Merge branch 'master' into sprockets

Conflicts:
	railties/lib/rails/application/configuration.rb

5 files changed, 66 insertions, 31 deletions

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 81c0698fb8..e6523e56d2 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -198,6 +198,7 @@ module ActionController
       Cookies,
       Flash,
       RequestForgeryProtection,
+      ForceSSL,
       Streaming,
       RecordIdentifier,
       HttpAuthentication::Basic::ControllerMethods,
diff --git a/actionpack/lib/action_controller/caching/actions.rb b/actionpack/lib/action_controller/caching/actions.rb
index 2c8a6e4d4d..5fc6956266 100644
--- a/actionpack/lib/action_controller/caching/actions.rb
+++ b/actionpack/lib/action_controller/caching/actions.rb
@@ -56,19 +56,18 @@ module ActionController #:nodoc:
     #
     #     caches_page :public
     #
-    #     caches_action :index, :if => proc do |c|
-    #       !c.request.format.json?  # cache if is not a JSON request
+    #     caches_action :index, :if => proc do
+    #       !request.format.json?  # cache if is not a JSON request
     #     end
     #
     #     caches_action :show, :cache_path => { :project => 1 },
     #       :expires_in => 1.hour
     #
-    #     caches_action :feed, :cache_path => proc do |c|
-    #       if c.params[:user_id]
-    #         c.send(:user_list_url,
-    #           c.params[:user_id], c.params[:id])
+    #     caches_action :feed, :cache_path => proc do
+    #       if params[:user_id]
+    #         user_list_url(params[:user_id, params[:id])
     #       else
-    #         c.send(:list_url, c.params[:id])
+    #         list_url(params[:id])
     #       end
     #     end
     #   end
diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb
new file mode 100644
index 0000000000..eb8ed7dfbd
--- /dev/null
+++ b/actionpack/lib/action_controller/metal/force_ssl.rb
@@ -0,0 +1,35 @@
+module ActionController
+  # This module provides a method which will redirects browser to use HTTPS
+  # protocol. This will ensure that user's sensitive information will be
+  # transferred safely over the internet. You _should_ always force browser
+  # to use HTTPS when you're transferring sensitive information such as
+  # user authentication, account information, or credit card information.
+  #
+  # Note that if you really concern about your application safety, you might
+  # consider using +config.force_ssl+ in your configuration config file instead.
+  # That will ensure all the data transferred via HTTPS protocol and prevent
+  # user from getting session hijacked when accessing the site under unsecured
+  # HTTP protocol.
+  module ForceSSL
+    extend ActiveSupport::Concern
+    include AbstractController::Callbacks
+
+    module ClassMethods
+      # Force the request to this particular controller or specified actions to be
+      # under HTTPS protocol.
+      #
+      # Note that this method will not be effective on development environment.
+      #
+      # ==== Options
+      # * <tt>only</tt>   - The callback should be run only for this action
+      # * <tt>except<tt>  - The callback should be run for all actions except this action
+      def force_ssl(options = {})
+        before_filter(options) do
+          if !request.ssl? && !Rails.env.development?
+            redirect_to :protocol => 'https://', :status => :moved_permanently
+          end
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 39c804d707..b98429792d 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -8,9 +8,7 @@ module ActionController
     # === Simple \Basic example
     #
     #   class PostsController < ApplicationController
-    #     USER_NAME, PASSWORD = "dhh", "secret"
-    #
-    #     before_filter :authenticate, :except => [ :index ]
+    #     http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index
     #
     #     def index
     #       render :text => "Everyone can see me!"
@@ -19,15 +17,7 @@ module ActionController
     #     def edit
     #       render :text => "I'm only accessible if you know the password"
     #     end
-    #
-    #     private
-    #       def authenticate
-    #         authenticate_or_request_with_http_basic do |user_name, password|
-    #           user_name == USER_NAME && password == PASSWORD
-    #         end
-    #       end
-    #   end
-    #
+    #  end
     #
     # === Advanced \Basic example
     #
@@ -115,6 +105,18 @@ module ActionController
       extend self
 
       module ControllerMethods
+        extend ActiveSupport::Concern
+        
+        module ClassMethods
+          def http_basic_authenticate_with(options = {})
+            before_filter(options.except(:name, :password, :realm)) do
+              authenticate_or_request_with_http_basic(options[:realm] || "Application") do |name, password|
+                name == options[:name] && password == options[:password]
+              end
+            end
+          end
+        end
+        
         def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure)
           authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm)
         end
@@ -378,7 +380,6 @@ module ActionController
     #
     #   RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
     module Token
-
       extend self
 
       module ControllerMethods
@@ -458,6 +459,5 @@ module ActionController
         controller.__send__ :render, :text => "HTTP Token: Access denied.\n", :status => :unauthorized
       end
     end
-
   end
 end
diff --git a/actionpack/lib/action_controller/metal/implicit_render.rb b/actionpack/lib/action_controller/metal/implicit_render.rb
index cfa7004048..678f4ca763 100644
--- a/actionpack/lib/action_controller/metal/implicit_render.rb
+++ b/actionpack/lib/action_controller/metal/implicit_render.rb
@@ -1,21 +1,21 @@
 module ActionController
   module ImplicitRender
-    def send_action(*)
-      ret = super
-      default_render unless response_body
-      ret
+    def send_action(method, *args)
+      if respond_to?(method, true)
+        ret = super
+        default_render unless response_body
+        ret
+      else
+        default_render
+      end
     end
 
     def default_render
       render
     end
 
-    def method_for_action(action_name)
-      super || begin
-        if template_exists?(action_name.to_s, _prefixes)
-          "default_render"
-        end
-      end
+    def action_method?(action_name)
+      super || template_exists?(action_name.to_s, _prefixes)
     end
   end
 end