7 files changed, 172 insertions, 77 deletions

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 6985cec5f5..a0d8f552ac 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -110,6 +110,10 @@ module ActionDispatch
       env["action_dispatch.routes".freeze]
     end
 
+    def routes=(routes) # :nodoc:
+      env["action_dispatch.routes".freeze] = routes
+    end
+
     def original_script_name # :nodoc:
       env['ORIGINAL_SCRIPT_NAME'.freeze]
     end
@@ -118,6 +122,10 @@ module ActionDispatch
       env[_routes.env_key]
     end
 
+    def engine_script_name=(name) # :nodoc:
+      env[routes.env_key] = name.dup
+    end
+
     def request_method=(request_method) #:nodoc:
       if check_method(request_method)
         @request_method = env["REQUEST_METHOD"] = request_method
diff --git a/actionpack/lib/action_dispatch/http/upload.rb b/actionpack/lib/action_dispatch/http/upload.rb
index 540e11a4a0..a221f4c5af 100644
--- a/actionpack/lib/action_dispatch/http/upload.rb
+++ b/actionpack/lib/action_dispatch/http/upload.rb
@@ -28,7 +28,13 @@ module ActionDispatch
         raise(ArgumentError, ':tempfile is required') unless @tempfile
 
         @original_filename = hash[:filename]
-        @original_filename &&= @original_filename.encode "UTF-8"
+        if @original_filename
+          begin
+            @original_filename.encode!(Encoding::UTF_8)
+          rescue EncodingError
+            @original_filename.force_encoding(Encoding::UTF_8)
+          end
+        end
         @content_type      = hash[:type]
         @headers           = hash[:head]
       end
diff --git a/actionpack/lib/action_dispatch/journey/formatter.rb b/actionpack/lib/action_dispatch/journey/formatter.rb
index c0566c6fc9..d8bb10ffab 100644
--- a/actionpack/lib/action_dispatch/journey/formatter.rb
+++ b/actionpack/lib/action_dispatch/journey/formatter.rb
@@ -14,7 +14,7 @@ module ActionDispatch
 
       def generate(name, options, path_parameters, parameterize = nil)
         constraints = path_parameters.merge(options)
-        missing_keys = []
+        missing_keys = nil # need for variable scope
 
         match_route(name, constraints) do |route|
           parameterized_parts = extract_parameterized_parts(route, options, path_parameters, parameterize)
@@ -25,22 +25,22 @@ module ActionDispatch
           next unless name || route.dispatcher?
 
           missing_keys = missing_keys(route, parameterized_parts)
-          next unless missing_keys.empty?
+          next if missing_keys && !missing_keys.empty?
           params = options.dup.delete_if do |key, _|
             parameterized_parts.key?(key) || route.defaults.key?(key)
           end
 
           defaults       = route.defaults
           required_parts = route.required_parts
-          parameterized_parts.delete_if do |key, value|
-            value.to_s == defaults[key].to_s && !required_parts.include?(key)
+          parameterized_parts.keep_if do |key, value|
+            defaults[key].nil? || value.to_s != defaults[key].to_s || required_parts.include?(key)
           end
 
           return [route.format(parameterized_parts), params]
         end
 
         message = "No route matches #{Hash[constraints.sort_by{|k,v| k.to_s}].inspect}"
-        message << " missing required keys: #{missing_keys.sort.inspect}" unless missing_keys.empty?
+        message << " missing required keys: #{missing_keys.sort.inspect}" if missing_keys && !missing_keys.empty?
 
         raise ActionController::UrlGenerationError, message
       end
@@ -54,12 +54,12 @@ module ActionDispatch
         def extract_parameterized_parts(route, options, recall, parameterize = nil)
           parameterized_parts = recall.merge(options)
 
-          keys_to_keep = route.parts.reverse.drop_while { |part|
+          keys_to_keep = route.parts.reverse_each.drop_while { |part|
             !options.key?(part) || (options[part] || recall[part]).nil?
           } | route.required_parts
 
-          (parameterized_parts.keys - keys_to_keep).each do |bad_key|
-            parameterized_parts.delete(bad_key)
+          parameterized_parts.delete_if do |bad_key, _|
+            !keys_to_keep.include?(bad_key)
           end
 
           if parameterize
@@ -110,15 +110,36 @@ module ActionDispatch
           routes
         end
 
+        module RegexCaseComparator
+          DEFAULT_INPUT = /[-_.a-zA-Z0-9]+\/[-_.a-zA-Z0-9]+/
+          DEFAULT_REGEX = /\A#{DEFAULT_INPUT}\Z/
+
+          def self.===(regex)
+            DEFAULT_INPUT == regex
+          end
+        end
+
         # Returns an array populated with missing keys if any are present.
         def missing_keys(route, parts)
-          missing_keys = []
+          missing_keys = nil
           tests = route.path.requirements
           route.required_parts.each { |key|
-            if tests.key?(key)
-              missing_keys << key unless /\A#{tests[key]}\Z/ === parts[key]
+            case tests[key]
+            when nil
+              unless parts[key]
+                missing_keys ||= []
+                missing_keys << key
+              end
+            when RegexCaseComparator
+              unless RegexCaseComparator::DEFAULT_REGEX === parts[key]
+                missing_keys ||= []
+                missing_keys << key
+              end
             else
-              missing_keys << key unless parts[key]
+              unless /\A#{tests[key]}\Z/ === parts[key]
+                missing_keys ||= []
+                missing_keys << key
+              end
             end
           }
           missing_keys
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 07d97bd6bd..cf4f654ed6 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -8,8 +8,50 @@ require 'active_support/json'
 module ActionDispatch
   class Request < Rack::Request
     def cookie_jar
-      env['action_dispatch.cookies'] ||= Cookies::CookieJar.build(env, host, ssl?, cookies)
+      env['action_dispatch.cookies'.freeze] ||= Cookies::CookieJar.build(self, cookies)
     end
+
+    # :stopdoc:
+    def have_cookie_jar?
+      env.key? 'action_dispatch.cookies'.freeze
+    end
+
+    def cookie_jar=(jar)
+      env['action_dispatch.cookies'.freeze] = jar
+    end
+
+    def key_generator
+      env[Cookies::GENERATOR_KEY]
+    end
+
+    def signed_cookie_salt
+      env[Cookies::SIGNED_COOKIE_SALT]
+    end
+
+    def encrypted_cookie_salt
+      env[Cookies::ENCRYPTED_COOKIE_SALT]
+    end
+
+    def encrypted_signed_cookie_salt
+      env[Cookies::ENCRYPTED_SIGNED_COOKIE_SALT]
+    end
+
+    def secret_token
+      env[Cookies::SECRET_TOKEN]
+    end
+
+    def secret_key_base
+      env[Cookies::SECRET_KEY_BASE]
+    end
+
+    def cookies_serializer
+      env[Cookies::COOKIES_SERIALIZER]
+    end
+
+    def cookies_digest
+      env[Cookies::COOKIES_DIGEST]
+    end
+    # :startdoc:
   end
 
   # \Cookies are read and written through ActionController#cookies.
@@ -118,7 +160,7 @@ module ActionDispatch
       #   cookies.permanent.signed[:remember_me] = current_user.id
       #   # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
       def permanent
-        @permanent ||= PermanentCookieJar.new(self, @key_generator, @options)
+        @permanent ||= PermanentCookieJar.new(self)
       end
 
       # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -138,10 +180,10 @@ module ActionDispatch
       #   cookies.signed[:discount] # => 45
       def signed
         @signed ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacySignedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacySignedCookieJar.new(self)
           else
-            SignedCookieJar.new(self, @key_generator, @options)
+            SignedCookieJar.new(self)
           end
       end
 
@@ -161,10 +203,10 @@ module ActionDispatch
       #   cookies.encrypted[:discount] # => 45
       def encrypted
         @encrypted ||=
-          if @options[:upgrade_legacy_signed_cookies]
-            UpgradeLegacyEncryptedCookieJar.new(self, @key_generator, @options)
+          if upgrade_legacy_signed_cookies?
+            UpgradeLegacyEncryptedCookieJar.new(self)
           else
-            EncryptedCookieJar.new(self, @key_generator, @options)
+            EncryptedCookieJar.new(self)
           end
       end
 
@@ -172,12 +214,26 @@ module ActionDispatch
       # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
       def signed_or_encrypted
         @signed_or_encrypted ||=
-          if @options[:secret_key_base].present?
+          if request.secret_key_base.present?
             encrypted
           else
             signed
           end
       end
+
+      protected
+
+      def request; @parent_jar.request; end
+
+      private
+
+      def upgrade_legacy_signed_cookies?
+        request.secret_token.present? && request.secret_key_base.present?
+      end
+
+      def key_generator
+        request.key_generator
+      end
     end
 
     # Passing the ActiveSupport::MessageEncryptor::NullSerializer downstream
@@ -187,7 +243,7 @@ module ActionDispatch
     module VerifyAndUpgradeLegacySignedMessage # :nodoc:
       def initialize(*args)
         super
-        @legacy_verifier = ActiveSupport::MessageVerifier.new(@options[:secret_token], serializer: ActiveSupport::MessageEncryptor::NullSerializer)
+        @legacy_verifier = ActiveSupport::MessageVerifier.new(request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
       def verify_and_upgrade_legacy_signed_message(name, signed_message)
@@ -216,34 +272,18 @@ module ActionDispatch
       # $& => example.local
       DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
 
-      def self.options_for_env(env) #:nodoc:
-        { signed_cookie_salt: env[SIGNED_COOKIE_SALT] || '',
-          encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT] || '',
-          encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '',
-          secret_token: env[SECRET_TOKEN],
-          secret_key_base: env[SECRET_KEY_BASE],
-          upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
-          serializer: env[COOKIES_SERIALIZER],
-          digest: env[COOKIES_DIGEST]
-        }
-      end
-
-      def self.build(env, host, secure, cookies)
-        key_generator = env[GENERATOR_KEY]
-        options = options_for_env env
-
-        new(key_generator, host, secure, options).tap do |hash|
+      def self.build(req, cookies)
+        new(req).tap do |hash|
           hash.update(cookies)
         end
       end
 
-      def initialize(key_generator, host = nil, secure = false, options = {})
-        @key_generator = key_generator
+      attr_reader :request
+
+      def initialize(request)
         @set_cookies = {}
         @delete_cookies = {}
-        @host = host
-        @secure = secure
-        @options = options
+        @request = request
         @cookies = {}
         @committed = false
       end
@@ -292,12 +332,12 @@ module ActionDispatch
 
           # if host is not ip and matches domain regexp
           # (ip confirms to domain regexp so we explicitly check for ip)
-          options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ domain_regexp)
+          options[:domain] = if (request.host !~ /^[\d.]+$/) && (request.host =~ domain_regexp)
             ".#{$&}"
           end
         elsif options[:domain].is_a? Array
           # if host matches one of the supplied domains without a dot in front of it
-          options[:domain] = options[:domain].find {|domain| @host.include? domain.sub(/^\./, '') }
+          options[:domain] = options[:domain].find {|domain| request.host.include? domain.sub(/^\./, '') }
         end
       end
 
@@ -356,27 +396,20 @@ module ActionDispatch
         @delete_cookies.each { |k, v| ::Rack::Utils.delete_cookie_header!(headers, k, v) }
       end
 
-      def recycle! #:nodoc:
-        @set_cookies = {}
-        @delete_cookies = {}
-      end
-
       mattr_accessor :always_write_cookie
       self.always_write_cookie = false
 
       private
         def write_cookie?(cookie)
-          @secure || !cookie[:secure] || always_write_cookie
+          request.ssl? || !cookie[:secure] || always_write_cookie
         end
     end
 
     class PermanentCookieJar #:nodoc:
       include ChainedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar)
         @parent_jar = parent_jar
-        @key_generator = key_generator
-        @options = options
       end
 
       def [](name)
@@ -410,7 +443,7 @@ module ActionDispatch
 
       protected
         def needs_migration?(value)
-          @options[:serializer] == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
+          request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
         end
 
         def serialize(value)
@@ -430,7 +463,7 @@ module ActionDispatch
         end
 
         def serializer
-          serializer = @options[:serializer] || :marshal
+          serializer = request.cookies_serializer || :marshal
           case serializer
           when :marshal
             Marshal
@@ -442,7 +475,7 @@ module ActionDispatch
         end
 
         def digest
-          @options[:digest] || 'SHA1'
+          request.cookies_digest || 'SHA1'
         end
     end
 
@@ -450,10 +483,9 @@ module ActionDispatch
       include ChainedCookieJars
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar)
         @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:signed_cookie_salt])
+        secret = key_generator.generate_key(request.signed_cookie_salt)
         @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
@@ -505,16 +537,16 @@ module ActionDispatch
       include ChainedCookieJars
       include SerializedCookieJars
 
-      def initialize(parent_jar, key_generator, options = {})
+      def initialize(parent_jar)
+        @parent_jar = parent_jar
+
         if ActiveSupport::LegacyKeyGenerator === key_generator
           raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " +
             "Read the upgrade documentation to learn more about this new config option."
         end
 
-        @parent_jar = parent_jar
-        @options = options
-        secret = key_generator.generate_key(@options[:encrypted_cookie_salt])
-        sign_secret = key_generator.generate_key(@options[:encrypted_signed_cookie_salt])
+        secret = key_generator.generate_key(request.encrypted_cookie_salt || '')
+        sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '')
         @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
       end
 
@@ -568,9 +600,12 @@ module ActionDispatch
     end
 
     def call(env)
+      request = ActionDispatch::Request.new env
+
       status, headers, body = @app.call(env)
 
-      if cookie_jar = env['action_dispatch.cookies']
+      if request.have_cookie_jar?
+        cookie_jar = request.cookie_jar
         unless cookie_jar.committed?
           cookie_jar.write(headers)
           if headers[HTTP_HEADER].respond_to?(:join)
diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb
index ec530c6e8a..64352d5742 100644
--- a/actionpack/lib/action_dispatch/routing/mapper.rb
+++ b/actionpack/lib/action_dispatch/routing/mapper.rb
@@ -443,6 +443,21 @@ module ActionDispatch
         #   dynamic segment used to generate the routes).
         #   You can access that segment from your controller using
         #   <tt>params[<:param>]</tt>.
+        #   In your router:
+        #
+        #      resources :user, param: :name
+        #
+        #   You can override <tt>ActiveRecord::Base#to_param</tt> of a related
+        #   model to constructe an URL.
+        #
+        #      class User < ActiveRecord::Base
+        #        def to_param  # overridden
+        #          name
+        #        end
+        #      end
+        #
+        #   user = User.find_by(name: 'Phusion')
+        #   user_path(user)  # => "/users/Phusion"
         #
         # [:path]
         #   The path prefix for the routes.
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index 0d1e81ec34..f3d7a234d7 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -267,9 +267,13 @@ module ActionDispatch
                 path_params -= controller_options.keys
                 path_params -= result.keys
               end
-              path_params -= inner_options.keys
-              path_params.take(args.size).each do |param|
-                result[param] = args.shift
+              inner_options.each do |key, _|
+                path_params.delete(key)
+              end
+
+              args.each_with_index do |arg, index|
+                param = path_params[index]
+                result[param] = arg if param
               end
             end
 
@@ -592,8 +596,8 @@ module ActionDispatch
 
         def initialize(named_route, options, recall, set)
           @named_route = named_route
-          @options     = options.dup
-          @recall      = recall.dup
+          @options     = options
+          @recall      = recall
           @set         = set
 
           normalize_recall!
@@ -615,7 +619,7 @@ module ActionDispatch
         def use_recall_for(key)
           if @recall[key] && (!@options.key?(key) || @options[key] == @recall[key])
             if !named_route_exists? || segment_keys.include?(key)
-              @options[key] = @recall.delete(key)
+              @options[key] = @recall[key]
             end
           end
         end
@@ -669,12 +673,18 @@ module ActionDispatch
 
         # Remove leading slashes from controllers
         def normalize_controller!
-          @options[:controller] = controller.sub(%r{^/}, ''.freeze) if controller
+          if controller
+            if controller.start_with?("/".freeze)
+              @options[:controller] = controller[1..-1]
+            else
+              @options[:controller] = controller
+            end
+          end
         end
 
         # Move 'index' action from options to recall
         def normalize_action!
-          if @options[:action] == 'index'
+          if @options[:action] == 'index'.freeze
             @recall[:action] = @options.delete(:action)
           end
         end
diff --git a/actionpack/lib/action_dispatch/testing/test_process.rb b/actionpack/lib/action_dispatch/testing/test_process.rb
index 494644cd46..c28d701b48 100644
--- a/actionpack/lib/action_dispatch/testing/test_process.rb
+++ b/actionpack/lib/action_dispatch/testing/test_process.rb
@@ -19,7 +19,7 @@ module ActionDispatch
     end
 
     def cookies
-      @cookie_jar ||= Cookies::CookieJar.build(@request.env, @request.host, @request.ssl?, @request.cookies)
+      @cookie_jar ||= Cookies::CookieJar.build(@request, @request.cookies)
     end
 
     def redirect_to_url