aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r--actionpack/lib/action_dispatch/http/headers.rb33
-rw-r--r--actionpack/lib/action_dispatch/http/mime_type.rb212
-rw-r--r--actionpack/lib/action_dispatch/http/mime_types.rb21
-rwxr-xr-xactionpack/lib/action_dispatch/http/request.rb531
-rw-r--r--actionpack/lib/action_dispatch/http/response.rb251
-rw-r--r--actionpack/lib/action_dispatch/http/status_codes.rb40
-rw-r--r--actionpack/lib/action_dispatch/middleware/failsafe.rb52
-rw-r--r--actionpack/lib/action_dispatch/middleware/params_parser.rb71
-rw-r--r--actionpack/lib/action_dispatch/middleware/reloader.rb14
-rw-r--r--actionpack/lib/action_dispatch/middleware/rewindable_input.rb19
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/abstract_store.rb181
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/cookie_store.rb221
-rw-r--r--actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb51
-rw-r--r--actionpack/lib/action_dispatch/middleware/stack.rb119
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack.rb89
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/adapter/camping.rb22
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/handler.rb37
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/request.rb37
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/basic.rb58
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb124
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb51
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb55
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb40
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/openid.rb480
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/builder.rb63
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/cascade.rb36
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/chunked.rb49
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/commonlogger.rb61
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/conditionalget.rb45
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_length.rb29
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_type.rb23
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/deflater.rb85
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/directory.rb153
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/file.rb88
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler.rb48
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/cgi.rb61
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/evented_mongrel.rb8
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/fastcgi.rb89
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/lsws.rb55
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/mongrel.rb84
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/scgi.rb59
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb8
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/thin.rb18
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/webrick.rb67
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/head.rb19
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lint.rb462
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lobster.rb65
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lock.rb16
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/methodoverride.rb27
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mime.rb204
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mock.rb160
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/recursive.rb57
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/reloader.rb64
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/request.rb241
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/response.rb179
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/abstract/id.rb142
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/cookie.rb91
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/memcache.rb109
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/pool.rb100
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showexceptions.rb349
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showstatus.rb106
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/static.rb38
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/urlmap.rb55
-rw-r--r--actionpack/lib/action_dispatch/vendor/rack-1.0/rack/utils.rb392
64 files changed, 6814 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/headers.rb b/actionpack/lib/action_dispatch/http/headers.rb
new file mode 100644
index 0000000000..2a41b4dbad
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/headers.rb
@@ -0,0 +1,33 @@
+require 'active_support/memoizable'
+
+module ActionDispatch
+ module Http
+ class Headers < ::Hash
+ extend ActiveSupport::Memoizable
+
+ def initialize(*args)
+ if args.size == 1 && args[0].is_a?(Hash)
+ super()
+ update(args[0])
+ else
+ super
+ end
+ end
+
+ def [](header_name)
+ if include?(header_name)
+ super
+ else
+ super(env_name(header_name))
+ end
+ end
+
+ private
+ # Converts a HTTP header name to an environment variable name.
+ def env_name(header_name)
+ "HTTP_#{header_name.upcase.gsub(/-/, '_')}"
+ end
+ memoize :env_name
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb
new file mode 100644
index 0000000000..02ad7f7d94
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/mime_type.rb
@@ -0,0 +1,212 @@
+require 'set'
+
+module Mime
+ SET = []
+ EXTENSION_LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
+ LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? }
+
+ def self.[](type)
+ Type.lookup_by_extension(type.to_s)
+ end
+
+ # Encapsulates the notion of a mime type. Can be used at render time, for example, with:
+ #
+ # class PostsController < ActionController::Base
+ # def show
+ # @post = Post.find(params[:id])
+ #
+ # respond_to do |format|
+ # format.html
+ # format.ics { render :text => post.to_ics, :mime_type => Mime::Type["text/calendar"] }
+ # format.xml { render :xml => @people.to_xml }
+ # end
+ # end
+ # end
+ class Type
+ @@html_types = Set.new [:html, :all]
+ cattr_reader :html_types
+
+ # These are the content types which browsers can generate without using ajax, flash, etc
+ # i.e. following a link, getting an image or posting a form. CSRF protection
+ # only needs to protect against these types.
+ @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text]
+ cattr_reader :browser_generated_types
+ attr_reader :symbol
+
+ @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml]
+ def self.unverifiable_types
+ ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller)
+ @@unverifiable_types
+ end
+
+ # A simple helper class used in parsing the accept header
+ class AcceptItem #:nodoc:
+ attr_accessor :order, :name, :q
+
+ def initialize(order, name, q=nil)
+ @order = order
+ @name = name.strip
+ q ||= 0.0 if @name == Mime::ALL # default wilcard match to end of list
+ @q = ((q || 1.0).to_f * 100).to_i
+ end
+
+ def to_s
+ @name
+ end
+
+ def <=>(item)
+ result = item.q <=> q
+ result = order <=> item.order if result == 0
+ result
+ end
+
+ def ==(item)
+ name == (item.respond_to?(:name) ? item.name : item)
+ end
+ end
+
+ class << self
+ def lookup(string)
+ LOOKUP[string]
+ end
+
+ def lookup_by_extension(extension)
+ EXTENSION_LOOKUP[extension]
+ end
+
+ # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for
+ # rendering different HTML versions depending on the user agent, like an iPhone.
+ def register_alias(string, symbol, extension_synonyms = [])
+ register(string, symbol, [], extension_synonyms, true)
+ end
+
+ def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false)
+ Mime.instance_eval { const_set symbol.to_s.upcase, Type.new(string, symbol, mime_type_synonyms) }
+
+ SET << Mime.const_get(symbol.to_s.upcase)
+
+ ([string] + mime_type_synonyms).each { |string| LOOKUP[string] = SET.last } unless skip_lookup
+ ([symbol.to_s] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext] = SET.last }
+ end
+
+ def parse(accept_header)
+ if accept_header !~ /,/
+ [Mime::Type.lookup(accept_header)]
+ else
+ # keep track of creation order to keep the subsequent sort stable
+ list = []
+ accept_header.split(/,/).each_with_index do |header, index|
+ params, q = header.split(/;\s*q=/)
+ if params
+ params.strip!
+ list << AcceptItem.new(index, params, q) unless params.empty?
+ end
+ end
+ list.sort!
+
+ # Take care of the broken text/xml entry by renaming or deleting it
+ text_xml = list.index("text/xml")
+ app_xml = list.index(Mime::XML.to_s)
+
+ if text_xml && app_xml
+ # set the q value to the max of the two
+ list[app_xml].q = [list[text_xml].q, list[app_xml].q].max
+
+ # make sure app_xml is ahead of text_xml in the list
+ if app_xml > text_xml
+ list[app_xml], list[text_xml] = list[text_xml], list[app_xml]
+ app_xml, text_xml = text_xml, app_xml
+ end
+
+ # delete text_xml from the list
+ list.delete_at(text_xml)
+
+ elsif text_xml
+ list[text_xml].name = Mime::XML.to_s
+ end
+
+ # Look for more specific XML-based types and sort them ahead of app/xml
+
+ if app_xml
+ idx = app_xml
+ app_xml_type = list[app_xml]
+
+ while(idx < list.length)
+ type = list[idx]
+ break if type.q < app_xml_type.q
+ if type.name =~ /\+xml$/
+ list[app_xml], list[idx] = list[idx], list[app_xml]
+ app_xml = idx
+ end
+ idx += 1
+ end
+ end
+
+ list.map! { |i| Mime::Type.lookup(i.name) }.uniq!
+ list
+ end
+ end
+ end
+
+ def initialize(string, symbol = nil, synonyms = [])
+ @symbol, @synonyms = symbol, synonyms
+ @string = string
+ end
+
+ def to_s
+ @string
+ end
+
+ def to_str
+ to_s
+ end
+
+ def to_sym
+ @symbol || @string.to_sym
+ end
+
+ def ===(list)
+ if list.is_a?(Array)
+ (@synonyms + [ self ]).any? { |synonym| list.include?(synonym) }
+ else
+ super
+ end
+ end
+
+ def ==(mime_type)
+ return false if mime_type.blank?
+ (@synonyms + [ self ]).any? do |synonym|
+ synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym
+ end
+ end
+
+ def =~(mime_type)
+ return false if mime_type.blank?
+ regexp = Regexp.new(Regexp.quote(mime_type.to_s))
+ (@synonyms + [ self ]).any? do |synonym|
+ synonym.to_s =~ regexp
+ end
+ end
+
+ # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See
+ # ActionController::RequestForgeryProtection.
+ def verify_request?
+ @@browser_generated_types.include?(to_sym)
+ end
+
+ def html?
+ @@html_types.include?(to_sym) || @string =~ /html/
+ end
+
+ private
+ def method_missing(method, *args)
+ if method.to_s =~ /(\w+)\?$/
+ $1.downcase.to_sym == to_sym
+ else
+ super
+ end
+ end
+ end
+end
+
+require 'action_dispatch/http/mime_types'
diff --git a/actionpack/lib/action_dispatch/http/mime_types.rb b/actionpack/lib/action_dispatch/http/mime_types.rb
new file mode 100644
index 0000000000..2d7fba1173
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/mime_types.rb
@@ -0,0 +1,21 @@
+# Build list of Mime types for HTTP responses
+# http://www.iana.org/assignments/media-types/
+
+Mime::Type.register "*/*", :all
+Mime::Type.register "text/plain", :text, [], %w(txt)
+Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml )
+Mime::Type.register "text/javascript", :js, %w( application/javascript application/x-javascript )
+Mime::Type.register "text/css", :css
+Mime::Type.register "text/calendar", :ics
+Mime::Type.register "text/csv", :csv
+Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml )
+Mime::Type.register "application/rss+xml", :rss
+Mime::Type.register "application/atom+xml", :atom
+Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml )
+
+Mime::Type.register "multipart/form-data", :multipart_form
+Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form
+
+# http://www.ietf.org/rfc/rfc4627.txt
+# http://www.json.org/JSONRequest.html
+Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest ) \ No newline at end of file
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
new file mode 100755
index 0000000000..523ab32b35
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -0,0 +1,531 @@
+require 'tempfile'
+require 'stringio'
+require 'strscan'
+
+require 'active_support/memoizable'
+
+module ActionDispatch
+ class Request < Rack::Request
+
+ %w[ AUTH_TYPE GATEWAY_INTERFACE
+ PATH_TRANSLATED REMOTE_HOST
+ REMOTE_IDENT REMOTE_USER REMOTE_ADDR
+ SERVER_NAME SERVER_PROTOCOL
+
+ HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING
+ HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM
+ HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env|
+ define_method(env.sub(/^HTTP_/n, '').downcase) do
+ @env[env]
+ end
+ end
+
+ def key?(key)
+ @env.key?(key)
+ end
+
+ HTTP_METHODS = %w(get head put post delete options)
+ HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h }
+
+ # Returns the true HTTP request \method as a lowercase symbol, such as
+ # <tt>:get</tt>. If the request \method is not listed in the HTTP_METHODS
+ # constant above, an UnknownHttpMethod exception is raised.
+ def request_method
+ @request_method ||= HTTP_METHOD_LOOKUP[super] || raise(ActionController::UnknownHttpMethod, "#{super}, accepted HTTP methods are #{HTTP_METHODS.to_sentence(:locale => :en)}")
+ end
+
+ # Returns the HTTP request \method used for action processing as a
+ # lowercase symbol, such as <tt>:post</tt>. (Unlike #request_method, this
+ # method returns <tt>:get</tt> for a HEAD request because the two are
+ # functionally equivalent from the application's perspective.)
+ def method
+ request_method == :head ? :get : request_method
+ end
+
+ # Is this a GET (or HEAD) request? Equivalent to <tt>request.method == :get</tt>.
+ def get?
+ method == :get
+ end
+
+ # Is this a POST request? Equivalent to <tt>request.method == :post</tt>.
+ def post?
+ request_method == :post
+ end
+
+ # Is this a PUT request? Equivalent to <tt>request.method == :put</tt>.
+ def put?
+ request_method == :put
+ end
+
+ # Is this a DELETE request? Equivalent to <tt>request.method == :delete</tt>.
+ def delete?
+ request_method == :delete
+ end
+
+ # Is this a HEAD request? Since <tt>request.method</tt> sees HEAD as <tt>:get</tt>,
+ # this \method checks the actual HTTP \method directly.
+ def head?
+ request_method == :head
+ end
+
+ # Provides access to the request's HTTP headers, for example:
+ #
+ # request.headers["Content-Type"] # => "text/plain"
+ def headers
+ Http::Headers.new(@env)
+ end
+
+ # Returns the content length of the request as an integer.
+ def content_length
+ super.to_i
+ end
+
+ # The MIME type of the HTTP request, such as Mime::XML.
+ #
+ # For backward compatibility, the post \format is extracted from the
+ # X-Post-Data-Format HTTP header if present.
+ def content_type
+ @content_type ||= begin
+ if @env['CONTENT_TYPE'] =~ /^([^,\;]*)/
+ Mime::Type.lookup($1.strip.downcase)
+ else
+ nil
+ end
+ end
+ end
+
+ # Returns the accepted MIME type for the request.
+ def accepts
+ @accepts ||= begin
+ header = @env['HTTP_ACCEPT'].to_s.strip
+
+ fallback = xhr? ? Mime::JS : Mime::HTML
+
+ if header.empty?
+ [content_type, fallback, Mime::ALL].compact
+ else
+ ret = Mime::Type.parse(header)
+ if ret.last == Mime::ALL
+ ret.insert(-2, fallback)
+ end
+ ret
+ end
+ end
+ end
+
+ def if_modified_since
+ if since = env['HTTP_IF_MODIFIED_SINCE']
+ Time.rfc2822(since) rescue nil
+ end
+ end
+
+ def if_none_match
+ env['HTTP_IF_NONE_MATCH']
+ end
+
+ def not_modified?(modified_at)
+ if_modified_since && modified_at && if_modified_since >= modified_at
+ end
+
+ def etag_matches?(etag)
+ if_none_match && if_none_match == etag
+ end
+
+ # Check response freshness (Last-Modified and ETag) against request
+ # If-Modified-Since and If-None-Match conditions. If both headers are
+ # supplied, both must match, or the request is not considered fresh.
+ def fresh?(response)
+ case
+ when if_modified_since && if_none_match
+ not_modified?(response.last_modified) && etag_matches?(response.etag)
+ when if_modified_since
+ not_modified?(response.last_modified)
+ when if_none_match
+ etag_matches?(response.etag)
+ else
+ false
+ end
+ end
+
+ ONLY_ALL = [Mime::ALL].freeze
+
+ # Returns the Mime type for the \format used in the request.
+ #
+ # GET /posts/5.xml | request.format => Mime::XML
+ # GET /posts/5.xhtml | request.format => Mime::HTML
+ # GET /posts/5 | request.format => Mime::HTML or MIME::JS, or request.accepts.first depending on the value of <tt>ActionController::Base.use_accept_header</tt>
+
+ def format(view_path = [])
+ @format ||=
+ if parameters[:format]
+ Mime[parameters[:format]]
+ elsif ActionController::Base.use_accept_header && !(accepts == ONLY_ALL)
+ accepts.first
+ elsif xhr? then Mime::JS
+ else Mime::HTML
+ end
+ end
+
+ def formats
+ @formats =
+ if ActionController::Base.use_accept_header
+ Array(Mime[parameters[:format]] || accepts)
+ else
+ [format]
+ end
+ end
+
+ # Sets the \format by string extension, which can be used to force custom formats
+ # that are not controlled by the extension.
+ #
+ # class ApplicationController < ActionController::Base
+ # before_filter :adjust_format_for_iphone
+ #
+ # private
+ # def adjust_format_for_iphone
+ # request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/]
+ # end
+ # end
+ def format=(extension)
+ parameters[:format] = extension.to_s
+ @format = Mime::Type.lookup_by_extension(parameters[:format])
+ end
+
+ # Returns a symbolized version of the <tt>:format</tt> parameter of the request.
+ # If no \format is given it returns <tt>:js</tt>for Ajax requests and <tt>:html</tt>
+ # otherwise.
+ def template_format
+ parameter_format = parameters[:format]
+
+ if parameter_format
+ parameter_format
+ elsif xhr?
+ :js
+ else
+ :html
+ end
+ end
+
+ def cache_format
+ parameters[:format]
+ end
+
+ # Returns true if the request's "X-Requested-With" header contains
+ # "XMLHttpRequest". (The Prototype Javascript library sends this header with
+ # every Ajax request.)
+ def xml_http_request?
+ !(@env['HTTP_X_REQUESTED_WITH'] !~ /XMLHttpRequest/i)
+ end
+ alias xhr? :xml_http_request?
+
+ # Which IP addresses are "trusted proxies" that can be stripped from
+ # the right-hand-side of X-Forwarded-For
+ TRUSTED_PROXIES = /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i
+
+ # Determines originating IP address. REMOTE_ADDR is the standard
+ # but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or
+ # HTTP_X_FORWARDED_FOR are set by proxies so check for these if
+ # REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma-
+ # delimited list in the case of multiple chained proxies; the last
+ # address which is not trusted is the originating IP.
+ def remote_ip
+ remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
+
+ unless remote_addr_list.blank?
+ not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+ return not_trusted_addrs.first unless not_trusted_addrs.empty?
+ end
+ remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
+
+ if @env.include? 'HTTP_CLIENT_IP'
+ if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
+ # We don't know which came from the proxy, and which from the user
+ raise ActionController::ActionControllerError.new(<<EOM)
+IP spoofing attack?!
+HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}
+HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}
+EOM
+ end
+
+ return @env['HTTP_CLIENT_IP']
+ end
+
+ if remote_ips
+ while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
+ remote_ips.pop
+ end
+
+ return remote_ips.last.strip
+ end
+
+ @env['REMOTE_ADDR']
+ end
+
+ # Returns the lowercase name of the HTTP server software.
+ def server_software
+ (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil
+ end
+
+ # Returns the complete URL used for this request.
+ def url
+ protocol + host_with_port + request_uri
+ end
+
+ # Returns 'https://' if this is an SSL request and 'http://' otherwise.
+ def protocol
+ ssl? ? 'https://' : 'http://'
+ end
+
+ # Is this an SSL request?
+ def ssl?
+ @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https'
+ end
+
+ # Returns the \host for this request, such as "example.com".
+ def raw_host_with_port
+ if forwarded = env["HTTP_X_FORWARDED_HOST"]
+ forwarded.split(/,\s?/).last
+ else
+ env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}"
+ end
+ end
+
+ # Returns the host for this request, such as example.com.
+ def host
+ raw_host_with_port.sub(/:\d+$/, '')
+ end
+
+ # Returns a \host:\port string for this request, such as "example.com" or
+ # "example.com:8080".
+ def host_with_port
+ "#{host}#{port_string}"
+ end
+
+ # Returns the port number of this request as an integer.
+ def port
+ if raw_host_with_port =~ /:(\d+)$/
+ $1.to_i
+ else
+ standard_port
+ end
+ end
+
+ # Returns the standard \port number for this request's protocol.
+ def standard_port
+ case protocol
+ when 'https://' then 443
+ else 80
+ end
+ end
+
+ # Returns a \port suffix like ":8080" if the \port number of this request
+ # is not the default HTTP \port 80 or HTTPS \port 443.
+ def port_string
+ port == standard_port ? '' : ":#{port}"
+ end
+
+ # Returns the \domain part of a \host, such as "rubyonrails.org" in "www.rubyonrails.org". You can specify
+ # a different <tt>tld_length</tt>, such as 2 to catch rubyonrails.co.uk in "www.rubyonrails.co.uk".
+ def domain(tld_length = 1)
+ return nil unless named_host?(host)
+
+ host.split('.').last(1 + tld_length).join('.')
+ end
+
+ # Returns all the \subdomains as an array, so <tt>["dev", "www"]</tt> would be
+ # returned for "dev.www.rubyonrails.org". You can specify a different <tt>tld_length</tt>,
+ # such as 2 to catch <tt>["www"]</tt> instead of <tt>["www", "rubyonrails"]</tt>
+ # in "www.rubyonrails.co.uk".
+ def subdomains(tld_length = 1)
+ return [] unless named_host?(host)
+ parts = host.split('.')
+ parts[0..-(tld_length+2)]
+ end
+
+ # Returns the query string, accounting for server idiosyncrasies.
+ def query_string
+ @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '')
+ end
+
+ # Returns the request URI, accounting for server idiosyncrasies.
+ # WEBrick includes the full URL. IIS leaves REQUEST_URI blank.
+ def request_uri
+ if uri = @env['REQUEST_URI']
+ # Remove domain, which webrick puts into the request_uri.
+ (%r{^\w+\://[^/]+(/.*|$)$} =~ uri) ? $1 : uri
+ else
+ # Construct IIS missing REQUEST_URI from SCRIPT_NAME and PATH_INFO.
+ uri = @env['PATH_INFO'].to_s
+
+ if script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$})
+ uri = uri.sub(/#{script_filename}\//, '')
+ end
+
+ env_qs = @env['QUERY_STRING'].to_s
+ uri += "?#{env_qs}" unless env_qs.empty?
+
+ if uri.blank?
+ @env.delete('REQUEST_URI')
+ else
+ @env['REQUEST_URI'] = uri
+ end
+ end
+ end
+
+ # Returns the interpreted \path to requested resource after all the installation
+ # directory of this application was taken into account.
+ def path
+ path = request_uri.to_s[/\A[^\?]*/]
+ path.sub!(/\A#{ActionController::Base.relative_url_root}/, '')
+ path
+ end
+
+ # Read the request \body. This is useful for web services that need to
+ # work with raw requests directly.
+ def raw_post
+ unless @env.include? 'RAW_POST_DATA'
+ @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i)
+ body.rewind if body.respond_to?(:rewind)
+ end
+ @env['RAW_POST_DATA']
+ end
+
+ # Returns both GET and POST \parameters in a single hash.
+ def parameters
+ @parameters ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access
+ end
+ alias_method :params, :parameters
+
+ def path_parameters=(parameters) #:nodoc:
+ @env["rack.routing_args"] = parameters
+ @symbolized_path_parameters = @parameters = nil
+ end
+
+ # The same as <tt>path_parameters</tt> with explicitly symbolized keys.
+ def symbolized_path_parameters
+ @symbolized_path_parameters ||= path_parameters.symbolize_keys
+ end
+
+ # Returns a hash with the \parameters used to form the \path of the request.
+ # Returned hash keys are strings:
+ #
+ # {'action' => 'my_action', 'controller' => 'my_controller'}
+ #
+ # See <tt>symbolized_path_parameters</tt> for symbolized keys.
+ def path_parameters
+ @env["rack.routing_args"] ||= {}
+ end
+
+ # The request body is an IO input stream. If the RAW_POST_DATA environment
+ # variable is already set, wrap it in a StringIO.
+ def body
+ if raw_post = @env['RAW_POST_DATA']
+ raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding)
+ StringIO.new(raw_post)
+ else
+ @env['rack.input']
+ end
+ end
+
+ def form_data?
+ FORM_DATA_MEDIA_TYPES.include?(content_type.to_s)
+ end
+
+ # Override Rack's GET method to support indifferent access
+ def GET
+ @env["action_controller.request.query_parameters"] ||= normalize_parameters(super)
+ end
+ alias_method :query_parameters, :GET
+
+ # Override Rack's POST method to support indifferent access
+ def POST
+ @env["action_controller.request.request_parameters"] ||= normalize_parameters(super)
+ end
+ alias_method :request_parameters, :POST
+
+ def body_stream #:nodoc:
+ @env['rack.input']
+ end
+
+ def session
+ @env['rack.session'] ||= {}
+ end
+
+ def session=(session) #:nodoc:
+ @env['rack.session'] = session
+ end
+
+ def reset_session
+ @env['rack.session.options'].delete(:id)
+ @env['rack.session'] = {}
+ end
+
+ def session_options
+ @env['rack.session.options'] ||= {}
+ end
+
+ def session_options=(options)
+ @env['rack.session.options'] = options
+ end
+
+ def server_port
+ @env['SERVER_PORT'].to_i
+ end
+
+ private
+ def named_host?(host)
+ !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host))
+ end
+
+ module UploadedFile
+ def self.extended(object)
+ object.class_eval do
+ attr_accessor :original_path, :content_type
+ alias_method :local_path, :path
+ end
+ end
+
+ # Take the basename of the upload's original filename.
+ # This handles the full Windows paths given by Internet Explorer
+ # (and perhaps other broken user agents) without affecting
+ # those which give the lone filename.
+ # The Windows regexp is adapted from Perl's File::Basename.
+ def original_filename
+ unless defined? @original_filename
+ @original_filename =
+ unless original_path.blank?
+ if original_path =~ /^(?:.*[:\\\/])?(.*)/m
+ $1
+ else
+ File.basename original_path
+ end
+ end
+ end
+ @original_filename
+ end
+ end
+
+ # Convert nested Hashs to HashWithIndifferentAccess and replace
+ # file upload hashs with UploadedFile objects
+ def normalize_parameters(value)
+ case value
+ when Hash
+ if value.has_key?(:tempfile)
+ upload = value[:tempfile]
+ upload.extend(UploadedFile)
+ upload.original_path = value[:filename]
+ upload.content_type = value[:type]
+ upload
+ else
+ h = {}
+ value.each { |k, v| h[k] = normalize_parameters(v) }
+ h.with_indifferent_access
+ end
+ when Array
+ value.map { |e| normalize_parameters(e) }
+ else
+ value
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/http/response.rb b/actionpack/lib/action_dispatch/http/response.rb
new file mode 100644
index 0000000000..ecf40b8103
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/response.rb
@@ -0,0 +1,251 @@
+require 'digest/md5'
+
+module ActionDispatch # :nodoc:
+ # Represents an HTTP response generated by a controller action. One can use
+ # an ActionController::Response object to retrieve the current state
+ # of the response, or customize the response. An Response object can
+ # either represent a "real" HTTP response (i.e. one that is meant to be sent
+ # back to the web browser) or a test response (i.e. one that is generated
+ # from integration tests). See CgiResponse and TestResponse, respectively.
+ #
+ # Response is mostly a Ruby on Rails framework implement detail, and
+ # should never be used directly in controllers. Controllers should use the
+ # methods defined in ActionController::Base instead. For example, if you want
+ # to set the HTTP response's content MIME type, then use
+ # ActionControllerBase#headers instead of Response#headers.
+ #
+ # Nevertheless, integration tests may want to inspect controller responses in
+ # more detail, and that's when Response can be useful for application
+ # developers. Integration test methods such as
+ # ActionController::Integration::Session#get and
+ # ActionController::Integration::Session#post return objects of type
+ # TestResponse (which are of course also of type Response).
+ #
+ # For example, the following demo integration "test" prints the body of the
+ # controller response to the console:
+ #
+ # class DemoControllerTest < ActionController::IntegrationTest
+ # def test_print_root_path_to_console
+ # get('/')
+ # puts @response.body
+ # end
+ # end
+ class Response < Rack::Response
+ DEFAULT_HEADERS = { "Cache-Control" => "no-cache" }
+ attr_accessor :request
+
+ attr_accessor :session, :assigns, :template, :layout
+ attr_accessor :redirected_to, :redirected_to_method_params
+
+ delegate :default_charset, :to => 'ActionController::Base'
+
+ def initialize
+ super
+ @header = Rack::Utils::HeaderHash.new(DEFAULT_HEADERS)
+ @session, @assigns = [], []
+ end
+
+ def body
+ str = ''
+ each { |part| str << part.to_s }
+ str
+ end
+
+ def body=(body)
+ @body =
+ if body.is_a?(String)
+ [body]
+ else
+ body
+ end
+ end
+
+ def body_parts
+ @body
+ end
+
+ def location; headers['Location'] end
+ def location=(url) headers['Location'] = url end
+
+
+ # Sets the HTTP response's content MIME type. For example, in the controller
+ # you could write this:
+ #
+ # response.content_type = "text/plain"
+ #
+ # If a character set has been defined for this response (see charset=) then
+ # the character set information will also be included in the content type
+ # information.
+ def content_type=(mime_type)
+ self.headers["Content-Type"] =
+ if mime_type =~ /charset/ || (c = charset).nil?
+ mime_type.to_s
+ else
+ "#{mime_type}; charset=#{c}"
+ end
+ end
+
+ # Returns the response's content MIME type, or nil if content type has been set.
+ def content_type
+ content_type = String(headers["Content-Type"] || headers["type"]).split(";")[0]
+ content_type.blank? ? nil : content_type
+ end
+
+ # Set the charset of the Content-Type header. Set to nil to remove it.
+ # If no content type is set, it defaults to HTML.
+ def charset=(charset)
+ headers["Content-Type"] =
+ if charset
+ "#{content_type || Mime::HTML}; charset=#{charset}"
+ else
+ content_type || Mime::HTML.to_s
+ end
+ end
+
+ def charset
+ charset = String(headers["Content-Type"] || headers["type"]).split(";")[1]
+ charset.blank? ? nil : charset.strip.split("=")[1]
+ end
+
+ def last_modified
+ if last = headers['Last-Modified']
+ Time.httpdate(last)
+ end
+ end
+
+ def last_modified?
+ headers.include?('Last-Modified')
+ end
+
+ def last_modified=(utc_time)
+ headers['Last-Modified'] = utc_time.httpdate
+ end
+
+ def etag
+ headers['ETag']
+ end
+
+ def etag?
+ headers.include?('ETag')
+ end
+
+ def etag=(etag)
+ if etag.blank?
+ headers.delete('ETag')
+ else
+ headers['ETag'] = %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(etag))}")
+ end
+ end
+
+ def redirect(url, status)
+ self.status = status
+ self.location = url.gsub(/[\r\n]/, '')
+ self.body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>"
+ end
+
+ def sending_file?
+ headers["Content-Transfer-Encoding"] == "binary"
+ end
+
+ def assign_default_content_type_and_charset!
+ self.content_type ||= Mime::HTML
+ self.charset ||= default_charset unless sending_file?
+ end
+
+ def prepare!
+ assign_default_content_type_and_charset!
+ handle_conditional_get!
+ set_content_length!
+ convert_content_type!
+ convert_language!
+ convert_cookies!
+ end
+
+ def each(&callback)
+ if @body.respond_to?(:call)
+ @writer = lambda { |x| callback.call(x) }
+ @body.call(self, self)
+ elsif @body.is_a?(String)
+ callback.call(@body)
+ else
+ @body.each(&callback)
+ end
+
+ @writer = callback
+ @block.call(self) if @block
+ end
+
+ def write(str)
+ str = str.to_s
+ @writer.call str
+ str
+ end
+
+ def set_cookie(key, value)
+ if value.has_key?(:http_only)
+ ActiveSupport::Deprecation.warn(
+ "The :http_only option in ActionController::Response#set_cookie " +
+ "has been renamed. Please use :httponly instead.", caller)
+ value[:httponly] ||= value.delete(:http_only)
+ end
+
+ super(key, value)
+ end
+
+ private
+ def handle_conditional_get!
+ if etag? || last_modified?
+ set_conditional_cache_control!
+ elsif nonempty_ok_response?
+ self.etag = body
+
+ if request && request.etag_matches?(etag)
+ self.status = '304 Not Modified'
+ self.body = []
+ end
+
+ set_conditional_cache_control!
+ end
+ end
+
+ def nonempty_ok_response?
+ ok = !status || status.to_s[0..2] == '200'
+ ok && string_body?
+ end
+
+ def string_body?
+ !body_parts.respond_to?(:call) && body_parts.any? && body_parts.all? { |part| part.is_a?(String) }
+ end
+
+ def set_conditional_cache_control!
+ if headers['Cache-Control'] == DEFAULT_HEADERS['Cache-Control']
+ headers['Cache-Control'] = 'private, max-age=0, must-revalidate'
+ end
+ end
+
+ def convert_content_type!
+ headers['Content-Type'] ||= "text/html"
+ headers['Content-Type'] += "; charset=" + headers.delete('charset') if headers['charset']
+ end
+
+ # Don't set the Content-Length for block-based bodies as that would mean
+ # reading it all into memory. Not nice for, say, a 2GB streaming file.
+ def set_content_length!
+ if status && status.to_s[0..2] == '204'
+ headers.delete('Content-Length')
+ elsif length = headers['Content-Length']
+ headers['Content-Length'] = length.to_s
+ elsif string_body? && (!status || status.to_s[0..2] != '304')
+ headers["Content-Length"] = Rack::Utils.bytesize(body).to_s
+ end
+ end
+
+ def convert_language!
+ headers["Content-Language"] = headers.delete("language") if headers["language"]
+ end
+
+ def convert_cookies!
+ headers['Set-Cookie'] = Array(headers['Set-Cookie']).compact
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/http/status_codes.rb b/actionpack/lib/action_dispatch/http/status_codes.rb
new file mode 100644
index 0000000000..830de2a6db
--- /dev/null
+++ b/actionpack/lib/action_dispatch/http/status_codes.rb
@@ -0,0 +1,40 @@
+module ActionDispatch
+ module StatusCodes #:nodoc:
+ STATUS_CODES = Rack::Utils::HTTP_STATUS_CODES.merge({
+ 102 => "Processing",
+ 207 => "Multi-Status",
+ 226 => "IM Used",
+ 422 => "Unprocessable Entity",
+ 423 => "Locked",
+ 424 => "Failed Dependency",
+ 426 => "Upgrade Required",
+ 507 => "Insufficient Storage",
+ 510 => "Not Extended"
+ }).freeze
+
+ # Provides a symbol-to-fixnum lookup for converting a symbol (like
+ # :created or :not_implemented) into its corresponding HTTP status
+ # code (like 200 or 501).
+ SYMBOL_TO_STATUS_CODE = STATUS_CODES.inject({}) { |hash, (code, message)|
+ hash[message.gsub(/ /, "").underscore.to_sym] = code
+ hash
+ }.freeze
+
+ private
+ # Given a status parameter, determine whether it needs to be converted
+ # to a string. If it is a fixnum, use the STATUS_CODES hash to lookup
+ # the default message. If it is a symbol, use the SYMBOL_TO_STATUS_CODE
+ # hash to convert it.
+ def interpret_status(status)
+ case status
+ when Fixnum then
+ "#{status} #{STATUS_CODES[status]}".strip
+ when Symbol then
+ interpret_status(SYMBOL_TO_STATUS_CODE[status] ||
+ "500 Unknown Status #{status.inspect}")
+ else
+ status.to_s
+ end
+ end
+ end
+end \ No newline at end of file
diff --git a/actionpack/lib/action_dispatch/middleware/failsafe.rb b/actionpack/lib/action_dispatch/middleware/failsafe.rb
new file mode 100644
index 0000000000..7379a696aa
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/failsafe.rb
@@ -0,0 +1,52 @@
+module ActionDispatch
+ class Failsafe
+ cattr_accessor :error_file_path
+ self.error_file_path = Rails.public_path if defined?(Rails.public_path)
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ @app.call(env)
+ rescue Exception => exception
+ # Reraise exception in test environment
+ if env["rack.test"]
+ raise exception
+ else
+ failsafe_response(exception)
+ end
+ end
+
+ private
+ def failsafe_response(exception)
+ log_failsafe_exception(exception)
+ [500, {'Content-Type' => 'text/html'}, failsafe_response_body]
+ rescue Exception => failsafe_error # Logger or IO errors
+ $stderr.puts "Error during failsafe response: #{failsafe_error}"
+ end
+
+ def failsafe_response_body
+ error_path = "#{self.class.error_file_path}/500.html"
+ if File.exist?(error_path)
+ File.read(error_path)
+ else
+ "<html><body><h1>500 Internal Server Error</h1></body></html>"
+ end
+ end
+
+ def log_failsafe_exception(exception)
+ message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: 500 Internal Server Error\n"
+ message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception
+ failsafe_logger.fatal(message)
+ end
+
+ def failsafe_logger
+ if defined?(Rails) && Rails.logger
+ Rails.logger
+ else
+ Logger.new($stderr)
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/params_parser.rb b/actionpack/lib/action_dispatch/middleware/params_parser.rb
new file mode 100644
index 0000000000..6df572268c
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/params_parser.rb
@@ -0,0 +1,71 @@
+module ActionDispatch
+ class ParamsParser
+ ActionController::Base.param_parsers[Mime::XML] = :xml_simple
+ ActionController::Base.param_parsers[Mime::JSON] = :json
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ if params = parse_formatted_parameters(env)
+ env["action_controller.request.request_parameters"] = params
+ end
+
+ @app.call(env)
+ end
+
+ private
+ def parse_formatted_parameters(env)
+ request = Request.new(env)
+
+ return false if request.content_length.zero?
+
+ mime_type = content_type_from_legacy_post_data_format_header(env) || request.content_type
+ strategy = ActionController::Base.param_parsers[mime_type]
+
+ return false unless strategy
+
+ case strategy
+ when Proc
+ strategy.call(request.raw_post)
+ when :xml_simple, :xml_node
+ body = request.raw_post
+ body.blank? ? {} : Hash.from_xml(body).with_indifferent_access
+ when :yaml
+ YAML.load(request.raw_post)
+ when :json
+ body = request.raw_post
+ if body.blank?
+ {}
+ else
+ data = ActiveSupport::JSON.decode(body)
+ data = {:_json => data} unless data.is_a?(Hash)
+ data.with_indifferent_access
+ end
+ else
+ false
+ end
+ rescue Exception => e # YAML, XML or Ruby code block errors
+ raise
+ { "body" => request.raw_post,
+ "content_type" => request.content_type,
+ "content_length" => request.content_length,
+ "exception" => "#{e.message} (#{e.class})",
+ "backtrace" => e.backtrace }
+ end
+
+ def content_type_from_legacy_post_data_format_header(env)
+ if x_post_format = env['HTTP_X_POST_DATA_FORMAT']
+ case x_post_format.to_s.downcase
+ when 'yaml'
+ return Mime::YAML
+ when 'xml'
+ return Mime::XML
+ end
+ end
+
+ nil
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/reloader.rb b/actionpack/lib/action_dispatch/middleware/reloader.rb
new file mode 100644
index 0000000000..67313e30e4
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/reloader.rb
@@ -0,0 +1,14 @@
+module ActionDispatch
+ class Reloader
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ ActionController::Dispatcher.reload_application
+ @app.call(env)
+ ensure
+ ActionController::Dispatcher.cleanup_application
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/rewindable_input.rb b/actionpack/lib/action_dispatch/middleware/rewindable_input.rb
new file mode 100644
index 0000000000..c818f28cce
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/rewindable_input.rb
@@ -0,0 +1,19 @@
+module ActionDispatch
+ class RewindableInput
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ begin
+ env['rack.input'].rewind
+ rescue NoMethodError, Errno::ESPIPE
+ # Handles exceptions raised by input streams that cannot be rewound
+ # such as when using plain CGI under Apache
+ env['rack.input'] = StringIO.new(env['rack.input'].read)
+ end
+
+ @app.call(env)
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
new file mode 100644
index 0000000000..6c039cf62d
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -0,0 +1,181 @@
+require 'rack/utils'
+
+module ActionDispatch
+ module Session
+ class AbstractStore
+ ENV_SESSION_KEY = 'rack.session'.freeze
+ ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze
+
+ HTTP_COOKIE = 'HTTP_COOKIE'.freeze
+ SET_COOKIE = 'Set-Cookie'.freeze
+
+ class SessionHash < Hash
+ def initialize(by, env)
+ super()
+ @by = by
+ @env = env
+ @loaded = false
+ end
+
+ def session_id
+ ActiveSupport::Deprecation.warn(
+ "ActionController::Session::AbstractStore::SessionHash#session_id " +
+ "has been deprecated. Please use request.session_options[:id] instead.", caller)
+ @env[ENV_SESSION_OPTIONS_KEY][:id]
+ end
+
+ def [](key)
+ load! unless @loaded
+ super
+ end
+
+ def []=(key, value)
+ load! unless @loaded
+ super
+ end
+
+ def to_hash
+ h = {}.replace(self)
+ h.delete_if { |k,v| v.nil? }
+ h
+ end
+
+ def data
+ ActiveSupport::Deprecation.warn(
+ "ActionController::Session::AbstractStore::SessionHash#data " +
+ "has been deprecated. Please use #to_hash instead.", caller)
+ to_hash
+ end
+
+ def inspect
+ load! unless @loaded
+ super
+ end
+
+ private
+ def loaded?
+ @loaded
+ end
+
+ def load!
+ stale_session_check! do
+ id, session = @by.send(:load_session, @env)
+ (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id
+ replace(session)
+ @loaded = true
+ end
+ end
+
+ def stale_session_check!
+ yield
+ rescue ArgumentError => argument_error
+ if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
+ begin
+ # Note that the regexp does not allow $1 to end with a ':'
+ $1.constantize
+ rescue LoadError, NameError => const_error
+ raise ActionController::SessionRestoreError, "Session contains objects whose class definition isn\\'t available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: \#{const_error.message} [\#{const_error.class}])\n"
+ end
+
+ retry
+ else
+ raise
+ end
+ end
+ end
+
+ DEFAULT_OPTIONS = {
+ :key => '_session_id',
+ :path => '/',
+ :domain => nil,
+ :expire_after => nil,
+ :secure => false,
+ :httponly => true,
+ :cookie_only => true
+ }
+
+ def initialize(app, options = {})
+ # Process legacy CGI options
+ options = options.symbolize_keys
+ if options.has_key?(:session_path)
+ options[:path] = options.delete(:session_path)
+ end
+ if options.has_key?(:session_key)
+ options[:key] = options.delete(:session_key)
+ end
+ if options.has_key?(:session_http_only)
+ options[:httponly] = options.delete(:session_http_only)
+ end
+
+ @app = app
+ @default_options = DEFAULT_OPTIONS.merge(options)
+ @key = @default_options[:key]
+ @cookie_only = @default_options[:cookie_only]
+ end
+
+ def call(env)
+ session = SessionHash.new(self, env)
+
+ env[ENV_SESSION_KEY] = session
+ env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
+
+ response = @app.call(env)
+
+ session_data = env[ENV_SESSION_KEY]
+ options = env[ENV_SESSION_OPTIONS_KEY]
+
+ if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+ session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
+
+ sid = options[:id] || generate_sid
+
+ unless set_session(env, sid, session_data.to_hash)
+ return response
+ end
+
+ cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid)
+ cookie << "; domain=#{options[:domain]}" if options[:domain]
+ cookie << "; path=#{options[:path]}" if options[:path]
+ if options[:expire_after]
+ expiry = Time.now + options[:expire_after]
+ cookie << "; expires=#{expiry.httpdate}"
+ end
+ cookie << "; Secure" if options[:secure]
+ cookie << "; HttpOnly" if options[:httponly]
+
+ headers = response[1]
+ unless headers[SET_COOKIE].blank?
+ headers[SET_COOKIE] << "\n#{cookie}"
+ else
+ headers[SET_COOKIE] = cookie
+ end
+ end
+
+ response
+ end
+
+ private
+ def generate_sid
+ ActiveSupport::SecureRandom.hex(16)
+ end
+
+ def load_session(env)
+ request = Rack::Request.new(env)
+ sid = request.cookies[@key]
+ unless @cookie_only
+ sid ||= request.params[@key]
+ end
+ sid, session = get_session(env, sid)
+ [sid, session]
+ end
+
+ def get_session(env, sid)
+ raise '#get_session needs to be implemented.'
+ end
+
+ def set_session(env, sid, session_data)
+ raise '#set_session needs to be implemented.'
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
new file mode 100644
index 0000000000..433c4cc070
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -0,0 +1,221 @@
+module ActionDispatch
+ module Session
+ # This cookie-based session store is the Rails default. Sessions typically
+ # contain at most a user_id and flash message; both fit within the 4K cookie
+ # size limit. Cookie-based sessions are dramatically faster than the
+ # alternatives.
+ #
+ # If you have more than 4K of session data or don't want your data to be
+ # visible to the user, pick another session store.
+ #
+ # CookieOverflow is raised if you attempt to store more than 4K of data.
+ #
+ # A message digest is included with the cookie to ensure data integrity:
+ # a user cannot alter his +user_id+ without knowing the secret key
+ # included in the hash. New apps are generated with a pregenerated secret
+ # in config/environment.rb. Set your own for old apps you're upgrading.
+ #
+ # Session options:
+ #
+ # * <tt>:secret</tt>: An application-wide key string or block returning a
+ # string called per generated digest. The block is called with the
+ # CGI::Session instance as an argument. It's important that the secret
+ # is not vulnerable to a dictionary attack. Therefore, you should choose
+ # a secret consisting of random numbers and letters and more than 30
+ # characters. Examples:
+ #
+ # :secret => '449fe2e7daee471bffae2fd8dc02313d'
+ # :secret => Proc.new { User.current_user.secret_key }
+ #
+ # * <tt>:digest</tt>: The message digest algorithm used to verify session
+ # integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
+ # such as 'MD5', 'RIPEMD160', 'SHA256', etc.
+ #
+ # To generate a secret key for an existing application, run
+ # "rake secret" and set the key in config/environment.rb.
+ #
+ # Note that changing digest or secret invalidates all existing sessions!
+ class CookieStore
+ # Cookies can typically store 4096 bytes.
+ MAX = 4096
+ SECRET_MIN_LENGTH = 30 # characters
+
+ DEFAULT_OPTIONS = {
+ :key => '_session_id',
+ :domain => nil,
+ :path => "/",
+ :expire_after => nil,
+ :httponly => true
+ }.freeze
+
+ ENV_SESSION_KEY = "rack.session".freeze
+ ENV_SESSION_OPTIONS_KEY = "rack.session.options".freeze
+ HTTP_SET_COOKIE = "Set-Cookie".freeze
+
+ # Raised when storing more than 4K of session data.
+ class CookieOverflow < StandardError; end
+
+ def initialize(app, options = {})
+ # Process legacy CGI options
+ options = options.symbolize_keys
+ if options.has_key?(:session_path)
+ options[:path] = options.delete(:session_path)
+ end
+ if options.has_key?(:session_key)
+ options[:key] = options.delete(:session_key)
+ end
+ if options.has_key?(:session_http_only)
+ options[:httponly] = options.delete(:session_http_only)
+ end
+
+ @app = app
+
+ # The session_key option is required.
+ ensure_session_key(options[:key])
+ @key = options.delete(:key).freeze
+
+ # The secret option is required.
+ ensure_secret_secure(options[:secret])
+ @secret = options.delete(:secret).freeze
+
+ @digest = options.delete(:digest) || 'SHA1'
+ @verifier = verifier_for(@secret, @digest)
+
+ @default_options = DEFAULT_OPTIONS.merge(options).freeze
+
+ freeze
+ end
+
+ def call(env)
+ env[ENV_SESSION_KEY] = AbstractStore::SessionHash.new(self, env)
+ env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup
+
+ status, headers, body = @app.call(env)
+
+ session_data = env[ENV_SESSION_KEY]
+ options = env[ENV_SESSION_OPTIONS_KEY]
+
+ if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after]
+ session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?)
+ session_data = marshal(session_data.to_hash)
+
+ raise CookieOverflow if session_data.size > MAX
+
+ cookie = Hash.new
+ cookie[:value] = session_data
+ unless options[:expire_after].nil?
+ cookie[:expires] = Time.now + options[:expire_after]
+ end
+
+ cookie = build_cookie(@key, cookie.merge(options))
+ unless headers[HTTP_SET_COOKIE].blank?
+ headers[HTTP_SET_COOKIE] << "\n#{cookie}"
+ else
+ headers[HTTP_SET_COOKIE] = cookie
+ end
+ end
+
+ [status, headers, body]
+ end
+
+ private
+ # Should be in Rack::Utils soon
+ def build_cookie(key, value)
+ case value
+ when Hash
+ domain = "; domain=" + value[:domain] if value[:domain]
+ path = "; path=" + value[:path] if value[:path]
+ # According to RFC 2109, we need dashes here.
+ # N.B.: cgi.rb uses spaces...
+ expires = "; expires=" + value[:expires].clone.gmtime.
+ strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires]
+ secure = "; secure" if value[:secure]
+ httponly = "; HttpOnly" if value[:httponly]
+ value = value[:value]
+ end
+ value = [value] unless Array === value
+ cookie = Rack::Utils.escape(key) + "=" +
+ value.map { |v| Rack::Utils.escape(v) }.join("&") +
+ "#{domain}#{path}#{expires}#{secure}#{httponly}"
+ end
+
+ def load_session(env)
+ request = Rack::Request.new(env)
+ session_data = request.cookies[@key]
+ data = unmarshal(session_data) || persistent_session_id!({})
+ [data[:session_id], data]
+ end
+
+ # Marshal a session hash into safe cookie data. Include an integrity hash.
+ def marshal(session)
+ @verifier.generate(persistent_session_id!(session))
+ end
+
+ # Unmarshal cookie data to a hash and verify its integrity.
+ def unmarshal(cookie)
+ persistent_session_id!(@verifier.verify(cookie)) if cookie
+ rescue ActiveSupport::MessageVerifier::InvalidSignature
+ nil
+ end
+
+ def ensure_session_key(key)
+ if key.blank?
+ raise ArgumentError, 'A key is required to write a ' +
+ 'cookie containing the session data. Use ' +
+ 'config.action_controller.session = { :key => ' +
+ '"_myapp_session", :secret => "some secret phrase" } in ' +
+ 'config/environment.rb'
+ end
+ end
+
+ # To prevent users from using something insecure like "Password" we make sure that the
+ # secret they've provided is at least 30 characters in length.
+ def ensure_secret_secure(secret)
+ # There's no way we can do this check if they've provided a proc for the
+ # secret.
+ return true if secret.is_a?(Proc)
+
+ if secret.blank?
+ raise ArgumentError, "A secret is required to generate an " +
+ "integrity hash for cookie session data. Use " +
+ "config.action_controller.session = { :key => " +
+ "\"_myapp_session\", :secret => \"some secret phrase of at " +
+ "least #{SECRET_MIN_LENGTH} characters\" } " +
+ "in config/environment.rb"
+ end
+
+ if secret.length < SECRET_MIN_LENGTH
+ raise ArgumentError, "Secret should be something secure, " +
+ "like \"#{ActiveSupport::SecureRandom.hex(16)}\". The value you " +
+ "provided, \"#{secret}\", is shorter than the minimum length " +
+ "of #{SECRET_MIN_LENGTH} characters"
+ end
+ end
+
+ def verifier_for(secret, digest)
+ key = secret.respond_to?(:call) ? secret.call : secret
+ ActiveSupport::MessageVerifier.new(key, digest)
+ end
+
+ def generate_sid
+ ActiveSupport::SecureRandom.hex(16)
+ end
+
+ def persistent_session_id!(data)
+ (data ||= {}).merge!(inject_persistent_session_id(data))
+ end
+
+ def inject_persistent_session_id(data)
+ requires_session_id?(data) ? { :session_id => generate_sid } : {}
+ end
+
+ def requires_session_id?(data)
+ if data
+ data.respond_to?(:key?) && !data.key?(:session_id)
+ else
+ true
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
new file mode 100644
index 0000000000..8f448970d9
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
@@ -0,0 +1,51 @@
+begin
+ require_library_or_gem 'memcache'
+
+ module ActionDispatch
+ module Session
+ class MemCacheStore < AbstractStore
+ def initialize(app, options = {})
+ # Support old :expires option
+ options[:expire_after] ||= options[:expires]
+
+ super
+
+ @default_options = {
+ :namespace => 'rack:session',
+ :memcache_server => 'localhost:11211'
+ }.merge(@default_options)
+
+ @pool = options[:cache] || MemCache.new(@default_options[:memcache_server], @default_options)
+ unless @pool.servers.any? { |s| s.alive? }
+ raise "#{self} unable to find server during initialization."
+ end
+ @mutex = Mutex.new
+
+ super
+ end
+
+ private
+ def get_session(env, sid)
+ sid ||= generate_sid
+ begin
+ session = @pool.get(sid) || {}
+ rescue MemCache::MemCacheError, Errno::ECONNREFUSED
+ session = {}
+ end
+ [sid, session]
+ end
+
+ def set_session(env, sid, session_data)
+ options = env['rack.session.options']
+ expiry = options[:expire_after] || 0
+ @pool.set(sid, session_data, expiry)
+ return true
+ rescue MemCache::MemCacheError, Errno::ECONNREFUSED
+ return false
+ end
+ end
+ end
+ end
+rescue LoadError
+ # MemCache wasn't available so neither can the store be
+end
diff --git a/actionpack/lib/action_dispatch/middleware/stack.rb b/actionpack/lib/action_dispatch/middleware/stack.rb
new file mode 100644
index 0000000000..ee5f28d5cb
--- /dev/null
+++ b/actionpack/lib/action_dispatch/middleware/stack.rb
@@ -0,0 +1,119 @@
+module ActionDispatch
+ class MiddlewareStack < Array
+ class Middleware
+ def self.new(klass, *args, &block)
+ if klass.is_a?(self)
+ klass
+ else
+ super
+ end
+ end
+
+ attr_reader :args, :block
+
+ def initialize(klass, *args, &block)
+ @klass = klass
+
+ options = args.extract_options!
+ if options.has_key?(:if)
+ @conditional = options.delete(:if)
+ else
+ @conditional = true
+ end
+ args << options unless options.empty?
+
+ @args = args
+ @block = block
+ end
+
+ def klass
+ if @klass.respond_to?(:call)
+ @klass.call
+ elsif @klass.is_a?(Class)
+ @klass
+ else
+ @klass.to_s.constantize
+ end
+ rescue NameError
+ @klass
+ end
+
+ def active?
+ return false unless klass
+
+ if @conditional.respond_to?(:call)
+ @conditional.call
+ else
+ @conditional
+ end
+ end
+
+ def ==(middleware)
+ case middleware
+ when Middleware
+ klass == middleware.klass
+ when Class
+ klass == middleware
+ else
+ klass == middleware.to_s.constantize
+ end
+ end
+
+ def inspect
+ str = klass.to_s
+ args.each { |arg| str += ", #{arg.inspect}" }
+ str
+ end
+
+ def build(app)
+ if block
+ klass.new(app, *build_args, &block)
+ else
+ klass.new(app, *build_args)
+ end
+ end
+
+ private
+
+ def build_args
+ Array(args).map { |arg| arg.respond_to?(:call) ? arg.call : arg }
+ end
+ end
+
+ def initialize(*args, &block)
+ super(*args)
+ block.call(self) if block_given?
+ end
+
+ def insert(index, *args, &block)
+ index = self.index(index) unless index.is_a?(Integer)
+ middleware = Middleware.new(*args, &block)
+ super(index, middleware)
+ end
+
+ alias_method :insert_before, :insert
+
+ def insert_after(index, *args, &block)
+ index = self.index(index) unless index.is_a?(Integer)
+ insert(index + 1, *args, &block)
+ end
+
+ def swap(target, *args, &block)
+ insert_before(target, *args, &block)
+ delete(target)
+ end
+
+ def use(*args, &block)
+ middleware = Middleware.new(*args, &block)
+ push(middleware)
+ end
+
+ def active
+ find_all { |middleware| middleware.active? }
+ end
+
+ def build(app)
+ active.reverse.inject(app) { |a, e| e.build(a) }
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack.rb
new file mode 100644
index 0000000000..6349b95094
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack.rb
@@ -0,0 +1,89 @@
+# Copyright (C) 2007, 2008, 2009 Christian Neukirchen <purl.org/net/chneukirchen>
+#
+# Rack is freely distributable under the terms of an MIT-style license.
+# See COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+$:.unshift(File.expand_path(File.dirname(__FILE__)))
+
+
+# The Rack main module, serving as a namespace for all core Rack
+# modules and classes.
+#
+# All modules meant for use in your application are <tt>autoload</tt>ed here,
+# so it should be enough just to <tt>require rack.rb</tt> in your code.
+
+module Rack
+ # The Rack protocol version number implemented.
+ VERSION = [0,1]
+
+ # Return the Rack protocol version as a dotted string.
+ def self.version
+ VERSION.join(".")
+ end
+
+ # Return the Rack release as a dotted string.
+ def self.release
+ "1.0 bundled"
+ end
+
+ autoload :Builder, "rack/builder"
+ autoload :Cascade, "rack/cascade"
+ autoload :Chunked, "rack/chunked"
+ autoload :CommonLogger, "rack/commonlogger"
+ autoload :ConditionalGet, "rack/conditionalget"
+ autoload :ContentLength, "rack/content_length"
+ autoload :ContentType, "rack/content_type"
+ autoload :File, "rack/file"
+ autoload :Deflater, "rack/deflater"
+ autoload :Directory, "rack/directory"
+ autoload :ForwardRequest, "rack/recursive"
+ autoload :Handler, "rack/handler"
+ autoload :Head, "rack/head"
+ autoload :Lint, "rack/lint"
+ autoload :Lock, "rack/lock"
+ autoload :MethodOverride, "rack/methodoverride"
+ autoload :Mime, "rack/mime"
+ autoload :Recursive, "rack/recursive"
+ autoload :Reloader, "rack/reloader"
+ autoload :ShowExceptions, "rack/showexceptions"
+ autoload :ShowStatus, "rack/showstatus"
+ autoload :Static, "rack/static"
+ autoload :URLMap, "rack/urlmap"
+ autoload :Utils, "rack/utils"
+
+ autoload :MockRequest, "rack/mock"
+ autoload :MockResponse, "rack/mock"
+
+ autoload :Request, "rack/request"
+ autoload :Response, "rack/response"
+
+ module Auth
+ autoload :Basic, "rack/auth/basic"
+ autoload :AbstractRequest, "rack/auth/abstract/request"
+ autoload :AbstractHandler, "rack/auth/abstract/handler"
+ autoload :OpenID, "rack/auth/openid"
+ module Digest
+ autoload :MD5, "rack/auth/digest/md5"
+ autoload :Nonce, "rack/auth/digest/nonce"
+ autoload :Params, "rack/auth/digest/params"
+ autoload :Request, "rack/auth/digest/request"
+ end
+ end
+
+ module Session
+ autoload :Cookie, "rack/session/cookie"
+ autoload :Pool, "rack/session/pool"
+ autoload :Memcache, "rack/session/memcache"
+ end
+
+ # *Adapters* connect Rack with third party web frameworks.
+ #
+ # Rack includes an adapter for Camping, see README for other
+ # frameworks supporting Rack in their code bases.
+ #
+ # Refer to the submodules for framework-specific calling details.
+
+ module Adapter
+ autoload :Camping, "rack/adapter/camping"
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/adapter/camping.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/adapter/camping.rb
new file mode 100644
index 0000000000..63bc787f54
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/adapter/camping.rb
@@ -0,0 +1,22 @@
+module Rack
+ module Adapter
+ class Camping
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ env["PATH_INFO"] ||= ""
+ env["SCRIPT_NAME"] ||= ""
+ controller = @app.run(env['rack.input'], env)
+ h = controller.headers
+ h.each_pair do |k,v|
+ if v.kind_of? URI
+ h[k] = v.to_s
+ end
+ end
+ [controller.status, controller.headers, [controller.body.to_s]]
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/handler.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/handler.rb
new file mode 100644
index 0000000000..214df6299e
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/handler.rb
@@ -0,0 +1,37 @@
+module Rack
+ module Auth
+ # Rack::Auth::AbstractHandler implements common authentication functionality.
+ #
+ # +realm+ should be set for all handlers.
+
+ class AbstractHandler
+
+ attr_accessor :realm
+
+ def initialize(app, realm=nil, &authenticator)
+ @app, @realm, @authenticator = app, realm, authenticator
+ end
+
+
+ private
+
+ def unauthorized(www_authenticate = challenge)
+ return [ 401,
+ { 'Content-Type' => 'text/plain',
+ 'Content-Length' => '0',
+ 'WWW-Authenticate' => www_authenticate.to_s },
+ []
+ ]
+ end
+
+ def bad_request
+ return [ 400,
+ { 'Content-Type' => 'text/plain',
+ 'Content-Length' => '0' },
+ []
+ ]
+ end
+
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/request.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/request.rb
new file mode 100644
index 0000000000..1d9ccec685
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/abstract/request.rb
@@ -0,0 +1,37 @@
+module Rack
+ module Auth
+ class AbstractRequest
+
+ def initialize(env)
+ @env = env
+ end
+
+ def provided?
+ !authorization_key.nil?
+ end
+
+ def parts
+ @parts ||= @env[authorization_key].split(' ', 2)
+ end
+
+ def scheme
+ @scheme ||= parts.first.downcase.to_sym
+ end
+
+ def params
+ @params ||= parts.last
+ end
+
+
+ private
+
+ AUTHORIZATION_KEYS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION']
+
+ def authorization_key
+ @authorization_key ||= AUTHORIZATION_KEYS.detect { |key| @env.has_key?(key) }
+ end
+
+ end
+
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/basic.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/basic.rb
new file mode 100644
index 0000000000..9557224648
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/basic.rb
@@ -0,0 +1,58 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/abstract/request'
+
+module Rack
+ module Auth
+ # Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617.
+ #
+ # Initialize with the Rack application that you want protecting,
+ # and a block that checks if a username and password pair are valid.
+ #
+ # See also: <tt>example/protectedlobster.rb</tt>
+
+ class Basic < AbstractHandler
+
+ def call(env)
+ auth = Basic::Request.new(env)
+
+ return unauthorized unless auth.provided?
+
+ return bad_request unless auth.basic?
+
+ if valid?(auth)
+ env['REMOTE_USER'] = auth.username
+
+ return @app.call(env)
+ end
+
+ unauthorized
+ end
+
+
+ private
+
+ def challenge
+ 'Basic realm="%s"' % realm
+ end
+
+ def valid?(auth)
+ @authenticator.call(*auth.credentials)
+ end
+
+ class Request < Auth::AbstractRequest
+ def basic?
+ :basic == scheme
+ end
+
+ def credentials
+ @credentials ||= params.unpack("m*").first.split(/:/, 2)
+ end
+
+ def username
+ credentials.first
+ end
+ end
+
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb
new file mode 100644
index 0000000000..e579dc9632
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb
@@ -0,0 +1,124 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/digest/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+require 'digest/md5'
+
+module Rack
+ module Auth
+ module Digest
+ # Rack::Auth::Digest::MD5 implements the MD5 algorithm version of
+ # HTTP Digest Authentication, as per RFC 2617.
+ #
+ # Initialize with the [Rack] application that you want protecting,
+ # and a block that looks up a plaintext password for a given username.
+ #
+ # +opaque+ needs to be set to a constant base64/hexadecimal string.
+ #
+ class MD5 < AbstractHandler
+
+ attr_accessor :opaque
+
+ attr_writer :passwords_hashed
+
+ def initialize(*args)
+ super
+ @passwords_hashed = nil
+ end
+
+ def passwords_hashed?
+ !!@passwords_hashed
+ end
+
+ def call(env)
+ auth = Request.new(env)
+
+ unless auth.provided?
+ return unauthorized
+ end
+
+ if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
+ return bad_request
+ end
+
+ if valid?(auth)
+ if auth.nonce.stale?
+ return unauthorized(challenge(:stale => true))
+ else
+ env['REMOTE_USER'] = auth.username
+
+ return @app.call(env)
+ end
+ end
+
+ unauthorized
+ end
+
+
+ private
+
+ QOP = 'auth'.freeze
+
+ def params(hash = {})
+ Params.new do |params|
+ params['realm'] = realm
+ params['nonce'] = Nonce.new.to_s
+ params['opaque'] = H(opaque)
+ params['qop'] = QOP
+
+ hash.each { |k, v| params[k] = v }
+ end
+ end
+
+ def challenge(hash = {})
+ "Digest #{params(hash)}"
+ end
+
+ def valid?(auth)
+ valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth)
+ end
+
+ def valid_qop?(auth)
+ QOP == auth.qop
+ end
+
+ def valid_opaque?(auth)
+ H(opaque) == auth.opaque
+ end
+
+ def valid_nonce?(auth)
+ auth.nonce.valid?
+ end
+
+ def valid_digest?(auth)
+ digest(auth, @authenticator.call(auth.username)) == auth.response
+ end
+
+ def md5(data)
+ ::Digest::MD5.hexdigest(data)
+ end
+
+ alias :H :md5
+
+ def KD(secret, data)
+ H([secret, data] * ':')
+ end
+
+ def A1(auth, password)
+ [ auth.username, auth.realm, password ] * ':'
+ end
+
+ def A2(auth)
+ [ auth.method, auth.uri ] * ':'
+ end
+
+ def digest(auth, password)
+ password_hash = passwords_hashed? ? password : H(A1(auth, password))
+
+ KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+ end
+
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb
new file mode 100644
index 0000000000..dbe109f29a
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb
@@ -0,0 +1,51 @@
+require 'digest/md5'
+
+module Rack
+ module Auth
+ module Digest
+ # Rack::Auth::Digest::Nonce is the default nonce generator for the
+ # Rack::Auth::Digest::MD5 authentication handler.
+ #
+ # +private_key+ needs to set to a constant string.
+ #
+ # +time_limit+ can be optionally set to an integer (number of seconds),
+ # to limit the validity of the generated nonces.
+
+ class Nonce
+
+ class << self
+ attr_accessor :private_key, :time_limit
+ end
+
+ def self.parse(string)
+ new(*string.unpack("m*").first.split(' ', 2))
+ end
+
+ def initialize(timestamp = Time.now, given_digest = nil)
+ @timestamp, @given_digest = timestamp.to_i, given_digest
+ end
+
+ def to_s
+ [([ @timestamp, digest ] * ' ')].pack("m*").strip
+ end
+
+ def digest
+ ::Digest::MD5.hexdigest([ @timestamp, self.class.private_key ] * ':')
+ end
+
+ def valid?
+ digest == @given_digest
+ end
+
+ def stale?
+ !self.class.time_limit.nil? && (@timestamp - Time.now.to_i) < self.class.time_limit
+ end
+
+ def fresh?
+ !stale?
+ end
+
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb
new file mode 100644
index 0000000000..730e2efdc8
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb
@@ -0,0 +1,55 @@
+module Rack
+ module Auth
+ module Digest
+ class Params < Hash
+
+ def self.parse(str)
+ split_header_value(str).inject(new) do |header, param|
+ k, v = param.split('=', 2)
+ header[k] = dequote(v)
+ header
+ end
+ end
+
+ def self.dequote(str) # From WEBrick::HTTPUtils
+ ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
+ ret.gsub!(/\\(.)/, "\\1")
+ ret
+ end
+
+ def self.split_header_value(str)
+ str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
+ end
+
+ def initialize
+ super
+
+ yield self if block_given?
+ end
+
+ def [](k)
+ super k.to_s
+ end
+
+ def []=(k, v)
+ super k.to_s, v.to_s
+ end
+
+ UNQUOTED = ['qop', 'nc', 'stale']
+
+ def to_s
+ inject([]) do |parts, (k, v)|
+ parts << "#{k}=" + (UNQUOTED.include?(k) ? v.to_s : quote(v))
+ parts
+ end.join(', ')
+ end
+
+ def quote(str) # From WEBrick::HTTPUtils
+ '"' << str.gsub(/[\\\"]/o, "\\\1") << '"'
+ end
+
+ end
+ end
+ end
+end
+
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb
new file mode 100644
index 0000000000..a8aa3bf996
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb
@@ -0,0 +1,40 @@
+require 'rack/auth/abstract/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+
+module Rack
+ module Auth
+ module Digest
+ class Request < Auth::AbstractRequest
+
+ def method
+ @env['rack.methodoverride.original_method'] || @env['REQUEST_METHOD']
+ end
+
+ def digest?
+ :digest == scheme
+ end
+
+ def correct_uri?
+ (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri
+ end
+
+ def nonce
+ @nonce ||= Nonce.parse(params['nonce'])
+ end
+
+ def params
+ @params ||= Params.parse(parts.last)
+ end
+
+ def method_missing(sym)
+ if params.has_key? key = sym.to_s
+ return params[key]
+ end
+ super
+ end
+
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/openid.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/openid.rb
new file mode 100644
index 0000000000..c5f6a5143e
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/openid.rb
@@ -0,0 +1,480 @@
+# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+
+gem 'ruby-openid', '~> 2' if defined? Gem
+require 'rack/request'
+require 'rack/utils'
+require 'rack/auth/abstract/handler'
+require 'uri'
+require 'openid' #gem
+require 'openid/extension' #gem
+require 'openid/store/memory' #gem
+
+module Rack
+ class Request
+ def openid_request
+ @env['rack.auth.openid.request']
+ end
+
+ def openid_response
+ @env['rack.auth.openid.response']
+ end
+ end
+
+ module Auth
+
+ # Rack::Auth::OpenID provides a simple method for setting up an OpenID
+ # Consumer. It requires the ruby-openid library from janrain to operate,
+ # as well as a rack method of session management.
+ #
+ # The ruby-openid home page is at http://openidenabled.com/ruby-openid/.
+ #
+ # The OpenID specifications can be found at
+ # http://openid.net/specs/openid-authentication-1_1.html
+ # and
+ # http://openid.net/specs/openid-authentication-2_0.html. Documentation
+ # for published OpenID extensions and related topics can be found at
+ # http://openid.net/developers/specs/.
+ #
+ # It is recommended to read through the OpenID spec, as well as
+ # ruby-openid's documentation, to understand what exactly goes on. However
+ # a setup as simple as the presented examples is enough to provide
+ # Consumer functionality.
+ #
+ # This library strongly intends to utilize the OpenID 2.0 features of the
+ # ruby-openid library, which provides OpenID 1.0 compatiblity.
+ #
+ # NOTE: Due to the amount of data that this library stores in the
+ # session, Rack::Session::Cookie may fault.
+
+ class OpenID
+
+ class NoSession < RuntimeError; end
+ class BadExtension < RuntimeError; end
+ # Required for ruby-openid
+ ValidStatus = [:success, :setup_needed, :cancel, :failure]
+
+ # = Arguments
+ #
+ # The first argument is the realm, identifying the site they are trusting
+ # with their identity. This is required, also treated as the trust_root
+ # in OpenID 1.x exchanges.
+ #
+ # The optional second argument is a hash of options.
+ #
+ # == Options
+ #
+ # <tt>:return_to</tt> defines the url to return to after the client
+ # authenticates with the openid service provider. This url should point
+ # to where Rack::Auth::OpenID is mounted. If <tt>:return_to</tt> is not
+ # provided, return_to will be the current url which allows flexibility
+ # with caveats.
+ #
+ # <tt>:session_key</tt> defines the key to the session hash in the env.
+ # It defaults to 'rack.session'.
+ #
+ # <tt>:openid_param</tt> defines at what key in the request parameters to
+ # find the identifier to resolve. As per the 2.0 spec, the default is
+ # 'openid_identifier'.
+ #
+ # <tt>:store</tt> defined what OpenID Store to use for persistant
+ # information. By default a Store::Memory will be used.
+ #
+ # <tt>:immediate</tt> as true will make initial requests to be of an
+ # immediate type. This is false by default. See OpenID specification
+ # documentation.
+ #
+ # <tt>:extensions</tt> should be a hash of openid extension
+ # implementations. The key should be the extension main module, the value
+ # should be an array of arguments for extension::Request.new.
+ # The hash is iterated over and passed to #add_extension for processing.
+ # Please see #add_extension for further documentation.
+ #
+ # == Examples
+ #
+ # simple_oid = OpenID.new('http://mysite.com/')
+ #
+ # return_oid = OpenID.new('http://mysite.com/', {
+ # :return_to => 'http://mysite.com/openid'
+ # })
+ #
+ # complex_oid = OpenID.new('http://mysite.com/',
+ # :immediate => true,
+ # :extensions => {
+ # ::OpenID::SReg => [['email'],['nickname']]
+ # }
+ # )
+ #
+ # = Advanced
+ #
+ # Most of the functionality of this library is encapsulated such that
+ # expansion and overriding functions isn't difficult nor tricky.
+ # Alternately, to avoid opening up singleton objects or subclassing, a
+ # wrapper rack middleware can be composed to act upon Auth::OpenID's
+ # responses. See #check and #finish for locations of pertinent data.
+ #
+ # == Responses
+ #
+ # To change the responses that Auth::OpenID returns, override the methods
+ # #redirect, #bad_request, #unauthorized, #access_denied, and
+ # #foreign_server_failure.
+ #
+ # Additionally #confirm_post_params is used when the URI would exceed
+ # length limits on a GET request when doing the initial verification
+ # request.
+ #
+ # == Processing
+ #
+ # To change methods of processing completed transactions, override the
+ # methods #success, #setup_needed, #cancel, and #failure. Please ensure
+ # the returned object is a rack compatible response.
+ #
+ # The first argument is an OpenID::Response, the second is a
+ # Rack::Request of the current request, the last is the hash used in
+ # ruby-openid handling, which can be found manually at
+ # env['rack.session'][:openid].
+ #
+ # This is useful if you wanted to expand the processing done, such as
+ # setting up user accounts.
+ #
+ # oid_app = Rack::Auth::OpenID.new realm, :return_to => return_to
+ # def oid_app.success oid, request, session
+ # user = Models::User[oid.identity_url]
+ # user ||= Models::User.create_from_openid oid
+ # request['rack.session'][:user] = user.id
+ # redirect MyApp.site_home
+ # end
+ #
+ # site_map['/openid'] = oid_app
+ # map = Rack::URLMap.new site_map
+ # ...
+
+ def initialize(realm, options={})
+ realm = URI(realm)
+ raise ArgumentError, "Invalid realm: #{realm}" \
+ unless realm.absolute? \
+ and realm.fragment.nil? \
+ and realm.scheme =~ /^https?$/ \
+ and realm.host =~ /^(\*\.)?#{URI::REGEXP::PATTERN::URIC_NO_SLASH}+/
+ realm.path = '/' if realm.path.empty?
+ @realm = realm.to_s
+
+ if ruri = options[:return_to]
+ ruri = URI(ruri)
+ raise ArgumentError, "Invalid return_to: #{ruri}" \
+ unless ruri.absolute? \
+ and ruri.scheme =~ /^https?$/ \
+ and ruri.fragment.nil?
+ raise ArgumentError, "return_to #{ruri} not within realm #{realm}" \
+ unless self.within_realm?(ruri)
+ @return_to = ruri.to_s
+ end
+
+ @session_key = options[:session_key] || 'rack.session'
+ @openid_param = options[:openid_param] || 'openid_identifier'
+ @store = options[:store] || ::OpenID::Store::Memory.new
+ @immediate = !!options[:immediate]
+
+ @extensions = {}
+ if extensions = options.delete(:extensions)
+ extensions.each do |ext, args|
+ add_extension ext, *args
+ end
+ end
+
+ # Undocumented, semi-experimental
+ @anonymous = !!options[:anonymous]
+ end
+
+ attr_reader :realm, :return_to, :session_key, :openid_param, :store,
+ :immediate, :extensions
+
+ # Sets up and uses session data at <tt>:openid</tt> within the session.
+ # Errors in this setup will raise a NoSession exception.
+ #
+ # If the parameter 'openid.mode' is set, which implies a followup from
+ # the openid server, processing is passed to #finish and the result is
+ # returned. However, if there is no appropriate openid information in the
+ # session, a 400 error is returned.
+ #
+ # If the parameter specified by <tt>options[:openid_param]</tt> is
+ # present, processing is passed to #check and the result is returned.
+ #
+ # If neither of these conditions are met, #unauthorized is called.
+
+ def call(env)
+ env['rack.auth.openid'] = self
+ env_session = env[@session_key]
+ unless env_session and env_session.is_a?(Hash)
+ raise NoSession, 'No compatible session'
+ end
+ # let us work in our own namespace...
+ session = (env_session[:openid] ||= {})
+ unless session and session.is_a?(Hash)
+ raise NoSession, 'Incompatible openid session'
+ end
+
+ request = Rack::Request.new(env)
+ consumer = ::OpenID::Consumer.new(session, @store)
+
+ if mode = request.GET['openid.mode']
+ if session.key?(:openid_param)
+ finish(consumer, session, request)
+ else
+ bad_request
+ end
+ elsif request.GET[@openid_param]
+ check(consumer, session, request)
+ else
+ unauthorized
+ end
+ end
+
+ # As the first part of OpenID consumer action, #check retrieves the data
+ # required for completion.
+ #
+ # If all parameters fit within the max length of a URI, a 303 redirect
+ # will be returned. Otherwise #confirm_post_params will be called.
+ #
+ # Any messages from OpenID's request are logged to env['rack.errors']
+ #
+ # <tt>env['rack.auth.openid.request']</tt> is the openid checkid request
+ # instance.
+ #
+ # <tt>session[:openid_param]</tt> is set to the openid identifier
+ # provided by the user.
+ #
+ # <tt>session[:return_to]</tt> is set to the return_to uri given to the
+ # identity provider.
+
+ def check(consumer, session, req)
+ oid = consumer.begin(req.GET[@openid_param], @anonymous)
+ req.env['rack.auth.openid.request'] = oid
+ req.env['rack.errors'].puts(oid.message)
+ p oid if $DEBUG
+
+ ## Extension support
+ extensions.each do |ext,args|
+ oid.add_extension(ext::Request.new(*args))
+ end
+
+ session[:openid_param] = req.GET[openid_param]
+ return_to_uri = return_to ? return_to : req.url
+ session[:return_to] = return_to_uri
+ immediate = session.key?(:setup_needed) ? false : immediate
+
+ if oid.send_redirect?(realm, return_to_uri, immediate)
+ uri = oid.redirect_url(realm, return_to_uri, immediate)
+ redirect(uri)
+ else
+ confirm_post_params(oid, realm, return_to_uri, immediate)
+ end
+ rescue ::OpenID::DiscoveryFailure => e
+ # thrown from inside OpenID::Consumer#begin by yadis stuff
+ req.env['rack.errors'].puts([e.message, *e.backtrace]*"\n")
+ return foreign_server_failure
+ end
+
+ # This is the final portion of authentication.
+ # If successful, a redirect to the realm is be returned.
+ # Data gathered from extensions are stored in session[:openid] with the
+ # extension's namespace uri as the key.
+ #
+ # Any messages from OpenID's response are logged to env['rack.errors']
+ #
+ # <tt>env['rack.auth.openid.response']</tt> will contain the openid
+ # response.
+
+ def finish(consumer, session, req)
+ oid = consumer.complete(req.GET, req.url)
+ req.env['rack.auth.openid.response'] = oid
+ req.env['rack.errors'].puts(oid.message)
+ p oid if $DEBUG
+
+ raise unless ValidStatus.include?(oid.status)
+ __send__(oid.status, oid, req, session)
+ end
+
+ # The first argument should be the main extension module.
+ # The extension module should contain the constants:
+ # * class Request, should have OpenID::Extension as an ancestor
+ # * class Response, should have OpenID::Extension as an ancestor
+ # * string NS_URI, which defining the namespace of the extension
+ #
+ # All trailing arguments will be passed to extension::Request.new in
+ # #check.
+ # The openid response will be passed to
+ # extension::Response#from_success_response, #get_extension_args will be
+ # called on the result to attain the gathered data.
+ #
+ # This method returns the key at which the response data will be found in
+ # the session, which is the namespace uri by default.
+
+ def add_extension(ext, *args)
+ raise BadExtension unless valid_extension?(ext)
+ extensions[ext] = args
+ return ext::NS_URI
+ end
+
+ # Checks the validitity, in the context of usage, of a submitted
+ # extension.
+
+ def valid_extension?(ext)
+ if not %w[NS_URI Request Response].all?{|c| ext.const_defined?(c) }
+ raise ArgumentError, 'Extension is missing constants.'
+ elsif not ext::Response.respond_to?(:from_success_response)
+ raise ArgumentError, 'Response is missing required method.'
+ end
+ return true
+ rescue
+ return false
+ end
+
+ # Checks the provided uri to ensure it'd be considered within the realm.
+ # is currently not compatible with wildcard realms.
+
+ def within_realm? uri
+ uri = URI.parse(uri.to_s)
+ realm = URI.parse(self.realm)
+ return false unless uri.absolute?
+ return false unless uri.path[0, realm.path.size] == realm.path
+ return false unless uri.host == realm.host or realm.host[/^\*\./]
+ # for wildcard support, is awkward with URI limitations
+ realm_match = Regexp.escape(realm.host).
+ sub(/^\*\./,"^#{URI::REGEXP::PATTERN::URIC_NO_SLASH}+.")+'$'
+ return false unless uri.host.match(realm_match)
+ return true
+ end
+ alias_method :include?, :within_realm?
+
+ protected
+
+ ### These methods define some of the boilerplate responses.
+
+ # Returns an html form page for posting to an Identity Provider if the
+ # GET request would exceed the upper URI length limit.
+
+ def confirm_post_params(oid, realm, return_to, immediate)
+ Rack::Response.new.finish do |r|
+ r.write '<html><head><title>Confirm...</title></head><body>'
+ r.write oid.form_markup(realm, return_to, immediate)
+ r.write '</body></html>'
+ end
+ end
+
+ # Returns a 303 redirect with the destination of that provided by the
+ # argument.
+
+ def redirect(uri)
+ [ 303, {'Content-Length'=>'0', 'Content-Type'=>'text/plain',
+ 'Location' => uri},
+ [] ]
+ end
+
+ # Returns an empty 400 response.
+
+ def bad_request
+ [ 400, {'Content-Type'=>'text/plain', 'Content-Length'=>'0'},
+ [''] ]
+ end
+
+ # Returns a basic unauthorized 401 response.
+
+ def unauthorized
+ [ 401, {'Content-Type' => 'text/plain', 'Content-Length' => '13'},
+ ['Unauthorized.'] ]
+ end
+
+ # Returns a basic access denied 403 response.
+
+ def access_denied
+ [ 403, {'Content-Type' => 'text/plain', 'Content-Length' => '14'},
+ ['Access denied.'] ]
+ end
+
+ # Returns a 503 response to be used if communication with the remote
+ # OpenID server fails.
+
+ def foreign_server_failure
+ [ 503, {'Content-Type'=>'text/plain', 'Content-Length' => '23'},
+ ['Foreign server failure.'] ]
+ end
+
+ private
+
+ ### These methods are called after a transaction is completed, depending
+ # on its outcome. These should all return a rack compatible response.
+ # You'd want to override these to provide additional functionality.
+
+ # Called to complete processing on a successful transaction.
+ # Within the openid session, :openid_identity and :openid_identifier are
+ # set to the user friendly and the standard representation of the
+ # validated identity. All other data in the openid session is cleared.
+
+ def success(oid, request, session)
+ session.clear
+ session[:openid_identity] = oid.display_identifier
+ session[:openid_identifier] = oid.identity_url
+ extensions.keys.each do |ext|
+ label = ext.name[/[^:]+$/].downcase
+ response = ext::Response.from_success_response(oid)
+ session[label] = response.data
+ end
+ redirect(realm)
+ end
+
+ # Called if the Identity Provider indicates further setup by the user is
+ # required.
+ # The identifier is retrived from the openid session at :openid_param.
+ # And :setup_needed is set to true to prevent looping.
+
+ def setup_needed(oid, request, session)
+ identifier = session[:openid_param]
+ session[:setup_needed] = true
+ redirect req.script_name + '?' + openid_param + '=' + identifier
+ end
+
+ # Called if the user indicates they wish to cancel identification.
+ # Data within openid session is cleared.
+
+ def cancel(oid, request, session)
+ session.clear
+ access_denied
+ end
+
+ # Called if the Identity Provider indicates the user is unable to confirm
+ # their identity. Data within the openid session is left alone, in case
+ # of swarm auth attacks.
+
+ def failure(oid, request, session)
+ unauthorized
+ end
+ end
+
+ # A class developed out of the request to use OpenID as an authentication
+ # middleware. The request will be sent to the OpenID instance unless the
+ # block evaluates to true. For example in rackup, you can use it as such:
+ #
+ # use Rack::Session::Pool
+ # use Rack::Auth::OpenIDAuth, realm, openid_options do |env|
+ # env['rack.session'][:authkey] == a_string
+ # end
+ # run RackApp
+ #
+ # Or simply:
+ #
+ # app = Rack::Auth::OpenIDAuth.new app, realm, openid_options, &auth
+
+ class OpenIDAuth < Rack::Auth::AbstractHandler
+ attr_reader :oid
+ def initialize(app, realm, options={}, &auth)
+ @oid = OpenID.new(realm, options)
+ super(app, &auth)
+ end
+
+ def call(env)
+ to = auth.call(env) ? @app : @oid
+ to.call env
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/builder.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/builder.rb
new file mode 100644
index 0000000000..295235e56a
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/builder.rb
@@ -0,0 +1,63 @@
+module Rack
+ # Rack::Builder implements a small DSL to iteratively construct Rack
+ # applications.
+ #
+ # Example:
+ #
+ # app = Rack::Builder.new {
+ # use Rack::CommonLogger
+ # use Rack::ShowExceptions
+ # map "/lobster" do
+ # use Rack::Lint
+ # run Rack::Lobster.new
+ # end
+ # }
+ #
+ # Or
+ #
+ # app = Rack::Builder.app do
+ # use Rack::CommonLogger
+ # lambda { |env| [200, {'Content-Type' => 'text/plain'}, 'OK'] }
+ # end
+ #
+ # +use+ adds a middleware to the stack, +run+ dispatches to an application.
+ # You can use +map+ to construct a Rack::URLMap in a convenient way.
+
+ class Builder
+ def initialize(&block)
+ @ins = []
+ instance_eval(&block) if block_given?
+ end
+
+ def self.app(&block)
+ self.new(&block).to_app
+ end
+
+ def use(middleware, *args, &block)
+ @ins << lambda { |app| middleware.new(app, *args, &block) }
+ end
+
+ def run(app)
+ @ins << app #lambda { |nothing| app }
+ end
+
+ def map(path, &block)
+ if @ins.last.kind_of? Hash
+ @ins.last[path] = self.class.new(&block).to_app
+ else
+ @ins << {}
+ map(path, &block)
+ end
+ end
+
+ def to_app
+ @ins[-1] = Rack::URLMap.new(@ins.last) if Hash === @ins.last
+ inner_app = @ins.last
+ @ins[0...-1].reverse.inject(inner_app) { |a, e| e.call(a) }
+ end
+
+ def call(env)
+ to_app.call(env)
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/cascade.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/cascade.rb
new file mode 100644
index 0000000000..a038aa1105
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/cascade.rb
@@ -0,0 +1,36 @@
+module Rack
+ # Rack::Cascade tries an request on several apps, and returns the
+ # first response that is not 404 (or in a list of configurable
+ # status codes).
+
+ class Cascade
+ attr_reader :apps
+
+ def initialize(apps, catch=404)
+ @apps = apps
+ @catch = [*catch]
+ end
+
+ def call(env)
+ status = headers = body = nil
+ raise ArgumentError, "empty cascade" if @apps.empty?
+ @apps.each { |app|
+ begin
+ status, headers, body = app.call(env)
+ break unless @catch.include?(status.to_i)
+ end
+ }
+ [status, headers, body]
+ end
+
+ def add app
+ @apps << app
+ end
+
+ def include? app
+ @apps.include? app
+ end
+
+ alias_method :<<, :add
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/chunked.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/chunked.rb
new file mode 100644
index 0000000000..280d89dd65
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/chunked.rb
@@ -0,0 +1,49 @@
+require 'rack/utils'
+
+module Rack
+
+ # Middleware that applies chunked transfer encoding to response bodies
+ # when the response does not include a Content-Length header.
+ class Chunked
+ include Rack::Utils
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+ headers = HeaderHash.new(headers)
+
+ if env['HTTP_VERSION'] == 'HTTP/1.0' ||
+ STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
+ headers['Content-Length'] ||
+ headers['Transfer-Encoding']
+ [status, headers.to_hash, body]
+ else
+ dup.chunk(status, headers, body)
+ end
+ end
+
+ def chunk(status, headers, body)
+ @body = body
+ headers.delete('Content-Length')
+ headers['Transfer-Encoding'] = 'chunked'
+ [status, headers.to_hash, self]
+ end
+
+ def each
+ term = "\r\n"
+ @body.each do |chunk|
+ size = bytesize(chunk)
+ next if size == 0
+ yield [size.to_s(16), term, chunk, term].join
+ end
+ yield ["0", term, "", term].join
+ end
+
+ def close
+ @body.close if @body.respond_to?(:close)
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/commonlogger.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/commonlogger.rb
new file mode 100644
index 0000000000..5e68ac626d
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/commonlogger.rb
@@ -0,0 +1,61 @@
+module Rack
+ # Rack::CommonLogger forwards every request to an +app+ given, and
+ # logs a line in the Apache common log format to the +logger+, or
+ # rack.errors by default.
+
+ class CommonLogger
+ def initialize(app, logger=nil)
+ @app = app
+ @logger = logger
+ end
+
+ def call(env)
+ dup._call(env)
+ end
+
+ def _call(env)
+ @env = env
+ @logger ||= self
+ @time = Time.now
+ @status, @header, @body = @app.call(env)
+ [@status, @header, self]
+ end
+
+ def close
+ @body.close if @body.respond_to? :close
+ end
+
+ # By default, log to rack.errors.
+ def <<(str)
+ @env["rack.errors"].write(str)
+ @env["rack.errors"].flush
+ end
+
+ def each
+ length = 0
+ @body.each { |part|
+ length += part.size
+ yield part
+ }
+
+ @now = Time.now
+
+ # Common Log Format: http://httpd.apache.org/docs/1.3/logs.html#common
+ # lilith.local - - [07/Aug/2006 23:58:02] "GET / HTTP/1.1" 500 -
+ # %{%s - %s [%s] "%s %s%s %s" %d %s\n} %
+ @logger << %{%s - %s [%s] "%s %s%s %s" %d %s %0.4f\n} %
+ [
+ @env['HTTP_X_FORWARDED_FOR'] || @env["REMOTE_ADDR"] || "-",
+ @env["REMOTE_USER"] || "-",
+ @now.strftime("%d/%b/%Y %H:%M:%S"),
+ @env["REQUEST_METHOD"],
+ @env["PATH_INFO"],
+ @env["QUERY_STRING"].empty? ? "" : "?"+@env["QUERY_STRING"],
+ @env["HTTP_VERSION"],
+ @status.to_s[0..3],
+ (length.zero? ? "-" : length.to_s),
+ @now - @time
+ ]
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/conditionalget.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/conditionalget.rb
new file mode 100644
index 0000000000..7bec824181
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/conditionalget.rb
@@ -0,0 +1,45 @@
+require 'rack/utils'
+
+module Rack
+
+ # Middleware that enables conditional GET using If-None-Match and
+ # If-Modified-Since. The application should set either or both of the
+ # Last-Modified or Etag response headers according to RFC 2616. When
+ # either of the conditions is met, the response body is set to be zero
+ # length and the response status is set to 304 Not Modified.
+ #
+ # Applications that defer response body generation until the body's each
+ # message is received will avoid response body generation completely when
+ # a conditional GET matches.
+ #
+ # Adapted from Michael Klishin's Merb implementation:
+ # http://github.com/wycats/merb-core/tree/master/lib/merb-core/rack/middleware/conditional_get.rb
+ class ConditionalGet
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ return @app.call(env) unless %w[GET HEAD].include?(env['REQUEST_METHOD'])
+
+ status, headers, body = @app.call(env)
+ headers = Utils::HeaderHash.new(headers)
+ if etag_matches?(env, headers) || modified_since?(env, headers)
+ status = 304
+ body = []
+ end
+ [status, headers, body]
+ end
+
+ private
+ def etag_matches?(env, headers)
+ etag = headers['Etag'] and etag == env['HTTP_IF_NONE_MATCH']
+ end
+
+ def modified_since?(env, headers)
+ last_modified = headers['Last-Modified'] and
+ last_modified == env['HTTP_IF_MODIFIED_SINCE']
+ end
+ end
+
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_length.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_length.rb
new file mode 100644
index 0000000000..1e56d43853
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_length.rb
@@ -0,0 +1,29 @@
+require 'rack/utils'
+
+module Rack
+ # Sets the Content-Length header on responses with fixed-length bodies.
+ class ContentLength
+ include Rack::Utils
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+ headers = HeaderHash.new(headers)
+
+ if !STATUS_WITH_NO_ENTITY_BODY.include?(status) &&
+ !headers['Content-Length'] &&
+ !headers['Transfer-Encoding'] &&
+ (body.respond_to?(:to_ary) || body.respond_to?(:to_str))
+
+ body = [body] if body.respond_to?(:to_str) # rack 0.4 compat
+ length = body.to_ary.inject(0) { |len, part| len + bytesize(part) }
+ headers['Content-Length'] = length.to_s
+ end
+
+ [status, headers, body]
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_type.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_type.rb
new file mode 100644
index 0000000000..0c1e1ca3e1
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/content_type.rb
@@ -0,0 +1,23 @@
+require 'rack/utils'
+
+module Rack
+
+ # Sets the Content-Type header on responses which don't have one.
+ #
+ # Builder Usage:
+ # use Rack::ContentType, "text/plain"
+ #
+ # When no content type argument is provided, "text/html" is assumed.
+ class ContentType
+ def initialize(app, content_type = "text/html")
+ @app, @content_type = app, content_type
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+ headers = Utils::HeaderHash.new(headers)
+ headers['Content-Type'] ||= @content_type
+ [status, headers.to_hash, body]
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/deflater.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/deflater.rb
new file mode 100644
index 0000000000..a42b7477ae
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/deflater.rb
@@ -0,0 +1,85 @@
+require "zlib"
+require "stringio"
+require "time" # for Time.httpdate
+require 'rack/utils'
+
+module Rack
+ class Deflater
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+ headers = Utils::HeaderHash.new(headers)
+
+ # Skip compressing empty entity body responses and responses with
+ # no-transform set.
+ if Utils::STATUS_WITH_NO_ENTITY_BODY.include?(status) ||
+ headers['Cache-Control'].to_s =~ /\bno-transform\b/
+ return [status, headers, body]
+ end
+
+ request = Request.new(env)
+
+ encoding = Utils.select_best_encoding(%w(gzip deflate identity),
+ request.accept_encoding)
+
+ # Set the Vary HTTP header.
+ vary = headers["Vary"].to_s.split(",").map { |v| v.strip }
+ unless vary.include?("*") || vary.include?("Accept-Encoding")
+ headers["Vary"] = vary.push("Accept-Encoding").join(",")
+ end
+
+ case encoding
+ when "gzip"
+ mtime = headers.key?("Last-Modified") ?
+ Time.httpdate(headers["Last-Modified"]) : Time.now
+ body = self.class.gzip(body, mtime)
+ size = Rack::Utils.bytesize(body)
+ headers = headers.merge("Content-Encoding" => "gzip", "Content-Length" => size.to_s)
+ [status, headers, [body]]
+ when "deflate"
+ body = self.class.deflate(body)
+ size = Rack::Utils.bytesize(body)
+ headers = headers.merge("Content-Encoding" => "deflate", "Content-Length" => size.to_s)
+ [status, headers, [body]]
+ when "identity"
+ [status, headers, body]
+ when nil
+ message = "An acceptable encoding for the requested resource #{request.fullpath} could not be found."
+ [406, {"Content-Type" => "text/plain", "Content-Length" => message.length.to_s}, [message]]
+ end
+ end
+
+ def self.gzip(body, mtime)
+ io = StringIO.new
+ gzip = Zlib::GzipWriter.new(io)
+ gzip.mtime = mtime
+
+ # TODO: Add streaming
+ body.each { |part| gzip << part }
+
+ gzip.close
+ return io.string
+ end
+
+ DEFLATE_ARGS = [
+ Zlib::DEFAULT_COMPRESSION,
+ # drop the zlib header which causes both Safari and IE to choke
+ -Zlib::MAX_WBITS,
+ Zlib::DEF_MEM_LEVEL,
+ Zlib::DEFAULT_STRATEGY
+ ]
+
+ # Loosely based on Mongrel's Deflate handler
+ def self.deflate(body)
+ deflater = Zlib::Deflate.new(*DEFLATE_ARGS)
+
+ # TODO: Add streaming
+ body.each { |part| deflater << part }
+
+ return deflater.finish
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/directory.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/directory.rb
new file mode 100644
index 0000000000..acdd3029d3
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/directory.rb
@@ -0,0 +1,153 @@
+require 'time'
+require 'rack/utils'
+require 'rack/mime'
+
+module Rack
+ # Rack::Directory serves entries below the +root+ given, according to the
+ # path info of the Rack request. If a directory is found, the file's contents
+ # will be presented in an html based index. If a file is found, the env will
+ # be passed to the specified +app+.
+ #
+ # If +app+ is not specified, a Rack::File of the same +root+ will be used.
+
+ class Directory
+ DIR_FILE = "<tr><td class='name'><a href='%s'>%s</a></td><td class='size'>%s</td><td class='type'>%s</td><td class='mtime'>%s</td></tr>"
+ DIR_PAGE = <<-PAGE
+<html><head>
+ <title>%s</title>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <style type='text/css'>
+table { width:100%%; }
+.name { text-align:left; }
+.size, .mtime { text-align:right; }
+.type { width:11em; }
+.mtime { width:15em; }
+ </style>
+</head><body>
+<h1>%s</h1>
+<hr />
+<table>
+ <tr>
+ <th class='name'>Name</th>
+ <th class='size'>Size</th>
+ <th class='type'>Type</th>
+ <th class='mtime'>Last Modified</th>
+ </tr>
+%s
+</table>
+<hr />
+</body></html>
+ PAGE
+
+ attr_reader :files
+ attr_accessor :root, :path
+
+ def initialize(root, app=nil)
+ @root = F.expand_path(root)
+ @app = app || Rack::File.new(@root)
+ end
+
+ def call(env)
+ dup._call(env)
+ end
+
+ F = ::File
+
+ def _call(env)
+ @env = env
+ @script_name = env['SCRIPT_NAME']
+ @path_info = Utils.unescape(env['PATH_INFO'])
+
+ if forbidden = check_forbidden
+ forbidden
+ else
+ @path = F.join(@root, @path_info)
+ list_path
+ end
+ end
+
+ def check_forbidden
+ return unless @path_info.include? ".."
+
+ body = "Forbidden\n"
+ size = Rack::Utils.bytesize(body)
+ return [403, {"Content-Type" => "text/plain","Content-Length" => size.to_s}, [body]]
+ end
+
+ def list_directory
+ @files = [['../','Parent Directory','','','']]
+ glob = F.join(@path, '*')
+
+ Dir[glob].sort.each do |node|
+ stat = stat(node)
+ next unless stat
+ basename = F.basename(node)
+ ext = F.extname(node)
+
+ url = F.join(@script_name, @path_info, basename)
+ size = stat.size
+ type = stat.directory? ? 'directory' : Mime.mime_type(ext)
+ size = stat.directory? ? '-' : filesize_format(size)
+ mtime = stat.mtime.httpdate
+ url << '/' if stat.directory?
+ basename << '/' if stat.directory?
+
+ @files << [ url, basename, size, type, mtime ]
+ end
+
+ return [ 200, {'Content-Type'=>'text/html; charset=utf-8'}, self ]
+ end
+
+ def stat(node, max = 10)
+ F.stat(node)
+ rescue Errno::ENOENT, Errno::ELOOP
+ return nil
+ end
+
+ # TODO: add correct response if not readable, not sure if 404 is the best
+ # option
+ def list_path
+ @stat = F.stat(@path)
+
+ if @stat.readable?
+ return @app.call(@env) if @stat.file?
+ return list_directory if @stat.directory?
+ else
+ raise Errno::ENOENT, 'No such file or directory'
+ end
+
+ rescue Errno::ENOENT, Errno::ELOOP
+ return entity_not_found
+ end
+
+ def entity_not_found
+ body = "Entity not found: #{@path_info}\n"
+ size = Rack::Utils.bytesize(body)
+ return [404, {"Content-Type" => "text/plain", "Content-Length" => size.to_s}, [body]]
+ end
+
+ def each
+ show_path = @path.sub(/^#{@root}/,'')
+ files = @files.map{|f| DIR_FILE % f }*"\n"
+ page = DIR_PAGE % [ show_path, show_path , files ]
+ page.each_line{|l| yield l }
+ end
+
+ # Stolen from Ramaze
+
+ FILESIZE_FORMAT = [
+ ['%.1fT', 1 << 40],
+ ['%.1fG', 1 << 30],
+ ['%.1fM', 1 << 20],
+ ['%.1fK', 1 << 10],
+ ]
+
+ def filesize_format(int)
+ FILESIZE_FORMAT.each do |format, size|
+ return format % (int.to_f / size) if int >= size
+ end
+
+ int.to_s + 'B'
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/file.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/file.rb
new file mode 100644
index 0000000000..fe62bd6b86
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/file.rb
@@ -0,0 +1,88 @@
+require 'time'
+require 'rack/utils'
+require 'rack/mime'
+
+module Rack
+ # Rack::File serves files below the +root+ given, according to the
+ # path info of the Rack request.
+ #
+ # Handlers can detect if bodies are a Rack::File, and use mechanisms
+ # like sendfile on the +path+.
+
+ class File
+ attr_accessor :root
+ attr_accessor :path
+
+ alias :to_path :path
+
+ def initialize(root)
+ @root = root
+ end
+
+ def call(env)
+ dup._call(env)
+ end
+
+ F = ::File
+
+ def _call(env)
+ @path_info = Utils.unescape(env["PATH_INFO"])
+ return forbidden if @path_info.include? ".."
+
+ @path = F.join(@root, @path_info)
+
+ begin
+ if F.file?(@path) && F.readable?(@path)
+ serving
+ else
+ raise Errno::EPERM
+ end
+ rescue SystemCallError
+ not_found
+ end
+ end
+
+ def forbidden
+ body = "Forbidden\n"
+ [403, {"Content-Type" => "text/plain",
+ "Content-Length" => body.size.to_s},
+ [body]]
+ end
+
+ # NOTE:
+ # We check via File::size? whether this file provides size info
+ # via stat (e.g. /proc files often don't), otherwise we have to
+ # figure it out by reading the whole file into memory. And while
+ # we're at it we also use this as body then.
+
+ def serving
+ if size = F.size?(@path)
+ body = self
+ else
+ body = [F.read(@path)]
+ size = Utils.bytesize(body.first)
+ end
+
+ [200, {
+ "Last-Modified" => F.mtime(@path).httpdate,
+ "Content-Type" => Mime.mime_type(F.extname(@path), 'text/plain'),
+ "Content-Length" => size.to_s
+ }, body]
+ end
+
+ def not_found
+ body = "File not found: #{@path_info}\n"
+ [404, {"Content-Type" => "text/plain",
+ "Content-Length" => body.size.to_s},
+ [body]]
+ end
+
+ def each
+ F.open(@path, "rb") { |file|
+ while part = file.read(8192)
+ yield part
+ end
+ }
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler.rb
new file mode 100644
index 0000000000..1018af64c7
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler.rb
@@ -0,0 +1,48 @@
+module Rack
+ # *Handlers* connect web servers with Rack.
+ #
+ # Rack includes Handlers for Mongrel, WEBrick, FastCGI, CGI, SCGI
+ # and LiteSpeed.
+ #
+ # Handlers usually are activated by calling <tt>MyHandler.run(myapp)</tt>.
+ # A second optional hash can be passed to include server-specific
+ # configuration.
+ module Handler
+ def self.get(server)
+ return unless server
+
+ if klass = @handlers[server]
+ obj = Object
+ klass.split("::").each { |x| obj = obj.const_get(x) }
+ obj
+ else
+ Rack::Handler.const_get(server.capitalize)
+ end
+ end
+
+ def self.register(server, klass)
+ @handlers ||= {}
+ @handlers[server] = klass
+ end
+
+ autoload :CGI, "rack/handler/cgi"
+ autoload :FastCGI, "rack/handler/fastcgi"
+ autoload :Mongrel, "rack/handler/mongrel"
+ autoload :EventedMongrel, "rack/handler/evented_mongrel"
+ autoload :SwiftipliedMongrel, "rack/handler/swiftiplied_mongrel"
+ autoload :WEBrick, "rack/handler/webrick"
+ autoload :LSWS, "rack/handler/lsws"
+ autoload :SCGI, "rack/handler/scgi"
+ autoload :Thin, "rack/handler/thin"
+
+ register 'cgi', 'Rack::Handler::CGI'
+ register 'fastcgi', 'Rack::Handler::FastCGI'
+ register 'mongrel', 'Rack::Handler::Mongrel'
+ register 'emongrel', 'Rack::Handler::EventedMongrel'
+ register 'smongrel', 'Rack::Handler::SwiftipliedMongrel'
+ register 'webrick', 'Rack::Handler::WEBrick'
+ register 'lsws', 'Rack::Handler::LSWS'
+ register 'scgi', 'Rack::Handler::SCGI'
+ register 'thin', 'Rack::Handler::Thin'
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/cgi.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/cgi.rb
new file mode 100644
index 0000000000..e38156c7f0
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/cgi.rb
@@ -0,0 +1,61 @@
+require 'rack/content_length'
+
+module Rack
+ module Handler
+ class CGI
+ def self.run(app, options=nil)
+ serve app
+ end
+
+ def self.serve(app)
+ app = ContentLength.new(app)
+
+ env = ENV.to_hash
+ env.delete "HTTP_CONTENT_LENGTH"
+
+ env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+
+ env.update({"rack.version" => [0,1],
+ "rack.input" => $stdin,
+ "rack.errors" => $stderr,
+
+ "rack.multithread" => false,
+ "rack.multiprocess" => true,
+ "rack.run_once" => true,
+
+ "rack.url_scheme" => ["yes", "on", "1"].include?(ENV["HTTPS"]) ? "https" : "http"
+ })
+
+ env["QUERY_STRING"] ||= ""
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["REQUEST_PATH"] ||= "/"
+
+ status, headers, body = app.call(env)
+ begin
+ send_headers status, headers
+ send_body body
+ ensure
+ body.close if body.respond_to? :close
+ end
+ end
+
+ def self.send_headers(status, headers)
+ STDOUT.print "Status: #{status}\r\n"
+ headers.each { |k, vs|
+ vs.split("\n").each { |v|
+ STDOUT.print "#{k}: #{v}\r\n"
+ }
+ }
+ STDOUT.print "\r\n"
+ STDOUT.flush
+ end
+
+ def self.send_body(body)
+ body.each { |part|
+ STDOUT.print part
+ STDOUT.flush
+ }
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/evented_mongrel.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/evented_mongrel.rb
new file mode 100644
index 0000000000..0f5cbf7293
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/evented_mongrel.rb
@@ -0,0 +1,8 @@
+require 'swiftcore/evented_mongrel'
+
+module Rack
+ module Handler
+ class EventedMongrel < Handler::Mongrel
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/fastcgi.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/fastcgi.rb
new file mode 100644
index 0000000000..6324c7d274
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/fastcgi.rb
@@ -0,0 +1,89 @@
+require 'fcgi'
+require 'socket'
+require 'rack/content_length'
+
+module Rack
+ module Handler
+ class FastCGI
+ def self.run(app, options={})
+ file = options[:File] and STDIN.reopen(UNIXServer.new(file))
+ port = options[:Port] and STDIN.reopen(TCPServer.new(port))
+ FCGI.each { |request|
+ serve request, app
+ }
+ end
+
+ module ProperStream # :nodoc:
+ def each # This is missing by default.
+ while line = gets
+ yield line
+ end
+ end
+
+ def read(*args)
+ if args.empty?
+ super || "" # Empty string on EOF.
+ else
+ super
+ end
+ end
+ end
+
+ def self.serve(request, app)
+ app = Rack::ContentLength.new(app)
+
+ env = request.env
+ env.delete "HTTP_CONTENT_LENGTH"
+
+ request.in.extend ProperStream
+
+ env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+
+ env.update({"rack.version" => [0,1],
+ "rack.input" => request.in,
+ "rack.errors" => request.err,
+
+ "rack.multithread" => false,
+ "rack.multiprocess" => true,
+ "rack.run_once" => false,
+
+ "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
+ })
+
+ env["QUERY_STRING"] ||= ""
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["REQUEST_PATH"] ||= "/"
+ env.delete "PATH_INFO" if env["PATH_INFO"] == ""
+ env.delete "CONTENT_TYPE" if env["CONTENT_TYPE"] == ""
+ env.delete "CONTENT_LENGTH" if env["CONTENT_LENGTH"] == ""
+
+ status, headers, body = app.call(env)
+ begin
+ send_headers request.out, status, headers
+ send_body request.out, body
+ ensure
+ body.close if body.respond_to? :close
+ request.finish
+ end
+ end
+
+ def self.send_headers(out, status, headers)
+ out.print "Status: #{status}\r\n"
+ headers.each { |k, vs|
+ vs.split("\n").each { |v|
+ out.print "#{k}: #{v}\r\n"
+ }
+ }
+ out.print "\r\n"
+ out.flush
+ end
+
+ def self.send_body(out, body)
+ body.each { |part|
+ out.print part
+ out.flush
+ }
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/lsws.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/lsws.rb
new file mode 100644
index 0000000000..c65ba3ec8e
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/lsws.rb
@@ -0,0 +1,55 @@
+require 'lsapi'
+require 'rack/content_length'
+
+module Rack
+ module Handler
+ class LSWS
+ def self.run(app, options=nil)
+ while LSAPI.accept != nil
+ serve app
+ end
+ end
+ def self.serve(app)
+ app = Rack::ContentLength.new(app)
+
+ env = ENV.to_hash
+ env.delete "HTTP_CONTENT_LENGTH"
+ env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+ env.update({"rack.version" => [0,1],
+ "rack.input" => StringIO.new($stdin.read.to_s),
+ "rack.errors" => $stderr,
+ "rack.multithread" => false,
+ "rack.multiprocess" => true,
+ "rack.run_once" => false,
+ "rack.url_scheme" => ["yes", "on", "1"].include?(ENV["HTTPS"]) ? "https" : "http"
+ })
+ env["QUERY_STRING"] ||= ""
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["REQUEST_PATH"] ||= "/"
+ status, headers, body = app.call(env)
+ begin
+ send_headers status, headers
+ send_body body
+ ensure
+ body.close if body.respond_to? :close
+ end
+ end
+ def self.send_headers(status, headers)
+ print "Status: #{status}\r\n"
+ headers.each { |k, vs|
+ vs.split("\n").each { |v|
+ print "#{k}: #{v}\r\n"
+ }
+ }
+ print "\r\n"
+ STDOUT.flush
+ end
+ def self.send_body(body)
+ body.each { |part|
+ print part
+ STDOUT.flush
+ }
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/mongrel.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/mongrel.rb
new file mode 100644
index 0000000000..f0c0d58330
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/mongrel.rb
@@ -0,0 +1,84 @@
+require 'mongrel'
+require 'stringio'
+require 'rack/content_length'
+require 'rack/chunked'
+
+module Rack
+ module Handler
+ class Mongrel < ::Mongrel::HttpHandler
+ def self.run(app, options={})
+ server = ::Mongrel::HttpServer.new(options[:Host] || '0.0.0.0',
+ options[:Port] || 8080)
+ # Acts like Rack::URLMap, utilizing Mongrel's own path finding methods.
+ # Use is similar to #run, replacing the app argument with a hash of
+ # { path=>app, ... } or an instance of Rack::URLMap.
+ if options[:map]
+ if app.is_a? Hash
+ app.each do |path, appl|
+ path = '/'+path unless path[0] == ?/
+ server.register(path, Rack::Handler::Mongrel.new(appl))
+ end
+ elsif app.is_a? URLMap
+ app.instance_variable_get(:@mapping).each do |(host, path, appl)|
+ next if !host.nil? && !options[:Host].nil? && options[:Host] != host
+ path = '/'+path unless path[0] == ?/
+ server.register(path, Rack::Handler::Mongrel.new(appl))
+ end
+ else
+ raise ArgumentError, "first argument should be a Hash or URLMap"
+ end
+ else
+ server.register('/', Rack::Handler::Mongrel.new(app))
+ end
+ yield server if block_given?
+ server.run.join
+ end
+
+ def initialize(app)
+ @app = Rack::Chunked.new(Rack::ContentLength.new(app))
+ end
+
+ def process(request, response)
+ env = {}.replace(request.params)
+ env.delete "HTTP_CONTENT_TYPE"
+ env.delete "HTTP_CONTENT_LENGTH"
+
+ env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/"
+
+ env.update({"rack.version" => [0,1],
+ "rack.input" => request.body || StringIO.new(""),
+ "rack.errors" => $stderr,
+
+ "rack.multithread" => true,
+ "rack.multiprocess" => false, # ???
+ "rack.run_once" => false,
+
+ "rack.url_scheme" => "http",
+ })
+ env["QUERY_STRING"] ||= ""
+ env.delete "PATH_INFO" if env["PATH_INFO"] == ""
+
+ status, headers, body = @app.call(env)
+
+ begin
+ response.status = status.to_i
+ response.send_status(nil)
+
+ headers.each { |k, vs|
+ vs.split("\n").each { |v|
+ response.header[k] = v
+ }
+ }
+ response.send_header
+
+ body.each { |part|
+ response.write part
+ response.socket.flush
+ }
+ ensure
+ body.close if body.respond_to? :close
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/scgi.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/scgi.rb
new file mode 100644
index 0000000000..9495c66374
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/scgi.rb
@@ -0,0 +1,59 @@
+require 'scgi'
+require 'stringio'
+require 'rack/content_length'
+require 'rack/chunked'
+
+module Rack
+ module Handler
+ class SCGI < ::SCGI::Processor
+ attr_accessor :app
+
+ def self.run(app, options=nil)
+ new(options.merge(:app=>app,
+ :host=>options[:Host],
+ :port=>options[:Port],
+ :socket=>options[:Socket])).listen
+ end
+
+ def initialize(settings = {})
+ @app = Rack::Chunked.new(Rack::ContentLength.new(settings[:app]))
+ @log = Object.new
+ def @log.info(*args); end
+ def @log.error(*args); end
+ super(settings)
+ end
+
+ def process_request(request, input_body, socket)
+ env = {}.replace(request)
+ env.delete "HTTP_CONTENT_TYPE"
+ env.delete "HTTP_CONTENT_LENGTH"
+ env["REQUEST_PATH"], env["QUERY_STRING"] = env["REQUEST_URI"].split('?', 2)
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["PATH_INFO"] = env["REQUEST_PATH"]
+ env["QUERY_STRING"] ||= ""
+ env["SCRIPT_NAME"] = ""
+ env.update({"rack.version" => [0,1],
+ "rack.input" => StringIO.new(input_body),
+ "rack.errors" => $stderr,
+
+ "rack.multithread" => true,
+ "rack.multiprocess" => true,
+ "rack.run_once" => false,
+
+ "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http"
+ })
+ status, headers, body = app.call(env)
+ begin
+ socket.write("Status: #{status}\r\n")
+ headers.each do |k, vs|
+ vs.split("\n").each { |v| socket.write("#{k}: #{v}\r\n")}
+ end
+ socket.write("\r\n")
+ body.each {|s| socket.write(s)}
+ ensure
+ body.close if body.respond_to? :close
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb
new file mode 100644
index 0000000000..4bafd0b953
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/swiftiplied_mongrel.rb
@@ -0,0 +1,8 @@
+require 'swiftcore/swiftiplied_mongrel'
+
+module Rack
+ module Handler
+ class SwiftipliedMongrel < Handler::Mongrel
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/thin.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/thin.rb
new file mode 100644
index 0000000000..3d4fedff75
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/thin.rb
@@ -0,0 +1,18 @@
+require "thin"
+require "rack/content_length"
+require "rack/chunked"
+
+module Rack
+ module Handler
+ class Thin
+ def self.run(app, options={})
+ app = Rack::Chunked.new(Rack::ContentLength.new(app))
+ server = ::Thin::Server.new(options[:Host] || '0.0.0.0',
+ options[:Port] || 8080,
+ app)
+ yield server if block_given?
+ server.start
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/webrick.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/webrick.rb
new file mode 100644
index 0000000000..829e7d6bf8
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/handler/webrick.rb
@@ -0,0 +1,67 @@
+require 'webrick'
+require 'stringio'
+require 'rack/content_length'
+
+module Rack
+ module Handler
+ class WEBrick < ::WEBrick::HTTPServlet::AbstractServlet
+ def self.run(app, options={})
+ server = ::WEBrick::HTTPServer.new(options)
+ server.mount "/", Rack::Handler::WEBrick, app
+ trap(:INT) { server.shutdown }
+ yield server if block_given?
+ server.start
+ end
+
+ def initialize(server, app)
+ super server
+ @app = Rack::ContentLength.new(app)
+ end
+
+ def service(req, res)
+ env = req.meta_vars
+ env.delete_if { |k, v| v.nil? }
+
+ env.update({"rack.version" => [0,1],
+ "rack.input" => StringIO.new(req.body.to_s),
+ "rack.errors" => $stderr,
+
+ "rack.multithread" => true,
+ "rack.multiprocess" => false,
+ "rack.run_once" => false,
+
+ "rack.url_scheme" => ["yes", "on", "1"].include?(ENV["HTTPS"]) ? "https" : "http"
+ })
+
+ env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"]
+ env["QUERY_STRING"] ||= ""
+ env["REQUEST_PATH"] ||= "/"
+ if env["PATH_INFO"] == ""
+ env.delete "PATH_INFO"
+ else
+ path, n = req.request_uri.path, env["SCRIPT_NAME"].length
+ env["PATH_INFO"] = path[n, path.length-n]
+ end
+
+ status, headers, body = @app.call(env)
+ begin
+ res.status = status.to_i
+ headers.each { |k, vs|
+ if k.downcase == "set-cookie"
+ res.cookies.concat vs.split("\n")
+ else
+ vs.split("\n").each { |v|
+ res[k] = v
+ }
+ end
+ }
+ body.each { |part|
+ res.body << part
+ }
+ ensure
+ body.close if body.respond_to? :close
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/head.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/head.rb
new file mode 100644
index 0000000000..deab822a99
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/head.rb
@@ -0,0 +1,19 @@
+module Rack
+
+class Head
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+
+ if env["REQUEST_METHOD"] == "HEAD"
+ [status, headers, []]
+ else
+ [status, headers, body]
+ end
+ end
+end
+
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lint.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lint.rb
new file mode 100644
index 0000000000..44a33ce36e
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lint.rb
@@ -0,0 +1,462 @@
+require 'rack/utils'
+
+module Rack
+ # Rack::Lint validates your application and the requests and
+ # responses according to the Rack spec.
+
+ class Lint
+ def initialize(app)
+ @app = app
+ end
+
+ # :stopdoc:
+
+ class LintError < RuntimeError; end
+ module Assertion
+ def assert(message, &block)
+ unless block.call
+ raise LintError, message
+ end
+ end
+ end
+ include Assertion
+
+ ## This specification aims to formalize the Rack protocol. You
+ ## can (and should) use Rack::Lint to enforce it.
+ ##
+ ## When you develop middleware, be sure to add a Lint before and
+ ## after to catch all mistakes.
+
+ ## = Rack applications
+
+ ## A Rack application is an Ruby object (not a class) that
+ ## responds to +call+.
+ def call(env=nil)
+ dup._call(env)
+ end
+
+ def _call(env)
+ ## It takes exactly one argument, the *environment*
+ assert("No env given") { env }
+ check_env env
+
+ env['rack.input'] = InputWrapper.new(env['rack.input'])
+ env['rack.errors'] = ErrorWrapper.new(env['rack.errors'])
+
+ ## and returns an Array of exactly three values:
+ status, headers, @body = @app.call(env)
+ ## The *status*,
+ check_status status
+ ## the *headers*,
+ check_headers headers
+ ## and the *body*.
+ check_content_type status, headers
+ check_content_length status, headers, env
+ [status, headers, self]
+ end
+
+ ## == The Environment
+ def check_env(env)
+ ## The environment must be an true instance of Hash (no
+ ## subclassing allowed) that includes CGI-like headers.
+ ## The application is free to modify the environment.
+ assert("env #{env.inspect} is not a Hash, but #{env.class}") {
+ env.instance_of? Hash
+ }
+
+ ##
+ ## The environment is required to include these variables
+ ## (adopted from PEP333), except when they'd be empty, but see
+ ## below.
+
+ ## <tt>REQUEST_METHOD</tt>:: The HTTP request method, such as
+ ## "GET" or "POST". This cannot ever
+ ## be an empty string, and so is
+ ## always required.
+
+ ## <tt>SCRIPT_NAME</tt>:: The initial portion of the request
+ ## URL's "path" that corresponds to the
+ ## application object, so that the
+ ## application knows its virtual
+ ## "location". This may be an empty
+ ## string, if the application corresponds
+ ## to the "root" of the server.
+
+ ## <tt>PATH_INFO</tt>:: The remainder of the request URL's
+ ## "path", designating the virtual
+ ## "location" of the request's target
+ ## within the application. This may be an
+ ## empty string, if the request URL targets
+ ## the application root and does not have a
+ ## trailing slash. This information should be
+ ## decoded by the server if it comes from a
+ ## URL.
+
+ ## <tt>QUERY_STRING</tt>:: The portion of the request URL that
+ ## follows the <tt>?</tt>, if any. May be
+ ## empty, but is always required!
+
+ ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>:: When combined with <tt>SCRIPT_NAME</tt> and <tt>PATH_INFO</tt>, these variables can be used to complete the URL. Note, however, that <tt>HTTP_HOST</tt>, if present, should be used in preference to <tt>SERVER_NAME</tt> for reconstructing the request URL. <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt> can never be empty strings, and so are always required.
+
+ ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
+ ## client-supplied HTTP request
+ ## headers (i.e., variables whose
+ ## names begin with <tt>HTTP_</tt>). The
+ ## presence or absence of these
+ ## variables should correspond with
+ ## the presence or absence of the
+ ## appropriate HTTP header in the
+ ## request.
+
+ ## In addition to this, the Rack environment must include these
+ ## Rack-specific variables:
+
+ ## <tt>rack.version</tt>:: The Array [0,1], representing this version of Rack.
+ ## <tt>rack.url_scheme</tt>:: +http+ or +https+, depending on the request URL.
+ ## <tt>rack.input</tt>:: See below, the input stream.
+ ## <tt>rack.errors</tt>:: See below, the error stream.
+ ## <tt>rack.multithread</tt>:: true if the application object may be simultaneously invoked by another thread in the same process, false otherwise.
+ ## <tt>rack.multiprocess</tt>:: true if an equivalent application object may be simultaneously invoked by another process, false otherwise.
+ ## <tt>rack.run_once</tt>:: true if the server expects (but does not guarantee!) that the application will only be invoked this one time during the life of its containing process. Normally, this will only be true for a server based on CGI (or something similar).
+
+ ## The server or the application can store their own data in the
+ ## environment, too. The keys must contain at least one dot,
+ ## and should be prefixed uniquely. The prefix <tt>rack.</tt>
+ ## is reserved for use with the Rack core distribution and must
+ ## not be used otherwise.
+ ##
+
+ %w[REQUEST_METHOD SERVER_NAME SERVER_PORT
+ QUERY_STRING
+ rack.version rack.input rack.errors
+ rack.multithread rack.multiprocess rack.run_once].each { |header|
+ assert("env missing required key #{header}") { env.include? header }
+ }
+
+ ## The environment must not contain the keys
+ ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
+ ## (use the versions without <tt>HTTP_</tt>).
+ %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
+ assert("env contains #{header}, must use #{header[5,-1]}") {
+ not env.include? header
+ }
+ }
+
+ ## The CGI keys (named without a period) must have String values.
+ env.each { |key, value|
+ next if key.include? "." # Skip extensions
+ assert("env variable #{key} has non-string value #{value.inspect}") {
+ value.instance_of? String
+ }
+ }
+
+ ##
+ ## There are the following restrictions:
+
+ ## * <tt>rack.version</tt> must be an array of Integers.
+ assert("rack.version must be an Array, was #{env["rack.version"].class}") {
+ env["rack.version"].instance_of? Array
+ }
+ ## * <tt>rack.url_scheme</tt> must either be +http+ or +https+.
+ assert("rack.url_scheme unknown: #{env["rack.url_scheme"].inspect}") {
+ %w[http https].include? env["rack.url_scheme"]
+ }
+
+ ## * There must be a valid input stream in <tt>rack.input</tt>.
+ check_input env["rack.input"]
+ ## * There must be a valid error stream in <tt>rack.errors</tt>.
+ check_error env["rack.errors"]
+
+ ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
+ assert("REQUEST_METHOD unknown: #{env["REQUEST_METHOD"]}") {
+ env["REQUEST_METHOD"] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
+ }
+
+ ## * The <tt>SCRIPT_NAME</tt>, if non-empty, must start with <tt>/</tt>
+ assert("SCRIPT_NAME must start with /") {
+ !env.include?("SCRIPT_NAME") ||
+ env["SCRIPT_NAME"] == "" ||
+ env["SCRIPT_NAME"] =~ /\A\//
+ }
+ ## * The <tt>PATH_INFO</tt>, if non-empty, must start with <tt>/</tt>
+ assert("PATH_INFO must start with /") {
+ !env.include?("PATH_INFO") ||
+ env["PATH_INFO"] == "" ||
+ env["PATH_INFO"] =~ /\A\//
+ }
+ ## * The <tt>CONTENT_LENGTH</tt>, if given, must consist of digits only.
+ assert("Invalid CONTENT_LENGTH: #{env["CONTENT_LENGTH"]}") {
+ !env.include?("CONTENT_LENGTH") || env["CONTENT_LENGTH"] =~ /\A\d+\z/
+ }
+
+ ## * One of <tt>SCRIPT_NAME</tt> or <tt>PATH_INFO</tt> must be
+ ## set. <tt>PATH_INFO</tt> should be <tt>/</tt> if
+ ## <tt>SCRIPT_NAME</tt> is empty.
+ assert("One of SCRIPT_NAME or PATH_INFO must be set (make PATH_INFO '/' if SCRIPT_NAME is empty)") {
+ env["SCRIPT_NAME"] || env["PATH_INFO"]
+ }
+ ## <tt>SCRIPT_NAME</tt> never should be <tt>/</tt>, but instead be empty.
+ assert("SCRIPT_NAME cannot be '/', make it '' and PATH_INFO '/'") {
+ env["SCRIPT_NAME"] != "/"
+ }
+ end
+
+ ## === The Input Stream
+ def check_input(input)
+ ## The input stream must respond to +gets+, +each+ and +read+.
+ [:gets, :each, :read].each { |method|
+ assert("rack.input #{input} does not respond to ##{method}") {
+ input.respond_to? method
+ }
+ }
+ end
+
+ class InputWrapper
+ include Assertion
+
+ def initialize(input)
+ @input = input
+ end
+
+ def size
+ @input.size
+ end
+
+ def rewind
+ @input.rewind
+ end
+
+ ## * +gets+ must be called without arguments and return a string,
+ ## or +nil+ on EOF.
+ def gets(*args)
+ assert("rack.input#gets called with arguments") { args.size == 0 }
+ v = @input.gets
+ assert("rack.input#gets didn't return a String") {
+ v.nil? or v.instance_of? String
+ }
+ v
+ end
+
+ ## * +read+ must be called without or with one integer argument
+ ## and return a string, or +nil+ on EOF.
+ def read(*args)
+ assert("rack.input#read called with too many arguments") {
+ args.size <= 1
+ }
+ if args.size == 1
+ assert("rack.input#read called with non-integer argument") {
+ args.first.kind_of? Integer
+ }
+ end
+ v = @input.read(*args)
+ assert("rack.input#read didn't return a String") {
+ v.nil? or v.instance_of? String
+ }
+ v
+ end
+
+ ## * +each+ must be called without arguments and only yield Strings.
+ def each(*args)
+ assert("rack.input#each called with arguments") { args.size == 0 }
+ @input.each { |line|
+ assert("rack.input#each didn't yield a String") {
+ line.instance_of? String
+ }
+ yield line
+ }
+ end
+
+ ## * +close+ must never be called on the input stream.
+ def close(*args)
+ assert("rack.input#close must not be called") { false }
+ end
+ end
+
+ ## === The Error Stream
+ def check_error(error)
+ ## The error stream must respond to +puts+, +write+ and +flush+.
+ [:puts, :write, :flush].each { |method|
+ assert("rack.error #{error} does not respond to ##{method}") {
+ error.respond_to? method
+ }
+ }
+ end
+
+ class ErrorWrapper
+ include Assertion
+
+ def initialize(error)
+ @error = error
+ end
+
+ ## * +puts+ must be called with a single argument that responds to +to_s+.
+ def puts(str)
+ @error.puts str
+ end
+
+ ## * +write+ must be called with a single argument that is a String.
+ def write(str)
+ assert("rack.errors#write not called with a String") { str.instance_of? String }
+ @error.write str
+ end
+
+ ## * +flush+ must be called without arguments and must be called
+ ## in order to make the error appear for sure.
+ def flush
+ @error.flush
+ end
+
+ ## * +close+ must never be called on the error stream.
+ def close(*args)
+ assert("rack.errors#close must not be called") { false }
+ end
+ end
+
+ ## == The Response
+
+ ## === The Status
+ def check_status(status)
+ ## The status, if parsed as integer (+to_i+), must be greater than or equal to 100.
+ assert("Status must be >=100 seen as integer") { status.to_i >= 100 }
+ end
+
+ ## === The Headers
+ def check_headers(header)
+ ## The header must respond to each, and yield values of key and value.
+ assert("headers object should respond to #each, but doesn't (got #{header.class} as headers)") {
+ header.respond_to? :each
+ }
+ header.each { |key, value|
+ ## The header keys must be Strings.
+ assert("header key must be a string, was #{key.class}") {
+ key.instance_of? String
+ }
+ ## The header must not contain a +Status+ key,
+ assert("header must not contain Status") { key.downcase != "status" }
+ ## contain keys with <tt>:</tt> or newlines in their name,
+ assert("header names must not contain : or \\n") { key !~ /[:\n]/ }
+ ## contain keys names that end in <tt>-</tt> or <tt>_</tt>,
+ assert("header names must not end in - or _") { key !~ /[-_]\z/ }
+ ## but only contain keys that consist of
+ ## letters, digits, <tt>_</tt> or <tt>-</tt> and start with a letter.
+ assert("invalid header name: #{key}") { key =~ /\A[a-zA-Z][a-zA-Z0-9_-]*\z/ }
+
+ ## The values of the header must be Strings,
+ assert("a header value must be a String, but the value of " +
+ "'#{key}' is a #{value.class}") { value.kind_of? String }
+ ## consisting of lines (for multiple header values) seperated by "\n".
+ value.split("\n").each { |item|
+ ## The lines must not contain characters below 037.
+ assert("invalid header value #{key}: #{item.inspect}") {
+ item !~ /[\000-\037]/
+ }
+ }
+ }
+ end
+
+ ## === The Content-Type
+ def check_content_type(status, headers)
+ headers.each { |key, value|
+ ## There must be a <tt>Content-Type</tt>, except when the
+ ## +Status+ is 1xx, 204 or 304, in which case there must be none
+ ## given.
+ if key.downcase == "content-type"
+ assert("Content-Type header found in #{status} response, not allowed") {
+ not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+ }
+ return
+ end
+ }
+ assert("No Content-Type header found") {
+ Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+ }
+ end
+
+ ## === The Content-Length
+ def check_content_length(status, headers, env)
+ headers.each { |key, value|
+ if key.downcase == 'content-length'
+ ## There must not be a <tt>Content-Length</tt> header when the
+ ## +Status+ is 1xx, 204 or 304.
+ assert("Content-Length header found in #{status} response, not allowed") {
+ not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+ }
+
+ bytes = 0
+ string_body = true
+
+ if @body.respond_to?(:to_ary)
+ @body.each { |part|
+ unless part.kind_of?(String)
+ string_body = false
+ break
+ end
+
+ bytes += Rack::Utils.bytesize(part)
+ }
+
+ if env["REQUEST_METHOD"] == "HEAD"
+ assert("Response body was given for HEAD request, but should be empty") {
+ bytes == 0
+ }
+ else
+ if string_body
+ assert("Content-Length header was #{value}, but should be #{bytes}") {
+ value == bytes.to_s
+ }
+ end
+ end
+ end
+
+ return
+ end
+ }
+ end
+
+ ## === The Body
+ def each
+ @closed = false
+ ## The Body must respond to #each
+ @body.each { |part|
+ ## and must only yield String values.
+ assert("Body yielded non-string value #{part.inspect}") {
+ part.instance_of? String
+ }
+ yield part
+ }
+ ##
+ ## If the Body responds to #close, it will be called after iteration.
+ # XXX howto: assert("Body has not been closed") { @closed }
+
+
+ ##
+ ## If the Body responds to #to_path, it must return a String
+ ## identifying the location of a file whose contents are identical
+ ## to that produced by calling #each.
+
+ if @body.respond_to?(:to_path)
+ assert("The file identified by body.to_path does not exist") {
+ ::File.exist? @body.to_path
+ }
+ end
+
+ ##
+ ## The Body commonly is an Array of Strings, the application
+ ## instance itself, or a File-like object.
+ end
+
+ def close
+ @closed = true
+ @body.close if @body.respond_to?(:close)
+ end
+
+ # :startdoc:
+
+ end
+end
+
+## == Thanks
+## Some parts of this specification are adopted from PEP333: Python
+## Web Server Gateway Interface
+## v1.0 (http://www.python.org/dev/peps/pep-0333/). I'd like to thank
+## everyone involved in that effort.
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lobster.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lobster.rb
new file mode 100644
index 0000000000..f63f419a49
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lobster.rb
@@ -0,0 +1,65 @@
+require 'zlib'
+
+require 'rack/request'
+require 'rack/response'
+
+module Rack
+ # Paste has a Pony, Rack has a Lobster!
+ class Lobster
+ LobsterString = Zlib::Inflate.inflate("eJx9kEEOwyAMBO99xd7MAcytUhPlJyj2
+ P6jy9i4k9EQyGAnBarEXeCBqSkntNXsi/ZCvC48zGQoZKikGrFMZvgS5ZHd+aGWVuWwhVF0
+ t1drVmiR42HcWNz5w3QanT+2gIvTVCiE1lm1Y0eU4JGmIIbaKwextKn8rvW+p5PIwFl8ZWJ
+ I8jyiTlhTcYXkekJAzTyYN6E08A+dk8voBkAVTJQ==".delete("\n ").unpack("m*")[0])
+
+ LambdaLobster = lambda { |env|
+ if env["QUERY_STRING"].include?("flip")
+ lobster = LobsterString.split("\n").
+ map { |line| line.ljust(42).reverse }.
+ join("\n")
+ href = "?"
+ else
+ lobster = LobsterString
+ href = "?flip"
+ end
+
+ content = ["<title>Lobstericious!</title>",
+ "<pre>", lobster, "</pre>",
+ "<a href='#{href}'>flip!</a>"]
+ length = content.inject(0) { |a,e| a+e.size }.to_s
+ [200, {"Content-Type" => "text/html", "Content-Length" => length}, content]
+ }
+
+ def call(env)
+ req = Request.new(env)
+ if req.GET["flip"] == "left"
+ lobster = LobsterString.split("\n").
+ map { |line| line.ljust(42).reverse }.
+ join("\n")
+ href = "?flip=right"
+ elsif req.GET["flip"] == "crash"
+ raise "Lobster crashed"
+ else
+ lobster = LobsterString
+ href = "?flip=left"
+ end
+
+ res = Response.new
+ res.write "<title>Lobstericious!</title>"
+ res.write "<pre>"
+ res.write lobster
+ res.write "</pre>"
+ res.write "<p><a href='#{href}'>flip!</a></p>"
+ res.write "<p><a href='?flip=crash'>crash!</a></p>"
+ res.finish
+ end
+
+ end
+end
+
+if $0 == __FILE__
+ require 'rack'
+ require 'rack/showexceptions'
+ Rack::Handler::WEBrick.run \
+ Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)),
+ :Port => 9292
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lock.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lock.rb
new file mode 100644
index 0000000000..93238528c4
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/lock.rb
@@ -0,0 +1,16 @@
+module Rack
+ class Lock
+ FLAG = 'rack.multithread'.freeze
+
+ def initialize(app, lock = Mutex.new)
+ @app, @lock = app, lock
+ end
+
+ def call(env)
+ old, env[FLAG] = env[FLAG], false
+ @lock.synchronize { @app.call(env) }
+ ensure
+ env[FLAG] = old
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/methodoverride.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/methodoverride.rb
new file mode 100644
index 0000000000..0eed29f471
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/methodoverride.rb
@@ -0,0 +1,27 @@
+module Rack
+ class MethodOverride
+ HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+ METHOD_OVERRIDE_PARAM_KEY = "_method".freeze
+ HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE".freeze
+
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ if env["REQUEST_METHOD"] == "POST"
+ req = Request.new(env)
+ method = req.POST[METHOD_OVERRIDE_PARAM_KEY] ||
+ env[HTTP_METHOD_OVERRIDE_HEADER]
+ method = method.to_s.upcase
+ if HTTP_METHODS.include?(method)
+ env["rack.methodoverride.original_method"] = env["REQUEST_METHOD"]
+ env["REQUEST_METHOD"] = method
+ end
+ end
+
+ @app.call(env)
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mime.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mime.rb
new file mode 100644
index 0000000000..5a6a73a97b
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mime.rb
@@ -0,0 +1,204 @@
+module Rack
+ module Mime
+ # Returns String with mime type if found, otherwise use +fallback+.
+ # +ext+ should be filename extension in the '.ext' format that
+ # File.extname(file) returns.
+ # +fallback+ may be any object
+ #
+ # Also see the documentation for MIME_TYPES
+ #
+ # Usage:
+ # Rack::Mime.mime_type('.foo')
+ #
+ # This is a shortcut for:
+ # Rack::Mime::MIME_TYPES.fetch('.foo', 'application/octet-stream')
+
+ def mime_type(ext, fallback='application/octet-stream')
+ MIME_TYPES.fetch(ext, fallback)
+ end
+ module_function :mime_type
+
+ # List of most common mime-types, selected various sources
+ # according to their usefulness in a webserving scope for Ruby
+ # users.
+ #
+ # To amend this list with your local mime.types list you can use:
+ #
+ # require 'webrick/httputils'
+ # list = WEBrick::HTTPUtils.load_mime_types('/etc/mime.types')
+ # Rack::Mime::MIME_TYPES.merge!(list)
+ #
+ # To add the list mongrel provides, use:
+ #
+ # require 'mongrel/handlers'
+ # Rack::Mime::MIME_TYPES.merge!(Mongrel::DirHandler::MIME_TYPES)
+
+ MIME_TYPES = {
+ ".3gp" => "video/3gpp",
+ ".a" => "application/octet-stream",
+ ".ai" => "application/postscript",
+ ".aif" => "audio/x-aiff",
+ ".aiff" => "audio/x-aiff",
+ ".asc" => "application/pgp-signature",
+ ".asf" => "video/x-ms-asf",
+ ".asm" => "text/x-asm",
+ ".asx" => "video/x-ms-asf",
+ ".atom" => "application/atom+xml",
+ ".au" => "audio/basic",
+ ".avi" => "video/x-msvideo",
+ ".bat" => "application/x-msdownload",
+ ".bin" => "application/octet-stream",
+ ".bmp" => "image/bmp",
+ ".bz2" => "application/x-bzip2",
+ ".c" => "text/x-c",
+ ".cab" => "application/vnd.ms-cab-compressed",
+ ".cc" => "text/x-c",
+ ".chm" => "application/vnd.ms-htmlhelp",
+ ".class" => "application/octet-stream",
+ ".com" => "application/x-msdownload",
+ ".conf" => "text/plain",
+ ".cpp" => "text/x-c",
+ ".crt" => "application/x-x509-ca-cert",
+ ".css" => "text/css",
+ ".csv" => "text/csv",
+ ".cxx" => "text/x-c",
+ ".deb" => "application/x-debian-package",
+ ".der" => "application/x-x509-ca-cert",
+ ".diff" => "text/x-diff",
+ ".djv" => "image/vnd.djvu",
+ ".djvu" => "image/vnd.djvu",
+ ".dll" => "application/x-msdownload",
+ ".dmg" => "application/octet-stream",
+ ".doc" => "application/msword",
+ ".dot" => "application/msword",
+ ".dtd" => "application/xml-dtd",
+ ".dvi" => "application/x-dvi",
+ ".ear" => "application/java-archive",
+ ".eml" => "message/rfc822",
+ ".eps" => "application/postscript",
+ ".exe" => "application/x-msdownload",
+ ".f" => "text/x-fortran",
+ ".f77" => "text/x-fortran",
+ ".f90" => "text/x-fortran",
+ ".flv" => "video/x-flv",
+ ".for" => "text/x-fortran",
+ ".gem" => "application/octet-stream",
+ ".gemspec" => "text/x-script.ruby",
+ ".gif" => "image/gif",
+ ".gz" => "application/x-gzip",
+ ".h" => "text/x-c",
+ ".hh" => "text/x-c",
+ ".htm" => "text/html",
+ ".html" => "text/html",
+ ".ico" => "image/vnd.microsoft.icon",
+ ".ics" => "text/calendar",
+ ".ifb" => "text/calendar",
+ ".iso" => "application/octet-stream",
+ ".jar" => "application/java-archive",
+ ".java" => "text/x-java-source",
+ ".jnlp" => "application/x-java-jnlp-file",
+ ".jpeg" => "image/jpeg",
+ ".jpg" => "image/jpeg",
+ ".js" => "application/javascript",
+ ".json" => "application/json",
+ ".log" => "text/plain",
+ ".m3u" => "audio/x-mpegurl",
+ ".m4v" => "video/mp4",
+ ".man" => "text/troff",
+ ".mathml" => "application/mathml+xml",
+ ".mbox" => "application/mbox",
+ ".mdoc" => "text/troff",
+ ".me" => "text/troff",
+ ".mid" => "audio/midi",
+ ".midi" => "audio/midi",
+ ".mime" => "message/rfc822",
+ ".mml" => "application/mathml+xml",
+ ".mng" => "video/x-mng",
+ ".mov" => "video/quicktime",
+ ".mp3" => "audio/mpeg",
+ ".mp4" => "video/mp4",
+ ".mp4v" => "video/mp4",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".ms" => "text/troff",
+ ".msi" => "application/x-msdownload",
+ ".odp" => "application/vnd.oasis.opendocument.presentation",
+ ".ods" => "application/vnd.oasis.opendocument.spreadsheet",
+ ".odt" => "application/vnd.oasis.opendocument.text",
+ ".ogg" => "application/ogg",
+ ".p" => "text/x-pascal",
+ ".pas" => "text/x-pascal",
+ ".pbm" => "image/x-portable-bitmap",
+ ".pdf" => "application/pdf",
+ ".pem" => "application/x-x509-ca-cert",
+ ".pgm" => "image/x-portable-graymap",
+ ".pgp" => "application/pgp-encrypted",
+ ".pkg" => "application/octet-stream",
+ ".pl" => "text/x-script.perl",
+ ".pm" => "text/x-script.perl-module",
+ ".png" => "image/png",
+ ".pnm" => "image/x-portable-anymap",
+ ".ppm" => "image/x-portable-pixmap",
+ ".pps" => "application/vnd.ms-powerpoint",
+ ".ppt" => "application/vnd.ms-powerpoint",
+ ".ps" => "application/postscript",
+ ".psd" => "image/vnd.adobe.photoshop",
+ ".py" => "text/x-script.python",
+ ".qt" => "video/quicktime",
+ ".ra" => "audio/x-pn-realaudio",
+ ".rake" => "text/x-script.ruby",
+ ".ram" => "audio/x-pn-realaudio",
+ ".rar" => "application/x-rar-compressed",
+ ".rb" => "text/x-script.ruby",
+ ".rdf" => "application/rdf+xml",
+ ".roff" => "text/troff",
+ ".rpm" => "application/x-redhat-package-manager",
+ ".rss" => "application/rss+xml",
+ ".rtf" => "application/rtf",
+ ".ru" => "text/x-script.ruby",
+ ".s" => "text/x-asm",
+ ".sgm" => "text/sgml",
+ ".sgml" => "text/sgml",
+ ".sh" => "application/x-sh",
+ ".sig" => "application/pgp-signature",
+ ".snd" => "audio/basic",
+ ".so" => "application/octet-stream",
+ ".svg" => "image/svg+xml",
+ ".svgz" => "image/svg+xml",
+ ".swf" => "application/x-shockwave-flash",
+ ".t" => "text/troff",
+ ".tar" => "application/x-tar",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tcl" => "application/x-tcl",
+ ".tex" => "application/x-tex",
+ ".texi" => "application/x-texinfo",
+ ".texinfo" => "application/x-texinfo",
+ ".text" => "text/plain",
+ ".tif" => "image/tiff",
+ ".tiff" => "image/tiff",
+ ".torrent" => "application/x-bittorrent",
+ ".tr" => "text/troff",
+ ".txt" => "text/plain",
+ ".vcf" => "text/x-vcard",
+ ".vcs" => "text/x-vcalendar",
+ ".vrml" => "model/vrml",
+ ".war" => "application/java-archive",
+ ".wav" => "audio/x-wav",
+ ".wma" => "audio/x-ms-wma",
+ ".wmv" => "video/x-ms-wmv",
+ ".wmx" => "video/x-ms-wmx",
+ ".wrl" => "model/vrml",
+ ".wsdl" => "application/wsdl+xml",
+ ".xbm" => "image/x-xbitmap",
+ ".xhtml" => "application/xhtml+xml",
+ ".xls" => "application/vnd.ms-excel",
+ ".xml" => "application/xml",
+ ".xpm" => "image/x-xpixmap",
+ ".xsl" => "application/xml",
+ ".xslt" => "application/xslt+xml",
+ ".yaml" => "text/yaml",
+ ".yml" => "text/yaml",
+ ".zip" => "application/zip",
+ }
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mock.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mock.rb
new file mode 100644
index 0000000000..70852da3db
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/mock.rb
@@ -0,0 +1,160 @@
+require 'uri'
+require 'stringio'
+require 'rack/lint'
+require 'rack/utils'
+require 'rack/response'
+
+module Rack
+ # Rack::MockRequest helps testing your Rack application without
+ # actually using HTTP.
+ #
+ # After performing a request on a URL with get/post/put/delete, it
+ # returns a MockResponse with useful helper methods for effective
+ # testing.
+ #
+ # You can pass a hash with additional configuration to the
+ # get/post/put/delete.
+ # <tt>:input</tt>:: A String or IO-like to be used as rack.input.
+ # <tt>:fatal</tt>:: Raise a FatalWarning if the app writes to rack.errors.
+ # <tt>:lint</tt>:: If true, wrap the application in a Rack::Lint.
+
+ class MockRequest
+ class FatalWarning < RuntimeError
+ end
+
+ class FatalWarner
+ def puts(warning)
+ raise FatalWarning, warning
+ end
+
+ def write(warning)
+ raise FatalWarning, warning
+ end
+
+ def flush
+ end
+
+ def string
+ ""
+ end
+ end
+
+ DEFAULT_ENV = {
+ "rack.version" => [0,1],
+ "rack.input" => StringIO.new,
+ "rack.errors" => StringIO.new,
+ "rack.multithread" => true,
+ "rack.multiprocess" => true,
+ "rack.run_once" => false,
+ }
+
+ def initialize(app)
+ @app = app
+ end
+
+ def get(uri, opts={}) request("GET", uri, opts) end
+ def post(uri, opts={}) request("POST", uri, opts) end
+ def put(uri, opts={}) request("PUT", uri, opts) end
+ def delete(uri, opts={}) request("DELETE", uri, opts) end
+
+ def request(method="GET", uri="", opts={})
+ env = self.class.env_for(uri, opts.merge(:method => method))
+
+ if opts[:lint]
+ app = Rack::Lint.new(@app)
+ else
+ app = @app
+ end
+
+ errors = env["rack.errors"]
+ MockResponse.new(*(app.call(env) + [errors]))
+ end
+
+ # Return the Rack environment used for a request to +uri+.
+ def self.env_for(uri="", opts={})
+ uri = URI(uri)
+ env = DEFAULT_ENV.dup
+
+ env["REQUEST_METHOD"] = opts[:method] || "GET"
+ env["SERVER_NAME"] = uri.host || "example.org"
+ env["SERVER_PORT"] = uri.port ? uri.port.to_s : "80"
+ env["QUERY_STRING"] = uri.query.to_s
+ env["PATH_INFO"] = (!uri.path || uri.path.empty?) ? "/" : uri.path
+ env["rack.url_scheme"] = uri.scheme || "http"
+
+ env["SCRIPT_NAME"] = opts[:script_name] || ""
+
+ if opts[:fatal]
+ env["rack.errors"] = FatalWarner.new
+ else
+ env["rack.errors"] = StringIO.new
+ end
+
+ opts[:input] ||= ""
+ if String === opts[:input]
+ env["rack.input"] = StringIO.new(opts[:input])
+ else
+ env["rack.input"] = opts[:input]
+ end
+
+ env["CONTENT_LENGTH"] ||= env["rack.input"].length.to_s
+
+ opts.each { |field, value|
+ env[field] = value if String === field
+ }
+
+ env
+ end
+ end
+
+ # Rack::MockResponse provides useful helpers for testing your apps.
+ # Usually, you don't create the MockResponse on your own, but use
+ # MockRequest.
+
+ class MockResponse
+ def initialize(status, headers, body, errors=StringIO.new(""))
+ @status = status.to_i
+
+ @original_headers = headers
+ @headers = Rack::Utils::HeaderHash.new
+ headers.each { |field, values|
+ @headers[field] = values
+ @headers[field] = "" if values.empty?
+ }
+
+ @body = ""
+ body.each { |part| @body << part }
+
+ @errors = errors.string
+ end
+
+ # Status
+ attr_reader :status
+
+ # Headers
+ attr_reader :headers, :original_headers
+
+ def [](field)
+ headers[field]
+ end
+
+
+ # Body
+ attr_reader :body
+
+ def =~(other)
+ @body =~ other
+ end
+
+ def match(other)
+ @body.match other
+ end
+
+
+ # Errors
+ attr_accessor :errors
+
+
+ include Response::Helpers
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/recursive.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/recursive.rb
new file mode 100644
index 0000000000..bf8b965925
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/recursive.rb
@@ -0,0 +1,57 @@
+require 'uri'
+
+module Rack
+ # Rack::ForwardRequest gets caught by Rack::Recursive and redirects
+ # the current request to the app at +url+.
+ #
+ # raise ForwardRequest.new("/not-found")
+ #
+
+ class ForwardRequest < Exception
+ attr_reader :url, :env
+
+ def initialize(url, env={})
+ @url = URI(url)
+ @env = env
+
+ @env["PATH_INFO"] = @url.path
+ @env["QUERY_STRING"] = @url.query if @url.query
+ @env["HTTP_HOST"] = @url.host if @url.host
+ @env["HTTP_PORT"] = @url.port if @url.port
+ @env["rack.url_scheme"] = @url.scheme if @url.scheme
+
+ super "forwarding to #{url}"
+ end
+ end
+
+ # Rack::Recursive allows applications called down the chain to
+ # include data from other applications (by using
+ # <tt>rack['rack.recursive.include'][...]</tt> or raise a
+ # ForwardRequest to redirect internally.
+
+ class Recursive
+ def initialize(app)
+ @app = app
+ end
+
+ def call(env)
+ @script_name = env["SCRIPT_NAME"]
+ @app.call(env.merge('rack.recursive.include' => method(:include)))
+ rescue ForwardRequest => req
+ call(env.merge(req.env))
+ end
+
+ def include(env, path)
+ unless path.index(@script_name) == 0 && (path[@script_name.size] == ?/ ||
+ path[@script_name.size].nil?)
+ raise ArgumentError, "can only include below #{@script_name}, not #{path}"
+ end
+
+ env = env.merge("PATH_INFO" => path, "SCRIPT_NAME" => @script_name,
+ "REQUEST_METHOD" => "GET",
+ "CONTENT_LENGTH" => "0", "CONTENT_TYPE" => "",
+ "rack.input" => StringIO.new(""))
+ @app.call(env)
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/reloader.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/reloader.rb
new file mode 100644
index 0000000000..b17d8c0926
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/reloader.rb
@@ -0,0 +1,64 @@
+require 'thread'
+
+module Rack
+ # Rack::Reloader checks on every request, but at most every +secs+
+ # seconds, if a file loaded changed, and reloads it, logging to
+ # rack.errors.
+ #
+ # It is recommended you use ShowExceptions to catch SyntaxErrors etc.
+
+ class Reloader
+ def initialize(app, secs=10)
+ @app = app
+ @secs = secs # reload every @secs seconds max
+ @last = Time.now
+ end
+
+ def call(env)
+ if Time.now > @last + @secs
+ Thread.exclusive {
+ reload!(env['rack.errors'])
+ @last = Time.now
+ }
+ end
+
+ @app.call(env)
+ end
+
+ def reload!(stderr=$stderr)
+ need_reload = $LOADED_FEATURES.find_all { |loaded|
+ begin
+ if loaded =~ /\A[.\/]/ # absolute filename or 1.9
+ abs = loaded
+ else
+ abs = $LOAD_PATH.map { |path| ::File.join(path, loaded) }.
+ find { |file| ::File.exist? file }
+ end
+
+ if abs
+ ::File.mtime(abs) > @last - @secs rescue false
+ else
+ false
+ end
+ end
+ }
+
+ need_reload.each { |l|
+ $LOADED_FEATURES.delete l
+ }
+
+ need_reload.each { |to_load|
+ begin
+ if require to_load
+ stderr.puts "#{self.class}: reloaded `#{to_load}'"
+ end
+ rescue LoadError, SyntaxError => e
+ raise e # Possibly ShowExceptions
+ end
+ }
+
+ stderr.flush
+ need_reload
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/request.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/request.rb
new file mode 100644
index 0000000000..d77fa26575
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/request.rb
@@ -0,0 +1,241 @@
+require 'rack/utils'
+
+module Rack
+ # Rack::Request provides a convenient interface to a Rack
+ # environment. It is stateless, the environment +env+ passed to the
+ # constructor will be directly modified.
+ #
+ # req = Rack::Request.new(env)
+ # req.post?
+ # req.params["data"]
+ #
+ # The environment hash passed will store a reference to the Request object
+ # instantiated so that it will only instantiate if an instance of the Request
+ # object doesn't already exist.
+
+ class Request
+ # The environment of the request.
+ attr_reader :env
+
+ def self.new(env)
+ if self == Rack::Request
+ env["rack.request"] ||= super
+ else
+ super
+ end
+ end
+
+ def initialize(env)
+ @env = env
+ end
+
+ def body; @env["rack.input"] end
+ def scheme; @env["rack.url_scheme"] end
+ def script_name; @env["SCRIPT_NAME"].to_s end
+ def path_info; @env["PATH_INFO"].to_s end
+ def port; @env["SERVER_PORT"].to_i end
+ def request_method; @env["REQUEST_METHOD"] end
+ def query_string; @env["QUERY_STRING"].to_s end
+ def content_length; @env['CONTENT_LENGTH'] end
+ def content_type; @env['CONTENT_TYPE'] end
+
+ # The media type (type/subtype) portion of the CONTENT_TYPE header
+ # without any media type parameters. e.g., when CONTENT_TYPE is
+ # "text/plain;charset=utf-8", the media-type is "text/plain".
+ #
+ # For more information on the use of media types in HTTP, see:
+ # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
+ def media_type
+ content_type && content_type.split(/\s*[;,]\s*/, 2)[0].downcase
+ end
+
+ # The media type parameters provided in CONTENT_TYPE as a Hash, or
+ # an empty Hash if no CONTENT_TYPE or media-type parameters were
+ # provided. e.g., when the CONTENT_TYPE is "text/plain;charset=utf-8",
+ # this method responds with the following Hash:
+ # { 'charset' => 'utf-8' }
+ def media_type_params
+ return {} if content_type.nil?
+ content_type.split(/\s*[;,]\s*/)[1..-1].
+ collect { |s| s.split('=', 2) }.
+ inject({}) { |hash,(k,v)| hash[k.downcase] = v ; hash }
+ end
+
+ # The character set of the request body if a "charset" media type
+ # parameter was given, or nil if no "charset" was specified. Note
+ # that, per RFC2616, text/* media types that specify no explicit
+ # charset are to be considered ISO-8859-1.
+ def content_charset
+ media_type_params['charset']
+ end
+
+ def host
+ # Remove port number.
+ (@env["HTTP_HOST"] || @env["SERVER_NAME"]).gsub(/:\d+\z/, '')
+ end
+
+ def script_name=(s); @env["SCRIPT_NAME"] = s.to_s end
+ def path_info=(s); @env["PATH_INFO"] = s.to_s end
+
+ def get?; request_method == "GET" end
+ def post?; request_method == "POST" end
+ def put?; request_method == "PUT" end
+ def delete?; request_method == "DELETE" end
+ def head?; request_method == "HEAD" end
+
+ # The set of form-data media-types. Requests that do not indicate
+ # one of the media types presents in this list will not be eligible
+ # for form-data / param parsing.
+ FORM_DATA_MEDIA_TYPES = [
+ nil,
+ 'application/x-www-form-urlencoded',
+ 'multipart/form-data'
+ ]
+
+ # Determine whether the request body contains form-data by checking
+ # the request media_type against registered form-data media-types:
+ # "application/x-www-form-urlencoded" and "multipart/form-data". The
+ # list of form-data media types can be modified through the
+ # +FORM_DATA_MEDIA_TYPES+ array.
+ def form_data?
+ FORM_DATA_MEDIA_TYPES.include?(media_type)
+ end
+
+ # Returns the data recieved in the query string.
+ def GET
+ if @env["rack.request.query_string"] == query_string
+ @env["rack.request.query_hash"]
+ else
+ @env["rack.request.query_string"] = query_string
+ @env["rack.request.query_hash"] =
+ Utils.parse_nested_query(query_string)
+ end
+ end
+
+ # Returns the data recieved in the request body.
+ #
+ # This method support both application/x-www-form-urlencoded and
+ # multipart/form-data.
+ def POST
+ if @env["rack.request.form_input"].eql? @env["rack.input"]
+ @env["rack.request.form_hash"]
+ elsif form_data?
+ @env["rack.request.form_input"] = @env["rack.input"]
+ unless @env["rack.request.form_hash"] =
+ Utils::Multipart.parse_multipart(env)
+ form_vars = @env["rack.input"].read
+
+ # Fix for Safari Ajax postings that always append \0
+ form_vars.sub!(/\0\z/, '')
+
+ @env["rack.request.form_vars"] = form_vars
+ @env["rack.request.form_hash"] = Utils.parse_nested_query(form_vars)
+
+ begin
+ @env["rack.input"].rewind if @env["rack.input"].respond_to?(:rewind)
+ rescue Errno::ESPIPE
+ # Handles exceptions raised by input streams that cannot be rewound
+ # such as when using plain CGI under Apache
+ end
+ end
+ @env["rack.request.form_hash"]
+ else
+ {}
+ end
+ end
+
+ # The union of GET and POST data.
+ def params
+ self.put? ? self.GET : self.GET.update(self.POST)
+ rescue EOFError => e
+ self.GET
+ end
+
+ # shortcut for request.params[key]
+ def [](key)
+ params[key.to_s]
+ end
+
+ # shortcut for request.params[key] = value
+ def []=(key, value)
+ params[key.to_s] = value
+ end
+
+ # like Hash#values_at
+ def values_at(*keys)
+ keys.map{|key| params[key] }
+ end
+
+ # the referer of the client or '/'
+ def referer
+ @env['HTTP_REFERER'] || '/'
+ end
+ alias referrer referer
+
+
+ def cookies
+ return {} unless @env["HTTP_COOKIE"]
+
+ if @env["rack.request.cookie_string"] == @env["HTTP_COOKIE"]
+ @env["rack.request.cookie_hash"]
+ else
+ @env["rack.request.cookie_string"] = @env["HTTP_COOKIE"]
+ # According to RFC 2109:
+ # If multiple cookies satisfy the criteria above, they are ordered in
+ # the Cookie header such that those with more specific Path attributes
+ # precede those with less specific. Ordering with respect to other
+ # attributes (e.g., Domain) is unspecified.
+ @env["rack.request.cookie_hash"] =
+ Utils.parse_query(@env["rack.request.cookie_string"], ';,').inject({}) {|h,(k,v)|
+ h[k] = Array === v ? v.first : v
+ h
+ }
+ end
+ end
+
+ def xhr?
+ @env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest"
+ end
+
+ # Tries to return a remake of the original request URL as a string.
+ def url
+ url = scheme + "://"
+ url << host
+
+ if scheme == "https" && port != 443 ||
+ scheme == "http" && port != 80
+ url << ":#{port}"
+ end
+
+ url << fullpath
+
+ url
+ end
+
+ def fullpath
+ path = script_name + path_info
+ path << "?" << query_string unless query_string.empty?
+ path
+ end
+
+ def accept_encoding
+ @env["HTTP_ACCEPT_ENCODING"].to_s.split(/,\s*/).map do |part|
+ m = /^([^\s,]+?)(?:;\s*q=(\d+(?:\.\d+)?))?$/.match(part) # From WEBrick
+
+ if m
+ [m[1], (m[2] || 1.0).to_f]
+ else
+ raise "Invalid value for Accept-Encoding: #{part.inspect}"
+ end
+ end
+ end
+
+ def ip
+ if addr = @env['HTTP_X_FORWARDED_FOR']
+ addr.split(',').last.strip
+ else
+ @env['REMOTE_ADDR']
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/response.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/response.rb
new file mode 100644
index 0000000000..caf60d5b19
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/response.rb
@@ -0,0 +1,179 @@
+require 'rack/request'
+require 'rack/utils'
+
+module Rack
+ # Rack::Response provides a convenient interface to create a Rack
+ # response.
+ #
+ # It allows setting of headers and cookies, and provides useful
+ # defaults (a OK response containing HTML).
+ #
+ # You can use Response#write to iteratively generate your response,
+ # but note that this is buffered by Rack::Response until you call
+ # +finish+. +finish+ however can take a block inside which calls to
+ # +write+ are syncronous with the Rack response.
+ #
+ # Your application's +call+ should end returning Response#finish.
+
+ class Response
+ attr_accessor :length
+
+ def initialize(body=[], status=200, header={}, &block)
+ @status = status
+ @header = Utils::HeaderHash.new({"Content-Type" => "text/html"}.
+ merge(header))
+
+ @writer = lambda { |x| @body << x }
+ @block = nil
+ @length = 0
+
+ @body = []
+
+ if body.respond_to? :to_str
+ write body.to_str
+ elsif body.respond_to?(:each)
+ body.each { |part|
+ write part.to_s
+ }
+ else
+ raise TypeError, "stringable or iterable required"
+ end
+
+ yield self if block_given?
+ end
+
+ attr_reader :header
+ attr_accessor :status, :body
+
+ def [](key)
+ header[key]
+ end
+
+ def []=(key, value)
+ header[key] = value
+ end
+
+ def set_cookie(key, value)
+ case value
+ when Hash
+ domain = "; domain=" + value[:domain] if value[:domain]
+ path = "; path=" + value[:path] if value[:path]
+ # According to RFC 2109, we need dashes here.
+ # N.B.: cgi.rb uses spaces...
+ expires = "; expires=" + value[:expires].clone.gmtime.
+ strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires]
+ secure = "; secure" if value[:secure]
+ httponly = "; HttpOnly" if value[:httponly]
+ value = value[:value]
+ end
+ value = [value] unless Array === value
+ cookie = Utils.escape(key) + "=" +
+ value.map { |v| Utils.escape v }.join("&") +
+ "#{domain}#{path}#{expires}#{secure}#{httponly}"
+
+ case self["Set-Cookie"]
+ when Array
+ self["Set-Cookie"] << cookie
+ when String
+ self["Set-Cookie"] = [self["Set-Cookie"], cookie]
+ when nil
+ self["Set-Cookie"] = cookie
+ end
+ end
+
+ def delete_cookie(key, value={})
+ unless Array === self["Set-Cookie"]
+ self["Set-Cookie"] = [self["Set-Cookie"]].compact
+ end
+
+ self["Set-Cookie"].reject! { |cookie|
+ cookie =~ /\A#{Utils.escape(key)}=/
+ }
+
+ set_cookie(key,
+ {:value => '', :path => nil, :domain => nil,
+ :expires => Time.at(0) }.merge(value))
+ end
+
+
+ def finish(&block)
+ @block = block
+
+ if [204, 304].include?(status.to_i)
+ header.delete "Content-Type"
+ [status.to_i, header.to_hash, []]
+ else
+ [status.to_i, header.to_hash, self]
+ end
+ end
+ alias to_a finish # For *response
+
+ def each(&callback)
+ @body.each(&callback)
+ @writer = callback
+ @block.call(self) if @block
+ end
+
+ # Append to body and update Content-Length.
+ #
+ # NOTE: Do not mix #write and direct #body access!
+ #
+ def write(str)
+ s = str.to_s
+ @length += s.size
+ @writer.call s
+
+ header["Content-Length"] = @length.to_s
+ str
+ end
+
+ def close
+ body.close if body.respond_to?(:close)
+ end
+
+ def empty?
+ @block == nil && @body.empty?
+ end
+
+ alias headers header
+
+ module Helpers
+ def invalid?; @status < 100 || @status >= 600; end
+
+ def informational?; @status >= 100 && @status < 200; end
+ def successful?; @status >= 200 && @status < 300; end
+ def redirection?; @status >= 300 && @status < 400; end
+ def client_error?; @status >= 400 && @status < 500; end
+ def server_error?; @status >= 500 && @status < 600; end
+
+ def ok?; @status == 200; end
+ def forbidden?; @status == 403; end
+ def not_found?; @status == 404; end
+
+ def redirect?; [301, 302, 303, 307].include? @status; end
+ def empty?; [201, 204, 304].include? @status; end
+
+ # Headers
+ attr_reader :headers, :original_headers
+
+ def include?(header)
+ !!headers[header]
+ end
+
+ def content_type
+ headers["Content-Type"]
+ end
+
+ def content_length
+ cl = headers["Content-Length"]
+ cl ? cl.to_i : cl
+ end
+
+ def location
+ headers["Location"]
+ end
+ end
+
+ include Helpers
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/abstract/id.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/abstract/id.rb
new file mode 100644
index 0000000000..218144c17f
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/abstract/id.rb
@@ -0,0 +1,142 @@
+# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+# bugrep: Andreas Zehnder
+
+require 'time'
+require 'rack/request'
+require 'rack/response'
+
+module Rack
+
+ module Session
+
+ module Abstract
+
+ # ID sets up a basic framework for implementing an id based sessioning
+ # service. Cookies sent to the client for maintaining sessions will only
+ # contain an id reference. Only #get_session and #set_session are
+ # required to be overwritten.
+ #
+ # All parameters are optional.
+ # * :key determines the name of the cookie, by default it is
+ # 'rack.session'
+ # * :path, :domain, :expire_after, :secure, and :httponly set the related
+ # cookie options as by Rack::Response#add_cookie
+ # * :defer will not set a cookie in the response.
+ # * :renew (implementation dependent) will prompt the generation of a new
+ # session id, and migration of data to be referenced at the new id. If
+ # :defer is set, it will be overridden and the cookie will be set.
+ # * :sidbits sets the number of bits in length that a generated session
+ # id will be.
+ #
+ # These options can be set on a per request basis, at the location of
+ # env['rack.session.options']. Additionally the id of the session can be
+ # found within the options hash at the key :id. It is highly not
+ # recommended to change its value.
+ #
+ # Is Rack::Utils::Context compatible.
+
+ class ID
+ DEFAULT_OPTIONS = {
+ :path => '/',
+ :domain => nil,
+ :expire_after => nil,
+ :secure => false,
+ :httponly => true,
+ :defer => false,
+ :renew => false,
+ :sidbits => 128
+ }
+
+ attr_reader :key, :default_options
+ def initialize(app, options={})
+ @app = app
+ @key = options[:key] || "rack.session"
+ @default_options = self.class::DEFAULT_OPTIONS.merge(options)
+ end
+
+ def call(env)
+ context(env)
+ end
+
+ def context(env, app=@app)
+ load_session(env)
+ status, headers, body = app.call(env)
+ commit_session(env, status, headers, body)
+ end
+
+ private
+
+ # Generate a new session id using Ruby #rand. The size of the
+ # session id is controlled by the :sidbits option.
+ # Monkey patch this to use custom methods for session id generation.
+
+ def generate_sid
+ "%0#{@default_options[:sidbits] / 4}x" %
+ rand(2**@default_options[:sidbits] - 1)
+ end
+
+ # Extracts the session id from provided cookies and passes it and the
+ # environment to #get_session. It then sets the resulting session into
+ # 'rack.session', and places options and session metadata into
+ # 'rack.session.options'.
+
+ def load_session(env)
+ request = Rack::Request.new(env)
+ session_id = request.cookies[@key]
+
+ begin
+ session_id, session = get_session(env, session_id)
+ env['rack.session'] = session
+ rescue
+ env['rack.session'] = Hash.new
+ end
+
+ env['rack.session.options'] = @default_options.
+ merge(:id => session_id)
+ end
+
+ # Acquires the session from the environment and the session id from
+ # the session options and passes them to #set_session. If successful
+ # and the :defer option is not true, a cookie will be added to the
+ # response with the session's id.
+
+ def commit_session(env, status, headers, body)
+ session = env['rack.session']
+ options = env['rack.session.options']
+ session_id = options[:id]
+
+ if not session_id = set_session(env, session_id, session, options)
+ env["rack.errors"].puts("Warning! #{self.class.name} failed to save session. Content dropped.")
+ [status, headers, body]
+ elsif options[:defer] and not options[:renew]
+ env["rack.errors"].puts("Defering cookie for #{session_id}") if $VERBOSE
+ [status, headers, body]
+ else
+ cookie = Hash.new
+ cookie[:value] = session_id
+ cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
+ response = Rack::Response.new(body, status, headers)
+ response.set_cookie(@key, cookie.merge(options))
+ response.to_a
+ end
+ end
+
+ # All thread safety and session retrival proceedures should occur here.
+ # Should return [session_id, session].
+ # If nil is provided as the session id, generation of a new valid id
+ # should occur within.
+
+ def get_session(env, sid)
+ raise '#get_session not implemented.'
+ end
+
+ # All thread safety and session storage proceedures should occur here.
+ # Should return true or false dependant on whether or not the session
+ # was saved or not.
+ def set_session(env, sid, session, options)
+ raise '#set_session not implemented.'
+ end
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/cookie.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/cookie.rb
new file mode 100644
index 0000000000..eace9bd0c6
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/cookie.rb
@@ -0,0 +1,91 @@
+require 'openssl'
+require 'rack/request'
+require 'rack/response'
+
+module Rack
+
+ module Session
+
+ # Rack::Session::Cookie provides simple cookie based session management.
+ # The session is a Ruby Hash stored as base64 encoded marshalled data
+ # set to :key (default: rack.session).
+ # When the secret key is set, cookie data is checked for data integrity.
+ #
+ # Example:
+ #
+ # use Rack::Session::Cookie, :key => 'rack.session',
+ # :domain => 'foo.com',
+ # :path => '/',
+ # :expire_after => 2592000,
+ # :secret => 'change_me'
+ #
+ # All parameters are optional.
+
+ class Cookie
+
+ def initialize(app, options={})
+ @app = app
+ @key = options[:key] || "rack.session"
+ @secret = options[:secret]
+ @default_options = {:domain => nil,
+ :path => "/",
+ :expire_after => nil}.merge(options)
+ end
+
+ def call(env)
+ load_session(env)
+ status, headers, body = @app.call(env)
+ commit_session(env, status, headers, body)
+ end
+
+ private
+
+ def load_session(env)
+ request = Rack::Request.new(env)
+ session_data = request.cookies[@key]
+
+ if @secret && session_data
+ session_data, digest = session_data.split("--")
+ session_data = nil unless digest == generate_hmac(session_data)
+ end
+
+ begin
+ session_data = session_data.unpack("m*").first
+ session_data = Marshal.load(session_data)
+ env["rack.session"] = session_data
+ rescue
+ env["rack.session"] = Hash.new
+ end
+
+ env["rack.session.options"] = @default_options.dup
+ end
+
+ def commit_session(env, status, headers, body)
+ session_data = Marshal.dump(env["rack.session"])
+ session_data = [session_data].pack("m*")
+
+ if @secret
+ session_data = "#{session_data}--#{generate_hmac(session_data)}"
+ end
+
+ if session_data.size > (4096 - @key.size)
+ env["rack.errors"].puts("Warning! Rack::Session::Cookie data size exceeds 4K. Content dropped.")
+ [status, headers, body]
+ else
+ options = env["rack.session.options"]
+ cookie = Hash.new
+ cookie[:value] = session_data
+ cookie[:expires] = Time.now + options[:expire_after] unless options[:expire_after].nil?
+ response = Rack::Response.new(body, status, headers)
+ response.set_cookie(@key, cookie.merge(options))
+ response.to_a
+ end
+ end
+
+ def generate_hmac(data)
+ OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA1.new, @secret, data)
+ end
+
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/memcache.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/memcache.rb
new file mode 100644
index 0000000000..4a65cbf35d
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/memcache.rb
@@ -0,0 +1,109 @@
+# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+
+require 'rack/session/abstract/id'
+require 'memcache'
+
+module Rack
+ module Session
+ # Rack::Session::Memcache provides simple cookie based session management.
+ # Session data is stored in memcached. The corresponding session key is
+ # maintained in the cookie.
+ # You may treat Session::Memcache as you would Session::Pool with the
+ # following caveats.
+ #
+ # * Setting :expire_after to 0 would note to the Memcache server to hang
+ # onto the session data until it would drop it according to it's own
+ # specifications. However, the cookie sent to the client would expire
+ # immediately.
+ #
+ # Note that memcache does drop data before it may be listed to expire. For
+ # a full description of behaviour, please see memcache's documentation.
+
+ class Memcache < Abstract::ID
+ attr_reader :mutex, :pool
+ DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge \
+ :namespace => 'rack:session',
+ :memcache_server => 'localhost:11211'
+
+ def initialize(app, options={})
+ super
+
+ @mutex = Mutex.new
+ @pool = MemCache.
+ new @default_options[:memcache_server], @default_options
+ raise 'No memcache servers' unless @pool.servers.any?{|s|s.alive?}
+ end
+
+ def generate_sid
+ loop do
+ sid = super
+ break sid unless @pool.get(sid, true)
+ end
+ end
+
+ def get_session(env, sid)
+ session = @pool.get(sid) if sid
+ @mutex.lock if env['rack.multithread']
+ unless sid and session
+ env['rack.errors'].puts("Session '#{sid.inspect}' not found, initializing...") if $VERBOSE and not sid.nil?
+ session = {}
+ sid = generate_sid
+ ret = @pool.add sid, session
+ raise "Session collision on '#{sid.inspect}'" unless /^STORED/ =~ ret
+ end
+ session.instance_variable_set('@old', {}.merge(session))
+ return [sid, session]
+ rescue MemCache::MemCacheError, Errno::ECONNREFUSED # MemCache server cannot be contacted
+ warn "#{self} is unable to find server."
+ warn $!.inspect
+ return [ nil, {} ]
+ ensure
+ @mutex.unlock if env['rack.multithread']
+ end
+
+ def set_session(env, session_id, new_session, options)
+ expiry = options[:expire_after]
+ expiry = expiry.nil? ? 0 : expiry + 1
+
+ @mutex.lock if env['rack.multithread']
+ session = @pool.get(session_id) || {}
+ if options[:renew] or options[:drop]
+ @pool.delete session_id
+ return false if options[:drop]
+ session_id = generate_sid
+ @pool.add session_id, 0 # so we don't worry about cache miss on #set
+ end
+ old_session = new_session.instance_variable_get('@old') || {}
+ session = merge_sessions session_id, old_session, new_session, session
+ @pool.set session_id, session, expiry
+ return session_id
+ rescue MemCache::MemCacheError, Errno::ECONNREFUSED # MemCache server cannot be contacted
+ warn "#{self} is unable to find server."
+ warn $!.inspect
+ return false
+ ensure
+ @mutex.unlock if env['rack.multithread']
+ end
+
+ private
+
+ def merge_sessions sid, old, new, cur=nil
+ cur ||= {}
+ unless Hash === old and Hash === new
+ warn 'Bad old or new sessions provided.'
+ return cur
+ end
+
+ delete = old.keys - new.keys
+ warn "//@#{sid}: delete #{delete*','}" if $VERBOSE and not delete.empty?
+ delete.each{|k| cur.delete k }
+
+ update = new.keys.select{|k| new[k] != old[k] }
+ warn "//@#{sid}: update #{update*','}" if $VERBOSE and not update.empty?
+ update.each{|k| cur[k] = new[k] }
+
+ cur
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/pool.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/pool.rb
new file mode 100644
index 0000000000..f6f87408bb
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/session/pool.rb
@@ -0,0 +1,100 @@
+# AUTHOR: blink <blinketje@gmail.com>; blink#ruby-lang@irc.freenode.net
+# THANKS:
+# apeiros, for session id generation, expiry setup, and threadiness
+# sergio, threadiness and bugreps
+
+require 'rack/session/abstract/id'
+require 'thread'
+
+module Rack
+ module Session
+ # Rack::Session::Pool provides simple cookie based session management.
+ # Session data is stored in a hash held by @pool.
+ # In the context of a multithreaded environment, sessions being
+ # committed to the pool is done in a merging manner.
+ #
+ # The :drop option is available in rack.session.options if you with to
+ # explicitly remove the session from the session cache.
+ #
+ # Example:
+ # myapp = MyRackApp.new
+ # sessioned = Rack::Session::Pool.new(myapp,
+ # :domain => 'foo.com',
+ # :expire_after => 2592000
+ # )
+ # Rack::Handler::WEBrick.run sessioned
+
+ class Pool < Abstract::ID
+ attr_reader :mutex, :pool
+ DEFAULT_OPTIONS = Abstract::ID::DEFAULT_OPTIONS.merge :drop => false
+
+ def initialize(app, options={})
+ super
+ @pool = Hash.new
+ @mutex = Mutex.new
+ end
+
+ def generate_sid
+ loop do
+ sid = super
+ break sid unless @pool.key? sid
+ end
+ end
+
+ def get_session(env, sid)
+ session = @pool[sid] if sid
+ @mutex.lock if env['rack.multithread']
+ unless sid and session
+ env['rack.errors'].puts("Session '#{sid.inspect}' not found, initializing...") if $VERBOSE and not sid.nil?
+ session = {}
+ sid = generate_sid
+ @pool.store sid, session
+ end
+ session.instance_variable_set('@old', {}.merge(session))
+ return [sid, session]
+ ensure
+ @mutex.unlock if env['rack.multithread']
+ end
+
+ def set_session(env, session_id, new_session, options)
+ @mutex.lock if env['rack.multithread']
+ session = @pool[session_id]
+ if options[:renew] or options[:drop]
+ @pool.delete session_id
+ return false if options[:drop]
+ session_id = generate_sid
+ @pool.store session_id, 0
+ end
+ old_session = new_session.instance_variable_get('@old') || {}
+ session = merge_sessions session_id, old_session, new_session, session
+ @pool.store session_id, session
+ return session_id
+ rescue
+ warn "#{new_session.inspect} has been lost."
+ warn $!.inspect
+ ensure
+ @mutex.unlock if env['rack.multithread']
+ end
+
+ private
+
+ def merge_sessions sid, old, new, cur=nil
+ cur ||= {}
+ unless Hash === old and Hash === new
+ warn 'Bad old or new sessions provided.'
+ return cur
+ end
+
+ delete = old.keys - new.keys
+ warn "//@#{sid}: dropping #{delete*','}" if $DEBUG and not delete.empty?
+ delete.each{|k| cur.delete k }
+
+ update = new.keys.select{|k| new[k] != old[k] }
+ warn "//@#{sid}: updating #{update*','}" if $DEBUG and not update.empty?
+ update.each{|k| cur[k] = new[k] }
+
+ cur
+ end
+ end
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showexceptions.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showexceptions.rb
new file mode 100644
index 0000000000..697bc41fdb
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showexceptions.rb
@@ -0,0 +1,349 @@
+require 'ostruct'
+require 'erb'
+require 'rack/request'
+require 'rack/utils'
+
+module Rack
+ # Rack::ShowExceptions catches all exceptions raised from the app it
+ # wraps. It shows a useful backtrace with the sourcefile and
+ # clickable context, the whole Rack environment and the request
+ # data.
+ #
+ # Be careful when you use this on public-facing sites as it could
+ # reveal information helpful to attackers.
+
+ class ShowExceptions
+ CONTEXT = 7
+
+ def initialize(app)
+ @app = app
+ @template = ERB.new(TEMPLATE)
+ end
+
+ def call(env)
+ @app.call(env)
+ rescue StandardError, LoadError, SyntaxError => e
+ backtrace = pretty(env, e)
+ [500,
+ {"Content-Type" => "text/html",
+ "Content-Length" => backtrace.join.size.to_s},
+ backtrace]
+ end
+
+ def pretty(env, exception)
+ req = Rack::Request.new(env)
+ path = (req.script_name + req.path_info).squeeze("/")
+
+ frames = exception.backtrace.map { |line|
+ frame = OpenStruct.new
+ if line =~ /(.*?):(\d+)(:in `(.*)')?/
+ frame.filename = $1
+ frame.lineno = $2.to_i
+ frame.function = $4
+
+ begin
+ lineno = frame.lineno-1
+ lines = ::File.readlines(frame.filename)
+ frame.pre_context_lineno = [lineno-CONTEXT, 0].max
+ frame.pre_context = lines[frame.pre_context_lineno...lineno]
+ frame.context_line = lines[lineno].chomp
+ frame.post_context_lineno = [lineno+CONTEXT, lines.size].min
+ frame.post_context = lines[lineno+1..frame.post_context_lineno]
+ rescue
+ end
+
+ frame
+ else
+ nil
+ end
+ }.compact
+
+ env["rack.errors"].puts "#{exception.class}: #{exception.message}"
+ env["rack.errors"].puts exception.backtrace.map { |l| "\t" + l }
+ env["rack.errors"].flush
+
+ [@template.result(binding)]
+ end
+
+ def h(obj) # :nodoc:
+ case obj
+ when String
+ Utils.escape_html(obj)
+ else
+ Utils.escape_html(obj.inspect)
+ end
+ end
+
+ # :stopdoc:
+
+# adapted from Django <djangoproject.com>
+# Copyright (c) 2005, the Lawrence Journal-World
+# Used under the modified BSD license:
+# http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
+TEMPLATE = <<'HTML'
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <meta name="robots" content="NONE,NOARCHIVE" />
+ <title><%=h exception.class %> at <%=h path %></title>
+ <style type="text/css">
+ html * { padding:0; margin:0; }
+ body * { padding:10px 20px; }
+ body * * { padding:0; }
+ body { font:small sans-serif; }
+ body>div { border-bottom:1px solid #ddd; }
+ h1 { font-weight:normal; }
+ h2 { margin-bottom:.8em; }
+ h2 span { font-size:80%; color:#666; font-weight:normal; }
+ h3 { margin:1em 0 .5em 0; }
+ h4 { margin:0 0 .5em 0; font-weight: normal; }
+ table {
+ border:1px solid #ccc; border-collapse: collapse; background:white; }
+ tbody td, tbody th { vertical-align:top; padding:2px 3px; }
+ thead th {
+ padding:1px 6px 1px 3px; background:#fefefe; text-align:left;
+ font-weight:normal; font-size:11px; border:1px solid #ddd; }
+ tbody th { text-align:right; color:#666; padding-right:.5em; }
+ table.vars { margin:5px 0 2px 40px; }
+ table.vars td, table.req td { font-family:monospace; }
+ table td.code { width:100%;}
+ table td.code div { overflow:hidden; }
+ table.source th { color:#666; }
+ table.source td {
+ font-family:monospace; white-space:pre; border-bottom:1px solid #eee; }
+ ul.traceback { list-style-type:none; }
+ ul.traceback li.frame { margin-bottom:1em; }
+ div.context { margin: 10px 0; }
+ div.context ol {
+ padding-left:30px; margin:0 10px; list-style-position: inside; }
+ div.context ol li {
+ font-family:monospace; white-space:pre; color:#666; cursor:pointer; }
+ div.context ol.context-line li { color:black; background-color:#ccc; }
+ div.context ol.context-line li span { float: right; }
+ div.commands { margin-left: 40px; }
+ div.commands a { color:black; text-decoration:none; }
+ #summary { background: #ffc; }
+ #summary h2 { font-weight: normal; color: #666; }
+ #summary ul#quicklinks { list-style-type: none; margin-bottom: 2em; }
+ #summary ul#quicklinks li { float: left; padding: 0 1em; }
+ #summary ul#quicklinks>li+li { border-left: 1px #666 solid; }
+ #explanation { background:#eee; }
+ #template, #template-not-exist { background:#f6f6f6; }
+ #template-not-exist ul { margin: 0 0 0 20px; }
+ #traceback { background:#eee; }
+ #requestinfo { background:#f6f6f6; padding-left:120px; }
+ #summary table { border:none; background:transparent; }
+ #requestinfo h2, #requestinfo h3 { position:relative; margin-left:-100px; }
+ #requestinfo h3 { margin-bottom:-1em; }
+ .error { background: #ffc; }
+ .specific { color:#cc3300; font-weight:bold; }
+ </style>
+ <script type="text/javascript">
+ //<!--
+ function getElementsByClassName(oElm, strTagName, strClassName){
+ // Written by Jonathan Snook, http://www.snook.ca/jon;
+ // Add-ons by Robert Nyman, http://www.robertnyman.com
+ var arrElements = (strTagName == "*" && document.all)? document.all :
+ oElm.getElementsByTagName(strTagName);
+ var arrReturnElements = new Array();
+ strClassName = strClassName.replace(/\-/g, "\\-");
+ var oRegExp = new RegExp("(^|\\s)" + strClassName + "(\\s|$$)");
+ var oElement;
+ for(var i=0; i<arrElements.length; i++){
+ oElement = arrElements[i];
+ if(oRegExp.test(oElement.className)){
+ arrReturnElements.push(oElement);
+ }
+ }
+ return (arrReturnElements)
+ }
+ function hideAll(elems) {
+ for (var e = 0; e < elems.length; e++) {
+ elems[e].style.display = 'none';
+ }
+ }
+ window.onload = function() {
+ hideAll(getElementsByClassName(document, 'table', 'vars'));
+ hideAll(getElementsByClassName(document, 'ol', 'pre-context'));
+ hideAll(getElementsByClassName(document, 'ol', 'post-context'));
+ }
+ function toggle() {
+ for (var i = 0; i < arguments.length; i++) {
+ var e = document.getElementById(arguments[i]);
+ if (e) {
+ e.style.display = e.style.display == 'none' ? 'block' : 'none';
+ }
+ }
+ return false;
+ }
+ function varToggle(link, id) {
+ toggle('v' + id);
+ var s = link.getElementsByTagName('span')[0];
+ var uarr = String.fromCharCode(0x25b6);
+ var darr = String.fromCharCode(0x25bc);
+ s.innerHTML = s.innerHTML == uarr ? darr : uarr;
+ return false;
+ }
+ //-->
+ </script>
+</head>
+<body>
+
+<div id="summary">
+ <h1><%=h exception.class %> at <%=h path %></h1>
+ <h2><%=h exception.message %></h2>
+ <table><tr>
+ <th>Ruby</th>
+ <td><code><%=h frames.first.filename %></code>: in <code><%=h frames.first.function %></code>, line <%=h frames.first.lineno %></td>
+ </tr><tr>
+ <th>Web</th>
+ <td><code><%=h req.request_method %> <%=h(req.host + path)%></code></td>
+ </tr></table>
+
+ <h3>Jump to:</h3>
+ <ul id="quicklinks">
+ <li><a href="#get-info">GET</a></li>
+ <li><a href="#post-info">POST</a></li>
+ <li><a href="#cookie-info">Cookies</a></li>
+ <li><a href="#env-info">ENV</a></li>
+ </ul>
+</div>
+
+<div id="traceback">
+ <h2>Traceback <span>(innermost first)</span></h2>
+ <ul class="traceback">
+<% frames.each { |frame| %>
+ <li class="frame">
+ <code><%=h frame.filename %></code>: in <code><%=h frame.function %></code>
+
+ <% if frame.context_line %>
+ <div class="context" id="c<%=h frame.object_id %>">
+ <% if frame.pre_context %>
+ <ol start="<%=h frame.pre_context_lineno+1 %>" class="pre-context" id="pre<%=h frame.object_id %>">
+ <% frame.pre_context.each { |line| %>
+ <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+ <% } %>
+ </ol>
+ <% end %>
+
+ <ol start="<%=h frame.lineno %>" class="context-line">
+ <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h frame.context_line %><span>...</span></li></ol>
+
+ <% if frame.post_context %>
+ <ol start='<%=h frame.lineno+1 %>' class="post-context" id="post<%=h frame.object_id %>">
+ <% frame.post_context.each { |line| %>
+ <li onclick="toggle('pre<%=h frame.object_id %>', 'post<%=h frame.object_id %>')"><%=h line %></li>
+ <% } %>
+ </ol>
+ <% end %>
+ </div>
+ <% end %>
+ </li>
+<% } %>
+ </ul>
+</div>
+
+<div id="requestinfo">
+ <h2>Request information</h2>
+
+ <h3 id="get-info">GET</h3>
+ <% unless req.GET.empty? %>
+ <table class="req">
+ <thead>
+ <tr>
+ <th>Variable</th>
+ <th>Value</th>
+ </tr>
+ </thead>
+ <tbody>
+ <% req.GET.sort_by { |k, v| k.to_s }.each { |key, val| %>
+ <tr>
+ <td><%=h key %></td>
+ <td class="code"><div><%=h val.inspect %></div></td>
+ </tr>
+ <% } %>
+ </tbody>
+ </table>
+ <% else %>
+ <p>No GET data.</p>
+ <% end %>
+
+ <h3 id="post-info">POST</h3>
+ <% unless req.POST.empty? %>
+ <table class="req">
+ <thead>
+ <tr>
+ <th>Variable</th>
+ <th>Value</th>
+ </tr>
+ </thead>
+ <tbody>
+ <% req.POST.sort_by { |k, v| k.to_s }.each { |key, val| %>
+ <tr>
+ <td><%=h key %></td>
+ <td class="code"><div><%=h val.inspect %></div></td>
+ </tr>
+ <% } %>
+ </tbody>
+ </table>
+ <% else %>
+ <p>No POST data.</p>
+ <% end %>
+
+
+ <h3 id="cookie-info">COOKIES</h3>
+ <% unless req.cookies.empty? %>
+ <table class="req">
+ <thead>
+ <tr>
+ <th>Variable</th>
+ <th>Value</th>
+ </tr>
+ </thead>
+ <tbody>
+ <% req.cookies.each { |key, val| %>
+ <tr>
+ <td><%=h key %></td>
+ <td class="code"><div><%=h val.inspect %></div></td>
+ </tr>
+ <% } %>
+ </tbody>
+ </table>
+ <% else %>
+ <p>No cookie data.</p>
+ <% end %>
+
+ <h3 id="env-info">Rack ENV</h3>
+ <table class="req">
+ <thead>
+ <tr>
+ <th>Variable</th>
+ <th>Value</th>
+ </tr>
+ </thead>
+ <tbody>
+ <% env.sort_by { |k, v| k.to_s }.each { |key, val| %>
+ <tr>
+ <td><%=h key %></td>
+ <td class="code"><div><%=h val %></div></td>
+ </tr>
+ <% } %>
+ </tbody>
+ </table>
+
+</div>
+
+<div id="explanation">
+ <p>
+ You're seeing this error because you use <code>Rack::ShowExceptions</code>.
+ </p>
+</div>
+
+</body>
+</html>
+HTML
+
+ # :startdoc:
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showstatus.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showstatus.rb
new file mode 100644
index 0000000000..28258c7c89
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/showstatus.rb
@@ -0,0 +1,106 @@
+require 'erb'
+require 'rack/request'
+require 'rack/utils'
+
+module Rack
+ # Rack::ShowStatus catches all empty responses the app it wraps and
+ # replaces them with a site explaining the error.
+ #
+ # Additional details can be put into <tt>rack.showstatus.detail</tt>
+ # and will be shown as HTML. If such details exist, the error page
+ # is always rendered, even if the reply was not empty.
+
+ class ShowStatus
+ def initialize(app)
+ @app = app
+ @template = ERB.new(TEMPLATE)
+ end
+
+ def call(env)
+ status, headers, body = @app.call(env)
+ headers = Utils::HeaderHash.new(headers)
+ empty = headers['Content-Length'].to_i <= 0
+
+ # client or server error, or explicit message
+ if (status.to_i >= 400 && empty) || env["rack.showstatus.detail"]
+ req = Rack::Request.new(env)
+ message = Rack::Utils::HTTP_STATUS_CODES[status.to_i] || status.to_s
+ detail = env["rack.showstatus.detail"] || message
+ body = @template.result(binding)
+ size = Rack::Utils.bytesize(body)
+ [status, headers.merge("Content-Type" => "text/html", "Content-Length" => size.to_s), [body]]
+ else
+ [status, headers, body]
+ end
+ end
+
+ def h(obj) # :nodoc:
+ case obj
+ when String
+ Utils.escape_html(obj)
+ else
+ Utils.escape_html(obj.inspect)
+ end
+ end
+
+ # :stopdoc:
+
+# adapted from Django <djangoproject.com>
+# Copyright (c) 2005, the Lawrence Journal-World
+# Used under the modified BSD license:
+# http://www.xfree86.org/3.3.6/COPYRIGHT2.html#5
+TEMPLATE = <<'HTML'
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title><%=h message %> at <%=h req.script_name + req.path_info %></title>
+ <meta name="robots" content="NONE,NOARCHIVE" />
+ <style type="text/css">
+ html * { padding:0; margin:0; }
+ body * { padding:10px 20px; }
+ body * * { padding:0; }
+ body { font:small sans-serif; background:#eee; }
+ body>div { border-bottom:1px solid #ddd; }
+ h1 { font-weight:normal; margin-bottom:.4em; }
+ h1 span { font-size:60%; color:#666; font-weight:normal; }
+ table { border:none; border-collapse: collapse; width:100%; }
+ td, th { vertical-align:top; padding:2px 3px; }
+ th { width:12em; text-align:right; color:#666; padding-right:.5em; }
+ #info { background:#f6f6f6; }
+ #info ol { margin: 0.5em 4em; }
+ #info ol li { font-family: monospace; }
+ #summary { background: #ffc; }
+ #explanation { background:#eee; border-bottom: 0px none; }
+ </style>
+</head>
+<body>
+ <div id="summary">
+ <h1><%=h message %> <span>(<%= status.to_i %>)</span></h1>
+ <table class="meta">
+ <tr>
+ <th>Request Method:</th>
+ <td><%=h req.request_method %></td>
+ </tr>
+ <tr>
+ <th>Request URL:</th>
+ <td><%=h req.url %></td>
+ </tr>
+ </table>
+ </div>
+ <div id="info">
+ <p><%= detail %></p>
+ </div>
+
+ <div id="explanation">
+ <p>
+ You're seeing this error because you use <code>Rack::ShowStatus</code>.
+ </p>
+ </div>
+</body>
+</html>
+HTML
+
+ # :startdoc:
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/static.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/static.rb
new file mode 100644
index 0000000000..168e8f83b2
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/static.rb
@@ -0,0 +1,38 @@
+module Rack
+
+ # The Rack::Static middleware intercepts requests for static files
+ # (javascript files, images, stylesheets, etc) based on the url prefixes
+ # passed in the options, and serves them using a Rack::File object. This
+ # allows a Rack stack to serve both static and dynamic content.
+ #
+ # Examples:
+ # use Rack::Static, :urls => ["/media"]
+ # will serve all requests beginning with /media from the "media" folder
+ # located in the current directory (ie media/*).
+ #
+ # use Rack::Static, :urls => ["/css", "/images"], :root => "public"
+ # will serve all requests beginning with /css or /images from the folder
+ # "public" in the current directory (ie public/css/* and public/images/*)
+
+ class Static
+
+ def initialize(app, options={})
+ @app = app
+ @urls = options[:urls] || ["/favicon.ico"]
+ root = options[:root] || Dir.pwd
+ @file_server = Rack::File.new(root)
+ end
+
+ def call(env)
+ path = env["PATH_INFO"]
+ can_serve = @urls.any? { |url| path.index(url) == 0 }
+
+ if can_serve
+ @file_server.call(env)
+ else
+ @app.call(env)
+ end
+ end
+
+ end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/urlmap.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/urlmap.rb
new file mode 100644
index 0000000000..0ff32df181
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/urlmap.rb
@@ -0,0 +1,55 @@
+module Rack
+ # Rack::URLMap takes a hash mapping urls or paths to apps, and
+ # dispatches accordingly. Support for HTTP/1.1 host names exists if
+ # the URLs start with <tt>http://</tt> or <tt>https://</tt>.
+ #
+ # URLMap modifies the SCRIPT_NAME and PATH_INFO such that the part
+ # relevant for dispatch is in the SCRIPT_NAME, and the rest in the
+ # PATH_INFO. This should be taken care of when you need to
+ # reconstruct the URL in order to create links.
+ #
+ # URLMap dispatches in such a way that the longest paths are tried
+ # first, since they are most specific.
+
+ class URLMap
+ def initialize(map = {})
+ remap(map)
+ end
+
+ def remap(map)
+ @mapping = map.map { |location, app|
+ if location =~ %r{\Ahttps?://(.*?)(/.*)}
+ host, location = $1, $2
+ else
+ host = nil
+ end
+
+ unless location[0] == ?/
+ raise ArgumentError, "paths need to start with /"
+ end
+ location = location.chomp('/')
+
+ [host, location, app]
+ }.sort_by { |(h, l, a)| [-l.size, h.to_s.size] } # Longest path first
+ end
+
+ def call(env)
+ path = env["PATH_INFO"].to_s.squeeze("/")
+ script_name = env['SCRIPT_NAME']
+ hHost, sName, sPort = env.values_at('HTTP_HOST','SERVER_NAME','SERVER_PORT')
+ @mapping.each { |host, location, app|
+ next unless (hHost == host || sName == host \
+ || (host.nil? && (hHost == sName || hHost == sName+':'+sPort)))
+ next unless location == path[0, location.size]
+ next unless path[location.size] == nil || path[location.size] == ?/
+
+ return app.call(
+ env.merge(
+ 'SCRIPT_NAME' => (script_name + location),
+ 'PATH_INFO' => path[location.size..-1]))
+ }
+ [404, {"Content-Type" => "text/plain"}, ["Not Found: #{path}"]]
+ end
+ end
+end
+
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/utils.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/utils.rb
new file mode 100644
index 0000000000..0a61bce707
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/utils.rb
@@ -0,0 +1,392 @@
+require 'set'
+require 'tempfile'
+
+module Rack
+ # Rack::Utils contains a grab-bag of useful methods for writing web
+ # applications adopted from all kinds of Ruby libraries.
+
+ module Utils
+ # Performs URI escaping so that you can construct proper
+ # query strings faster. Use this rather than the cgi.rb
+ # version since it's faster. (Stolen from Camping).
+ def escape(s)
+ s.to_s.gsub(/([^ a-zA-Z0-9_.-]+)/n) {
+ '%'+$1.unpack('H2'*$1.size).join('%').upcase
+ }.tr(' ', '+')
+ end
+ module_function :escape
+
+ # Unescapes a URI escaped string. (Stolen from Camping).
+ def unescape(s)
+ s.tr('+', ' ').gsub(/((?:%[0-9a-fA-F]{2})+)/n){
+ [$1.delete('%')].pack('H*')
+ }
+ end
+ module_function :unescape
+
+ # Stolen from Mongrel, with some small modifications:
+ # Parses a query string by breaking it up at the '&'
+ # and ';' characters. You can also use this to parse
+ # cookies by changing the characters used in the second
+ # parameter (which defaults to '&;').
+ def parse_query(qs, d = '&;')
+ params = {}
+
+ (qs || '').split(/[#{d}] */n).each do |p|
+ k, v = unescape(p).split('=', 2)
+
+ if cur = params[k]
+ if cur.class == Array
+ params[k] << v
+ else
+ params[k] = [cur, v]
+ end
+ else
+ params[k] = v
+ end
+ end
+
+ return params
+ end
+ module_function :parse_query
+
+ def parse_nested_query(qs, d = '&;')
+ params = {}
+
+ (qs || '').split(/[#{d}] */n).each do |p|
+ k, v = unescape(p).split('=', 2)
+ normalize_params(params, k, v)
+ end
+
+ return params
+ end
+ module_function :parse_nested_query
+
+ def normalize_params(params, name, v = nil)
+ name =~ %r([\[\]]*([^\[\]]+)\]*)
+ k = $1 || ''
+ after = $' || ''
+
+ return if k.empty?
+
+ if after == ""
+ params[k] = v
+ elsif after == "[]"
+ params[k] ||= []
+ raise TypeError unless params[k].is_a?(Array)
+ params[k] << v
+ elsif after =~ %r(^\[\]\[([^\[\]]+)\]$) || after =~ %r(^\[\](.+)$)
+ child_key = $1
+ params[k] ||= []
+ raise TypeError unless params[k].is_a?(Array)
+ if params[k].last.is_a?(Hash) && !params[k].last.key?(child_key)
+ normalize_params(params[k].last, child_key, v)
+ else
+ params[k] << normalize_params({}, child_key, v)
+ end
+ else
+ params[k] ||= {}
+ params[k] = normalize_params(params[k], after, v)
+ end
+
+ return params
+ end
+ module_function :normalize_params
+
+ def build_query(params)
+ params.map { |k, v|
+ if v.class == Array
+ build_query(v.map { |x| [k, x] })
+ else
+ escape(k) + "=" + escape(v)
+ end
+ }.join("&")
+ end
+ module_function :build_query
+
+ # Escape ampersands, brackets and quotes to their HTML/XML entities.
+ def escape_html(string)
+ string.to_s.gsub("&", "&amp;").
+ gsub("<", "&lt;").
+ gsub(">", "&gt;").
+ gsub("'", "&#39;").
+ gsub('"', "&quot;")
+ end
+ module_function :escape_html
+
+ def select_best_encoding(available_encodings, accept_encoding)
+ # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+
+ expanded_accept_encoding =
+ accept_encoding.map { |m, q|
+ if m == "*"
+ (available_encodings - accept_encoding.map { |m2, _| m2 }).map { |m2| [m2, q] }
+ else
+ [[m, q]]
+ end
+ }.inject([]) { |mem, list|
+ mem + list
+ }
+
+ encoding_candidates = expanded_accept_encoding.sort_by { |_, q| -q }.map { |m, _| m }
+
+ unless encoding_candidates.include?("identity")
+ encoding_candidates.push("identity")
+ end
+
+ expanded_accept_encoding.find_all { |m, q|
+ q == 0.0
+ }.each { |m, _|
+ encoding_candidates.delete(m)
+ }
+
+ return (encoding_candidates & available_encodings)[0]
+ end
+ module_function :select_best_encoding
+
+ # Return the bytesize of String; uses String#length under Ruby 1.8 and
+ # String#bytesize under 1.9.
+ if ''.respond_to?(:bytesize)
+ def bytesize(string)
+ string.bytesize
+ end
+ else
+ def bytesize(string)
+ string.size
+ end
+ end
+ module_function :bytesize
+
+ # Context allows the use of a compatible middleware at different points
+ # in a request handling stack. A compatible middleware must define
+ # #context which should take the arguments env and app. The first of which
+ # would be the request environment. The second of which would be the rack
+ # application that the request would be forwarded to.
+ class Context
+ attr_reader :for, :app
+
+ def initialize(app_f, app_r)
+ raise 'running context does not respond to #context' unless app_f.respond_to? :context
+ @for, @app = app_f, app_r
+ end
+
+ def call(env)
+ @for.context(env, @app)
+ end
+
+ def recontext(app)
+ self.class.new(@for, app)
+ end
+
+ def context(env, app=@app)
+ recontext(app).call(env)
+ end
+ end
+
+ # A case-insensitive Hash that preserves the original case of a
+ # header when set.
+ class HeaderHash < Hash
+ def initialize(hash={})
+ @names = {}
+ hash.each { |k, v| self[k] = v }
+ end
+
+ def to_hash
+ inject({}) do |hash, (k,v)|
+ if v.respond_to? :to_ary
+ hash[k] = v.to_ary.join("\n")
+ else
+ hash[k] = v
+ end
+ hash
+ end
+ end
+
+ def [](k)
+ super @names[k.downcase]
+ end
+
+ def []=(k, v)
+ delete k
+ @names[k.downcase] = k
+ super k, v
+ end
+
+ def delete(k)
+ super @names.delete(k.downcase)
+ end
+
+ def include?(k)
+ @names.has_key? k.downcase
+ end
+
+ alias_method :has_key?, :include?
+ alias_method :member?, :include?
+ alias_method :key?, :include?
+
+ def merge!(other)
+ other.each { |k, v| self[k] = v }
+ self
+ end
+
+ def merge(other)
+ hash = dup
+ hash.merge! other
+ end
+ end
+
+ # Every standard HTTP code mapped to the appropriate message.
+ # Stolen from Mongrel.
+ HTTP_STATUS_CODES = {
+ 100 => 'Continue',
+ 101 => 'Switching Protocols',
+ 200 => 'OK',
+ 201 => 'Created',
+ 202 => 'Accepted',
+ 203 => 'Non-Authoritative Information',
+ 204 => 'No Content',
+ 205 => 'Reset Content',
+ 206 => 'Partial Content',
+ 300 => 'Multiple Choices',
+ 301 => 'Moved Permanently',
+ 302 => 'Found',
+ 303 => 'See Other',
+ 304 => 'Not Modified',
+ 305 => 'Use Proxy',
+ 307 => 'Temporary Redirect',
+ 400 => 'Bad Request',
+ 401 => 'Unauthorized',
+ 402 => 'Payment Required',
+ 403 => 'Forbidden',
+ 404 => 'Not Found',
+ 405 => 'Method Not Allowed',
+ 406 => 'Not Acceptable',
+ 407 => 'Proxy Authentication Required',
+ 408 => 'Request Timeout',
+ 409 => 'Conflict',
+ 410 => 'Gone',
+ 411 => 'Length Required',
+ 412 => 'Precondition Failed',
+ 413 => 'Request Entity Too Large',
+ 414 => 'Request-URI Too Large',
+ 415 => 'Unsupported Media Type',
+ 416 => 'Requested Range Not Satisfiable',
+ 417 => 'Expectation Failed',
+ 500 => 'Internal Server Error',
+ 501 => 'Not Implemented',
+ 502 => 'Bad Gateway',
+ 503 => 'Service Unavailable',
+ 504 => 'Gateway Timeout',
+ 505 => 'HTTP Version Not Supported'
+ }
+
+ # Responses with HTTP status codes that should not have an entity body
+ STATUS_WITH_NO_ENTITY_BODY = Set.new((100..199).to_a << 204 << 304)
+
+ # A multipart form data parser, adapted from IOWA.
+ #
+ # Usually, Rack::Request#POST takes care of calling this.
+
+ module Multipart
+ EOL = "\r\n"
+
+ def self.parse_multipart(env)
+ unless env['CONTENT_TYPE'] =~
+ %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n
+ nil
+ else
+ boundary = "--#{$1}"
+
+ params = {}
+ buf = ""
+ content_length = env['CONTENT_LENGTH'].to_i
+ input = env['rack.input']
+
+ boundary_size = boundary.size + EOL.size
+ bufsize = 16384
+
+ content_length -= boundary_size
+
+ status = input.read(boundary_size)
+ raise EOFError, "bad content body" unless status == boundary + EOL
+
+ rx = /(?:#{EOL})?#{Regexp.quote boundary}(#{EOL}|--)/n
+
+ loop {
+ head = nil
+ body = ''
+ filename = content_type = name = nil
+
+ until head && buf =~ rx
+ if !head && i = buf.index("\r\n\r\n")
+ head = buf.slice!(0, i+2) # First \r\n
+ buf.slice!(0, 2) # Second \r\n
+
+ filename = head[/Content-Disposition:.* filename="?([^\";]*)"?/ni, 1]
+ content_type = head[/Content-Type: (.*)\r\n/ni, 1]
+ name = head[/Content-Disposition:.* name="?([^\";]*)"?/ni, 1]
+
+ if filename
+ body = Tempfile.new("RackMultipart")
+ body.binmode if body.respond_to?(:binmode)
+ end
+
+ next
+ end
+
+ # Save the read body part.
+ if head && (boundary_size+4 < buf.size)
+ body << buf.slice!(0, buf.size - (boundary_size+4))
+ end
+
+ c = input.read(bufsize < content_length ? bufsize : content_length)
+ raise EOFError, "bad content body" if c.nil? || c.empty?
+ buf << c
+ content_length -= c.size
+ end
+
+ # Save the rest.
+ if i = buf.index(rx)
+ body << buf.slice!(0, i)
+ buf.slice!(0, boundary_size+2)
+
+ content_length = -1 if $1 == "--"
+ end
+
+ if filename == ""
+ # filename is blank which means no file has been selected
+ data = nil
+ elsif filename
+ body.rewind
+
+ # Take the basename of the upload's original filename.
+ # This handles the full Windows paths given by Internet Explorer
+ # (and perhaps other broken user agents) without affecting
+ # those which give the lone filename.
+ filename =~ /^(?:.*[:\\\/])?(.*)/m
+ filename = $1
+
+ data = {:filename => filename, :type => content_type,
+ :name => name, :tempfile => body, :head => head}
+ else
+ data = body
+ end
+
+ Utils.normalize_params(params, name, data) unless data.nil?
+
+ break if buf.empty? || content_length == -1
+ }
+
+ begin
+ input.rewind if input.respond_to?(:rewind)
+ rescue Errno::ESPIPE
+ # Handles exceptions raised by input streams that cannot be rewound
+ # such as when using plain CGI under Apache
+ end
+
+ params
+ end
+ end
+ end
+ end
+end