diff options
56 files changed, 349 insertions, 515 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 20b6820065..6c9f3e0e67 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -89,6 +89,9 @@ * check_box with `:form` html5 attribute will now replicate the `:form` attribute to the hidden field as well. *Carlos Antonio da Silva* +* Turn off verbose mode of rack-cache, we still have X-Rack-Cache to + check that info. Closes #5245. *Santiago Pastorino* + * `label` form helper accepts :for => nil to not generate the attribute. *Carlos Antonio da Silva* * Add `:format` option to number_to_percentage *Rodrigo Flores* @@ -123,6 +126,8 @@ ## Rails 3.2.3 (unreleased) ## +* Do not include the authenticity token in forms where remote: true as ajax forms use the meta-tag value *DHH* + * Upgrade rack-cache to 1.2. *José Valim* * ActionController::SessionManagement is removed. *Santiago Pastorino* diff --git a/actionpack/lib/abstract_controller/layouts.rb b/actionpack/lib/abstract_controller/layouts.rb index a82e3dc90a..6f13ebe0d0 100644 --- a/actionpack/lib/abstract_controller/layouts.rb +++ b/actionpack/lib/abstract_controller/layouts.rb @@ -89,7 +89,7 @@ module AbstractController # class TillController < BankController # layout false # - # In these examples, we have three implicit lookup scenrios: + # In these examples, we have three implicit lookup scenarios: # * The BankController uses the "bank" layout. # * The ExchangeController uses the "exchange" layout. # * The CurrencyController inherits the layout from BankController. @@ -120,6 +120,7 @@ module AbstractController # def writers_and_readers # logged_in? ? "writer_layout" : "reader_layout" # end + # end # # Now when a new request for the index action is processed, the layout will vary depending on whether the person accessing # is logged in or not. @@ -127,7 +128,14 @@ module AbstractController # If you want to use an inline method, such as a proc, do something like this: # # class WeblogController < ActionController::Base - # layout proc{ |controller| controller.logged_in? ? "writer_layout" : "reader_layout" } + # layout proc { |controller| controller.logged_in? ? "writer_layout" : "reader_layout" } + # end + # + # If an argument isn't given to the proc, it's evaluated in the context of + # the current controller anyway. + # + # class WeblogController < ActionController::Base + # layout proc { logged_in? ? "writer_layout" : "reader_layout" } # end # # Of course, the most common way of specifying a layout is still just as a plain template name: @@ -298,12 +306,12 @@ module AbstractController end RUBY when Proc - define_method :_layout_from_proc, &_layout - "_layout_from_proc(self)" + define_method :_layout_from_proc, &_layout + _layout.arity == 0 ? "_layout_from_proc" : "_layout_from_proc(self)" when false nil when true - raise ArgumentError, "Layouts must be specified as a String, Symbol, false, or nil" + raise ArgumentError, "Layouts must be specified as a String, Symbol, Proc, false, or nil" when nil name_clause end @@ -363,7 +371,7 @@ module AbstractController when false, nil then nil else raise ArgumentError, - "String, true, or false, expected for `layout'; you passed #{name.inspect}" + "String, Proc, :default, true, or false, expected for `layout'; you passed #{name.inspect}" end end diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 6ce78f34b5..71425cd542 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -171,7 +171,7 @@ module ActionController class Base < Metal abstract! - # Shortcut helper that returns all the ActionController modules except the ones passed in the argument: + # Shortcut helper that returns all the ActionController::Base modules except the ones passed in the argument: # # class MetalController # ActionController::Base.without_modules(:ParamsWrapper, :Streaming).each do |left| diff --git a/actionpack/lib/action_controller/caching/sweeping.rb b/actionpack/lib/action_controller/caching/sweeping.rb index 49cf70ec21..808a6fe5f3 100644 --- a/actionpack/lib/action_controller/caching/sweeping.rb +++ b/actionpack/lib/action_controller/caching/sweeping.rb @@ -88,7 +88,7 @@ module ActionController #:nodoc: end def method_missing(method, *arguments, &block) - return unless @controller + super unless @controller @controller.__send__(method, *arguments, &block) end end diff --git a/actionpack/lib/action_controller/metal/force_ssl.rb b/actionpack/lib/action_controller/metal/force_ssl.rb index a1e40fc4e0..ac12cbb625 100644 --- a/actionpack/lib/action_controller/metal/force_ssl.rb +++ b/actionpack/lib/action_controller/metal/force_ssl.rb @@ -44,7 +44,7 @@ module ActionController redirect_options = {:protocol => 'https://', :status => :moved_permanently} redirect_options.merge!(:host => host) if host redirect_options.merge!(:params => request.query_parameters) - flash.keep + flash.keep if respond_to?(:flash) redirect_to redirect_options end end diff --git a/actionpack/lib/action_controller/metal/helpers.rb b/actionpack/lib/action_controller/metal/helpers.rb index d070eaae5d..1a4bca12d2 100644 --- a/actionpack/lib/action_controller/metal/helpers.rb +++ b/actionpack/lib/action_controller/metal/helpers.rb @@ -52,6 +52,7 @@ module ActionController module Helpers extend ActiveSupport::Concern + class << self; attr_accessor :helpers_path; end include AbstractController::Helpers included do diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index b07742e0e1..3ffb7ef426 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -93,7 +93,7 @@ module ActionController _compute_redirect_to_location options.call else url_for(options) - end.gsub(/[\r\n]/, '') + end.gsub(/[\0\r\n]/, '') end end end diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 3e170d7872..851a2c4aee 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -3,33 +3,32 @@ require "action_controller" require "action_dispatch/railtie" require "action_view/railtie" require "abstract_controller/railties/routes_helpers" -require "action_controller/railties/paths" +require "action_controller/railties/helpers" module ActionController class Railtie < Rails::Railtie #:nodoc: config.action_controller = ActiveSupport::OrderedOptions.new - initializer "action_controller.logger" do - ActiveSupport.on_load(:action_controller) { self.logger ||= Rails.logger } - end - - initializer "action_controller.initialize_framework_caches" do - ActiveSupport.on_load(:action_controller) { self.cache_store ||= Rails.cache } - end - initializer "action_controller.assets_config", :group => :all do |app| app.config.action_controller.assets_dir ||= app.config.paths["public"].first end + initializer "action_controller.set_helpers_path" do |app| + ActionController::Helpers.helpers_path = app.helpers_paths + end + initializer "action_controller.set_configs" do |app| paths = app.config.paths options = app.config.action_controller + options.logger ||= Rails.logger + options.cache_store ||= Rails.cache + options.javascripts_dir ||= paths["public/javascripts"].first options.stylesheets_dir ||= paths["public/stylesheets"].first options.page_cache_directory ||= paths["public"].first - # make sure readers methods get compiled + # Ensure readers methods get compiled options.asset_path ||= app.config.asset_path options.asset_host ||= app.config.asset_host options.relative_url_root ||= app.config.relative_url_root @@ -37,8 +36,16 @@ module ActionController ActiveSupport.on_load(:action_controller) do include app.routes.mounted_helpers extend ::AbstractController::Railties::RoutesHelpers.with(app.routes) - extend ::ActionController::Railties::Paths.with(app) - options.each { |k,v| send("#{k}=", v) } + extend ::ActionController::Railties::Helpers + + options.each do |k,v| + k = "#{k}=" + if respond_to?(k) + send(k, v) + elsif !Base.respond_to?(k) + raise "Invalid option key: #{k}" + end + end end end diff --git a/actionpack/lib/action_controller/railties/helpers.rb b/actionpack/lib/action_controller/railties/helpers.rb new file mode 100644 index 0000000000..3985c6b273 --- /dev/null +++ b/actionpack/lib/action_controller/railties/helpers.rb @@ -0,0 +1,22 @@ +module ActionController + module Railties + module Helpers + def inherited(klass) + super + return unless klass.respond_to?(:helpers_path=) + + if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) } + paths = namespace.railtie_helpers_paths + else + paths = ActionController::Helpers.helpers_path + end + + klass.helpers_path = paths + + if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers + klass.helper :all + end + end + end + end +end diff --git a/actionpack/lib/action_controller/railties/paths.rb b/actionpack/lib/action_controller/railties/paths.rb deleted file mode 100644 index bbe63149ad..0000000000 --- a/actionpack/lib/action_controller/railties/paths.rb +++ /dev/null @@ -1,25 +0,0 @@ -module ActionController - module Railties - module Paths - def self.with(app) - Module.new do - define_method(:inherited) do |klass| - super(klass) - - if namespace = klass.parents.detect { |m| m.respond_to?(:railtie_helpers_paths) } - paths = namespace.railtie_helpers_paths - else - paths = app.helpers_paths - end - - klass.helpers_path = paths - - if klass.superclass == ActionController::Base && ActionController::Base.include_all_helpers - klass.helper :all - end - end - end - end - end - end -end diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb index 7af30ed690..7ba8319e4c 100644 --- a/actionpack/lib/action_controller/test_case.rb +++ b/actionpack/lib/action_controller/test_case.rb @@ -505,11 +505,6 @@ module ActionController end end - # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local - def rescue_action_in_public! - @request.remote_addr = '208.77.188.166' # example.com - end - included do include ActionController::TemplateAssertions include ActionDispatch::Assertions diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb index 84732085f0..078229efd2 100644 --- a/actionpack/lib/action_dispatch/http/response.rb +++ b/actionpack/lib/action_dispatch/http/response.rb @@ -51,12 +51,13 @@ module ActionDispatch # :nodoc: # If a character set has been defined for this response (see charset=) then # the character set information will also be included in the content type # information. - attr_accessor :charset, :content_type + attr_accessor :charset + attr_reader :content_type CONTENT_TYPE = "Content-Type".freeze SET_COOKIE = "Set-Cookie".freeze LOCATION = "Location".freeze - + cattr_accessor(:default_charset) { "utf-8" } include Rack::Response::Helpers @@ -83,6 +84,10 @@ module ActionDispatch # :nodoc: @status = Rack::Utils.status_code(status) end + def content_type=(content_type) + @content_type = content_type.to_s + end + # The response code of the request def response_code @status diff --git a/actionpack/lib/action_dispatch/middleware/static.rb b/actionpack/lib/action_dispatch/middleware/static.rb index 63b7422287..9073e6582d 100644 --- a/actionpack/lib/action_dispatch/middleware/static.rb +++ b/actionpack/lib/action_dispatch/middleware/static.rb @@ -39,6 +39,7 @@ module ActionDispatch end def escape_glob_chars(path) + path.force_encoding('binary') if path.respond_to? :force_encoding path.gsub(/[*?{}\[\]]/, "\\\\\\&") end end diff --git a/actionpack/lib/action_dispatch/testing/assertions/response.rb b/actionpack/lib/action_dispatch/testing/assertions/response.rb index 094cfbfc76..a5e7a8c715 100644 --- a/actionpack/lib/action_dispatch/testing/assertions/response.rb +++ b/actionpack/lib/action_dispatch/testing/assertions/response.rb @@ -83,7 +83,7 @@ module ActionDispatch refer else @controller.url_for(fragment) - end.gsub(/[\r\n]/, '') + end.gsub(/[\0\r\n]/, '') end end end diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index 9fad30a48f..41d895c15e 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -27,7 +27,9 @@ module ActionView # is added to simulate the verb over post. # * <tt>:authenticity_token</tt> - Authenticity token to use in the form. Use only if you need to # pass custom authenticity token string, or to not add authenticity_token field at all - # (by passing <tt>false</tt>). + # (by passing <tt>false</tt>). If this is a remote form, the authenticity_token will by default + # not be included as the ajax handler will get it from the meta-tag (but you can force it to be + # rendered anyway in that case by passing <tt>true</tt>). # * A list of parameters to feed to the URL the form will be posted to. # * <tt>:remote</tt> - If set to true, will allow the Unobtrusive JavaScript drivers to control the # submit behavior. By default this behavior is an ajax submit. @@ -616,8 +618,17 @@ module ActionView # responsibility of the caller to escape all the values. html_options["action"] = url_for(url_for_options) html_options["accept-charset"] = "UTF-8" + html_options["data-remote"] = true if html_options.delete("remote") - html_options["authenticity_token"] = html_options.delete("authenticity_token") if html_options.has_key?("authenticity_token") + + if html_options["data-remote"] && html_options["authenticity_token"] == true + # Include the default authenticity_token, which is only generated when its set to nil, + # but we needed the true value to override the default of no authenticity_token on data-remote. + html_options["authenticity_token"] = nil + elsif html_options["data-remote"] + # The authenticity token is taken from the meta tag in this case + html_options["authenticity_token"] = false + end end end diff --git a/actionpack/test/abstract/layouts_test.rb b/actionpack/test/abstract/layouts_test.rb index e07a6de4a9..58795aa327 100644 --- a/actionpack/test/abstract/layouts_test.rb +++ b/actionpack/test/abstract/layouts_test.rb @@ -72,6 +72,27 @@ module AbstractControllerTests end end + class WithZeroArityProc < Base + layout proc { "overwrite" } + + def index + render :template => ActionView::Template::Text.new("Hello zero arity proc!") + end + end + + class WithProcInContextOfInstance < Base + def an_instance_method; end + + layout proc { + break unless respond_to? :an_instance_method + "overwrite" + } + + def index + render :template => ActionView::Template::Text.new("Hello again zero arity proc!") + end + end + class WithSymbol < Base layout :hello @@ -221,6 +242,18 @@ module AbstractControllerTests assert_equal "Overwrite Hello proc!", controller.response_body end + test "when layout is specified as a proc without parameters it works just the same" do + controller = WithZeroArityProc.new + controller.process(:index) + assert_equal "Overwrite Hello zero arity proc!", controller.response_body + end + + test "when layout is specified as a proc without parameters the block is evaluated in the context of an instance" do + controller = WithProcInContextOfInstance.new + controller.process(:index) + assert_equal "Overwrite Hello again zero arity proc!", controller.response_body + end + test "when layout is specified as a symbol, call the requested method and use the layout returned" do controller = WithSymbol.new controller.process(:index) diff --git a/actionpack/test/controller/base_test.rb b/actionpack/test/controller/base_test.rb index 03d9873fc7..2d4083252e 100644 --- a/actionpack/test/controller/base_test.rb +++ b/actionpack/test/controller/base_test.rb @@ -130,8 +130,6 @@ class PerformActionTest < ActionController::TestCase @request = ActionController::TestRequest.new @response = ActionController::TestResponse.new @request.host = "www.nextangle.com" - - rescue_action_in_public! end def test_process_should_be_precise @@ -155,7 +153,6 @@ class UrlOptionsTest < ActionController::TestCase def setup super @request.host = 'www.example.com' - rescue_action_in_public! end def test_url_for_query_params_included @@ -206,7 +203,6 @@ class DefaultUrlOptionsTest < ActionController::TestCase def setup super @request.host = 'www.example.com' - rescue_action_in_public! end def test_default_url_options_override @@ -257,7 +253,6 @@ class EmptyUrlOptionsTest < ActionController::TestCase def setup super @request.host = 'www.example.com' - rescue_action_in_public! end def test_ensure_url_for_works_as_expected_when_called_with_no_options_if_default_url_options_is_not_set diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index b1d76150f8..6dab42d75d 100644 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -103,6 +103,14 @@ class RedirectController < ActionController::Base redirect_to proc { {:action => "hello_world"} } end + def redirect_with_header_break + redirect_to "/lol\r\nwat" + end + + def redirect_with_null_bytes + redirect_to "\000/lol\r\nwat" + end + def rescue_errors(e) raise e end protected @@ -120,6 +128,18 @@ class RedirectTest < ActionController::TestCase assert_equal "http://test.host/redirect/hello_world", redirect_to_url end + def test_redirect_with_header_break + get :redirect_with_header_break + assert_response :redirect + assert_equal "http://test.host/lolwat", redirect_to_url + end + + def test_redirect_with_null_bytes + get :redirect_with_null_bytes + assert_response :redirect + assert_equal "http://test.host/lolwat", redirect_to_url + end + def test_redirect_with_no_status get :simple_redirect assert_response 302 diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index ef795dad89..8d4b76849f 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -35,6 +35,16 @@ module RequestForgeryProtectionActions def form_for_without_protection render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>" end + + def form_for_remote + render :inline => "<%= form_for(:some_resource, :remote => true ) {} %>" + end + + def form_for_remote_with_token + render :inline => "<%= form_for(:some_resource, :remote => true, :authenticity_token => true ) {} %>" + end + + def rescue_action(e) raise e end end # sample controllers @@ -98,6 +108,20 @@ module RequestForgeryProtectionTests assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token end + def test_should_render_form_without_token_tag_if_remote + assert_not_blocked do + get :form_for_remote + end + assert_no_match /authenticity_token/, response.body + end + + def test_should_render_form_with_token_tag_if_remote_and_authenticity_token_requested + assert_not_blocked do + get :form_for_remote_with_token + end + assert_select 'form>div>input[name=?][value=?]', 'custom_authenticity_token', @token + end + def test_should_allow_get assert_not_blocked { get :index } end diff --git a/actionpack/test/controller/sweeper_test.rb b/actionpack/test/controller/sweeper_test.rb new file mode 100644 index 0000000000..0561efc62f --- /dev/null +++ b/actionpack/test/controller/sweeper_test.rb @@ -0,0 +1,16 @@ +require 'abstract_unit' + + +class SweeperTest < ActionController::TestCase + + class ::AppSweeper < ActionController::Caching::Sweeper; end + + def test_sweeper_should_not_ignore_unknown_method_calls + sweeper = ActionController::Caching::Sweeper.send(:new) + assert_raise NameError do + sweeper.instance_eval do + some_method_that_doesnt_exist + end + end + end +end diff --git a/actionpack/test/dispatch/static_test.rb b/actionpack/test/dispatch/static_test.rb index 092ca3e20a..112f470786 100644 --- a/actionpack/test/dispatch/static_test.rb +++ b/actionpack/test/dispatch/static_test.rb @@ -7,6 +7,10 @@ module StaticTests assert_equal "Hello, World!", get("/nofile").body end + def test_handles_urls_with_bad_encoding + assert_equal "Hello, World!", get("/doorkeeper%E3E4").body + end + def test_sets_cache_control response = get("/index.html") assert_html "/index.html", response diff --git a/activerecord/lib/active_record/connection_adapters/abstract_adapter.rb b/activerecord/lib/active_record/connection_adapters/abstract_adapter.rb index 767c99de4c..1d713e472b 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract_adapter.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract_adapter.rb @@ -284,26 +284,25 @@ module ActiveRecord protected - def log(sql, name = "SQL", binds = []) - @instrumenter.instrument( - "sql.active_record", - :sql => sql, - :name => name, - :connection_id => object_id, - :binds => binds) { yield } - rescue Exception => e - message = "#{e.class.name}: #{e.message}: #{sql}" - @logger.debug message if @logger - exception = translate_exception(e, message) - exception.set_backtrace e.backtrace - raise exception - end - - def translate_exception(e, message) - # override in derived class - ActiveRecord::StatementInvalid.new(message) - end - + def log(sql, name = "SQL", binds = []) + @instrumenter.instrument( + "sql.active_record", + :sql => sql, + :name => name, + :connection_id => object_id, + :binds => binds) { yield } + rescue Exception => e + message = "#{e.class.name}: #{e.message}: #{sql}" + @logger.error message if @logger + exception = translate_exception(e, message) + exception.set_backtrace e.backtrace + raise exception + end + + def translate_exception(e, message) + # override in derived class + ActiveRecord::StatementInvalid.new(message) + end end end end diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb index 5b7fa029da..10a178e369 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb @@ -1006,7 +1006,7 @@ module ActiveRecord # This should be not be called manually but set in database.yml. def schema_search_path=(schema_csv) if schema_csv - execute "SET search_path TO #{schema_csv}" + execute("SET search_path TO #{schema_csv}", 'SCHEMA') @schema_search_path = schema_csv end end diff --git a/activerecord/lib/active_record/model_schema.rb b/activerecord/lib/active_record/model_schema.rb index 99847ac161..c85d590ce1 100644 --- a/activerecord/lib/active_record/model_schema.rb +++ b/activerecord/lib/active_record/model_schema.rb @@ -160,6 +160,7 @@ module ActiveRecord # Sets the value of inheritance_column def inheritance_column=(value) @inheritance_column = value.to_s + @explicit_inheritance_column = true end def sequence_name @@ -303,7 +304,7 @@ module ActiveRecord @column_types = nil @content_columns = nil @dynamic_methods_hash = nil - @inheritance_column = nil + @inheritance_column = nil unless defined?(@explicit_inheritance_column) && @explicit_inheritance_column @relation = nil end diff --git a/activerecord/lib/active_record/relation.rb b/activerecord/lib/active_record/relation.rb index 6f39708ec3..ae2dc6872a 100644 --- a/activerecord/lib/active_record/relation.rb +++ b/activerecord/lib/active_record/relation.rb @@ -507,6 +507,10 @@ module ActiveRecord end end + def blank? + to_a.blank? + end + private def references_eager_loaded_tables? diff --git a/activerecord/test/cases/adapters/postgresql/explain_test.rb b/activerecord/test/cases/adapters/postgresql/explain_test.rb index 0b61f61572..619d581d5f 100644 --- a/activerecord/test/cases/adapters/postgresql/explain_test.rb +++ b/activerecord/test/cases/adapters/postgresql/explain_test.rb @@ -22,6 +22,13 @@ module ActiveRecord assert_match %(EXPLAIN for: SELECT "audit_logs".* FROM "audit_logs" WHERE "audit_logs"."developer_id" IN (1)), explain assert_match %(Seq Scan on audit_logs), explain end + + def test_dont_explain_for_set_search_path + queries = Thread.current[:available_queries_for_explain] = [] + ActiveRecord::Base.connection.schema_search_path = "public" + assert queries.empty? + end + end end end diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index 76b999efac..bddaf6afa8 100644 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -1503,6 +1503,16 @@ class BasicsTest < ActiveRecord::TestCase assert_equal before_seq, after_seq unless before_seq.blank? && after_seq.blank? end + def test_dont_clear_inheritnce_column_when_setting_explicitly + Joke.inheritance_column = "my_type" + before_inherit = Joke.inheritance_column + + Joke.reset_column_information + after_inherit = Joke.inheritance_column + + assert_equal before_inherit, after_inherit unless before_inherit.blank? && after_inherit.blank? + end + def test_set_table_name_symbol_converted_to_string Joke.table_name = :cold_jokes assert_equal 'cold_jokes', Joke.table_name diff --git a/activerecord/test/cases/schema_dumper_test.rb b/activerecord/test/cases/schema_dumper_test.rb index 3314013cd4..15ceaa1fcc 100644 --- a/activerecord/test/cases/schema_dumper_test.rb +++ b/activerecord/test/cases/schema_dumper_test.rb @@ -239,7 +239,7 @@ class SchemaDumperTest < ActiveRecord::TestCase def test_schema_dump_includes_hstores_shorthand_definition output = standard_dump if %r{create_table "postgresql_hstores"} =~ output - assert_match %r{t.hstore "hash_store", default => ""}, output + assert_match %r[t.hstore "hash_store", :default => {}], output end end diff --git a/activesupport/lib/active_support/basic_object.rb b/activesupport/lib/active_support/basic_object.rb index c3c7ab0112..6ccb0cd525 100644 --- a/activesupport/lib/active_support/basic_object.rb +++ b/activesupport/lib/active_support/basic_object.rb @@ -10,5 +10,4 @@ module ActiveSupport ::Object.send(:raise, *args) end end - end diff --git a/activesupport/lib/active_support/core_ext/module/delegation.rb b/activesupport/lib/active_support/core_ext/module/delegation.rb index ac2a63d3a1..af92b869fd 100644 --- a/activesupport/lib/active_support/core_ext/module/delegation.rb +++ b/activesupport/lib/active_support/core_ext/module/delegation.rb @@ -106,9 +106,11 @@ class Module unless options.is_a?(Hash) && to = options[:to] raise ArgumentError, "Delegation needs a target. Supply an options hash with a :to key as the last argument (e.g. delegate :hello, :to => :greeter)." end - prefix, to, allow_nil = options[:prefix], options[:to], options[:allow_nil] - if prefix == true && to.to_s =~ /^[^a-z_]/ + to = to.to_s + prefix, allow_nil = options.values_at(:prefix, :allow_nil) + + if prefix == true && to =~ /^[^a-z_]/ raise ArgumentError, "Can only automatically set the delegation prefix when delegating to a method." end @@ -122,10 +124,8 @@ class Module file, line = caller.first.split(':', 2) line = line.to_i - methods.each do |method| - method = method.to_s - - if allow_nil + if allow_nil + methods.each do |method| module_eval(<<-EOS, file, line - 2) def #{method_prefix}#{method}(*args, &block) # def customer_name(*args, &block) if #{to} || #{to}.respond_to?(:#{method}) # if client || client.respond_to?(:name) @@ -133,7 +133,9 @@ class Module end # end end # end EOS - else + end + else + methods.each do |method| exception = %(raise "#{self}##{method_prefix}#{method} delegated to #{to}.#{method}, but #{to} is nil: \#{self.inspect}") module_eval(<<-EOS, file, line - 1) diff --git a/activesupport/lib/active_support/dependencies.rb b/activesupport/lib/active_support/dependencies.rb index 2c5950edf5..745a131524 100644 --- a/activesupport/lib/active_support/dependencies.rb +++ b/activesupport/lib/active_support/dependencies.rb @@ -129,16 +129,14 @@ module ActiveSupport #:nodoc: # Add a set of modules to the watch stack, remembering the initial constants def watch_namespaces(namespaces) - watching = [] - namespaces.map do |namespace| + @watching << namespaces.map do |namespace| module_name = Dependencies.to_constant_name(namespace) original_constants = Dependencies.qualified_const_defined?(module_name) ? Inflector.constantize(module_name).local_constants : [] - watching << module_name @stack[module_name] << original_constants + module_name end - @watching << watching end private @@ -365,7 +363,7 @@ module ActiveSupport #:nodoc: # Record history *after* loading so first load gets warnings. history << expanded - return result + result end # Is the provided constant path defined? @@ -434,7 +432,7 @@ module ActiveSupport #:nodoc: mod = Module.new into.const_set const_name, mod autoloaded_constants << qualified_name unless autoload_once_paths.include?(base_path) - return mod + mod end # Load the file at the provided path. +const_paths+ is a set of qualified @@ -458,7 +456,7 @@ module ActiveSupport #:nodoc: autoloaded_constants.concat newly_defined_paths unless load_once_path?(path) autoloaded_constants.uniq! log "loading #{path} defined #{newly_defined_paths * ', '}" unless newly_defined_paths.empty? - return result + result end # Return the constant path for the provided parent and constant name. @@ -505,7 +503,7 @@ module ActiveSupport #:nodoc: raise NameError, "uninitialized constant #{qualified_name}", - caller.reject {|l| l.starts_with? __FILE__ } + caller.reject { |l| l.starts_with? __FILE__ } end # Remove the constants that have been autoloaded, and those that have been @@ -543,10 +541,7 @@ module ActiveSupport #:nodoc: def safe_get(key) key = key.name if key.respond_to?(:name) - @store[key] || begin - klass = Inflector.safe_constantize(key) - @store[key] = klass - end + @store[key] ||= Inflector.safe_constantize(key) end def store(klass) @@ -600,10 +595,10 @@ module ActiveSupport #:nodoc: def mark_for_unload(const_desc) name = to_constant_name const_desc if explicitly_unloadable_constants.include? name - return false + false else explicitly_unloadable_constants << name - return true + true end end @@ -631,10 +626,10 @@ module ActiveSupport #:nodoc: return new_constants unless aborting log "Error during loading, removing partially loaded constants " - new_constants.each {|c| remove_constant(c) }.clear + new_constants.each { |c| remove_constant(c) }.clear end - return [] + [] end # Convert the provided const desc to a qualified constant name (as a string). @@ -663,7 +658,7 @@ module ActiveSupport #:nodoc: constantized.before_remove_const if constantized.respond_to?(:before_remove_const) parent.instance_eval { remove_const to_remove } - return true + true end protected diff --git a/activesupport/lib/active_support/file_update_checker.rb b/activesupport/lib/active_support/file_update_checker.rb index 2ede084e95..fe22b9515b 100644 --- a/activesupport/lib/active_support/file_update_checker.rb +++ b/activesupport/lib/active_support/file_update_checker.rb @@ -1,5 +1,3 @@ -require "active_support/core_ext/array/extract_options" - module ActiveSupport # \FileUpdateChecker specifies the API used by Rails to watch files # and control reloading. The API depends on four methods: @@ -93,10 +91,10 @@ module ActiveSupport def updated_at #:nodoc: @updated_at || begin - all = [] - all.concat @files.select { |f| File.exists?(f) } + all = @files.select { |f| File.exists?(f) } all.concat Dir[@glob] if @glob - all.map { |path| File.mtime(path) }.max || Time.at(0) + all.map! { |path| File.mtime(path) } + all.max || Time.at(0) end end @@ -104,13 +102,16 @@ module ActiveSupport hash.freeze # Freeze so changes aren't accidently pushed return if hash.empty? - globs = [] - hash.each do |key, value| - globs << "#{key}/**/*#{compile_ext(value)}" + globs = hash.map do |key, value| + "#{escape(key)}/**/*#{compile_ext(value)}" end "{#{globs.join(",")}}" end + def escape(key) + key.gsub(',','\,') + end + def compile_ext(array) #:nodoc: array = Array(array) return if array.empty? diff --git a/activesupport/lib/active_support/log_subscriber.rb b/activesupport/lib/active_support/log_subscriber.rb index 58938cdc3d..d2a6e1bd82 100644 --- a/activesupport/lib/active_support/log_subscriber.rb +++ b/activesupport/lib/active_support/log_subscriber.rb @@ -3,7 +3,7 @@ require 'active_support/core_ext/class/attribute' module ActiveSupport # ActiveSupport::LogSubscriber is an object set to consume ActiveSupport::Notifications - # with the sole purpose of logging them. The log subscriber dispatches notifications to + # with the sole purpose of logging them. The log subscriber dispatches notifications to # a registered object based on its given namespace. # # An example would be Active Record log subscriber responsible for logging queries: @@ -75,7 +75,8 @@ module ActiveSupport @@flushable_loggers ||= begin loggers = log_subscribers.map(&:logger) loggers.uniq! - loggers.select { |l| l.respond_to?(:flush) } + loggers.select! { |l| l.respond_to?(:flush) } + loggers end end @@ -101,8 +102,7 @@ module ActiveSupport %w(info debug warn error fatal unknown).each do |level| class_eval <<-METHOD, __FILE__, __LINE__ + 1 def #{level}(progname = nil, &block) - return unless logger - logger.#{level}(progname, &block) + logger.#{level}(progname, &block) if logger end METHOD end diff --git a/activesupport/lib/active_support/notifications/fanout.rb b/activesupport/lib/active_support/notifications/fanout.rb index a9aa5464e9..4c1b7b2784 100644 --- a/activesupport/lib/active_support/notifications/fanout.rb +++ b/activesupport/lib/active_support/notifications/fanout.rb @@ -9,15 +9,14 @@ module ActiveSupport end def subscribe(pattern = nil, block = Proc.new) - subscriber = Subscriber.new(pattern, block).tap do |s| - @subscribers << s - end + subscriber = Subscriber.new(pattern, block) + @subscribers << subscriber @listeners_for.clear subscriber end def unsubscribe(subscriber) - @subscribers.reject! {|s| s.matches?(subscriber)} + @subscribers.reject! { |s| s.matches?(subscriber) } @listeners_for.clear end diff --git a/activesupport/lib/active_support/notifications/instrumenter.rb b/activesupport/lib/active_support/notifications/instrumenter.rb index 3941c285a2..547df5c731 100644 --- a/activesupport/lib/active_support/notifications/instrumenter.rb +++ b/activesupport/lib/active_support/notifications/instrumenter.rb @@ -1,5 +1,3 @@ -require 'active_support/core_ext/module/delegation' - module ActiveSupport module Notifications class Instrumenter diff --git a/activesupport/lib/active_support/railtie.rb b/activesupport/lib/active_support/railtie.rb index f696716cc8..d1c62c5087 100644 --- a/activesupport/lib/active_support/railtie.rb +++ b/activesupport/lib/active_support/railtie.rb @@ -8,30 +8,6 @@ module ActiveSupport initializer "active_support.deprecation_behavior" do |app| if deprecation = app.config.active_support.deprecation ActiveSupport::Deprecation.behavior = deprecation - else - defaults = {"development" => :log, - "production" => :notify, - "test" => :stderr} - - env = Rails.env - - if defaults.key?(env) - msg = "You did not specify how you would like Rails to report " \ - "deprecation notices for your #{env} environment, please " \ - "set config.active_support.deprecation to :#{defaults[env]} " \ - "at config/environments/#{env}.rb" - - warn msg - ActiveSupport::Deprecation.behavior = defaults[env] - else - msg = "You did not specify how you would like Rails to report " \ - "deprecation notices for your #{env} environment, please " \ - "set config.active_support.deprecation to :log, :notify or " \ - ":stderr at config/environments/#{env}.rb" - - warn msg - ActiveSupport::Deprecation.behavior = :stderr - end end end @@ -42,8 +18,7 @@ module ActiveSupport zone_default = Time.find_zone!(app.config.time_zone) unless zone_default - raise \ - 'Value assigned to config.time_zone not recognized.' + + raise 'Value assigned to config.time_zone not recognized. ' \ 'Run "rake -D time" for a list of tasks for finding appropriate time zone names.' end diff --git a/activesupport/test/file_update_checker_test.rb b/activesupport/test/file_update_checker_test.rb index dd2483287b..066db7c0f9 100644 --- a/activesupport/test/file_update_checker_test.rb +++ b/activesupport/test/file_update_checker_test.rb @@ -1,5 +1,6 @@ require 'abstract_unit' require 'fileutils' +require 'thread' MTIME_FIXTURES_PATH = File.expand_path("../fixtures", __FILE__) @@ -79,4 +80,18 @@ class FileUpdateCheckerWithEnumerableTest < ActiveSupport::TestCase assert !checker.execute_if_updated assert_equal 0, i end + + def test_should_not_block_if_a_strange_filename_used + FileUtils.mkdir_p("tmp_watcher/valid,yetstrange,path,") + FileUtils.touch(FILES.map { |file_name| "tmp_watcher/valid,yetstrange,path,/#{file_name}" }) + + test = Thread.new do + ActiveSupport::FileUpdateChecker.new([],"tmp_watcher/valid,yetstrange,path," => :txt) { i += 1 } + Thread.exit + end + test.priority = -1 + test.join(5) + + assert !test.alive? + end end diff --git a/railties/guides/source/api_app.textile b/railties/guides/source/api_app.textile deleted file mode 100644 index 6bc317955a..0000000000 --- a/railties/guides/source/api_app.textile +++ /dev/null @@ -1,273 +0,0 @@ -h2. Using Rails for API-only Apps - -In this guide you will learn: - -* What Rails provides for API-only applications -* How to configure Rails to start without any browser features -* How to decide which middlewares you will want to include -* How to decide which modules to use in your controller - -NOTE: This guide reflects features that have not yet been fully implemented. Docs first :) - -endprologue. - -h3. What is an API app? - -Traditionally, when people said that they used Rails as an "API", they meant providing a programmatically accessible API alongside their web application. -For example, GitHub provides "an API":http://developer.github.com that you can use from your own custom clients. - -With the advent of client-side frameworks, more developers are using Rails to build a backend that is shared between their web application and other native applications. - -For example, Twitter uses its "public API":https://dev.twitter.com in its web application, which is built as a static site that consumes JSON resources. - -Instead of using Rails to generate dynamic HTML that will communicate with the server through forms and links, many developers are treating their web application as just another client, delivered as static HTML, CSS and JavaScript, and consuming a simple JSON API - -This guide covers building a Rails application that serves JSON resources to an API client *or* client-side framework. - -h3. Why use Rails for JSON APIs? - -The first question a lot of people have when thinking about building a JSON API using Rails is: "isn't using Rails to spit out some JSON overkill? Shouldn't I just use something like Sinatra?" - -For very simple APIs, this may be true. However, even in very HTML-heavy applications, most of an application's logic is actually outside of the view layer. - -The reason most people use Rails is that it provides a set of defaults that allows us to get up and running quickly without having to make a lot of trivial decisions. - -Let's take a look at some of the things that Rails provides out of the box that are still applicable to API applications. - -Handled at the middleware layer: - -* Reloading: Rails applications support transparent reloading. This works even if your application gets big and restarting the server for every request becomes non-viable. -* Development Mode: Rails application come with smart defaults for development, making development pleasant without compromising production-time performance. -* Test Mode: Ditto test mode. -* Logging: Rails applications log every request, with a level of verbosity appropriate for the current mode. Rails logs in development include information about the request environment, database queries, and basic performance information. -* Security: Rails detects and thwarts "IP spoofing attacks":http://en.wikipedia.org/wiki/IP_address_spoofing and handles cryptographic signatures in a "timing attack":http://en.wikipedia.org/wiki/Timing_attack aware way. Don't know what an IP spoofing attack or a timing attack is? Exactly. -* Parameter Parsing: Want to specify your parameters as JSON instead of as a URL-encoded String? No problem. Rails will decode the JSON for you and make it available in +params+. Want to use nested URL-encoded params? That works too. -* Conditional GETs: Rails handles conditional +GET+, (+ETag+ and +Last-Modified+), processing request headers and returning the correct response headers and status code. All you need to do is use the "stale?":http://api.rubyonrails.org/classes/ActionController/ConditionalGet.html#method-i-stale-3F check in your controller, and Rails will handle all of the HTTP details for you. -* Caching: If you use +dirty?+ with public cache control, Rails will automatically cache your responses. You can easily configure the cache store. -* HEAD requests: Rails will transparently convert +HEAD+ requests into +GET+ requests, and return just the headers on the way out. This makes +HEAD+ work reliably in all Rails APIs. - -While you could obviously build these up in terms of existing Rack middlewares, I think this list demonstrates that the default Rails middleware stack provides a lot of value, even if you're "just generating JSON". - -Handled at the ActionPack layer: - -* Resourceful Routing: If you're building a RESTful JSON API, you want to be using the Rails router. Clean and conventional mapping from HTTP to controllers means not having to spend time thinking about how to model your API in terms of HTTP. -* URL Generation: The flip side of routing is URL generation. A good API based on HTTP includes URLs (see "the GitHub gist API":http://developer.github.com/v3/gists/ for an example). -* Header and Redirection Responses: +head :no_content+ and +redirect_to user_url(current_user)+ come in handy. Sure, you could manually add the response headers, but why? -* Caching: Rails provides page, action and fragment caching. Fragment caching is especially helpful when building up a nested JSON object. -* Basic, Digest and Token Authentication: Rails comes with out-of-the-box support for three kinds of HTTP authentication. -* Instrumentation: Rails 3.0 added an instrumentation API that will trigger registered handlers for a variety of events, such as action processing, sending a file or data, redirection, and database queries. The payload of each event comes with relevant information (for the action processing event, the payload includes the controller, action, params, request format, request method and the request's full path). -* Generators: This may be passé for advanced Rails users, but it can be nice to generate a resource and get your model, controller, test stubs, and routes created for you in a single command. -* Plugins: Many third-party libraries come with support for Rails that reduces or eliminates the cost of setting up and gluing together the library and the web framework. This includes things like overriding default generators, adding rake tasks, and honoring Rails choices (like the logger and cache backend). - -Of course, the Rails boot process also glues together all registered components. For example, the Rails boot process is what uses your +config/database.yml+ file when configuring ActiveRecord. - -**The short version is**: you may not have thought about which parts of Rails are still applicable even if you remove the view layer, but the answer turns out to be "most of it". - -h3. The Basic Configuration - -If you're building a Rails application that will be an API server first and foremost, you can start with a more limited subset of Rails and add in features as needed. - -You can generate a new bare Rails app: - -<shell> -$ rails new my_api --http -</shell> - -This will do three main things for you: - -* Configure your application to start with a more limited set of middleware than normal. Specifically, it will not include any middleware primarily useful for browser applications (like cookie support) by default. -* Make +ApplicationController+ inherit from +ActionController::HTTP+ instead of +ActionController::Base+. As with middleware, this will leave out any +ActionController+ modules that provide functionality primarily used by browser applications. -* Configure the generators to skip generating views, helpers and assets when you generate a new resource. - -If you want to take an existing app and make it an API app, follow the following steps. - -In +config/application.rb+ add the following lines at the top of the +Application+ class: - -<ruby> -config.middleware.http_only! -config.generators.http_only! -</ruby> - -Change +app/controllers/application_controller.rb+: - -<ruby> -# instead of -class ApplicationController < ActionController::Base -end - -# do -class ApplicationController < ActionController::HTTP -end -</ruby> - -h3. Choosing Middlewares - -An API application comes with the following middlewares by default. - -* +Rack::Cache+: Caches responses with public +Cache-Control+ headers using HTTP caching semantics. See below for more information. -* +Rack::Sendfile+: Uses a front-end server's file serving support from your Rails application. -* +Rack::Lock+: If your application is not marked as threadsafe (+config.threadsafe!+), this middleware will add a mutex around your requests. -* +ActionDispatch::RequestId+: -* +Rails::Rack::Logger+: -* +Rack::Runtime+: Adds a header to the response listing the total runtime of the request. -* +ActionDispatch::ShowExceptions+: Rescue exceptions and re-dispatch them to an exception handling application -* +ActionDispatch::DebugExceptions+: Log exceptions -* +ActionDispatch::RemoteIp+: Protect against IP spoofing attacks -* +ActionDispatch::Reloader+: In development mode, support code reloading. -* +ActionDispatch::ParamsParser+: Parse XML, YAML and JSON parameters when the request's +Content-Type+ is one of those. -* +ActionDispatch::Head+: Dispatch +HEAD+ requests as +GET+ requests, and return only the status code and headers. -* +Rack::ConditionalGet+: Supports the +stale?+ feature in Rails controllers. -* +Rack::ETag+: Automatically set an +ETag+ on all string responses. This means that if the same response is returned from a controller for the same URL, the server will return a +304 Not Modified+, even if no additional caching steps are taken. This is primarily a client-side optimization; it reduces bandwidth costs but not server processing time. - -Other plugins, including +ActiveRecord+, may add additional middlewares. In general, these middlewares are agnostic to the type of app you are building, and make sense in an API-only Rails application. - -You can get a list of all middlewares in your application via: - -<shell> -$ rake middleware -</shell> - -h4. Using Rack::Cache - -When used with Rails, +Rack::Cache+ uses the Rails cache store for its entity and meta stores. This means that if you use memcache, for your Rails app, for instance, the built-in HTTP cache will use memcache. - -To make use of +Rack::Cache+, you will want to use +stale?+ in your controller. Here's an example of +stale?+ in use. - -<ruby> -def show - @post = Post.find(params[:id]) - - if stale?(:last_modified => @post.updated_at) - render json: @post - end -end -</ruby> - -The call to +stale?+ will compare the +If-Modified-Since+ header in the request with +@post.updated_at+. If the header is newer than the last modified, this action will return a +304 Not Modified+ response. Otherwise, it will render the response and include a +Last-Modified+ header with the response. - -Normally, this mechanism is used on a per-client basis. +Rack::Cache+ allows us to share this caching mechanism across clients. We can enable cross-client caching in the call to +stale?+ - -<ruby> -def show - @post = Post.find(params[:id]) - - if stale?(:last_modified => @post.updated_at, :public => true) - render json: @post - end -end -</ruby> - -This means that +Rack::Cache+ will store off +Last-Modified+ value for a URL in the Rails cache, and add an +If-Modified-Since+ header to any subsequent inbound requests for the same URL. - -Think of it as page caching using HTTP semantics. - -NOTE: The +Rack::Cache+ middleware is always outside of the +Rack::Lock+ mutex, even in single-threaded apps. - -h4. Using Rack::Sendfile - -When you use the +send_file+ method in a Rails controller, it sets the +X-Sendfile+ header. +Rack::Sendfile+ is responsible for actually sending the file. - -If your front-end server supports accelerated file sending, +Rack::Sendfile+ will offload the actual file sending work to the front-end server. - -You can configure the name of the header that your front-end server uses for this purposes using +config.action_dispatch.x_sendfile_header+ in the appropriate environment config file. - -You can learn more about how to use +Rack::Sendfile+ with popular front-ends in "the Rack::Sendfile documentation":http://rubydoc.info/github/rack/rack/master/Rack/Sendfile - -The values for popular servers once they are configured to support accelerated file sending: - -<ruby> -# Apache and lighttpd -config.action_dispatch.x_sendfile_header = "X-Sendfile" - -# nginx -config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" -</ruby> - -Make sure to configure your server to support these options following the instructions in the +Rack::Sendfile+ documentation. - -NOTE: The +Rack::Sendfile+ middleware is always outside of the +Rack::Lock+ mutex, even in single-threaded apps. - -h4. Using ActionDispatch::ParamsParser - -+ActionDispatch::ParamsParser+ will take parameters from the client in JSON and make them available in your controller as +params+. - -To use this, your client will need to make a request with JSON-encoded parameters and specify the +Content-Type+ as +application/json+. - -Here's an example in jQuery: - -<plain> -jQuery.ajax({ - type: 'POST', - url: '/people' - dataType: 'json', - contentType: 'application/json', - data: JSON.stringify({ person: { firstName: "Yehuda", lastName: "Katz" } }), - - success: function(json) { } -}); -</plain> - -+ActionDispatch::ParamsParser+ will see the +Content-Type+ and your params will be +{ :person => { :firstName => "Yehuda", :lastName => "Katz" } }+. - -h4. Other Middlewares - -Rails ships with a number of other middlewares that you might want to use in an API app, especially if one of your API clients is the browser: - -* +Rack::MethodOverride+: Allows the use of the +_method+ hack to route POST requests to other verbs. -* +ActionDispatch::Cookies+: Supports the +cookie+ method in +ActionController+, including support for signed and encrypted cookies. -* +ActionDispatch::Flash+: Supports the +flash+ mechanism in +ActionController+. -* +ActionDispatch::BestStandards+: Tells Internet Explorer to use the most standards-compliant available renderer. In production mode, if ChromeFrame is available, use ChromeFrame. -* Session Management: If a +config.session_store+ is supplied, this middleware makes the session available as the +session+ method in +ActionController+. - -Any of these middlewares can be adding via: - -<ruby> -config.middleware.use Rack::MethodOverride -</ruby> - -h4. Removing Middlewares - -If you don't want to use a middleware that is included by default in the API-only middleware set, you can remove it using +config.middleware.delete+: - -<ruby> -config.middleware.delete ::Rack::Sendfile -</ruby> - -Keep in mind that removing these features may remove support for certain features in +ActionController+. - -h3. Choosing Controller Modules - -An API application (using +ActionController::HTTP+) comes with the following controller modules by default: - -* +ActionController::UrlFor+: Makes +url_for+ and friends available -* +ActionController::Redirecting+: Support for +redirect_to+ -* +ActionController::Rendering+: Basic support for rendering -* +ActionController::Renderers::All+: Support for +render :json+ and friends -* +ActionController::ConditionalGet+: Support for +stale?+ -* +ActionController::ForceSSL+: Support for +force_ssl+ -* +ActionController::RackDelegation+: Support for the +request+ and +response+ methods returning +ActionDispatch::Request+ and +ActionDispatch::Response+ objects. -* +ActionController::DataStreaming+: Support for +send_file+ and +send_data+ -* +AbstractController::Callbacks+: Support for +before_filter+ and friends -* +ActionController::Instrumentation+: Support for the instrumentation hooks defined by +ActionController+ (see "the source":https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/instrumentation.rb for more). -* +ActionController::Rescue+: Support for +rescue_from+. - -Other plugins may add additional modules. You can get a list of all modules included into +ActionController::HTTP+ in the rails console: - -<shell> -$ irb ->> ActionController::HTTP.ancestors - ActionController::Metal.ancestors -</shell> - -h4. Adding Other Modules - -All ActionController modules know about their dependent modules, so you can feel free to include any modules into your controllers, and all dependencies will be included and set up as well. - -Some common modules you might want to add: - -* +AbstractController::Translation+: Support for the +l+ and +t+ localization and translation methods. These delegate to +I18n.translate+ and +I18n.localize+. -* +ActionController::HTTPAuthentication::Basic+ (or +Digest+ or +Token): Support for basic, digest or token HTTP authentication. -* +AbstractController::Layouts+: Support for layouts when rendering. -* +ActionController::MimeResponds+: Support for content negotiation (+respond_to+, +respond_with+). -* +ActionController::Cookies+: Support for +cookies+, which includes support for signed and encrypted cookies. This requires the cookie middleware. - -The best place to add a module is in your +ApplicationController+. You can also add modules to individual controllers. diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 3191fe68a7..8d64aff430 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -239,7 +239,7 @@ module Rails middleware.use ::Rack::Lock unless config.allow_concurrency middleware.use ::Rack::Runtime - middleware.use ::Rack::MethodOverride unless config.middleware.http_only? + middleware.use ::Rack::MethodOverride middleware.use ::ActionDispatch::RequestId middleware.use ::Rails::Rack::Logger, config.log_tags # must come after Rack::MethodOverride to properly log overridden methods middleware.use ::ActionDispatch::ShowExceptions, config.exceptions_app || ActionDispatch::PublicExceptions.new(Rails.public_path) @@ -252,9 +252,9 @@ module Rails end middleware.use ::ActionDispatch::Callbacks - middleware.use ::ActionDispatch::Cookies unless config.middleware.http_only? + middleware.use ::ActionDispatch::Cookies - if !config.middleware.http_only? && config.session_store + if config.session_store if config.force_ssl && !config.session_options.key?(:secure) config.session_options[:secure] = true end @@ -267,7 +267,7 @@ module Rails middleware.use ::Rack::ConditionalGet middleware.use ::Rack::ETag, "no-cache" - if !config.middleware.http_only? && config.action_dispatch.best_standards_support + if config.action_dispatch.best_standards_support middleware.use ::ActionDispatch::BestStandardsSupport, config.action_dispatch.best_standards_support end end diff --git a/railties/lib/rails/configuration.rb b/railties/lib/rails/configuration.rb index d8185bcb34..d8ca6cbd21 100644 --- a/railties/lib/rails/configuration.rb +++ b/railties/lib/rails/configuration.rb @@ -33,27 +33,9 @@ module Rails # # config.middleware.delete ActionDispatch::BestStandardsSupport # - # In addition to these methods to handle the stack, if your application is - # going to be used as an API endpoint only, the middleware stack can be - # configured like this: - # - # config.middleware.http_only! - # - # By doing this, Rails will create a smaller middleware stack, by not adding - # some middlewares that are usually useful for browser access only, such as - # Cookies, Session and Flash, BestStandardsSupport, and MethodOverride. You - # can always add any of them later manually if you want. class MiddlewareStackProxy def initialize @operations = [] - @http_only = false - end - - attr_reader :http_only - alias :http_only? :http_only - - def http_only! - @http_only = true end def insert_before(*args, &block) diff --git a/railties/lib/rails/engine.rb b/railties/lib/rails/engine.rb index 9629ac55c2..131d6e5711 100644 --- a/railties/lib/rails/engine.rb +++ b/railties/lib/rails/engine.rb @@ -561,7 +561,7 @@ module Rails initializer :add_view_paths do views = paths["app/views"].existent unless views.empty? - ActiveSupport.on_load(:action_controller){ prepend_view_path(views) } + ActiveSupport.on_load(:action_controller){ prepend_view_path(views) if respond_to?(:prepend_view_path) } ActiveSupport.on_load(:action_mailer){ prepend_view_path(views) } end end diff --git a/railties/lib/rails/generators.rb b/railties/lib/rails/generators.rb index cd277c5097..b9c1b01f54 100644 --- a/railties/lib/rails/generators.rb +++ b/railties/lib/rails/generators.rb @@ -70,7 +70,7 @@ module Rails hide_namespaces(*config.hidden_namespaces) end - def self.templates_path + def self.templates_path #:nodoc: @templates_path ||= [] end @@ -235,7 +235,7 @@ module Rails rails.delete("plugin_new") print_list("rails", rails) - hidden_namespaces.each {|n| groups.delete(n.to_s) } + hidden_namespaces.each { |n| groups.delete(n.to_s) } groups.sort.each { |b, n| print_list(b, n) } end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb deleted file mode 100644 index b3d6adad2a..0000000000 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb +++ /dev/null @@ -1,5 +0,0 @@ -class ApplicationController < ActionController::Base - # prevent CSRF attacks by raising an exception, - # if your application has an API, you'll probably need to use :reset_session - protect_from_forgery :with => :exception -end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt new file mode 100644 index 0000000000..3ddc86ae0a --- /dev/null +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt @@ -0,0 +1,5 @@ +class ApplicationController < ActionController::Base + # Prevent CSRF attacks by raising an exception. + # For APIs, you may want to use :reset_session instead. + protect_from_forgery :with => :exception +end
\ No newline at end of file diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb index 0560b5cade..c8a3c13b95 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/application.rb +++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb @@ -59,8 +59,8 @@ module <%= app_const_base %> # an exception. If set to true, then an ActiveRecord::DeleteRestrictionError exception would be # raised. If set to false, then an error will be added on the model instead. <%= comment_if :skip_active_record %>config.active_record.dependent_restrict_raises = false - <% unless options.skip_sprockets? -%> + # Enable the asset pipeline. config.assets.enabled = true diff --git a/railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt index 4356f14282..19cbf0e4f1 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/initializers/wrap_parameters.rb.tt @@ -5,7 +5,7 @@ # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. ActiveSupport.on_load(:action_controller) do - wrap_parameters format: [:json] + wrap_parameters format: [:json] if respond_to?(:wrap_parameters) end <%- unless options.skip_active_record? -%> diff --git a/railties/lib/rails/generators/rails/resource/resource_generator.rb b/railties/lib/rails/generators/rails/resource/resource_generator.rb index c7345f3cfb..7c7b289d19 100644 --- a/railties/lib/rails/generators/rails/resource/resource_generator.rb +++ b/railties/lib/rails/generators/rails/resource/resource_generator.rb @@ -14,9 +14,12 @@ module Rails class_option :actions, :type => :array, :banner => "ACTION ACTION", :default => [], :desc => "Actions for the resource controller" + class_option :http, :type => :boolean, :default => false, + :desc => "Generate resource with HTTP actions only" + def add_resource_route return if options[:actions].present? - route_config = regular_class_path.collect{|namespace| "namespace :#{namespace} do " }.join(" ") + route_config = regular_class_path.collect{ |namespace| "namespace :#{namespace} do " }.join(" ") route_config << "resources :#{file_name.pluralize}" route_config << " end" * regular_class_path.size route route_config diff --git a/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb b/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb index 2271c6f9c1..083eb49d65 100644 --- a/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb +++ b/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb @@ -10,8 +10,11 @@ module Rails class_option :orm, :banner => "NAME", :type => :string, :required => true, :desc => "ORM to generate the controller for" + class_option :http, :type => :boolean, :default => false, + :desc => "Generate controller with HTTP actions only" + def create_controller_files - template 'controller.rb', File.join('app/controllers', class_path, "#{controller_file_name}_controller.rb") + template "controller.rb", File.join('app/controllers', class_path, "#{controller_file_name}_controller.rb") end hook_for :template_engine, :test_framework, :as => :scaffold diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb index fd73835e1d..b95aea5f19 100644 --- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb +++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb @@ -46,10 +46,10 @@ class <%= controller_class_name %>Controller < ApplicationController respond_to do |format| if @<%= orm_instance.save %> format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully created.'" %> } - format.json { render json: <%= "@#{singular_table_name}" %>, :status: :created, location: <%= "@#{singular_table_name}" %> } + format.json { render json: <%= "@#{singular_table_name}" %>, status: :created, location: <%= "@#{singular_table_name}" %> } else format.html { render action: "new" } - format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity %> } + format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity } end end end diff --git a/railties/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb b/railties/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb index 37b9f7ef7d..9e76587a0d 100644 --- a/railties/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb +++ b/railties/lib/rails/generators/test_unit/scaffold/scaffold_generator.rb @@ -10,9 +10,12 @@ module TestUnit argument :attributes, :type => :array, :default => [], :banner => "field:type field:type" + class_option :http, :type => :boolean, :default => false, + :desc => "Generate functional test with HTTP actions only" + def create_test_files - template 'functional_test.rb', - File.join('test/functional', controller_class_path, "#{controller_file_name}_controller_test.rb") + template "functional_test.rb", + File.join("test/functional", controller_class_path, "#{controller_file_name}_controller_test.rb") end private diff --git a/railties/test/application/loading_test.rb b/railties/test/application/loading_test.rb index 0354c08067..9302443c98 100644 --- a/railties/test/application/loading_test.rb +++ b/railties/test/application/loading_test.rb @@ -95,7 +95,7 @@ class LoadingTest < ActiveSupport::TestCase assert_equal [ActiveRecord::SchemaMigration], ActiveRecord::Base.descendants end - test "initialize_cant_be_called_twice" do + test "initialize cant be called twice" do require "#{app_path}/config/environment" assert_raise(RuntimeError) { ::AppTemplate::Application.initialize! } end @@ -256,6 +256,35 @@ class LoadingTest < ActiveSupport::TestCase assert_equal "BODY", last_response.body end + test "AC load hooks can be used with metal" do + app_file "app/controllers/omg_controller.rb", <<-RUBY + begin + class OmgController < ActionController::Metal + ActiveSupport.run_load_hooks(:action_controller, self) + def show + self.response_body = ["OK"] + end + end + rescue => e + puts "Error loading metal: \#{e.class} \#{e.message}" + end + RUBY + + app_file "config/routes.rb", <<-RUBY + AppTemplate::Application.routes.draw do + match "/:controller(/:action)" + end + RUBY + + require "#{rails_root}/config/environment" + + require 'rack/test' + extend Rack::Test::Methods + + get '/omg/show' + assert_equal 'OK', last_response.body + end + protected def setup_ar! diff --git a/railties/test/application/middleware_test.rb b/railties/test/application/middleware_test.rb index e6f85918f6..2f62d978e3 100644 --- a/railties/test/application/middleware_test.rb +++ b/railties/test/application/middleware_test.rb @@ -52,36 +52,6 @@ module ApplicationTests ], middleware end - test "api middleware stack" do - add_to_config "config.middleware.http_only!" - add_to_config "config.force_ssl = true" - add_to_config "config.action_dispatch.x_sendfile_header = 'X-Sendfile'" - - boot! - - assert_equal [ - "Rack::SSL", - "Rack::Sendfile", - "ActionDispatch::Static", - "Rack::Lock", - "ActiveSupport::Cache::Strategy::LocalCache", - "Rack::Runtime", - "ActionDispatch::RequestId", - "Rails::Rack::Logger", - "ActionDispatch::ShowExceptions", - "ActionDispatch::DebugExceptions", - "ActionDispatch::RemoteIp", - "ActionDispatch::Reloader", - "ActionDispatch::Callbacks", - "ActiveRecord::ConnectionAdapters::ConnectionManagement", - "ActiveRecord::QueryCache", - "ActionDispatch::ParamsParser", - "ActionDispatch::Head", - "Rack::ConditionalGet", - "Rack::ETag" - ], middleware - end - test "Rack::Sendfile is not included by default" do boot! diff --git a/railties/test/application/rake_test.rb b/railties/test/application/rake_test.rb index fed9dce8e1..b6cbb10141 100644 --- a/railties/test/application/rake_test.rb +++ b/railties/test/application/rake_test.rb @@ -123,12 +123,13 @@ module ApplicationTests end def test_scaffold_tests_pass_by_default - content = Dir.chdir(app_path) do + output = Dir.chdir(app_path) do `rails generate scaffold user username:string password:string; bundle exec rake db:migrate db:test:clone test` end - assert_match(/\d+ tests, \d+ assertions, 0 failures, 0 errors/, content) + assert_match(/7 tests, 13 assertions, 0 failures, 0 errors/, output) + assert_no_match(/Errors running/, output) end def test_rake_dump_structure_should_respect_db_structure_env_variable diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 4db0cdc28e..27960c63e9 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -371,7 +371,6 @@ protected def action(*args, &block) silence(:stdout) { generator.send(*args, &block) } end - end class CustomAppGeneratorTest < Rails::Generators::TestCase diff --git a/railties/test/generators/shared_generator_tests.rb b/railties/test/generators/shared_generator_tests.rb index 14a20eddb8..92117855b7 100644 --- a/railties/test/generators/shared_generator_tests.rb +++ b/railties/test/generators/shared_generator_tests.rb @@ -91,21 +91,6 @@ module SharedGeneratorTests assert_match(/It works!/, capture(:stdout) { generator.invoke_all }) end - def test_template_raises_an_error_with_invalid_path - content = capture(:stderr){ run_generator([destination_root, "-m", "non/existant/path"]) } - assert_match(/The template \[.*\] could not be loaded/, content) - assert_match(/non\/existant\/path/, content) - end - - def test_template_is_executed_when_supplied - path = "http://gist.github.com/103208.txt" - template = %{ say "It works!" } - template.instance_eval "def read; self; end" # Make the string respond to read - - generator([destination_root], :template => path).expects(:open).with(path, 'Accept' => 'application/x-thor-template').returns(template) - assert_match(/It works!/, capture(:stdout) { generator.invoke_all }) - end - def test_template_is_executed_when_supplied_an_https_path path = "https://gist.github.com/103208.txt" template = %{ say "It works!" } diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index dc52c79fb5..ac4c2abfc8 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -116,7 +116,12 @@ module TestHelpers end end - add_to_config 'config.secret_token = "3b7cd727ee24e8444053437c36cc66c4"; config.session_store :cookie_store, :key => "_myapp_session"; config.active_support.deprecation = :log' + add_to_config <<-RUBY + config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + config.session_store :cookie_store, :key => "_myapp_session" + config.active_support.deprecation = :log + config.action_controller.allow_forgery_protection = false + RUBY end def teardown_app |