From a720243961ede01263f247842326d9d3e59b6200 Mon Sep 17 00:00:00 2001 From: Daniel Schierbeck Date: Mon, 29 Aug 2011 04:15:15 +0300 Subject: Split long string into multiple shorter ones This makes the code more readable. --- actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb index a70d814749..6bcf099d2c 100644 --- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -59,7 +59,10 @@ module ActionDispatch # Note that the regexp does not allow $1 to end with a ':' $1.constantize rescue LoadError, NameError => const_error - raise ActionDispatch::Session::SessionRestoreError, "Session contains objects whose class definition isn't available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: #{const_error.message} [#{const_error.class}])\n" + raise ActionDispatch::Session::SessionRestoreError, + "Session contains objects whose class definition isn't available.\n" + + "Remember to require the classes for all objects kept in the session.\n" + + "(Original exception: #{const_error.message} [#{const_error.class}])\n" end retry else -- cgit v1.2.3 From fdd619e9a7a5b9457f77e6322c920b99c3c09599 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Thu, 1 Sep 2011 13:37:14 -0700 Subject: CookieJar is enumerable. fixes #2795 --- actionpack/lib/action_dispatch/middleware/cookies.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 1c312f2587..8c4615c0c1 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -85,6 +85,7 @@ module ActionDispatch class CookieOverflow < StandardError; end class CookieJar #:nodoc: + include Enumerable # This regular expression is used to split the levels of a domain. # The top level domain can be any string without a period or @@ -124,6 +125,10 @@ module ActionDispatch alias :closed? :closed def close!; @closed = true end + def each(&block) + @cookies.each(&block) + end + # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. def [](name) @cookies[name.to_s] -- cgit v1.2.3 From 43d27e9105b385f64ec195f60d10ab3d64281bd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Thu, 22 Sep 2011 15:37:38 +0200 Subject: Deprecate passing the template handler in the template name. For example, calling hello.erb is now deprecated. Since Rails 3.0 passing the handler had no effect whatsover. This commit simply deprecates such cases so we can clean up the code in later releases. --- actionpack/lib/action_dispatch/middleware/show_exceptions.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index a765c23dae..2fa68c64c5 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -86,8 +86,8 @@ module ActionDispatch :framework_trace => framework_trace(exception), :full_trace => full_trace(exception) ) - file = "rescues/#{@@rescue_templates[exception.class.name]}.erb" - body = template.render(:file => file, :layout => 'rescues/layout.erb') + file = "rescues/#{@@rescue_templates[exception.class.name]}" + body = template.render(:template => file, :layout => 'rescues/layout') render(status_code(exception), body) end -- cgit v1.2.3 From 2cb2ca68b1973ddd202b094599521e4adc39a217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 12 Oct 2011 09:24:13 +0200 Subject: Add some implementation docs. closes #3298. closes #2509. --- actionpack/lib/action_dispatch/middleware/flash.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb index 2adbce031b..e59404ef68 100644 --- a/actionpack/lib/action_dispatch/middleware/flash.rb +++ b/actionpack/lib/action_dispatch/middleware/flash.rb @@ -70,6 +70,10 @@ module ActionDispatch end end + # Implementation detail: please do not change the signature of the + # FlashHash class. Doing that will likely affect all Rails apps in + # production as the FlashHash currently stored in their sessions will + # become invalid. class FlashHash include Enumerable -- cgit v1.2.3 From bed5825f775bdf2a1af6eec9dc1f4071dbde5ead Mon Sep 17 00:00:00 2001 From: Alexey Vakhov Date: Tue, 18 Oct 2011 22:57:55 +0400 Subject: Remove superfluous assignment in cookies --- actionpack/lib/action_dispatch/middleware/cookies.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 8c4615c0c1..a4ffd40a66 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -174,7 +174,7 @@ module ActionDispatch options = { :value => value } end - value = @cookies[key.to_s] = value + @cookies[key.to_s] = value handle_options(options) -- cgit v1.2.3 From afde6fdd5ef3e6b0693a7e330777e85ef4cffddb Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 19 Oct 2011 12:59:33 -0500 Subject: Added X-Request-Id tracking and TaggedLogging to easily log that and other production concerns --- .../lib/action_dispatch/middleware/request_id.rb | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 actionpack/lib/action_dispatch/middleware/request_id.rb (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb new file mode 100644 index 0000000000..968ad6c28d --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -0,0 +1,38 @@ +require 'digest/md5' + +module ActionDispatch + # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through + # ActionDispatch::Request#uuid) and sends the same id to the client via the X-Request-Id header. + # + # The unique request id is either based off the X-Request-Id header in the request, which would typically be generated + # by a firewall, load balancer, or the web server, or, if this header is not available, a random uuid. If the + # header is accepted from the outside world, we sanitize it to a max of 255 chars and alphanumeric and dashes only. + # + # The unique request id can be used to trace a request end-to-end and would typically end up being part of log files + # from multiple pieces of the stack. + class RequestId + def initialize(app) + @app = app + end + + def call(env) + env["action_dispatch.request_id"] = external_request_id(env) || internal_request_id + + status, headers, body = @app.call(env) + + headers["X-Request-Id"] = env["action_dispatch.request_id"] + [ status, headers, body ] + end + + private + def external_request_id(env) + if env["HTTP_X_REQUEST_ID"].present? + env["HTTP_X_REQUEST_ID"].gsub(/[^\w\d\-]/, "").first(255) + end + end + + def internal_request_id + SecureRandom.uuid + end + end +end -- cgit v1.2.3 From ddbb2cae3146fc125375a0aae61bbaca9328b797 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Oct 2011 22:15:25 +0300 Subject: Require securerandom as it is the proper dependency. --- actionpack/lib/action_dispatch/middleware/request_id.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index 968ad6c28d..c515798d48 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -1,4 +1,4 @@ -require 'digest/md5' +require 'securerandom' module ActionDispatch # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through -- cgit v1.2.3 From 1b50207ed3a2f545763b8c0b3afcd35d9d36d4e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Oct 2011 22:17:54 +0300 Subject: Require missing string access dependency. --- actionpack/lib/action_dispatch/middleware/request_id.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index c515798d48..cdddc55aae 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -1,4 +1,5 @@ require 'securerandom' +require 'active_support/core_ext/string/access' module ActionDispatch # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through -- cgit v1.2.3 From ada78066fdbccffb1da092a2470211fa252b3c99 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Wed, 19 Oct 2011 14:45:42 -0500 Subject: Blah, SecureRandom#uuid is not supported in 1.8.7 -- cant wait for Rails 4.0 to drop compatibility with 1.8.x --- actionpack/lib/action_dispatch/middleware/request_id.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index cdddc55aae..4728e9f71e 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -33,7 +33,7 @@ module ActionDispatch end def internal_request_id - SecureRandom.uuid + SecureRandom.hex(16) end end end -- cgit v1.2.3 From f1fecd9b4e38c289b678bc2aadb406265963c528 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Oct 2011 22:09:36 +0200 Subject: Make tests run on 1.8.x, add integration setup. --- actionpack/lib/action_dispatch/middleware/request_id.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index 4728e9f71e..f4d721f9bf 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -18,20 +18,19 @@ module ActionDispatch def call(env) env["action_dispatch.request_id"] = external_request_id(env) || internal_request_id - status, headers, body = @app.call(env) headers["X-Request-Id"] = env["action_dispatch.request_id"] [ status, headers, body ] end - + private def external_request_id(env) if env["HTTP_X_REQUEST_ID"].present? env["HTTP_X_REQUEST_ID"].gsub(/[^\w\d\-]/, "").first(255) end end - + def internal_request_id SecureRandom.hex(16) end -- cgit v1.2.3 From 4ef74536940ea4c8c7f8c2cb0252bfe5f0db6fdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 19 Oct 2011 22:10:43 +0200 Subject: Load object/blank and make use of presence. --- actionpack/lib/action_dispatch/middleware/request_id.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index f4d721f9bf..d7bb9c58df 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -1,5 +1,6 @@ require 'securerandom' require 'active_support/core_ext/string/access' +require 'active_support/core_ext/object/blank' module ActionDispatch # Makes a unique request id available to the action_dispatch.request_id env variable (which is then accessible through @@ -26,8 +27,8 @@ module ActionDispatch private def external_request_id(env) - if env["HTTP_X_REQUEST_ID"].present? - env["HTTP_X_REQUEST_ID"].gsub(/[^\w\d\-]/, "").first(255) + if request_id = env["HTTP_X_REQUEST_ID"].presence + request_id.gsub(/[^\w\d\-]/, "").first(255) end end -- cgit v1.2.3 From 951a325c99ef2845f29ef95c85230ac2e835a31c Mon Sep 17 00:00:00 2001 From: Marc Bowes Date: Thu, 20 Oct 2011 10:00:42 +0300 Subject: Remove the unneeded `\d` when sanitizing `X-Request-Id`. --- actionpack/lib/action_dispatch/middleware/request_id.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index d7bb9c58df..bee446c8a5 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -28,7 +28,7 @@ module ActionDispatch private def external_request_id(env) if request_id = env["HTTP_X_REQUEST_ID"].presence - request_id.gsub(/[^\w\d\-]/, "").first(255) + request_id.gsub(/[^\w\-]/, "").first(255) end end -- cgit v1.2.3 From 2b04c2f66e3cf5abbbf118eaa1e692b9e1380e4e Mon Sep 17 00:00:00 2001 From: Brian Durand Date: Fri, 21 Oct 2011 13:13:29 -0500 Subject: Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache. --- .../middleware/session/cache_store.rb | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 actionpack/lib/action_dispatch/middleware/session/cache_store.rb (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/session/cache_store.rb b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb new file mode 100644 index 0000000000..d3b6fd12fa --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/session/cache_store.rb @@ -0,0 +1,50 @@ +require 'action_dispatch/middleware/session/abstract_store' +require 'rack/session/memcache' + +module ActionDispatch + module Session + # Session store that uses an ActiveSupport::Cache::Store to store the sessions. This store is most useful + # if you don't store critical data in your sessions and you don't need them to live for extended periods + # of time. + class CacheStore < AbstractStore + # Create a new store. The cache to use can be passed in the :cache option. If it is + # not specified, Rails.cache will be used. + def initialize(app, options = {}) + @cache = options[:cache] || Rails.cache + options[:expire_after] ||= @cache.options[:expires_in] + super + end + + # Get a session from the cache. + def get_session(env, sid) + sid ||= generate_sid + session = @cache.read(cache_key(sid)) + session ||= {} + [sid, session] + end + + # Set a session in the cache. + def set_session(env, sid, session, options) + key = cache_key(sid) + if session + @cache.write(key, session, :expires_in => options[:expire_after]) + else + @cache.delete(key) + end + sid + end + + # Remove a session from the cache. + def destroy_session(env, sid, options) + @cache.delete(cache_key(sid)) + generate_sid + end + + private + # Turn the session id into a cache key. + def cache_key(sid) + "_session_id:#{sid}" + end + end + end +end -- cgit v1.2.3 From a50f659e081785479b068b311862703584a589ca Mon Sep 17 00:00:00 2001 From: Olivier Lacan Date: Thu, 3 Nov 2011 10:01:32 -0400 Subject: CSS fix to prevent error output from being breaking out of body element. Using the white-space: pre-wrap adds extra line breaks to prevent the text from breaking out of the element's box. In this case single line output can be extremely long, breaking out the element. See for reference: http://www.quirksmode.org/css/whitespace.html Before: http://link.olivierlacan.com/BVU4 After: http://link.olivierlacan.com/BUfM --- actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb index 6e71fd7ddc..1a308707d1 100644 --- a/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb +++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb @@ -16,6 +16,7 @@ background-color: #eee; padding: 10px; font-size: 11px; + white-space: pre-wrap; } a { color: #000; } -- cgit v1.2.3 From 9432163c60fc4387d1dfb11ca7c92a08ce72f1c2 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Fri, 11 Nov 2011 21:22:49 -1000 Subject: refactor RemoteIp middleware - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. --- .../lib/action_dispatch/middleware/remote_ip.rb | 81 ++++++++++++---------- 1 file changed, 44 insertions(+), 37 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index c7d710b98e..79f9ddcd04 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -2,50 +2,57 @@ module ActionDispatch class RemoteIp class IpSpoofAttackError < StandardError ; end - class RemoteIpGetter - def initialize(env, check_ip_spoofing, trusted_proxies) - @env = env - @check_ip_spoofing = check_ip_spoofing - @trusted_proxies = trusted_proxies + # IP addresses that are "trusted proxies" that can be stripped from + # the comma-delimited list in the X-Forwarded-For header. See also: + # http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces + TRUSTED_PROXIES = %r{ + ^127\.0\.0\.1$ | # localhost + ^(10 | # private IP 10.x.x.x + 172\.(1[6-9]|2[0-9]|3[0-1]) | # private IP in the range 172.16.0.0 .. 172.31.255.255 + 192\.168 # private IP 192.168.x.x + )\. + }x + + def initialize(app, check_ip_spoofing = true, custom_proxies = nil) + @app = app + @check_ip_spoofing = check_ip_spoofing + if custom_proxies + custom_regexp = Regexp.new(custom_proxies, "i") + @trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp) + else + @trusted_proxies = TRUSTED_PROXIES end + end - def remote_addrs - @remote_addrs ||= begin - list = @env['REMOTE_ADDR'] ? @env['REMOTE_ADDR'].split(/[,\s]+/) : [] - list.reject { |addr| addr =~ @trusted_proxies } - end + # Determines originating IP address. REMOTE_ADDR is the standard + # but will be wrong if the user is behind a proxy. Proxies will set + # HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR, so we prioritize those. + # HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of + # multiple chained proxies. The last address which is not a known proxy + # will be the originating IP. + def call(env) + client_ip = env['HTTP_CLIENT_IP'] + forwarded_ips = ips_from(env, 'HTTP_X_FORWARDED_FOR') + remote_addrs = ips_from(env, 'REMOTE_ADDR') + + if client_ip && @check_ip_spoofing && !forwarded_ips.include?(client_ip) + # We don't know which came from the proxy, and which from the user + raise IpSpoofAttackError, "IP spoofing attack?!" \ + "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \ + "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}" end - def to_s - return remote_addrs.first if remote_addrs.any? - - forwarded_ips = @env['HTTP_X_FORWARDED_FOR'] ? @env['HTTP_X_FORWARDED_FOR'].strip.split(/[,\s]+/) : [] - - if client_ip = @env['HTTP_CLIENT_IP'] - if @check_ip_spoofing && !forwarded_ips.include?(client_ip) - # We don't know which came from the proxy, and which from the user - raise IpSpoofAttackError, "IP spoofing attack?!" \ - "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \ - "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" - end - return client_ip - end - - return forwarded_ips.reject { |ip| ip =~ @trusted_proxies }.last || @env["REMOTE_ADDR"] - end + remote_ip = client_ip || forwarded_ips.last || remote_addrs.last + env["action_dispatch.remote_ip"] = remote_ip + @app.call(env) end - def initialize(app, check_ip_spoofing = true, trusted_proxies = nil) - @app = app - @check_ip_spoofing = check_ip_spoofing - regex = '(^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.)' - regex << "|(#{trusted_proxies})" if trusted_proxies - @trusted_proxies = Regexp.new(regex, "i") - end + protected - def call(env) - env["action_dispatch.remote_ip"] = RemoteIpGetter.new(env, @check_ip_spoofing, @trusted_proxies) - @app.call(env) + def ips_from(env, header) + ips = env[header] ? env[header].strip.split(/[,\s]+/) : [] + ips.reject{|ip| ip =~ @trusted_proxies } end + end end \ No newline at end of file -- cgit v1.2.3 From 317f4e22365e2d9b8200aefbda943798e8f85a82 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sat, 12 Nov 2011 00:45:31 -1000 Subject: defer calculating the remote IP until requested --- .../lib/action_dispatch/middleware/remote_ip.rb | 60 +++++++++++++--------- 1 file changed, 36 insertions(+), 24 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 79f9ddcd04..3b813b03bb 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -13,6 +13,8 @@ module ActionDispatch )\. }x + attr_reader :check_ip_spoofing, :trusted_proxies + def initialize(app, check_ip_spoofing = true, custom_proxies = nil) @app = app @check_ip_spoofing = check_ip_spoofing @@ -24,35 +26,45 @@ module ActionDispatch end end - # Determines originating IP address. REMOTE_ADDR is the standard - # but will be wrong if the user is behind a proxy. Proxies will set - # HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR, so we prioritize those. - # HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of - # multiple chained proxies. The last address which is not a known proxy - # will be the originating IP. def call(env) - client_ip = env['HTTP_CLIENT_IP'] - forwarded_ips = ips_from(env, 'HTTP_X_FORWARDED_FOR') - remote_addrs = ips_from(env, 'REMOTE_ADDR') - - if client_ip && @check_ip_spoofing && !forwarded_ips.include?(client_ip) - # We don't know which came from the proxy, and which from the user - raise IpSpoofAttackError, "IP spoofing attack?!" \ - "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \ - "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}" - end - - remote_ip = client_ip || forwarded_ips.last || remote_addrs.last - env["action_dispatch.remote_ip"] = remote_ip + env["action_dispatch.remote_ip"] = GetIp.new(env, self) @app.call(env) end - protected + class GetIp + def initialize(env, middleware) + @env, @middleware = env, middleware + end + + # Determines originating IP address. REMOTE_ADDR is the standard + # but will be wrong if the user is behind a proxy. Proxies will set + # HTTP_CLIENT_IP and/or HTTP_X_FORWARDED_FOR, so we prioritize those. + # HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of + # multiple chained proxies. The last address which is not a known proxy + # will be the originating IP. + def to_s + client_ip = @env['HTTP_CLIENT_IP'] + forwarded_ips = ips_from('HTTP_X_FORWARDED_FOR') + remote_addrs = ips_from('REMOTE_ADDR') - def ips_from(env, header) - ips = env[header] ? env[header].strip.split(/[,\s]+/) : [] - ips.reject{|ip| ip =~ @trusted_proxies } + check_ip = client_ip && @middleware.check_ip_spoofing + if check_ip && !forwarded_ips.include?(client_ip) + # We don't know which came from the proxy, and which from the user + raise IpSpoofAttackError, "IP spoofing attack?!" \ + "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \ + "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}" + end + + client_ip || forwarded_ips.last || remote_addrs.last + end + + protected + + def ips_from(header) + ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : [] + ips.reject{|ip| ip =~ @middleware.trusted_proxies } + end end end -end \ No newline at end of file +end -- cgit v1.2.3 From 2189bff732490aa842c88f1691993520fa1eb9ab Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sun, 13 Nov 2011 10:20:29 -1000 Subject: correctly raise IpSpoofAttackError message --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 3b813b03bb..3208256d56 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -51,8 +51,8 @@ module ActionDispatch if check_ip && !forwarded_ips.include?(client_ip) # We don't know which came from the proxy, and which from the user raise IpSpoofAttackError, "IP spoofing attack?!" \ - "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \ - "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}" + "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \ + "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end client_ip || forwarded_ips.last || remote_addrs.last -- cgit v1.2.3 From 2d063c6269a546c8bab4b36c027246f582bfaa13 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sun, 13 Nov 2011 10:20:55 -1000 Subject: turns out the tests expect remote_addrs.first --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 3208256d56..5f81b639ae 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -55,7 +55,7 @@ module ActionDispatch "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end - client_ip || forwarded_ips.last || remote_addrs.last + client_ip || forwarded_ips.last || remote_addrs.first end protected -- cgit v1.2.3 From 9c4532bf74604ae1c52a44d1aa8c1022a312ff88 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Sun, 13 Nov 2011 10:22:12 -1000 Subject: remove ignored flag, fixes warnings --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 5f81b639ae..58e25aed5a 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -19,7 +19,7 @@ module ActionDispatch @app = app @check_ip_spoofing = check_ip_spoofing if custom_proxies - custom_regexp = Regexp.new(custom_proxies, "i") + custom_regexp = Regexp.new(custom_proxies) @trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp) else @trusted_proxies = TRUSTED_PROXIES -- cgit v1.2.3 From 00a0a4ddebe0160f851d28e29d5fb7e8e7a2a5dc Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Mon, 14 Nov 2011 11:20:20 -1000 Subject: cleaner names --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 58e25aed5a..446fcce823 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -13,16 +13,16 @@ module ActionDispatch )\. }x - attr_reader :check_ip_spoofing, :trusted_proxies + attr_reader :check_ip, :proxies def initialize(app, check_ip_spoofing = true, custom_proxies = nil) @app = app - @check_ip_spoofing = check_ip_spoofing + @check_ip = check_ip_spoofing if custom_proxies custom_regexp = Regexp.new(custom_proxies) - @trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp) + @proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp) else - @trusted_proxies = TRUSTED_PROXIES + @proxies = TRUSTED_PROXIES end end @@ -47,7 +47,7 @@ module ActionDispatch forwarded_ips = ips_from('HTTP_X_FORWARDED_FOR') remote_addrs = ips_from('REMOTE_ADDR') - check_ip = client_ip && @middleware.check_ip_spoofing + check_ip = client_ip && @middleware.check_ip if check_ip && !forwarded_ips.include?(client_ip) # We don't know which came from the proxy, and which from the user raise IpSpoofAttackError, "IP spoofing attack?!" \ @@ -62,7 +62,7 @@ module ActionDispatch def ips_from(header) ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : [] - ips.reject{|ip| ip =~ @middleware.trusted_proxies } + ips.reject{|ip| ip =~ @middleware.proxies } end end -- cgit v1.2.3 From cda1a5d5fe002ca92aca01586e8a60439605f960 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Mon, 14 Nov 2011 11:20:57 -1000 Subject: memoize the relatively expensive remote IP code --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 446fcce823..ee0d19a50d 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -42,7 +42,7 @@ module ActionDispatch # HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of # multiple chained proxies. The last address which is not a known proxy # will be the originating IP. - def to_s + def calculate_ip client_ip = @env['HTTP_CLIENT_IP'] forwarded_ips = ips_from('HTTP_X_FORWARDED_FOR') remote_addrs = ips_from('REMOTE_ADDR') @@ -58,6 +58,12 @@ module ActionDispatch client_ip || forwarded_ips.last || remote_addrs.first end + def to_s + return @ip if @calculated_ip + @calculated_ip = true + @ip = calculate_ip + end + protected def ips_from(header) -- cgit v1.2.3 From d743954792ccf5975a11ee88cdd690e8f1915728 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Mon, 14 Nov 2011 16:43:21 -1000 Subject: GetIp#to_s should never return nil. That's icky. --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index ee0d19a50d..77aa4e743e 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -55,7 +55,10 @@ module ActionDispatch "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end - client_ip || forwarded_ips.last || remote_addrs.first + not_proxy = client_ip || forwarded_ips.last || remote_addrs.first + + # Return first REMOTE_ADDR if there are no other options + not_proxy || ips_from('REMOTE_ADDR', :all).first end def to_s @@ -66,9 +69,9 @@ module ActionDispatch protected - def ips_from(header) + def ips_from(header, allow_proxies = false) ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : [] - ips.reject{|ip| ip =~ @middleware.proxies } + allow_proxies ? ips : ips.reject{|ip| ip =~ @middleware.proxies } end end -- cgit v1.2.3 From 8d1a2b3ecde5a8745b3eaab4763a71d80ca3441f Mon Sep 17 00:00:00 2001 From: Jon Leighton Date: Tue, 15 Nov 2011 22:47:18 +0000 Subject: Revert "Merge pull request #3640 from indirect/remote_ip" This reverts commit 6491aadc525b8703708e0fd0fbf05bd436a47801, reversing changes made to 83bf0b626cf2134260903e57d74f67de57384073. See https://github.com/rails/rails/pull/3640#issuecomment-2752761 for explanation. --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 77aa4e743e..ee0d19a50d 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -55,10 +55,7 @@ module ActionDispatch "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end - not_proxy = client_ip || forwarded_ips.last || remote_addrs.first - - # Return first REMOTE_ADDR if there are no other options - not_proxy || ips_from('REMOTE_ADDR', :all).first + client_ip || forwarded_ips.last || remote_addrs.first end def to_s @@ -69,9 +66,9 @@ module ActionDispatch protected - def ips_from(header, allow_proxies = false) + def ips_from(header) ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : [] - allow_proxies ? ips : ips.reject{|ip| ip =~ @middleware.proxies } + ips.reject{|ip| ip =~ @middleware.proxies } end end -- cgit v1.2.3 From f05ccf805a6d2a3ed73ef9928577e8b0ebbb3c49 Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Wed, 16 Nov 2011 12:53:43 -1000 Subject: Revert "Revert "Merge pull request #3640 from indirect/remote_ip"" This reverts commit 8d1a2b3ecde5a8745b3eaab4763a71d80ca3441f, because I have fixed the issues this commit caused in the next commit. --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index ee0d19a50d..77aa4e743e 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -55,7 +55,10 @@ module ActionDispatch "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}" end - client_ip || forwarded_ips.last || remote_addrs.first + not_proxy = client_ip || forwarded_ips.last || remote_addrs.first + + # Return first REMOTE_ADDR if there are no other options + not_proxy || ips_from('REMOTE_ADDR', :all).first end def to_s @@ -66,9 +69,9 @@ module ActionDispatch protected - def ips_from(header) + def ips_from(header, allow_proxies = false) ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : [] - ips.reject{|ip| ip =~ @middleware.proxies } + allow_proxies ? ips : ips.reject{|ip| ip =~ @middleware.proxies } end end -- cgit v1.2.3 From 5621abd5698536f1676306930f6aef105d7ae6dc Mon Sep 17 00:00:00 2001 From: Andre Arko Date: Wed, 16 Nov 2011 12:49:15 -1000 Subject: :facepalm: Request#remote_ip has to work without the middleware --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 77aa4e743e..3a88f2ca43 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -58,7 +58,7 @@ module ActionDispatch not_proxy = client_ip || forwarded_ips.last || remote_addrs.first # Return first REMOTE_ADDR if there are no other options - not_proxy || ips_from('REMOTE_ADDR', :all).first + not_proxy || ips_from('REMOTE_ADDR', :allow_proxies).first end def to_s -- cgit v1.2.3 From e3671422556ac61f39539264713ba9c04814b80f Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Wed, 16 Nov 2011 16:55:11 -0800 Subject: Initialize our instance variables. --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 3a88f2ca43..8dbe3af6f1 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -33,7 +33,9 @@ module ActionDispatch class GetIp def initialize(env, middleware) - @env, @middleware = env, middleware + @env = env + @middleware = middleware + @calculate_ip = false end # Determines originating IP address. REMOTE_ADDR is the standard -- cgit v1.2.3 From c3ae1d2aec400d6aaea78bd94eb7845b71f1ec15 Mon Sep 17 00:00:00 2001 From: Arun Agrawal Date: Thu, 17 Nov 2011 12:50:19 +0530 Subject: It should be @calculated_ip not @calculate_ip We are using @calculated_ip. @calculate_ip is no where used --- actionpack/lib/action_dispatch/middleware/remote_ip.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index 8dbe3af6f1..66ece60860 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -35,7 +35,7 @@ module ActionDispatch def initialize(env, middleware) @env = env @middleware = middleware - @calculate_ip = false + @calculated_ip = false end # Determines originating IP address. REMOTE_ADDR is the standard -- cgit v1.2.3 From a9e8cf78fda696738f63e726796f6232c3751603 Mon Sep 17 00:00:00 2001 From: lest Date: Mon, 21 Nov 2011 20:13:54 +0300 Subject: add ActionController::Metal#show_detailed_exceptions? --- .../lib/action_dispatch/middleware/show_exceptions.rb | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index 2fa68c64c5..569063f4db 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -38,9 +38,8 @@ module ActionDispatch "application's log file and/or the web server's log file to find out what " << "went wrong."]] - def initialize(app, consider_all_requests_local = false) + def initialize(app) @app = app - @consider_all_requests_local = consider_all_requests_local end def call(env) @@ -65,11 +64,10 @@ module ActionDispatch log_error(exception) exception = original_exception(exception) - request = Request.new(env) - if @consider_all_requests_local || request.local? - rescue_action_locally(request, exception) + if env['action_dispatch.show_detailed_exceptions'] == true + rescue_action_diagnostics(env, exception) else - rescue_action_in_public(exception) + rescue_action_error_page(exception) end rescue Exception => failsafe_error $stderr.puts "Error during failsafe response: #{failsafe_error}\n #{failsafe_error.backtrace * "\n "}" @@ -78,9 +76,9 @@ module ActionDispatch # Render detailed diagnostics for unhandled exceptions rescued from # a controller action. - def rescue_action_locally(request, exception) + def rescue_action_diagnostics(env, exception) template = ActionView::Base.new([RESCUES_TEMPLATE_PATH], - :request => request, + :request => Request.new(env), :exception => exception, :application_trace => application_trace(exception), :framework_trace => framework_trace(exception), @@ -98,7 +96,7 @@ module ActionDispatch # it will first attempt to render the file at public/500.da.html # then attempt to render public/500.html. If none of them exist, # the body of the response will be left empty. - def rescue_action_in_public(exception) + def rescue_action_error_page(exception) status = status_code(exception) locale_path = "#{public_path}/#{status}.#{I18n.locale}.html" if I18n.locale path = "#{public_path}/#{status}.html" -- cgit v1.2.3 From 3a1d51959bf569a7419fe8ab9416b338334b4800 Mon Sep 17 00:00:00 2001 From: lest Date: Tue, 22 Nov 2011 17:36:58 +0300 Subject: deprecation warning, changelog entry --- actionpack/lib/action_dispatch/middleware/show_exceptions.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index 569063f4db..52dce4cc81 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -2,6 +2,7 @@ require 'active_support/core_ext/exception' require 'action_controller/metal/exceptions' require 'active_support/notifications' require 'action_dispatch/http/request' +require 'active_support/deprecation' module ActionDispatch # This middleware rescues any exception returned by the application and renders @@ -38,7 +39,8 @@ module ActionDispatch "application's log file and/or the web server's log file to find out what " << "went wrong."]] - def initialize(app) + def initialize(app, consider_all_requests_local = nil) + ActiveSupport::Deprecation.warn "Passing consider_all_requests_local option to ActionDispatch::ShowExceptions middleware no longer works" unless consider_all_requests_local.nil? @app = app end -- cgit v1.2.3 From ea70e027b63a1b8bfe4087a4de978ad4eef5575b Mon Sep 17 00:00:00 2001 From: kennyj Date: Wed, 23 Nov 2011 23:49:43 +0900 Subject: Remove unreachable code, and add additional testcases. --- actionpack/lib/action_dispatch/middleware/params_parser.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/params_parser.rb b/actionpack/lib/action_dispatch/middleware/params_parser.rb index d4208ca96e..84e3dd16dd 100644 --- a/actionpack/lib/action_dispatch/middleware/params_parser.rb +++ b/actionpack/lib/action_dispatch/middleware/params_parser.rb @@ -54,12 +54,7 @@ module ActionDispatch rescue Exception => e # YAML, XML or Ruby code block errors logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}" - raise - { "body" => request.raw_post, - "content_type" => request.content_mime_type, - "content_length" => request.content_length, - "exception" => "#{e.message} (#{e.class})", - "backtrace" => e.backtrace } + raise e end def content_type_from_legacy_post_data_format_header(env) -- cgit v1.2.3 From 98a1717e7c094d011c89ea1ed88673a595af2de8 Mon Sep 17 00:00:00 2001 From: lest Date: Wed, 23 Nov 2011 23:36:56 +0300 Subject: configuration option to always write cookie --- actionpack/lib/action_dispatch/middleware/cookies.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index a4ffd40a66..51cec41a34 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -243,10 +243,13 @@ module ActionDispatch @delete_cookies.clear end + mattr_accessor :always_write_cookie + self.always_write_cookie = false + private def write_cookie?(cookie) - @secure || !cookie[:secure] || defined?(Rails.env) && Rails.env.development? + @secure || !cookie[:secure] || always_write_cookie end end -- cgit v1.2.3 From cd9d28d6fdff6819dac3c6643fe882eb568b5a39 Mon Sep 17 00:00:00 2001 From: lest Date: Thu, 24 Nov 2011 22:37:48 +0300 Subject: middlewares should use logger from env --- .../lib/action_dispatch/middleware/params_parser.rb | 6 +++--- .../lib/action_dispatch/middleware/show_exceptions.rb | 16 ++++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/params_parser.rb b/actionpack/lib/action_dispatch/middleware/params_parser.rb index 84e3dd16dd..6ded9dbfed 100644 --- a/actionpack/lib/action_dispatch/middleware/params_parser.rb +++ b/actionpack/lib/action_dispatch/middleware/params_parser.rb @@ -52,7 +52,7 @@ module ActionDispatch false end rescue Exception => e # YAML, XML or Ruby code block errors - logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}" + logger(env).debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}" raise e end @@ -68,8 +68,8 @@ module ActionDispatch nil end - def logger - defined?(Rails.logger) ? Rails.logger : Logger.new($stderr) + def logger(env) + env['action_dispatch.logger'] || Logger.new($stderr) end end end diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index 52dce4cc81..8dc2820d37 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -63,7 +63,7 @@ module ActionDispatch private def render_exception(env, exception) - log_error(exception) + log_error(env, exception) exception = original_exception(exception) if env['action_dispatch.show_detailed_exceptions'] == true @@ -124,14 +124,14 @@ module ActionDispatch defined?(Rails.public_path) ? Rails.public_path : 'public_path' end - def log_error(exception) - return unless logger + def log_error(env, exception) + return unless logger(env) ActiveSupport::Deprecation.silence do message = "\n#{exception.class} (#{exception.message}):\n" message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code) message << " " << application_trace(exception).join("\n ") - logger.fatal("#{message}\n\n") + logger(env).fatal("#{message}\n\n") end end @@ -153,8 +153,12 @@ module ActionDispatch exception.backtrace end - def logger - defined?(Rails.logger) ? Rails.logger : Logger.new($stderr) + def logger(env) + env['action_dispatch.logger'] || stderr_logger + end + + def stderr_logger + Logger.new($stderr) end def original_exception(exception) -- cgit v1.2.3 From fe7d4f09ef2296e45ab4a82c1556c63382856607 Mon Sep 17 00:00:00 2001 From: lest Date: Mon, 28 Nov 2011 19:25:37 +0300 Subject: put backtrace_cleaner to env --- .../action_dispatch/middleware/show_exceptions.rb | 26 +++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'actionpack/lib/action_dispatch/middleware') diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb index 8dc2820d37..c850e25507 100644 --- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb +++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb @@ -82,9 +82,9 @@ module ActionDispatch template = ActionView::Base.new([RESCUES_TEMPLATE_PATH], :request => Request.new(env), :exception => exception, - :application_trace => application_trace(exception), - :framework_trace => framework_trace(exception), - :full_trace => full_trace(exception) + :application_trace => application_trace(env, exception), + :framework_trace => framework_trace(env, exception), + :full_trace => full_trace(env, exception) ) file = "rescues/#{@@rescue_templates[exception.class.name]}" body = template.render(:template => file, :layout => 'rescues/layout') @@ -130,26 +130,26 @@ module ActionDispatch ActiveSupport::Deprecation.silence do message = "\n#{exception.class} (#{exception.message}):\n" message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code) - message << " " << application_trace(exception).join("\n ") + message << " " << application_trace(env, exception).join("\n ") logger(env).fatal("#{message}\n\n") end end - def application_trace(exception) - clean_backtrace(exception, :silent) + def application_trace(env, exception) + clean_backtrace(env, exception, :silent) end - def framework_trace(exception) - clean_backtrace(exception, :noise) + def framework_trace(env, exception) + clean_backtrace(env, exception, :noise) end - def full_trace(exception) - clean_backtrace(exception, :all) + def full_trace(env, exception) + clean_backtrace(env, exception, :all) end - def clean_backtrace(exception, *args) - defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ? - Rails.backtrace_cleaner.clean(exception.backtrace, *args) : + def clean_backtrace(env, exception, *args) + env['action_dispatch.backtrace_cleaner'] ? + env['action_dispatch.backtrace_cleaner'].clean(exception.backtrace, *args) : exception.backtrace end -- cgit v1.2.3