value(value)
+      end
+
+      self
+    end
+
+    alias_method :update, :merge!
+
+    def merge(other_hash, &block)
+      dup.merge!(other_hash, &block)
+    end
+
+    def replace(other_hash)
+      super(other_hash.is_a?(self.class) ? other_hash : self.class[other_hash])
+    end
+
+    private
+
+    def convert_key(key)
+      key.is_a?(Symbol) ? key.to_s : key
+    end
+
+    def convert_value(value)
+      case value
+      when Hash
+        value.is_a?(self.class) ? value : self.class[value]
+      when Array
+        value.map(&method(:convert_value))
+      else
+        value
+      end
+    end
+  end
+end

data/lib/sinatra/version.rb

@@ -1,3 +1,3 @@
 module Sinatra
-  VERSION = '2.0.0.rc2'
+  VERSION = '2.0.0.rc5'
 end

data/sinatra.gemspec

@@ -1,7 +1,6 @@
-$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
-require 'sinatra/version'
+version = File.read(File.expand_path("../VERSION", __FILE__)).strip
 
-Gem::Specification.new 'sinatra', Sinatra::VERSION do |s|
+Gem::Specification.new 'sinatra', version do |s|
   s.description       = "Sinatra is a DSL for quickly creating web applications in Ruby with minimal effort."
   s.summary           = "Classy web-development dressed in a DSL"
   s.authors           = ["Blake Mizerany", "Ryan Tomayko", "Simon Rozet", "Konstantin Haase"]
@@ -27,6 +26,6 @@ Gem::Specification.new 'sinatra', Sinatra::VERSION do |s|
 
   s.add_dependency 'rack', '~> 2.0'
   s.add_dependency 'tilt', '~> 2.0'
-  s.add_dependency 'rack-protection', '2.0.0.rc2'
-  s.add_dependency 'mustermann',  '1.0.0'
+  s.add_dependency 'rack-protection', version
+  s.add_dependency 'mustermann', '~> 1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra
 version: !ruby/object:Gem::Version
-  version: 2.0.0.rc2
+  version: 2.0.0.rc5
 platform: ruby
 authors:
 - Blake Mizerany
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-19 00:00:00.000000000 Z
+date: 2017-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -47,28 +47,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.0.rc2
+        version: 2.0.0.rc5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.0.0.rc2
+        version: 2.0.0.rc5
 - !ruby/object:Gem::Dependency
   name: mustermann
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.0'
 description: Sinatra is a DSL for quickly creating web applications in Ruby with minimal
   effort.
 email: sinatrarb@googlegroups.com
@@ -115,6 +115,7 @@ files:
 - lib/sinatra/base.rb
 - lib/sinatra/images/404.png
 - lib/sinatra/images/500.png
+- lib/sinatra/indifferent_hash.rb
 - lib/sinatra/main.rb
 - lib/sinatra/show_exceptions.rb
 - lib/sinatra/version.rb
@@ -146,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: Classy web-development dressed in a DSL