Merge Session stuff into RackConvenience

6 files changed, 56 insertions, 73 deletions

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index ec64cc1a39..d24c01c983 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -26,7 +26,6 @@ module ActionController
     include ActionController::Compatibility
 
     include ActionController::Cookies
-    include ActionController::Session
     include ActionController::Flash
     include ActionController::Verification
     include ActionController::RequestForgeryProtection
diff --git a/actionpack/lib/action_controller/metal/flash.rb b/actionpack/lib/action_controller/metal/flash.rb
index ae343444e2..581ff6109e 100644
--- a/actionpack/lib/action_controller/metal/flash.rb
+++ b/actionpack/lib/action_controller/metal/flash.rb
@@ -28,8 +28,6 @@ module ActionController #:nodoc:
   module Flash
     extend ActiveSupport::Concern
 
-    include Session
-
     included do
       helper_method :alert, :notice
     end
@@ -155,7 +153,7 @@ module ActionController #:nodoc:
   def alert
     flash[:alert]
   end
-  
+
   # Convenience accessor for flash[:alert]=
   def alert=(message)
     flash[:alert] = message
@@ -165,7 +163,7 @@ module ActionController #:nodoc:
   def notice
     flash[:notice]
   end
-  
+
   # Convenience accessor for flash[:notice]=
   def notice=(message)
     flash[:notice] = message
@@ -193,11 +191,11 @@ module ActionController #:nodoc:
       if notice = response_status_and_flash.delete(:notice)
         flash[:notice] = notice
       end
-    
+
       if other_flashes = response_status_and_flash.delete(:flash)
         flash.update(other_flashes)
       end
-      
+
       super(options, response_status_and_flash)
     end
   end
diff --git a/actionpack/lib/action_controller/metal/rack_convenience.rb b/actionpack/lib/action_controller/metal/rack_convenience.rb
index 131d20114d..f0837c10e8 100644
--- a/actionpack/lib/action_controller/metal/rack_convenience.rb
+++ b/actionpack/lib/action_controller/metal/rack_convenience.rb
@@ -3,6 +3,7 @@ module ActionController
     extend ActiveSupport::Concern
 
     included do
+      delegate :session, :reset_session, :to => "@_request"
       delegate :headers, :status=, :location=, :content_type=,
                :status, :location, :content_type, :to => "@_response"
       attr_internal :request
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 173df79ee7..2826b1e34c 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -5,7 +5,7 @@ module ActionController #:nodoc:
   module RequestForgeryProtection
     extend ActiveSupport::Concern
 
-    include AbstractController::Helpers, Session
+    include AbstractController::Helpers
 
     included do
       # Sets the token parameter name for RequestForgery. Calling +protect_from_forgery+
@@ -19,31 +19,31 @@ module ActionController #:nodoc:
       helper_method :form_authenticity_token
       helper_method :protect_against_forgery?
     end
-    
-    # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current 
-    # web application, not a forged link from another site, is done by embedding a token based on a random 
+
+    # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current
+    # web application, not a forged link from another site, is done by embedding a token based on a random
     # string stored in the session (which an attacker wouldn't know) in all forms and Ajax requests generated
-    # by Rails and then verifying the authenticity of that token in the controller.  Only HTML/JavaScript 
-    # requests are checked, so this will not protect your XML API (presumably you'll have a different 
-    # authentication scheme there anyway).  Also, GET requests are not protected as these should be 
+    # by Rails and then verifying the authenticity of that token in the controller.  Only HTML/JavaScript
+    # requests are checked, so this will not protect your XML API (presumably you'll have a different
+    # authentication scheme there anyway).  Also, GET requests are not protected as these should be
     # idempotent anyway.
     #
     # This is turned on with the <tt>protect_from_forgery</tt> method, which will check the token and raise an
-    # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the 
+    # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the
     # error message in production by editing public/422.html.  A call to this method in ApplicationController is
     # generated by default in post-Rails 2.0 applications.
     #
-    # The token parameter is named <tt>authenticity_token</tt> by default. If you are generating an HTML form 
-    # manually (without the use of Rails' <tt>form_for</tt>, <tt>form_tag</tt> or other helpers), you have to 
-    # include a hidden field named like that and set its value to what is returned by 
+    # The token parameter is named <tt>authenticity_token</tt> by default. If you are generating an HTML form
+    # manually (without the use of Rails' <tt>form_for</tt>, <tt>form_tag</tt> or other helpers), you have to
+    # include a hidden field named like that and set its value to what is returned by
     # <tt>form_authenticity_token</tt>.
     #
-    # Request forgery protection is disabled by default in test environment. If you are upgrading from Rails 
+    # Request forgery protection is disabled by default in test environment. If you are upgrading from Rails
     # 1.x, add this to config/environments/test.rb:
     #
     #   # Disable request forgery protection in test environment
     #   config.action_controller.allow_forgery_protection = false
-    # 
+    #
     # == Learn more about CSRF (Cross-Site Request Forgery) attacks
     #
     # Here are some resources:
@@ -52,11 +52,11 @@ module ActionController #:nodoc:
     #
     # Keep in mind, this is NOT a silver-bullet, plug 'n' play, warm security blanket for your rails application.
     # There are a few guidelines you should follow:
-    # 
+    #
     # * Keep your GET requests safe and idempotent.  More reading material:
     #   * http://www.xml.com/pub/a/2002/04/24/deviant.html
     #   * http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1
-    #   * Make sure the session cookies that Rails creates are non-persistent.  Check in Firefox and look 
+    #   * Make sure the session cookies that Rails creates are non-persistent.  Check in Firefox and look
     #     for "Expires: at end of session"
     #
     module ClassMethods
@@ -92,7 +92,7 @@ module ActionController #:nodoc:
       # * is it a GET request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?
       def verified_request?
-        !protect_against_forgery? || request.forgery_whitelisted? || 
+        !protect_against_forgery? || request.forgery_whitelisted? ||
           form_authenticity_token == params[request_forgery_protection_token]
       end
 
diff --git a/actionpack/lib/action_controller/metal/session.rb b/actionpack/lib/action_controller/metal/session.rb
deleted file mode 100644
index bcedd6e1c7..0000000000
--- a/actionpack/lib/action_controller/metal/session.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-module ActionController
-  module Session
-    extend ActiveSupport::Concern
-
-    include RackConvenience
-
-    def session
-      @_request.session
-    end
-
-    def reset_session
-      @_request.reset_session
-    end
-  end
-end
diff --git a/actionpack/lib/action_controller/metal/verification.rb b/actionpack/lib/action_controller/metal/verification.rb
index cbd169b641..bce942b588 100644
--- a/actionpack/lib/action_controller/metal/verification.rb
+++ b/actionpack/lib/action_controller/metal/verification.rb
@@ -2,7 +2,7 @@ module ActionController #:nodoc:
   module Verification #:nodoc:
     extend ActiveSupport::Concern
 
-    include AbstractController::Callbacks, Session, Flash, Rendering
+    include AbstractController::Callbacks, Flash, Rendering
 
     # This module provides a class-level method for specifying that certain
     # actions are guarded against being called without certain prerequisites
@@ -35,7 +35,7 @@ module ActionController #:nodoc:
     #            :add_flash => { "alert" => "Failed to create your message" },
     #            :redirect_to => :category_url
     #
-    # Note that these prerequisites are not business rules. They do not examine 
+    # Note that these prerequisites are not business rules. They do not examine
     # the content of the session or the parameters. That level of validation should
     # be encapsulated by your domain model or helper methods in the controller.
     module ClassMethods
@@ -43,40 +43,40 @@ module ActionController #:nodoc:
       # the user is redirected to a different action. The +options+ parameter
       # is a hash consisting of the following key/value pairs:
       #
-      # <tt>:params</tt>:: 
-      #   a single key or an array of keys that must be in the <tt>params</tt> 
+      # <tt>:params</tt>::
+      #   a single key or an array of keys that must be in the <tt>params</tt>
       #   hash in order for the action(s) to be safely called.
-      # <tt>:session</tt>:: 
-      #   a single key or an array of keys that must be in the <tt>session</tt> 
+      # <tt>:session</tt>::
+      #   a single key or an array of keys that must be in the <tt>session</tt>
       #   in order for the action(s) to be safely called.
-      # <tt>:flash</tt>:: 
-      #   a single key or an array of keys that must be in the flash in order 
+      # <tt>:flash</tt>::
+      #   a single key or an array of keys that must be in the flash in order
       #   for the action(s) to be safely called.
-      # <tt>:method</tt>:: 
-      #   a single key or an array of keys--any one of which must match the 
-      #   current request method in order for the action(s) to be safely called. 
-      #   (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for 
+      # <tt>:method</tt>::
+      #   a single key or an array of keys--any one of which must match the
+      #   current request method in order for the action(s) to be safely called.
+      #   (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for
       #   example.)
-      # <tt>:xhr</tt>:: 
-      #   true/false option to ensure that the request is coming from an Ajax 
-      #   call or not. 
-      # <tt>:add_flash</tt>:: 
-      #   a hash of name/value pairs that should be merged into the session's 
+      # <tt>:xhr</tt>::
+      #   true/false option to ensure that the request is coming from an Ajax
+      #   call or not.
+      # <tt>:add_flash</tt>::
+      #   a hash of name/value pairs that should be merged into the session's
       #   flash if the prerequisites cannot be satisfied.
-      # <tt>:add_headers</tt>:: 
-      #   a hash of name/value pairs that should be merged into the response's 
+      # <tt>:add_headers</tt>::
+      #   a hash of name/value pairs that should be merged into the response's
       #   headers hash if the prerequisites cannot be satisfied.
-      # <tt>:redirect_to</tt>:: 
-      #   the redirection parameters to be used when redirecting if the 
-      #   prerequisites cannot be satisfied. You can redirect either to named 
+      # <tt>:redirect_to</tt>::
+      #   the redirection parameters to be used when redirecting if the
+      #   prerequisites cannot be satisfied. You can redirect either to named
       #   route or to the action in some controller.
-      # <tt>:render</tt>:: 
+      # <tt>:render</tt>::
       #   the render parameters to be used when the prerequisites cannot be satisfied.
-      # <tt>:only</tt>:: 
-      #   only apply this verification to the actions specified in the associated 
+      # <tt>:only</tt>::
+      #   only apply this verification to the actions specified in the associated
       #   array (may also be a single value).
-      # <tt>:except</tt>:: 
-      #   do not apply this verification to the actions specified in the associated 
+      # <tt>:except</tt>::
+      #   do not apply this verification to the actions specified in the associated
       #   array (may also be a single value).
       def verify(options={})
         before_filter :only => options[:only], :except => options[:except] do
@@ -94,31 +94,31 @@ module ActionController #:nodoc:
         apply_remaining_actions(options)               unless performed?
       end
     end
-    
+
     def prereqs_invalid?(options) # :nodoc:
-      verify_presence_of_keys_in_hash_flash_or_params(options) || 
-      verify_method(options) || 
+      verify_presence_of_keys_in_hash_flash_or_params(options) ||
+      verify_method(options) ||
       verify_request_xhr_status(options)
     end
- 
+
     def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
       [*options[:params] ].find { |v| v && params[v.to_sym].nil?  } ||
       [*options[:session]].find { |v| session[v].nil? } ||
       [*options[:flash]  ].find { |v| flash[v].nil?   }
     end
-    
+
     def verify_method(options) # :nodoc:
       [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
     end
-    
+
     def verify_request_xhr_status(options) # :nodoc:
       request.xhr? != options[:xhr] unless options[:xhr].nil?
     end
-    
+
     def apply_redirect_to(redirect_to_option) # :nodoc:
       (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option
     end
-    
+
     def apply_remaining_actions(options) # :nodoc:
       case
         when options[:render]      ; render(options[:render])