From a0f2b1d95d3785de92ae271fd7ea23e91c0cadc6 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Tue, 27 Jan 2009 18:17:39 -0600 Subject: Reorganize ActionController folder structure --- actionpack/lib/action_controller.rb | 94 +- .../action_controller/assertions/dom_assertions.rb | 39 - .../assertions/model_assertions.rb | 21 - .../assertions/response_assertions.rb | 150 --- .../assertions/routing_assertions.rb | 146 -- .../assertions/selector_assertions.rb | 632 --------- .../action_controller/assertions/tag_assertions.rb | 127 -- actionpack/lib/action_controller/base.rb | 1392 -------------------- actionpack/lib/action_controller/base/base.rb | 904 +++++++++++++ .../action_controller/base/chained/benchmarking.rb | 107 ++ .../lib/action_controller/base/chained/filters.rb | 680 ++++++++++ .../lib/action_controller/base/chained/flash.rb | 163 +++ actionpack/lib/action_controller/base/cookies.rb | 94 ++ actionpack/lib/action_controller/base/headers.rb | 33 + actionpack/lib/action_controller/base/helpers.rb | 225 ++++ .../action_controller/base/http_authentication.rb | 124 ++ actionpack/lib/action_controller/base/layout.rb | 244 ++++ actionpack/lib/action_controller/base/redirect.rb | 91 ++ actionpack/lib/action_controller/base/render.rb | 378 ++++++ .../base/request_forgery_protection.rb | 108 ++ actionpack/lib/action_controller/base/responder.rb | 41 + actionpack/lib/action_controller/base/streaming.rb | 171 +++ .../lib/action_controller/base/verification.rb | 130 ++ actionpack/lib/action_controller/benchmarking.rb | 107 -- actionpack/lib/action_controller/cgi/ext.rb | 15 + actionpack/lib/action_controller/cgi/ext/cookie.rb | 112 ++ .../action_controller/cgi/ext/query_extension.rb | 22 + .../lib/action_controller/cgi/ext/stdinput.rb | 24 + actionpack/lib/action_controller/cgi/process.rb | 70 + actionpack/lib/action_controller/cgi_ext.rb | 15 - actionpack/lib/action_controller/cgi_ext/cookie.rb | 112 -- .../action_controller/cgi_ext/query_extension.rb | 22 - .../lib/action_controller/cgi_ext/stdinput.rb | 24 - actionpack/lib/action_controller/cgi_process.rb | 72 - actionpack/lib/action_controller/cookies.rb | 94 -- .../lib/action_controller/dispatch/dispatcher.rb | 116 ++ .../action_controller/dispatch/params_parser.rb | 71 + .../action_controller/dispatch/rack/failsafe.rb | 52 + .../lib/action_controller/dispatch/rack/lock.rb | 16 + .../dispatch/rack/middleware_stack.rb | 109 ++ .../action_controller/dispatch/rack/middlewares.rb | 21 + .../lib/action_controller/dispatch/request.rb | 492 +++++++ .../action_controller/dispatch/request_parser.rb | 315 +++++ .../lib/action_controller/dispatch/rescue.rb | 179 +++ .../lib/action_controller/dispatch/response.rb | 255 ++++ .../action_controller/dispatch/rewindable_input.rb | 28 + .../lib/action_controller/dispatch/status_codes.rb | 88 ++ .../templates/rescues/_request_and_response.erb | 24 + .../dispatch/templates/rescues/_trace.erb | 26 + .../dispatch/templates/rescues/diagnostics.erb | 10 + .../dispatch/templates/rescues/layout.erb | 29 + .../templates/rescues/missing_template.erb | 2 + .../dispatch/templates/rescues/routing_error.erb | 10 + .../dispatch/templates/rescues/template_error.erb | 21 + .../dispatch/templates/rescues/unknown_action.erb | 2 + .../action_controller/dispatch/uploaded_file.rb | 44 + .../dispatch/url_encoded_pair_parser.rb | 155 +++ actionpack/lib/action_controller/dispatcher.rb | 116 -- actionpack/lib/action_controller/failsafe.rb | 52 - actionpack/lib/action_controller/filters.rb | 680 ---------- actionpack/lib/action_controller/flash.rb | 163 --- actionpack/lib/action_controller/headers.rb | 33 - actionpack/lib/action_controller/helpers.rb | 225 ---- .../lib/action_controller/http_authentication.rb | 124 -- actionpack/lib/action_controller/integration.rb | 676 ---------- actionpack/lib/action_controller/layout.rb | 244 ---- .../lib/action_controller/middleware_stack.rb | 109 -- actionpack/lib/action_controller/middlewares.rb | 21 - .../lib/action_controller/mime/default_types.rb | 21 + actionpack/lib/action_controller/mime/responds.rb | 190 +++ actionpack/lib/action_controller/mime/type.rb | 214 +++ actionpack/lib/action_controller/mime_responds.rb | 190 --- actionpack/lib/action_controller/mime_type.rb | 214 --- actionpack/lib/action_controller/mime_types.rb | 21 - actionpack/lib/action_controller/params_parser.rb | 71 - .../lib/action_controller/performance_test.rb | 15 - .../lib/action_controller/polymorphic_routes.rb | 201 --- .../lib/action_controller/record_identifier.rb | 2 +- actionpack/lib/action_controller/request.rb | 492 ------- .../request_forgery_protection.rb | 108 -- actionpack/lib/action_controller/rescue.rb | 179 --- actionpack/lib/action_controller/resources.rb | 674 ---------- actionpack/lib/action_controller/response.rb | 255 ---- .../lib/action_controller/rewindable_input.rb | 28 - .../routing/generation/polymorphic_routes.rb | 201 +++ .../routing/generation/url_rewriter.rb | 219 +++ .../lib/action_controller/routing/resources.rb | 674 ++++++++++ .../lib/action_controller/session/management.rb | 54 + .../lib/action_controller/session_management.rb | 54 - actionpack/lib/action_controller/status_codes.rb | 88 -- actionpack/lib/action_controller/streaming.rb | 171 --- .../templates/rescues/_request_and_response.erb | 24 - .../action_controller/templates/rescues/_trace.erb | 26 - .../templates/rescues/diagnostics.erb | 10 - .../action_controller/templates/rescues/layout.erb | 29 - .../templates/rescues/missing_template.erb | 2 - .../templates/rescues/routing_error.erb | 10 - .../templates/rescues/template_error.erb | 21 - .../templates/rescues/unknown_action.erb | 2 - actionpack/lib/action_controller/test_case.rb | 199 --- actionpack/lib/action_controller/test_process.rb | 543 -------- .../action_controller/testing/assertions/dom.rb | 39 + .../action_controller/testing/assertions/model.rb | 21 + .../testing/assertions/response.rb | 150 +++ .../testing/assertions/routing.rb | 146 ++ .../testing/assertions/selector.rb | 632 +++++++++ .../action_controller/testing/assertions/tag.rb | 127 ++ .../lib/action_controller/testing/integration.rb | 676 ++++++++++ .../lib/action_controller/testing/performance.rb | 15 + .../lib/action_controller/testing/process.rb | 543 ++++++++ .../lib/action_controller/testing/test_case.rb | 199 +++ actionpack/lib/action_controller/uploaded_file.rb | 44 - .../action_controller/url_encoded_pair_parser.rb | 155 --- actionpack/lib/action_controller/url_rewriter.rb | 219 --- actionpack/lib/action_controller/verification.rb | 130 -- actionpack/lib/action_view/render/partials.rb | 28 + 116 files changed, 9998 insertions(+), 9619 deletions(-) delete mode 100644 actionpack/lib/action_controller/assertions/dom_assertions.rb delete mode 100644 actionpack/lib/action_controller/assertions/model_assertions.rb delete mode 100644 actionpack/lib/action_controller/assertions/response_assertions.rb delete mode 100644 actionpack/lib/action_controller/assertions/routing_assertions.rb delete mode 100644 actionpack/lib/action_controller/assertions/selector_assertions.rb delete mode 100644 actionpack/lib/action_controller/assertions/tag_assertions.rb delete mode 100644 actionpack/lib/action_controller/base.rb create mode 100644 actionpack/lib/action_controller/base/base.rb create mode 100644 actionpack/lib/action_controller/base/chained/benchmarking.rb create mode 100644 actionpack/lib/action_controller/base/chained/filters.rb create mode 100644 actionpack/lib/action_controller/base/chained/flash.rb create mode 100644 actionpack/lib/action_controller/base/cookies.rb create mode 100644 actionpack/lib/action_controller/base/headers.rb create mode 100644 actionpack/lib/action_controller/base/helpers.rb create mode 100644 actionpack/lib/action_controller/base/http_authentication.rb create mode 100644 actionpack/lib/action_controller/base/layout.rb create mode 100644 actionpack/lib/action_controller/base/redirect.rb create mode 100644 actionpack/lib/action_controller/base/render.rb create mode 100644 actionpack/lib/action_controller/base/request_forgery_protection.rb create mode 100644 actionpack/lib/action_controller/base/responder.rb create mode 100644 actionpack/lib/action_controller/base/streaming.rb create mode 100644 actionpack/lib/action_controller/base/verification.rb delete mode 100644 actionpack/lib/action_controller/benchmarking.rb create mode 100644 actionpack/lib/action_controller/cgi/ext.rb create mode 100644 actionpack/lib/action_controller/cgi/ext/cookie.rb create mode 100644 actionpack/lib/action_controller/cgi/ext/query_extension.rb create mode 100644 actionpack/lib/action_controller/cgi/ext/stdinput.rb create mode 100644 actionpack/lib/action_controller/cgi/process.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/cookie.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/query_extension.rb delete mode 100644 actionpack/lib/action_controller/cgi_ext/stdinput.rb delete mode 100644 actionpack/lib/action_controller/cgi_process.rb delete mode 100644 actionpack/lib/action_controller/cookies.rb create mode 100644 actionpack/lib/action_controller/dispatch/dispatcher.rb create mode 100644 actionpack/lib/action_controller/dispatch/params_parser.rb create mode 100644 actionpack/lib/action_controller/dispatch/rack/failsafe.rb create mode 100644 actionpack/lib/action_controller/dispatch/rack/lock.rb create mode 100644 actionpack/lib/action_controller/dispatch/rack/middleware_stack.rb create mode 100644 actionpack/lib/action_controller/dispatch/rack/middlewares.rb create mode 100755 actionpack/lib/action_controller/dispatch/request.rb create mode 100644 actionpack/lib/action_controller/dispatch/request_parser.rb create mode 100644 actionpack/lib/action_controller/dispatch/rescue.rb create mode 100644 actionpack/lib/action_controller/dispatch/response.rb create mode 100644 actionpack/lib/action_controller/dispatch/rewindable_input.rb create mode 100644 actionpack/lib/action_controller/dispatch/status_codes.rb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/_request_and_response.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/_trace.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/diagnostics.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/layout.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/missing_template.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/routing_error.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/template_error.erb create mode 100644 actionpack/lib/action_controller/dispatch/templates/rescues/unknown_action.erb create mode 100644 actionpack/lib/action_controller/dispatch/uploaded_file.rb create mode 100644 actionpack/lib/action_controller/dispatch/url_encoded_pair_parser.rb delete mode 100644 actionpack/lib/action_controller/dispatcher.rb delete mode 100644 actionpack/lib/action_controller/failsafe.rb delete mode 100644 actionpack/lib/action_controller/filters.rb delete mode 100644 actionpack/lib/action_controller/flash.rb delete mode 100644 actionpack/lib/action_controller/headers.rb delete mode 100644 actionpack/lib/action_controller/helpers.rb delete mode 100644 actionpack/lib/action_controller/http_authentication.rb delete mode 100644 actionpack/lib/action_controller/integration.rb delete mode 100644 actionpack/lib/action_controller/layout.rb delete mode 100644 actionpack/lib/action_controller/middleware_stack.rb delete mode 100644 actionpack/lib/action_controller/middlewares.rb create mode 100644 actionpack/lib/action_controller/mime/default_types.rb create mode 100644 actionpack/lib/action_controller/mime/responds.rb create mode 100644 actionpack/lib/action_controller/mime/type.rb delete mode 100644 actionpack/lib/action_controller/mime_responds.rb delete mode 100644 actionpack/lib/action_controller/mime_type.rb delete mode 100644 actionpack/lib/action_controller/mime_types.rb delete mode 100644 actionpack/lib/action_controller/params_parser.rb delete mode 100644 actionpack/lib/action_controller/performance_test.rb delete mode 100644 actionpack/lib/action_controller/polymorphic_routes.rb delete mode 100755 actionpack/lib/action_controller/request.rb delete mode 100644 actionpack/lib/action_controller/request_forgery_protection.rb delete mode 100644 actionpack/lib/action_controller/rescue.rb delete mode 100644 actionpack/lib/action_controller/resources.rb delete mode 100644 actionpack/lib/action_controller/response.rb delete mode 100644 actionpack/lib/action_controller/rewindable_input.rb create mode 100644 actionpack/lib/action_controller/routing/generation/polymorphic_routes.rb create mode 100644 actionpack/lib/action_controller/routing/generation/url_rewriter.rb create mode 100644 actionpack/lib/action_controller/routing/resources.rb create mode 100644 actionpack/lib/action_controller/session/management.rb delete mode 100644 actionpack/lib/action_controller/session_management.rb delete mode 100644 actionpack/lib/action_controller/status_codes.rb delete mode 100644 actionpack/lib/action_controller/streaming.rb delete mode 100644 actionpack/lib/action_controller/templates/rescues/_request_and_response.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/_trace.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/diagnostics.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/layout.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/missing_template.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/routing_error.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/template_error.erb delete mode 100644 actionpack/lib/action_controller/templates/rescues/unknown_action.erb delete mode 100644 actionpack/lib/action_controller/test_case.rb delete mode 100644 actionpack/lib/action_controller/test_process.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/dom.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/model.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/response.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/routing.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/selector.rb create mode 100644 actionpack/lib/action_controller/testing/assertions/tag.rb create mode 100644 actionpack/lib/action_controller/testing/integration.rb create mode 100644 actionpack/lib/action_controller/testing/performance.rb create mode 100644 actionpack/lib/action_controller/testing/process.rb create mode 100644 actionpack/lib/action_controller/testing/test_case.rb delete mode 100644 actionpack/lib/action_controller/uploaded_file.rb delete mode 100644 actionpack/lib/action_controller/url_encoded_pair_parser.rb delete mode 100644 actionpack/lib/action_controller/url_rewriter.rb delete mode 100644 actionpack/lib/action_controller/verification.rb (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index 6000ee15c6..d973cbb382 100644 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -44,57 +44,61 @@ module ActionController [Base, CGIHandler, CgiRequest, Request, Response, Http::Headers, UrlRewriter, UrlWriter] end - autoload :AbstractRequest, 'action_controller/request' - autoload :Base, 'action_controller/base' - autoload :Benchmarking, 'action_controller/benchmarking' + autoload :Base, 'action_controller/base/base' + autoload :Benchmarking, 'action_controller/base/chained/benchmarking' autoload :Caching, 'action_controller/caching' - autoload :Cookies, 'action_controller/cookies' - autoload :Dispatcher, 'action_controller/dispatcher' - autoload :Failsafe, 'action_controller/failsafe' - autoload :Filters, 'action_controller/filters' - autoload :Flash, 'action_controller/flash' - autoload :Helpers, 'action_controller/helpers' - autoload :HttpAuthentication, 'action_controller/http_authentication' - autoload :Integration, 'action_controller/integration' - autoload :IntegrationTest, 'action_controller/integration' - autoload :Layout, 'action_controller/layout' - autoload :MiddlewareStack, 'action_controller/middleware_stack' - autoload :MimeResponds, 'action_controller/mime_responds' - autoload :ParamsParser, 'action_controller/params_parser' - autoload :PolymorphicRoutes, 'action_controller/polymorphic_routes' + autoload :Cookies, 'action_controller/base/cookies' + autoload :Dispatcher, 'action_controller/dispatch/dispatcher' + autoload :Failsafe, 'action_controller/dispatch/rack/failsafe' + autoload :Filters, 'action_controller/base/chained/filters' + autoload :Flash, 'action_controller/base/chained/flash' + autoload :Helpers, 'action_controller/base/helpers' + autoload :HttpAuthentication, 'action_controller/base/http_authentication' + autoload :Integration, 'action_controller/testing/integration' + autoload :IntegrationTest, 'action_controller/testing/integration' + autoload :Layout, 'action_controller/base/layout' + autoload :Lock, 'action_controller/dispatch/rack/lock' + autoload :MiddlewareStack, 'action_controller/dispatch/rack/middleware_stack' + autoload :MimeResponds, 'action_controller/mime/responds' + autoload :ParamsParser, 'action_controller/dispatch/params_parser' + autoload :PolymorphicRoutes, 'action_controller/routing/generation/polymorphic_routes' autoload :RecordIdentifier, 'action_controller/record_identifier' - autoload :Request, 'action_controller/request' - autoload :RequestForgeryProtection, 'action_controller/request_forgery_protection' - autoload :Rescue, 'action_controller/rescue' - autoload :Resources, 'action_controller/resources' - autoload :Response, 'action_controller/response' - autoload :RewindableInput, 'action_controller/rewindable_input' + autoload :Redirector, 'action_controller/base/redirect' + autoload :Renderer, 'action_controller/base/render' + autoload :Request, 'action_controller/dispatch/request' + autoload :RequestForgeryProtection, 'action_controller/base/request_forgery_protection' + autoload :RequestParser, 'action_controller/dispatch/request_parser' + autoload :Rescue, 'action_controller/dispatch/rescue' + autoload :Resources, 'action_controller/routing/resources' + autoload :Responder, 'action_controller/base/responder' + autoload :Response, 'action_controller/dispatch/response' + autoload :RewindableInput, 'action_controller/dispatch/rewindable_input' autoload :Routing, 'action_controller/routing' - autoload :SessionManagement, 'action_controller/session_management' - autoload :StatusCodes, 'action_controller/status_codes' - autoload :Streaming, 'action_controller/streaming' - autoload :TestCase, 'action_controller/test_case' - autoload :TestProcess, 'action_controller/test_process' + autoload :SessionManagement, 'action_controller/session/management' + autoload :StatusCodes, 'action_controller/dispatch/status_codes' + autoload :Streaming, 'action_controller/base/streaming' + autoload :TestCase, 'action_controller/testing/test_case' + autoload :TestProcess, 'action_controller/testing/process' autoload :Translation, 'action_controller/translation' - autoload :UploadedFile, 'action_controller/uploaded_file' - autoload :UploadedStringIO, 'action_controller/uploaded_file' - autoload :UploadedTempfile, 'action_controller/uploaded_file' - autoload :UrlEncodedPairParser, 'action_controller/url_encoded_pair_parser' - autoload :UrlRewriter, 'action_controller/url_rewriter' - autoload :UrlWriter, 'action_controller/url_rewriter' - autoload :Verification, 'action_controller/verification' + autoload :UploadedFile, 'action_controller/dispatch/uploaded_file' + autoload :UploadedStringIO, 'action_controller/dispatch/uploaded_file' + autoload :UploadedTempfile, 'action_controller/dispatch/uploaded_file' + autoload :UrlEncodedPairParser, 'action_controller/dispatch/url_encoded_pair_parser' + autoload :UrlRewriter, 'action_controller/routing/generation/url_rewriter' + autoload :UrlWriter, 'action_controller/routing/generation/url_rewriter' + autoload :Verification, 'action_controller/base/verification' module Assertions - autoload :DomAssertions, 'action_controller/assertions/dom_assertions' - autoload :ModelAssertions, 'action_controller/assertions/model_assertions' - autoload :ResponseAssertions, 'action_controller/assertions/response_assertions' - autoload :RoutingAssertions, 'action_controller/assertions/routing_assertions' - autoload :SelectorAssertions, 'action_controller/assertions/selector_assertions' - autoload :TagAssertions, 'action_controller/assertions/tag_assertions' + autoload :DomAssertions, 'action_controller/testing/assertions/dom' + autoload :ModelAssertions, 'action_controller/testing/assertions/model' + autoload :ResponseAssertions, 'action_controller/testing/assertions/response' + autoload :RoutingAssertions, 'action_controller/testing/assertions/routing' + autoload :SelectorAssertions, 'action_controller/testing/assertions/selector' + autoload :TagAssertions, 'action_controller/testing/assertions/tag' end module Http - autoload :Headers, 'action_controller/headers' + autoload :Headers, 'action_controller/base/headers' end module Session @@ -102,13 +106,9 @@ module ActionController autoload :CookieStore, 'action_controller/session/cookie_store' autoload :MemCacheStore, 'action_controller/session/mem_cache_store' end - - # DEPRECATE: Remove CGI support - autoload :CgiRequest, 'action_controller/cgi_process' - autoload :CGIHandler, 'action_controller/cgi_process' end -autoload :Mime, 'action_controller/mime_type' +autoload :Mime, 'action_controller/mime/type' autoload :HTML, 'action_controller/vendor/html-scanner' diff --git a/actionpack/lib/action_controller/assertions/dom_assertions.rb b/actionpack/lib/action_controller/assertions/dom_assertions.rb deleted file mode 100644 index 5ffe5f1883..0000000000 --- a/actionpack/lib/action_controller/assertions/dom_assertions.rb +++ /dev/null @@ -1,39 +0,0 @@ -module ActionController - module Assertions - module DomAssertions - # Test two HTML strings for equivalency (e.g., identical up to reordering of attributes) - # - # ==== Examples - # - # # assert that the referenced method generates the appropriate HTML string - # assert_dom_equal 'Apples', link_to("Apples", "http://www.example.com") - # - def assert_dom_equal(expected, actual, message = "") - clean_backtrace do - expected_dom = HTML::Document.new(expected).root - actual_dom = HTML::Document.new(actual).root - full_message = build_message(message, " expected to be == to\n.", expected_dom.to_s, actual_dom.to_s) - - assert_block(full_message) { expected_dom == actual_dom } - end - end - - # The negated form of +assert_dom_equivalent+. - # - # ==== Examples - # - # # assert that the referenced method does not generate the specified HTML string - # assert_dom_not_equal 'Apples', link_to("Oranges", "http://www.example.com") - # - def assert_dom_not_equal(expected, actual, message = "") - clean_backtrace do - expected_dom = HTML::Document.new(expected).root - actual_dom = HTML::Document.new(actual).root - full_message = build_message(message, " expected to be != to\n.", expected_dom.to_s, actual_dom.to_s) - - assert_block(full_message) { expected_dom != actual_dom } - end - end - end - end -end diff --git a/actionpack/lib/action_controller/assertions/model_assertions.rb b/actionpack/lib/action_controller/assertions/model_assertions.rb deleted file mode 100644 index 3a7b39b106..0000000000 --- a/actionpack/lib/action_controller/assertions/model_assertions.rb +++ /dev/null @@ -1,21 +0,0 @@ -module ActionController - module Assertions - module ModelAssertions - # Ensures that the passed record is valid by Active Record standards and - # returns any error messages if it is not. - # - # ==== Examples - # - # # assert that a newly created record is valid - # model = Model.new - # assert_valid(model) - # - def assert_valid(record) - ::ActiveSupport::Deprecation.warn("assert_valid is deprecated. Use assert record.valid? instead", caller) - clean_backtrace do - assert record.valid?, record.errors.full_messages.join("\n") - end - end - end - end -end diff --git a/actionpack/lib/action_controller/assertions/response_assertions.rb b/actionpack/lib/action_controller/assertions/response_assertions.rb deleted file mode 100644 index 5976090273..0000000000 --- a/actionpack/lib/action_controller/assertions/response_assertions.rb +++ /dev/null @@ -1,150 +0,0 @@ -module ActionController - module Assertions - # A small suite of assertions that test responses from Rails applications. - module ResponseAssertions - # Asserts that the response is one of the following types: - # - # * :success - Status code was 200 - # * :redirect - Status code was in the 300-399 range - # * :missing - Status code was 404 - # * :error - Status code was in the 500-599 range - # - # You can also pass an explicit status number like assert_response(501) - # or its symbolic equivalent assert_response(:not_implemented). - # See ActionController::StatusCodes for a full list. - # - # ==== Examples - # - # # assert that the response was a redirection - # assert_response :redirect - # - # # assert that the response code was status code 401 (unauthorized) - # assert_response 401 - # - def assert_response(type, message = nil) - clean_backtrace do - if [ :success, :missing, :redirect, :error ].include?(type) && @response.send("#{type}?") - assert_block("") { true } # to count the assertion - elsif type.is_a?(Fixnum) && @response.response_code == type - assert_block("") { true } # to count the assertion - elsif type.is_a?(Symbol) && @response.response_code == ActionController::StatusCodes::SYMBOL_TO_STATUS_CODE[type] - assert_block("") { true } # to count the assertion - else - if @response.error? - exception = @response.template.instance_variable_get(:@exception) - exception_message = exception && exception.message - assert_block(build_message(message, "Expected response to be a , but was \n", type, @response.response_code, exception_message.to_s)) { false } - else - assert_block(build_message(message, "Expected response to be a , but was ", type, @response.response_code)) { false } - end - end - end - end - - # Assert that the redirection options passed in match those of the redirect called in the latest action. - # This match can be partial, such that assert_redirected_to(:controller => "weblog") will also - # match the redirection of redirect_to(:controller => "weblog", :action => "show") and so on. - # - # ==== Examples - # - # # assert that the redirection was to the "index" action on the WeblogController - # assert_redirected_to :controller => "weblog", :action => "index" - # - # # assert that the redirection was to the named route login_url - # assert_redirected_to login_url - # - # # assert that the redirection was to the url for @customer - # assert_redirected_to @customer - # - def assert_redirected_to(options = {}, message=nil) - clean_backtrace do - assert_response(:redirect, message) - return true if options == @response.redirected_to - - # Support partial arguments for hash redirections - if options.is_a?(Hash) && @response.redirected_to.is_a?(Hash) - return true if options.all? {|(key, value)| @response.redirected_to[key] == value} - end - - redirected_to_after_normalisation = normalize_argument_to_redirection(@response.redirected_to) - options_after_normalisation = normalize_argument_to_redirection(options) - - if redirected_to_after_normalisation != options_after_normalisation - flunk "Expected response to be a redirect to <#{options_after_normalisation}> but was a redirect to <#{redirected_to_after_normalisation}>" - end - end - end - - # Asserts that the request was rendered with the appropriate template file or partials - # - # ==== Examples - # - # # assert that the "new" view template was rendered - # assert_template "new" - # - # # assert that the "_customer" partial was rendered twice - # assert_template :partial => '_customer', :count => 2 - # - # # assert that no partials were rendered - # assert_template :partial => false - # - def assert_template(options = {}, message = nil) - clean_backtrace do - case options - when NilClass, String - rendered = @response.rendered[:template].to_s - msg = build_message(message, - "expecting but rendering with ", - options, rendered) - assert_block(msg) do - if options.nil? - @response.rendered[:template].blank? - else - rendered.to_s.match(options) - end - end - when Hash - if expected_partial = options[:partial] - partials = @response.rendered[:partials] - if expected_count = options[:count] - found = partials.detect { |p, _| p.to_s.match(expected_partial) } - actual_count = found.nil? ? 0 : found.second - msg = build_message(message, - "expecting ? to be rendered ? time(s) but rendered ? time(s)", - expected_partial, expected_count, actual_count) - assert(actual_count == expected_count.to_i, msg) - else - msg = build_message(message, - "expecting partial but action rendered ", - options[:partial], partials.keys) - assert(partials.keys.any? { |p| p.to_s.match(expected_partial) }, msg) - end - else - assert @response.rendered[:partials].empty?, - "Expected no partials to be rendered" - end - end - end - end - - private - # Proxy to to_param if the object will respond to it. - def parameterize(value) - value.respond_to?(:to_param) ? value.to_param : value - end - - def normalize_argument_to_redirection(fragment) - after_routing = @controller.url_for(fragment) - if after_routing =~ %r{^\w+://.*} - after_routing - else - # FIXME - this should probably get removed. - if after_routing.first != '/' - after_routing = '/' + after_routing - end - @request.protocol + @request.host_with_port + after_routing - end - end - end - end -end diff --git a/actionpack/lib/action_controller/assertions/routing_assertions.rb b/actionpack/lib/action_controller/assertions/routing_assertions.rb deleted file mode 100644 index 5101751cea..0000000000 --- a/actionpack/lib/action_controller/assertions/routing_assertions.rb +++ /dev/null @@ -1,146 +0,0 @@ -module ActionController - module Assertions - # Suite of assertions to test routes generated by Rails and the handling of requests made to them. - module RoutingAssertions - # Asserts that the routing of the given +path+ was handled correctly and that the parsed options (given in the +expected_options+ hash) - # match +path+. Basically, it asserts that Rails recognizes the route given by +expected_options+. - # - # Pass a hash in the second argument (+path+) to specify the request method. This is useful for routes - # requiring a specific HTTP method. The hash should contain a :path with the incoming request path - # and a :method containing the required HTTP verb. - # - # # assert that POSTing to /items will call the create action on ItemsController - # assert_recognizes {:controller => 'items', :action => 'create'}, {:path => 'items', :method => :post} - # - # You can also pass in +extras+ with a hash containing URL parameters that would normally be in the query string. This can be used - # to assert that values in the query string string will end up in the params hash correctly. To test query strings you must use the - # extras argument, appending the query string on the path directly will not work. For example: - # - # # assert that a path of '/items/list/1?view=print' returns the correct options - # assert_recognizes {:controller => 'items', :action => 'list', :id => '1', :view => 'print'}, 'items/list/1', { :view => "print" } - # - # The +message+ parameter allows you to pass in an error message that is displayed upon failure. - # - # ==== Examples - # # Check the default route (i.e., the index action) - # assert_recognizes {:controller => 'items', :action => 'index'}, 'items' - # - # # Test a specific action - # assert_recognizes {:controller => 'items', :action => 'list'}, 'items/list' - # - # # Test an action with a parameter - # assert_recognizes {:controller => 'items', :action => 'destroy', :id => '1'}, 'items/destroy/1' - # - # # Test a custom route - # assert_recognizes {:controller => 'items', :action => 'show', :id => '1'}, 'view/item1' - # - # # Check a Simply RESTful generated route - # assert_recognizes list_items_url, 'items/list' - def assert_recognizes(expected_options, path, extras={}, message=nil) - if path.is_a? Hash - request_method = path[:method] - path = path[:path] - else - request_method = nil - end - - clean_backtrace do - ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? - request = recognized_request_for(path, request_method) - - expected_options = expected_options.clone - extras.each_key { |key| expected_options.delete key } unless extras.nil? - - expected_options.stringify_keys! - routing_diff = expected_options.diff(request.path_parameters) - msg = build_message(message, "The recognized options did not match , difference: ", - request.path_parameters, expected_options, expected_options.diff(request.path_parameters)) - assert_block(msg) { request.path_parameters == expected_options } - end - end - - # Asserts that the provided options can be used to generate the provided path. This is the inverse of +assert_recognizes+. - # The +extras+ parameter is used to tell the request the names and values of additional request parameters that would be in - # a query string. The +message+ parameter allows you to specify a custom error message for assertion failures. - # - # The +defaults+ parameter is unused. - # - # ==== Examples - # # Asserts that the default action is generated for a route with no action - # assert_generates "/items", :controller => "items", :action => "index" - # - # # Tests that the list action is properly routed - # assert_generates "/items/list", :controller => "items", :action => "list" - # - # # Tests the generation of a route with a parameter - # assert_generates "/items/list/1", { :controller => "items", :action => "list", :id => "1" } - # - # # Asserts that the generated route gives us our custom route - # assert_generates "changesets/12", { :controller => 'scm', :action => 'show_diff', :revision => "12" } - def assert_generates(expected_path, options, defaults={}, extras = {}, message=nil) - clean_backtrace do - expected_path = "/#{expected_path}" unless expected_path[0] == ?/ - # Load routes.rb if it hasn't been loaded. - ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? - - generated_path, extra_keys = ActionController::Routing::Routes.generate_extras(options, defaults) - found_extras = options.reject {|k, v| ! extra_keys.include? k} - - msg = build_message(message, "found extras , not ", found_extras, extras) - assert_block(msg) { found_extras == extras } - - msg = build_message(message, "The generated path did not match ", generated_path, - expected_path) - assert_block(msg) { expected_path == generated_path } - end - end - - # Asserts that path and options match both ways; in other words, it verifies that path generates - # options and then that options generates path. This essentially combines +assert_recognizes+ - # and +assert_generates+ into one step. - # - # The +extras+ hash allows you to specify options that would normally be provided as a query string to the action. The - # +message+ parameter allows you to specify a custom error message to display upon failure. - # - # ==== Examples - # # Assert a basic route: a controller with the default action (index) - # assert_routing '/home', :controller => 'home', :action => 'index' - # - # # Test a route generated with a specific controller, action, and parameter (id) - # assert_routing '/entries/show/23', :controller => 'entries', :action => 'show', id => 23 - # - # # Assert a basic route (controller + default action), with an error message if it fails - # assert_routing '/store', { :controller => 'store', :action => 'index' }, {}, {}, 'Route for store index not generated properly' - # - # # Tests a route, providing a defaults hash - # assert_routing 'controller/action/9', {:id => "9", :item => "square"}, {:controller => "controller", :action => "action"}, {}, {:item => "square"} - # - # # Tests a route with a HTTP method - # assert_routing { :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" } - def assert_routing(path, options, defaults={}, extras={}, message=nil) - assert_recognizes(options, path, extras, message) - - controller, default_controller = options[:controller], defaults[:controller] - if controller && controller.include?(?/) && default_controller && default_controller.include?(?/) - options[:controller] = "/#{controller}" - end - - assert_generates(path.is_a?(Hash) ? path[:path] : path, options, defaults, extras, message) - end - - private - # Recognizes the route for a given path. - def recognized_request_for(path, request_method = nil) - path = "/#{path}" unless path.first == '/' - - # Assume given controller - request = ActionController::TestRequest.new - request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method - request.path = path - - ActionController::Routing::Routes.recognize(request) - request - end - end - end -end diff --git a/actionpack/lib/action_controller/assertions/selector_assertions.rb b/actionpack/lib/action_controller/assertions/selector_assertions.rb deleted file mode 100644 index 0d56ea5ef7..0000000000 --- a/actionpack/lib/action_controller/assertions/selector_assertions.rb +++ /dev/null @@ -1,632 +0,0 @@ -#-- -# Copyright (c) 2006 Assaf Arkin (http://labnotes.org) -# Under MIT and/or CC By license. -#++ - -module ActionController - module Assertions - unless const_defined?(:NO_STRIP) - NO_STRIP = %w{pre script style textarea} - end - - # Adds the +assert_select+ method for use in Rails functional - # test cases, which can be used to make assertions on the response HTML of a controller - # action. You can also call +assert_select+ within another +assert_select+ to - # make assertions on elements selected by the enclosing assertion. - # - # Use +css_select+ to select elements without making an assertions, either - # from the response HTML or elements selected by the enclosing assertion. - # - # In addition to HTML responses, you can make the following assertions: - # * +assert_select_rjs+ - Assertions on HTML content of RJS update and insertion operations. - # * +assert_select_encoded+ - Assertions on HTML encoded inside XML, for example for dealing with feed item descriptions. - # * +assert_select_email+ - Assertions on the HTML body of an e-mail. - # - # Also see HTML::Selector to learn how to use selectors. - module SelectorAssertions - # :call-seq: - # css_select(selector) => array - # css_select(element, selector) => array - # - # Select and return all matching elements. - # - # If called with a single argument, uses that argument as a selector - # to match all elements of the current page. Returns an empty array - # if no match is found. - # - # If called with two arguments, uses the first argument as the base - # element and the second argument as the selector. Attempts to match the - # base element and any of its children. Returns an empty array if no - # match is found. - # - # The selector may be a CSS selector expression (String), an expression - # with substitution values (Array) or an HTML::Selector object. - # - # ==== Examples - # # Selects all div tags - # divs = css_select("div") - # - # # Selects all paragraph tags and does something interesting - # pars = css_select("p") - # pars.each do |par| - # # Do something fun with paragraphs here... - # end - # - # # Selects all list items in unordered lists - # items = css_select("ul>li") - # - # # Selects all form tags and then all inputs inside the form - # forms = css_select("form") - # forms.each do |form| - # inputs = css_select(form, "input") - # ... - # end - # - def css_select(*args) - # See assert_select to understand what's going on here. - arg = args.shift - - if arg.is_a?(HTML::Node) - root = arg - arg = args.shift - elsif arg == nil - raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" - elsif @selected - matches = [] - - @selected.each do |selected| - subset = css_select(selected, HTML::Selector.new(arg.dup, args.dup)) - subset.each do |match| - matches << match unless matches.any? { |m| m.equal?(match) } - end - end - - return matches - else - root = response_from_page_or_rjs - end - - case arg - when String - selector = HTML::Selector.new(arg, args) - when Array - selector = HTML::Selector.new(*arg) - when HTML::Selector - selector = arg - else raise ArgumentError, "Expecting a selector as the first argument" - end - - selector.select(root) - end - - # :call-seq: - # assert_select(selector, equality?, message?) - # assert_select(element, selector, equality?, message?) - # - # An assertion that selects elements and makes one or more equality tests. - # - # If the first argument is an element, selects all matching elements - # starting from (and including) that element and all its children in - # depth-first order. - # - # If no element if specified, calling +assert_select+ selects from the - # response HTML unless +assert_select+ is called from within an +assert_select+ block. - # - # When called with a block +assert_select+ passes an array of selected elements - # to the block. Calling +assert_select+ from the block, with no element specified, - # runs the assertion on the complete set of elements selected by the enclosing assertion. - # Alternatively the array may be iterated through so that +assert_select+ can be called - # separately for each element. - # - # - # ==== Example - # If the response contains two ordered lists, each with four list elements then: - # assert_select "ol" do |elements| - # elements.each do |element| - # assert_select element, "li", 4 - # end - # end - # - # will pass, as will: - # assert_select "ol" do - # assert_select "li", 8 - # end - # - # The selector may be a CSS selector expression (String), an expression - # with substitution values, or an HTML::Selector object. - # - # === Equality Tests - # - # The equality test may be one of the following: - # * true - Assertion is true if at least one element selected. - # * false - Assertion is true if no element selected. - # * String/Regexp - Assertion is true if the text value of at least - # one element matches the string or regular expression. - # * Integer - Assertion is true if exactly that number of - # elements are selected. - # * Range - Assertion is true if the number of selected - # elements fit the range. - # If no equality test specified, the assertion is true if at least one - # element selected. - # - # To perform more than one equality tests, use a hash with the following keys: - # * :text - Narrow the selection to elements that have this text - # value (string or regexp). - # * :html - Narrow the selection to elements that have this HTML - # content (string or regexp). - # * :count - Assertion is true if the number of selected elements - # is equal to this value. - # * :minimum - Assertion is true if the number of selected - # elements is at least this value. - # * :maximum - Assertion is true if the number of selected - # elements is at most this value. - # - # If the method is called with a block, once all equality tests are - # evaluated the block is called with an array of all matched elements. - # - # ==== Examples - # - # # At least one form element - # assert_select "form" - # - # # Form element includes four input fields - # assert_select "form input", 4 - # - # # Page title is "Welcome" - # assert_select "title", "Welcome" - # - # # Page title is "Welcome" and there is only one title element - # assert_select "title", {:count=>1, :text=>"Welcome"}, - # "Wrong title or more than one title element" - # - # # Page contains no forms - # assert_select "form", false, "This page must contain no forms" - # - # # Test the content and style - # assert_select "body div.header ul.menu" - # - # # Use substitution values - # assert_select "ol>li#?", /item-\d+/ - # - # # All input fields in the form have a name - # assert_select "form input" do - # assert_select "[name=?]", /.+/ # Not empty - # end - def assert_select(*args, &block) - # Start with optional element followed by mandatory selector. - arg = args.shift - - if arg.is_a?(HTML::Node) - # First argument is a node (tag or text, but also HTML root), - # so we know what we're selecting from. - root = arg - arg = args.shift - elsif arg == nil - # This usually happens when passing a node/element that - # happens to be nil. - raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" - elsif @selected - root = HTML::Node.new(nil) - root.children.concat @selected - else - # Otherwise just operate on the response document. - root = response_from_page_or_rjs - end - - # First or second argument is the selector: string and we pass - # all remaining arguments. Array and we pass the argument. Also - # accepts selector itself. - case arg - when String - selector = HTML::Selector.new(arg, args) - when Array - selector = HTML::Selector.new(*arg) - when HTML::Selector - selector = arg - else raise ArgumentError, "Expecting a selector as the first argument" - end - - # Next argument is used for equality tests. - equals = {} - case arg = args.shift - when Hash - equals = arg - when String, Regexp - equals[:text] = arg - when Integer - equals[:count] = arg - when Range - equals[:minimum] = arg.begin - equals[:maximum] = arg.end - when FalseClass - equals[:count] = 0 - when NilClass, TrueClass - equals[:minimum] = 1 - else raise ArgumentError, "I don't understand what you're trying to match" - end - - # By default we're looking for at least one match. - if equals[:count] - equals[:minimum] = equals[:maximum] = equals[:count] - else - equals[:minimum] = 1 unless equals[:minimum] - end - - # Last argument is the message we use if the assertion fails. - message = args.shift - #- message = "No match made with selector #{selector.inspect}" unless message - if args.shift - raise ArgumentError, "Not expecting that last argument, you either have too many arguments, or they're the wrong type" - end - - matches = selector.select(root) - # If text/html, narrow down to those elements that match it. - content_mismatch = nil - if match_with = equals[:text] - matches.delete_if do |match| - text = "" - text.force_encoding(match_with.encoding) if text.respond_to?(:force_encoding) - stack = match.children.reverse - while node = stack.pop - if node.tag? - stack.concat node.children.reverse - else - content = node.content - content.force_encoding(match_with.encoding) if content.respond_to?(:force_encoding) - text << content - end - end - text.strip! unless NO_STRIP.include?(match.name) - unless match_with.is_a?(Regexp) ? (text =~ match_with) : (text == match_with.to_s) - content_mismatch ||= build_message(message, " expected but was\n.", match_with, text) - true - end - end - elsif match_with = equals[:html] - matches.delete_if do |match| - html = match.children.map(&:to_s).join - html.strip! unless NO_STRIP.include?(match.name) - unless match_with.is_a?(Regexp) ? (html =~ match_with) : (html == match_with.to_s) - content_mismatch ||= build_message(message, " expected but was\n.", match_with, html) - true - end - end - end - # Expecting foo found bar element only if found zero, not if - # found one but expecting two. - message ||= content_mismatch if matches.empty? - # Test minimum/maximum occurrence. - min, max = equals[:minimum], equals[:maximum] - message = message || %(Expected #{count_description(min, max)} matching "#{selector.to_s}", found #{matches.size}.) - assert matches.size >= min, message if min - assert matches.size <= max, message if max - - # If a block is given call that block. Set @selected to allow - # nested assert_select, which can be nested several levels deep. - if block_given? && !matches.empty? - begin - in_scope, @selected = @selected, matches - yield matches - ensure - @selected = in_scope - end - end - - # Returns all matches elements. - matches - end - - def count_description(min, max) #:nodoc: - pluralize = lambda {|word, quantity| word << (quantity == 1 ? '' : 's')} - - if min && max && (max != min) - "between #{min} and #{max} elements" - elsif min && !(min == 1 && max == 1) - "at least #{min} #{pluralize['element', min]}" - elsif max - "at most #{max} #{pluralize['element', max]}" - end - end - - # :call-seq: - # assert_select_rjs(id?) { |elements| ... } - # assert_select_rjs(statement, id?) { |elements| ... } - # assert_select_rjs(:insert, position, id?) { |elements| ... } - # - # Selects content from the RJS response. - # - # === Narrowing down - # - # With no arguments, asserts that one or more elements are updated or - # inserted by RJS statements. - # - # Use the +id+ argument to narrow down the assertion to only statements - # that update or insert an element with that identifier. - # - # Use the first argument to narrow down assertions to only statements - # of that type. Possible values are :replace, :replace_html, - # :show, :hide, :toggle, :remove and - # :insert_html. - # - # Use the argument :insert followed by an insertion position to narrow - # down the assertion to only statements that insert elements in that - # position. Possible values are :top, :bottom, :before - # and :after. - # - # Using the :remove statement, you will be able to pass a block, but it will - # be ignored as there is no HTML passed for this statement. - # - # === Using blocks - # - # Without a block, +assert_select_rjs+ merely asserts that the response - # contains one or more RJS statements that replace or update content. - # - # With a block, +assert_select_rjs+ also selects all elements used in - # these statements and passes them to the block. Nested assertions are - # supported. - # - # Calling +assert_select_rjs+ with no arguments and using nested asserts - # asserts that the HTML content is returned by one or more RJS statements. - # Using +assert_select+ directly makes the same assertion on the content, - # but without distinguishing whether the content is returned in an HTML - # or JavaScript. - # - # ==== Examples - # - # # Replacing the element foo. - # # page.replace 'foo', ... - # assert_select_rjs :replace, "foo" - # - # # Replacing with the chained RJS proxy. - # # page[:foo].replace ... - # assert_select_rjs :chained_replace, 'foo' - # - # # Inserting into the element bar, top position. - # assert_select_rjs :insert, :top, "bar" - # - # # Remove the element bar - # assert_select_rjs :remove, "bar" - # - # # Changing the element foo, with an image. - # assert_select_rjs "foo" do - # assert_select "img[src=/images/logo.gif"" - # end - # - # # RJS inserts or updates a list with four items. - # assert_select_rjs do - # assert_select "ol>li", 4 - # end - # - # # The same, but shorter. - # assert_select "ol>li", 4 - def assert_select_rjs(*args, &block) - rjs_type = args.first.is_a?(Symbol) ? args.shift : nil - id = args.first.is_a?(String) ? args.shift : nil - - # If the first argument is a symbol, it's the type of RJS statement we're looking - # for (update, replace, insertion, etc). Otherwise, we're looking for just about - # any RJS statement. - if rjs_type - if rjs_type == :insert - position = args.shift - id = args.shift - insertion = "insert_#{position}".to_sym - raise ArgumentError, "Unknown RJS insertion type #{position}" unless RJS_STATEMENTS[insertion] - statement = "(#{RJS_STATEMENTS[insertion]})" - else - raise ArgumentError, "Unknown RJS statement type #{rjs_type}" unless RJS_STATEMENTS[rjs_type] - statement = "(#{RJS_STATEMENTS[rjs_type]})" - end - else - statement = "#{RJS_STATEMENTS[:any]}" - end - - # Next argument we're looking for is the element identifier. If missing, we pick - # any element, otherwise we replace it in the statement. - pattern = Regexp.new( - id ? statement.gsub(RJS_ANY_ID, "\"#{id}\"") : statement - ) - - # Duplicate the body since the next step involves destroying it. - matches = nil - case rjs_type - when :remove, :show, :hide, :toggle - matches = @response.body.match(pattern) - else - @response.body.gsub(pattern) do |match| - html = unescape_rjs(match) - matches ||= [] - matches.concat HTML::Document.new(html).root.children.select { |n| n.tag? } - "" - end - end - - if matches - assert_block("") { true } # to count the assertion - if block_given? && !([:remove, :show, :hide, :toggle].include? rjs_type) - begin - in_scope, @selected = @selected, matches - yield matches - ensure - @selected = in_scope - end - end - matches - else - # RJS statement not found. - case rjs_type - when :remove, :show, :hide, :toggle - flunk_message = "No RJS statement that #{rjs_type.to_s}s '#{id}' was rendered." - else - flunk_message = "No RJS statement that replaces or inserts HTML content." - end - flunk args.shift || flunk_message - end - end - - # :call-seq: - # assert_select_encoded(element?) { |elements| ... } - # - # Extracts the content of an element, treats it as encoded HTML and runs - # nested assertion on it. - # - # You typically call this method within another assertion to operate on - # all currently selected elements. You can also pass an element or array - # of elements. - # - # The content of each element is un-encoded, and wrapped in the root - # element +encoded+. It then calls the block with all un-encoded elements. - # - # ==== Examples - # # Selects all bold tags from within the title of an ATOM feed's entries (perhaps to nab a section name prefix) - # assert_select_feed :atom, 1.0 do - # # Select each entry item and then the title item - # assert_select "entry>title" do - # # Run assertions on the encoded title elements - # assert_select_encoded do - # assert_select "b" - # end - # end - # end - # - # - # # Selects all paragraph tags from within the description of an RSS feed - # assert_select_feed :rss, 2.0 do - # # Select description element of each feed item. - # assert_select "channel>item>description" do - # # Run assertions on the encoded elements. - # assert_select_encoded do - # assert_select "p" - # end - # end - # end - def assert_select_encoded(element = nil, &block) - case element - when Array - elements = element - when HTML::Node - elements = [element] - when nil - unless elements = @selected - raise ArgumentError, "First argument is optional, but must be called from a nested assert_select" - end - else - raise ArgumentError, "Argument is optional, and may be node or array of nodes" - end - - fix_content = lambda do |node| - # Gets around a bug in the Rails 1.1 HTML parser. - node.content.gsub(/)?/m) { CGI.escapeHTML($1) } - end - - selected = elements.map do |element| - text = element.children.select{ |c| not c.tag? }.map{ |c| fix_content[c] }.join - root = HTML::Document.new(CGI.unescapeHTML("#{text}")).root - css_select(root, "encoded:root", &block)[0] - end - - begin - old_selected, @selected = @selected, selected - assert_select ":root", &block - ensure - @selected = old_selected - end - end - - # :call-seq: - # assert_select_email { } - # - # Extracts the body of an email and runs nested assertions on it. - # - # You must enable deliveries for this assertion to work, use: - # ActionMailer::Base.perform_deliveries = true - # - # ==== Examples - # - # assert_select_email do - # assert_select "h1", "Email alert" - # end - # - # assert_select_email do - # items = assert_select "ol>li" - # items.each do - # # Work with items here... - # end - # end - # - def assert_select_email(&block) - deliveries = ActionMailer::Base.deliveries - assert !deliveries.empty?, "No e-mail in delivery list" - - for delivery in deliveries - for part in delivery.parts - if part["Content-Type"].to_s =~ /^text\/html\W/ - root = HTML::Document.new(part.body).root - assert_select root, ":root", &block - end - end - end - end - - protected - unless const_defined?(:RJS_STATEMENTS) - RJS_PATTERN_HTML = "\"((\\\\\"|[^\"])*)\"" - RJS_ANY_ID = "\"([^\"])*\"" - RJS_STATEMENTS = { - :chained_replace => "\\$\\(#{RJS_ANY_ID}\\)\\.replace\\(#{RJS_PATTERN_HTML}\\)", - :chained_replace_html => "\\$\\(#{RJS_ANY_ID}\\)\\.update\\(#{RJS_PATTERN_HTML}\\)", - :replace_html => "Element\\.update\\(#{RJS_ANY_ID}, #{RJS_PATTERN_HTML}\\)", - :replace => "Element\\.replace\\(#{RJS_ANY_ID}, #{RJS_PATTERN_HTML}\\)" - } - [:remove, :show, :hide, :toggle].each do |action| - RJS_STATEMENTS[action] = "Element\\.#{action}\\(#{RJS_ANY_ID}\\)" - end - RJS_INSERTIONS = ["top", "bottom", "before", "after"] - RJS_INSERTIONS.each do |insertion| - RJS_STATEMENTS["insert_#{insertion}".to_sym] = "Element.insert\\(#{RJS_ANY_ID}, \\{ #{insertion}: #{RJS_PATTERN_HTML} \\}\\)" - end - RJS_STATEMENTS[:insert_html] = "Element.insert\\(#{RJS_ANY_ID}, \\{ (#{RJS_INSERTIONS.join('|')}): #{RJS_PATTERN_HTML} \\}\\)" - RJS_STATEMENTS[:any] = Regexp.new("(#{RJS_STATEMENTS.values.join('|')})") - RJS_PATTERN_UNICODE_ESCAPED_CHAR = /\\u([0-9a-zA-Z]{4})/ - end - - # +assert_select+ and +css_select+ call this to obtain the content in the HTML - # page, or from all the RJS statements, depending on the type of response. - def response_from_page_or_rjs() - content_type = @response.content_type - - if content_type && Mime::JS =~ content_type - body = @response.body.dup - root = HTML::Node.new(nil) - - while true - next if body.sub!(RJS_STATEMENTS[:any]) do |match| - html = unescape_rjs(match) - matches = HTML::Document.new(html).root.children.select { |n| n.tag? } - root.children.concat matches - "" - end - break - end - - root - else - html_document.root - end - end - - # Unescapes a RJS string. - def unescape_rjs(rjs_string) - # RJS encodes double quotes and line breaks. - unescaped= rjs_string.gsub('\"', '"') - unescaped.gsub!(/\\\//, '/') - unescaped.gsub!('\n', "\n") - unescaped.gsub!('\076', '>') - unescaped.gsub!('\074', '<') - # RJS encodes non-ascii characters. - unescaped.gsub!(RJS_PATTERN_UNICODE_ESCAPED_CHAR) {|u| [$1.hex].pack('U*')} - unescaped - end - end - end -end diff --git a/actionpack/lib/action_controller/assertions/tag_assertions.rb b/actionpack/lib/action_controller/assertions/tag_assertions.rb deleted file mode 100644 index 80249e0e83..0000000000 --- a/actionpack/lib/action_controller/assertions/tag_assertions.rb +++ /dev/null @@ -1,127 +0,0 @@ -module ActionController - module Assertions - # Pair of assertions to testing elements in the HTML output of the response. - module TagAssertions - # Asserts that there is a tag/node/element in the body of the response - # that meets all of the given conditions. The +conditions+ parameter must - # be a hash of any of the following keys (all are optional): - # - # * :tag: the node type must match the corresponding value - # * :attributes: a hash. The node's attributes must match the - # corresponding values in the hash. - # * :parent: a hash. The node's parent must match the - # corresponding hash. - # * :child: a hash. At least one of the node's immediate children - # must meet the criteria described by the hash. - # * :ancestor: a hash. At least one of the node's ancestors must - # meet the criteria described by the hash. - # * :descendant: a hash. At least one of the node's descendants - # must meet the criteria described by the hash. - # * :sibling: a hash. At least one of the node's siblings must - # meet the criteria described by the hash. - # * :after: a hash. The node must be after any sibling meeting - # the criteria described by the hash, and at least one sibling must match. - # * :before: a hash. The node must be before any sibling meeting - # the criteria described by the hash, and at least one sibling must match. - # * :children: a hash, for counting children of a node. Accepts - # the keys: - # * :count: either a number or a range which must equal (or - # include) the number of children that match. - # * :less_than: the number of matching children must be less - # than this number. - # * :greater_than: the number of matching children must be - # greater than this number. - # * :only: another hash consisting of the keys to use - # to match on the children, and only matching children will be - # counted. - # * :content: the textual content of the node must match the - # given value. This will not match HTML tags in the body of a - # tag--only text. - # - # Conditions are matched using the following algorithm: - # - # * if the condition is a string, it must be a substring of the value. - # * if the condition is a regexp, it must match the value. - # * if the condition is a number, the value must match number.to_s. - # * if the condition is +true+, the value must not be +nil+. - # * if the condition is +false+ or +nil+, the value must be +nil+. - # - # === Examples - # - # # Assert that there is a "span" tag - # assert_tag :tag => "span" - # - # # Assert that there is a "span" tag with id="x" - # assert_tag :tag => "span", :attributes => { :id => "x" } - # - # # Assert that there is a "span" tag using the short-hand - # assert_tag :span - # - # # Assert that there is a "span" tag with id="x" using the short-hand - # assert_tag :span, :attributes => { :id => "x" } - # - # # Assert that there is a "span" inside of a "div" - # assert_tag :tag => "span", :parent => { :tag => "div" } - # - # # Assert that there is a "span" somewhere inside a table - # assert_tag :tag => "span", :ancestor => { :tag => "table" } - # - # # Assert that there is a "span" with at least one "em" child - # assert_tag :tag => "span", :child => { :tag => "em" } - # - # # Assert that there is a "span" containing a (possibly nested) - # # "strong" tag. - # assert_tag :tag => "span", :descendant => { :tag => "strong" } - # - # # Assert that there is a "span" containing between 2 and 4 "em" tags - # # as immediate children - # assert_tag :tag => "span", - # :children => { :count => 2..4, :only => { :tag => "em" } } - # - # # Get funky: assert that there is a "div", with an "ul" ancestor - # # and an "li" parent (with "class" = "enum"), and containing a - # # "span" descendant that contains text matching /hello world/ - # assert_tag :tag => "div", - # :ancestor => { :tag => "ul" }, - # :parent => { :tag => "li", - # :attributes => { :class => "enum" } }, - # :descendant => { :tag => "span", - # :child => /hello world/ } - # - # Please note: +assert_tag+ and +assert_no_tag+ only work - # with well-formed XHTML. They recognize a few tags as implicitly self-closing - # (like br and hr and such) but will not work correctly with tags - # that allow optional closing tags (p, li, td). You must explicitly - # close all of your tags to use these assertions. - def assert_tag(*opts) - clean_backtrace do - opts = opts.size > 1 ? opts.last.merge({ :tag => opts.first.to_s }) : opts.first - tag = find_tag(opts) - assert tag, "expected tag, but no tag found matching #{opts.inspect} in:\n#{@response.body.inspect}" - end - end - - # Identical to +assert_tag+, but asserts that a matching tag does _not_ - # exist. (See +assert_tag+ for a full discussion of the syntax.) - # - # === Examples - # # Assert that there is not a "div" containing a "p" - # assert_no_tag :tag => "div", :descendant => { :tag => "p" } - # - # # Assert that an unordered list is empty - # assert_no_tag :tag => "ul", :descendant => { :tag => "li" } - # - # # Assert that there is not a "p" tag with between 1 to 3 "img" tags - # # as immediate children - # assert_no_tag :tag => "p", - # :children => { :count => 1..3, :only => { :tag => "img" } } - def assert_no_tag(*opts) - clean_backtrace do - opts = opts.size > 1 ? opts.last.merge({ :tag => opts.first.to_s }) : opts.first - tag = find_tag(opts) - assert !tag, "expected no tag, but found tag matching #{opts.inspect} in:\n#{@response.body.inspect}" - end - end - end - end -end diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb deleted file mode 100644 index 78c8bf0647..0000000000 --- a/actionpack/lib/action_controller/base.rb +++ /dev/null @@ -1,1392 +0,0 @@ -require 'set' - -module ActionController #:nodoc: - class ActionControllerError < StandardError #:nodoc: - end - - class SessionRestoreError < ActionControllerError #:nodoc: - end - - class RenderError < ActionControllerError #:nodoc: - end - - class RoutingError < ActionControllerError #:nodoc: - attr_reader :failures - def initialize(message, failures=[]) - super(message) - @failures = failures - end - end - - class MethodNotAllowed < ActionControllerError #:nodoc: - attr_reader :allowed_methods - - def initialize(*allowed_methods) - super("Only #{allowed_methods.to_sentence} requests are allowed.") - @allowed_methods = allowed_methods - end - - def allowed_methods_header - allowed_methods.map { |method_symbol| method_symbol.to_s.upcase } * ', ' - end - - def handle_response!(response) - response.headers['Allow'] ||= allowed_methods_header - end - end - - class NotImplemented < MethodNotAllowed #:nodoc: - end - - class UnknownController < ActionControllerError #:nodoc: - end - - class UnknownAction < ActionControllerError #:nodoc: - end - - class MissingFile < ActionControllerError #:nodoc: - end - - class RenderError < ActionControllerError #:nodoc: - end - - class SessionOverflowError < ActionControllerError #:nodoc: - DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.' - - def initialize(message = nil) - super(message || DEFAULT_MESSAGE) - end - end - - class DoubleRenderError < ActionControllerError #:nodoc: - DEFAULT_MESSAGE = "Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like \"redirect_to(...) and return\"." - - def initialize(message = nil) - super(message || DEFAULT_MESSAGE) - end - end - - class RedirectBackError < ActionControllerError #:nodoc: - DEFAULT_MESSAGE = 'No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure to specify request.env["HTTP_REFERER"].' - - def initialize(message = nil) - super(message || DEFAULT_MESSAGE) - end - end - - class UnknownHttpMethod < ActionControllerError #:nodoc: - end - - # Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed - # on request and then either render a template or redirect to another action. An action is defined as a public method - # on the controller, which will automatically be made accessible to the web-server through Rails Routes. - # - # A sample controller could look like this: - # - # class GuestBookController < ActionController::Base - # def index - # @entries = Entry.find(:all) - # end - # - # def sign - # Entry.create(params[:entry]) - # redirect_to :action => "index" - # end - # end - # - # Actions, by default, render a template in the app/views directory corresponding to the name of the controller and action - # after executing code in the action. For example, the +index+ action of the GuestBookController would render the - # template app/views/guestbook/index.erb by default after populating the @entries instance variable. - # - # Unlike index, the sign action will not render a template. After performing its main purpose (creating a - # new entry in the guest book), it initiates a redirect instead. This redirect works by returning an external - # "302 Moved" HTTP response that takes the user to the index action. - # - # The index and sign represent the two basic action archetypes used in Action Controllers. Get-and-show and do-and-redirect. - # Most actions are variations of these themes. - # - # == Requests - # - # Requests are processed by the Action Controller framework by extracting the value of the "action" key in the request parameters. - # This value should hold the name of the action to be performed. Once the action has been identified, the remaining - # request parameters, the session (if one is available), and the full request with all the HTTP headers are made available to - # the action through instance variables. Then the action is performed. - # - # The full request object is available with the request accessor and is primarily used to query for HTTP headers. These queries - # are made by accessing the environment hash, like this: - # - # def server_ip - # location = request.env["SERVER_ADDR"] - # render :text => "This server hosted at #{location}" - # end - # - # == Parameters - # - # All request parameters, whether they come from a GET or POST request, or from the URL, are available through the params method - # which returns a hash. For example, an action that was performed through /weblog/list?category=All&limit=5 will include - # { "category" => "All", "limit" => 5 } in params. - # - # It's also possible to construct multi-dimensional parameter hashes by specifying keys using brackets, such as: - # - # - # - # - # A request stemming from a form holding these inputs will include { "post" => { "name" => "david", "address" => "hyacintvej" } }. - # If the address input had been named "post[address][street]", the params would have included - # { "post" => { "address" => { "street" => "hyacintvej" } } }. There's no limit to the depth of the nesting. - # - # == Sessions - # - # Sessions allows you to store objects in between requests. This is useful for objects that are not yet ready to be persisted, - # such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such - # as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely - # they could be changed unknowingly. It's usually too much work to keep it all synchronized -- something databases already excel at. - # - # You can place objects in the session by using the session method, which accesses a hash: - # - # session[:person] = Person.authenticate(user_name, password) - # - # And retrieved again through the same hash: - # - # Hello #{session[:person]} - # - # For removing objects from the session, you can either assign a single key to +nil+: - # - # # removes :person from session - # session[:person] = nil - # - # or you can remove the entire session with +reset_session+. - # - # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted. - # This prevents the user from tampering with the session but also allows him to see its contents. - # - # Do not put secret information in cookie-based sessions! - # - # Other options for session storage are: - # - # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and, - # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set - # - # config.action_controller.session_store = :active_record_store - # - # in your config/environment.rb and run rake db:sessions:create. - # - # * MemCacheStore - Sessions are stored as entries in your memcached cache. - # Set the session store type in config/environment.rb: - # - # config.action_controller.session_store = :mem_cache_store - # - # This assumes that memcached has been installed and configured properly. - # See the MemCacheStore docs for more information. - # - # == Responses - # - # Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response - # object is generated automatically through the use of renders and redirects and requires no user intervention. - # - # == Renders - # - # Action Controller sends content to the user by using one of five rendering methods. The most versatile and common is the rendering - # of a template. Included in the Action Pack is the Action View, which enables rendering of ERb templates. It's automatically configured. - # The controller passes objects to the view by assigning instance variables: - # - # def show - # @post = Post.find(params[:id]) - # end - # - # Which are then automatically available to the view: - # - # Title: <%= @post.title %> - # - # You don't have to rely on the automated rendering. Especially actions that could result in the rendering of different templates will use - # the manual rendering methods: - # - # def search - # @results = Search.find(params[:query]) - # case @results - # when 0 then render :action => "no_results" - # when 1 then render :action => "show" - # when 2..10 then render :action => "show_many" - # end - # end - # - # Read more about writing ERb and Builder templates in link:classes/ActionView/Base.html. - # - # == Redirects - # - # Redirects are used to move from one action to another. For example, after a create action, which stores a blog entry to a database, - # we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're going to reuse (and redirect to) - # a show action that we'll assume has already been created. The code might look like this: - # - # def create - # @entry = Entry.new(params[:entry]) - # if @entry.save - # # The entry was saved correctly, redirect to show - # redirect_to :action => 'show', :id => @entry.id - # else - # # things didn't go so well, do something else - # end - # end - # - # In this case, after saving our new entry to the database, the user is redirected to the show method which is then executed. - # - # == Calling multiple redirects or renders - # - # An action may contain only a single render or a single redirect. Attempting to try to do either again will result in a DoubleRenderError: - # - # def do_something - # redirect_to :action => "elsewhere" - # render :action => "overthere" # raises DoubleRenderError - # end - # - # If you need to redirect on the condition of something, then be sure to add "and return" to halt execution. - # - # def do_something - # redirect_to(:action => "elsewhere") and return if monkeys.nil? - # render :action => "overthere" # won't be called if monkeys is nil - # end - # - class Base - DEFAULT_RENDER_STATUS_CODE = "200 OK" - - include StatusCodes - - cattr_reader :protected_instance_variables - # Controller specific instance variables which will not be accessible inside views. - @@protected_instance_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller - @action_name @before_filter_chain_aborted @action_cache_path @_session @_headers @_params - @_flash @_response) - - # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets, - # and images to a dedicated asset server away from the main web server. Example: - # ActionController::Base.asset_host = "http://assets.example.com" - @@asset_host = "" - cattr_accessor :asset_host - - # All requests are considered local by default, so everyone will be exposed to detailed debugging screens on errors. - # When the application is ready to go public, this should be set to false, and the protected method local_request? - # should instead be implemented in the controller to determine when debugging screens should be shown. - @@consider_all_requests_local = true - cattr_accessor :consider_all_requests_local - - # Indicates whether to allow concurrent action processing. Your - # controller actions and any other code they call must also behave well - # when called from concurrent threads. Turned off by default. - @@allow_concurrency = false - cattr_accessor :allow_concurrency - - # Modern REST web services often need to submit complex data to the web application. - # The @@param_parsers hash lets you register handlers which will process the HTTP body and add parameters to the - # params hash. These handlers are invoked for POST and PUT requests. - # - # By default application/xml is enabled. A XmlSimple class with the same param name as the root will be instantiated - # in the params. This allows XML requests to mask themselves as regular form submissions, so you can have one - # action serve both regular forms and web service requests. - # - # Example of doing your own parser for a custom content type: - # - # ActionController::Base.param_parsers[Mime::Type.lookup('application/atom+xml')] = Proc.new do |data| - # node = REXML::Document.new(post) - # { node.root.name => node.root } - # end - # - # Note: Up until release 1.1 of Rails, Action Controller would default to using XmlSimple configured to discard the - # root node for such requests. The new default is to keep the root, such that "David" results - # in params[:r][:name] for "David" instead of params[:name]. To get the old behavior, you can - # re-register XmlSimple as application/xml handler ike this: - # - # ActionController::Base.param_parsers[Mime::XML] = - # Proc.new { |data| XmlSimple.xml_in(data, 'ForceArray' => false) } - # - # A YAML parser is also available and can be turned on with: - # - # ActionController::Base.param_parsers[Mime::YAML] = :yaml - @@param_parsers = {} - cattr_accessor :param_parsers - - # Controls the default charset for all renders. - @@default_charset = "utf-8" - cattr_accessor :default_charset - - # The logger is used for generating information on the action run-time (including benchmarking) if available. - # Can be set to nil for no logging. Compatible with both Ruby's own Logger and Log4r loggers. - cattr_accessor :logger - - # Controls the resource action separator - @@resource_action_separator = "/" - cattr_accessor :resource_action_separator - - # Allow to override path names for default resources' actions - @@resources_path_names = { :new => 'new', :edit => 'edit' } - cattr_accessor :resources_path_names - - # Sets the token parameter name for RequestForgery. Calling +protect_from_forgery+ - # sets it to :authenticity_token by default. - cattr_accessor :request_forgery_protection_token - - # Controls the IP Spoofing check when determining the remote IP. - @@ip_spoofing_check = true - cattr_accessor :ip_spoofing_check - - # Indicates whether or not optimise the generated named - # route helper methods - cattr_accessor :optimise_named_routes - self.optimise_named_routes = true - - # Indicates whether the response format should be determined by examining the Accept HTTP header, - # or by using the simpler params + ajax rules. - # - # If this is set to +true+ (the default) then +respond_to+ and +Request#format+ will take the Accept - # header into account. If it is set to false then the request format will be determined solely - # by examining params[:format]. If params format is missing, the format will be either HTML or - # Javascript depending on whether the request is an AJAX request. - cattr_accessor :use_accept_header - self.use_accept_header = true - - # Controls whether request forgergy protection is turned on or not. Turned off by default only in test mode. - class_inheritable_accessor :allow_forgery_protection - self.allow_forgery_protection = true - - # If you are deploying to a subdirectory, you will need to set - # config.action_controller.relative_url_root - # This defaults to ENV['RAILS_RELATIVE_URL_ROOT'] - cattr_accessor :relative_url_root - self.relative_url_root = ENV['RAILS_RELATIVE_URL_ROOT'] - - # Holds the request object that's primarily used to get environment variables through access like - # request.env["REQUEST_URI"]. - attr_internal :request - - # Holds a hash of all the GET, POST, and Url parameters passed to the action. Accessed like params["post_id"] - # to get the post_id. No type casts are made, so all values are returned as strings. - attr_internal :params - - # Holds the response object that's primarily used to set additional HTTP headers through access like - # response.headers["Cache-Control"] = "no-cache". Can also be used to access the final body HTML after a template - # has been rendered through response.body -- useful for after_filters that wants to manipulate the output, - # such as a OutputCompressionFilter. - attr_internal :response - - # Holds a hash of objects in the session. Accessed like session[:person] to get the object tied to the "person" - # key. The session will hold any type of object as values, but the key should be a string or symbol. - attr_internal :session - - # Holds a hash of header names and values. Accessed like headers["Cache-Control"] to get the value of the Cache-Control - # directive. Values should always be specified as strings. - attr_internal :headers - - # Returns the name of the action this controller is processing. - attr_accessor :action_name - - class << self - def call(env) - # HACK: For global rescue to have access to the original request and response - request = env["action_controller.rescue.request"] ||= Request.new(env) - response = env["action_controller.rescue.response"] ||= Response.new - process(request, response) - end - - # Factory for the standard create, process loop where the controller is discarded after processing. - def process(request, response) #:nodoc: - new.process(request, response) - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "NeatController". - def controller_class_name - @controller_class_name ||= name.demodulize - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "neat". - def controller_name - @controller_name ||= controller_class_name.sub(/Controller$/, '').underscore - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "one_module/two_module/neat". - def controller_path - @controller_path ||= name.gsub(/Controller$/, '').underscore - end - - # Return an array containing the names of public methods that have been marked hidden from the action processor. - # By default, all methods defined in ActionController::Base and included modules are hidden. - # More methods can be hidden using hide_actions. - def hidden_actions - read_inheritable_attribute(:hidden_actions) || write_inheritable_attribute(:hidden_actions, []) - end - - # Hide each of the given methods from being callable as actions. - def hide_action(*names) - write_inheritable_attribute(:hidden_actions, hidden_actions | names.map { |name| name.to_s }) - end - - # View load paths determine the bases from which template references can be made. So a call to - # render("test/template") will be looked up in the view load paths array and the closest match will be - # returned. - def view_paths - if defined? @view_paths - @view_paths - else - superclass.view_paths - end - end - - def view_paths=(value) - @view_paths = ActionView::Base.process_view_paths(value) if value - end - - # Adds a view_path to the front of the view_paths array. - # If the current class has no view paths, copy them from - # the superclass. This change will be visible for all future requests. - # - # ArticleController.prepend_view_path("views/default") - # ArticleController.prepend_view_path(["views/default", "views/custom"]) - # - def prepend_view_path(path) - @view_paths = superclass.view_paths.dup if !defined?(@view_paths) || @view_paths.nil? - @view_paths.unshift(*path) - end - - # Adds a view_path to the end of the view_paths array. - # If the current class has no view paths, copy them from - # the superclass. This change will be visible for all future requests. - # - # ArticleController.append_view_path("views/default") - # ArticleController.append_view_path(["views/default", "views/custom"]) - # - def append_view_path(path) - @view_paths = superclass.view_paths.dup if @view_paths.nil? - @view_paths.push(*path) - end - - # Replace sensitive parameter data from the request log. - # Filters parameters that have any of the arguments as a substring. - # Looks in all subhashes of the param hash for keys to filter. - # If a block is given, each key and value of the parameter hash and all - # subhashes is passed to it, the value or key - # can be replaced using String#replace or similar method. - # - # Examples: - # filter_parameter_logging - # => Does nothing, just slows the logging process down - # - # filter_parameter_logging :password - # => replaces the value to all keys matching /password/i with "[FILTERED]" - # - # filter_parameter_logging :foo, "bar" - # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - # - # filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i } - # => reverses the value to all keys matching /secret/i - # - # filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i } - # => reverses the value to all keys matching /secret/i, and - # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" - def filter_parameter_logging(*filter_words, &block) - parameter_filter = Regexp.new(filter_words.collect{ |s| s.to_s }.join('|'), true) if filter_words.length > 0 - - define_method(:filter_parameters) do |unfiltered_parameters| - filtered_parameters = {} - - unfiltered_parameters.each do |key, value| - if key =~ parameter_filter - filtered_parameters[key] = '[FILTERED]' - elsif value.is_a?(Hash) - filtered_parameters[key] = filter_parameters(value) - elsif block_given? - key = key.dup - value = value.dup if value - yield key, value - filtered_parameters[key] = value - else - filtered_parameters[key] = value - end - end - - filtered_parameters - end - protected :filter_parameters - end - - delegate :exempt_from_layout, :to => 'ActionView::Template' - end - - public - # Extracts the action_name from the request parameters and performs that action. - def process(request, response, method = :perform_action, *arguments) #:nodoc: - response.request = request - - assign_shortcuts(request, response) - initialize_template_class(response) - initialize_current_url - assign_names - - log_processing - send(method, *arguments) - - send_response - ensure - process_cleanup - end - - def send_response - response.prepare! - response - end - - # Returns a URL that has been rewritten according to the options hash and the defined routes. - # (For doing a complete redirect, use +redirect_to+). - # - # url_for is used to: - # - # All keys given to +url_for+ are forwarded to the Route module, save for the following: - # * :anchor - Specifies the anchor name to be appended to the path. For example, - # url_for :controller => 'posts', :action => 'show', :id => 10, :anchor => 'comments' - # will produce "/posts/show/10#comments". - # * :only_path - If true, returns the relative URL (omitting the protocol, host name, and port) (false by default). - # * :trailing_slash - If true, adds a trailing slash, as in "/archive/2005/". Note that this - # is currently not recommended since it breaks caching. - # * :host - Overrides the default (current) host if provided. - # * :protocol - Overrides the default (current) protocol if provided. - # * :port - Optionally specify the port to connect to. - # * :user - Inline HTTP authentication (only plucked out if :password is also present). - # * :password - Inline HTTP authentication (only plucked out if :user is also present). - # * :skip_relative_url_root - If true, the url is not constructed using the +relative_url_root+ - # of the request so the path will include the web server relative installation directory. - # - # The URL is generated from the remaining keys in the hash. A URL contains two key parts: the and a query string. - # Routes composes a query string as the key/value pairs not included in the . - # - # The default Routes setup supports a typical Rails path of "controller/action/id" where action and id are optional, with - # action defaulting to 'index' when not given. Here are some typical url_for statements and their corresponding URLs: - # - # url_for :controller => 'posts', :action => 'recent' # => 'proto://host.com/posts/recent' - # url_for :controller => 'posts', :action => 'index' # => 'proto://host.com/posts' - # url_for :controller => 'posts', :action => 'index', :port=>'8033' # => 'proto://host.com:8033/posts' - # url_for :controller => 'posts', :action => 'show', :id => 10 # => 'proto://host.com/posts/show/10' - # url_for :controller => 'posts', :user => 'd', :password => '123' # => 'proto://d:123@host.com/posts' - # - # When generating a new URL, missing values may be filled in from the current request's parameters. For example, - # url_for :action => 'some_action' will retain the current controller, as expected. This behavior extends to - # other parameters, including :controller, :id, and any other parameters that are placed into a Route's - # path. - #   - # The URL helpers such as url_for have a limited form of memory: when generating a new URL, they can look for - # missing values in the current request's parameters. Routes attempts to guess when a value should and should not be - # taken from the defaults. There are a few simple rules on how this is performed: - # - # * If the controller name begins with a slash no defaults are used: - # - # url_for :controller => '/home' - # - # In particular, a leading slash ensures no namespace is assumed. Thus, - # while url_for :controller => 'users' may resolve to - # Admin::UsersController if the current controller lives under - # that module, url_for :controller => '/users' ensures you link - # to ::UsersController no matter what. - # * If the controller changes, the action will default to index unless provided - # - # The final rule is applied while the URL is being generated and is best illustrated by an example. Let us consider the - # route given by map.connect 'people/:last/:first/:action', :action => 'bio', :controller => 'people'. - # - # Suppose that the current URL is "people/hh/david/contacts". Let's consider a few different cases of URLs which are generated - # from this page. - # - # * url_for :action => 'bio' -- During the generation of this URL, default values will be used for the first and - # last components, and the action shall change. The generated URL will be, "people/hh/david/bio". - # * url_for :first => 'davids-little-brother' This generates the URL 'people/hh/davids-little-brother' -- note - # that this URL leaves out the assumed action of 'bio'. - # - # However, you might ask why the action from the current request, 'contacts', isn't carried over into the new URL. The - # answer has to do with the order in which the parameters appear in the generated path. In a nutshell, since the - # value that appears in the slot for :first is not equal to default value for :first we stop using - # defaults. On its own, this rule can account for much of the typical Rails URL behavior. - #   - # Although a convenience, defaults can occasionally get in your way. In some cases a default persists longer than desired. - # The default may be cleared by adding :name => nil to url_for's options. - # This is often required when writing form helpers, since the defaults in play may vary greatly depending upon where the - # helper is used from. The following line will redirect to PostController's default action, regardless of the page it is - # displayed on: - # - # url_for :controller => 'posts', :action => nil - # - # If you explicitly want to create a URL that's almost the same as the current URL, you can do so using the - # :overwrite_params options. Say for your posts you have different views for showing and printing them. - # Then, in the show view, you get the URL for the print view like this - # - # url_for :overwrite_params => { :action => 'print' } - # - # This takes the current URL as is and only exchanges the action. In contrast, url_for :action => 'print' - # would have slashed-off the path components after the changed action. - def url_for(options = {}) - options ||= {} - case options - when String - options - when Hash - @url.rewrite(rewrite_options(options)) - else - polymorphic_url(options) - end - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "NeatController". - def controller_class_name - self.class.controller_class_name - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "neat". - def controller_name - self.class.controller_name - end - - # Converts the class name from something like "OneModule::TwoModule::NeatController" to "one_module/two_module/neat". - def controller_path - self.class.controller_path - end - - def session_enabled? - ActiveSupport::Deprecation.warn("Sessions are now lazy loaded. So if you don't access them, consider them disabled.", caller) - end - - self.view_paths = [] - - # View load paths for controller. - def view_paths - @template.view_paths - end - - def view_paths=(value) - @template.view_paths = ActionView::Base.process_view_paths(value) - end - - # Adds a view_path to the front of the view_paths array. - # This change affects the current request only. - # - # self.prepend_view_path("views/default") - # self.prepend_view_path(["views/default", "views/custom"]) - # - def prepend_view_path(path) - @template.view_paths.unshift(*path) - end - - # Adds a view_path to the end of the view_paths array. - # This change affects the current request only. - # - # self.append_view_path("views/default") - # self.append_view_path(["views/default", "views/custom"]) - # - def append_view_path(path) - @template.view_paths.push(*path) - end - - protected - # Renders the content that will be returned to the browser as the response body. - # - # === Rendering an action - # - # Action rendering is the most common form and the type used automatically by Action Controller when nothing else is - # specified. By default, actions are rendered within the current layout (if one exists). - # - # # Renders the template for the action "goal" within the current controller - # render :action => "goal" - # - # # Renders the template for the action "short_goal" within the current controller, - # # but without the current active layout - # render :action => "short_goal", :layout => false - # - # # Renders the template for the action "long_goal" within the current controller, - # # but with a custom layout - # render :action => "long_goal", :layout => "spectacular" - # - # === Rendering partials - # - # Partial rendering in a controller is most commonly used together with Ajax calls that only update one or a few elements on a page - # without reloading. Rendering of partials from the controller makes it possible to use the same partial template in - # both the full-page rendering (by calling it from within the template) and when sub-page updates happen (from the - # controller action responding to Ajax calls). By default, the current layout is not used. - # - # # Renders the same partial with a local variable. - # render :partial => "person", :locals => { :name => "david" } - # - # # Renders the partial, making @new_person available through - # # the local variable 'person' - # render :partial => "person", :object => @new_person - # - # # Renders a collection of the same partial by making each element - # # of @winners available through the local variable "person" as it - # # builds the complete response. - # render :partial => "person", :collection => @winners - # - # # Renders a collection of partials but with a custom local variable name - # render :partial => "admin_person", :collection => @winners, :as => :person - # - # # Renders the same collection of partials, but also renders the - # # person_divider partial between each person partial. - # render :partial => "person", :collection => @winners, :spacer_template => "person_divider" - # - # # Renders a collection of partials located in a view subfolder - # # outside of our current controller. In this example we will be - # # rendering app/views/shared/_note.r(html|xml) Inside the partial - # # each element of @new_notes is available as the local var "note". - # render :partial => "shared/note", :collection => @new_notes - # - # # Renders the partial with a status code of 500 (internal error). - # render :partial => "broken", :status => 500 - # - # Note that the partial filename must also be a valid Ruby variable name, - # so e.g. 2005 and register-user are invalid. - # - # - # == Automatic etagging - # - # Rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the - # response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified - # and the response body will be set to an empty string. No etag header will be inserted if it's already set. - # - # === Rendering a template - # - # Template rendering works just like action rendering except that it takes a path relative to the template root. - # The current layout is automatically applied. - # - # # Renders the template located in [TEMPLATE_ROOT]/weblog/show.r(html|xml) (in Rails, app/views/weblog/show.erb) - # render :template => "weblog/show" - # - # # Renders the template with a local variable - # render :template => "weblog/show", :locals => {:customer => Customer.new} - # - # === Rendering a file - # - # File rendering works just like action rendering except that it takes a filesystem path. By default, the path - # is assumed to be absolute, and the current layout is not applied. - # - # # Renders the template located at the absolute filesystem path - # render :file => "/path/to/some/template.erb" - # render :file => "c:/path/to/some/template.erb" - # - # # Renders a template within the current layout, and with a 404 status code - # render :file => "/path/to/some/template.erb", :layout => true, :status => 404 - # render :file => "c:/path/to/some/template.erb", :layout => true, :status => 404 - # - # === Rendering text - # - # Rendering of text is usually used for tests or for rendering prepared content, such as a cache. By default, text - # rendering is not done within the active layout. - # - # # Renders the clear text "hello world" with status code 200 - # render :text => "hello world!" - # - # # Renders the clear text "Explosion!" with status code 500 - # render :text => "Explosion!", :status => 500 - # - # # Renders the clear text "Hi there!" within the current active layout (if one exists) - # render :text => "Hi there!", :layout => true - # - # # Renders the clear text "Hi there!" within the layout - # # placed in "app/views/layouts/special.r(html|xml)" - # render :text => "Hi there!", :layout => "special" - # - # The :text option can also accept a Proc object, which can be used to manually control the page generation. This should - # generally be avoided, as it violates the separation between code and content, and because almost everything that can be - # done with this method can also be done more cleanly using one of the other rendering methods, most notably templates. - # - # # Renders "Hello from code!" - # render :text => proc { |response, output| output.write("Hello from code!") } - # - # === Rendering XML - # - # Rendering XML sets the content type to application/xml. - # - # # Renders 'David' - # render :xml => {:name => "David"}.to_xml - # - # It's not necessary to call to_xml on the object you want to render, since render will - # automatically do that for you: - # - # # Also renders 'David' - # render :xml => {:name => "David"} - # - # === Rendering JSON - # - # Rendering JSON sets the content type to application/json and optionally wraps the JSON in a callback. It is expected - # that the response will be parsed (or eval'd) for use as a data structure. - # - # # Renders '{"name": "David"}' - # render :json => {:name => "David"}.to_json - # - # It's not necessary to call to_json on the object you want to render, since render will - # automatically do that for you: - # - # # Also renders '{"name": "David"}' - # render :json => {:name => "David"} - # - # Sometimes the result isn't handled directly by a script (such as when the request comes from a SCRIPT tag), - # so the :callback option is provided for these cases. - # - # # Renders 'show({"name": "David"})' - # render :json => {:name => "David"}.to_json, :callback => 'show' - # - # === Rendering an inline template - # - # Rendering of an inline template works as a cross between text and action rendering where the source for the template - # is supplied inline, like text, but its interpreted with ERb or Builder, like action. By default, ERb is used for rendering - # and the current layout is not used. - # - # # Renders "hello, hello, hello, again" - # render :inline => "<%= 'hello, ' * 3 + 'again' %>" - # - # # Renders "

Good seeing you!

" using Builder - # render :inline => "xml.p { 'Good seeing you!' }", :type => :builder - # - # # Renders "hello david" - # render :inline => "<%= 'hello ' + name %>", :locals => { :name => "david" } - # - # === Rendering inline JavaScriptGenerator page updates - # - # In addition to rendering JavaScriptGenerator page updates with Ajax in RJS templates (see ActionView::Base for details), - # you can also pass the :update parameter to +render+, along with a block, to render page updates inline. - # - # render :update do |page| - # page.replace_html 'user_list', :partial => 'user', :collection => @users - # page.visual_effect :highlight, 'user_list' - # end - # - # === Rendering vanilla JavaScript - # - # In addition to using RJS with render :update, you can also just render vanilla JavaScript with :js. - # - # # Renders "alert('hello')" and sets the mime type to text/javascript - # render :js => "alert('hello')" - # - # === Rendering with status and location headers - # All renders take the :status and :location options and turn them into headers. They can even be used together: - # - # render :xml => post.to_xml, :status => :created, :location => post_url(post) - def render(options = nil, extra_options = {}, &block) #:doc: - raise DoubleRenderError, "Can only render or redirect once per action" if performed? - - options = { :layout => true } if options.nil? - original, options = options, extra_options unless options.is_a?(Hash) - - layout_name = options.delete(:layout) - - _process_options(options) - - if block_given? - @template.send(:_evaluate_assigns_and_ivars) - - generator = ActionView::Helpers::PrototypeHelper::JavaScriptGenerator.new(@template, &block) - response.content_type = Mime::JS - return render_for_text(generator.to_s) - end - - if original - return render_for_name(original, layout_name, options) unless block_given? - end - - if options.key?(:text) - return render_for_text(@template._render_text(options[:text], - _pick_layout(layout_name), options)) - end - - file, template = options.values_at(:file, :template) - if file || template - file = template.sub(/^\//, '') if template - return render_for_file(file, [layout_name, !!template], options) - end - - if action_option = options[:action] - return render_for_action(action_option, [layout_name, true], options) - end - - if inline = options[:inline] - render_for_text(@template._render_inline(inline, _pick_layout(layout_name), options)) - - elsif xml = options[:xml] - response.content_type ||= Mime::XML - render_for_text(xml.respond_to?(:to_xml) ? xml.to_xml : xml) - - elsif js = options[:js] - response.content_type ||= Mime::JS - render_for_text(js) - - elsif json = options[:json] - json = json.to_json unless json.is_a?(String) - json = "#{options[:callback]}(#{json})" unless options[:callback].blank? - response.content_type ||= Mime::JSON - render_for_text(json) - - elsif partial = options[:partial] - if partial == true - parts = [action_name_base, formats, controller_name, true] - elsif partial.is_a?(String) - parts = partial_parts(partial, options) - else - return render_for_text(@template._render_partial(options)) - end - - render_for_parts(parts, layout_name, options) - - elsif options[:nothing] - render_for_text(nil) - - else - render_for_parts([action_name, formats, controller_path], layout_name, options) - end - end - - def formats - @_request.formats.map {|f| f.symbol }.compact - end - - def action_name_base(name = action_name) - (name.is_a?(String) ? name.sub(/^#{controller_path}\//, '') : name).to_s - end - - # Renders according to the same rules as render, but returns the result in a string instead - # of sending it as the response body to the browser. - def render_to_string(options = nil, &block) #:doc: - render(options, &block) - ensure - response.content_type = nil - erase_render_results - reset_variables_added_to_assigns - end - - # Return a response that has no content (merely headers). The options - # argument is interpreted to be a hash of header names and values. - # This allows you to easily return a response that consists only of - # significant headers: - # - # head :created, :location => person_path(@person) - # - # It can also be used to return exceptional conditions: - # - # return head(:method_not_allowed) unless request.post? - # return head(:bad_request) unless valid_request? - # render - def head(*args) - if args.length > 2 - raise ArgumentError, "too many arguments to head" - elsif args.empty? - raise ArgumentError, "too few arguments to head" - end - options = args.extract_options! - status = interpret_status(args.shift || options.delete(:status) || :ok) - - options.each do |key, value| - headers[key.to_s.dasherize.split(/-/).map { |v| v.capitalize }.join("-")] = value.to_s - end - - render :nothing => true, :status => status - end - - # Clears the rendered results, allowing for another render to be performed. - def erase_render_results #:nodoc: - response.body = nil - @performed_render = false - end - - # Clears the redirected results from the headers, resets the status to 200 and returns - # the URL that was used to redirect or nil if there was no redirected URL - # Note that +redirect_to+ will change the body of the response to indicate a redirection. - # The response body is not reset here, see +erase_render_results+ - def erase_redirect_results #:nodoc: - @performed_redirect = false - response.redirected_to = nil - response.redirected_to_method_params = nil - response.status = DEFAULT_RENDER_STATUS_CODE - response.headers.delete('Location') - end - - # Erase both render and redirect results - def erase_results #:nodoc: - erase_render_results - erase_redirect_results - end - - def rewrite_options(options) #:nodoc: - if defaults = default_url_options(options) - defaults.merge(options) - else - options - end - end - - # Overwrite to implement a number of default options that all url_for-based methods will use. The default options should come in - # the form of a hash, just like the one you would use for url_for directly. Example: - # - # def default_url_options(options) - # { :project => @project.active? ? @project.url_name : "unknown" } - # end - # - # As you can infer from the example, this is mostly useful for situations where you want to centralize dynamic decisions about the - # urls as they stem from the business domain. Please note that any individual url_for call can always override the defaults set - # by this method. - def default_url_options(options = nil) - end - - # Redirects the browser to the target specified in +options+. This parameter can take one of three forms: - # - # * Hash - The URL will be generated by calling url_for with the +options+. - # * Record - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record. - # * String starting with protocol:// (like http://) - Is passed straight through as the target for redirection. - # * String not containing a protocol - The current protocol and host is prepended to the string. - # * :back - Back to the page that issued the request. Useful for forms that are triggered from multiple places. - # Short-hand for redirect_to(request.env["HTTP_REFERER"]) - # - # Examples: - # redirect_to :action => "show", :id => 5 - # redirect_to post - # redirect_to "http://www.rubyonrails.org" - # redirect_to "/images/screenshot.jpg" - # redirect_to articles_url - # redirect_to :back - # - # The redirection happens as a "302 Moved" header unless otherwise specified. - # - # Examples: - # redirect_to post_url(@post), :status=>:found - # redirect_to :action=>'atom', :status=>:moved_permanently - # redirect_to post_url(@post), :status=>301 - # redirect_to :action=>'atom', :status=>302 - # - # When using redirect_to :back, if there is no referrer, - # RedirectBackError will be raised. You may specify some fallback - # behavior for this case by rescuing RedirectBackError. - def redirect_to(options = {}, response_status = {}) #:doc: - raise ActionControllerError.new("Cannot redirect to nil!") if options.nil? - - if options.is_a?(Hash) && options[:status] - status = options.delete(:status) - elsif response_status[:status] - status = response_status[:status] - else - status = 302 - end - - response.redirected_to = options - logger.info("Redirected to #{options}") if logger && logger.info? - - case options - # The scheme name consist of a letter followed by any combination of - # letters, digits, and the plus ("+"), period ("."), or hyphen ("-") - # characters; and is terminated by a colon (":"). - when %r{^\w[\w\d+.-]*:.*} - redirect_to_full_url(options, status) - when String - redirect_to_full_url(request.protocol + request.host_with_port + options, status) - when :back - if referer = request.headers["Referer"] - redirect_to(referer, :status=>status) - else - raise RedirectBackError - end - else - redirect_to_full_url(url_for(options), status) - end - end - - def redirect_to_full_url(url, status) - raise DoubleRenderError if performed? - response.redirect(url, interpret_status(status)) - @performed_redirect = true - end - - # Sets the etag and/or last_modified on the response and checks it against - # the client request. If the request doesn't match the options provided, the - # request is considered stale and should be generated from scratch. Otherwise, - # it's fresh and we don't need to generate anything and a reply of "304 Not Modified" is sent. - # - # Example: - # - # def show - # @article = Article.find(params[:id]) - # - # if stale?(:etag => @article, :last_modified => @article.created_at.utc) - # @statistics = @article.really_expensive_call - # respond_to do |format| - # # all the supported formats - # end - # end - # end - def stale?(options) - fresh_when(options) - !request.fresh?(response) - end - - # Sets the etag, last_modified, or both on the response and renders a - # "304 Not Modified" response if the request is already fresh. - # - # Example: - # - # def show - # @article = Article.find(params[:id]) - # fresh_when(:etag => @article, :last_modified => @article.created_at.utc) - # end - # - # This will render the show template if the request isn't sending a matching etag or - # If-Modified-Since header and just a "304 Not Modified" response if there's a match. - def fresh_when(options) - options.assert_valid_keys(:etag, :last_modified) - - response.etag = options[:etag] if options[:etag] - response.last_modified = options[:last_modified] if options[:last_modified] - - if request.fresh?(response) - head :not_modified - end - end - - # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a "private" instruction, so that - # intermediate caches shouldn't cache the response. - # - # Examples: - # expires_in 20.minutes - # expires_in 3.hours, :private => false - # expires in 3.hours, 'max-stale' => 5.hours, :private => nil, :public => true - # - # This method will overwrite an existing Cache-Control header. - # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities. - def expires_in(seconds, options = {}) #:doc: - cache_options = { 'max-age' => seconds, 'private' => true }.symbolize_keys.merge!(options.symbolize_keys) - cache_options.delete_if { |k,v| v.nil? or v == false } - cache_control = cache_options.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"} - response.headers["Cache-Control"] = cache_control.join(', ') - end - - # Sets a HTTP 1.1 Cache-Control header of "no-cache" so no caching should occur by the browser or - # intermediate caches (like caching proxy servers). - def expires_now #:doc: - response.headers["Cache-Control"] = "no-cache" - end - - # Resets the session by clearing out all the objects stored within and initializing a new session object. - def reset_session #:doc: - request.reset_session - @_session = request.session - end - - private - def _process_options(options) - if content_type = options[:content_type] - response.content_type = content_type.to_s - end - - if location = options[:location] - response.headers["Location"] = url_for(location) - end - - response.status = interpret_status(options[:status] || DEFAULT_RENDER_STATUS_CODE) - end - - def render_for_name(name, layout, options) - case name.to_s.index('/') - when 0 - render_for_file(name, layout, options) - when nil - render_for_action(name, layout, options) - else - render_for_file(name.sub(/^\//, ''), [layout, true], options) - end - end - - def render_for_parts(parts, layout, options = {}) - tmp = view_paths.find_by_parts(*parts) - layout = _pick_layout(*layout) unless tmp.exempt_from_layout? - - render_for_text( - @template._render_template_with_layout(tmp, layout, options, parts[3])) - end - - def partial_parts(name, options) - segments = name.split("/") - parts = segments.pop.split(".") - - case parts.size - when 1 - parts - when 2, 3 - extension = parts.delete_at(1).to_sym - if formats.include?(extension) - self.formats.replace [extension] - end - parts.pop if parts.size == 2 - end - - path = parts.join(".") - prefix = segments[0..-1].join("/") - prefix = prefix.blank? ? controller_path : prefix - parts = [path, formats, prefix] - parts.push options[:object] || true - end - - def render_for_file(file, layout, options) - render_for_parts([file, [request.format.to_sym]], layout, options) - end - - def render_for_action(name, layout, options) - parts = [action_name_base(name), formats, controller_name] - render_for_parts(parts, layout, options) - end - - def render_for_text(text = nil, append_response = false) #:nodoc: - @performed_render = true - - if append_response - response.body ||= '' - response.body << text.to_s - else - response.body = case text - when Proc then text - when nil then " " # Safari doesn't pass the headers of the return if the response is zero length - else text.to_s - end - end - end - - def initialize_template_class(response) - @template = response.template = ActionView::Base.new(self.class.view_paths, {}, self, formats) - response.template.helpers.send :include, self.class.master_helper_module - response.redirected_to = nil - @performed_render = @performed_redirect = false - end - - def assign_shortcuts(request, response) - @_request, @_params = request, request.parameters - - @_response = response - @_response.session = request.session - - @_session = @_response.session - - @_headers = @_response.headers - end - - def initialize_current_url - @url = UrlRewriter.new(request, params.clone) - end - - def log_processing - if logger && logger.info? - log_processing_for_request_id - log_processing_for_parameters - end - end - - def log_processing_for_request_id - request_id = "\n\nProcessing #{self.class.name}\##{action_name} " - request_id << "to #{params[:format]} " if params[:format] - request_id << "(for #{request_origin}) [#{request.method.to_s.upcase}]" - - logger.info(request_id) - end - - def log_processing_for_parameters - parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup - parameters = parameters.except!(:controller, :action, :format, :_method) - - logger.info " Parameters: #{parameters.inspect}" unless parameters.empty? - end - - def default_render #:nodoc: - render - end - - def perform_action - if called = action_methods.include?(action_name) - ret = send(action_name) - elsif called = respond_to?(:method_missing) - ret = method_missing(action_name) - end - - return (performed? ? ret : default_render) if called - - begin - default_render - rescue ActionView::MissingTemplate => e - raise e unless e.path == action_name - # If the path is the same as the action_name, the action is completely missing - raise UnknownAction, "No action responded to #{action_name}. Actions: " + - "#{action_methods.sort.to_sentence}", caller - end - end - - def performed? - @performed_render || @performed_redirect - end - - def assign_names - @action_name = (params['action'] || 'index') - end - - def action_methods - self.class.action_methods - end - - def self.action_methods - @action_methods ||= - # All public instance methods of this class, including ancestors - public_instance_methods(true).map { |m| m.to_s }.to_set - - # Except for public instance methods of Base and its ancestors - Base.public_instance_methods(true).map { |m| m.to_s } + - # Be sure to include shadowed public instance methods of this class - public_instance_methods(false).map { |m| m.to_s } - - # And always exclude explicitly hidden actions - hidden_actions - end - - def reset_variables_added_to_assigns - @template.instance_variable_set("@assigns_added", nil) - end - - def request_origin - # this *needs* to be cached! - # otherwise you'd get different results if calling it more than once - @request_origin ||= "#{request.remote_ip} at #{Time.now.to_s(:db)}" - end - - def complete_request_uri - "#{request.protocol}#{request.host}#{request.request_uri}" - end - - def close_session - @_session.close if @_session && @_session.respond_to?(:close) - end - - def default_template(action_name = self.action_name) - self.view_paths.find_template(default_template_name(action_name), default_template_format) - end - - def default_template_name(action_name = self.action_name) - if action_name - action_name = action_name.to_s - if action_name.include?('/') && template_path_includes_controller?(action_name) - action_name = strip_out_controller(action_name) - end - end - "#{self.controller_path}/#{action_name}" - end - - def strip_out_controller(path) - path.split('/', 2).last - end - - - def template_path_includes_controller?(path) - self.controller_path.split('/')[-1] == path.split('/')[0] - end - - def process_cleanup - close_session - end - end - - Base.class_eval do - [ Filters, Layout, Benchmarking, Rescue, Flash, MimeResponds, Helpers, - Cookies, Caching, Verification, Streaming, SessionManagement, - HttpAuthentication::Basic::ControllerMethods, RecordIdentifier, - RequestForgeryProtection, Translation - ].each do |mod| - include mod - end - end -end diff --git a/actionpack/lib/action_controller/base/base.rb b/actionpack/lib/action_controller/base/base.rb new file mode 100644 index 0000000000..84371643d7 --- /dev/null +++ b/actionpack/lib/action_controller/base/base.rb @@ -0,0 +1,904 @@ +require 'set' + +module ActionController #:nodoc: + class ActionControllerError < StandardError #:nodoc: + end + + class SessionRestoreError < ActionControllerError #:nodoc: + end + + class RenderError < ActionControllerError #:nodoc: + end + + class RoutingError < ActionControllerError #:nodoc: + attr_reader :failures + def initialize(message, failures=[]) + super(message) + @failures = failures + end + end + + class MethodNotAllowed < ActionControllerError #:nodoc: + attr_reader :allowed_methods + + def initialize(*allowed_methods) + super("Only #{allowed_methods.to_sentence} requests are allowed.") + @allowed_methods = allowed_methods + end + + def allowed_methods_header + allowed_methods.map { |method_symbol| method_symbol.to_s.upcase } * ', ' + end + + def handle_response!(response) + response.headers['Allow'] ||= allowed_methods_header + end + end + + class NotImplemented < MethodNotAllowed #:nodoc: + end + + class UnknownController < ActionControllerError #:nodoc: + end + + class UnknownAction < ActionControllerError #:nodoc: + end + + class MissingFile < ActionControllerError #:nodoc: + end + + class RenderError < ActionControllerError #:nodoc: + end + + class SessionOverflowError < ActionControllerError #:nodoc: + DEFAULT_MESSAGE = 'Your session data is larger than the data column in which it is to be stored. You must increase the size of your data column if you intend to store large data.' + + def initialize(message = nil) + super(message || DEFAULT_MESSAGE) + end + end + + class UnknownHttpMethod < ActionControllerError #:nodoc: + end + + # Action Controllers are the core of a web request in Rails. They are made up of one or more actions that are executed + # on request and then either render a template or redirect to another action. An action is defined as a public method + # on the controller, which will automatically be made accessible to the web-server through Rails Routes. + # + # A sample controller could look like this: + # + # class GuestBookController < ActionController::Base + # def index + # @entries = Entry.find(:all) + # end + # + # def sign + # Entry.create(params[:entry]) + # redirect_to :action => "index" + # end + # end + # + # Actions, by default, render a template in the app/views directory corresponding to the name of the controller and action + # after executing code in the action. For example, the +index+ action of the GuestBookController would render the + # template app/views/guestbook/index.erb by default after populating the @entries instance variable. + # + # Unlike index, the sign action will not render a template. After performing its main purpose (creating a + # new entry in the guest book), it initiates a redirect instead. This redirect works by returning an external + # "302 Moved" HTTP response that takes the user to the index action. + # + # The index and sign represent the two basic action archetypes used in Action Controllers. Get-and-show and do-and-redirect. + # Most actions are variations of these themes. + # + # == Requests + # + # Requests are processed by the Action Controller framework by extracting the value of the "action" key in the request parameters. + # This value should hold the name of the action to be performed. Once the action has been identified, the remaining + # request parameters, the session (if one is available), and the full request with all the HTTP headers are made available to + # the action through instance variables. Then the action is performed. + # + # The full request object is available with the request accessor and is primarily used to query for HTTP headers. These queries + # are made by accessing the environment hash, like this: + # + # def server_ip + # location = request.env["SERVER_ADDR"] + # render :text => "This server hosted at #{location}" + # end + # + # == Parameters + # + # All request parameters, whether they come from a GET or POST request, or from the URL, are available through the params method + # which returns a hash. For example, an action that was performed through /weblog/list?category=All&limit=5 will include + # { "category" => "All", "limit" => 5 } in params. + # + # It's also possible to construct multi-dimensional parameter hashes by specifying keys using brackets, such as: + # + # + # + # + # A request stemming from a form holding these inputs will include { "post" => { "name" => "david", "address" => "hyacintvej" } }. + # If the address input had been named "post[address][street]", the params would have included + # { "post" => { "address" => { "street" => "hyacintvej" } } }. There's no limit to the depth of the nesting. + # + # == Sessions + # + # Sessions allows you to store objects in between requests. This is useful for objects that are not yet ready to be persisted, + # such as a Signup object constructed in a multi-paged process, or objects that don't change much and are needed all the time, such + # as a User object for a system that requires login. The session should not be used, however, as a cache for objects where it's likely + # they could be changed unknowingly. It's usually too much work to keep it all synchronized -- something databases already excel at. + # + # You can place objects in the session by using the session method, which accesses a hash: + # + # session[:person] = Person.authenticate(user_name, password) + # + # And retrieved again through the same hash: + # + # Hello #{session[:person]} + # + # For removing objects from the session, you can either assign a single key to +nil+: + # + # # removes :person from session + # session[:person] = nil + # + # or you can remove the entire session with +reset_session+. + # + # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted. + # This prevents the user from tampering with the session but also allows him to see its contents. + # + # Do not put secret information in cookie-based sessions! + # + # Other options for session storage are: + # + # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and, + # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set + # + # config.action_controller.session_store = :active_record_store + # + # in your config/environment.rb and run rake db:sessions:create. + # + # * MemCacheStore - Sessions are stored as entries in your memcached cache. + # Set the session store type in config/environment.rb: + # + # config.action_controller.session_store = :mem_cache_store + # + # This assumes that memcached has been installed and configured properly. + # See the MemCacheStore docs for more information. + # + # == Responses + # + # Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response + # object is generated automatically through the use of renders and redirects and requires no user intervention. + # + # == Renders + # + # Action Controller sends content to the user by using one of five rendering methods. The most versatile and common is the rendering + # of a template. Included in the Action Pack is the Action View, which enables rendering of ERb templates. It's automatically configured. + # The controller passes objects to the view by assigning instance variables: + # + # def show + # @post = Post.find(params[:id]) + # end + # + # Which are then automatically available to the view: + # + # Title: <%= @post.title %> + # + # You don't have to rely on the automated rendering. Especially actions that could result in the rendering of different templates will use + # the manual rendering methods: + # + # def search + # @results = Search.find(params[:query]) + # case @results + # when 0 then render :action => "no_results" + # when 1 then render :action => "show" + # when 2..10 then render :action => "show_many" + # end + # end + # + # Read more about writing ERb and Builder templates in link:classes/ActionView/Base.html. + # + # == Redirects + # + # Redirects are used to move from one action to another. For example, after a create action, which stores a blog entry to a database, + # we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're going to reuse (and redirect to) + # a show action that we'll assume has already been created. The code might look like this: + # + # def create + # @entry = Entry.new(params[:entry]) + # if @entry.save + # # The entry was saved correctly, redirect to show + # redirect_to :action => 'show', :id => @entry.id + # else + # # things didn't go so well, do something else + # end + # end + # + # In this case, after saving our new entry to the database, the user is redirected to the show method which is then executed. + # + # == Calling multiple redirects or renders + # + # An action may contain only a single render or a single redirect. Attempting to try to do either again will result in a DoubleRenderError: + # + # def do_something + # redirect_to :action => "elsewhere" + # render :action => "overthere" # raises DoubleRenderError + # end + # + # If you need to redirect on the condition of something, then be sure to add "and return" to halt execution. + # + # def do_something + # redirect_to(:action => "elsewhere") and return if monkeys.nil? + # render :action => "overthere" # won't be called if monkeys is nil + # end + # + class Base + + include StatusCodes + + cattr_reader :protected_instance_variables + # Controller specific instance variables which will not be accessible inside views. + @@protected_instance_variables = %w(@assigns @performed_redirect @performed_render @variables_added @request_origin @url @parent_controller + @action_name @before_filter_chain_aborted @action_cache_path @_session @_headers @_params + @_flash @_response) + + # Prepends all the URL-generating helpers from AssetHelper. This makes it possible to easily move javascripts, stylesheets, + # and images to a dedicated asset server away from the main web server. Example: + # ActionController::Base.asset_host = "http://assets.example.com" + @@asset_host = "" + cattr_accessor :asset_host + + # All requests are considered local by default, so everyone will be exposed to detailed debugging screens on errors. + # When the application is ready to go public, this should be set to false, and the protected method local_request? + # should instead be implemented in the controller to determine when debugging screens should be shown. + @@consider_all_requests_local = true + cattr_accessor :consider_all_requests_local + + # Indicates whether to allow concurrent action processing. Your + # controller actions and any other code they call must also behave well + # when called from concurrent threads. Turned off by default. + @@allow_concurrency = false + cattr_accessor :allow_concurrency + + # Modern REST web services often need to submit complex data to the web application. + # The @@param_parsers hash lets you register handlers which will process the HTTP body and add parameters to the + # params hash. These handlers are invoked for POST and PUT requests. + # + # By default application/xml is enabled. A XmlSimple class with the same param name as the root will be instantiated + # in the params. This allows XML requests to mask themselves as regular form submissions, so you can have one + # action serve both regular forms and web service requests. + # + # Example of doing your own parser for a custom content type: + # + # ActionController::Base.param_parsers[Mime::Type.lookup('application/atom+xml')] = Proc.new do |data| + # node = REXML::Document.new(post) + # { node.root.name => node.root } + # end + # + # Note: Up until release 1.1 of Rails, Action Controller would default to using XmlSimple configured to discard the + # root node for such requests. The new default is to keep the root, such that "David" results + # in params[:r][:name] for "David" instead of params[:name]. To get the old behavior, you can + # re-register XmlSimple as application/xml handler ike this: + # + # ActionController::Base.param_parsers[Mime::XML] = + # Proc.new { |data| XmlSimple.xml_in(data, 'ForceArray' => false) } + # + # A YAML parser is also available and can be turned on with: + # + # ActionController::Base.param_parsers[Mime::YAML] = :yaml + @@param_parsers = { Mime::MULTIPART_FORM => :multipart_form, + Mime::URL_ENCODED_FORM => :url_encoded_form, + Mime::XML => :xml_simple, + Mime::JSON => :json } + cattr_accessor :param_parsers + + # Controls the default charset for all renders. + @@default_charset = "utf-8" + cattr_accessor :default_charset + + # The logger is used for generating information on the action run-time (including benchmarking) if available. + # Can be set to nil for no logging. Compatible with both Ruby's own Logger and Log4r loggers. + cattr_accessor :logger + + # Controls the resource action separator + @@resource_action_separator = "/" + cattr_accessor :resource_action_separator + + # Allow to override path names for default resources' actions + @@resources_path_names = { :new => 'new', :edit => 'edit' } + cattr_accessor :resources_path_names + + # Sets the token parameter name for RequestForgery. Calling +protect_from_forgery+ + # sets it to :authenticity_token by default. + cattr_accessor :request_forgery_protection_token + + # Controls the IP Spoofing check when determining the remote IP. + @@ip_spoofing_check = true + cattr_accessor :ip_spoofing_check + + # Indicates whether or not optimise the generated named + # route helper methods + cattr_accessor :optimise_named_routes + self.optimise_named_routes = true + + # Indicates whether the response format should be determined by examining the Accept HTTP header, + # or by using the simpler params + ajax rules. + # + # If this is set to +true+ (the default) then +respond_to+ and +Request#format+ will take the Accept + # header into account. If it is set to false then the request format will be determined solely + # by examining params[:format]. If params format is missing, the format will be either HTML or + # Javascript depending on whether the request is an AJAX request. + cattr_accessor :use_accept_header + self.use_accept_header = true + + # Controls whether request forgergy protection is turned on or not. Turned off by default only in test mode. + class_inheritable_accessor :allow_forgery_protection + self.allow_forgery_protection = true + + # If you are deploying to a subdirectory, you will need to set + # config.action_controller.relative_url_root + # This defaults to ENV['RAILS_RELATIVE_URL_ROOT'] + cattr_accessor :relative_url_root + self.relative_url_root = ENV['RAILS_RELATIVE_URL_ROOT'] + + # Holds the request object that's primarily used to get environment variables through access like + # request.env["REQUEST_URI"]. + attr_internal :request + + # Holds a hash of all the GET, POST, and Url parameters passed to the action. Accessed like params["post_id"] + # to get the post_id. No type casts are made, so all values are returned as strings. + attr_internal :params + + # Holds the response object that's primarily used to set additional HTTP headers through access like + # response.headers["Cache-Control"] = "no-cache". Can also be used to access the final body HTML after a template + # has been rendered through response.body -- useful for after_filters that wants to manipulate the output, + # such as a OutputCompressionFilter. + attr_internal :response + + # Holds a hash of objects in the session. Accessed like session[:person] to get the object tied to the "person" + # key. The session will hold any type of object as values, but the key should be a string or symbol. + attr_internal :session + + # Holds a hash of header names and values. Accessed like headers["Cache-Control"] to get the value of the Cache-Control + # directive. Values should always be specified as strings. + attr_internal :headers + + # Returns the name of the action this controller is processing. + attr_accessor :action_name + + class << self + def call(env) + # HACK: For global rescue to have access to the original request and response + request = env["action_controller.rescue.request"] ||= Request.new(env) + response = env["action_controller.rescue.response"] ||= Response.new + process(request, response) + end + + # Factory for the standard create, process loop where the controller is discarded after processing. + def process(request, response) #:nodoc: + new.process(request, response) + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "NeatController". + def controller_class_name + @controller_class_name ||= name.demodulize + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "neat". + def controller_name + @controller_name ||= controller_class_name.sub(/Controller$/, '').underscore + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "one_module/two_module/neat". + def controller_path + @controller_path ||= name.gsub(/Controller$/, '').underscore + end + + # Return an array containing the names of public methods that have been marked hidden from the action processor. + # By default, all methods defined in ActionController::Base and included modules are hidden. + # More methods can be hidden using hide_actions. + def hidden_actions + read_inheritable_attribute(:hidden_actions) || write_inheritable_attribute(:hidden_actions, []) + end + + # Hide each of the given methods from being callable as actions. + def hide_action(*names) + write_inheritable_attribute(:hidden_actions, hidden_actions | names.map { |name| name.to_s }) + end + + # View load paths determine the bases from which template references can be made. So a call to + # render("test/template") will be looked up in the view load paths array and the closest match will be + # returned. + def view_paths + if defined? @view_paths + @view_paths + else + superclass.view_paths + end + end + + def view_paths=(value) + @view_paths = ActionView::Base.process_view_paths(value) if value + end + + # Adds a view_path to the front of the view_paths array. + # If the current class has no view paths, copy them from + # the superclass. This change will be visible for all future requests. + # + # ArticleController.prepend_view_path("views/default") + # ArticleController.prepend_view_path(["views/default", "views/custom"]) + # + def prepend_view_path(path) + @view_paths = superclass.view_paths.dup if !defined?(@view_paths) || @view_paths.nil? + @view_paths.unshift(*path) + end + + # Adds a view_path to the end of the view_paths array. + # If the current class has no view paths, copy them from + # the superclass. This change will be visible for all future requests. + # + # ArticleController.append_view_path("views/default") + # ArticleController.append_view_path(["views/default", "views/custom"]) + # + def append_view_path(path) + @view_paths = superclass.view_paths.dup if @view_paths.nil? + @view_paths.push(*path) + end + + # Replace sensitive parameter data from the request log. + # Filters parameters that have any of the arguments as a substring. + # Looks in all subhashes of the param hash for keys to filter. + # If a block is given, each key and value of the parameter hash and all + # subhashes is passed to it, the value or key + # can be replaced using String#replace or similar method. + # + # Examples: + # filter_parameter_logging + # => Does nothing, just slows the logging process down + # + # filter_parameter_logging :password + # => replaces the value to all keys matching /password/i with "[FILTERED]" + # + # filter_parameter_logging :foo, "bar" + # => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + # + # filter_parameter_logging { |k,v| v.reverse! if k =~ /secret/i } + # => reverses the value to all keys matching /secret/i + # + # filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ /secret/i } + # => reverses the value to all keys matching /secret/i, and + # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" + def filter_parameter_logging(*filter_words, &block) + parameter_filter = Regexp.new(filter_words.collect{ |s| s.to_s }.join('|'), true) if filter_words.length > 0 + + define_method(:filter_parameters) do |unfiltered_parameters| + filtered_parameters = {} + + unfiltered_parameters.each do |key, value| + if key =~ parameter_filter + filtered_parameters[key] = '[FILTERED]' + elsif value.is_a?(Hash) + filtered_parameters[key] = filter_parameters(value) + elsif block_given? + key = key.dup + value = value.dup if value + yield key, value + filtered_parameters[key] = value + else + filtered_parameters[key] = value + end + end + + filtered_parameters + end + protected :filter_parameters + end + + delegate :exempt_from_layout, :to => 'ActionView::Template' + end + + public + # Extracts the action_name from the request parameters and performs that action. + def process(request, response, method = :perform_action, *arguments) #:nodoc: + response.request = request + + assign_shortcuts(request, response) + initialize_template_class(response) + initialize_current_url + assign_names + + log_processing + send(method, *arguments) + + send_response + ensure + process_cleanup + end + + def send_response + response.prepare! + response + end + + # Returns a URL that has been rewritten according to the options hash and the defined routes. + # (For doing a complete redirect, use +redirect_to+). + # + # url_for is used to: + # + # All keys given to +url_for+ are forwarded to the Route module, save for the following: + # * :anchor - Specifies the anchor name to be appended to the path. For example, + # url_for :controller => 'posts', :action => 'show', :id => 10, :anchor => 'comments' + # will produce "/posts/show/10#comments". + # * :only_path - If true, returns the relative URL (omitting the protocol, host name, and port) (false by default). + # * :trailing_slash - If true, adds a trailing slash, as in "/archive/2005/". Note that this + # is currently not recommended since it breaks caching. + # * :host - Overrides the default (current) host if provided. + # * :protocol - Overrides the default (current) protocol if provided. + # * :port - Optionally specify the port to connect to. + # * :user - Inline HTTP authentication (only plucked out if :password is also present). + # * :password - Inline HTTP authentication (only plucked out if :user is also present). + # * :skip_relative_url_root - If true, the url is not constructed using the +relative_url_root+ + # of the request so the path will include the web server relative installation directory. + # + # The URL is generated from the remaining keys in the hash. A URL contains two key parts: the and a query string. + # Routes composes a query string as the key/value pairs not included in the . + # + # The default Routes setup supports a typical Rails path of "controller/action/id" where action and id are optional, with + # action defaulting to 'index' when not given. Here are some typical url_for statements and their corresponding URLs: + # + # url_for :controller => 'posts', :action => 'recent' # => 'proto://host.com/posts/recent' + # url_for :controller => 'posts', :action => 'index' # => 'proto://host.com/posts' + # url_for :controller => 'posts', :action => 'index', :port=>'8033' # => 'proto://host.com:8033/posts' + # url_for :controller => 'posts', :action => 'show', :id => 10 # => 'proto://host.com/posts/show/10' + # url_for :controller => 'posts', :user => 'd', :password => '123' # => 'proto://d:123@host.com/posts' + # + # When generating a new URL, missing values may be filled in from the current request's parameters. For example, + # url_for :action => 'some_action' will retain the current controller, as expected. This behavior extends to + # other parameters, including :controller, :id, and any other parameters that are placed into a Route's + # path. + #   + # The URL helpers such as url_for have a limited form of memory: when generating a new URL, they can look for + # missing values in the current request's parameters. Routes attempts to guess when a value should and should not be + # taken from the defaults. There are a few simple rules on how this is performed: + # + # * If the controller name begins with a slash no defaults are used: + # + # url_for :controller => '/home' + # + # In particular, a leading slash ensures no namespace is assumed. Thus, + # while url_for :controller => 'users' may resolve to + # Admin::UsersController if the current controller lives under + # that module, url_for :controller => '/users' ensures you link + # to ::UsersController no matter what. + # * If the controller changes, the action will default to index unless provided + # + # The final rule is applied while the URL is being generated and is best illustrated by an example. Let us consider the + # route given by map.connect 'people/:last/:first/:action', :action => 'bio', :controller => 'people'. + # + # Suppose that the current URL is "people/hh/david/contacts". Let's consider a few different cases of URLs which are generated + # from this page. + # + # * url_for :action => 'bio' -- During the generation of this URL, default values will be used for the first and + # last components, and the action shall change. The generated URL will be, "people/hh/david/bio". + # * url_for :first => 'davids-little-brother' This generates the URL 'people/hh/davids-little-brother' -- note + # that this URL leaves out the assumed action of 'bio'. + # + # However, you might ask why the action from the current request, 'contacts', isn't carried over into the new URL. The + # answer has to do with the order in which the parameters appear in the generated path. In a nutshell, since the + # value that appears in the slot for :first is not equal to default value for :first we stop using + # defaults. On its own, this rule can account for much of the typical Rails URL behavior. + #   + # Although a convenience, defaults can occasionally get in your way. In some cases a default persists longer than desired. + # The default may be cleared by adding :name => nil to url_for's options. + # This is often required when writing form helpers, since the defaults in play may vary greatly depending upon where the + # helper is used from. The following line will redirect to PostController's default action, regardless of the page it is + # displayed on: + # + # url_for :controller => 'posts', :action => nil + # + # If you explicitly want to create a URL that's almost the same as the current URL, you can do so using the + # :overwrite_params options. Say for your posts you have different views for showing and printing them. + # Then, in the show view, you get the URL for the print view like this + # + # url_for :overwrite_params => { :action => 'print' } + # + # This takes the current URL as is and only exchanges the action. In contrast, url_for :action => 'print' + # would have slashed-off the path components after the changed action. + def url_for(options = {}) + options ||= {} + case options + when String + options + when Hash + @url.rewrite(rewrite_options(options)) + else + polymorphic_url(options) + end + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "NeatController". + def controller_class_name + self.class.controller_class_name + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "neat". + def controller_name + self.class.controller_name + end + + # Converts the class name from something like "OneModule::TwoModule::NeatController" to "one_module/two_module/neat". + def controller_path + self.class.controller_path + end + + def session_enabled? + request.session_options && request.session_options[:disabled] != false + end + + self.view_paths = [] + + # View load paths for controller. + def view_paths + @template.view_paths + end + + def view_paths=(value) + @template.view_paths = ActionView::Base.process_view_paths(value) + end + + # Adds a view_path to the front of the view_paths array. + # This change affects the current request only. + # + # self.prepend_view_path("views/default") + # self.prepend_view_path(["views/default", "views/custom"]) + # + def prepend_view_path(path) + @template.view_paths.unshift(*path) + end + + # Adds a view_path to the end of the view_paths array. + # This change affects the current request only. + # + # self.append_view_path("views/default") + # self.append_view_path(["views/default", "views/custom"]) + # + def append_view_path(path) + @template.view_paths.push(*path) + end + + def rewrite_options(options) #:nodoc: + if defaults = default_url_options(options) + defaults.merge(options) + else + options + end + end + + # Overwrite to implement a number of default options that all url_for-based methods will use. The default options should come in + # the form of a hash, just like the one you would use for url_for directly. Example: + # + # def default_url_options(options) + # { :project => @project.active? ? @project.url_name : "unknown" } + # end + # + # As you can infer from the example, this is mostly useful for situations where you want to centralize dynamic decisions about the + # urls as they stem from the business domain. Please note that any individual url_for call can always override the defaults set + # by this method. + def default_url_options(options = nil) + end + + # Sets the etag and/or last_modified on the response and checks it against + # the client request. If the request doesn't match the options provided, the + # request is considered stale and should be generated from scratch. Otherwise, + # it's fresh and we don't need to generate anything and a reply of "304 Not Modified" is sent. + # + # Example: + # + # def show + # @article = Article.find(params[:id]) + # + # if stale?(:etag => @article, :last_modified => @article.created_at.utc) + # @statistics = @article.really_expensive_call + # respond_to do |format| + # # all the supported formats + # end + # end + # end + def stale?(options) + fresh_when(options) + !request.fresh?(response) + end + + # Sets the etag, last_modified, or both on the response and renders a + # "304 Not Modified" response if the request is already fresh. + # + # Example: + # + # def show + # @article = Article.find(params[:id]) + # fresh_when(:etag => @article, :last_modified => @article.created_at.utc) + # end + # + # This will render the show template if the request isn't sending a matching etag or + # If-Modified-Since header and just a "304 Not Modified" response if there's a match. + def fresh_when(options) + options.assert_valid_keys(:etag, :last_modified) + + response.etag = options[:etag] if options[:etag] + response.last_modified = options[:last_modified] if options[:last_modified] + + if request.fresh?(response) + head :not_modified + end + end + + # Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a "private" instruction, so that + # intermediate caches shouldn't cache the response. + # + # Examples: + # expires_in 20.minutes + # expires_in 3.hours, :private => false + # expires in 3.hours, 'max-stale' => 5.hours, :private => nil, :public => true + # + # This method will overwrite an existing Cache-Control header. + # See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities. + def expires_in(seconds, options = {}) #:doc: + cache_options = { 'max-age' => seconds, 'private' => true }.symbolize_keys.merge!(options.symbolize_keys) + cache_options.delete_if { |k,v| v.nil? or v == false } + cache_control = cache_options.map{ |k,v| v == true ? k.to_s : "#{k.to_s}=#{v.to_s}"} + response.headers["Cache-Control"] = cache_control.join(', ') + end + + # Sets a HTTP 1.1 Cache-Control header of "no-cache" so no caching should occur by the browser or + # intermediate caches (like caching proxy servers). + def expires_now #:doc: + response.headers["Cache-Control"] = "no-cache" + end + + # Resets the session by clearing out all the objects stored within and initializing a new session object. + def reset_session #:doc: + request.reset_session + @_session = request.session + end + + private + def _process_options(options) + if content_type = options[:content_type] + response.content_type = content_type.to_s + end + + if location = options[:location] + response.headers["Location"] = url_for(location) + end + + response.status = interpret_status(options[:status] || DEFAULT_RENDER_STATUS_CODE) + end + + def initialize_template_class(response) + @template = response.template = ActionView::Base.new(self.class.view_paths, {}, self, formats) + response.template.helpers.send :include, self.class.master_helper_module + response.redirected_to = nil + @performed_render = @performed_redirect = false + end + + def assign_shortcuts(request, response) + @_request, @_params = request, request.parameters + + @_response = response + @_response.session = request.session + + @_session = @_response.session + + @_headers = @_response.headers + end + + def initialize_current_url + @url = UrlRewriter.new(request, params.clone) + end + + def log_processing + if logger && logger.info? + log_processing_for_request_id + log_processing_for_parameters + end + end + + def log_processing_for_request_id + request_id = "\n\nProcessing #{self.class.name}\##{action_name} " + request_id << "to #{params[:format]} " if params[:format] + request_id << "(for #{request_origin}) [#{request.method.to_s.upcase}]" + + logger.info(request_id) + end + + def log_processing_for_parameters + parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup + parameters = parameters.except!(:controller, :action, :format, :_method) + + logger.info " Parameters: #{parameters.inspect}" unless parameters.empty? + end + + def default_render #:nodoc: + render + end + + def perform_action + if called = action_methods.include?(action_name) + ret = send(action_name) + elsif called = respond_to?(:method_missing) + ret = method_missing(action_name) + end + + return (performed? ? ret : default_render) if called + + begin + default_render + rescue ActionView::MissingTemplate => e + raise e unless e.path == action_name + # If the path is the same as the action_name, the action is completely missing + raise UnknownAction, "No action responded to #{action_name}. Actions: " + + "#{action_methods.sort.to_sentence}", caller + end + end + + def performed? + @performed_render || @performed_redirect + end + + def assign_names + @action_name = (params['action'] || 'index') + end + + def reset_variables_added_to_assigns + @template.instance_variable_set("@assigns_added", nil) + end + + def request_origin + # this *needs* to be cached! + # otherwise you'd get different results if calling it more than once + @request_origin ||= "#{request.remote_ip} at #{Time.now.to_s(:db)}" + end + + def complete_request_uri + "#{request.protocol}#{request.host}#{request.request_uri}" + end + + def close_session + @_session.close if @_session && @_session.respond_to?(:close) + end + + def default_template(action_name = self.action_name) + self.view_paths.find_template(default_template_name(action_name), default_template_format) + end + + def default_template_name(action_name = self.action_name) + if action_name + action_name = action_name.to_s + if action_name.include?('/') && template_path_includes_controller?(action_name) + action_name = strip_out_controller(action_name) + end + end + "#{controller_path}/#{action_name}" + end + + def strip_out_controller(path) + path.split('/', 2).last + end + + def template_path_includes_controller?(path) + self.controller_path.split('/')[-1] == path.split('/')[0] + end + + def process_cleanup + close_session + end + end + + Base.class_eval do + [ Filters, Layout, Renderer, Redirector, Responder, Benchmarking, Rescue, Flash, MimeResponds, Helpers, + Cookies, Caching, Verification, Streaming, SessionManagement, + HttpAuthentication::Basic::ControllerMethods, RecordIdentifier, + RequestForgeryProtection, Translation + ].each do |mod| + include mod + end + end +end diff --git a/actionpack/lib/action_controller/base/chained/benchmarking.rb b/actionpack/lib/action_controller/base/chained/benchmarking.rb new file mode 100644 index 0000000000..066150f58a --- /dev/null +++ b/actionpack/lib/action_controller/base/chained/benchmarking.rb @@ -0,0 +1,107 @@ +require 'benchmark' + +module ActionController #:nodoc: + # The benchmarking module times the performance of actions and reports to the logger. If the Active Record + # package has been included, a separate timing section for database calls will be added as well. + module Benchmarking #:nodoc: + def self.included(base) + base.extend(ClassMethods) + + base.class_eval do + alias_method_chain :perform_action, :benchmark + alias_method_chain :render, :benchmark + end + end + + module ClassMethods + # Log and benchmark the workings of a single block and silence whatever logging that may have happened inside it + # (unless use_silence is set to false). + # + # The benchmark is only recorded if the current level of the logger matches the log_level, which makes it + # easy to include benchmarking statements in production software that will remain inexpensive because the benchmark + # will only be conducted if the log level is low enough. + def benchmark(title, log_level = Logger::DEBUG, use_silence = true) + if logger && logger.level == log_level + result = nil + ms = Benchmark.ms { result = use_silence ? silence { yield } : yield } + logger.add(log_level, "#{title} (#{('%.1f' % ms)}ms)") + result + else + yield + end + end + + # Silences the logger for the duration of the block. + def silence + old_logger_level, logger.level = logger.level, Logger::ERROR if logger + yield + ensure + logger.level = old_logger_level if logger + end + end + + protected + def render_with_benchmark(options = nil, extra_options = {}, &block) + if logger + if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? + db_runtime = ActiveRecord::Base.connection.reset_runtime + end + + render_output = nil + @view_runtime = Benchmark.ms { render_output = render_without_benchmark(options, extra_options, &block) } + + if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? + @db_rt_before_render = db_runtime + @db_rt_after_render = ActiveRecord::Base.connection.reset_runtime + @view_runtime -= @db_rt_after_render + end + + render_output + else + render_without_benchmark(options, extra_options, &block) + end + end + + private + def perform_action_with_benchmark + if logger && logger.info? + ms = [Benchmark.ms { perform_action_without_benchmark }, 0.01].max + logging_view = defined?(@view_runtime) + logging_active_record = Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? + + log_message = 'Completed in %.0fms' % ms + + if logging_view || logging_active_record + log_message << " (" + log_message << view_runtime if logging_view + + if logging_active_record + log_message << ", " if logging_view + log_message << active_record_runtime + ")" + else + ")" + end + end + + log_message << " | #{response.status}" + log_message << " [#{complete_request_uri rescue "unknown"}]" + + logger.info(log_message) + response.headers["X-Runtime"] = "%.0f" % ms + else + perform_action_without_benchmark + end + end + + def view_runtime + "View: %.0f" % @view_runtime + end + + def active_record_runtime + db_runtime = ActiveRecord::Base.connection.reset_runtime + db_runtime += @db_rt_before_render if @db_rt_before_render + db_runtime += @db_rt_after_render if @db_rt_after_render + "DB: %.0f" % db_runtime + end + end +end diff --git a/actionpack/lib/action_controller/base/chained/filters.rb b/actionpack/lib/action_controller/base/chained/filters.rb new file mode 100644 index 0000000000..9022b8b279 --- /dev/null +++ b/actionpack/lib/action_controller/base/chained/filters.rb @@ -0,0 +1,680 @@ +module ActionController #:nodoc: + module Filters #:nodoc: + def self.included(base) + base.class_eval do + extend ClassMethods + include ActionController::Filters::InstanceMethods + end + end + + class FilterChain < ActiveSupport::Callbacks::CallbackChain #:nodoc: + def append_filter_to_chain(filters, filter_type, &block) + pos = find_filter_append_position(filters, filter_type) + update_filter_chain(filters, filter_type, pos, &block) + end + + def prepend_filter_to_chain(filters, filter_type, &block) + pos = find_filter_prepend_position(filters, filter_type) + update_filter_chain(filters, filter_type, pos, &block) + end + + def create_filters(filters, filter_type, &block) + filters, conditions = extract_options(filters, &block) + filters.map! { |filter| find_or_create_filter(filter, filter_type, conditions) } + filters + end + + def skip_filter_in_chain(*filters, &test) + filters, conditions = extract_options(filters) + filters.each do |filter| + if callback = find(filter) then delete(callback) end + end if conditions.empty? + update_filter_in_chain(filters, :skip => conditions, &test) + end + + private + def update_filter_chain(filters, filter_type, pos, &block) + new_filters = create_filters(filters, filter_type, &block) + insert(pos, new_filters).flatten! + end + + def find_filter_append_position(filters, filter_type) + # appending an after filter puts it at the end of the call chain + # before and around filters go before the first after filter in the chain + unless filter_type == :after + each_with_index do |f,i| + return i if f.after? + end + end + return -1 + end + + def find_filter_prepend_position(filters, filter_type) + # prepending a before or around filter puts it at the front of the call chain + # after filters go before the first after filter in the chain + if filter_type == :after + each_with_index do |f,i| + return i if f.after? + end + return -1 + end + return 0 + end + + def find_or_create_filter(filter, filter_type, options = {}) + update_filter_in_chain([filter], options) + + if found_filter = find(filter) { |f| f.type == filter_type } + found_filter + else + filter_kind = case + when filter.respond_to?(:before) && filter_type == :before + :before + when filter.respond_to?(:after) && filter_type == :after + :after + else + :filter + end + + case filter_type + when :before + BeforeFilter.new(filter_kind, filter, options) + when :after + AfterFilter.new(filter_kind, filter, options) + else + AroundFilter.new(filter_kind, filter, options) + end + end + end + + def update_filter_in_chain(filters, options, &test) + filters.map! { |f| block_given? ? find(f, &test) : find(f) } + filters.compact! + + map! do |filter| + if filters.include?(filter) + new_filter = filter.dup + new_filter.update_options!(options) + new_filter + else + filter + end + end + end + end + + class Filter < ActiveSupport::Callbacks::Callback #:nodoc: + def initialize(kind, method, options = {}) + super + update_options! options + end + + # override these to return true in appropriate subclass + def before? + false + end + + def after? + false + end + + def around? + false + end + + # Make sets of strings from :only/:except options + def update_options!(other) + if other + convert_only_and_except_options_to_sets_of_strings(other) + if other[:skip] + convert_only_and_except_options_to_sets_of_strings(other[:skip]) + end + end + + options.update(other) + end + + private + def should_not_skip?(controller) + if options[:skip] + !included_in_action?(controller, options[:skip]) + else + true + end + end + + def included_in_action?(controller, options) + if options[:only] + options[:only].include?(controller.action_name) + elsif options[:except] + !options[:except].include?(controller.action_name) + else + true + end + end + + def should_run_callback?(controller) + should_not_skip?(controller) && included_in_action?(controller, options) && super + end + + def convert_only_and_except_options_to_sets_of_strings(opts) + [:only, :except].each do |key| + if values = opts[key] + opts[key] = Array(values).map(&:to_s).to_set + end + end + end + end + + class AroundFilter < Filter #:nodoc: + def type + :around + end + + def around? + true + end + + def call(controller, &block) + if should_run_callback?(controller) + method = filter_responds_to_before_and_after? ? around_proc : self.method + + # For around_filter do |controller, action| + if method.is_a?(Proc) && method.arity == 2 + evaluate_method(method, controller, block) + else + evaluate_method(method, controller, &block) + end + else + block.call + end + end + + private + def filter_responds_to_before_and_after? + method.respond_to?(:before) && method.respond_to?(:after) + end + + def around_proc + Proc.new do |controller, action| + method.before(controller) + + if controller.__send__(:performed?) + controller.__send__(:halt_filter_chain, method, :rendered_or_redirected) + else + begin + action.call + ensure + method.after(controller) + end + end + end + end + end + + class BeforeFilter < Filter #:nodoc: + def type + :before + end + + def before? + true + end + + def call(controller, &block) + super + if controller.__send__(:performed?) + controller.__send__(:halt_filter_chain, method, :rendered_or_redirected) + end + end + end + + class AfterFilter < Filter #:nodoc: + def type + :after + end + + def after? + true + end + end + + # Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do + # authentication, caching, or auditing before the intended action is performed. Or to do localization or output + # compression after the action has been performed. Filters have access to the request, response, and all the instance + # variables set by other filters in the chain or by the action (in the case of after filters). + # + # == Filter inheritance + # + # Controller inheritance hierarchies share filters downwards, but subclasses can also add or skip filters without + # affecting the superclass. For example: + # + # class BankController < ActionController::Base + # before_filter :audit + # + # private + # def audit + # # record the action and parameters in an audit log + # end + # end + # + # class VaultController < BankController + # before_filter :verify_credentials + # + # private + # def verify_credentials + # # make sure the user is allowed into the vault + # end + # end + # + # Now any actions performed on the BankController will have the audit method called before. On the VaultController, + # first the audit method is called, then the verify_credentials method. If the audit method renders or redirects, then + # verify_credentials and the intended action are never called. + # + # == Filter types + # + # A filter can take one of three forms: method reference (symbol), external class, or inline method (proc). The first + # is the most common and works by referencing a protected or private method somewhere in the inheritance hierarchy of + # the controller by use of a symbol. In the bank example above, both BankController and VaultController use this form. + # + # Using an external class makes for more easily reused generic filters, such as output compression. External filter classes + # are implemented by having a static +filter+ method on any class and then passing this class to the filter method. Example: + # + # class OutputCompressionFilter + # def self.filter(controller) + # controller.response.body = compress(controller.response.body) + # end + # end + # + # class NewspaperController < ActionController::Base + # after_filter OutputCompressionFilter + # end + # + # The filter method is passed the controller instance and is hence granted access to all aspects of the controller and can + # manipulate them as it sees fit. + # + # The inline method (using a proc) can be used to quickly do something small that doesn't require a lot of explanation. + # Or just as a quick test. It works like this: + # + # class WeblogController < ActionController::Base + # before_filter { |controller| head(400) if controller.params["stop_action"] } + # end + # + # As you can see, the block expects to be passed the controller after it has assigned the request to the internal variables. + # This means that the block has access to both the request and response objects complete with convenience methods for params, + # session, template, and assigns. Note: The inline method doesn't strictly have to be a block; any object that responds to call + # and returns 1 or -1 on arity will do (such as a Proc or an Method object). + # + # Please note that around_filters function a little differently than the normal before and after filters with regard to filter + # types. Please see the section dedicated to around_filters below. + # + # == Filter chain ordering + # + # Using before_filter and after_filter appends the specified filters to the existing chain. That's usually + # just fine, but some times you care more about the order in which the filters are executed. When that's the case, you + # can use prepend_before_filter and prepend_after_filter. Filters added by these methods will be put at the + # beginning of their respective chain and executed before the rest. For example: + # + # class ShoppingController < ActionController::Base + # before_filter :verify_open_shop + # + # class CheckoutController < ShoppingController + # prepend_before_filter :ensure_items_in_cart, :ensure_items_in_stock + # + # The filter chain for the CheckoutController is now :ensure_items_in_cart, :ensure_items_in_stock, + # :verify_open_shop. So if either of the ensure filters renders or redirects, we'll never get around to see if the shop + # is open or not. + # + # You may pass multiple filter arguments of each type as well as a filter block. + # If a block is given, it is treated as the last argument. + # + # == Around filters + # + # Around filters wrap an action, executing code both before and after. + # They may be declared as method references, blocks, or objects responding + # to +filter+ or to both +before+ and +after+. + # + # To use a method as an +around_filter+, pass a symbol naming the Ruby method. + # Yield (or block.call) within the method to run the action. + # + # around_filter :catch_exceptions + # + # private + # def catch_exceptions + # yield + # rescue => exception + # logger.debug "Caught exception! #{exception}" + # raise + # end + # + # To use a block as an +around_filter+, pass a block taking as args both + # the controller and the action block. You can't call yield directly from + # an +around_filter+ block; explicitly call the action block instead: + # + # around_filter do |controller, action| + # logger.debug "before #{controller.action_name}" + # action.call + # logger.debug "after #{controller.action_name}" + # end + # + # To use a filter object with +around_filter+, pass an object responding + # to :filter or both :before and :after. With a + # filter method, yield to the block as above: + # + # around_filter BenchmarkingFilter + # + # class BenchmarkingFilter + # def self.filter(controller, &block) + # Benchmark.measure(&block) + # end + # end + # + # With +before+ and +after+ methods: + # + # around_filter Authorizer.new + # + # class Authorizer + # # This will run before the action. Redirecting aborts the action. + # def before(controller) + # unless user.authorized? + # redirect_to(login_url) + # end + # end + # + # # This will run after the action if and only if before did not render or redirect. + # def after(controller) + # end + # end + # + # If the filter has +before+ and +after+ methods, the +before+ method will be + # called before the action. If +before+ renders or redirects, the filter chain is + # halted and +after+ will not be run. See Filter Chain Halting below for + # an example. + # + # == Filter chain skipping + # + # Declaring a filter on a base class conveniently applies to its subclasses, + # but sometimes a subclass should skip some of its superclass' filters: + # + # class ApplicationController < ActionController::Base + # before_filter :authenticate + # around_filter :catch_exceptions + # end + # + # class WeblogController < ApplicationController + # # Will run the :authenticate and :catch_exceptions filters. + # end + # + # class SignupController < ApplicationController + # # Skip :authenticate, run :catch_exceptions. + # skip_before_filter :authenticate + # end + # + # class ProjectsController < ApplicationController + # # Skip :catch_exceptions, run :authenticate. + # skip_filter :catch_exceptions + # end + # + # class ClientsController < ApplicationController + # # Skip :catch_exceptions and :authenticate unless action is index. + # skip_filter :catch_exceptions, :authenticate, :except => :index + # end + # + # == Filter conditions + # + # Filters may be limited to specific actions by declaring the actions to + # include or exclude. Both options accept single actions + # (:only => :index) or arrays of actions + # (:except => [:foo, :bar]). + # + # class Journal < ActionController::Base + # # Require authentication for edit and delete. + # before_filter :authorize, :only => [:edit, :delete] + # + # # Passing options to a filter with a block. + # around_filter(:except => :index) do |controller, action_block| + # results = Profiler.run(&action_block) + # controller.response.sub! "", "#{results}" + # end + # + # private + # def authorize + # # Redirect to login unless authenticated. + # end + # end + # + # == Filter Chain Halting + # + # before_filter and around_filter may halt the request + # before a controller action is run. This is useful, for example, to deny + # access to unauthenticated users or to redirect from HTTP to HTTPS. + # Simply call render or redirect. After filters will not be executed if the filter + # chain is halted. + # + # Around filters halt the request unless the action block is called. + # Given these filters + # after_filter :after + # around_filter :around + # before_filter :before + # + # The filter chain will look like: + # + # ... + # . \ + # . #around (code before yield) + # . . \ + # . . #before (actual filter code is run) + # . . . \ + # . . . execute controller action + # . . . / + # . . ... + # . . / + # . #around (code after yield) + # . / + # #after (actual filter code is run, unless the around filter does not yield) + # + # If +around+ returns before yielding, +after+ will still not be run. The +before+ + # filter and controller action will not be run. If +before+ renders or redirects, + # the second half of +around+ and will still run but +after+ and the + # action will not. If +around+ fails to yield, +after+ will not be run. + module ClassMethods + # The passed filters will be appended to the filter_chain and + # will execute before the action on this controller is performed. + def append_before_filter(*filters, &block) + filter_chain.append_filter_to_chain(filters, :before, &block) + end + + # The passed filters will be prepended to the filter_chain and + # will execute before the action on this controller is performed. + def prepend_before_filter(*filters, &block) + filter_chain.prepend_filter_to_chain(filters, :before, &block) + end + + # Shorthand for append_before_filter since it's the most common. + alias :before_filter :append_before_filter + + # The passed filters will be appended to the array of filters + # that run _after_ actions on this controller are performed. + def append_after_filter(*filters, &block) + filter_chain.append_filter_to_chain(filters, :after, &block) + end + + # The passed filters will be prepended to the array of filters + # that run _after_ actions on this controller are performed. + def prepend_after_filter(*filters, &block) + filter_chain.prepend_filter_to_chain(filters, :after, &block) + end + + # Shorthand for append_after_filter since it's the most common. + alias :after_filter :append_after_filter + + # If you append_around_filter A.new, B.new, the filter chain looks like + # + # B#before + # A#before + # # run the action + # A#after + # B#after + # + # With around filters which yield to the action block, +before+ and +after+ + # are the code before and after the yield. + def append_around_filter(*filters, &block) + filter_chain.append_filter_to_chain(filters, :around, &block) + end + + # If you prepend_around_filter A.new, B.new, the filter chain looks like: + # + # A#before + # B#before + # # run the action + # B#after + # A#after + # + # With around filters which yield to the action block, +before+ and +after+ + # are the code before and after the yield. + def prepend_around_filter(*filters, &block) + filter_chain.prepend_filter_to_chain(filters, :around, &block) + end + + # Shorthand for +append_around_filter+ since it's the most common. + alias :around_filter :append_around_filter + + # Removes the specified filters from the +before+ filter chain. Note that this only works for skipping method-reference + # filters, not procs. This is especially useful for managing the chain in inheritance hierarchies where only one out + # of many sub-controllers need a different hierarchy. + # + # You can control the actions to skip the filter for with the :only and :except options, + # just like when you apply the filters. + def skip_before_filter(*filters) + filter_chain.skip_filter_in_chain(*filters, &:before?) + end + + # Removes the specified filters from the +after+ filter chain. Note that this only works for skipping method-reference + # filters, not procs. This is especially useful for managing the chain in inheritance hierarchies where only one out + # of many sub-controllers need a different hierarchy. + # + # You can control the actions to skip the filter for with the :only and :except options, + # just like when you apply the filters. + def skip_after_filter(*filters) + filter_chain.skip_filter_in_chain(*filters, &:after?) + end + + # Removes the specified filters from the filter chain. This only works for method reference (symbol) + # filters, not procs. This method is different from skip_after_filter and skip_before_filter in that + # it will match any before, after or yielding around filter. + # + # You can control the actions to skip the filter for with the :only and :except options, + # just like when you apply the filters. + def skip_filter(*filters) + filter_chain.skip_filter_in_chain(*filters) + end + + # Returns an array of Filter objects for this controller. + def filter_chain + if chain = read_inheritable_attribute('filter_chain') + return chain + else + write_inheritable_attribute('filter_chain', FilterChain.new) + return filter_chain + end + end + + # Returns all the before filters for this class and all its ancestors. + # This method returns the actual filter that was assigned in the controller to maintain existing functionality. + def before_filters #:nodoc: + filter_chain.select(&:before?).map(&:method) + end + + # Returns all the after filters for this class and all its ancestors. + # This method returns the actual filter that was assigned in the controller to maintain existing functionality. + def after_filters #:nodoc: + filter_chain.select(&:after?).map(&:method) + end + end + + module InstanceMethods # :nodoc: + def self.included(base) + base.class_eval do + alias_method_chain :perform_action, :filters + alias_method_chain :process, :filters + end + end + + protected + def process_with_filters(request, response, method = :perform_action, *arguments) #:nodoc: + @before_filter_chain_aborted = false + process_without_filters(request, response, method, *arguments) + end + + def perform_action_with_filters + call_filters(self.class.filter_chain, 0, 0) + end + + private + def call_filters(chain, index, nesting) + index = run_before_filters(chain, index, nesting) + aborted = @before_filter_chain_aborted + perform_action_without_filters unless performed? || aborted + return index if nesting != 0 || aborted + run_after_filters(chain, index) + end + + def run_before_filters(chain, index, nesting) + while chain[index] + filter, index = chain[index], index + break unless filter # end of call chain reached + + case filter + when BeforeFilter + filter.call(self) # invoke before filter + index = index.next + break if @before_filter_chain_aborted + when AroundFilter + yielded = false + + filter.call(self) do + yielded = true + # all remaining before and around filters will be run in this call + index = call_filters(chain, index.next, nesting.next) + end + + halt_filter_chain(filter, :did_not_yield) unless yielded + + break + else + break # no before or around filters left + end + end + + index + end + + def run_after_filters(chain, index) + seen_after_filter = false + + while chain[index] + filter, index = chain[index], index + break unless filter # end of call chain reached + + case filter + when AfterFilter + seen_after_filter = true + filter.call(self) # invoke after filter + else + # implementation error or someone has mucked with the filter chain + raise ActionControllerError, "filter #{filter.inspect} was in the wrong place!" if seen_after_filter + end + + index = index.next + end + + index.next + end + + def halt_filter_chain(filter, reason) + @before_filter_chain_aborted = true + logger.info "Filter chain halted as [#{filter.inspect}] #{reason}." if logger + end + end + end +end diff --git a/actionpack/lib/action_controller/base/chained/flash.rb b/actionpack/lib/action_controller/base/chained/flash.rb new file mode 100644 index 0000000000..56ee9c67e2 --- /dev/null +++ b/actionpack/lib/action_controller/base/chained/flash.rb @@ -0,0 +1,163 @@ +module ActionController #:nodoc: + # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed + # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create + # action that sets flash[:notice] = "Successfully created" before redirecting to a display action that can + # then expose the flash to its template. Actually, that exposure is automatically done. Example: + # + # class PostsController < ActionController::Base + # def create + # # save post + # flash[:notice] = "Successfully created post" + # redirect_to posts_path(@post) + # end + # + # def show + # # doesn't need to assign the flash notice to the template, that's done automatically + # end + # end + # + # show.html.erb + # <% if flash[:notice] %> + #
<%= flash[:notice] %>
+ # <% end %> + # + # This example just places a string in the flash, but you can put any object in there. And of course, you can put as + # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed. + # + # See docs on the FlashHash class for more details about the flash. + module Flash + def self.included(base) + base.class_eval do + include InstanceMethods + alias_method_chain :perform_action, :flash + alias_method_chain :reset_session, :flash + end + end + + class FlashNow #:nodoc: + def initialize(flash) + @flash = flash + end + + def []=(k, v) + @flash[k] = v + @flash.discard(k) + v + end + + def [](k) + @flash[k] + end + end + + class FlashHash < Hash + def initialize #:nodoc: + super + @used = {} + end + + def []=(k, v) #:nodoc: + keep(k) + super + end + + def update(h) #:nodoc: + h.keys.each { |k| keep(k) } + super + end + + alias :merge! :update + + def replace(h) #:nodoc: + @used = {} + super + end + + # Sets a flash that will not be available to the next action, only to the current. + # + # flash.now[:message] = "Hello current action" + # + # This method enables you to use the flash as a central messaging system in your app. + # When you need to pass an object to the next action, you use the standard flash assign ([]=). + # When you need to pass an object to the current action, you use now, and your object will + # vanish when the current action is done. + # + # Entries set via now are accessed the same way as standard entries: flash['my-key']. + def now + FlashNow.new(self) + end + + # Keeps either the entire current flash or a specific flash entry available for the next action: + # + # flash.keep # keeps the entire flash + # flash.keep(:notice) # keeps only the "notice" entry, the rest of the flash is discarded + def keep(k = nil) + use(k, false) + end + + # Marks the entire flash or a single flash entry to be discarded by the end of the current action: + # + # flash.discard # discard the entire flash at the end of the current action + # flash.discard(:warning) # discard only the "warning" entry at the end of the current action + def discard(k = nil) + use(k) + end + + # Mark for removal entries that were kept, and delete unkept ones. + # + # This method is called automatically by filters, so you generally don't need to care about it. + def sweep #:nodoc: + keys.each do |k| + unless @used[k] + use(k) + else + delete(k) + @used.delete(k) + end + end + + # clean up after keys that could have been left over by calling reject! or shift on the flash + (@used.keys - keys).each{ |k| @used.delete(k) } + end + + private + # Used internally by the keep and discard methods + # use() # marks the entire flash as used + # use('msg') # marks the "msg" entry as used + # use(nil, false) # marks the entire flash as unused (keeps it around for one more action) + # use('msg', false) # marks the "msg" entry as unused (keeps it around for one more action) + def use(k=nil, v=true) + unless k.nil? + @used[k] = v + else + keys.each{ |key| use(key, v) } + end + end + end + + module InstanceMethods #:nodoc: + protected + def perform_action_with_flash + perform_action_without_flash + remove_instance_variable(:@_flash) if defined? @_flash + end + + def reset_session_with_flash + reset_session_without_flash + remove_instance_variable(:@_flash) if defined? @_flash + end + + # Access the contents of the flash. Use flash["notice"] to + # read a notice you put there or flash["notice"] = "hello" + # to put a new one. + def flash #:doc: + unless defined? @_flash + @_flash = session["flash"] ||= FlashHash.new + @_flash.sweep + end + + @_flash + end + end + end +end diff --git a/actionpack/lib/action_controller/base/cookies.rb b/actionpack/lib/action_controller/base/cookies.rb new file mode 100644 index 0000000000..840ceb5abd --- /dev/null +++ b/actionpack/lib/action_controller/base/cookies.rb @@ -0,0 +1,94 @@ +module ActionController #:nodoc: + # Cookies are read and written through ActionController#cookies. + # + # The cookies being read are the ones received along with the request, the cookies + # being written will be sent out with the response. Reading a cookie does not get + # the cookie object itself back, just the value it holds. + # + # Examples for writing: + # + # # Sets a simple session cookie. + # cookies[:user_name] = "david" + # + # # Sets a cookie that expires in 1 hour. + # cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now } + # + # Examples for reading: + # + # cookies[:user_name] # => "david" + # cookies.size # => 2 + # + # Example for deleting: + # + # cookies.delete :user_name + # + # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie: + # + # cookies[:key] = { + # :value => 'a yummy cookie', + # :expires => 1.year.from_now, + # :domain => 'domain.com' + # } + # + # cookies.delete(:key, :domain => 'domain.com') + # + # The option symbols for setting cookies are: + # + # * :value - The cookie's value or list of values (as an array). + # * :path - The path for which this cookie applies. Defaults to the root + # of the application. + # * :domain - The domain for which this cookie applies. + # * :expires - The time at which this cookie expires, as a Time object. + # * :secure - Whether this cookie is a only transmitted to HTTPS servers. + # Default is +false+. + # * :http_only - Whether this cookie is accessible via scripting or + # only HTTP. Defaults to +false+. + module Cookies + def self.included(base) + base.helper_method :cookies + end + + protected + # Returns the cookie container, which operates as described above. + def cookies + CookieJar.new(self) + end + end + + class CookieJar < Hash #:nodoc: + def initialize(controller) + @controller, @cookies = controller, controller.request.cookies + super() + update(@cookies) + end + + # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. + def [](name) + super(name.to_s) + end + + # Sets the cookie named +name+. The second argument may be the very cookie + # value, or a hash of options as documented above. + def []=(key, options) + if options.is_a?(Hash) + options.symbolize_keys! + else + options = { :value => options } + end + + options[:path] = "/" unless options.has_key?(:path) + super(key.to_s, options[:value]) + @controller.response.set_cookie(key, options) + end + + # Removes the cookie on the client machine by setting the value to an empty string + # and setting its expiration date into the past. Like []=, you can pass in + # an options hash to delete cookies with extra data such as a :path. + def delete(key, options = {}) + options.symbolize_keys! + options[:path] = "/" unless options.has_key?(:path) + super(key.to_s) + @controller.response.delete_cookie(key, options) + end + end +end diff --git a/actionpack/lib/action_controller/base/headers.rb b/actionpack/lib/action_controller/base/headers.rb new file mode 100644 index 0000000000..139669c66f --- /dev/null +++ b/actionpack/lib/action_controller/base/headers.rb @@ -0,0 +1,33 @@ +require 'active_support/memoizable' + +module ActionController + module Http + class Headers < ::Hash + extend ActiveSupport::Memoizable + + def initialize(*args) + if args.size == 1 && args[0].is_a?(Hash) + super() + update(args[0]) + else + super + end + end + + def [](header_name) + if include?(header_name) + super + else + super(env_name(header_name)) + end + end + + private + # Converts a HTTP header name to an environment variable name. + def env_name(header_name) + "HTTP_#{header_name.upcase.gsub(/-/, '_')}" + end + memoize :env_name + end + end +end diff --git a/actionpack/lib/action_controller/base/helpers.rb b/actionpack/lib/action_controller/base/helpers.rb new file mode 100644 index 0000000000..ba65032f6a --- /dev/null +++ b/actionpack/lib/action_controller/base/helpers.rb @@ -0,0 +1,225 @@ +require 'active_support/dependencies' + +# FIXME: helper { ... } is broken on Ruby 1.9 +module ActionController #:nodoc: + module Helpers #:nodoc: + def self.included(base) + # Initialize the base module to aggregate its helpers. + base.class_inheritable_accessor :master_helper_module + base.master_helper_module = Module.new + + # Set the default directory for helpers + base.class_inheritable_accessor :helpers_dir + base.helpers_dir = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") + + # Extend base with class methods to declare helpers. + base.extend(ClassMethods) + + base.class_eval do + # Wrap inherited to create a new master helper module for subclasses. + class << self + alias_method_chain :inherited, :helper + end + end + end + + # The Rails framework provides a large number of helpers for working with +assets+, +dates+, +forms+, + # +numbers+ and Active Record objects, to name a few. These helpers are available to all templates + # by default. + # + # In addition to using the standard template helpers provided in the Rails framework, creating custom helpers to + # extract complicated logic or reusable functionality is strongly encouraged. By default, the controller will + # include a helper whose name matches that of the controller, e.g., MyController will automatically + # include MyHelper. + # + # Additional helpers can be specified using the +helper+ class method in ActionController::Base or any + # controller which inherits from it. + # + # ==== Examples + # The +to_s+ method from the Time class can be wrapped in a helper method to display a custom message if + # the Time object is blank: + # + # module FormattedTimeHelper + # def format_time(time, format=:long, blank_message=" ") + # time.blank? ? blank_message : time.to_s(format) + # end + # end + # + # FormattedTimeHelper can now be included in a controller, using the +helper+ class method: + # + # class EventsController < ActionController::Base + # helper FormattedTimeHelper + # def index + # @events = Event.find(:all) + # end + # end + # + # Then, in any view rendered by EventController, the format_time method can be called: + # + # <% @events.each do |event| -%> + #

+ # <% format_time(event.time, :short, "N/A") %> | <%= event.name %> + #

+ # <% end -%> + # + # Finally, assuming we have two event instances, one which has a time and one which does not, + # the output might look like this: + # + # 23 Aug 11:30 | Carolina Railhawks Soccer Match + # N/A | Carolina Railhaws Training Workshop + # + module ClassMethods + # Makes all the (instance) methods in the helper module available to templates rendered through this controller. + # See ActionView::Helpers (link:classes/ActionView/Helpers.html) for more about making your own helper modules + # available to the templates. + def add_template_helper(helper_module) #:nodoc: + master_helper_module.module_eval { include helper_module } + end + + # The +helper+ class method can take a series of helper module names, a block, or both. + # + # * *args: One or more modules, strings or symbols, or the special symbol :all. + # * &block: A block defining helper methods. + # + # ==== Examples + # When the argument is a string or symbol, the method will provide the "_helper" suffix, require the file + # and include the module in the template class. The second form illustrates how to include custom helpers + # when working with namespaced controllers, or other cases where the file containing the helper definition is not + # in one of Rails' standard load paths: + # helper :foo # => requires 'foo_helper' and includes FooHelper + # helper 'resources/foo' # => requires 'resources/foo_helper' and includes Resources::FooHelper + # + # When the argument is a module it will be included directly in the template class. + # helper FooHelper # => includes FooHelper + # + # When the argument is the symbol :all, the controller will include all helpers beneath + # ActionController::Base.helpers_dir (defaults to app/helpers/**/*.rb under RAILS_ROOT). + # helper :all + # + # Additionally, the +helper+ class method can receive and evaluate a block, making the methods defined available + # to the template. + # # One line + # helper { def hello() "Hello, world!" end } + # # Multi-line + # helper do + # def foo(bar) + # "#{bar} is the very best" + # end + # end + # + # Finally, all the above styles can be mixed together, and the +helper+ method can be invoked with a mix of + # +symbols+, +strings+, +modules+ and blocks. + # helper(:three, BlindHelper) { def mice() 'mice' end } + # + def helper(*args, &block) + args.flatten.each do |arg| + case arg + when Module + add_template_helper(arg) + when :all + helper(all_application_helpers) + when String, Symbol + file_name = arg.to_s.underscore + '_helper' + class_name = file_name.camelize + + begin + require_dependency(file_name) + rescue LoadError => load_error + requiree = / -- (.*?)(\.rb)?$/.match(load_error.message).to_a[1] + if requiree == file_name + msg = "Missing helper file helpers/#{file_name}.rb" + raise LoadError.new(msg).copy_blame!(load_error) + else + raise + end + end + + add_template_helper(class_name.constantize) + else + raise ArgumentError, "helper expects String, Symbol, or Module argument (was: #{args.inspect})" + end + end + + # Evaluate block in template class if given. + master_helper_module.module_eval(&block) if block_given? + end + + # Declare a controller method as a helper. For example, the following + # makes the +current_user+ controller method available to the view: + # class ApplicationController < ActionController::Base + # helper_method :current_user, :logged_in? + # + # def current_user + # @current_user ||= User.find_by_id(session[:user]) + # end + # + # def logged_in? + # current_user != nil + # end + # end + # + # In a view: + # <% if logged_in? -%>Welcome, <%= current_user.name %><% end -%> + def helper_method(*methods) + methods.flatten.each do |method| + master_helper_module.module_eval <<-end_eval + def #{method}(*args, &block) # def current_user(*args, &block) + controller.send(%(#{method}), *args, &block) # controller.send(%(current_user), *args, &block) + end # end + end_eval + end + end + + # Declares helper accessors for controller attributes. For example, the + # following adds new +name+ and name= instance methods to a + # controller and makes them available to the view: + # helper_attr :name + # attr_accessor :name + def helper_attr(*attrs) + attrs.flatten.each { |attr| helper_method(attr, "#{attr}=") } + end + + # Provides a proxy to access helpers methods from outside the view. + def helpers + unless @helper_proxy + @helper_proxy = ActionView::Base.new + @helper_proxy.extend master_helper_module + else + @helper_proxy + end + end + + private + def default_helper_module! + unless name.blank? + module_name = name.sub(/Controller$|$/, 'Helper') + module_path = module_name.split('::').map { |m| m.underscore }.join('/') + require_dependency module_path + helper module_name.constantize + end + rescue MissingSourceFile => e + raise unless e.is_missing? module_path + rescue NameError => e + raise unless e.missing_name? module_name + end + + def inherited_with_helper(child) + inherited_without_helper(child) + + begin + child.master_helper_module = Module.new + child.master_helper_module.__send__ :include, master_helper_module + child.__send__ :default_helper_module! + rescue MissingSourceFile => e + raise unless e.is_missing?("helpers/#{child.controller_path}_helper") + end + end + + # Extract helper names from files in app/helpers/**/*.rb + def all_application_helpers + extract = /^#{Regexp.quote(helpers_dir)}\/?(.*)_helper.rb$/ + Dir["#{helpers_dir}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } + end + end + end +end diff --git a/actionpack/lib/action_controller/base/http_authentication.rb b/actionpack/lib/action_controller/base/http_authentication.rb new file mode 100644 index 0000000000..2ed810db7d --- /dev/null +++ b/actionpack/lib/action_controller/base/http_authentication.rb @@ -0,0 +1,124 @@ +module ActionController + module HttpAuthentication + # Makes it dead easy to do HTTP Basic authentication. + # + # Simple Basic example: + # + # class PostsController < ApplicationController + # USER_NAME, PASSWORD = "dhh", "secret" + # + # before_filter :authenticate, :except => [ :index ] + # + # def index + # render :text => "Everyone can see me!" + # end + # + # def edit + # render :text => "I'm only accessible if you know the password" + # end + # + # private + # def authenticate + # authenticate_or_request_with_http_basic do |user_name, password| + # user_name == USER_NAME && password == PASSWORD + # end + # end + # end + # + # + # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, + # the regular HTML interface is protected by a session approach: + # + # class ApplicationController < ActionController::Base + # before_filter :set_account, :authenticate + # + # protected + # def set_account + # @account = Account.find_by_url_name(request.subdomains.first) + # end + # + # def authenticate + # case request.format + # when Mime::XML, Mime::ATOM + # if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) } + # @current_user = user + # else + # request_http_basic_authentication + # end + # else + # if session_authenticated? + # @current_user = @account.users.find(session[:authenticated][:user_id]) + # else + # redirect_to(login_url) and return false + # end + # end + # end + # end + # + # + # In your integration tests, you can do something like this: + # + # def test_access_granted_from_xml + # get( + # "/notes/1.xml", nil, + # :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) + # ) + # + # assert_equal 200, status + # end + # + # + # On shared hosts, Apache sometimes doesn't pass authentication headers to + # FCGI instances. If your environment matches this description and you cannot + # authenticate, try this rule in your Apache setup: + # + # RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L] + module Basic + extend self + + module ControllerMethods + def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure) + authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm) + end + + def authenticate_with_http_basic(&login_procedure) + HttpAuthentication::Basic.authenticate(self, &login_procedure) + end + + def request_http_basic_authentication(realm = "Application") + HttpAuthentication::Basic.authentication_request(self, realm) + end + end + + def authenticate(controller, &login_procedure) + unless authorization(controller.request).blank? + login_procedure.call(*user_name_and_password(controller.request)) + end + end + + def user_name_and_password(request) + decode_credentials(request).split(/:/, 2) + end + + def authorization(request) + request.env['HTTP_AUTHORIZATION'] || + request.env['X-HTTP_AUTHORIZATION'] || + request.env['X_HTTP_AUTHORIZATION'] || + request.env['REDIRECT_X_HTTP_AUTHORIZATION'] + end + + def decode_credentials(request) + ActiveSupport::Base64.decode64(authorization(request).split.last || '') + end + + def encode_credentials(user_name, password) + "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}" + end + + def authentication_request(controller, realm) + controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}") + controller.__send__ :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized + end + end + end +end diff --git a/actionpack/lib/action_controller/base/layout.rb b/actionpack/lib/action_controller/base/layout.rb new file mode 100644 index 0000000000..926ae26f92 --- /dev/null +++ b/actionpack/lib/action_controller/base/layout.rb @@ -0,0 +1,244 @@ +module ActionController #:nodoc: + module Layout #:nodoc: + def self.included(base) + base.extend(ClassMethods) + base.class_inheritable_accessor :layout_name, :layout_conditions + end + + # Layouts reverse the common pattern of including shared headers and footers in many templates to isolate changes in + # repeated setups. The inclusion pattern has pages that look like this: + # + # <%= render "shared/header" %> + # Hello World + # <%= render "shared/footer" %> + # + # This approach is a decent way of keeping common structures isolated from the changing content, but it's verbose + # and if you ever want to change the structure of these two includes, you'll have to change all the templates. + # + # With layouts, you can flip it around and have the common structure know where to insert changing content. This means + # that the header and footer are only mentioned in one place, like this: + # + # // The header part of this layout + # <%= yield %> + # // The footer part of this layout + # + # And then you have content pages that look like this: + # + # hello world + # + # At rendering time, the content page is computed and then inserted in the layout, like this: + # + # // The header part of this layout + # hello world + # // The footer part of this layout + # + # NOTE: The old notation for rendering the view from a layout was to expose the magic @content_for_layout instance + # variable. The preferred notation now is to use yield, as documented above. + # + # == Accessing shared variables + # + # Layouts have access to variables specified in the content pages and vice versa. This allows you to have layouts with + # references that won't materialize before rendering time: + # + #

<%= @page_title %>

+ # <%= yield %> + # + # ...and content pages that fulfill these references _at_ rendering time: + # + # <% @page_title = "Welcome" %> + # Off-world colonies offers you a chance to start a new life + # + # The result after rendering is: + # + #

Welcome

+ # Off-world colonies offers you a chance to start a new life + # + # == Automatic layout assignment + # + # If there is a template in app/views/layouts/ with the same name as the current controller then it will be automatically + # set as that controller's layout unless explicitly told otherwise. Say you have a WeblogController, for example. If a template named + # app/views/layouts/weblog.erb or app/views/layouts/weblog.builder exists then it will be automatically set as + # the layout for your WeblogController. You can create a layout with the name application.erb or application.builder + # and this will be set as the default controller if there is no layout with the same name as the current controller and there is + # no layout explicitly assigned with the +layout+ method. Nested controllers use the same folder structure for automatic layout. + # assignment. So an Admin::WeblogController will look for a template named app/views/layouts/admin/weblog.erb. + # Setting a layout explicitly will always override the automatic behaviour for the controller where the layout is set. + # Explicitly setting the layout in a parent class, though, will not override the child class's layout assignment if the child + # class has a layout with the same name. + # + # == Inheritance for layouts + # + # Layouts are shared downwards in the inheritance hierarchy, but not upwards. Examples: + # + # class BankController < ActionController::Base + # layout "bank_standard" + # + # class InformationController < BankController + # + # class VaultController < BankController + # layout :access_level_layout + # + # class EmployeeController < BankController + # layout nil + # + # The InformationController uses "bank_standard" inherited from the BankController, the VaultController overwrites + # and picks the layout dynamically, and the EmployeeController doesn't want to use a layout at all. + # + # == Types of layouts + # + # Layouts are basically just regular templates, but the name of this template needs not be specified statically. Sometimes + # you want to alternate layouts depending on runtime information, such as whether someone is logged in or not. This can + # be done either by specifying a method reference as a symbol or using an inline method (as a proc). + # + # The method reference is the preferred approach to variable layouts and is used like this: + # + # class WeblogController < ActionController::Base + # layout :writers_and_readers + # + # def index + # # fetching posts + # end + # + # private + # def writers_and_readers + # logged_in? ? "writer_layout" : "reader_layout" + # end + # + # Now when a new request for the index action is processed, the layout will vary depending on whether the person accessing + # is logged in or not. + # + # If you want to use an inline method, such as a proc, do something like this: + # + # class WeblogController < ActionController::Base + # layout proc{ |controller| controller.logged_in? ? "writer_layout" : "reader_layout" } + # + # Of course, the most common way of specifying a layout is still just as a plain template name: + # + # class WeblogController < ActionController::Base + # layout "weblog_standard" + # + # If no directory is specified for the template name, the template will by default be looked for in app/views/layouts/. + # Otherwise, it will be looked up relative to the template root. + # + # == Conditional layouts + # + # If you have a layout that by default is applied to all the actions of a controller, you still have the option of rendering + # a given action or set of actions without a layout, or restricting a layout to only a single action or a set of actions. The + # :only and :except options can be passed to the layout call. For example: + # + # class WeblogController < ActionController::Base + # layout "weblog_standard", :except => :rss + # + # # ... + # + # end + # + # This will assign "weblog_standard" as the WeblogController's layout except for the +rss+ action, which will not wrap a layout + # around the rendered view. + # + # Both the :only and :except condition can accept an arbitrary number of method references, so + # #:except => [ :rss, :text_only ] is valid, as is :except => :rss. + # + # == Using a different layout in the action render call + # + # If most of your actions use the same layout, it makes perfect sense to define a controller-wide layout as described above. + # Sometimes you'll have exceptions where one action wants to use a different layout than the rest of the controller. + # You can do this by passing a :layout option to the render call. For example: + # + # class WeblogController < ActionController::Base + # layout "weblog_standard" + # + # def help + # render :action => "help", :layout => "help" + # end + # end + # + # This will render the help action with the "help" layout instead of the controller-wide "weblog_standard" layout. + module ClassMethods + extend ActiveSupport::Memoizable + + # If a layout is specified, all rendered actions will have their result rendered + # when the layout yields. This layout can itself depend on instance variables assigned during action + # performance and have access to them as any normal template would. + def layout(template_name, conditions = {}, auto = false) + add_layout_conditions(conditions) + self.layout_name = template_name + end + + def memoized_default_layout(formats) #:nodoc: + self.layout_name || begin + layout = default_layout_name + layout.is_a?(String) ? find_layout(layout, formats) : layout + rescue ActionView::MissingTemplate + end + end + + def default_layout(*args) + (@_memoized_default_layout ||= ::ActiveSupport::ConcurrentHash.new)[args] ||= memoized_default_layout(*args) + end + + def memoized_find_layout(layout, formats) #:nodoc: + return layout if layout.nil? || layout.respond_to?(:render) + prefix = layout.to_s =~ /layouts\// ? nil : "layouts" + view_paths.find_by_parts(layout.to_s, formats, prefix) + end + + def find_layout(*args) + (@_memoized_find_layout ||= ::ActiveSupport::ConcurrentHash.new)[args] ||= memoized_find_layout(*args) + end + + def layout_list #:nodoc: + Array(view_paths).sum([]) { |path| Dir["#{path}/layouts/**/*"] } + end + memoize :layout_list + + def default_layout_name + layout_match = name.underscore.sub(/_controller$/, '') + if layout_list.grep(%r{layouts/#{layout_match}(\.[a-z][0-9a-z]*)+$}).empty? + superclass.default_layout_name if superclass.respond_to?(:default_layout_name) + else + layout_match + end + end + memoize :default_layout_name + + private + def add_layout_conditions(conditions) + # :except => :foo == :except => [:foo] == :except => "foo" == :except => ["foo"] + conditions.each {|k, v| conditions[k] = Array(v).map {|a| a.to_s} } + write_inheritable_hash(:layout_conditions, conditions) + end + end + + def active_layout(name) + name = self.class.default_layout(formats) if name == true + + layout_name = case name + when Symbol then __send__(name) + when Proc then name.call(self) + else name + end + + self.class.find_layout(layout_name, formats) + end + + def _pick_layout(layout_name, implicit = false) + return unless layout_name || implicit + layout_name = true if layout_name.nil? + active_layout(layout_name) if action_has_layout? && layout_name + end + + private + def action_has_layout? + if conditions = self.class.layout_conditions + if only = conditions[:only] + return only.include?(action_name) + elsif except = conditions[:except] + return !except.include?(action_name) + end + end + true + end + + end +end diff --git a/actionpack/lib/action_controller/base/redirect.rb b/actionpack/lib/action_controller/base/redirect.rb new file mode 100644 index 0000000000..83af793978 --- /dev/null +++ b/actionpack/lib/action_controller/base/redirect.rb @@ -0,0 +1,91 @@ +module ActionController + class RedirectBackError < ActionControllerError #:nodoc: + DEFAULT_MESSAGE = 'No HTTP_REFERER was set in the request to this action, so redirect_to :back could not be called successfully. If this is a test, make sure to specify request.env["HTTP_REFERER"].' + + def initialize(message = nil) + super(message || DEFAULT_MESSAGE) + end + end + + module Redirector + + # Redirects the browser to the target specified in +options+. This parameter can take one of three forms: + # + # * Hash - The URL will be generated by calling url_for with the +options+. + # * Record - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record. + # * String starting with protocol:// (like http://) - Is passed straight through as the target for redirection. + # * String not containing a protocol - The current protocol and host is prepended to the string. + # * :back - Back to the page that issued the request. Useful for forms that are triggered from multiple places. + # Short-hand for redirect_to(request.env["HTTP_REFERER"]) + # + # Examples: + # redirect_to :action => "show", :id => 5 + # redirect_to post + # redirect_to "http://www.rubyonrails.org" + # redirect_to "/images/screenshot.jpg" + # redirect_to articles_url + # redirect_to :back + # + # The redirection happens as a "302 Moved" header unless otherwise specified. + # + # Examples: + # redirect_to post_url(@post), :status=>:found + # redirect_to :action=>'atom', :status=>:moved_permanently + # redirect_to post_url(@post), :status=>301 + # redirect_to :action=>'atom', :status=>302 + # + # When using redirect_to :back, if there is no referrer, + # RedirectBackError will be raised. You may specify some fallback + # behavior for this case by rescuing RedirectBackError. + def redirect_to(options = {}, response_status = {}) #:doc: + raise ActionControllerError.new("Cannot redirect to nil!") if options.nil? + + if options.is_a?(Hash) && options[:status] + status = options.delete(:status) + elsif response_status[:status] + status = response_status[:status] + else + status = 302 + end + + response.redirected_to = options + logger.info("Redirected to #{options}") if logger && logger.info? + + case options + # The scheme name consist of a letter followed by any combination of + # letters, digits, and the plus ("+"), period ("."), or hyphen ("-") + # characters; and is terminated by a colon (":"). + when %r{^\w[\w\d+.-]*:.*} + redirect_to_full_url(options, status) + when String + redirect_to_full_url(request.protocol + request.host_with_port + options, status) + when :back + if referer = request.headers["Referer"] + redirect_to(referer, :status=>status) + else + raise RedirectBackError + end + else + redirect_to_full_url(url_for(options), status) + end + end + + def redirect_to_full_url(url, status) + raise DoubleRenderError if performed? + response.redirect(url, interpret_status(status)) + @performed_redirect = true + end + + # Clears the redirected results from the headers, resets the status to 200 and returns + # the URL that was used to redirect or nil if there was no redirected URL + # Note that +redirect_to+ will change the body of the response to indicate a redirection. + # The response body is not reset here, see +erase_render_results+ + def erase_redirect_results #:nodoc: + @performed_redirect = false + response.redirected_to = nil + response.redirected_to_method_params = nil + response.status = DEFAULT_RENDER_STATUS_CODE + response.headers.delete('Location') + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_controller/base/render.rb b/actionpack/lib/action_controller/base/render.rb new file mode 100644 index 0000000000..abba059969 --- /dev/null +++ b/actionpack/lib/action_controller/base/render.rb @@ -0,0 +1,378 @@ +module ActionController + DEFAULT_RENDER_STATUS_CODE = "200 OK" + + class DoubleRenderError < ActionControllerError #:nodoc: + DEFAULT_MESSAGE = "Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like \"redirect_to(...) and return\"." + + def initialize(message = nil) + super(message || DEFAULT_MESSAGE) + end + end + + module Renderer + + protected + # Renders the content that will be returned to the browser as the response body. + # + # === Rendering an action + # + # Action rendering is the most common form and the type used automatically by Action Controller when nothing else is + # specified. By default, actions are rendered within the current layout (if one exists). + # + # # Renders the template for the action "goal" within the current controller + # render :action => "goal" + # + # # Renders the template for the action "short_goal" within the current controller, + # # but without the current active layout + # render :action => "short_goal", :layout => false + # + # # Renders the template for the action "long_goal" within the current controller, + # # but with a custom layout + # render :action => "long_goal", :layout => "spectacular" + # + # === Rendering partials + # + # Partial rendering in a controller is most commonly used together with Ajax calls that only update one or a few elements on a page + # without reloading. Rendering of partials from the controller makes it possible to use the same partial template in + # both the full-page rendering (by calling it from within the template) and when sub-page updates happen (from the + # controller action responding to Ajax calls). By default, the current layout is not used. + # + # # Renders the same partial with a local variable. + # render :partial => "person", :locals => { :name => "david" } + # + # # Renders the partial, making @new_person available through + # # the local variable 'person' + # render :partial => "person", :object => @new_person + # + # # Renders a collection of the same partial by making each element + # # of @winners available through the local variable "person" as it + # # builds the complete response. + # render :partial => "person", :collection => @winners + # + # # Renders a collection of partials but with a custom local variable name + # render :partial => "admin_person", :collection => @winners, :as => :person + # + # # Renders the same collection of partials, but also renders the + # # person_divider partial between each person partial. + # render :partial => "person", :collection => @winners, :spacer_template => "person_divider" + # + # # Renders a collection of partials located in a view subfolder + # # outside of our current controller. In this example we will be + # # rendering app/views/shared/_note.r(html|xml) Inside the partial + # # each element of @new_notes is available as the local var "note". + # render :partial => "shared/note", :collection => @new_notes + # + # # Renders the partial with a status code of 500 (internal error). + # render :partial => "broken", :status => 500 + # + # Note that the partial filename must also be a valid Ruby variable name, + # so e.g. 2005 and register-user are invalid. + # + # + # == Automatic etagging + # + # Rendering will automatically insert the etag header on 200 OK responses. The etag is calculated using MD5 of the + # response body. If a request comes in that has a matching etag, the response will be changed to a 304 Not Modified + # and the response body will be set to an empty string. No etag header will be inserted if it's already set. + # + # === Rendering a template + # + # Template rendering works just like action rendering except that it takes a path relative to the template root. + # The current layout is automatically applied. + # + # # Renders the template located in [TEMPLATE_ROOT]/weblog/show.r(html|xml) (in Rails, app/views/weblog/show.erb) + # render :template => "weblog/show" + # + # # Renders the template with a local variable + # render :template => "weblog/show", :locals => {:customer => Customer.new} + # + # === Rendering a file + # + # File rendering works just like action rendering except that it takes a filesystem path. By default, the path + # is assumed to be absolute, and the current layout is not applied. + # + # # Renders the template located at the absolute filesystem path + # render :file => "/path/to/some/template.erb" + # render :file => "c:/path/to/some/template.erb" + # + # # Renders a template within the current layout, and with a 404 status code + # render :file => "/path/to/some/template.erb", :layout => true, :status => 404 + # render :file => "c:/path/to/some/template.erb", :layout => true, :status => 404 + # + # === Rendering text + # + # Rendering of text is usually used for tests or for rendering prepared content, such as a cache. By default, text + # rendering is not done within the active layout. + # + # # Renders the clear text "hello world" with status code 200 + # render :text => "hello world!" + # + # # Renders the clear text "Explosion!" with status code 500 + # render :text => "Explosion!", :status => 500 + # + # # Renders the clear text "Hi there!" within the current active layout (if one exists) + # render :text => "Hi there!", :layout => true + # + # # Renders the clear text "Hi there!" within the layout + # # placed in "app/views/layouts/special.r(html|xml)" + # render :text => "Hi there!", :layout => "special" + # + # The :text option can also accept a Proc object, which can be used to manually control the page generation. This should + # generally be avoided, as it violates the separation between code and content, and because almost everything that can be + # done with this method can also be done more cleanly using one of the other rendering methods, most notably templates. + # + # # Renders "Hello from code!" + # render :text => proc { |response, output| output.write("Hello from code!") } + # + # === Rendering XML + # + # Rendering XML sets the content type to application/xml. + # + # # Renders 'David' + # render :xml => {:name => "David"}.to_xml + # + # It's not necessary to call to_xml on the object you want to render, since render will + # automatically do that for you: + # + # # Also renders 'David' + # render :xml => {:name => "David"} + # + # === Rendering JSON + # + # Rendering JSON sets the content type to application/json and optionally wraps the JSON in a callback. It is expected + # that the response will be parsed (or eval'd) for use as a data structure. + # + # # Renders '{"name": "David"}' + # render :json => {:name => "David"}.to_json + # + # It's not necessary to call to_json on the object you want to render, since render will + # automatically do that for you: + # + # # Also renders '{"name": "David"}' + # render :json => {:name => "David"} + # + # Sometimes the result isn't handled directly by a script (such as when the request comes from a SCRIPT tag), + # so the :callback option is provided for these cases. + # + # # Renders 'show({"name": "David"})' + # render :json => {:name => "David"}.to_json, :callback => 'show' + # + # === Rendering an inline template + # + # Rendering of an inline template works as a cross between text and action rendering where the source for the template + # is supplied inline, like text, but its interpreted with ERb or Builder, like action. By default, ERb is used for rendering + # and the current layout is not used. + # + # # Renders "hello, hello, hello, again" + # render :inline => "<%= 'hello, ' * 3 + 'again' %>" + # + # # Renders "

Good seeing you!

" using Builder + # render :inline => "xml.p { 'Good seeing you!' }", :type => :builder + # + # # Renders "hello david" + # render :inline => "<%= 'hello ' + name %>", :locals => { :name => "david" } + # + # === Rendering inline JavaScriptGenerator page updates + # + # In addition to rendering JavaScriptGenerator page updates with Ajax in RJS templates (see ActionView::Base for details), + # you can also pass the :update parameter to +render+, along with a block, to render page updates inline. + # + # render :update do |page| + # page.replace_html 'user_list', :partial => 'user', :collection => @users + # page.visual_effect :highlight, 'user_list' + # end + # + # === Rendering vanilla JavaScript + # + # In addition to using RJS with render :update, you can also just render vanilla JavaScript with :js. + # + # # Renders "alert('hello')" and sets the mime type to text/javascript + # render :js => "alert('hello')" + # + # === Rendering with status and location headers + # All renders take the :status and :location options and turn them into headers. They can even be used together: + # + # render :xml => post.to_xml, :status => :created, :location => post_url(post) + def render(options = nil, extra_options = {}, &block) #:doc: + raise DoubleRenderError, "Can only render or redirect once per action" if performed? + + options = { :layout => true } if options.nil? + original, options = options, extra_options unless options.is_a?(Hash) + + layout_name = options.delete(:layout) + + _process_options(options) + + if block_given? + @template.send(:_evaluate_assigns_and_ivars) + + generator = ActionView::Helpers::PrototypeHelper::JavaScriptGenerator.new(@template, &block) + response.content_type = Mime::JS + return render_for_text(generator.to_s) + end + + if original + return render_for_name(original, layout_name, options) unless block_given? + end + + if options.key?(:text) + return render_for_text(@template._render_text(options[:text], + _pick_layout(layout_name), options)) + end + + file, template = options.values_at(:file, :template) + if file || template + file = template.sub(/^\//, '') if template + return render_for_file(file, [layout_name, !!template], options) + end + + if action_option = options[:action] + return render_for_action(action_option, [layout_name, true], options) + end + + if inline = options[:inline] + render_for_text(@template._render_inline(inline, _pick_layout(layout_name), options)) + + elsif xml = options[:xml] + response.content_type ||= Mime::XML + render_for_text(xml.respond_to?(:to_xml) ? xml.to_xml : xml) + + elsif js = options[:js] + response.content_type ||= Mime::JS + render_for_text(js) + + elsif json = options[:json] + json = json.to_json unless json.is_a?(String) + json = "#{options[:callback]}(#{json})" unless options[:callback].blank? + response.content_type ||= Mime::JSON + render_for_text(json) + + elsif partial = options[:partial] + if partial == true + parts = [action_name_base, formats, controller_name, true] + elsif partial.is_a?(String) + parts = partial_parts(partial, options) + else + return render_for_text(@template._render_partial(options)) + end + + render_for_parts(parts, layout_name, options) + + elsif options[:nothing] + render_for_text(nil) + + else + render_for_parts([action_name, formats, controller_path], layout_name, options) + end + end + + def partial_parts(name, options) + segments = name.split("/") + parts = segments.pop.split(".") + + case parts.size + when 1 + parts + when 2, 3 + extension = parts.delete_at(1).to_sym + if formats.include?(extension) + self.formats.replace [extension] + end + parts.pop if parts.size == 2 + end + + path = parts.join(".") + prefix = segments[0..-1].join("/") + prefix = prefix.blank? ? controller_path : prefix + parts = [path, formats, prefix] + parts.push options[:object] || true + end + + def formats + @_request.formats.map {|f| f.symbol }.compact + end + + def action_name_base(name = action_name) + (name.is_a?(String) ? name.sub(/^#{controller_path}\//, '') : name).to_s + end + + # Renders according to the same rules as render, but returns the result in a string instead + # of sending it as the response body to the browser. + def render_to_string(options = nil, &block) #:doc: + render(options, &block) + ensure + response.content_type = nil + erase_render_results + reset_variables_added_to_assigns + end + + # Clears the rendered results, allowing for another render to be performed. + def erase_render_results #:nodoc: + response.body = nil + @performed_render = false + end + + # Erase both render and redirect results + def erase_results #:nodoc: + erase_render_results + erase_redirect_results + end + + # Return a response that has no content (merely headers). The options + # argument is interpreted to be a hash of header names and values. + # This allows you to easily return a response that consists only of + # significant headers: + # + # head :created, :location => person_path(@person) + # + # It can also be used to return exceptional conditions: + # + # return head(:method_not_allowed) unless request.post? + # return head(:bad_request) unless valid_request? + # render + def head(*args) + if args.length > 2 + raise ArgumentError, "too many arguments to head" + elsif args.empty? + raise ArgumentError, "too few arguments to head" + end + options = args.extract_options! + status = interpret_status(args.shift || options.delete(:status) || :ok) + + options.each do |key, value| + headers[key.to_s.dasherize.split(/-/).map { |v| v.capitalize }.join("-")] = value.to_s + end + + render :nothing => true, :status => status + end + + private + def render_for_name(name, layout, options) + case name.to_s.index('/') + when 0 + render_for_file(name, layout, options) + when nil + render_for_action(name, layout, options) + else + render_for_file(name.sub(/^\//, ''), [layout, true], options) + end + end + + def render_for_parts(parts, layout, options = {}) + tmp = view_paths.find_by_parts(*parts) + layout = _pick_layout(*layout) unless tmp.exempt_from_layout? + + render_for_text( + @template._render_template_with_layout(tmp, layout, options, parts[3])) + end + + def render_for_file(file, layout, options) + render_for_parts([file, [request.format.to_sym]], layout, options) + end + + def render_for_action(name, layout, options) + parts = [action_name_base(name), formats, controller_name] + render_for_parts(parts, layout, options) + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_controller/base/request_forgery_protection.rb b/actionpack/lib/action_controller/base/request_forgery_protection.rb new file mode 100644 index 0000000000..f3e6288c26 --- /dev/null +++ b/actionpack/lib/action_controller/base/request_forgery_protection.rb @@ -0,0 +1,108 @@ +module ActionController #:nodoc: + class InvalidAuthenticityToken < ActionControllerError #:nodoc: + end + + module RequestForgeryProtection + def self.included(base) + base.class_eval do + helper_method :form_authenticity_token + helper_method :protect_against_forgery? + end + base.extend(ClassMethods) + end + + # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a + # forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn't know) in all + # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller. Only + # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication + # scheme there anyway). Also, GET requests are not protected as these should be idempotent anyway. + # + # This is turned on with the protect_from_forgery method, which will check the token and raise an + # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the error message in + # production by editing public/422.html. A call to this method in ApplicationController is generated by default in post-Rails 2.0 + # applications. + # + # The token parameter is named authenticity_token by default. If you are generating an HTML form manually (without the + # use of Rails' form_for, form_tag or other helpers), you have to include a hidden field named like that and + # set its value to what is returned by form_authenticity_token. Same applies to manually constructed Ajax requests. To + # make the token available through a global variable to scripts on a certain page, you could add something like this to a view: + # + # <%= javascript_tag "window._token = '#{form_authenticity_token}'" %> + # + # Request forgery protection is disabled by default in test environment. If you are upgrading from Rails 1.x, add this to + # config/environments/test.rb: + # + # # Disable request forgery protection in test environment + # config.action_controller.allow_forgery_protection = false + # + # == Learn more about CSRF (Cross-Site Request Forgery) attacks + # + # Here are some resources: + # * http://isc.sans.org/diary.html?storyid=1750 + # * http://en.wikipedia.org/wiki/Cross-site_request_forgery + # + # Keep in mind, this is NOT a silver-bullet, plug 'n' play, warm security blanket for your rails application. + # There are a few guidelines you should follow: + # + # * Keep your GET requests safe and idempotent. More reading material: + # * http://www.xml.com/pub/a/2002/04/24/deviant.html + # * http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 + # * Make sure the session cookies that Rails creates are non-persistent. Check in Firefox and look for "Expires: at end of session" + # + module ClassMethods + # Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked. + # + # Example: + # + # class FooController < ApplicationController + # protect_from_forgery :except => :index + # + # # you can disable csrf protection on controller-by-controller basis: + # skip_before_filter :verify_authenticity_token + # end + # + # Valid Options: + # + # * :only/:except - Passed to the before_filter call. Set which actions are verified. + def protect_from_forgery(options = {}) + self.request_forgery_protection_token ||= :authenticity_token + before_filter :verify_authenticity_token, :only => options.delete(:only), :except => options.delete(:except) + if options[:secret] || options[:digest] + ActiveSupport::Deprecation.warn("protect_from_forgery only takes :only and :except options now. :digest and :secret have no effect", caller) + end + end + end + + protected + # The actual before_filter that is used. Modify this to change how you handle unverified requests. + def verify_authenticity_token + verified_request? || raise(ActionController::InvalidAuthenticityToken) + end + + # Returns true or false if a request is verified. Checks: + # + # * is the format restricted? By default, only HTML and AJAX requests are checked. + # * is it a GET request? Gets should be safe and idempotent + # * Does the form_authenticity_token match the given token value from the params? + def verified_request? + !protect_against_forgery? || + request.method == :get || + !verifiable_request_format? || + form_authenticity_token == params[request_forgery_protection_token] + end + + def verifiable_request_format? + !request.content_type.nil? && request.content_type.verify_request? + end + + # Sets the token value for the current session. Pass a :secret option + # in +protect_from_forgery+ to add a custom salt to the hash. + def form_authenticity_token + session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) + end + + def protect_against_forgery? + allow_forgery_protection && request_forgery_protection_token + end + end +end diff --git a/actionpack/lib/action_controller/base/responder.rb b/actionpack/lib/action_controller/base/responder.rb new file mode 100644 index 0000000000..f83abb5a4b --- /dev/null +++ b/actionpack/lib/action_controller/base/responder.rb @@ -0,0 +1,41 @@ +module ActionController + module Responder + def self.included(klass) + klass.extend ClassMethods + end + + private + def render_for_text(text = nil, append_response = false) #:nodoc: + @performed_render = true + + if append_response + response.body ||= '' + response.body << text.to_s + else + response.body = case text + when Proc then text + when nil then " " # Safari doesn't pass the headers of the return if the response is zero length + else text.to_s + end + end + end + + def action_methods + self.class.action_methods + end + + module ClassMethods + def action_methods + @action_methods ||= + # All public instance methods of this class, including ancestors + public_instance_methods(true).map { |m| m.to_s }.to_set - + # Except for public instance methods of Base and its ancestors + Base.public_instance_methods(true).map { |m| m.to_s } + + # Be sure to include shadowed public instance methods of this class + public_instance_methods(false).map { |m| m.to_s } - + # And always exclude explicitly hidden actions + hidden_actions + end + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_controller/base/streaming.rb b/actionpack/lib/action_controller/base/streaming.rb new file mode 100644 index 0000000000..e1786913a7 --- /dev/null +++ b/actionpack/lib/action_controller/base/streaming.rb @@ -0,0 +1,171 @@ +module ActionController #:nodoc: + # Methods for sending files and streams to the browser instead of rendering. + module Streaming + DEFAULT_SEND_FILE_OPTIONS = { + :type => 'application/octet-stream'.freeze, + :disposition => 'attachment'.freeze, + :stream => true, + :buffer_size => 4096, + :x_sendfile => false + }.freeze + + X_SENDFILE_HEADER = 'X-Sendfile'.freeze + + protected + # Sends the file, by default streaming it 4096 bytes at a time. This way the + # whole file doesn't need to be read into memory at once. This makes it + # feasible to send even large files. You can optionally turn off streaming + # and send the whole file at once. + # + # Be careful to sanitize the path parameter if it is coming from a web + # page. send_file(params[:path]) allows a malicious user to + # download any file on your server. + # + # Options: + # * :filename - suggests a filename for the browser to use. + # Defaults to File.basename(path). + # * :type - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify + # either a string or a symbol for a registered type register with Mime::Type.register, for example :json + # * :length - used to manually override the length (in bytes) of the content that + # is going to be sent to the client. Defaults to File.size(path). + # * :disposition - specifies whether the file will be shown inline or downloaded. + # Valid values are 'inline' and 'attachment' (default). + # * :stream - whether to send the file to the user agent as it is read (+true+) + # or to read the entire file before sending (+false+). Defaults to +true+. + # * :buffer_size - specifies size (in bytes) of the buffer used to stream the file. + # Defaults to 4096. + # * :status - specifies the status code to send with the response. Defaults to '200 OK'. + # * :url_based_filename - set to +true+ if you want the browser guess the filename from + # the URL, which is necessary for i18n filenames on certain browsers + # (setting :filename overrides this option). + # * :x_sendfile - uses X-Sendfile to send the file when set to +true+. This is currently + # only available with Lighttpd/Apache2 and specific modules installed and activated. Since this + # uses the web server to send the file, this may lower memory consumption on your server and + # it will not block your application for further requests. + # See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile and + # http://tn123.ath.cx/mod_xsendfile/ for details. Defaults to +false+. + # + # The default Content-Type and Content-Disposition headers are + # set to download arbitrary binary files in as many browsers as + # possible. IE versions 4, 5, 5.5, and 6 are all known to have + # a variety of quirks (especially when downloading over SSL). + # + # Simple download: + # + # send_file '/path/to.zip' + # + # Show a JPEG in the browser: + # + # send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline' + # + # Show a 404 page in the browser: + # + # send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404 + # + # Read about the other Content-* HTTP headers if you'd like to + # provide the user with more information (such as Content-Description) in + # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11. + # + # Also be aware that the document may be cached by proxies and browsers. + # The Pragma and Cache-Control headers declare how the file may be cached + # by intermediaries. They default to require clients to validate with + # the server before releasing cached responses. See + # http://www.mnot.net/cache_docs/ for an overview of web caching and + # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 + # for the Cache-Control header spec. + def send_file(path, options = {}) #:doc: + raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path) + + options[:length] ||= File.size(path) + options[:filename] ||= File.basename(path) unless options[:url_based_filename] + send_file_headers! options + + @performed_render = false + + if options[:x_sendfile] + logger.info "Sending #{X_SENDFILE_HEADER} header #{path}" if logger + head options[:status], X_SENDFILE_HEADER => path + else + if options[:stream] + render :status => options[:status], :text => Proc.new { |response, output| + logger.info "Streaming file #{path}" unless logger.nil? + len = options[:buffer_size] || 4096 + File.open(path, 'rb') do |file| + while buf = file.read(len) + output.write(buf) + end + end + } + else + logger.info "Sending file #{path}" unless logger.nil? + File.open(path, 'rb') { |file| render :status => options[:status], :text => file.read } + end + end + end + + # Send binary data to the user as a file download. May set content type, apparent file name, + # and specify whether to show data inline or download as an attachment. + # + # Options: + # * :filename - suggests a filename for the browser to use. + # * :type - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify + # either a string or a symbol for a registered type register with Mime::Type.register, for example :json + # * :disposition - specifies whether the file will be shown inline or downloaded. + # Valid values are 'inline' and 'attachment' (default). + # * :status - specifies the status code to send with the response. Defaults to '200 OK'. + # + # Generic data download: + # + # send_data buffer + # + # Download a dynamically-generated tarball: + # + # send_data generate_tgz('dir'), :filename => 'dir.tgz' + # + # Display an image Active Record in the browser: + # + # send_data image.data, :type => image.content_type, :disposition => 'inline' + # + # See +send_file+ for more information on HTTP Content-* headers and caching. + def send_data(data, options = {}) #:doc: + logger.info "Sending data #{options[:filename]}" if logger + send_file_headers! options.merge(:length => data.size) + @performed_render = false + render :status => options[:status], :text => data + end + + private + def send_file_headers!(options) + options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options)) + [:length, :type, :disposition].each do |arg| + raise ArgumentError, ":#{arg} option required" if options[arg].nil? + end + + disposition = options[:disposition].dup || 'attachment' + + disposition <<= %(; filename="#{options[:filename]}") if options[:filename] + + content_type = options[:type] + if content_type.is_a?(Symbol) + raise ArgumentError, "Unknown MIME type #{options[:type]}" unless Mime::EXTENSION_LOOKUP.has_key?(content_type.to_s) + content_type = Mime::Type.lookup_by_extension(content_type.to_s) + end + content_type = content_type.to_s.strip # fixes a problem with extra '\r' with some browsers + + headers.update( + 'Content-Length' => options[:length], + 'Content-Type' => content_type, + 'Content-Disposition' => disposition, + 'Content-Transfer-Encoding' => 'binary' + ) + + # Fix a problem with IE 6.0 on opening downloaded files: + # If Cache-Control: no-cache is set (which Rails does by default), + # IE removes the file it just downloaded from its cache immediately + # after it displays the "open/save" dialog, which means that if you + # hit "open" the file isn't there anymore when the application that + # is called for handling the download is run, so let's workaround that + headers['Cache-Control'] = 'private' if headers['Cache-Control'] == 'no-cache' + end + end +end diff --git a/actionpack/lib/action_controller/base/verification.rb b/actionpack/lib/action_controller/base/verification.rb new file mode 100644 index 0000000000..7bf09ba6ea --- /dev/null +++ b/actionpack/lib/action_controller/base/verification.rb @@ -0,0 +1,130 @@ +module ActionController #:nodoc: + module Verification #:nodoc: + def self.included(base) #:nodoc: + base.extend(ClassMethods) + end + + # This module provides a class-level method for specifying that certain + # actions are guarded against being called without certain prerequisites + # being met. This is essentially a special kind of before_filter. + # + # An action may be guarded against being invoked without certain request + # parameters being set, or without certain session values existing. + # + # When a verification is violated, values may be inserted into the flash, and + # a specified redirection is triggered. If no specific action is configured, + # verification failures will by default result in a 400 Bad Request response. + # + # Usage: + # + # class GlobalController < ActionController::Base + # # Prevent the #update_settings action from being invoked unless + # # the 'admin_privileges' request parameter exists. The + # # settings action will be redirected to in current controller + # # if verification fails. + # verify :params => "admin_privileges", :only => :update_post, + # :redirect_to => { :action => "settings" } + # + # # Disallow a post from being updated if there was no information + # # submitted with the post, and if there is no active post in the + # # session, and if there is no "note" key in the flash. The route + # # named category_url will be redirected to if verification fails. + # + # verify :params => "post", :session => "post", "flash" => "note", + # :only => :update_post, + # :add_flash => { "alert" => "Failed to create your message" }, + # :redirect_to => :category_url + # + # Note that these prerequisites are not business rules. They do not examine + # the content of the session or the parameters. That level of validation should + # be encapsulated by your domain model or helper methods in the controller. + module ClassMethods + # Verify the given actions so that if certain prerequisites are not met, + # the user is redirected to a different action. The +options+ parameter + # is a hash consisting of the following key/value pairs: + # + # :params:: + # a single key or an array of keys that must be in the params + # hash in order for the action(s) to be safely called. + # :session:: + # a single key or an array of keys that must be in the session + # in order for the action(s) to be safely called. + # :flash:: + # a single key or an array of keys that must be in the flash in order + # for the action(s) to be safely called. + # :method:: + # a single key or an array of keys--any one of which must match the + # current request method in order for the action(s) to be safely called. + # (The key should be a symbol: :get or :post, for + # example.) + # :xhr:: + # true/false option to ensure that the request is coming from an Ajax + # call or not. + # :add_flash:: + # a hash of name/value pairs that should be merged into the session's + # flash if the prerequisites cannot be satisfied. + # :add_headers:: + # a hash of name/value pairs that should be merged into the response's + # headers hash if the prerequisites cannot be satisfied. + # :redirect_to:: + # the redirection parameters to be used when redirecting if the + # prerequisites cannot be satisfied. You can redirect either to named + # route or to the action in some controller. + # :render:: + # the render parameters to be used when the prerequisites cannot be satisfied. + # :only:: + # only apply this verification to the actions specified in the associated + # array (may also be a single value). + # :except:: + # do not apply this verification to the actions specified in the associated + # array (may also be a single value). + def verify(options={}) + before_filter :only => options[:only], :except => options[:except] do |c| + c.__send__ :verify_action, options + end + end + end + + private + + def verify_action(options) #:nodoc: + if prereqs_invalid?(options) + flash.update(options[:add_flash]) if options[:add_flash] + response.headers.update(options[:add_headers]) if options[:add_headers] + apply_remaining_actions(options) unless performed? + end + end + + def prereqs_invalid?(options) # :nodoc: + verify_presence_of_keys_in_hash_flash_or_params(options) || + verify_method(options) || + verify_request_xhr_status(options) + end + + def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc: + [*options[:params] ].find { |v| params[v].nil? } || + [*options[:session]].find { |v| session[v].nil? } || + [*options[:flash] ].find { |v| flash[v].nil? } + end + + def verify_method(options) # :nodoc: + [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method] + end + + def verify_request_xhr_status(options) # :nodoc: + request.xhr? != options[:xhr] unless options[:xhr].nil? + end + + def apply_redirect_to(redirect_to_option) # :nodoc: + (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option + end + + def apply_remaining_actions(options) # :nodoc: + case + when options[:render] ; render(options[:render]) + when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to])) + else head(:bad_request) + end + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_controller/benchmarking.rb b/actionpack/lib/action_controller/benchmarking.rb deleted file mode 100644 index 47377e5fa9..0000000000 --- a/actionpack/lib/action_controller/benchmarking.rb +++ /dev/null @@ -1,107 +0,0 @@ -require 'benchmark' - -module ActionController #:nodoc: - # The benchmarking module times the performance of actions and reports to the logger. If the Active Record - # package has been included, a separate timing section for database calls will be added as well. - module Benchmarking #:nodoc: - def self.included(base) - base.extend(ClassMethods) - - base.class_eval do - alias_method_chain :perform_action, :benchmark - alias_method_chain :render, :benchmark - end - end - - module ClassMethods - # Log and benchmark the workings of a single block and silence whatever logging that may have happened inside it - # (unless use_silence is set to false). - # - # The benchmark is only recorded if the current level of the logger matches the log_level, which makes it - # easy to include benchmarking statements in production software that will remain inexpensive because the benchmark - # will only be conducted if the log level is low enough. - def benchmark(title, log_level = Logger::DEBUG, use_silence = true) - if logger && logger.level == log_level - result = nil - ms = Benchmark.ms { result = use_silence ? silence { yield } : yield } - logger.add(log_level, "#{title} (#{('%.1f' % ms)}ms)") - result - else - yield - end - end - - # Silences the logger for the duration of the block. - def silence - old_logger_level, logger.level = logger.level, Logger::ERROR if logger - yield - ensure - logger.level = old_logger_level if logger - end - end - - protected - def render_with_benchmark(options = nil, extra_options = {}, &block) - if logger - if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? - db_runtime = ActiveRecord::Base.connection.reset_runtime - end - - render_output = nil - @view_runtime = Benchmark.ms { render_output = render_without_benchmark(options, extra_options, &block) } - - if Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? - @db_rt_before_render = db_runtime - @db_rt_after_render = ActiveRecord::Base.connection.reset_runtime - @view_runtime -= @db_rt_after_render - end - - render_output - else - render_without_benchmark(options, extra_options, &block) - end - end - - private - def perform_action_with_benchmark - if logger - ms = [Benchmark.ms { perform_action_without_benchmark }, 0.01].max - logging_view = defined?(@view_runtime) - logging_active_record = Object.const_defined?("ActiveRecord") && ActiveRecord::Base.connected? - - log_message = 'Completed in %.0fms' % ms - - if logging_view || logging_active_record - log_message << " (" - log_message << view_runtime if logging_view - - if logging_active_record - log_message << ", " if logging_view - log_message << active_record_runtime + ")" - else - ")" - end - end - - log_message << " | #{response.status}" - log_message << " [#{complete_request_uri rescue "unknown"}]" - - logger.info(log_message) - response.headers["X-Runtime"] = "%.0f" % ms - else - perform_action_without_benchmark - end - end - - def view_runtime - "View: %.0f" % @view_runtime - end - - def active_record_runtime - db_runtime = ActiveRecord::Base.connection.reset_runtime - db_runtime += @db_rt_before_render if @db_rt_before_render - db_runtime += @db_rt_after_render if @db_rt_after_render - "DB: %.0f" % db_runtime - end - end -end diff --git a/actionpack/lib/action_controller/cgi/ext.rb b/actionpack/lib/action_controller/cgi/ext.rb new file mode 100644 index 0000000000..558748f4bd --- /dev/null +++ b/actionpack/lib/action_controller/cgi/ext.rb @@ -0,0 +1,15 @@ +require 'action_controller/cgi/ext/stdinput' +require 'action_controller/cgi/ext/query_extension' +require 'action_controller/cgi/ext/cookie' + +class CGI #:nodoc: + include ActionController::CgiExt::Stdinput + + class << self + alias :escapeHTML_fail_on_nil :escapeHTML + + def escapeHTML(string) + escapeHTML_fail_on_nil(string) unless string.nil? + end + end +end diff --git a/actionpack/lib/action_controller/cgi/ext/cookie.rb b/actionpack/lib/action_controller/cgi/ext/cookie.rb new file mode 100644 index 0000000000..9cd19bb12d --- /dev/null +++ b/actionpack/lib/action_controller/cgi/ext/cookie.rb @@ -0,0 +1,112 @@ +require 'delegate' + +CGI.module_eval { remove_const "Cookie" } + +# TODO: document how this differs from stdlib CGI::Cookie +class CGI #:nodoc: + class Cookie < DelegateClass(Array) + attr_accessor :name, :value, :path, :domain, :expires + attr_reader :secure, :http_only + + # Creates a new CGI::Cookie object. + # + # The contents of the cookie can be specified as a +name+ and one + # or more +value+ arguments. Alternatively, the contents can + # be specified as a single hash argument. The possible keywords of + # this hash are as follows: + # + # * :name - The name of the cookie. Required. + # * :value - The cookie's value or list of values. + # * :path - The path for which this cookie applies. Defaults to the + # base directory of the CGI script. + # * :domain - The domain for which this cookie applies. + # * :expires - The time at which this cookie expires, as a Time object. + # * :secure - Whether this cookie is a secure cookie or not (defaults to + # +false+). Secure cookies are only transmitted to HTTPS servers. + # * :http_only - Whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP. + # More details in http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx. Defaults to +false+. + # + # These keywords correspond to attributes of the cookie object. + def initialize(name = '', *value) + if name.kind_of?(String) + @name = name + @value = Array(value) + @domain = nil + @expires = nil + @secure = false + @http_only = false + @path = nil + else + @name = name['name'] + @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?) + @domain = name['domain'] + @expires = name['expires'] + @secure = name['secure'] || false + @http_only = name['http_only'] || false + @path = name['path'] + end + + raise ArgumentError, "`name' required" unless @name + + # simple support for IE + unless @path + %r|^(.*/)|.match(ENV['SCRIPT_NAME']) + @path = ($1 or '') + end + + super(@value) + end + + # Sets whether the Cookie is a secure cookie or not. + def secure=(val) + @secure = val == true + end + + # Sets whether the Cookie is an HTTP only cookie or not. + def http_only=(val) + @http_only = val == true + end + + # Converts the Cookie to its string representation. + def to_s + buf = '' + buf << @name << '=' + buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&")) + buf << '; domain=' << @domain if @domain + buf << '; path=' << @path if @path + buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires + buf << '; secure' if @secure + buf << '; HttpOnly' if @http_only + buf + end + + # FIXME: work around broken 1.8.7 DelegateClass#respond_to? + def respond_to?(method, include_private = false) + return true if super(method) + return __getobj__.respond_to?(method, include_private) + end + + # Parses a raw cookie string into a hash of cookie-name => cookie-object + # pairs. + # + # cookies = CGI::Cookie::parse("raw_cookie_string") + # # => { "name1" => cookie1, "name2" => cookie2, ... } + # + def self.parse(raw_cookie) + cookies = Hash.new([]) + + if raw_cookie + raw_cookie.split(/;\s?/).each do |pairs| + name, value = pairs.split('=',2) + next unless name and value + name = CGI::unescape(name) + unless cookies.has_key?(name) + cookies[name] = new(name, CGI::unescape(value)) + end + end + end + + cookies + end + end # class Cookie +end diff --git a/actionpack/lib/action_controller/cgi/ext/query_extension.rb b/actionpack/lib/action_controller/cgi/ext/query_extension.rb new file mode 100644 index 0000000000..9620fd2873 --- /dev/null +++ b/actionpack/lib/action_controller/cgi/ext/query_extension.rb @@ -0,0 +1,22 @@ +require 'cgi' + +class CGI #:nodoc: + module QueryExtension + # Remove the old initialize_query method before redefining it. + remove_method :initialize_query + + # Neuter CGI parameter parsing. + def initialize_query + # Fix some strange request environments. + env_table['REQUEST_METHOD'] ||= 'GET' + + # POST assumes missing Content-Type is application/x-www-form-urlencoded. + if env_table['CONTENT_TYPE'].blank? && env_table['REQUEST_METHOD'] == 'POST' + env_table['CONTENT_TYPE'] = 'application/x-www-form-urlencoded' + end + + @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) + @params = {} + end + end +end diff --git a/actionpack/lib/action_controller/cgi/ext/stdinput.rb b/actionpack/lib/action_controller/cgi/ext/stdinput.rb new file mode 100644 index 0000000000..5e9b6784af --- /dev/null +++ b/actionpack/lib/action_controller/cgi/ext/stdinput.rb @@ -0,0 +1,24 @@ +require 'cgi' + +module ActionController + module CgiExt + # Publicize the CGI's internal input stream so we can lazy-read + # request.body. Make it writable so we don't have to play $stdin games. + module Stdinput + def self.included(base) + base.class_eval do + remove_method :stdinput + attr_accessor :stdinput + end + + base.alias_method_chain :initialize, :stdinput + end + + def initialize_with_stdinput(type = nil, stdinput = $stdin) + @stdinput = stdinput + @stdinput.set_encoding(Encoding::BINARY) if @stdinput.respond_to?(:set_encoding) + initialize_without_stdinput(type || 'query') + end + end + end +end diff --git a/actionpack/lib/action_controller/cgi/process.rb b/actionpack/lib/action_controller/cgi/process.rb new file mode 100644 index 0000000000..ffcad5666a --- /dev/null +++ b/actionpack/lib/action_controller/cgi/process.rb @@ -0,0 +1,70 @@ +module ActionController #:nodoc: + class CGIHandler + module ProperStream + def each + while line = gets + yield line + end + end + + def read(*args) + if args.empty? + super || "" + else + super + end + end + end + + def self.dispatch_cgi(app, cgi, out = $stdout) + env = cgi.__send__(:env_table) + env.delete "HTTP_CONTENT_LENGTH" + + cgi.stdinput.extend ProperStream + + env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/" + + env.update({ + "rack.version" => [0,1], + "rack.input" => cgi.stdinput, + "rack.errors" => $stderr, + "rack.multithread" => false, + "rack.multiprocess" => true, + "rack.run_once" => false, + "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http" + }) + + env["QUERY_STRING"] ||= "" + env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"] + env["REQUEST_PATH"] ||= "/" + env.delete "PATH_INFO" if env["PATH_INFO"] == "" + + status, headers, body = app.call(env) + begin + out.binmode if out.respond_to?(:binmode) + out.sync = false if out.respond_to?(:sync=) + + headers['Status'] = status.to_s + out.write(cgi.header(headers)) + + body.each { |part| + out.write part + out.flush if out.respond_to?(:flush) + } + ensure + body.close if body.respond_to?(:close) + end + end + end + + class CgiRequest #:nodoc: + DEFAULT_SESSION_OPTIONS = { + :database_manager => nil, + :prefix => "ruby_sess.", + :session_path => "/", + :session_key => "_session_id", + :cookie_only => true, + :session_http_only => true + } + end +end diff --git a/actionpack/lib/action_controller/cgi_ext.rb b/actionpack/lib/action_controller/cgi_ext.rb deleted file mode 100644 index 406b6f06d6..0000000000 --- a/actionpack/lib/action_controller/cgi_ext.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'action_controller/cgi_ext/stdinput' -require 'action_controller/cgi_ext/query_extension' -require 'action_controller/cgi_ext/cookie' - -class CGI #:nodoc: - include ActionController::CgiExt::Stdinput - - class << self - alias :escapeHTML_fail_on_nil :escapeHTML - - def escapeHTML(string) - escapeHTML_fail_on_nil(string) unless string.nil? - end - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/cookie.rb b/actionpack/lib/action_controller/cgi_ext/cookie.rb deleted file mode 100644 index 9cd19bb12d..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/cookie.rb +++ /dev/null @@ -1,112 +0,0 @@ -require 'delegate' - -CGI.module_eval { remove_const "Cookie" } - -# TODO: document how this differs from stdlib CGI::Cookie -class CGI #:nodoc: - class Cookie < DelegateClass(Array) - attr_accessor :name, :value, :path, :domain, :expires - attr_reader :secure, :http_only - - # Creates a new CGI::Cookie object. - # - # The contents of the cookie can be specified as a +name+ and one - # or more +value+ arguments. Alternatively, the contents can - # be specified as a single hash argument. The possible keywords of - # this hash are as follows: - # - # * :name - The name of the cookie. Required. - # * :value - The cookie's value or list of values. - # * :path - The path for which this cookie applies. Defaults to the - # base directory of the CGI script. - # * :domain - The domain for which this cookie applies. - # * :expires - The time at which this cookie expires, as a Time object. - # * :secure - Whether this cookie is a secure cookie or not (defaults to - # +false+). Secure cookies are only transmitted to HTTPS servers. - # * :http_only - Whether this cookie can be accessed by client side scripts (e.g. document.cookie) or only over HTTP. - # More details in http://msdn2.microsoft.com/en-us/library/system.web.httpcookie.httponly.aspx. Defaults to +false+. - # - # These keywords correspond to attributes of the cookie object. - def initialize(name = '', *value) - if name.kind_of?(String) - @name = name - @value = Array(value) - @domain = nil - @expires = nil - @secure = false - @http_only = false - @path = nil - else - @name = name['name'] - @value = (name['value'].kind_of?(String) ? [name['value']] : Array(name['value'])).delete_if(&:blank?) - @domain = name['domain'] - @expires = name['expires'] - @secure = name['secure'] || false - @http_only = name['http_only'] || false - @path = name['path'] - end - - raise ArgumentError, "`name' required" unless @name - - # simple support for IE - unless @path - %r|^(.*/)|.match(ENV['SCRIPT_NAME']) - @path = ($1 or '') - end - - super(@value) - end - - # Sets whether the Cookie is a secure cookie or not. - def secure=(val) - @secure = val == true - end - - # Sets whether the Cookie is an HTTP only cookie or not. - def http_only=(val) - @http_only = val == true - end - - # Converts the Cookie to its string representation. - def to_s - buf = '' - buf << @name << '=' - buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&")) - buf << '; domain=' << @domain if @domain - buf << '; path=' << @path if @path - buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires - buf << '; secure' if @secure - buf << '; HttpOnly' if @http_only - buf - end - - # FIXME: work around broken 1.8.7 DelegateClass#respond_to? - def respond_to?(method, include_private = false) - return true if super(method) - return __getobj__.respond_to?(method, include_private) - end - - # Parses a raw cookie string into a hash of cookie-name => cookie-object - # pairs. - # - # cookies = CGI::Cookie::parse("raw_cookie_string") - # # => { "name1" => cookie1, "name2" => cookie2, ... } - # - def self.parse(raw_cookie) - cookies = Hash.new([]) - - if raw_cookie - raw_cookie.split(/;\s?/).each do |pairs| - name, value = pairs.split('=',2) - next unless name and value - name = CGI::unescape(name) - unless cookies.has_key?(name) - cookies[name] = new(name, CGI::unescape(value)) - end - end - end - - cookies - end - end # class Cookie -end diff --git a/actionpack/lib/action_controller/cgi_ext/query_extension.rb b/actionpack/lib/action_controller/cgi_ext/query_extension.rb deleted file mode 100644 index 9620fd2873..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/query_extension.rb +++ /dev/null @@ -1,22 +0,0 @@ -require 'cgi' - -class CGI #:nodoc: - module QueryExtension - # Remove the old initialize_query method before redefining it. - remove_method :initialize_query - - # Neuter CGI parameter parsing. - def initialize_query - # Fix some strange request environments. - env_table['REQUEST_METHOD'] ||= 'GET' - - # POST assumes missing Content-Type is application/x-www-form-urlencoded. - if env_table['CONTENT_TYPE'].blank? && env_table['REQUEST_METHOD'] == 'POST' - env_table['CONTENT_TYPE'] = 'application/x-www-form-urlencoded' - end - - @cookies = CGI::Cookie::parse(env_table['HTTP_COOKIE'] || env_table['COOKIE']) - @params = {} - end - end -end diff --git a/actionpack/lib/action_controller/cgi_ext/stdinput.rb b/actionpack/lib/action_controller/cgi_ext/stdinput.rb deleted file mode 100644 index 5e9b6784af..0000000000 --- a/actionpack/lib/action_controller/cgi_ext/stdinput.rb +++ /dev/null @@ -1,24 +0,0 @@ -require 'cgi' - -module ActionController - module CgiExt - # Publicize the CGI's internal input stream so we can lazy-read - # request.body. Make it writable so we don't have to play $stdin games. - module Stdinput - def self.included(base) - base.class_eval do - remove_method :stdinput - attr_accessor :stdinput - end - - base.alias_method_chain :initialize, :stdinput - end - - def initialize_with_stdinput(type = nil, stdinput = $stdin) - @stdinput = stdinput - @stdinput.set_encoding(Encoding::BINARY) if @stdinput.respond_to?(:set_encoding) - initialize_without_stdinput(type || 'query') - end - end - end -end diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb deleted file mode 100644 index 7e5e95e135..0000000000 --- a/actionpack/lib/action_controller/cgi_process.rb +++ /dev/null @@ -1,72 +0,0 @@ -require 'action_controller/cgi_ext' - -module ActionController #:nodoc: - class CGIHandler - module ProperStream - def each - while line = gets - yield line - end - end - - def read(*args) - if args.empty? - super || "" - else - super - end - end - end - - def self.dispatch_cgi(app, cgi, out = $stdout) - env = cgi.__send__(:env_table) - env.delete "HTTP_CONTENT_LENGTH" - - cgi.stdinput.extend ProperStream - - env["SCRIPT_NAME"] = "" if env["SCRIPT_NAME"] == "/" - - env.update({ - "rack.version" => [0,1], - "rack.input" => cgi.stdinput, - "rack.errors" => $stderr, - "rack.multithread" => false, - "rack.multiprocess" => true, - "rack.run_once" => false, - "rack.url_scheme" => ["yes", "on", "1"].include?(env["HTTPS"]) ? "https" : "http" - }) - - env["QUERY_STRING"] ||= "" - env["HTTP_VERSION"] ||= env["SERVER_PROTOCOL"] - env["REQUEST_PATH"] ||= "/" - env.delete "PATH_INFO" if env["PATH_INFO"] == "" - - status, headers, body = app.call(env) - begin - out.binmode if out.respond_to?(:binmode) - out.sync = false if out.respond_to?(:sync=) - - headers['Status'] = status.to_s - out.write(cgi.header(headers)) - - body.each { |part| - out.write part - out.flush if out.respond_to?(:flush) - } - ensure - body.close if body.respond_to?(:close) - end - end - end - - class CgiRequest #:nodoc: - DEFAULT_SESSION_OPTIONS = { - :database_manager => nil, - :prefix => "ruby_sess.", - :session_path => "/", - :session_key => "_session_id", - :cookie_only => true, - :session_http_only => true - } - end -end diff --git a/actionpack/lib/action_controller/cookies.rb b/actionpack/lib/action_controller/cookies.rb deleted file mode 100644 index 840ceb5abd..0000000000 --- a/actionpack/lib/action_controller/cookies.rb +++ /dev/null @@ -1,94 +0,0 @@ -module ActionController #:nodoc: - # Cookies are read and written through ActionController#cookies. - # - # The cookies being read are the ones received along with the request, the cookies - # being written will be sent out with the response. Reading a cookie does not get - # the cookie object itself back, just the value it holds. - # - # Examples for writing: - # - # # Sets a simple session cookie. - # cookies[:user_name] = "david" - # - # # Sets a cookie that expires in 1 hour. - # cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now } - # - # Examples for reading: - # - # cookies[:user_name] # => "david" - # cookies.size # => 2 - # - # Example for deleting: - # - # cookies.delete :user_name - # - # Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie: - # - # cookies[:key] = { - # :value => 'a yummy cookie', - # :expires => 1.year.from_now, - # :domain => 'domain.com' - # } - # - # cookies.delete(:key, :domain => 'domain.com') - # - # The option symbols for setting cookies are: - # - # * :value - The cookie's value or list of values (as an array). - # * :path - The path for which this cookie applies. Defaults to the root - # of the application. - # * :domain - The domain for which this cookie applies. - # * :expires - The time at which this cookie expires, as a Time object. - # * :secure - Whether this cookie is a only transmitted to HTTPS servers. - # Default is +false+. - # * :http_only - Whether this cookie is accessible via scripting or - # only HTTP. Defaults to +false+. - module Cookies - def self.included(base) - base.helper_method :cookies - end - - protected - # Returns the cookie container, which operates as described above. - def cookies - CookieJar.new(self) - end - end - - class CookieJar < Hash #:nodoc: - def initialize(controller) - @controller, @cookies = controller, controller.request.cookies - super() - update(@cookies) - end - - # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. - def [](name) - super(name.to_s) - end - - # Sets the cookie named +name+. The second argument may be the very cookie - # value, or a hash of options as documented above. - def []=(key, options) - if options.is_a?(Hash) - options.symbolize_keys! - else - options = { :value => options } - end - - options[:path] = "/" unless options.has_key?(:path) - super(key.to_s, options[:value]) - @controller.response.set_cookie(key, options) - end - - # Removes the cookie on the client machine by setting the value to an empty string - # and setting its expiration date into the past. Like []=, you can pass in - # an options hash to delete cookies with extra data such as a :path. - def delete(key, options = {}) - options.symbolize_keys! - options[:path] = "/" unless options.has_key?(:path) - super(key.to_s) - @controller.response.delete_cookie(key, options) - end - end -end diff --git a/actionpack/lib/action_controller/dispatch/dispatcher.rb b/actionpack/lib/action_controller/dispatch/dispatcher.rb new file mode 100644 index 0000000000..714e270781 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/dispatcher.rb @@ -0,0 +1,116 @@ +module ActionController + # Dispatches requests to the appropriate controller and takes care of + # reloading the app after each request when Dependencies.load? is true. + class Dispatcher + class << self + def define_dispatcher_callbacks(cache_classes) + unless cache_classes + # Development mode callbacks + before_dispatch :reload_application + after_dispatch :cleanup_application + + ActionView::Helpers::AssetTagHelper.cache_asset_timestamps = false + end + + if defined?(ActiveRecord) + after_dispatch :checkin_connections + to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers } + end + + after_dispatch :flush_logger if Base.logger && Base.logger.respond_to?(:flush) + + to_prepare do + I18n.reload! + end + end + + # DEPRECATE: Remove CGI support + def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout) + new(output).dispatch_cgi(cgi, session_options) + end + + # Add a preparation callback. Preparation callbacks are run before every + # request in development mode, and before the first request in production + # mode. + # + # An optional identifier may be supplied for the callback. If provided, + # to_prepare may be called again with the same identifier to replace the + # existing callback. Passing an identifier is a suggested practice if the + # code adding a preparation block may be reloaded. + def to_prepare(identifier = nil, &block) + @prepare_dispatch_callbacks ||= ActiveSupport::Callbacks::CallbackChain.new + callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier) + @prepare_dispatch_callbacks.replace_or_append!(callback) + end + end + + cattr_accessor :middleware + self.middleware = MiddlewareStack.new do |middleware| + middlewares = File.join(File.dirname(__FILE__), "rack", "middlewares.rb") + middleware.instance_eval(File.read(middlewares)) + end + + include ActiveSupport::Callbacks + define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch + + # DEPRECATE: Remove arguments, since they are only used by CGI + def initialize(output = $stdout, request = nil, response = nil) + @output = output + @app = @@middleware.build(lambda { |env| self.dup._call(env) }) + end + + def dispatch + begin + run_callbacks :before_dispatch + Routing::Routes.call(@env) + rescue Exception => exception + if controller ||= (::ApplicationController rescue Base) + controller.call_with_exception(@env, exception).to_a + else + raise exception + end + ensure + run_callbacks :after_dispatch, :enumerator => :reverse_each + end + end + + # DEPRECATE: Remove CGI support + def dispatch_cgi(cgi, session_options) + CGIHandler.dispatch_cgi(self, cgi, @output) + end + + def call(env) + @app.call(env) + end + + def _call(env) + @env = env + dispatch + end + + def reload_application + # Run prepare callbacks before every request in development mode + run_callbacks :prepare_dispatch + + Routing::Routes.reload + end + + # Cleanup the application by clearing out loaded classes so they can + # be reloaded on the next request without restarting the server. + def cleanup_application + ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord) + ActiveSupport::Dependencies.clear + ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord) + end + + def flush_logger + Base.logger.flush + end + + def checkin_connections + # Don't return connection (and peform implicit rollback) if this request is a part of integration test + return if @env.key?("rack.test") + ActiveRecord::Base.clear_active_connections! + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/params_parser.rb b/actionpack/lib/action_controller/dispatch/params_parser.rb new file mode 100644 index 0000000000..d269fe07fa --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/params_parser.rb @@ -0,0 +1,71 @@ +module ActionController + class ParamsParser + ActionController::Base.param_parsers[Mime::XML] = :xml_simple + ActionController::Base.param_parsers[Mime::JSON] = :json + + def initialize(app) + @app = app + end + + def call(env) + if params = parse_formatted_parameters(env) + env["action_controller.request.request_parameters"] = params + end + + @app.call(env) + end + + private + def parse_formatted_parameters(env) + request = Request.new(env) + + return false if request.content_length.zero? + + mime_type = content_type_from_legacy_post_data_format_header(env) || request.content_type + strategy = ActionController::Base.param_parsers[mime_type] + + return false unless strategy + + case strategy + when Proc + strategy.call(request.raw_post) + when :xml_simple, :xml_node + body = request.raw_post + body.blank? ? {} : Hash.from_xml(body).with_indifferent_access + when :yaml + YAML.load(request.raw_post) + when :json + body = request.raw_post + if body.blank? + {} + else + data = ActiveSupport::JSON.decode(body) + data = {:_json => data} unless data.is_a?(Hash) + data.with_indifferent_access + end + else + false + end + rescue Exception => e # YAML, XML or Ruby code block errors + raise + { "body" => request.raw_post, + "content_type" => request.content_type, + "content_length" => request.content_length, + "exception" => "#{e.message} (#{e.class})", + "backtrace" => e.backtrace } + end + + def content_type_from_legacy_post_data_format_header(env) + if x_post_format = env['HTTP_X_POST_DATA_FORMAT'] + case x_post_format.to_s.downcase + when 'yaml' + return Mime::YAML + when 'xml' + return Mime::XML + end + end + + nil + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/rack/failsafe.rb b/actionpack/lib/action_controller/dispatch/rack/failsafe.rb new file mode 100644 index 0000000000..567581142c --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rack/failsafe.rb @@ -0,0 +1,52 @@ +module ActionController + class Failsafe + cattr_accessor :error_file_path + self.error_file_path = Rails.public_path if defined?(Rails.public_path) + + def initialize(app) + @app = app + end + + def call(env) + @app.call(env) + rescue Exception => exception + # Reraise exception in test environment + if env["rack.test"] + raise exception + else + failsafe_response(exception) + end + end + + private + def failsafe_response(exception) + log_failsafe_exception(exception) + [500, {'Content-Type' => 'text/html'}, failsafe_response_body] + rescue Exception => failsafe_error # Logger or IO errors + $stderr.puts "Error during failsafe response: #{failsafe_error}" + end + + def failsafe_response_body + error_path = "#{self.class.error_file_path}/500.html" + if File.exist?(error_path) + File.read(error_path) + else + "

500 Internal Server Error

" + end + end + + def log_failsafe_exception(exception) + message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: 500 Internal Server Error\n" + message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception + failsafe_logger.fatal(message) + end + + def failsafe_logger + if defined?(Rails) && Rails.logger + Rails.logger + else + Logger.new($stderr) + end + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/rack/lock.rb b/actionpack/lib/action_controller/dispatch/rack/lock.rb new file mode 100644 index 0000000000..c50762216e --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rack/lock.rb @@ -0,0 +1,16 @@ +module ActionController + class Lock + FLAG = 'rack.multithread'.freeze + + def initialize(app, lock = Mutex.new) + @app, @lock = app, lock + end + + def call(env) + old, env[FLAG] = env[FLAG], false + @lock.synchronize { @app.call(env) } + ensure + env[FLAG] = old + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/rack/middleware_stack.rb b/actionpack/lib/action_controller/dispatch/rack/middleware_stack.rb new file mode 100644 index 0000000000..dbc2fda41e --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rack/middleware_stack.rb @@ -0,0 +1,109 @@ +module ActionController + class MiddlewareStack < Array + class Middleware + def self.new(klass, *args, &block) + if klass.is_a?(self) + klass + else + super + end + end + + attr_reader :args, :block + + def initialize(klass, *args, &block) + @klass = klass + + options = args.extract_options! + if options.has_key?(:if) + @conditional = options.delete(:if) + else + @conditional = true + end + args << options unless options.empty? + + @args = args + @block = block + end + + def klass + if @klass.is_a?(Class) + @klass + else + @klass.to_s.constantize + end + rescue NameError + @klass + end + + def active? + if @conditional.respond_to?(:call) + @conditional.call + else + @conditional + end + end + + def ==(middleware) + case middleware + when Middleware + klass == middleware.klass + when Class + klass == middleware + else + klass == middleware.to_s.constantize + end + end + + def inspect + str = klass.to_s + args.each { |arg| str += ", #{arg.inspect}" } + str + end + + def build(app) + if block + klass.new(app, *args, &block) + else + klass.new(app, *args) + end + end + end + + def initialize(*args, &block) + super(*args) + block.call(self) if block_given? + end + + def insert(index, *args, &block) + index = self.index(index) unless index.is_a?(Integer) + middleware = Middleware.new(*args, &block) + super(index, middleware) + end + + alias_method :insert_before, :insert + + def insert_after(index, *args, &block) + index = self.index(index) unless index.is_a?(Integer) + insert(index + 1, *args, &block) + end + + def swap(target, *args, &block) + insert_before(target, *args, &block) + delete(target) + end + + def use(*args, &block) + middleware = Middleware.new(*args, &block) + push(middleware) + end + + def active + find_all { |middleware| middleware.active? } + end + + def build(app) + active.reverse.inject(app) { |a, e| e.build(a) } + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/rack/middlewares.rb b/actionpack/lib/action_controller/dispatch/rack/middlewares.rb new file mode 100644 index 0000000000..f9cfc2b18e --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rack/middlewares.rb @@ -0,0 +1,21 @@ +use "Rack::Lock", :if => lambda { + !ActionController::Base.allow_concurrency +} + +use "ActionController::Failsafe" + +["ActionController::Session::CookieStore", + "ActionController::Session::MemCacheStore", + "ActiveRecord::SessionStore"].each do |store| + use(store, ActionController::Base.session_options, + :if => lambda { + if session_store = ActionController::Base.session_store + session_store.name == store + end + } + ) +end + +use "ActionController::RewindableInput" +use "ActionController::ParamsParser" +use "Rack::MethodOverride" diff --git a/actionpack/lib/action_controller/dispatch/request.rb b/actionpack/lib/action_controller/dispatch/request.rb new file mode 100755 index 0000000000..f8c77241b9 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/request.rb @@ -0,0 +1,492 @@ +require 'tempfile' +require 'stringio' +require 'strscan' + +require 'active_support/memoizable' +require 'action_controller/cgi_ext' + +module ActionController + class Request < Rack::Request + extend ActiveSupport::Memoizable + + %w[ AUTH_TYPE GATEWAY_INTERFACE + PATH_TRANSLATED REMOTE_HOST + REMOTE_IDENT REMOTE_USER REMOTE_ADDR + SERVER_NAME SERVER_PROTOCOL + + HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING + HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM + HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env| + define_method(env.sub(/^HTTP_/n, '').downcase) do + @env[env] + end + end + + def key?(key) + @env.key?(key) + end + + HTTP_METHODS = %w(get head put post delete options) + HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h } + + # Returns the true HTTP request \method as a lowercase symbol, such as + # :get. If the request \method is not listed in the HTTP_METHODS + # constant above, an UnknownHttpMethod exception is raised. + def request_method + HTTP_METHOD_LOOKUP[super] || raise(UnknownHttpMethod, "#{super}, accepted HTTP methods are #{HTTP_METHODS.to_sentence}") + end + memoize :request_method + + # Returns the HTTP request \method used for action processing as a + # lowercase symbol, such as :post. (Unlike #request_method, this + # method returns :get for a HEAD request because the two are + # functionally equivalent from the application's perspective.) + def method + request_method == :head ? :get : request_method + end + + # Is this a GET (or HEAD) request? Equivalent to request.method == :get. + def get? + method == :get + end + + # Is this a POST request? Equivalent to request.method == :post. + def post? + request_method == :post + end + + # Is this a PUT request? Equivalent to request.method == :put. + def put? + request_method == :put + end + + # Is this a DELETE request? Equivalent to request.method == :delete. + def delete? + request_method == :delete + end + + # Is this a HEAD request? Since request.method sees HEAD as :get, + # this \method checks the actual HTTP \method directly. + def head? + request_method == :head + end + + # Provides access to the request's HTTP headers, for example: + # + # request.headers["Content-Type"] # => "text/plain" + def headers + ActionController::Http::Headers.new(@env) + end + memoize :headers + + # Returns the content length of the request as an integer. + def content_length + super.to_i + end + + # The MIME type of the HTTP request, such as Mime::XML. + # + # For backward compatibility, the post \format is extracted from the + # X-Post-Data-Format HTTP header if present. + def content_type + if @env['CONTENT_TYPE'] =~ /^([^,\;]*)/ + Mime::Type.lookup($1.strip.downcase) + else + nil + end + end + memoize :content_type + + # Returns the accepted MIME type for the request. + def accepts + header = @env['HTTP_ACCEPT'].to_s.strip + + fallback = xhr? ? Mime::JS : Mime::HTML + + if header.empty? + [content_type, fallback, Mime::ALL].compact + else + ret = Mime::Type.parse(header) + if ret.last == Mime::ALL + ret.insert(-2, fallback) + end + ret + end + end + memoize :accepts + + def if_modified_since + if since = env['HTTP_IF_MODIFIED_SINCE'] + Time.rfc2822(since) rescue nil + end + end + memoize :if_modified_since + + def if_none_match + env['HTTP_IF_NONE_MATCH'] + end + + def not_modified?(modified_at) + if_modified_since && modified_at && if_modified_since >= modified_at + end + + def etag_matches?(etag) + if_none_match && if_none_match == etag + end + + # Check response freshness (Last-Modified and ETag) against request + # If-Modified-Since and If-None-Match conditions. If both headers are + # supplied, both must match, or the request is not considered fresh. + def fresh?(response) + case + when if_modified_since && if_none_match + not_modified?(response.last_modified) && etag_matches?(response.etag) + when if_modified_since + not_modified?(response.last_modified) + when if_none_match + etag_matches?(response.etag) + else + false + end + end + + ONLY_ALL = [Mime::ALL].freeze + + # Returns the Mime type for the \format used in the request. + # + # GET /posts/5.xml | request.format => Mime::XML + # GET /posts/5.xhtml | request.format => Mime::HTML + # GET /posts/5 | request.format => Mime::HTML or MIME::JS, or request.accepts.first depending on the value of ActionController::Base.use_accept_header + + def format(view_path = []) + @format ||= + if parameters[:format] + Mime[parameters[:format]] + elsif Base.use_accept_header && !(accepts == ONLY_ALL) + accepts.first + elsif xhr? then Mime::JS + else Mime::HTML + end + end + + def formats + @formats = + if Base.use_accept_header + ret = Array(Mime[parameters[:format]] || accepts) + else + [format] + end + end + + # Sets the \format by string extension, which can be used to force custom formats + # that are not controlled by the extension. + # + # class ApplicationController < ActionController::Base + # before_filter :adjust_format_for_iphone + # + # private + # def adjust_format_for_iphone + # request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/] + # end + # end + def format=(extension) + parameters[:format] = extension.to_s + @format = Mime::Type.lookup_by_extension(parameters[:format]) + end + + # Returns a symbolized version of the :format parameter of the request. + # If no \format is given it returns :jsfor Ajax requests and :html + # otherwise. + def template_format + parameter_format = parameters[:format] + + if parameter_format + parameter_format + elsif xhr? + :js + else + :html + end + end + + def cache_format + parameters[:format] + end + + # Returns true if the request's "X-Requested-With" header contains + # "XMLHttpRequest". (The Prototype Javascript library sends this header with + # every Ajax request.) + def xml_http_request? + !(@env['HTTP_X_REQUESTED_WITH'] !~ /XMLHttpRequest/i) + end + alias xhr? :xml_http_request? + + # Which IP addresses are "trusted proxies" that can be stripped from + # the right-hand-side of X-Forwarded-For + TRUSTED_PROXIES = /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i + + # Determines originating IP address. REMOTE_ADDR is the standard + # but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or + # HTTP_X_FORWARDED_FOR are set by proxies so check for these if + # REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma- + # delimited list in the case of multiple chained proxies; the last + # address which is not trusted is the originating IP. + def remote_ip + remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) + + unless remote_addr_list.blank? + not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} + return not_trusted_addrs.first unless not_trusted_addrs.empty? + end + remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') + + if @env.include? 'HTTP_CLIENT_IP' + if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) + # We don't know which came from the proxy, and which from the user + raise ActionControllerError.new(< 1 && TRUSTED_PROXIES =~ remote_ips.last.strip + remote_ips.pop + end + + return remote_ips.last.strip + end + + @env['REMOTE_ADDR'] + end + memoize :remote_ip + + # Returns the lowercase name of the HTTP server software. + def server_software + (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil + end + memoize :server_software + + # Returns the complete URL used for this request. + def url + protocol + host_with_port + request_uri + end + memoize :url + + # Returns 'https://' if this is an SSL request and 'http://' otherwise. + def protocol + ssl? ? 'https://' : 'http://' + end + memoize :protocol + + # Is this an SSL request? + def ssl? + @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https' + end + + # Returns the \host for this request, such as "example.com". + def raw_host_with_port + if forwarded = env["HTTP_X_FORWARDED_HOST"] + forwarded.split(/,\s?/).last + else + env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}" + end + end + + # Returns the host for this request, such as example.com. + def host + raw_host_with_port.sub(/:\d+$/, '') + end + memoize :host + + # Returns a \host:\port string for this request, such as "example.com" or + # "example.com:8080". + def host_with_port + "#{host}#{port_string}" + end + memoize :host_with_port + + # Returns the port number of this request as an integer. + def port + if raw_host_with_port =~ /:(\d+)$/ + $1.to_i + else + standard_port + end + end + memoize :port + + # Returns the standard \port number for this request's protocol. + def standard_port + case protocol + when 'https://' then 443 + else 80 + end + end + + # Returns a \port suffix like ":8080" if the \port number of this request + # is not the default HTTP \port 80 or HTTPS \port 443. + def port_string + port == standard_port ? '' : ":#{port}" + end + + # Returns the \domain part of a \host, such as "rubyonrails.org" in "www.rubyonrails.org". You can specify + # a different tld_length, such as 2 to catch rubyonrails.co.uk in "www.rubyonrails.co.uk". + def domain(tld_length = 1) + return nil unless named_host?(host) + + host.split('.').last(1 + tld_length).join('.') + end + + # Returns all the \subdomains as an array, so ["dev", "www"] would be + # returned for "dev.www.rubyonrails.org". You can specify a different tld_length, + # such as 2 to catch ["www"] instead of ["www", "rubyonrails"] + # in "www.rubyonrails.co.uk". + def subdomains(tld_length = 1) + return [] unless named_host?(host) + parts = host.split('.') + parts[0..-(tld_length+2)] + end + + # Returns the query string, accounting for server idiosyncrasies. + def query_string + @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '') + end + memoize :query_string + + # Returns the request URI, accounting for server idiosyncrasies. + # WEBrick includes the full URL. IIS leaves REQUEST_URI blank. + def request_uri + if uri = @env['REQUEST_URI'] + # Remove domain, which webrick puts into the request_uri. + (%r{^\w+\://[^/]+(/.*|$)$} =~ uri) ? $1 : uri + else + # Construct IIS missing REQUEST_URI from SCRIPT_NAME and PATH_INFO. + uri = @env['PATH_INFO'].to_s + + if script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$}) + uri = uri.sub(/#{script_filename}\//, '') + end + + env_qs = @env['QUERY_STRING'].to_s + uri += "?#{env_qs}" unless env_qs.empty? + + if uri.blank? + @env.delete('REQUEST_URI') + else + @env['REQUEST_URI'] = uri + end + end + end + memoize :request_uri + + # Returns the interpreted \path to requested resource after all the installation + # directory of this application was taken into account. + def path + path = request_uri.to_s[/\A[^\?]*/] + path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') + path + end + memoize :path + + # Read the request \body. This is useful for web services that need to + # work with raw requests directly. + def raw_post + unless @env.include? 'RAW_POST_DATA' + @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i) + body.rewind if body.respond_to?(:rewind) + end + @env['RAW_POST_DATA'] + end + + # Returns both GET and POST \parameters in a single hash. + def parameters + @parameters ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access + end + alias_method :params, :parameters + + def path_parameters=(parameters) #:nodoc: + @env["rack.routing_args"] = parameters + @symbolized_path_parameters = @parameters = nil + end + + # The same as path_parameters with explicitly symbolized keys. + def symbolized_path_parameters + @symbolized_path_parameters ||= path_parameters.symbolize_keys + end + + # Returns a hash with the \parameters used to form the \path of the request. + # Returned hash keys are strings: + # + # {'action' => 'my_action', 'controller' => 'my_controller'} + # + # See symbolized_path_parameters for symbolized keys. + def path_parameters + @env["rack.routing_args"] ||= {} + end + + # The request body is an IO input stream. If the RAW_POST_DATA environment + # variable is already set, wrap it in a StringIO. + def body + if raw_post = @env['RAW_POST_DATA'] + raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding) + StringIO.new(raw_post) + else + @env['rack.input'] + end + end + + def form_data? + FORM_DATA_MEDIA_TYPES.include?(content_type.to_s) + end + + # Override Rack's GET method to support nested query strings + def GET + @env["action_controller.request.query_parameters"] ||= UrlEncodedPairParser.parse_query_parameters(query_string) + end + alias_method :query_parameters, :GET + + # Override Rack's POST method to support nested query strings + def POST + @env["action_controller.request.request_parameters"] ||= UrlEncodedPairParser.parse_hash_parameters(super) + end + alias_method :request_parameters, :POST + + def body_stream #:nodoc: + @env['rack.input'] + end + + def session + @env['rack.session'] ||= {} + end + + def session=(session) #:nodoc: + @env['rack.session'] = session + end + + def reset_session + @env['rack.session'] = {} + end + + def session_options + @env['rack.session.options'] ||= {} + end + + def session_options=(options) + @env['rack.session.options'] = options + end + + def server_port + @env['SERVER_PORT'].to_i + end + + private + def named_host?(host) + !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host)) + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/request_parser.rb b/actionpack/lib/action_controller/dispatch/request_parser.rb new file mode 100644 index 0000000000..d1739ef4d0 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/request_parser.rb @@ -0,0 +1,315 @@ +module ActionController + class RequestParser + def initialize(env) + @env = env + freeze + end + + def request_parameters + @env["action_controller.request_parser.request_parameters"] ||= parse_formatted_request_parameters + end + + def query_parameters + @env["action_controller.request_parser.query_parameters"] ||= self.class.parse_query_parameters(query_string) + end + + # Returns the query string, accounting for server idiosyncrasies. + def query_string + @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '') + end + + # The request body is an IO input stream. If the RAW_POST_DATA environment + # variable is already set, wrap it in a StringIO. + def body + if raw_post = @env['RAW_POST_DATA'] + raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding) + StringIO.new(raw_post) + else + @env['rack.input'] + end + end + + # The raw content type string with its parameters stripped off. + def content_type_without_parameters + self.class.extract_content_type_without_parameters(content_type_with_parameters) + end + + def raw_post + unless @env.include? 'RAW_POST_DATA' + @env['RAW_POST_DATA'] = body.read(content_length) + body.rewind if body.respond_to?(:rewind) + end + @env['RAW_POST_DATA'] + end + + private + + def parse_formatted_request_parameters + return {} if content_length.zero? + + content_type, boundary = self.class.extract_multipart_boundary(content_type_with_parameters) + + # Don't parse params for unknown requests. + return {} if content_type.blank? + + mime_type = Mime::Type.lookup(content_type) + strategy = ActionController::Base.param_parsers[mime_type] + + # Only multipart form parsing expects a stream. + body = (strategy && strategy != :multipart_form) ? raw_post : self.body + + case strategy + when Proc + strategy.call(body) + when :url_encoded_form + self.class.clean_up_ajax_request_body! body + self.class.parse_query_parameters(body) + when :multipart_form + self.class.parse_multipart_form_parameters(body, boundary, content_length, @env) + when :xml_simple, :xml_node + body.blank? ? {} : Hash.from_xml(body).with_indifferent_access + when :yaml + YAML.load(body) + when :json + if body.blank? + {} + else + data = ActiveSupport::JSON.decode(body) + data = {:_json => data} unless data.is_a?(Hash) + data.with_indifferent_access + end + else + {} + end + rescue Exception => e # YAML, XML or Ruby code block errors + raise + { "body" => body, + "content_type" => content_type_with_parameters, + "content_length" => content_length, + "exception" => "#{e.message} (#{e.class})", + "backtrace" => e.backtrace } + end + + def content_length + @env['CONTENT_LENGTH'].to_i + end + + # The raw content type string. Use when you need parameters such as + # charset or boundary which aren't included in the content_type MIME type. + # Overridden by the X-POST_DATA_FORMAT header for backward compatibility. + def content_type_with_parameters + content_type_from_legacy_post_data_format_header || @env['CONTENT_TYPE'].to_s + end + + def content_type_from_legacy_post_data_format_header + if x_post_format = @env['HTTP_X_POST_DATA_FORMAT'] + case x_post_format.to_s.downcase + when 'yaml'; 'application/x-yaml' + when 'xml'; 'application/xml' + end + end + end + + class << self + def parse_query_parameters(query_string) + return {} if query_string.blank? + + pairs = query_string.split('&').collect do |chunk| + next if chunk.empty? + key, value = chunk.split('=', 2) + next if key.empty? + value = value.nil? ? nil : CGI.unescape(value) + [ CGI.unescape(key), value ] + end.compact + + UrlEncodedPairParser.new(pairs).result + end + + def parse_request_parameters(params) + parser = UrlEncodedPairParser.new + + params = params.dup + until params.empty? + for key, value in params + if key.blank? + params.delete key + elsif !key.include?('[') + # much faster to test for the most common case first (GET) + # and avoid the call to build_deep_hash + parser.result[key] = get_typed_value(value[0]) + params.delete key + elsif value.is_a?(Array) + parser.parse(key, get_typed_value(value.shift)) + params.delete key if value.empty? + else + raise TypeError, "Expected array, found #{value.inspect}" + end + end + end + + parser.result + end + + def parse_multipart_form_parameters(body, boundary, body_size, env) + parse_request_parameters(read_multipart(body, boundary, body_size, env)) + end + + def extract_multipart_boundary(content_type_with_parameters) + if content_type_with_parameters =~ MULTIPART_BOUNDARY + ['multipart/form-data', $1.dup] + else + extract_content_type_without_parameters(content_type_with_parameters) + end + end + + def extract_content_type_without_parameters(content_type_with_parameters) + $1.strip.downcase if content_type_with_parameters =~ /^([^,\;]*)/ + end + + def clean_up_ajax_request_body!(body) + body.chop! if body[-1] == 0 + body.gsub!(/&_=$/, '') + end + + + private + def get_typed_value(value) + case value + when String + value + when NilClass + '' + when Array + value.map { |v| get_typed_value(v) } + else + if value.respond_to? :original_filename + # Uploaded file + if value.original_filename + value + # Multipart param + else + result = value.read + value.rewind + result + end + # Unknown value, neither string nor multipart. + else + raise "Unknown form value: #{value.inspect}" + end + end + end + + MULTIPART_BOUNDARY = %r|\Amultipart/form-data.*boundary=\"?([^\";,]+)\"?|n + + EOL = "\015\012" + + def read_multipart(body, boundary, body_size, env) + params = Hash.new([]) + boundary = "--" + boundary + quoted_boundary = Regexp.quote(boundary) + buf = "" + bufsize = 10 * 1024 + boundary_end="" + + # start multipart/form-data + body.binmode if defined? body.binmode + case body + when File + body.set_encoding(Encoding::BINARY) if body.respond_to?(:set_encoding) + when StringIO + body.string.force_encoding(Encoding::BINARY) if body.string.respond_to?(:force_encoding) + end + boundary_size = boundary.size + EOL.size + body_size -= boundary_size + status = body.read(boundary_size) + if nil == status + raise EOFError, "no content body" + elsif boundary + EOL != status + raise EOFError, "bad content body" + end + + loop do + head = nil + content = + if 10240 < body_size + UploadedTempfile.new("CGI") + else + UploadedStringIO.new + end + content.binmode if defined? content.binmode + + until head and /#{quoted_boundary}(?:#{EOL}|--)/n.match(buf) + + if (not head) and /#{EOL}#{EOL}/n.match(buf) + buf = buf.sub(/\A((?:.|\n)*?#{EOL})#{EOL}/n) do + head = $1.dup + "" + end + next + end + + if head and ( (EOL + boundary + EOL).size < buf.size ) + content.print buf[0 ... (buf.size - (EOL + boundary + EOL).size)] + buf[0 ... (buf.size - (EOL + boundary + EOL).size)] = "" + end + + c = if bufsize < body_size + body.read(bufsize) + else + body.read(body_size) + end + if c.nil? || c.empty? + raise EOFError, "bad content body" + end + buf.concat(c) + body_size -= c.size + end + + buf = buf.sub(/\A((?:.|\n)*?)(?:[\r\n]{1,2})?#{quoted_boundary}([\r\n]{1,2}|--)/n) do + content.print $1 + if "--" == $2 + body_size = -1 + end + boundary_end = $2.dup + "" + end + + content.rewind + + head =~ /Content-Disposition:.* filename=(?:"((?:\\.|[^\"])*)"|([^;]*))/ni + if filename = $1 || $2 + if /Mac/ni.match(env['HTTP_USER_AGENT']) and + /Mozilla/ni.match(env['HTTP_USER_AGENT']) and + (not /MSIE/ni.match(env['HTTP_USER_AGENT'])) + filename = CGI.unescape(filename) + end + content.original_path = filename.dup + end + + head =~ /Content-Type: ([^\r]*)/ni + content.content_type = $1.dup if $1 + + head =~ /Content-Disposition:.* name="?([^\";]*)"?/ni + name = $1.dup if $1 + + if params.has_key?(name) + params[name].push(content) + else + params[name] = [content] + end + break if body_size == -1 + end + raise EOFError, "bad boundary end of body part" unless boundary_end=~/--/ + + begin + body.rewind if body.respond_to?(:rewind) + rescue Errno::ESPIPE + # Handles exceptions raised by input streams that cannot be rewound + # such as when using plain CGI under Apache + end + + params + end + end # class << self + end +end diff --git a/actionpack/lib/action_controller/dispatch/rescue.rb b/actionpack/lib/action_controller/dispatch/rescue.rb new file mode 100644 index 0000000000..0293e62fc7 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rescue.rb @@ -0,0 +1,179 @@ +module ActionController #:nodoc: + # Actions that fail to perform as expected throw exceptions. These + # exceptions can either be rescued for the public view (with a nice + # user-friendly explanation) or for the developers view (with tons of + # debugging information). The developers view is already implemented by + # the Action Controller, but the public view should be tailored to your + # specific application. + # + # The default behavior for public exceptions is to render a static html + # file with the name of the error code thrown. If no such file exists, an + # empty response is sent with the correct status code. + # + # You can override what constitutes a local request by overriding the + # local_request? method in your own controller. Custom rescue + # behavior is achieved by overriding the rescue_action_in_public + # and rescue_action_locally methods. + module Rescue + LOCALHOST = '127.0.0.1'.freeze + + DEFAULT_RESCUE_RESPONSE = :internal_server_error + DEFAULT_RESCUE_RESPONSES = { + 'ActionController::RoutingError' => :not_found, + 'ActionController::UnknownAction' => :not_found, + 'ActiveRecord::RecordNotFound' => :not_found, + 'ActiveRecord::StaleObjectError' => :conflict, + 'ActiveRecord::RecordInvalid' => :unprocessable_entity, + 'ActiveRecord::RecordNotSaved' => :unprocessable_entity, + 'ActionController::MethodNotAllowed' => :method_not_allowed, + 'ActionController::NotImplemented' => :not_implemented, + 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity + } + + DEFAULT_RESCUE_TEMPLATE = 'diagnostics' + DEFAULT_RESCUE_TEMPLATES = { + 'ActionView::MissingTemplate' => 'missing_template', + 'ActionController::RoutingError' => 'routing_error', + 'ActionController::UnknownAction' => 'unknown_action', + 'ActionView::TemplateError' => 'template_error' + } + + RESCUES_TEMPLATE_PATH = ActionView::Template::EagerPath.new( + File.join(File.dirname(__FILE__), "templates")) + + def self.included(base) #:nodoc: + base.cattr_accessor :rescue_responses + base.rescue_responses = Hash.new(DEFAULT_RESCUE_RESPONSE) + base.rescue_responses.update DEFAULT_RESCUE_RESPONSES + + base.cattr_accessor :rescue_templates + base.rescue_templates = Hash.new(DEFAULT_RESCUE_TEMPLATE) + base.rescue_templates.update DEFAULT_RESCUE_TEMPLATES + + base.extend(ClassMethods) + base.send :include, ActiveSupport::Rescuable + + base.class_eval do + alias_method_chain :perform_action, :rescue + end + end + + module ClassMethods + def call_with_exception(env, exception) #:nodoc: + request = env["action_controller.rescue.request"] ||= ActionController::Request.new(env) + response = env["action_controller.rescue.response"] ||= ActionController::Response.new + new.process(request, response, :rescue_action, exception) + end + end + + protected + # Exception handler called when the performance of an action raises + # an exception. + def rescue_action(exception) + rescue_with_handler(exception) || + rescue_action_without_handler(exception) + end + + # Overwrite to implement custom logging of errors. By default + # logs as fatal. + def log_error(exception) #:doc: + ActiveSupport::Deprecation.silence do + if ActionView::TemplateError === exception + logger.fatal(exception.to_s) + else + logger.fatal( + "\n#{exception.class} (#{exception.message}):\n " + + clean_backtrace(exception).join("\n ") + "\n\n" + ) + end + end + end + + # Overwrite to implement public exception handling (for requests + # answering false to local_request?). By default will call + # render_optional_error_file. Override this method to provide more + # user friendly error messages. + def rescue_action_in_public(exception) #:doc: + render_optional_error_file response_code_for_rescue(exception) + end + + # Attempts to render a static error page based on the + # status_code thrown, or just return headers if no such file + # exists. For example, if a 500 error is being handled Rails will first + # attempt to render the file at public/500.html. If the file + # doesn't exist, the body of the response will be left empty. + def render_optional_error_file(status_code) + status = interpret_status(status_code) + path = "#{Rails.public_path}/#{status.to_s[0,3]}.html" + if File.exist?(path) + render :file => path, :status => status, :content_type => Mime::HTML + else + head status + end + end + + # True if the request came from localhost, 127.0.0.1. Override this + # method if you wish to redefine the meaning of a local request to + # include remote IP addresses or other criteria. + def local_request? #:doc: + request.remote_addr == LOCALHOST && request.remote_ip == LOCALHOST + end + + # Render detailed diagnostics for unhandled exceptions rescued from + # a controller action. + def rescue_action_locally(exception) + @template.instance_variable_set("@exception", exception) + @template.instance_variable_set("@rescues_path", RESCUES_TEMPLATE_PATH) + @template.instance_variable_set("@contents", + @template._render_template(template_path_for_local_rescue(exception))) + + response.content_type = Mime::HTML + response.status = interpret_status(response_code_for_rescue(exception)) + + content = @template._render_template(rescues_path("layout")) + render_for_text(content) + end + + def rescue_action_without_handler(exception) + log_error(exception) if logger + erase_results if performed? + + # Let the exception alter the response if it wants. + # For example, MethodNotAllowed sets the Allow header. + if exception.respond_to?(:handle_response!) + exception.handle_response!(response) + end + + if consider_all_requests_local || local_request? + rescue_action_locally(exception) + else + rescue_action_in_public(exception) + end + end + + private + def perform_action_with_rescue #:nodoc: + perform_action_without_rescue + rescue Exception => exception + rescue_action(exception) + end + + def rescues_path(template_name) + RESCUES_TEMPLATE_PATH.find_template("rescues/#{template_name}.erb") + end + + def template_path_for_local_rescue(exception) + rescues_path(rescue_templates[exception.class.name]) + end + + def response_code_for_rescue(exception) + rescue_responses[exception.class.name] + end + + def clean_backtrace(exception) + defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ? + Rails.backtrace_cleaner.clean(exception.backtrace) : + exception.backtrace + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/response.rb b/actionpack/lib/action_controller/dispatch/response.rb new file mode 100644 index 0000000000..27860a6207 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/response.rb @@ -0,0 +1,255 @@ +require 'digest/md5' + +module ActionController # :nodoc: + # Represents an HTTP response generated by a controller action. One can use + # an ActionController::Response object to retrieve the current state + # of the response, or customize the response. An Response object can + # either represent a "real" HTTP response (i.e. one that is meant to be sent + # back to the web browser) or a test response (i.e. one that is generated + # from integration tests). See CgiResponse and TestResponse, respectively. + # + # Response is mostly a Ruby on Rails framework implement detail, and + # should never be used directly in controllers. Controllers should use the + # methods defined in ActionController::Base instead. For example, if you want + # to set the HTTP response's content MIME type, then use + # ActionControllerBase#headers instead of Response#headers. + # + # Nevertheless, integration tests may want to inspect controller responses in + # more detail, and that's when Response can be useful for application + # developers. Integration test methods such as + # ActionController::Integration::Session#get and + # ActionController::Integration::Session#post return objects of type + # TestResponse (which are of course also of type Response). + # + # For example, the following demo integration "test" prints the body of the + # controller response to the console: + # + # class DemoControllerTest < ActionController::IntegrationTest + # def test_print_root_path_to_console + # get('/') + # puts @response.body + # end + # end + class Response < Rack::Response + DEFAULT_HEADERS = { "Cache-Control" => "no-cache" } + attr_accessor :request + + attr_accessor :session, :assigns, :template, :layout + attr_accessor :redirected_to, :redirected_to_method_params + + delegate :default_charset, :to => 'ActionController::Base' + + def initialize + @status = 200 + @header = DEFAULT_HEADERS.dup + + @writer = lambda { |x| @body << x } + @block = nil + + @body = "", + @session, @assigns = [], [] + end + + def location; headers['Location'] end + def location=(url) headers['Location'] = url end + + + # Sets the HTTP response's content MIME type. For example, in the controller + # you could write this: + # + # response.content_type = "text/plain" + # + # If a character set has been defined for this response (see charset=) then + # the character set information will also be included in the content type + # information. + def content_type=(mime_type) + self.headers["Content-Type"] = + if mime_type =~ /charset/ || (c = charset).nil? + mime_type.to_s + else + "#{mime_type}; charset=#{c}" + end + end + + # Returns the response's content MIME type, or nil if content type has been set. + def content_type + content_type = String(headers["Content-Type"] || headers["type"]).split(";")[0] + content_type.blank? ? nil : content_type + end + + # Set the charset of the Content-Type header. Set to nil to remove it. + # If no content type is set, it defaults to HTML. + def charset=(charset) + headers["Content-Type"] = + if charset + "#{content_type || Mime::HTML}; charset=#{charset}" + else + content_type || Mime::HTML.to_s + end + end + + def charset + charset = String(headers["Content-Type"] || headers["type"]).split(";")[1] + charset.blank? ? nil : charset.strip.split("=")[1] + end + + def last_modified + if last = headers['Last-Modified'] + Time.httpdate(last) + end + end + + def last_modified? + headers.include?('Last-Modified') + end + + def last_modified=(utc_time) + headers['Last-Modified'] = utc_time.httpdate + end + + def etag + headers['ETag'] + end + + def etag? + headers.include?('ETag') + end + + def etag=(etag) + if etag.blank? + headers.delete('ETag') + else + headers['ETag'] = %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(etag))}") + end + end + + def redirect(url, status) + self.status = status + self.location = url.gsub(/[\r\n]/, '') + self.body = "You are being redirected." + end + + def sending_file? + headers["Content-Transfer-Encoding"] == "binary" + end + + def assign_default_content_type_and_charset! + self.content_type ||= Mime::HTML + self.charset ||= default_charset unless sending_file? + end + + def prepare! + assign_default_content_type_and_charset! + handle_conditional_get! + set_content_length! + convert_content_type! + convert_language! + convert_expires! + convert_cookies! + end + + def each(&callback) + if @body.respond_to?(:call) + @writer = lambda { |x| callback.call(x) } + @body.call(self, self) + elsif @body.is_a?(String) + @body.each_line(&callback) + else + @body.each(&callback) + end + + @writer = callback + @block.call(self) if @block + end + + def write(str) + @writer.call str.to_s + str + end + + # Over Rack::Response#set_cookie to add HttpOnly option + def set_cookie(key, value) + case value + when Hash + domain = "; domain=" + value[:domain] if value[:domain] + path = "; path=" + value[:path] if value[:path] + # According to RFC 2109, we need dashes here. + # N.B.: cgi.rb uses spaces... + expires = "; expires=" + value[:expires].clone.gmtime. + strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires] + secure = "; secure" if value[:secure] + httponly = "; HttpOnly" if value[:http_only] + value = value[:value] + end + value = [value] unless Array === value + cookie = ::Rack::Utils.escape(key) + "=" + + value.map { |v| ::Rack::Utils.escape v }.join("&") + + "#{domain}#{path}#{expires}#{secure}#{httponly}" + + case self["Set-Cookie"] + when Array + self["Set-Cookie"] << cookie + when String + self["Set-Cookie"] = [self["Set-Cookie"], cookie] + when nil + self["Set-Cookie"] = cookie + end + end + + private + def handle_conditional_get! + if etag? || last_modified? + set_conditional_cache_control! + elsif nonempty_ok_response? + self.etag = body + + if request && request.etag_matches?(etag) + self.status = '304 Not Modified' + self.body = '' + end + + set_conditional_cache_control! + end + end + + def nonempty_ok_response? + ok = !status || status.to_s[0..2] == '200' + ok && body.is_a?(String) && !body.empty? + end + + def set_conditional_cache_control! + if headers['Cache-Control'] == DEFAULT_HEADERS['Cache-Control'] + headers['Cache-Control'] = 'private, max-age=0, must-revalidate' + end + end + + def convert_content_type! + headers['Content-Type'] ||= "text/html" + headers['Content-Type'] += "; charset=" + headers.delete('charset') if headers['charset'] + end + + # Don't set the Content-Length for block-based bodies as that would mean + # reading it all into memory. Not nice for, say, a 2GB streaming file. + def set_content_length! + if status && status.to_s[0..2] == '204' + headers.delete('Content-Length') + elsif length = headers['Content-Length'] + headers['Content-Length'] = length.to_s + elsif !body.respond_to?(:call) && (!status || status.to_s[0..2] != '304') + headers["Content-Length"] = body.size.to_s + end + end + + def convert_language! + headers["Content-Language"] = headers.delete("language") if headers["language"] + end + + def convert_expires! + headers["Expires"] = headers.delete("") if headers["expires"] + end + + def convert_cookies! + headers['Set-Cookie'] = Array(headers['Set-Cookie']).compact + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/rewindable_input.rb b/actionpack/lib/action_controller/dispatch/rewindable_input.rb new file mode 100644 index 0000000000..36f655c51e --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/rewindable_input.rb @@ -0,0 +1,28 @@ +module ActionController + class RewindableInput + class RewindableIO < ActiveSupport::BasicObject + def initialize(io) + @io = io + @rewindable = io.is_a?(StringIO) + end + + def method_missing(method, *args, &block) + unless @rewindable + @io = StringIO.new(@io.read) + @rewindable = true + end + + @io.__send__(method, *args, &block) + end + end + + def initialize(app) + @app = app + end + + def call(env) + env['rack.input'] = RewindableIO.new(env['rack.input']) + @app.call(env) + end + end +end diff --git a/actionpack/lib/action_controller/dispatch/status_codes.rb b/actionpack/lib/action_controller/dispatch/status_codes.rb new file mode 100644 index 0000000000..4977c79491 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/status_codes.rb @@ -0,0 +1,88 @@ +module ActionController + module StatusCodes #:nodoc: + # Defines the standard HTTP status codes, by integer, with their + # corresponding default message texts. + # Source: http://www.iana.org/assignments/http-status-codes + STATUS_CODES = { + 100 => "Continue", + 101 => "Switching Protocols", + 102 => "Processing", + + 200 => "OK", + 201 => "Created", + 202 => "Accepted", + 203 => "Non-Authoritative Information", + 204 => "No Content", + 205 => "Reset Content", + 206 => "Partial Content", + 207 => "Multi-Status", + 226 => "IM Used", + + 300 => "Multiple Choices", + 301 => "Moved Permanently", + 302 => "Found", + 303 => "See Other", + 304 => "Not Modified", + 305 => "Use Proxy", + 307 => "Temporary Redirect", + + 400 => "Bad Request", + 401 => "Unauthorized", + 402 => "Payment Required", + 403 => "Forbidden", + 404 => "Not Found", + 405 => "Method Not Allowed", + 406 => "Not Acceptable", + 407 => "Proxy Authentication Required", + 408 => "Request Timeout", + 409 => "Conflict", + 410 => "Gone", + 411 => "Length Required", + 412 => "Precondition Failed", + 413 => "Request Entity Too Large", + 414 => "Request-URI Too Long", + 415 => "Unsupported Media Type", + 416 => "Requested Range Not Satisfiable", + 417 => "Expectation Failed", + 422 => "Unprocessable Entity", + 423 => "Locked", + 424 => "Failed Dependency", + 426 => "Upgrade Required", + + 500 => "Internal Server Error", + 501 => "Not Implemented", + 502 => "Bad Gateway", + 503 => "Service Unavailable", + 504 => "Gateway Timeout", + 505 => "HTTP Version Not Supported", + 507 => "Insufficient Storage", + 510 => "Not Extended" + } + + # Provides a symbol-to-fixnum lookup for converting a symbol (like + # :created or :not_implemented) into its corresponding HTTP status + # code (like 200 or 501). + SYMBOL_TO_STATUS_CODE = STATUS_CODES.inject({}) do |hash, (code, message)| + hash[message.gsub(/ /, "").underscore.to_sym] = code + hash + end + + # Given a status parameter, determine whether it needs to be converted + # to a string. If it is a fixnum, use the STATUS_CODES hash to lookup + # the default message. If it is a symbol, use the SYMBOL_TO_STATUS_CODE + # hash to convert it. + def interpret_status(status) + case status + when Fixnum then + "#{status} #{STATUS_CODES[status]}".strip + when Symbol then + interpret_status(SYMBOL_TO_STATUS_CODE[status] || + "500 Unknown Status #{status.inspect}") + else + status.to_s + end + end + private :interpret_status + + end +end \ No newline at end of file diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/_request_and_response.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/_request_and_response.erb new file mode 100644 index 0000000000..64b34650b1 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/_request_and_response.erb @@ -0,0 +1,24 @@ +<% unless @exception.blamed_files.blank? %> + <% if (hide = @exception.blamed_files.length > 8) %> + Show blamed files + <% end %> + 
><%=h @exception.describe_blame %>
+<% end %> + +<% + clean_params = request.parameters.clone + clean_params.delete("action") + clean_params.delete("controller") + + request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n") +%> + +

Request

+

Parameters: 

<%=h request_dump %>

+ +

Show session dump

+ + + +

Response

+

Headers: 

<%=h response ? response.headers.inspect.gsub(',', ",\n") : 'None' %>

diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/_trace.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/_trace.erb new file mode 100644 index 0000000000..bb2d8375bd --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/_trace.erb @@ -0,0 +1,26 @@ +<% + traces = [ + ["Application Trace", @exception.application_backtrace], + ["Framework Trace", @exception.framework_backtrace], + ["Full Trace", @exception.clean_backtrace] + ] + names = traces.collect {|name, trace| name} +%> + +

RAILS_ROOT: <%= defined?(RAILS_ROOT) ? RAILS_ROOT : "unset" %>

+ +
+ <% names.each do |name| %> + <% + show = "document.getElementById('#{name.gsub /\s/, '-'}').style.display='block';" + hide = (names - [name]).collect {|hide_name| "document.getElementById('#{hide_name.gsub /\s/, '-'}').style.display='none';"} + %> + <%= name %> <%= '|' unless names.last == name %> + <% end %> + + <% traces.each do |name, trace| %> +
;"> + 
<%= trace.join "\n" %>
+
+ <% end %> +
diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/diagnostics.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/diagnostics.erb new file mode 100644 index 0000000000..95be64511d --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/diagnostics.erb @@ -0,0 +1,10 @@ +

+ <%=h @exception.class.to_s %> + <% if request.parameters['controller'] %> + in <%=h request.parameters['controller'].humanize %>Controller<% if request.parameters['action'] %>#<%=h request.parameters['action'] %><% end %> + <% end %> +

+
<%=h @exception.clean_message %>
+ +<%= @template._render_template(@rescues_path.find_template("rescues/_trace.erb")) %> +<%= @template._render_template(@rescues_path.find_template("rescues/_request_and_response.erb")) %> \ No newline at end of file diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/layout.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/layout.erb new file mode 100644 index 0000000000..4a04742e40 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/layout.erb @@ -0,0 +1,29 @@ + + + Action Controller: Exception caught + + + + +<%= @contents %> + + + \ No newline at end of file diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/missing_template.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/missing_template.erb new file mode 100644 index 0000000000..dbfdf76947 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/missing_template.erb @@ -0,0 +1,2 @@ +

Template is missing

+

<%=h @exception.message %>

diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/routing_error.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/routing_error.erb new file mode 100644 index 0000000000..ccfa858cce --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/routing_error.erb @@ -0,0 +1,10 @@ +

Routing Error

+

<%=h @exception.message %>

+<% unless @exception.failures.empty? %>

+

Failure reasons:

+
    + <% @exception.failures.each do |route, reason| %> +
  1. <%=h route.inspect.gsub('\\', '') %> failed because <%=h reason.downcase %>
    2. + <% end %> +
+

<% end %> diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/template_error.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/template_error.erb new file mode 100644 index 0000000000..2e34e03bd5 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/template_error.erb @@ -0,0 +1,21 @@ +

+ <%=h @exception.original_exception.class.to_s %> in + <%=h request.parameters["controller"].capitalize if request.parameters["controller"]%>#<%=h request.parameters["action"] %> +

+ +

+ Showing <%=h @exception.file_name %> where line #<%=h @exception.line_number %> raised: + 

<%=h @exception.message %>
+

+ +

Extracted source (around line #<%=h @exception.line_number %>): +

<%=h @exception.source_extract %>

+ +

<%=h @exception.sub_template_message %>

+ +<% @real_exception = @exception + @exception = @exception.original_exception || @exception %> +<%= render :file => @rescues_path["rescues/_trace.erb"] %> +<% @exception = @real_exception %> + +<%= render :file => @rescues_path["rescues/_request_and_response.erb"] %> diff --git a/actionpack/lib/action_controller/dispatch/templates/rescues/unknown_action.erb b/actionpack/lib/action_controller/dispatch/templates/rescues/unknown_action.erb new file mode 100644 index 0000000000..683379da10 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/templates/rescues/unknown_action.erb @@ -0,0 +1,2 @@ +

Unknown action

+

<%=h @exception.message %>

diff --git a/actionpack/lib/action_controller/dispatch/uploaded_file.rb b/actionpack/lib/action_controller/dispatch/uploaded_file.rb new file mode 100644 index 0000000000..376ba3621a --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/uploaded_file.rb @@ -0,0 +1,44 @@ +module ActionController + module UploadedFile + def self.included(base) + base.class_eval do + attr_accessor :original_path, :content_type + alias_method :local_path, :path + end + end + + def self.extended(object) + object.class_eval do + attr_accessor :original_path, :content_type + alias_method :local_path, :path + end + end + + # Take the basename of the upload's original filename. + # This handles the full Windows paths given by Internet Explorer + # (and perhaps other broken user agents) without affecting + # those which give the lone filename. + # The Windows regexp is adapted from Perl's File::Basename. + def original_filename + unless defined? @original_filename + @original_filename = + unless original_path.blank? + if original_path =~ /^(?:.*[:\\\/])?(.*)/m + $1 + else + File.basename original_path + end + end + end + @original_filename + end + end + + class UploadedStringIO < StringIO + include UploadedFile + end + + class UploadedTempfile < Tempfile + include UploadedFile + end +end diff --git a/actionpack/lib/action_controller/dispatch/url_encoded_pair_parser.rb b/actionpack/lib/action_controller/dispatch/url_encoded_pair_parser.rb new file mode 100644 index 0000000000..57594c4259 --- /dev/null +++ b/actionpack/lib/action_controller/dispatch/url_encoded_pair_parser.rb @@ -0,0 +1,155 @@ +module ActionController + class UrlEncodedPairParser < StringScanner #:nodoc: + class << self + def parse_query_parameters(query_string) + return {} if query_string.blank? + + pairs = query_string.split('&').collect do |chunk| + next if chunk.empty? + key, value = chunk.split('=', 2) + next if key.empty? + value = value.nil? ? nil : CGI.unescape(value) + [ CGI.unescape(key), value ] + end.compact + + new(pairs).result + end + + def parse_hash_parameters(params) + parser = new + + params = params.dup + until params.empty? + for key, value in params + if key.blank? + params.delete(key) + elsif value.is_a?(Array) + parser.parse(key, get_typed_value(value.shift)) + params.delete(key) if value.empty? + else + parser.parse(key, get_typed_value(value)) + params.delete(key) + end + end + end + + parser.result + end + + private + def get_typed_value(value) + case value + when String + value + when NilClass + '' + when Array + value.map { |v| get_typed_value(v) } + when Hash + if value.has_key?(:tempfile) && value[:filename].any? + upload = value[:tempfile] + upload.extend(UploadedFile) + upload.original_path = value[:filename] + upload.content_type = value[:type] + upload + else + nil + end + else + raise "Unknown form value: #{value.inspect}" + end + end + end + + attr_reader :top, :parent, :result + + def initialize(pairs = []) + super('') + @result = {} + pairs.each { |key, value| parse(key, value) } + end + + KEY_REGEXP = %r{([^\[\]=&]+)} + BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} + + # Parse the query string + def parse(key, value) + self.string = key + @top, @parent = result, nil + + # First scan the bare key + key = scan(KEY_REGEXP) or return + key = post_key_check(key) + + # Then scan as many nestings as present + until eos? + r = scan(BRACKETED_KEY_REGEXP) or return + key = self[1] + key = post_key_check(key) + end + + bind(key, value) + end + + private + # After we see a key, we must look ahead to determine our next action. Cases: + # + # [] follows the key. Then the value must be an array. + # = follows the key. (A value comes next) + # & or the end of string follows the key. Then the key is a flag. + # otherwise, a hash follows the key. + def post_key_check(key) + if scan(/\[\]/) # a[b][] indicates that b is an array + container(key, Array) + nil + elsif check(/\[[^\]]/) # a[b] indicates that a is a hash + container(key, Hash) + nil + else # End of key? We do nothing. + key + end + end + + # Add a container to the stack. + def container(key, klass) + type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) + value = bind(key, klass.new) + type_conflict! klass, value unless value.is_a?(klass) + push(value) + end + + # Push a value onto the 'stack', which is actually only the top 2 items. + def push(value) + @parent, @top = @top, value + end + + # Bind a key (which may be nil for items in an array) to the provided value. + def bind(key, value) + if top.is_a? Array + if key + if top[-1].is_a?(Hash) && ! top[-1].key?(key) + top[-1][key] = value + else + top << {key => value}.with_indifferent_access + end + push top.last + return top[key] + else + top << value + return value + end + elsif top.is_a? Hash + key = CGI.unescape(key) + parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) + top[key] ||= value + return top[key] + else + raise ArgumentError, "Don't know what to do: top is #{top.inspect}" + end + end + + def type_conflict!(klass, value) + raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)" + end + end +end diff --git a/actionpack/lib/action_controller/dispatcher.rb b/actionpack/lib/action_controller/dispatcher.rb deleted file mode 100644 index 781bc48887..0000000000 --- a/actionpack/lib/action_controller/dispatcher.rb +++ /dev/null @@ -1,116 +0,0 @@ -module ActionController - # Dispatches requests to the appropriate controller and takes care of - # reloading the app after each request when Dependencies.load? is true. - class Dispatcher - class << self - def define_dispatcher_callbacks(cache_classes) - unless cache_classes - # Development mode callbacks - before_dispatch :reload_application - after_dispatch :cleanup_application - - ActionView::Helpers::AssetTagHelper.cache_asset_timestamps = false - end - - if defined?(ActiveRecord) - after_dispatch :checkin_connections - to_prepare(:activerecord_instantiate_observers) { ActiveRecord::Base.instantiate_observers } - end - - after_dispatch :flush_logger if Base.logger && Base.logger.respond_to?(:flush) - - to_prepare do - I18n.reload! - end - end - - # DEPRECATE: Remove CGI support - def dispatch(cgi = nil, session_options = CgiRequest::DEFAULT_SESSION_OPTIONS, output = $stdout) - new(output).dispatch_cgi(cgi, session_options) - end - - # Add a preparation callback. Preparation callbacks are run before every - # request in development mode, and before the first request in production - # mode. - # - # An optional identifier may be supplied for the callback. If provided, - # to_prepare may be called again with the same identifier to replace the - # existing callback. Passing an identifier is a suggested practice if the - # code adding a preparation block may be reloaded. - def to_prepare(identifier = nil, &block) - @prepare_dispatch_callbacks ||= ActiveSupport::Callbacks::CallbackChain.new - callback = ActiveSupport::Callbacks::Callback.new(:prepare_dispatch, block, :identifier => identifier) - @prepare_dispatch_callbacks.replace_or_append!(callback) - end - end - - cattr_accessor :middleware - self.middleware = MiddlewareStack.new do |middleware| - middlewares = File.join(File.dirname(__FILE__), "middlewares.rb") - middleware.instance_eval(File.read(middlewares)) - end - - include ActiveSupport::Callbacks - define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch - - # DEPRECATE: Remove arguments, since they are only used by CGI - def initialize(output = $stdout, request = nil, response = nil) - @output = output - @app = @@middleware.build(lambda { |env| self.dup._call(env) }) - end - - def dispatch - begin - run_callbacks :before_dispatch - Routing::Routes.call(@env) - rescue Exception => exception - if controller ||= (::ApplicationController rescue Base) - controller.call_with_exception(@env, exception).to_a - else - raise exception - end - ensure - run_callbacks :after_dispatch, :enumerator => :reverse_each - end - end - - # DEPRECATE: Remove CGI support - def dispatch_cgi(cgi, session_options) - CGIHandler.dispatch_cgi(self, cgi, @output) - end - - def call(env) - @app.call(env) - end - - def _call(env) - @env = env - dispatch - end - - def reload_application - # Run prepare callbacks before every request in development mode - run_callbacks :prepare_dispatch - - Routing::Routes.reload - end - - # Cleanup the application by clearing out loaded classes so they can - # be reloaded on the next request without restarting the server. - def cleanup_application - ActiveRecord::Base.reset_subclasses if defined?(ActiveRecord) - ActiveSupport::Dependencies.clear - ActiveRecord::Base.clear_reloadable_connections! if defined?(ActiveRecord) - end - - def flush_logger - Base.logger.flush - end - - def checkin_connections - # Don't return connection (and peform implicit rollback) if this request is a part of integration test - return if @env.key?("rack.test") - ActiveRecord::Base.clear_active_connections! - end - end -end diff --git a/actionpack/lib/action_controller/failsafe.rb b/actionpack/lib/action_controller/failsafe.rb deleted file mode 100644 index 567581142c..0000000000 --- a/actionpack/lib/action_controller/failsafe.rb +++ /dev/null @@ -1,52 +0,0 @@ -module ActionController - class Failsafe - cattr_accessor :error_file_path - self.error_file_path = Rails.public_path if defined?(Rails.public_path) - - def initialize(app) - @app = app - end - - def call(env) - @app.call(env) - rescue Exception => exception - # Reraise exception in test environment - if env["rack.test"] - raise exception - else - failsafe_response(exception) - end - end - - private - def failsafe_response(exception) - log_failsafe_exception(exception) - [500, {'Content-Type' => 'text/html'}, failsafe_response_body] - rescue Exception => failsafe_error # Logger or IO errors - $stderr.puts "Error during failsafe response: #{failsafe_error}" - end - - def failsafe_response_body - error_path = "#{self.class.error_file_path}/500.html" - if File.exist?(error_path) - File.read(error_path) - else - "

500 Internal Server Error

" - end - end - - def log_failsafe_exception(exception) - message = "/!\\ FAILSAFE /!\\ #{Time.now}\n Status: 500 Internal Server Error\n" - message << " #{exception}\n #{exception.backtrace.join("\n ")}" if exception - failsafe_logger.fatal(message) - end - - def failsafe_logger - if defined?(Rails) && Rails.logger - Rails.logger - else - Logger.new($stderr) - end - end - end -end diff --git a/actionpack/lib/action_controller/filters.rb b/actionpack/lib/action_controller/filters.rb deleted file mode 100644 index 9022b8b279..0000000000 --- a/actionpack/lib/action_controller/filters.rb +++ /dev/null @@ -1,680 +0,0 @@ -module ActionController #:nodoc: - module Filters #:nodoc: - def self.included(base) - base.class_eval do - extend ClassMethods - include ActionController::Filters::InstanceMethods - end - end - - class FilterChain < ActiveSupport::Callbacks::CallbackChain #:nodoc: - def append_filter_to_chain(filters, filter_type, &block) - pos = find_filter_append_position(filters, filter_type) - update_filter_chain(filters, filter_type, pos, &block) - end - - def prepend_filter_to_chain(filters, filter_type, &block) - pos = find_filter_prepend_position(filters, filter_type) - update_filter_chain(filters, filter_type, pos, &block) - end - - def create_filters(filters, filter_type, &block) - filters, conditions = extract_options(filters, &block) - filters.map! { |filter| find_or_create_filter(filter, filter_type, conditions) } - filters - end - - def skip_filter_in_chain(*filters, &test) - filters, conditions = extract_options(filters) - filters.each do |filter| - if callback = find(filter) then delete(callback) end - end if conditions.empty? - update_filter_in_chain(filters, :skip => conditions, &test) - end - - private - def update_filter_chain(filters, filter_type, pos, &block) - new_filters = create_filters(filters, filter_type, &block) - insert(pos, new_filters).flatten! - end - - def find_filter_append_position(filters, filter_type) - # appending an after filter puts it at the end of the call chain - # before and around filters go before the first after filter in the chain - unless filter_type == :after - each_with_index do |f,i| - return i if f.after? - end - end - return -1 - end - - def find_filter_prepend_position(filters, filter_type) - # prepending a before or around filter puts it at the front of the call chain - # after filters go before the first after filter in the chain - if filter_type == :after - each_with_index do |f,i| - return i if f.after? - end - return -1 - end - return 0 - end - - def find_or_create_filter(filter, filter_type, options = {}) - update_filter_in_chain([filter], options) - - if found_filter = find(filter) { |f| f.type == filter_type } - found_filter - else - filter_kind = case - when filter.respond_to?(:before) && filter_type == :before - :before - when filter.respond_to?(:after) && filter_type == :after - :after - else - :filter - end - - case filter_type - when :before - BeforeFilter.new(filter_kind, filter, options) - when :after - AfterFilter.new(filter_kind, filter, options) - else - AroundFilter.new(filter_kind, filter, options) - end - end - end - - def update_filter_in_chain(filters, options, &test) - filters.map! { |f| block_given? ? find(f, &test) : find(f) } - filters.compact! - - map! do |filter| - if filters.include?(filter) - new_filter = filter.dup - new_filter.update_options!(options) - new_filter - else - filter - end - end - end - end - - class Filter < ActiveSupport::Callbacks::Callback #:nodoc: - def initialize(kind, method, options = {}) - super - update_options! options - end - - # override these to return true in appropriate subclass - def before? - false - end - - def after? - false - end - - def around? - false - end - - # Make sets of strings from :only/:except options - def update_options!(other) - if other - convert_only_and_except_options_to_sets_of_strings(other) - if other[:skip] - convert_only_and_except_options_to_sets_of_strings(other[:skip]) - end - end - - options.update(other) - end - - private - def should_not_skip?(controller) - if options[:skip] - !included_in_action?(controller, options[:skip]) - else - true - end - end - - def included_in_action?(controller, options) - if options[:only] - options[:only].include?(controller.action_name) - elsif options[:except] - !options[:except].include?(controller.action_name) - else - true - end - end - - def should_run_callback?(controller) - should_not_skip?(controller) && included_in_action?(controller, options) && super - end - - def convert_only_and_except_options_to_sets_of_strings(opts) - [:only, :except].each do |key| - if values = opts[key] - opts[key] = Array(values).map(&:to_s).to_set - end - end - end - end - - class AroundFilter < Filter #:nodoc: - def type - :around - end - - def around? - true - end - - def call(controller, &block) - if should_run_callback?(controller) - method = filter_responds_to_before_and_after? ? around_proc : self.method - - # For around_filter do |controller, action| - if method.is_a?(Proc) && method.arity == 2 - evaluate_method(method, controller, block) - else - evaluate_method(method, controller, &block) - end - else - block.call - end - end - - private - def filter_responds_to_before_and_after? - method.respond_to?(:before) && method.respond_to?(:after) - end - - def around_proc - Proc.new do |controller, action| - method.before(controller) - - if controller.__send__(:performed?) - controller.__send__(:halt_filter_chain, method, :rendered_or_redirected) - else - begin - action.call - ensure - method.after(controller) - end - end - end - end - end - - class BeforeFilter < Filter #:nodoc: - def type - :before - end - - def before? - true - end - - def call(controller, &block) - super - if controller.__send__(:performed?) - controller.__send__(:halt_filter_chain, method, :rendered_or_redirected) - end - end - end - - class AfterFilter < Filter #:nodoc: - def type - :after - end - - def after? - true - end - end - - # Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do - # authentication, caching, or auditing before the intended action is performed. Or to do localization or output - # compression after the action has been performed. Filters have access to the request, response, and all the instance - # variables set by other filters in the chain or by the action (in the case of after filters). - # - # == Filter inheritance - # - # Controller inheritance hierarchies share filters downwards, but subclasses can also add or skip filters without - # affecting the superclass. For example: - # - # class BankController < ActionController::Base - # before_filter :audit - # - # private - # def audit - # # record the action and parameters in an audit log - # end - # end - # - # class VaultController < BankController - # before_filter :verify_credentials - # - # private - # def verify_credentials - # # make sure the user is allowed into the vault - # end - # end - # - # Now any actions performed on the BankController will have the audit method called before. On the VaultController, - # first the audit method is called, then the verify_credentials method. If the audit method renders or redirects, then - # verify_credentials and the intended action are never called. - # - # == Filter types - # - # A filter can take one of three forms: method reference (symbol), external class, or inline method (proc). The first - # is the most common and works by referencing a protected or private method somewhere in the inheritance hierarchy of - # the controller by use of a symbol. In the bank example above, both BankController and VaultController use this form. - # - # Using an external class makes for more easily reused generic filters, such as output compression. External filter classes - # are implemented by having a static +filter+ method on any class and then passing this class to the filter method. Example: - # - # class OutputCompressionFilter - # def self.filter(controller) - # controller.response.body = compress(controller.response.body) - # end - # end - # - # class NewspaperController < ActionController::Base - # after_filter OutputCompressionFilter - # end - # - # The filter method is passed the controller instance and is hence granted access to all aspects of the controller and can - # manipulate them as it sees fit. - # - # The inline method (using a proc) can be used to quickly do something small that doesn't require a lot of explanation. - # Or just as a quick test. It works like this: - # - # class WeblogController < ActionController::Base - # before_filter { |controller| head(400) if controller.params["stop_action"] } - # end - # - # As you can see, the block expects to be passed the controller after it has assigned the request to the internal variables. - # This means that the block has access to both the request and response objects complete with convenience methods for params, - # session, template, and assigns. Note: The inline method doesn't strictly have to be a block; any object that responds to call - # and returns 1 or -1 on arity will do (such as a Proc or an Method object). - # - # Please note that around_filters function a little differently than the normal before and after filters with regard to filter - # types. Please see the section dedicated to around_filters below. - # - # == Filter chain ordering - # - # Using before_filter and after_filter appends the specified filters to the existing chain. That's usually - # just fine, but some times you care more about the order in which the filters are executed. When that's the case, you - # can use prepend_before_filter and prepend_after_filter. Filters added by these methods will be put at the - # beginning of their respective chain and executed before the rest. For example: - # - # class ShoppingController < ActionController::Base - # before_filter :verify_open_shop - # - # class CheckoutController < ShoppingController - # prepend_before_filter :ensure_items_in_cart, :ensure_items_in_stock - # - # The filter chain for the CheckoutController is now :ensure_items_in_cart, :ensure_items_in_stock, - # :verify_open_shop. So if either of the ensure filters renders or redirects, we'll never get around to see if the shop - # is open or not. - # - # You may pass multiple filter arguments of each type as well as a filter block. - # If a block is given, it is treated as the last argument. - # - # == Around filters - # - # Around filters wrap an action, executing code both before and after. - # They may be declared as method references, blocks, or objects responding - # to +filter+ or to both +before+ and +after+. - # - # To use a method as an +around_filter+, pass a symbol naming the Ruby method. - # Yield (or block.call) within the method to run the action. - # - # around_filter :catch_exceptions - # - # private - # def catch_exceptions - # yield - # rescue => exception - # logger.debug "Caught exception! #{exception}" - # raise - # end - # - # To use a block as an +around_filter+, pass a block taking as args both - # the controller and the action block. You can't call yield directly from - # an +around_filter+ block; explicitly call the action block instead: - # - # around_filter do |controller, action| - # logger.debug "before #{controller.action_name}" - # action.call - # logger.debug "after #{controller.action_name}" - # end - # - # To use a filter object with +around_filter+, pass an object responding - # to :filter or both :before and :after. With a - # filter method, yield to the block as above: - # - # around_filter BenchmarkingFilter - # - # class BenchmarkingFilter - # def self.filter(controller, &block) - # Benchmark.measure(&block) - # end - # end - # - # With +before+ and +after+ methods: - # - # around_filter Authorizer.new - # - # class Authorizer - # # This will run before the action. Redirecting aborts the action. - # def before(controller) - # unless user.authorized? - # redirect_to(login_url) - # end - # end - # - # # This will run after the action if and only if before did not render or redirect. - # def after(controller) - # end - # end - # - # If the filter has +before+ and +after+ methods, the +before+ method will be - # called before the action. If +before+ renders or redirects, the filter chain is - # halted and +after+ will not be run. See Filter Chain Halting below for - # an example. - # - # == Filter chain skipping - # - # Declaring a filter on a base class conveniently applies to its subclasses, - # but sometimes a subclass should skip some of its superclass' filters: - # - # class ApplicationController < ActionController::Base - # before_filter :authenticate - # around_filter :catch_exceptions - # end - # - # class WeblogController < ApplicationController - # # Will run the :authenticate and :catch_exceptions filters. - # end - # - # class SignupController < ApplicationController - # # Skip :authenticate, run :catch_exceptions. - # skip_before_filter :authenticate - # end - # - # class ProjectsController < ApplicationController - # # Skip :catch_exceptions, run :authenticate. - # skip_filter :catch_exceptions - # end - # - # class ClientsController < ApplicationController - # # Skip :catch_exceptions and :authenticate unless action is index. - # skip_filter :catch_exceptions, :authenticate, :except => :index - # end - # - # == Filter conditions - # - # Filters may be limited to specific actions by declaring the actions to - # include or exclude. Both options accept single actions - # (:only => :index) or arrays of actions - # (:except => [:foo, :bar]). - # - # class Journal < ActionController::Base - # # Require authentication for edit and delete. - # before_filter :authorize, :only => [:edit, :delete] - # - # # Passing options to a filter with a block. - # around_filter(:except => :index) do |controller, action_block| - # results = Profiler.run(&action_block) - # controller.response.sub! "", "#{results}" - # end - # - # private - # def authorize - # # Redirect to login unless authenticated. - # end - # end - # - # == Filter Chain Halting - # - # before_filter and around_filter may halt the request - # before a controller action is run. This is useful, for example, to deny - # access to unauthenticated users or to redirect from HTTP to HTTPS. - # Simply call render or redirect. After filters will not be executed if the filter - # chain is halted. - # - # Around filters halt the request unless the action block is called. - # Given these filters - # after_filter :after - # around_filter :around - # before_filter :before - # - # The filter chain will look like: - # - # ... - # . \ - # . #around (code before yield) - # . . \ - # . . #before (actual filter code is run) - # . . . \ - # . . . execute controller action - # . . . / - # . . ... - # . . / - # . #around (code after yield) - # . / - # #after (actual filter code is run, unless the around filter does not yield) - # - # If +around+ returns before yielding, +after+ will still not be run. The +before+ - # filter and controller action will not be run. If +before+ renders or redirects, - # the second half of +around+ and will still run but +after+ and the - # action will not. If +around+ fails to yield, +after+ will not be run. - module ClassMethods - # The passed filters will be appended to the filter_chain and - # will execute before the action on this controller is performed. - def append_before_filter(*filters, &block) - filter_chain.append_filter_to_chain(filters, :before, &block) - end - - # The passed filters will be prepended to the filter_chain and - # will execute before the action on this controller is performed. - def prepend_before_filter(*filters, &block) - filter_chain.prepend_filter_to_chain(filters, :before, &block) - end - - # Shorthand for append_before_filter since it's the most common. - alias :before_filter :append_before_filter - - # The passed filters will be appended to the array of filters - # that run _after_ actions on this controller are performed. - def append_after_filter(*filters, &block) - filter_chain.append_filter_to_chain(filters, :after, &block) - end - - # The passed filters will be prepended to the array of filters - # that run _after_ actions on this controller are performed. - def prepend_after_filter(*filters, &block) - filter_chain.prepend_filter_to_chain(filters, :after, &block) - end - - # Shorthand for append_after_filter since it's the most common. - alias :after_filter :append_after_filter - - # If you append_around_filter A.new, B.new, the filter chain looks like - # - # B#before - # A#before - # # run the action - # A#after - # B#after - # - # With around filters which yield to the action block, +before+ and +after+ - # are the code before and after the yield. - def append_around_filter(*filters, &block) - filter_chain.append_filter_to_chain(filters, :around, &block) - end - - # If you prepend_around_filter A.new, B.new, the filter chain looks like: - # - # A#before - # B#before - # # run the action - # B#after - # A#after - # - # With around filters which yield to the action block, +before+ and +after+ - # are the code before and after the yield. - def prepend_around_filter(*filters, &block) - filter_chain.prepend_filter_to_chain(filters, :around, &block) - end - - # Shorthand for +append_around_filter+ since it's the most common. - alias :around_filter :append_around_filter - - # Removes the specified filters from the +before+ filter chain. Note that this only works for skipping method-reference - # filters, not procs. This is especially useful for managing the chain in inheritance hierarchies where only one out - # of many sub-controllers need a different hierarchy. - # - # You can control the actions to skip the filter for with the :only and :except options, - # just like when you apply the filters. - def skip_before_filter(*filters) - filter_chain.skip_filter_in_chain(*filters, &:before?) - end - - # Removes the specified filters from the +after+ filter chain. Note that this only works for skipping method-reference - # filters, not procs. This is especially useful for managing the chain in inheritance hierarchies where only one out - # of many sub-controllers need a different hierarchy. - # - # You can control the actions to skip the filter for with the :only and :except options, - # just like when you apply the filters. - def skip_after_filter(*filters) - filter_chain.skip_filter_in_chain(*filters, &:after?) - end - - # Removes the specified filters from the filter chain. This only works for method reference (symbol) - # filters, not procs. This method is different from skip_after_filter and skip_before_filter in that - # it will match any before, after or yielding around filter. - # - # You can control the actions to skip the filter for with the :only and :except options, - # just like when you apply the filters. - def skip_filter(*filters) - filter_chain.skip_filter_in_chain(*filters) - end - - # Returns an array of Filter objects for this controller. - def filter_chain - if chain = read_inheritable_attribute('filter_chain') - return chain - else - write_inheritable_attribute('filter_chain', FilterChain.new) - return filter_chain - end - end - - # Returns all the before filters for this class and all its ancestors. - # This method returns the actual filter that was assigned in the controller to maintain existing functionality. - def before_filters #:nodoc: - filter_chain.select(&:before?).map(&:method) - end - - # Returns all the after filters for this class and all its ancestors. - # This method returns the actual filter that was assigned in the controller to maintain existing functionality. - def after_filters #:nodoc: - filter_chain.select(&:after?).map(&:method) - end - end - - module InstanceMethods # :nodoc: - def self.included(base) - base.class_eval do - alias_method_chain :perform_action, :filters - alias_method_chain :process, :filters - end - end - - protected - def process_with_filters(request, response, method = :perform_action, *arguments) #:nodoc: - @before_filter_chain_aborted = false - process_without_filters(request, response, method, *arguments) - end - - def perform_action_with_filters - call_filters(self.class.filter_chain, 0, 0) - end - - private - def call_filters(chain, index, nesting) - index = run_before_filters(chain, index, nesting) - aborted = @before_filter_chain_aborted - perform_action_without_filters unless performed? || aborted - return index if nesting != 0 || aborted - run_after_filters(chain, index) - end - - def run_before_filters(chain, index, nesting) - while chain[index] - filter, index = chain[index], index - break unless filter # end of call chain reached - - case filter - when BeforeFilter - filter.call(self) # invoke before filter - index = index.next - break if @before_filter_chain_aborted - when AroundFilter - yielded = false - - filter.call(self) do - yielded = true - # all remaining before and around filters will be run in this call - index = call_filters(chain, index.next, nesting.next) - end - - halt_filter_chain(filter, :did_not_yield) unless yielded - - break - else - break # no before or around filters left - end - end - - index - end - - def run_after_filters(chain, index) - seen_after_filter = false - - while chain[index] - filter, index = chain[index], index - break unless filter # end of call chain reached - - case filter - when AfterFilter - seen_after_filter = true - filter.call(self) # invoke after filter - else - # implementation error or someone has mucked with the filter chain - raise ActionControllerError, "filter #{filter.inspect} was in the wrong place!" if seen_after_filter - end - - index = index.next - end - - index.next - end - - def halt_filter_chain(filter, reason) - @before_filter_chain_aborted = true - logger.info "Filter chain halted as [#{filter.inspect}] #{reason}." if logger - end - end - end -end diff --git a/actionpack/lib/action_controller/flash.rb b/actionpack/lib/action_controller/flash.rb deleted file mode 100644 index 56ee9c67e2..0000000000 --- a/actionpack/lib/action_controller/flash.rb +++ /dev/null @@ -1,163 +0,0 @@ -module ActionController #:nodoc: - # The flash provides a way to pass temporary objects between actions. Anything you place in the flash will be exposed - # to the very next action and then cleared out. This is a great way of doing notices and alerts, such as a create - # action that sets flash[:notice] = "Successfully created" before redirecting to a display action that can - # then expose the flash to its template. Actually, that exposure is automatically done. Example: - # - # class PostsController < ActionController::Base - # def create - # # save post - # flash[:notice] = "Successfully created post" - # redirect_to posts_path(@post) - # end - # - # def show - # # doesn't need to assign the flash notice to the template, that's done automatically - # end - # end - # - # show.html.erb - # <% if flash[:notice] %> - #
<%= flash[:notice] %>
- # <% end %> - # - # This example just places a string in the flash, but you can put any object in there. And of course, you can put as - # many as you like at a time too. Just remember: They'll be gone by the time the next action has been performed. - # - # See docs on the FlashHash class for more details about the flash. - module Flash - def self.included(base) - base.class_eval do - include InstanceMethods - alias_method_chain :perform_action, :flash - alias_method_chain :reset_session, :flash - end - end - - class FlashNow #:nodoc: - def initialize(flash) - @flash = flash - end - - def []=(k, v) - @flash[k] = v - @flash.discard(k) - v - end - - def [](k) - @flash[k] - end - end - - class FlashHash < Hash - def initialize #:nodoc: - super - @used = {} - end - - def []=(k, v) #:nodoc: - keep(k) - super - end - - def update(h) #:nodoc: - h.keys.each { |k| keep(k) } - super - end - - alias :merge! :update - - def replace(h) #:nodoc: - @used = {} - super - end - - # Sets a flash that will not be available to the next action, only to the current. - # - # flash.now[:message] = "Hello current action" - # - # This method enables you to use the flash as a central messaging system in your app. - # When you need to pass an object to the next action, you use the standard flash assign ([]=). - # When you need to pass an object to the current action, you use now, and your object will - # vanish when the current action is done. - # - # Entries set via now are accessed the same way as standard entries: flash['my-key']. - def now - FlashNow.new(self) - end - - # Keeps either the entire current flash or a specific flash entry available for the next action: - # - # flash.keep # keeps the entire flash - # flash.keep(:notice) # keeps only the "notice" entry, the rest of the flash is discarded - def keep(k = nil) - use(k, false) - end - - # Marks the entire flash or a single flash entry to be discarded by the end of the current action: - # - # flash.discard # discard the entire flash at the end of the current action - # flash.discard(:warning) # discard only the "warning" entry at the end of the current action - def discard(k = nil) - use(k) - end - - # Mark for removal entries that were kept, and delete unkept ones. - # - # This method is called automatically by filters, so you generally don't need to care about it. - def sweep #:nodoc: - keys.each do |k| - unless @used[k] - use(k) - else - delete(k) - @used.delete(k) - end - end - - # clean up after keys that could have been left over by calling reject! or shift on the flash - (@used.keys - keys).each{ |k| @used.delete(k) } - end - - private - # Used internally by the keep and discard methods - # use() # marks the entire flash as used - # use('msg') # marks the "msg" entry as used - # use(nil, false) # marks the entire flash as unused (keeps it around for one more action) - # use('msg', false) # marks the "msg" entry as unused (keeps it around for one more action) - def use(k=nil, v=true) - unless k.nil? - @used[k] = v - else - keys.each{ |key| use(key, v) } - end - end - end - - module InstanceMethods #:nodoc: - protected - def perform_action_with_flash - perform_action_without_flash - remove_instance_variable(:@_flash) if defined? @_flash - end - - def reset_session_with_flash - reset_session_without_flash - remove_instance_variable(:@_flash) if defined? @_flash - end - - # Access the contents of the flash. Use flash["notice"] to - # read a notice you put there or flash["notice"] = "hello" - # to put a new one. - def flash #:doc: - unless defined? @_flash - @_flash = session["flash"] ||= FlashHash.new - @_flash.sweep - end - - @_flash - end - end - end -end diff --git a/actionpack/lib/action_controller/headers.rb b/actionpack/lib/action_controller/headers.rb deleted file mode 100644 index 139669c66f..0000000000 --- a/actionpack/lib/action_controller/headers.rb +++ /dev/null @@ -1,33 +0,0 @@ -require 'active_support/memoizable' - -module ActionController - module Http - class Headers < ::Hash - extend ActiveSupport::Memoizable - - def initialize(*args) - if args.size == 1 && args[0].is_a?(Hash) - super() - update(args[0]) - else - super - end - end - - def [](header_name) - if include?(header_name) - super - else - super(env_name(header_name)) - end - end - - private - # Converts a HTTP header name to an environment variable name. - def env_name(header_name) - "HTTP_#{header_name.upcase.gsub(/-/, '_')}" - end - memoize :env_name - end - end -end diff --git a/actionpack/lib/action_controller/helpers.rb b/actionpack/lib/action_controller/helpers.rb deleted file mode 100644 index ba65032f6a..0000000000 --- a/actionpack/lib/action_controller/helpers.rb +++ /dev/null @@ -1,225 +0,0 @@ -require 'active_support/dependencies' - -# FIXME: helper { ... } is broken on Ruby 1.9 -module ActionController #:nodoc: - module Helpers #:nodoc: - def self.included(base) - # Initialize the base module to aggregate its helpers. - base.class_inheritable_accessor :master_helper_module - base.master_helper_module = Module.new - - # Set the default directory for helpers - base.class_inheritable_accessor :helpers_dir - base.helpers_dir = (defined?(RAILS_ROOT) ? "#{RAILS_ROOT}/app/helpers" : "app/helpers") - - # Extend base with class methods to declare helpers. - base.extend(ClassMethods) - - base.class_eval do - # Wrap inherited to create a new master helper module for subclasses. - class << self - alias_method_chain :inherited, :helper - end - end - end - - # The Rails framework provides a large number of helpers for working with +assets+, +dates+, +forms+, - # +numbers+ and Active Record objects, to name a few. These helpers are available to all templates - # by default. - # - # In addition to using the standard template helpers provided in the Rails framework, creating custom helpers to - # extract complicated logic or reusable functionality is strongly encouraged. By default, the controller will - # include a helper whose name matches that of the controller, e.g., MyController will automatically - # include MyHelper. - # - # Additional helpers can be specified using the +helper+ class method in ActionController::Base or any - # controller which inherits from it. - # - # ==== Examples - # The +to_s+ method from the Time class can be wrapped in a helper method to display a custom message if - # the Time object is blank: - # - # module FormattedTimeHelper - # def format_time(time, format=:long, blank_message=" ") - # time.blank? ? blank_message : time.to_s(format) - # end - # end - # - # FormattedTimeHelper can now be included in a controller, using the +helper+ class method: - # - # class EventsController < ActionController::Base - # helper FormattedTimeHelper - # def index - # @events = Event.find(:all) - # end - # end - # - # Then, in any view rendered by EventController, the format_time method can be called: - # - # <% @events.each do |event| -%> - #

- # <% format_time(event.time, :short, "N/A") %> | <%= event.name %> - #

- # <% end -%> - # - # Finally, assuming we have two event instances, one which has a time and one which does not, - # the output might look like this: - # - # 23 Aug 11:30 | Carolina Railhawks Soccer Match - # N/A | Carolina Railhaws Training Workshop - # - module ClassMethods - # Makes all the (instance) methods in the helper module available to templates rendered through this controller. - # See ActionView::Helpers (link:classes/ActionView/Helpers.html) for more about making your own helper modules - # available to the templates. - def add_template_helper(helper_module) #:nodoc: - master_helper_module.module_eval { include helper_module } - end - - # The +helper+ class method can take a series of helper module names, a block, or both. - # - # * *args: One or more modules, strings or symbols, or the special symbol :all. - # * &block: A block defining helper methods. - # - # ==== Examples - # When the argument is a string or symbol, the method will provide the "_helper" suffix, require the file - # and include the module in the template class. The second form illustrates how to include custom helpers - # when working with namespaced controllers, or other cases where the file containing the helper definition is not - # in one of Rails' standard load paths: - # helper :foo # => requires 'foo_helper' and includes FooHelper - # helper 'resources/foo' # => requires 'resources/foo_helper' and includes Resources::FooHelper - # - # When the argument is a module it will be included directly in the template class. - # helper FooHelper # => includes FooHelper - # - # When the argument is the symbol :all, the controller will include all helpers beneath - # ActionController::Base.helpers_dir (defaults to app/helpers/**/*.rb under RAILS_ROOT). - # helper :all - # - # Additionally, the +helper+ class method can receive and evaluate a block, making the methods defined available - # to the template. - # # One line - # helper { def hello() "Hello, world!" end } - # # Multi-line - # helper do - # def foo(bar) - # "#{bar} is the very best" - # end - # end - # - # Finally, all the above styles can be mixed together, and the +helper+ method can be invoked with a mix of - # +symbols+, +strings+, +modules+ and blocks. - # helper(:three, BlindHelper) { def mice() 'mice' end } - # - def helper(*args, &block) - args.flatten.each do |arg| - case arg - when Module - add_template_helper(arg) - when :all - helper(all_application_helpers) - when String, Symbol - file_name = arg.to_s.underscore + '_helper' - class_name = file_name.camelize - - begin - require_dependency(file_name) - rescue LoadError => load_error - requiree = / -- (.*?)(\.rb)?$/.match(load_error.message).to_a[1] - if requiree == file_name - msg = "Missing helper file helpers/#{file_name}.rb" - raise LoadError.new(msg).copy_blame!(load_error) - else - raise - end - end - - add_template_helper(class_name.constantize) - else - raise ArgumentError, "helper expects String, Symbol, or Module argument (was: #{args.inspect})" - end - end - - # Evaluate block in template class if given. - master_helper_module.module_eval(&block) if block_given? - end - - # Declare a controller method as a helper. For example, the following - # makes the +current_user+ controller method available to the view: - # class ApplicationController < ActionController::Base - # helper_method :current_user, :logged_in? - # - # def current_user - # @current_user ||= User.find_by_id(session[:user]) - # end - # - # def logged_in? - # current_user != nil - # end - # end - # - # In a view: - # <% if logged_in? -%>Welcome, <%= current_user.name %><% end -%> - def helper_method(*methods) - methods.flatten.each do |method| - master_helper_module.module_eval <<-end_eval - def #{method}(*args, &block) # def current_user(*args, &block) - controller.send(%(#{method}), *args, &block) # controller.send(%(current_user), *args, &block) - end # end - end_eval - end - end - - # Declares helper accessors for controller attributes. For example, the - # following adds new +name+ and name= instance methods to a - # controller and makes them available to the view: - # helper_attr :name - # attr_accessor :name - def helper_attr(*attrs) - attrs.flatten.each { |attr| helper_method(attr, "#{attr}=") } - end - - # Provides a proxy to access helpers methods from outside the view. - def helpers - unless @helper_proxy - @helper_proxy = ActionView::Base.new - @helper_proxy.extend master_helper_module - else - @helper_proxy - end - end - - private - def default_helper_module! - unless name.blank? - module_name = name.sub(/Controller$|$/, 'Helper') - module_path = module_name.split('::').map { |m| m.underscore }.join('/') - require_dependency module_path - helper module_name.constantize - end - rescue MissingSourceFile => e - raise unless e.is_missing? module_path - rescue NameError => e - raise unless e.missing_name? module_name - end - - def inherited_with_helper(child) - inherited_without_helper(child) - - begin - child.master_helper_module = Module.new - child.master_helper_module.__send__ :include, master_helper_module - child.__send__ :default_helper_module! - rescue MissingSourceFile => e - raise unless e.is_missing?("helpers/#{child.controller_path}_helper") - end - end - - # Extract helper names from files in app/helpers/**/*.rb - def all_application_helpers - extract = /^#{Regexp.quote(helpers_dir)}\/?(.*)_helper.rb$/ - Dir["#{helpers_dir}/**/*_helper.rb"].map { |file| file.sub extract, '\1' } - end - end - end -end diff --git a/actionpack/lib/action_controller/http_authentication.rb b/actionpack/lib/action_controller/http_authentication.rb deleted file mode 100644 index 2ed810db7d..0000000000 --- a/actionpack/lib/action_controller/http_authentication.rb +++ /dev/null @@ -1,124 +0,0 @@ -module ActionController - module HttpAuthentication - # Makes it dead easy to do HTTP Basic authentication. - # - # Simple Basic example: - # - # class PostsController < ApplicationController - # USER_NAME, PASSWORD = "dhh", "secret" - # - # before_filter :authenticate, :except => [ :index ] - # - # def index - # render :text => "Everyone can see me!" - # end - # - # def edit - # render :text => "I'm only accessible if you know the password" - # end - # - # private - # def authenticate - # authenticate_or_request_with_http_basic do |user_name, password| - # user_name == USER_NAME && password == PASSWORD - # end - # end - # end - # - # - # Here is a more advanced Basic example where only Atom feeds and the XML API is protected by HTTP authentication, - # the regular HTML interface is protected by a session approach: - # - # class ApplicationController < ActionController::Base - # before_filter :set_account, :authenticate - # - # protected - # def set_account - # @account = Account.find_by_url_name(request.subdomains.first) - # end - # - # def authenticate - # case request.format - # when Mime::XML, Mime::ATOM - # if user = authenticate_with_http_basic { |u, p| @account.users.authenticate(u, p) } - # @current_user = user - # else - # request_http_basic_authentication - # end - # else - # if session_authenticated? - # @current_user = @account.users.find(session[:authenticated][:user_id]) - # else - # redirect_to(login_url) and return false - # end - # end - # end - # end - # - # - # In your integration tests, you can do something like this: - # - # def test_access_granted_from_xml - # get( - # "/notes/1.xml", nil, - # :authorization => ActionController::HttpAuthentication::Basic.encode_credentials(users(:dhh).name, users(:dhh).password) - # ) - # - # assert_equal 200, status - # end - # - # - # On shared hosts, Apache sometimes doesn't pass authentication headers to - # FCGI instances. If your environment matches this description and you cannot - # authenticate, try this rule in your Apache setup: - # - # RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L] - module Basic - extend self - - module ControllerMethods - def authenticate_or_request_with_http_basic(realm = "Application", &login_procedure) - authenticate_with_http_basic(&login_procedure) || request_http_basic_authentication(realm) - end - - def authenticate_with_http_basic(&login_procedure) - HttpAuthentication::Basic.authenticate(self, &login_procedure) - end - - def request_http_basic_authentication(realm = "Application") - HttpAuthentication::Basic.authentication_request(self, realm) - end - end - - def authenticate(controller, &login_procedure) - unless authorization(controller.request).blank? - login_procedure.call(*user_name_and_password(controller.request)) - end - end - - def user_name_and_password(request) - decode_credentials(request).split(/:/, 2) - end - - def authorization(request) - request.env['HTTP_AUTHORIZATION'] || - request.env['X-HTTP_AUTHORIZATION'] || - request.env['X_HTTP_AUTHORIZATION'] || - request.env['REDIRECT_X_HTTP_AUTHORIZATION'] - end - - def decode_credentials(request) - ActiveSupport::Base64.decode64(authorization(request).split.last || '') - end - - def encode_credentials(user_name, password) - "Basic #{ActiveSupport::Base64.encode64("#{user_name}:#{password}")}" - end - - def authentication_request(controller, realm) - controller.headers["WWW-Authenticate"] = %(Basic realm="#{realm.gsub(/"/, "")}") - controller.__send__ :render, :text => "HTTP Basic: Access denied.\n", :status => :unauthorized - end - end - end -end diff --git a/actionpack/lib/action_controller/integration.rb b/actionpack/lib/action_controller/integration.rb deleted file mode 100644 index 163ba84a3e..0000000000 --- a/actionpack/lib/action_controller/integration.rb +++ /dev/null @@ -1,676 +0,0 @@ -require 'stringio' -require 'uri' -require 'active_support/test_case' - -module ActionController - module Integration #:nodoc: - # An integration Session instance represents a set of requests and responses - # performed sequentially by some virtual user. Becase you can instantiate - # multiple sessions and run them side-by-side, you can also mimic (to some - # limited extent) multiple simultaneous users interacting with your system. - # - # Typically, you will instantiate a new session using - # IntegrationTest#open_session, rather than instantiating - # Integration::Session directly. - class Session - include Test::Unit::Assertions - include ActionController::TestCase::Assertions - include ActionController::TestProcess - - # Rack application to use - attr_accessor :application - - # The integer HTTP status code of the last request. - attr_reader :status - - # The status message that accompanied the status code of the last request. - attr_reader :status_message - - # The URI of the last request. - attr_reader :path - - # The hostname used in the last request. - attr_accessor :host - - # The remote_addr used in the last request. - attr_accessor :remote_addr - - # The Accept header to send. - attr_accessor :accept - - # A map of the cookies returned by the last response, and which will be - # sent with the next request. - attr_reader :cookies - - # A map of the headers returned by the last response. - attr_reader :headers - - # A reference to the controller instance used by the last request. - attr_reader :controller - - # A reference to the request instance used by the last request. - attr_reader :request - - # A reference to the response instance used by the last request. - attr_reader :response - - # A running counter of the number of requests processed. - attr_accessor :request_count - - class MultiPartNeededException < Exception - end - - # Create and initialize a new Session instance. - def initialize(app = nil) - @application = app || ActionController::Dispatcher.new - reset! - end - - # Resets the instance. This can be used to reset the state information - # in an existing session instance, so it can be used from a clean-slate - # condition. - # - # session.reset! - def reset! - @status = @path = @headers = nil - @result = @status_message = nil - @https = false - @cookies = {} - @controller = @request = @response = nil - @request_count = 0 - - self.host = "www.example.com" - self.remote_addr = "127.0.0.1" - self.accept = "text/xml,application/xml,application/xhtml+xml," + - "text/html;q=0.9,text/plain;q=0.8,image/png," + - "*/*;q=0.5" - - unless defined? @named_routes_configured - # install the named routes in this session instance. - klass = class << self; self; end - Routing::Routes.install_helpers(klass) - - # the helpers are made protected by default--we make them public for - # easier access during testing and troubleshooting. - klass.module_eval { public *Routing::Routes.named_routes.helpers } - @named_routes_configured = true - end - end - - # Specify whether or not the session should mimic a secure HTTPS request. - # - # session.https! - # session.https!(false) - def https!(flag = true) - @https = flag - end - - # Return +true+ if the session is mimicking a secure HTTPS request. - # - # if session.https? - # ... - # end - def https? - @https - end - - # Set the host name to use in the next request. - # - # session.host! "www.example.com" - def host!(name) - @host = name - end - - # Follow a single redirect response. If the last response was not a - # redirect, an exception will be raised. Otherwise, the redirect is - # performed on the location header. - def follow_redirect! - raise "not a redirect! #{@status} #{@status_message}" unless redirect? - get(interpret_uri(headers['location'])) - status - end - - # Performs a request using the specified method, following any subsequent - # redirect. Note that the redirects are followed until the response is - # not a redirect--this means you may run into an infinite loop if your - # redirect loops back to itself. - def request_via_redirect(http_method, path, parameters = nil, headers = nil) - send(http_method, path, parameters, headers) - follow_redirect! while redirect? - status - end - - # Performs a GET request, following any subsequent redirect. - # See +request_via_redirect+ for more information. - def get_via_redirect(path, parameters = nil, headers = nil) - request_via_redirect(:get, path, parameters, headers) - end - - # Performs a POST request, following any subsequent redirect. - # See +request_via_redirect+ for more information. - def post_via_redirect(path, parameters = nil, headers = nil) - request_via_redirect(:post, path, parameters, headers) - end - - # Performs a PUT request, following any subsequent redirect. - # See +request_via_redirect+ for more information. - def put_via_redirect(path, parameters = nil, headers = nil) - request_via_redirect(:put, path, parameters, headers) - end - - # Performs a DELETE request, following any subsequent redirect. - # See +request_via_redirect+ for more information. - def delete_via_redirect(path, parameters = nil, headers = nil) - request_via_redirect(:delete, path, parameters, headers) - end - - # Returns +true+ if the last response was a redirect. - def redirect? - status/100 == 3 - end - - # Performs a GET request with the given parameters. - # - # - +path+: The URI (as a String) on which you want to perform a GET - # request. - # - +parameters+: The HTTP parameters that you want to pass. This may - # be +nil+, - # a Hash, or a String that is appropriately encoded - # (application/x-www-form-urlencoded or - # multipart/form-data). - # - +headers+: Additional HTTP headers to pass, as a Hash. The keys will - # automatically be upcased, with the prefix 'HTTP_' added if needed. - # - # This method returns an Response object, which one can use to - # inspect the details of the response. Furthermore, if this method was - # called from an ActionController::IntegrationTest object, then that - # object's @response instance variable will point to the same - # response object. - # - # You can also perform POST, PUT, DELETE, and HEAD requests with +post+, - # +put+, +delete+, and +head+. - def get(path, parameters = nil, headers = nil) - process :get, path, parameters, headers - end - - # Performs a POST request with the given parameters. See get() for more - # details. - def post(path, parameters = nil, headers = nil) - process :post, path, parameters, headers - end - - # Performs a PUT request with the given parameters. See get() for more - # details. - def put(path, parameters = nil, headers = nil) - process :put, path, parameters, headers - end - - # Performs a DELETE request with the given parameters. See get() for - # more details. - def delete(path, parameters = nil, headers = nil) - process :delete, path, parameters, headers - end - - # Performs a HEAD request with the given parameters. See get() for more - # details. - def head(path, parameters = nil, headers = nil) - process :head, path, parameters, headers - end - - # Performs an XMLHttpRequest request with the given parameters, mirroring - # a request from the Prototype library. - # - # The request_method is :get, :post, :put, :delete or :head; the - # parameters are +nil+, a hash, or a url-encoded or multipart string; - # the headers are a hash. Keys are automatically upcased and prefixed - # with 'HTTP_' if not already. - def xml_http_request(request_method, path, parameters = nil, headers = nil) - headers ||= {} - headers['X-Requested-With'] = 'XMLHttpRequest' - headers['Accept'] ||= [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') - process(request_method, path, parameters, headers) - end - alias xhr :xml_http_request - - # Returns the URL for the given options, according to the rules specified - # in the application's routes. - def url_for(options) - controller ? - controller.url_for(options) : - generic_url_rewriter.rewrite(options) - end - - private - # Tailors the session based on the given URI, setting the HTTPS value - # and the hostname. - def interpret_uri(path) - location = URI.parse(path) - https! URI::HTTPS === location if location.scheme - host! location.host if location.host - location.query ? "#{location.path}?#{location.query}" : location.path - end - - # Performs the actual request. - def process(method, path, parameters = nil, headers = nil) - data = requestify(parameters) - path = interpret_uri(path) if path =~ %r{://} - path = "/#{path}" unless path[0] == ?/ - @path = path - env = {} - - if method == :get - env["QUERY_STRING"] = data - data = nil - end - - env["QUERY_STRING"] ||= "" - - data = data.is_a?(IO) ? data : StringIO.new(data || '') - - env.update( - "REQUEST_METHOD" => method.to_s.upcase, - "SERVER_NAME" => host, - "SERVER_PORT" => (https? ? "443" : "80"), - "HTTPS" => https? ? "on" : "off", - "rack.url_scheme" => https? ? "https" : "http", - "SCRIPT_NAME" => "", - - "REQUEST_URI" => path, - "PATH_INFO" => path, - "HTTP_HOST" => host, - "REMOTE_ADDR" => remote_addr, - "CONTENT_TYPE" => "application/x-www-form-urlencoded", - "CONTENT_LENGTH" => data ? data.length.to_s : nil, - "HTTP_COOKIE" => encode_cookies, - "HTTP_ACCEPT" => accept, - - "rack.version" => [0,1], - "rack.input" => data, - "rack.errors" => StringIO.new, - "rack.multithread" => true, - "rack.multiprocess" => true, - "rack.run_once" => false, - - "rack.test" => true - ) - - (headers || {}).each do |key, value| - key = key.to_s.upcase.gsub(/-/, "_") - key = "HTTP_#{key}" unless env.has_key?(key) || key =~ /^HTTP_/ - env[key] = value - end - - [ControllerCapture, ActionController::ProcessWithTest].each do |mod| - unless ActionController::Base < mod - ActionController::Base.class_eval { include mod } - end - end - - ActionController::Base.clear_last_instantiation! - - app = Rack::Lint.new(@application) - - status, headers, body = app.call(env) - @request_count += 1 - - @html_document = nil - - @status = status.to_i - @status_message = StatusCodes::STATUS_CODES[@status] - - @headers = Rack::Utils::HeaderHash.new(headers) - - (@headers['Set-Cookie'] || []).each do |cookie| - name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] - @cookies[name] = value - end - - @body = "" - body.each { |part| @body << part } - - if @controller = ActionController::Base.last_instantiation - @request = @controller.request - @response = @controller.response - @controller.send(:set_test_assigns) - else - # Decorate responses from Rack Middleware and Rails Metal - # as an Response for the purposes of integration testing - @response = Response.new - @response.status = status.to_s - @response.headers.replace(@headers) - @response.body = @body - end - - # Decorate the response with the standard behavior of the - # TestResponse so that things like assert_response can be - # used in integration tests. - @response.extend(TestResponseBehavior) - - return @status - rescue MultiPartNeededException - boundary = "----------XnJLe9ZIbbGUYtzPQJ16u1" - status = process(method, path, - multipart_body(parameters, boundary), - (headers || {}).merge( - {"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"})) - return status - end - - # Encode the cookies hash in a format suitable for passing to a - # request. - def encode_cookies - cookies.inject("") do |string, (name, value)| - string << "#{name}=#{value}; " - end - end - - # Get a temporary URL writer object - def generic_url_rewriter - env = { - 'REQUEST_METHOD' => "GET", - 'QUERY_STRING' => "", - "REQUEST_URI" => "/", - "HTTP_HOST" => host, - "SERVER_PORT" => https? ? "443" : "80", - "HTTPS" => https? ? "on" : "off" - } - UrlRewriter.new(Request.new(env), {}) - end - - def name_with_prefix(prefix, name) - prefix ? "#{prefix}[#{name}]" : name.to_s - end - - # Convert the given parameters to a request string. The parameters may - # be a string, +nil+, or a Hash. - def requestify(parameters, prefix=nil) - if TestUploadedFile === parameters - raise MultiPartNeededException - elsif Hash === parameters - return nil if parameters.empty? - parameters.map { |k,v| - requestify(v, name_with_prefix(prefix, k)) - }.join("&") - elsif Array === parameters - parameters.map { |v| - requestify(v, name_with_prefix(prefix, "")) - }.join("&") - elsif prefix.nil? - parameters - else - "#{CGI.escape(prefix)}=#{CGI.escape(parameters.to_s)}" - end - end - - def multipart_requestify(params, first=true) - returning Hash.new do |p| - params.each do |key, value| - k = first ? CGI.escape(key.to_s) : "[#{CGI.escape(key.to_s)}]" - if Hash === value - multipart_requestify(value, false).each do |subkey, subvalue| - p[k + subkey] = subvalue - end - else - p[k] = value - end - end - end - end - - def multipart_body(params, boundary) - multipart_requestify(params).map do |key, value| - if value.respond_to?(:original_filename) - File.open(value.path, "rb") do |f| - f.set_encoding(Encoding::BINARY) if f.respond_to?(:set_encoding) - - <<-EOF ---#{boundary}\r -Content-Disposition: form-data; name="#{key}"; filename="#{CGI.escape(value.original_filename)}"\r -Content-Type: #{value.content_type}\r -Content-Length: #{File.stat(value.path).size}\r -\r -#{f.read}\r -EOF - end - else -<<-EOF ---#{boundary}\r -Content-Disposition: form-data; name="#{key}"\r -\r -#{value}\r -EOF - end - end.join("")+"--#{boundary}--\r" - end - end - - # A module used to extend ActionController::Base, so that integration tests - # can capture the controller used to satisfy a request. - module ControllerCapture #:nodoc: - def self.included(base) - base.extend(ClassMethods) - base.class_eval do - class << self - alias_method_chain :new, :capture - end - end - end - - module ClassMethods #:nodoc: - mattr_accessor :last_instantiation - - def clear_last_instantiation! - self.last_instantiation = nil - end - - def new_with_capture(*args) - controller = new_without_capture(*args) - self.last_instantiation ||= controller - controller - end - end - end - - module Runner - # Reset the current session. This is useful for testing multiple sessions - # in a single test case. - def reset! - @integration_session = open_session - end - - %w(get post put head delete cookies assigns - xml_http_request xhr get_via_redirect post_via_redirect).each do |method| - define_method(method) do |*args| - reset! unless @integration_session - # reset the html_document variable, but only for new get/post calls - @html_document = nil unless %w(cookies assigns).include?(method) - returning @integration_session.__send__(method, *args) do - copy_session_variables! - end - end - end - - # Open a new session instance. If a block is given, the new session is - # yielded to the block before being returned. - # - # session = open_session do |sess| - # sess.extend(CustomAssertions) - # end - # - # By default, a single session is automatically created for you, but you - # can use this method to open multiple sessions that ought to be tested - # simultaneously. - def open_session(application = nil) - session = Integration::Session.new(application) - - # delegate the fixture accessors back to the test instance - extras = Module.new { attr_accessor :delegate, :test_result } - if self.class.respond_to?(:fixture_table_names) - self.class.fixture_table_names.each do |table_name| - name = table_name.tr(".", "_") - next unless respond_to?(name) - extras.__send__(:define_method, name) { |*args| - delegate.send(name, *args) - } - end - end - - # delegate add_assertion to the test case - extras.__send__(:define_method, :add_assertion) { - test_result.add_assertion - } - session.extend(extras) - session.delegate = self - session.test_result = @_result - - yield session if block_given? - session - end - - # Copy the instance variables from the current session instance into the - # test instance. - def copy_session_variables! #:nodoc: - return unless @integration_session - %w(controller response request).each do |var| - instance_variable_set("@#{var}", @integration_session.__send__(var)) - end - end - - # Delegate unhandled messages to the current session instance. - def method_missing(sym, *args, &block) - reset! unless @integration_session - returning @integration_session.__send__(sym, *args, &block) do - copy_session_variables! - end - end - end - end - - # An IntegrationTest is one that spans multiple controllers and actions, - # tying them all together to ensure they work together as expected. It tests - # more completely than either unit or functional tests do, exercising the - # entire stack, from the dispatcher to the database. - # - # At its simplest, you simply extend IntegrationTest and write your tests - # using the get/post methods: - # - # require "#{File.dirname(__FILE__)}/test_helper" - # - # class ExampleTest < ActionController::IntegrationTest - # fixtures :people - # - # def test_login - # # get the login page - # get "/login" - # assert_equal 200, status - # - # # post the login and follow through to the home page - # post "/login", :username => people(:jamis).username, - # :password => people(:jamis).password - # follow_redirect! - # assert_equal 200, status - # assert_equal "/home", path - # end - # end - # - # However, you can also have multiple session instances open per test, and - # even extend those instances with assertions and methods to create a very - # powerful testing DSL that is specific for your application. You can even - # reference any named routes you happen to have defined! - # - # require "#{File.dirname(__FILE__)}/test_helper" - # - # class AdvancedTest < ActionController::IntegrationTest - # fixtures :people, :rooms - # - # def test_login_and_speak - # jamis, david = login(:jamis), login(:david) - # room = rooms(:office) - # - # jamis.enter(room) - # jamis.speak(room, "anybody home?") - # - # david.enter(room) - # david.speak(room, "hello!") - # end - # - # private - # - # module CustomAssertions - # def enter(room) - # # reference a named route, for maximum internal consistency! - # get(room_url(:id => room.id)) - # assert(...) - # ... - # end - # - # def speak(room, message) - # xml_http_request "/say/#{room.id}", :message => message - # assert(...) - # ... - # end - # end - # - # def login(who) - # open_session do |sess| - # sess.extend(CustomAssertions) - # who = people(who) - # sess.post "/login", :username => who.username, - # :password => who.password - # assert(...) - # end - # end - # end - class IntegrationTest < ActiveSupport::TestCase - include Integration::Runner - - # Work around a bug in test/unit caused by the default test being named - # as a symbol (:default_test), which causes regex test filters - # (like "ruby test.rb -n /foo/") to fail because =~ doesn't work on - # symbols. - def initialize(name) #:nodoc: - super(name.to_s) - end - - # Work around test/unit's requirement that every subclass of TestCase have - # at least one test method. Note that this implementation extends to all - # subclasses, as well, so subclasses of IntegrationTest may also exist - # without any test methods. - def run(*args) #:nodoc: - return if @method_name == "default_test" - super - end - - # Because of how use_instantiated_fixtures and use_transactional_fixtures - # are defined, we need to treat them as special cases. Otherwise, users - # would potentially have to set their values for both Test::Unit::TestCase - # ActionController::IntegrationTest, since by the time the value is set on - # TestCase, IntegrationTest has already been defined and cannot inherit - # changes to those variables. So, we make those two attributes - # copy-on-write. - - class << self - def use_transactional_fixtures=(flag) #:nodoc: - @_use_transactional_fixtures = true - @use_transactional_fixtures = flag - end - - def use_instantiated_fixtures=(flag) #:nodoc: - @_use_instantiated_fixtures = true - @use_instantiated_fixtures = flag - end - - def use_transactional_fixtures #:nodoc: - @_use_transactional_fixtures ? - @use_transactional_fixtures : - superclass.use_transactional_fixtures - end - - def use_instantiated_fixtures #:nodoc: - @_use_instantiated_fixtures ? - @use_instantiated_fixtures : - superclass.use_instantiated_fixtures - end - end - end -end diff --git a/actionpack/lib/action_controller/layout.rb b/actionpack/lib/action_controller/layout.rb deleted file mode 100644 index 926ae26f92..0000000000 --- a/actionpack/lib/action_controller/layout.rb +++ /dev/null @@ -1,244 +0,0 @@ -module ActionController #:nodoc: - module Layout #:nodoc: - def self.included(base) - base.extend(ClassMethods) - base.class_inheritable_accessor :layout_name, :layout_conditions - end - - # Layouts reverse the common pattern of including shared headers and footers in many templates to isolate changes in - # repeated setups. The inclusion pattern has pages that look like this: - # - # <%= render "shared/header" %> - # Hello World - # <%= render "shared/footer" %> - # - # This approach is a decent way of keeping common structures isolated from the changing content, but it's verbose - # and if you ever want to change the structure of these two includes, you'll have to change all the templates. - # - # With layouts, you can flip it around and have the common structure know where to insert changing content. This means - # that the header and footer are only mentioned in one place, like this: - # - # // The header part of this layout - # <%= yield %> - # // The footer part of this layout - # - # And then you have content pages that look like this: - # - # hello world - # - # At rendering time, the content page is computed and then inserted in the layout, like this: - # - # // The header part of this layout - # hello world - # // The footer part of this layout - # - # NOTE: The old notation for rendering the view from a layout was to expose the magic @content_for_layout instance - # variable. The preferred notation now is to use yield, as documented above. - # - # == Accessing shared variables - # - # Layouts have access to variables specified in the content pages and vice versa. This allows you to have layouts with - # references that won't materialize before rendering time: - # - #

<%= @page_title %>

- # <%= yield %> - # - # ...and content pages that fulfill these references _at_ rendering time: - # - # <% @page_title = "Welcome" %> - # Off-world colonies offers you a chance to start a new life - # - # The result after rendering is: - # - #

Welcome

- # Off-world colonies offers you a chance to start a new life - # - # == Automatic layout assignment - # - # If there is a template in app/views/layouts/ with the same name as the current controller then it will be automatically - # set as that controller's layout unless explicitly told otherwise. Say you have a WeblogController, for example. If a template named - # app/views/layouts/weblog.erb or app/views/layouts/weblog.builder exists then it will be automatically set as - # the layout for your WeblogController. You can create a layout with the name application.erb or application.builder - # and this will be set as the default controller if there is no layout with the same name as the current controller and there is - # no layout explicitly assigned with the +layout+ method. Nested controllers use the same folder structure for automatic layout. - # assignment. So an Admin::WeblogController will look for a template named app/views/layouts/admin/weblog.erb. - # Setting a layout explicitly will always override the automatic behaviour for the controller where the layout is set. - # Explicitly setting the layout in a parent class, though, will not override the child class's layout assignment if the child - # class has a layout with the same name. - # - # == Inheritance for layouts - # - # Layouts are shared downwards in the inheritance hierarchy, but not upwards. Examples: - # - # class BankController < ActionController::Base - # layout "bank_standard" - # - # class InformationController < BankController - # - # class VaultController < BankController - # layout :access_level_layout - # - # class EmployeeController < BankController - # layout nil - # - # The InformationController uses "bank_standard" inherited from the BankController, the VaultController overwrites - # and picks the layout dynamically, and the EmployeeController doesn't want to use a layout at all. - # - # == Types of layouts - # - # Layouts are basically just regular templates, but the name of this template needs not be specified statically. Sometimes - # you want to alternate layouts depending on runtime information, such as whether someone is logged in or not. This can - # be done either by specifying a method reference as a symbol or using an inline method (as a proc). - # - # The method reference is the preferred approach to variable layouts and is used like this: - # - # class WeblogController < ActionController::Base - # layout :writers_and_readers - # - # def index - # # fetching posts - # end - # - # private - # def writers_and_readers - # logged_in? ? "writer_layout" : "reader_layout" - # end - # - # Now when a new request for the index action is processed, the layout will vary depending on whether the person accessing - # is logged in or not. - # - # If you want to use an inline method, such as a proc, do something like this: - # - # class WeblogController < ActionController::Base - # layout proc{ |controller| controller.logged_in? ? "writer_layout" : "reader_layout" } - # - # Of course, the most common way of specifying a layout is still just as a plain template name: - # - # class WeblogController < ActionController::Base - # layout "weblog_standard" - # - # If no directory is specified for the template name, the template will by default be looked for in app/views/layouts/. - # Otherwise, it will be looked up relative to the template root. - # - # == Conditional layouts - # - # If you have a layout that by default is applied to all the actions of a controller, you still have the option of rendering - # a given action or set of actions without a layout, or restricting a layout to only a single action or a set of actions. The - # :only and :except options can be passed to the layout call. For example: - # - # class WeblogController < ActionController::Base - # layout "weblog_standard", :except => :rss - # - # # ... - # - # end - # - # This will assign "weblog_standard" as the WeblogController's layout except for the +rss+ action, which will not wrap a layout - # around the rendered view. - # - # Both the :only and :except condition can accept an arbitrary number of method references, so - # #:except => [ :rss, :text_only ] is valid, as is :except => :rss. - # - # == Using a different layout in the action render call - # - # If most of your actions use the same layout, it makes perfect sense to define a controller-wide layout as described above. - # Sometimes you'll have exceptions where one action wants to use a different layout than the rest of the controller. - # You can do this by passing a :layout option to the render call. For example: - # - # class WeblogController < ActionController::Base - # layout "weblog_standard" - # - # def help - # render :action => "help", :layout => "help" - # end - # end - # - # This will render the help action with the "help" layout instead of the controller-wide "weblog_standard" layout. - module ClassMethods - extend ActiveSupport::Memoizable - - # If a layout is specified, all rendered actions will have their result rendered - # when the layout yields. This layout can itself depend on instance variables assigned during action - # performance and have access to them as any normal template would. - def layout(template_name, conditions = {}, auto = false) - add_layout_conditions(conditions) - self.layout_name = template_name - end - - def memoized_default_layout(formats) #:nodoc: - self.layout_name || begin - layout = default_layout_name - layout.is_a?(String) ? find_layout(layout, formats) : layout - rescue ActionView::MissingTemplate - end - end - - def default_layout(*args) - (@_memoized_default_layout ||= ::ActiveSupport::ConcurrentHash.new)[args] ||= memoized_default_layout(*args) - end - - def memoized_find_layout(layout, formats) #:nodoc: - return layout if layout.nil? || layout.respond_to?(:render) - prefix = layout.to_s =~ /layouts\// ? nil : "layouts" - view_paths.find_by_parts(layout.to_s, formats, prefix) - end - - def find_layout(*args) - (@_memoized_find_layout ||= ::ActiveSupport::ConcurrentHash.new)[args] ||= memoized_find_layout(*args) - end - - def layout_list #:nodoc: - Array(view_paths).sum([]) { |path| Dir["#{path}/layouts/**/*"] } - end - memoize :layout_list - - def default_layout_name - layout_match = name.underscore.sub(/_controller$/, '') - if layout_list.grep(%r{layouts/#{layout_match}(\.[a-z][0-9a-z]*)+$}).empty? - superclass.default_layout_name if superclass.respond_to?(:default_layout_name) - else - layout_match - end - end - memoize :default_layout_name - - private - def add_layout_conditions(conditions) - # :except => :foo == :except => [:foo] == :except => "foo" == :except => ["foo"] - conditions.each {|k, v| conditions[k] = Array(v).map {|a| a.to_s} } - write_inheritable_hash(:layout_conditions, conditions) - end - end - - def active_layout(name) - name = self.class.default_layout(formats) if name == true - - layout_name = case name - when Symbol then __send__(name) - when Proc then name.call(self) - else name - end - - self.class.find_layout(layout_name, formats) - end - - def _pick_layout(layout_name, implicit = false) - return unless layout_name || implicit - layout_name = true if layout_name.nil? - active_layout(layout_name) if action_has_layout? && layout_name - end - - private - def action_has_layout? - if conditions = self.class.layout_conditions - if only = conditions[:only] - return only.include?(action_name) - elsif except = conditions[:except] - return !except.include?(action_name) - end - end - true - end - - end -end diff --git a/actionpack/lib/action_controller/middleware_stack.rb b/actionpack/lib/action_controller/middleware_stack.rb deleted file mode 100644 index dbc2fda41e..0000000000 --- a/actionpack/lib/action_controller/middleware_stack.rb +++ /dev/null @@ -1,109 +0,0 @@ -module ActionController - class MiddlewareStack < Array - class Middleware - def self.new(klass, *args, &block) - if klass.is_a?(self) - klass - else - super - end - end - - attr_reader :args, :block - - def initialize(klass, *args, &block) - @klass = klass - - options = args.extract_options! - if options.has_key?(:if) - @conditional = options.delete(:if) - else - @conditional = true - end - args << options unless options.empty? - - @args = args - @block = block - end - - def klass - if @klass.is_a?(Class) - @klass - else - @klass.to_s.constantize - end - rescue NameError - @klass - end - - def active? - if @conditional.respond_to?(:call) - @conditional.call - else - @conditional - end - end - - def ==(middleware) - case middleware - when Middleware - klass == middleware.klass - when Class - klass == middleware - else - klass == middleware.to_s.constantize - end - end - - def inspect - str = klass.to_s - args.each { |arg| str += ", #{arg.inspect}" } - str - end - - def build(app) - if block - klass.new(app, *args, &block) - else - klass.new(app, *args) - end - end - end - - def initialize(*args, &block) - super(*args) - block.call(self) if block_given? - end - - def insert(index, *args, &block) - index = self.index(index) unless index.is_a?(Integer) - middleware = Middleware.new(*args, &block) - super(index, middleware) - end - - alias_method :insert_before, :insert - - def insert_after(index, *args, &block) - index = self.index(index) unless index.is_a?(Integer) - insert(index + 1, *args, &block) - end - - def swap(target, *args, &block) - insert_before(target, *args, &block) - delete(target) - end - - def use(*args, &block) - middleware = Middleware.new(*args, &block) - push(middleware) - end - - def active - find_all { |middleware| middleware.active? } - end - - def build(app) - active.reverse.inject(app) { |a, e| e.build(a) } - end - end -end diff --git a/actionpack/lib/action_controller/middlewares.rb b/actionpack/lib/action_controller/middlewares.rb deleted file mode 100644 index f9cfc2b18e..0000000000 --- a/actionpack/lib/action_controller/middlewares.rb +++ /dev/null @@ -1,21 +0,0 @@ -use "Rack::Lock", :if => lambda { - !ActionController::Base.allow_concurrency -} - -use "ActionController::Failsafe" - -["ActionController::Session::CookieStore", - "ActionController::Session::MemCacheStore", - "ActiveRecord::SessionStore"].each do |store| - use(store, ActionController::Base.session_options, - :if => lambda { - if session_store = ActionController::Base.session_store - session_store.name == store - end - } - ) -end - -use "ActionController::RewindableInput" -use "ActionController::ParamsParser" -use "Rack::MethodOverride" diff --git a/actionpack/lib/action_controller/mime/default_types.rb b/actionpack/lib/action_controller/mime/default_types.rb new file mode 100644 index 0000000000..2d7fba1173 --- /dev/null +++ b/actionpack/lib/action_controller/mime/default_types.rb @@ -0,0 +1,21 @@ +# Build list of Mime types for HTTP responses +# http://www.iana.org/assignments/media-types/ + +Mime::Type.register "*/*", :all +Mime::Type.register "text/plain", :text, [], %w(txt) +Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml ) +Mime::Type.register "text/javascript", :js, %w( application/javascript application/x-javascript ) +Mime::Type.register "text/css", :css +Mime::Type.register "text/calendar", :ics +Mime::Type.register "text/csv", :csv +Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml ) +Mime::Type.register "application/rss+xml", :rss +Mime::Type.register "application/atom+xml", :atom +Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml ) + +Mime::Type.register "multipart/form-data", :multipart_form +Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form + +# http://www.ietf.org/rfc/rfc4627.txt +# http://www.json.org/JSONRequest.html +Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest ) \ No newline at end of file diff --git a/actionpack/lib/action_controller/mime/responds.rb b/actionpack/lib/action_controller/mime/responds.rb new file mode 100644 index 0000000000..bac225ab2a --- /dev/null +++ b/actionpack/lib/action_controller/mime/responds.rb @@ -0,0 +1,190 @@ +module ActionController #:nodoc: + module MimeResponds #:nodoc: + def self.included(base) + base.module_eval do + include ActionController::MimeResponds::InstanceMethods + end + end + + module InstanceMethods + # Without web-service support, an action which collects the data for displaying a list of people + # might look something like this: + # + # def index + # @people = Person.find(:all) + # end + # + # Here's the same action, with web-service support baked in: + # + # def index + # @people = Person.find(:all) + # + # respond_to do |format| + # format.html + # format.xml { render :xml => @people.to_xml } + # end + # end + # + # What that says is, "if the client wants HTML in response to this action, just respond as we + # would have before, but if the client wants XML, return them the list of people in XML format." + # (Rails determines the desired response format from the HTTP Accept header submitted by the client.) + # + # Supposing you have an action that adds a new person, optionally creating their company + # (by name) if it does not already exist, without web-services, it might look like this: + # + # def create + # @company = Company.find_or_create_by_name(params[:company][:name]) + # @person = @company.people.create(params[:person]) + # + # redirect_to(person_list_url) + # end + # + # Here's the same action, with web-service support baked in: + # + # def create + # company = params[:person].delete(:company) + # @company = Company.find_or_create_by_name(company[:name]) + # @person = @company.people.create(params[:person]) + # + # respond_to do |format| + # format.html { redirect_to(person_list_url) } + # format.js + # format.xml { render :xml => @person.to_xml(:include => @company) } + # end + # end + # + # If the client wants HTML, we just redirect them back to the person list. If they want Javascript + # (format.js), then it is an RJS request and we render the RJS template associated with this action. + # Lastly, if the client wants XML, we render the created person as XML, but with a twist: we also + # include the person's company in the rendered XML, so you get something like this: + # + # + # ... + # ... + # + # ... + # ... + # ... + # + # + # + # Note, however, the extra bit at the top of that action: + # + # company = params[:person].delete(:company) + # @company = Company.find_or_create_by_name(company[:name]) + # + # This is because the incoming XML document (if a web-service request is in process) can only contain a + # single root-node. So, we have to rearrange things so that the request looks like this (url-encoded): + # + # person[name]=...&person[company][name]=...&... + # + # And, like this (xml-encoded): + # + # + # ... + # + # ... + # + # + # + # In other words, we make the request so that it operates on a single entity's person. Then, in the action, + # we extract the company data from the request, find or create the company, and then create the new person + # with the remaining data. + # + # Note that you can define your own XML parameter parser which would allow you to describe multiple entities + # in a single request (i.e., by wrapping them all in a single root node), but if you just go with the flow + # and accept Rails' defaults, life will be much easier. + # + # If you need to use a MIME type which isn't supported by default, you can register your own handlers in + # environment.rb as follows. + # + # Mime::Type.register "image/jpg", :jpg + def respond_to(*types, &block) + raise ArgumentError, "respond_to takes either types or a block, never both" unless types.any? ^ block + block ||= lambda { |responder| types.each { |type| responder.send(type) } } + responder = Responder.new(self) + block.call(responder) + responder.respond + end + end + + class Responder #:nodoc: + + def initialize(controller) + @controller = controller + @request = controller.request + @response = controller.response + + @mime_type_priority = @request.formats + + @order = [] + @responses = {} + end + + def custom(mime_type, &block) + mime_type = mime_type.is_a?(Mime::Type) ? mime_type : Mime::Type.lookup(mime_type.to_s) + + @order << mime_type + + @responses[mime_type] ||= Proc.new do + @response.template.formats = [mime_type.to_sym] + @response.content_type = mime_type.to_s + block_given? ? block.call : @controller.send(:render, :action => @controller.action_name) + end + end + + def any(*args, &block) + if args.any? + args.each { |type| send(type, &block) } + else + custom(@mime_type_priority.first, &block) + end + end + + def self.generate_method_for_mime(mime) + sym = mime.is_a?(Symbol) ? mime : mime.to_sym + const = sym.to_s.upcase + class_eval <<-RUBY, __FILE__, __LINE__ + 1 + def #{sym}(&block) # def html(&block) + custom(Mime::#{const}, &block) # custom(Mime::HTML, &block) + end # end + RUBY + end + + Mime::SET.each do |mime| + generate_method_for_mime(mime) + end + + def method_missing(symbol, &block) + mime_constant = Mime.const_get(symbol.to_s.upcase) + + if Mime::SET.include?(mime_constant) + self.class.generate_method_for_mime(mime_constant) + send(symbol, &block) + else + super + end + end + + def respond + for priority in @mime_type_priority + if priority == Mime::ALL + @responses[@order.first].call + return + else + if @responses[priority] + @responses[priority].call + return # mime type match found, be happy and return + end + end + end + + if @order.include?(Mime::ALL) + @responses[Mime::ALL].call + else + @controller.send :head, :not_acceptable + end + end + end + end +end diff --git a/actionpack/lib/action_controller/mime/type.rb b/actionpack/lib/action_controller/mime/type.rb new file mode 100644 index 0000000000..23a39dff54 --- /dev/null +++ b/actionpack/lib/action_controller/mime/type.rb @@ -0,0 +1,214 @@ +require 'set' + +module Mime + SET = [] + EXTENSION_LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? } + LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? } + + def self.[](type) + Type.lookup_by_extension(type.to_s) + end + + # Encapsulates the notion of a mime type. Can be used at render time, for example, with: + # + # class PostsController < ActionController::Base + # def show + # @post = Post.find(params[:id]) + # + # respond_to do |format| + # format.html + # format.ics { render :text => post.to_ics, :mime_type => Mime::Type["text/calendar"] } + # format.xml { render :xml => @people.to_xml } + # end + # end + # end + class Type + @@html_types = Set.new [:html, :all] + cattr_reader :html_types + + # These are the content types which browsers can generate without using ajax, flash, etc + # i.e. following a link, getting an image or posting a form. CSRF protection + # only needs to protect against these types. + @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text] + cattr_reader :browser_generated_types + attr_reader :symbol + + @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml] + def self.unverifiable_types + ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller) + @@unverifiable_types + end + + # A simple helper class used in parsing the accept header + class AcceptItem #:nodoc: + attr_accessor :order, :name, :q + + def initialize(order, name, q=nil) + @order = order + @name = name.strip + q ||= 0.0 if @name == Mime::ALL # default wilcard match to end of list + @q = ((q || 1.0).to_f * 100).to_i + end + + def to_s + @name + end + + def <=>(item) + result = item.q <=> q + result = order <=> item.order if result == 0 + result + end + + def ==(item) + name == (item.respond_to?(:name) ? item.name : item) + end + end + + class << self + def lookup(string) + LOOKUP[string] + end + + def lookup_by_extension(extension) + EXTENSION_LOOKUP[extension] + end + + # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for + # rendering different HTML versions depending on the user agent, like an iPhone. + def register_alias(string, symbol, extension_synonyms = []) + register(string, symbol, [], extension_synonyms, true) + end + + def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false) + Mime.instance_eval { const_set symbol.to_s.upcase, Type.new(string, symbol, mime_type_synonyms) } + + SET << Mime.const_get(symbol.to_s.upcase) + + ([string] + mime_type_synonyms).each { |string| LOOKUP[string] = SET.last } unless skip_lookup + ([symbol.to_s] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext] = SET.last } + end + + def parse(accept_header) + if accept_header !~ /,/ + [Mime::Type.lookup(accept_header)] + else + # keep track of creation order to keep the subsequent sort stable + list = [] + accept_header.split(/,/).each_with_index do |header, index| + params, q = header.split(/;\s*q=/) + if params + params.strip! + list << AcceptItem.new(index, params, q) unless params.empty? + end + end + list.sort! + + # Take care of the broken text/xml entry by renaming or deleting it + text_xml = list.index("text/xml") + app_xml = list.index(Mime::XML.to_s) + + if text_xml && app_xml + # set the q value to the max of the two + list[app_xml].q = [list[text_xml].q, list[app_xml].q].max + + # make sure app_xml is ahead of text_xml in the list + if app_xml > text_xml + list[app_xml], list[text_xml] = list[text_xml], list[app_xml] + app_xml, text_xml = text_xml, app_xml + end + + # delete text_xml from the list + list.delete_at(text_xml) + + elsif text_xml + list[text_xml].name = Mime::XML.to_s + end + + # Look for more specific XML-based types and sort them ahead of app/xml + + if app_xml + idx = app_xml + app_xml_type = list[app_xml] + + while(idx < list.length) + type = list[idx] + break if type.q < app_xml_type.q + if type.name =~ /\+xml$/ + list[app_xml], list[idx] = list[idx], list[app_xml] + app_xml = idx + end + idx += 1 + end + end + + list.map! { |i| Mime::Type.lookup(i.name) }.uniq! + list + end + end + end + + def initialize(string, symbol = nil, synonyms = []) + @symbol, @synonyms = symbol, synonyms + @string = string + end + + def to_s + @string + end + + def to_str + to_s + end + + def to_sym + @symbol || @string.to_sym + end + + def ===(list) + if list.is_a?(Array) + (@synonyms + [ self ]).any? { |synonym| list.include?(synonym) } + else + super + end + end + + def ==(mime_type) + return false if mime_type.blank? + (@synonyms + [ self ]).any? do |synonym| + require "ruby-debug" + debugger if mime_type.is_a?(Array) + synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym + end + end + + def =~(mime_type) + return false if mime_type.blank? + regexp = Regexp.new(Regexp.quote(mime_type.to_s)) + (@synonyms + [ self ]).any? do |synonym| + synonym.to_s =~ regexp + end + end + + # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See + # ActionController::RequestForgeryProtection. + def verify_request? + @@browser_generated_types.include?(to_sym) + end + + def html? + @@html_types.include?(to_sym) || @string =~ /html/ + end + + private + def method_missing(method, *args) + if method.to_s =~ /(\w+)\?$/ + $1.downcase.to_sym == to_sym + else + super + end + end + end +end + +require 'action_controller/mime/default_types' diff --git a/actionpack/lib/action_controller/mime_responds.rb b/actionpack/lib/action_controller/mime_responds.rb deleted file mode 100644 index bac225ab2a..0000000000 --- a/actionpack/lib/action_controller/mime_responds.rb +++ /dev/null @@ -1,190 +0,0 @@ -module ActionController #:nodoc: - module MimeResponds #:nodoc: - def self.included(base) - base.module_eval do - include ActionController::MimeResponds::InstanceMethods - end - end - - module InstanceMethods - # Without web-service support, an action which collects the data for displaying a list of people - # might look something like this: - # - # def index - # @people = Person.find(:all) - # end - # - # Here's the same action, with web-service support baked in: - # - # def index - # @people = Person.find(:all) - # - # respond_to do |format| - # format.html - # format.xml { render :xml => @people.to_xml } - # end - # end - # - # What that says is, "if the client wants HTML in response to this action, just respond as we - # would have before, but if the client wants XML, return them the list of people in XML format." - # (Rails determines the desired response format from the HTTP Accept header submitted by the client.) - # - # Supposing you have an action that adds a new person, optionally creating their company - # (by name) if it does not already exist, without web-services, it might look like this: - # - # def create - # @company = Company.find_or_create_by_name(params[:company][:name]) - # @person = @company.people.create(params[:person]) - # - # redirect_to(person_list_url) - # end - # - # Here's the same action, with web-service support baked in: - # - # def create - # company = params[:person].delete(:company) - # @company = Company.find_or_create_by_name(company[:name]) - # @person = @company.people.create(params[:person]) - # - # respond_to do |format| - # format.html { redirect_to(person_list_url) } - # format.js - # format.xml { render :xml => @person.to_xml(:include => @company) } - # end - # end - # - # If the client wants HTML, we just redirect them back to the person list. If they want Javascript - # (format.js), then it is an RJS request and we render the RJS template associated with this action. - # Lastly, if the client wants XML, we render the created person as XML, but with a twist: we also - # include the person's company in the rendered XML, so you get something like this: - # - # - # ... - # ... - # - # ... - # ... - # ... - # - # - # - # Note, however, the extra bit at the top of that action: - # - # company = params[:person].delete(:company) - # @company = Company.find_or_create_by_name(company[:name]) - # - # This is because the incoming XML document (if a web-service request is in process) can only contain a - # single root-node. So, we have to rearrange things so that the request looks like this (url-encoded): - # - # person[name]=...&person[company][name]=...&... - # - # And, like this (xml-encoded): - # - # - # ... - # - # ... - # - # - # - # In other words, we make the request so that it operates on a single entity's person. Then, in the action, - # we extract the company data from the request, find or create the company, and then create the new person - # with the remaining data. - # - # Note that you can define your own XML parameter parser which would allow you to describe multiple entities - # in a single request (i.e., by wrapping them all in a single root node), but if you just go with the flow - # and accept Rails' defaults, life will be much easier. - # - # If you need to use a MIME type which isn't supported by default, you can register your own handlers in - # environment.rb as follows. - # - # Mime::Type.register "image/jpg", :jpg - def respond_to(*types, &block) - raise ArgumentError, "respond_to takes either types or a block, never both" unless types.any? ^ block - block ||= lambda { |responder| types.each { |type| responder.send(type) } } - responder = Responder.new(self) - block.call(responder) - responder.respond - end - end - - class Responder #:nodoc: - - def initialize(controller) - @controller = controller - @request = controller.request - @response = controller.response - - @mime_type_priority = @request.formats - - @order = [] - @responses = {} - end - - def custom(mime_type, &block) - mime_type = mime_type.is_a?(Mime::Type) ? mime_type : Mime::Type.lookup(mime_type.to_s) - - @order << mime_type - - @responses[mime_type] ||= Proc.new do - @response.template.formats = [mime_type.to_sym] - @response.content_type = mime_type.to_s - block_given? ? block.call : @controller.send(:render, :action => @controller.action_name) - end - end - - def any(*args, &block) - if args.any? - args.each { |type| send(type, &block) } - else - custom(@mime_type_priority.first, &block) - end - end - - def self.generate_method_for_mime(mime) - sym = mime.is_a?(Symbol) ? mime : mime.to_sym - const = sym.to_s.upcase - class_eval <<-RUBY, __FILE__, __LINE__ + 1 - def #{sym}(&block) # def html(&block) - custom(Mime::#{const}, &block) # custom(Mime::HTML, &block) - end # end - RUBY - end - - Mime::SET.each do |mime| - generate_method_for_mime(mime) - end - - def method_missing(symbol, &block) - mime_constant = Mime.const_get(symbol.to_s.upcase) - - if Mime::SET.include?(mime_constant) - self.class.generate_method_for_mime(mime_constant) - send(symbol, &block) - else - super - end - end - - def respond - for priority in @mime_type_priority - if priority == Mime::ALL - @responses[@order.first].call - return - else - if @responses[priority] - @responses[priority].call - return # mime type match found, be happy and return - end - end - end - - if @order.include?(Mime::ALL) - @responses[Mime::ALL].call - else - @controller.send :head, :not_acceptable - end - end - end - end -end diff --git a/actionpack/lib/action_controller/mime_type.rb b/actionpack/lib/action_controller/mime_type.rb deleted file mode 100644 index 3d26870f4f..0000000000 --- a/actionpack/lib/action_controller/mime_type.rb +++ /dev/null @@ -1,214 +0,0 @@ -require 'set' - -module Mime - SET = [] - EXTENSION_LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? } - LOOKUP = Hash.new { |h, k| h[k] = Type.new(k) unless k.blank? } - - def self.[](type) - Type.lookup_by_extension(type.to_s) - end - - # Encapsulates the notion of a mime type. Can be used at render time, for example, with: - # - # class PostsController < ActionController::Base - # def show - # @post = Post.find(params[:id]) - # - # respond_to do |format| - # format.html - # format.ics { render :text => post.to_ics, :mime_type => Mime::Type["text/calendar"] } - # format.xml { render :xml => @people.to_xml } - # end - # end - # end - class Type - @@html_types = Set.new [:html, :all] - cattr_reader :html_types - - # These are the content types which browsers can generate without using ajax, flash, etc - # i.e. following a link, getting an image or posting a form. CSRF protection - # only needs to protect against these types. - @@browser_generated_types = Set.new [:html, :url_encoded_form, :multipart_form, :text] - cattr_reader :browser_generated_types - attr_reader :symbol - - @@unverifiable_types = Set.new [:text, :json, :csv, :xml, :rss, :atom, :yaml] - def self.unverifiable_types - ActiveSupport::Deprecation.warn("unverifiable_types is deprecated and has no effect", caller) - @@unverifiable_types - end - - # A simple helper class used in parsing the accept header - class AcceptItem #:nodoc: - attr_accessor :order, :name, :q - - def initialize(order, name, q=nil) - @order = order - @name = name.strip - q ||= 0.0 if @name == Mime::ALL # default wilcard match to end of list - @q = ((q || 1.0).to_f * 100).to_i - end - - def to_s - @name - end - - def <=>(item) - result = item.q <=> q - result = order <=> item.order if result == 0 - result - end - - def ==(item) - name == (item.respond_to?(:name) ? item.name : item) - end - end - - class << self - def lookup(string) - LOOKUP[string] - end - - def lookup_by_extension(extension) - EXTENSION_LOOKUP[extension] - end - - # Registers an alias that's not used on mime type lookup, but can be referenced directly. Especially useful for - # rendering different HTML versions depending on the user agent, like an iPhone. - def register_alias(string, symbol, extension_synonyms = []) - register(string, symbol, [], extension_synonyms, true) - end - - def register(string, symbol, mime_type_synonyms = [], extension_synonyms = [], skip_lookup = false) - Mime.instance_eval { const_set symbol.to_s.upcase, Type.new(string, symbol, mime_type_synonyms) } - - SET << Mime.const_get(symbol.to_s.upcase) - - ([string] + mime_type_synonyms).each { |string| LOOKUP[string] = SET.last } unless skip_lookup - ([symbol.to_s] + extension_synonyms).each { |ext| EXTENSION_LOOKUP[ext] = SET.last } - end - - def parse(accept_header) - if accept_header !~ /,/ - [Mime::Type.lookup(accept_header)] - else - # keep track of creation order to keep the subsequent sort stable - list = [] - accept_header.split(/,/).each_with_index do |header, index| - params, q = header.split(/;\s*q=/) - if params - params.strip! - list << AcceptItem.new(index, params, q) unless params.empty? - end - end - list.sort! - - # Take care of the broken text/xml entry by renaming or deleting it - text_xml = list.index("text/xml") - app_xml = list.index(Mime::XML.to_s) - - if text_xml && app_xml - # set the q value to the max of the two - list[app_xml].q = [list[text_xml].q, list[app_xml].q].max - - # make sure app_xml is ahead of text_xml in the list - if app_xml > text_xml - list[app_xml], list[text_xml] = list[text_xml], list[app_xml] - app_xml, text_xml = text_xml, app_xml - end - - # delete text_xml from the list - list.delete_at(text_xml) - - elsif text_xml - list[text_xml].name = Mime::XML.to_s - end - - # Look for more specific XML-based types and sort them ahead of app/xml - - if app_xml - idx = app_xml - app_xml_type = list[app_xml] - - while(idx < list.length) - type = list[idx] - break if type.q < app_xml_type.q - if type.name =~ /\+xml$/ - list[app_xml], list[idx] = list[idx], list[app_xml] - app_xml = idx - end - idx += 1 - end - end - - list.map! { |i| Mime::Type.lookup(i.name) }.uniq! - list - end - end - end - - def initialize(string, symbol = nil, synonyms = []) - @symbol, @synonyms = symbol, synonyms - @string = string - end - - def to_s - @string - end - - def to_str - to_s - end - - def to_sym - @symbol || @string.to_sym - end - - def ===(list) - if list.is_a?(Array) - (@synonyms + [ self ]).any? { |synonym| list.include?(synonym) } - else - super - end - end - - def ==(mime_type) - return false if mime_type.blank? - (@synonyms + [ self ]).any? do |synonym| - require "ruby-debug" - debugger if mime_type.is_a?(Array) - synonym.to_s == mime_type.to_s || synonym.to_sym == mime_type.to_sym - end - end - - def =~(mime_type) - return false if mime_type.blank? - regexp = Regexp.new(Regexp.quote(mime_type.to_s)) - (@synonyms + [ self ]).any? do |synonym| - synonym.to_s =~ regexp - end - end - - # Returns true if Action Pack should check requests using this Mime Type for possible request forgery. See - # ActionController::RequestForgeryProtection. - def verify_request? - @@browser_generated_types.include?(to_sym) - end - - def html? - @@html_types.include?(to_sym) || @string =~ /html/ - end - - private - def method_missing(method, *args) - if method.to_s =~ /(\w+)\?$/ - $1.downcase.to_sym == to_sym - else - super - end - end - end -end - -require 'action_controller/mime_types' diff --git a/actionpack/lib/action_controller/mime_types.rb b/actionpack/lib/action_controller/mime_types.rb deleted file mode 100644 index 2d7fba1173..0000000000 --- a/actionpack/lib/action_controller/mime_types.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Build list of Mime types for HTTP responses -# http://www.iana.org/assignments/media-types/ - -Mime::Type.register "*/*", :all -Mime::Type.register "text/plain", :text, [], %w(txt) -Mime::Type.register "text/html", :html, %w( application/xhtml+xml ), %w( xhtml ) -Mime::Type.register "text/javascript", :js, %w( application/javascript application/x-javascript ) -Mime::Type.register "text/css", :css -Mime::Type.register "text/calendar", :ics -Mime::Type.register "text/csv", :csv -Mime::Type.register "application/xml", :xml, %w( text/xml application/x-xml ) -Mime::Type.register "application/rss+xml", :rss -Mime::Type.register "application/atom+xml", :atom -Mime::Type.register "application/x-yaml", :yaml, %w( text/yaml ) - -Mime::Type.register "multipart/form-data", :multipart_form -Mime::Type.register "application/x-www-form-urlencoded", :url_encoded_form - -# http://www.ietf.org/rfc/rfc4627.txt -# http://www.json.org/JSONRequest.html -Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest ) \ No newline at end of file diff --git a/actionpack/lib/action_controller/params_parser.rb b/actionpack/lib/action_controller/params_parser.rb deleted file mode 100644 index d269fe07fa..0000000000 --- a/actionpack/lib/action_controller/params_parser.rb +++ /dev/null @@ -1,71 +0,0 @@ -module ActionController - class ParamsParser - ActionController::Base.param_parsers[Mime::XML] = :xml_simple - ActionController::Base.param_parsers[Mime::JSON] = :json - - def initialize(app) - @app = app - end - - def call(env) - if params = parse_formatted_parameters(env) - env["action_controller.request.request_parameters"] = params - end - - @app.call(env) - end - - private - def parse_formatted_parameters(env) - request = Request.new(env) - - return false if request.content_length.zero? - - mime_type = content_type_from_legacy_post_data_format_header(env) || request.content_type - strategy = ActionController::Base.param_parsers[mime_type] - - return false unless strategy - - case strategy - when Proc - strategy.call(request.raw_post) - when :xml_simple, :xml_node - body = request.raw_post - body.blank? ? {} : Hash.from_xml(body).with_indifferent_access - when :yaml - YAML.load(request.raw_post) - when :json - body = request.raw_post - if body.blank? - {} - else - data = ActiveSupport::JSON.decode(body) - data = {:_json => data} unless data.is_a?(Hash) - data.with_indifferent_access - end - else - false - end - rescue Exception => e # YAML, XML or Ruby code block errors - raise - { "body" => request.raw_post, - "content_type" => request.content_type, - "content_length" => request.content_length, - "exception" => "#{e.message} (#{e.class})", - "backtrace" => e.backtrace } - end - - def content_type_from_legacy_post_data_format_header(env) - if x_post_format = env['HTTP_X_POST_DATA_FORMAT'] - case x_post_format.to_s.downcase - when 'yaml' - return Mime::YAML - when 'xml' - return Mime::XML - end - end - - nil - end - end -end diff --git a/actionpack/lib/action_controller/performance_test.rb b/actionpack/lib/action_controller/performance_test.rb deleted file mode 100644 index d88180087d..0000000000 --- a/actionpack/lib/action_controller/performance_test.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'active_support/testing/performance' -require 'active_support/testing/default' - -module ActionController - # An integration test that runs a code profiler on your test methods. - # Profiling output for combinations of each test method, measurement, and - # output format are written to your tmp/performance directory. - # - # By default, process_time is measured and both flat and graph_html output - # formats are written, so you'll have two output files per test method. - class PerformanceTest < ActionController::IntegrationTest - include ActiveSupport::Testing::Performance - include ActiveSupport::Testing::Default - end -end diff --git a/actionpack/lib/action_controller/polymorphic_routes.rb b/actionpack/lib/action_controller/polymorphic_routes.rb deleted file mode 100644 index 924d1aa6bd..0000000000 --- a/actionpack/lib/action_controller/polymorphic_routes.rb +++ /dev/null @@ -1,201 +0,0 @@ -module ActionController - # Polymorphic URL helpers are methods for smart resolution to a named route call when - # given an Active Record model instance. They are to be used in combination with - # ActionController::Resources. - # - # These methods are useful when you want to generate correct URL or path to a RESTful - # resource without having to know the exact type of the record in question. - # - # Nested resources and/or namespaces are also supported, as illustrated in the example: - # - # polymorphic_url([:admin, @article, @comment]) - # - # results in: - # - # admin_article_comment_url(@article, @comment) - # - # == Usage within the framework - # - # Polymorphic URL helpers are used in a number of places throughout the Rails framework: - # - # * url_for, so you can use it with a record as the argument, e.g. - # url_for(@article); - # * ActionView::Helpers::FormHelper uses polymorphic_path, so you can write - # form_for(@article) without having to specify :url parameter for the form - # action; - # * redirect_to (which, in fact, uses url_for) so you can write - # redirect_to(post) in your controllers; - # * ActionView::Helpers::AtomFeedHelper, so you don't have to explicitly specify URLs - # for feed entries. - # - # == Prefixed polymorphic helpers - # - # In addition to polymorphic_url and polymorphic_path methods, a - # number of prefixed helpers are available as a shorthand to :action => "..." - # in options. Those are: - # - # * edit_polymorphic_url, edit_polymorphic_path - # * new_polymorphic_url, new_polymorphic_path - # - # Example usage: - # - # edit_polymorphic_path(@post) # => "/posts/1/edit" - # polymorphic_path(@post, :format => :pdf) # => "/posts/1.pdf" - module PolymorphicRoutes - # Constructs a call to a named RESTful route for the given record and returns the - # resulting URL string. For example: - # - # # calls post_url(post) - # polymorphic_url(post) # => "http://example.com/posts/1" - # polymorphic_url([blog, post]) # => "http://example.com/blogs/1/posts/1" - # polymorphic_url([:admin, blog, post]) # => "http://example.com/admin/blogs/1/posts/1" - # polymorphic_url([user, :blog, post]) # => "http://example.com/users/1/blog/posts/1" - # - # ==== Options - # - # * :action - Specifies the action prefix for the named route: - # :new or :edit. Default is no prefix. - # * :routing_type - Allowed values are :path or :url. - # Default is :url. - # - # ==== Examples - # - # # an Article record - # polymorphic_url(record) # same as article_url(record) - # - # # a Comment record - # polymorphic_url(record) # same as comment_url(record) - # - # # it recognizes new records and maps to the collection - # record = Comment.new - # polymorphic_url(record) # same as comments_url() - # - def polymorphic_url(record_or_hash_or_array, options = {}) - if record_or_hash_or_array.kind_of?(Array) - record_or_hash_or_array = record_or_hash_or_array.compact - record_or_hash_or_array = record_or_hash_or_array[0] if record_or_hash_or_array.size == 1 - end - - record = extract_record(record_or_hash_or_array) - namespace = extract_namespace(record_or_hash_or_array) - - args = case record_or_hash_or_array - when Hash; [ record_or_hash_or_array ] - when Array; record_or_hash_or_array.dup - else [ record_or_hash_or_array ] - end - - inflection = - case - when options[:action].to_s == "new" - args.pop - :singular - when record.respond_to?(:new_record?) && record.new_record? - args.pop - :plural - else - :singular - end - - args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)} - - named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options) - - url_options = options.except(:action, :routing_type) - unless url_options.empty? - args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options - end - - __send__(named_route, *args) - end - - # Returns the path component of a URL for the given record. It uses - # polymorphic_url with :routing_type => :path. - def polymorphic_path(record_or_hash_or_array, options = {}) - options[:routing_type] = :path - polymorphic_url(record_or_hash_or_array, options) - end - - %w(edit new).each do |action| - module_eval <<-EOT, __FILE__, __LINE__ - def #{action}_polymorphic_url(record_or_hash, options = {}) # def edit_polymorphic_url(record_or_hash, options = {}) - polymorphic_url( # polymorphic_url( - record_or_hash, # record_or_hash, - options.merge(:action => "#{action}")) # options.merge(:action => "edit")) - end # end - # - def #{action}_polymorphic_path(record_or_hash, options = {}) # def edit_polymorphic_path(record_or_hash, options = {}) - polymorphic_url( # polymorphic_url( - record_or_hash, # record_or_hash, - options.merge(:action => "#{action}", :routing_type => :path)) # options.merge(:action => "edit", :routing_type => :path)) - end # end - EOT - end - - def formatted_polymorphic_url(record_or_hash, options = {}) - ActiveSupport::Deprecation.warn("formatted_polymorphic_url has been deprecated. Please pass :format to the polymorphic_url method instead", caller) - options[:format] = record_or_hash.pop if Array === record_or_hash - polymorphic_url(record_or_hash, options) - end - - def formatted_polymorphic_path(record_or_hash, options = {}) - ActiveSupport::Deprecation.warn("formatted_polymorphic_path has been deprecated. Please pass :format to the polymorphic_path method instead", caller) - options[:format] = record_or_hash.pop if record_or_hash === Array - polymorphic_url(record_or_hash, options.merge(:routing_type => :path)) - end - - private - def action_prefix(options) - options[:action] ? "#{options[:action]}_" : '' - end - - def routing_type(options) - options[:routing_type] || :url - end - - def build_named_route_call(records, namespace, inflection, options = {}) - unless records.is_a?(Array) - record = extract_record(records) - route = '' - else - record = records.pop - route = records.inject("") do |string, parent| - if parent.is_a?(Symbol) || parent.is_a?(String) - string << "#{parent}_" - else - string << "#{RecordIdentifier.__send__("singular_class_name", parent)}_" - end - end - end - - if record.is_a?(Symbol) || record.is_a?(String) - route << "#{record}_" - else - route << "#{RecordIdentifier.__send__("#{inflection}_class_name", record)}_" - end - - action_prefix(options) + namespace + route + routing_type(options).to_s - end - - def extract_record(record_or_hash_or_array) - case record_or_hash_or_array - when Array; record_or_hash_or_array.last - when Hash; record_or_hash_or_array[:id] - else record_or_hash_or_array - end - end - - # Remove the first symbols from the array and return the url prefix - # implied by those symbols. - def extract_namespace(record_or_hash_or_array) - return "" unless record_or_hash_or_array.is_a?(Array) - - namespace_keys = [] - while (key = record_or_hash_or_array.first) && key.is_a?(String) || key.is_a?(Symbol) - namespace_keys << record_or_hash_or_array.shift - end - - namespace_keys.map {|k| "#{k}_"}.join - end - end -end diff --git a/actionpack/lib/action_controller/record_identifier.rb b/actionpack/lib/action_controller/record_identifier.rb index 742d290ad6..6bda27e23a 100644 --- a/actionpack/lib/action_controller/record_identifier.rb +++ b/actionpack/lib/action_controller/record_identifier.rb @@ -1,4 +1,4 @@ -module ActionController +module ActionController # The record identifier encapsulates a number of naming conventions for dealing with records, like Active Records or # Active Resources or pretty much any other model type that has an id. These patterns are then used to try elevate # the view actions to a higher logical level. Example: diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb deleted file mode 100755 index f8c77241b9..0000000000 --- a/actionpack/lib/action_controller/request.rb +++ /dev/null @@ -1,492 +0,0 @@ -require 'tempfile' -require 'stringio' -require 'strscan' - -require 'active_support/memoizable' -require 'action_controller/cgi_ext' - -module ActionController - class Request < Rack::Request - extend ActiveSupport::Memoizable - - %w[ AUTH_TYPE GATEWAY_INTERFACE - PATH_TRANSLATED REMOTE_HOST - REMOTE_IDENT REMOTE_USER REMOTE_ADDR - SERVER_NAME SERVER_PROTOCOL - - HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING - HTTP_ACCEPT_LANGUAGE HTTP_CACHE_CONTROL HTTP_FROM - HTTP_NEGOTIATE HTTP_PRAGMA HTTP_REFERER HTTP_USER_AGENT ].each do |env| - define_method(env.sub(/^HTTP_/n, '').downcase) do - @env[env] - end - end - - def key?(key) - @env.key?(key) - end - - HTTP_METHODS = %w(get head put post delete options) - HTTP_METHOD_LOOKUP = HTTP_METHODS.inject({}) { |h, m| h[m] = h[m.upcase] = m.to_sym; h } - - # Returns the true HTTP request \method as a lowercase symbol, such as - # :get. If the request \method is not listed in the HTTP_METHODS - # constant above, an UnknownHttpMethod exception is raised. - def request_method - HTTP_METHOD_LOOKUP[super] || raise(UnknownHttpMethod, "#{super}, accepted HTTP methods are #{HTTP_METHODS.to_sentence}") - end - memoize :request_method - - # Returns the HTTP request \method used for action processing as a - # lowercase symbol, such as :post. (Unlike #request_method, this - # method returns :get for a HEAD request because the two are - # functionally equivalent from the application's perspective.) - def method - request_method == :head ? :get : request_method - end - - # Is this a GET (or HEAD) request? Equivalent to request.method == :get. - def get? - method == :get - end - - # Is this a POST request? Equivalent to request.method == :post. - def post? - request_method == :post - end - - # Is this a PUT request? Equivalent to request.method == :put. - def put? - request_method == :put - end - - # Is this a DELETE request? Equivalent to request.method == :delete. - def delete? - request_method == :delete - end - - # Is this a HEAD request? Since request.method sees HEAD as :get, - # this \method checks the actual HTTP \method directly. - def head? - request_method == :head - end - - # Provides access to the request's HTTP headers, for example: - # - # request.headers["Content-Type"] # => "text/plain" - def headers - ActionController::Http::Headers.new(@env) - end - memoize :headers - - # Returns the content length of the request as an integer. - def content_length - super.to_i - end - - # The MIME type of the HTTP request, such as Mime::XML. - # - # For backward compatibility, the post \format is extracted from the - # X-Post-Data-Format HTTP header if present. - def content_type - if @env['CONTENT_TYPE'] =~ /^([^,\;]*)/ - Mime::Type.lookup($1.strip.downcase) - else - nil - end - end - memoize :content_type - - # Returns the accepted MIME type for the request. - def accepts - header = @env['HTTP_ACCEPT'].to_s.strip - - fallback = xhr? ? Mime::JS : Mime::HTML - - if header.empty? - [content_type, fallback, Mime::ALL].compact - else - ret = Mime::Type.parse(header) - if ret.last == Mime::ALL - ret.insert(-2, fallback) - end - ret - end - end - memoize :accepts - - def if_modified_since - if since = env['HTTP_IF_MODIFIED_SINCE'] - Time.rfc2822(since) rescue nil - end - end - memoize :if_modified_since - - def if_none_match - env['HTTP_IF_NONE_MATCH'] - end - - def not_modified?(modified_at) - if_modified_since && modified_at && if_modified_since >= modified_at - end - - def etag_matches?(etag) - if_none_match && if_none_match == etag - end - - # Check response freshness (Last-Modified and ETag) against request - # If-Modified-Since and If-None-Match conditions. If both headers are - # supplied, both must match, or the request is not considered fresh. - def fresh?(response) - case - when if_modified_since && if_none_match - not_modified?(response.last_modified) && etag_matches?(response.etag) - when if_modified_since - not_modified?(response.last_modified) - when if_none_match - etag_matches?(response.etag) - else - false - end - end - - ONLY_ALL = [Mime::ALL].freeze - - # Returns the Mime type for the \format used in the request. - # - # GET /posts/5.xml | request.format => Mime::XML - # GET /posts/5.xhtml | request.format => Mime::HTML - # GET /posts/5 | request.format => Mime::HTML or MIME::JS, or request.accepts.first depending on the value of ActionController::Base.use_accept_header - - def format(view_path = []) - @format ||= - if parameters[:format] - Mime[parameters[:format]] - elsif Base.use_accept_header && !(accepts == ONLY_ALL) - accepts.first - elsif xhr? then Mime::JS - else Mime::HTML - end - end - - def formats - @formats = - if Base.use_accept_header - ret = Array(Mime[parameters[:format]] || accepts) - else - [format] - end - end - - # Sets the \format by string extension, which can be used to force custom formats - # that are not controlled by the extension. - # - # class ApplicationController < ActionController::Base - # before_filter :adjust_format_for_iphone - # - # private - # def adjust_format_for_iphone - # request.format = :iphone if request.env["HTTP_USER_AGENT"][/iPhone/] - # end - # end - def format=(extension) - parameters[:format] = extension.to_s - @format = Mime::Type.lookup_by_extension(parameters[:format]) - end - - # Returns a symbolized version of the :format parameter of the request. - # If no \format is given it returns :jsfor Ajax requests and :html - # otherwise. - def template_format - parameter_format = parameters[:format] - - if parameter_format - parameter_format - elsif xhr? - :js - else - :html - end - end - - def cache_format - parameters[:format] - end - - # Returns true if the request's "X-Requested-With" header contains - # "XMLHttpRequest". (The Prototype Javascript library sends this header with - # every Ajax request.) - def xml_http_request? - !(@env['HTTP_X_REQUESTED_WITH'] !~ /XMLHttpRequest/i) - end - alias xhr? :xml_http_request? - - # Which IP addresses are "trusted proxies" that can be stripped from - # the right-hand-side of X-Forwarded-For - TRUSTED_PROXIES = /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\./i - - # Determines originating IP address. REMOTE_ADDR is the standard - # but will fail if the user is behind a proxy. HTTP_CLIENT_IP and/or - # HTTP_X_FORWARDED_FOR are set by proxies so check for these if - # REMOTE_ADDR is a proxy. HTTP_X_FORWARDED_FOR may be a comma- - # delimited list in the case of multiple chained proxies; the last - # address which is not trusted is the originating IP. - def remote_ip - remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/) - - unless remote_addr_list.blank? - not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES} - return not_trusted_addrs.first unless not_trusted_addrs.empty? - end - remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',') - - if @env.include? 'HTTP_CLIENT_IP' - if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP']) - # We don't know which came from the proxy, and which from the user - raise ActionControllerError.new(< 1 && TRUSTED_PROXIES =~ remote_ips.last.strip - remote_ips.pop - end - - return remote_ips.last.strip - end - - @env['REMOTE_ADDR'] - end - memoize :remote_ip - - # Returns the lowercase name of the HTTP server software. - def server_software - (@env['SERVER_SOFTWARE'] && /^([a-zA-Z]+)/ =~ @env['SERVER_SOFTWARE']) ? $1.downcase : nil - end - memoize :server_software - - # Returns the complete URL used for this request. - def url - protocol + host_with_port + request_uri - end - memoize :url - - # Returns 'https://' if this is an SSL request and 'http://' otherwise. - def protocol - ssl? ? 'https://' : 'http://' - end - memoize :protocol - - # Is this an SSL request? - def ssl? - @env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] == 'https' - end - - # Returns the \host for this request, such as "example.com". - def raw_host_with_port - if forwarded = env["HTTP_X_FORWARDED_HOST"] - forwarded.split(/,\s?/).last - else - env['HTTP_HOST'] || "#{env['SERVER_NAME'] || env['SERVER_ADDR']}:#{env['SERVER_PORT']}" - end - end - - # Returns the host for this request, such as example.com. - def host - raw_host_with_port.sub(/:\d+$/, '') - end - memoize :host - - # Returns a \host:\port string for this request, such as "example.com" or - # "example.com:8080". - def host_with_port - "#{host}#{port_string}" - end - memoize :host_with_port - - # Returns the port number of this request as an integer. - def port - if raw_host_with_port =~ /:(\d+)$/ - $1.to_i - else - standard_port - end - end - memoize :port - - # Returns the standard \port number for this request's protocol. - def standard_port - case protocol - when 'https://' then 443 - else 80 - end - end - - # Returns a \port suffix like ":8080" if the \port number of this request - # is not the default HTTP \port 80 or HTTPS \port 443. - def port_string - port == standard_port ? '' : ":#{port}" - end - - # Returns the \domain part of a \host, such as "rubyonrails.org" in "www.rubyonrails.org". You can specify - # a different tld_length, such as 2 to catch rubyonrails.co.uk in "www.rubyonrails.co.uk". - def domain(tld_length = 1) - return nil unless named_host?(host) - - host.split('.').last(1 + tld_length).join('.') - end - - # Returns all the \subdomains as an array, so ["dev", "www"] would be - # returned for "dev.www.rubyonrails.org". You can specify a different tld_length, - # such as 2 to catch ["www"] instead of ["www", "rubyonrails"] - # in "www.rubyonrails.co.uk". - def subdomains(tld_length = 1) - return [] unless named_host?(host) - parts = host.split('.') - parts[0..-(tld_length+2)] - end - - # Returns the query string, accounting for server idiosyncrasies. - def query_string - @env['QUERY_STRING'].present? ? @env['QUERY_STRING'] : (@env['REQUEST_URI'].split('?', 2)[1] || '') - end - memoize :query_string - - # Returns the request URI, accounting for server idiosyncrasies. - # WEBrick includes the full URL. IIS leaves REQUEST_URI blank. - def request_uri - if uri = @env['REQUEST_URI'] - # Remove domain, which webrick puts into the request_uri. - (%r{^\w+\://[^/]+(/.*|$)$} =~ uri) ? $1 : uri - else - # Construct IIS missing REQUEST_URI from SCRIPT_NAME and PATH_INFO. - uri = @env['PATH_INFO'].to_s - - if script_filename = @env['SCRIPT_NAME'].to_s.match(%r{[^/]+$}) - uri = uri.sub(/#{script_filename}\//, '') - end - - env_qs = @env['QUERY_STRING'].to_s - uri += "?#{env_qs}" unless env_qs.empty? - - if uri.blank? - @env.delete('REQUEST_URI') - else - @env['REQUEST_URI'] = uri - end - end - end - memoize :request_uri - - # Returns the interpreted \path to requested resource after all the installation - # directory of this application was taken into account. - def path - path = request_uri.to_s[/\A[^\?]*/] - path.sub!(/\A#{ActionController::Base.relative_url_root}/, '') - path - end - memoize :path - - # Read the request \body. This is useful for web services that need to - # work with raw requests directly. - def raw_post - unless @env.include? 'RAW_POST_DATA' - @env['RAW_POST_DATA'] = body.read(@env['CONTENT_LENGTH'].to_i) - body.rewind if body.respond_to?(:rewind) - end - @env['RAW_POST_DATA'] - end - - # Returns both GET and POST \parameters in a single hash. - def parameters - @parameters ||= request_parameters.merge(query_parameters).update(path_parameters).with_indifferent_access - end - alias_method :params, :parameters - - def path_parameters=(parameters) #:nodoc: - @env["rack.routing_args"] = parameters - @symbolized_path_parameters = @parameters = nil - end - - # The same as path_parameters with explicitly symbolized keys. - def symbolized_path_parameters - @symbolized_path_parameters ||= path_parameters.symbolize_keys - end - - # Returns a hash with the \parameters used to form the \path of the request. - # Returned hash keys are strings: - # - # {'action' => 'my_action', 'controller' => 'my_controller'} - # - # See symbolized_path_parameters for symbolized keys. - def path_parameters - @env["rack.routing_args"] ||= {} - end - - # The request body is an IO input stream. If the RAW_POST_DATA environment - # variable is already set, wrap it in a StringIO. - def body - if raw_post = @env['RAW_POST_DATA'] - raw_post.force_encoding(Encoding::BINARY) if raw_post.respond_to?(:force_encoding) - StringIO.new(raw_post) - else - @env['rack.input'] - end - end - - def form_data? - FORM_DATA_MEDIA_TYPES.include?(content_type.to_s) - end - - # Override Rack's GET method to support nested query strings - def GET - @env["action_controller.request.query_parameters"] ||= UrlEncodedPairParser.parse_query_parameters(query_string) - end - alias_method :query_parameters, :GET - - # Override Rack's POST method to support nested query strings - def POST - @env["action_controller.request.request_parameters"] ||= UrlEncodedPairParser.parse_hash_parameters(super) - end - alias_method :request_parameters, :POST - - def body_stream #:nodoc: - @env['rack.input'] - end - - def session - @env['rack.session'] ||= {} - end - - def session=(session) #:nodoc: - @env['rack.session'] = session - end - - def reset_session - @env['rack.session'] = {} - end - - def session_options - @env['rack.session.options'] ||= {} - end - - def session_options=(options) - @env['rack.session.options'] = options - end - - def server_port - @env['SERVER_PORT'].to_i - end - - private - def named_host?(host) - !(host.nil? || /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.match(host)) - end - end -end diff --git a/actionpack/lib/action_controller/request_forgery_protection.rb b/actionpack/lib/action_controller/request_forgery_protection.rb deleted file mode 100644 index f3e6288c26..0000000000 --- a/actionpack/lib/action_controller/request_forgery_protection.rb +++ /dev/null @@ -1,108 +0,0 @@ -module ActionController #:nodoc: - class InvalidAuthenticityToken < ActionControllerError #:nodoc: - end - - module RequestForgeryProtection - def self.included(base) - base.class_eval do - helper_method :form_authenticity_token - helper_method :protect_against_forgery? - end - base.extend(ClassMethods) - end - - # Protecting controller actions from CSRF attacks by ensuring that all forms are coming from the current web application, not a - # forged link from another site, is done by embedding a token based on a random string stored in the session (which an attacker wouldn't know) in all - # forms and Ajax requests generated by Rails and then verifying the authenticity of that token in the controller. Only - # HTML/JavaScript requests are checked, so this will not protect your XML API (presumably you'll have a different authentication - # scheme there anyway). Also, GET requests are not protected as these should be idempotent anyway. - # - # This is turned on with the protect_from_forgery method, which will check the token and raise an - # ActionController::InvalidAuthenticityToken if it doesn't match what was expected. You can customize the error message in - # production by editing public/422.html. A call to this method in ApplicationController is generated by default in post-Rails 2.0 - # applications. - # - # The token parameter is named authenticity_token by default. If you are generating an HTML form manually (without the - # use of Rails' form_for, form_tag or other helpers), you have to include a hidden field named like that and - # set its value to what is returned by form_authenticity_token. Same applies to manually constructed Ajax requests. To - # make the token available through a global variable to scripts on a certain page, you could add something like this to a view: - # - # <%= javascript_tag "window._token = '#{form_authenticity_token}'" %> - # - # Request forgery protection is disabled by default in test environment. If you are upgrading from Rails 1.x, add this to - # config/environments/test.rb: - # - # # Disable request forgery protection in test environment - # config.action_controller.allow_forgery_protection = false - # - # == Learn more about CSRF (Cross-Site Request Forgery) attacks - # - # Here are some resources: - # * http://isc.sans.org/diary.html?storyid=1750 - # * http://en.wikipedia.org/wiki/Cross-site_request_forgery - # - # Keep in mind, this is NOT a silver-bullet, plug 'n' play, warm security blanket for your rails application. - # There are a few guidelines you should follow: - # - # * Keep your GET requests safe and idempotent. More reading material: - # * http://www.xml.com/pub/a/2002/04/24/deviant.html - # * http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 - # * Make sure the session cookies that Rails creates are non-persistent. Check in Firefox and look for "Expires: at end of session" - # - module ClassMethods - # Turn on request forgery protection. Bear in mind that only non-GET, HTML/JavaScript requests are checked. - # - # Example: - # - # class FooController < ApplicationController - # protect_from_forgery :except => :index - # - # # you can disable csrf protection on controller-by-controller basis: - # skip_before_filter :verify_authenticity_token - # end - # - # Valid Options: - # - # * :only/:except - Passed to the before_filter call. Set which actions are verified. - def protect_from_forgery(options = {}) - self.request_forgery_protection_token ||= :authenticity_token - before_filter :verify_authenticity_token, :only => options.delete(:only), :except => options.delete(:except) - if options[:secret] || options[:digest] - ActiveSupport::Deprecation.warn("protect_from_forgery only takes :only and :except options now. :digest and :secret have no effect", caller) - end - end - end - - protected - # The actual before_filter that is used. Modify this to change how you handle unverified requests. - def verify_authenticity_token - verified_request? || raise(ActionController::InvalidAuthenticityToken) - end - - # Returns true or false if a request is verified. Checks: - # - # * is the format restricted? By default, only HTML and AJAX requests are checked. - # * is it a GET request? Gets should be safe and idempotent - # * Does the form_authenticity_token match the given token value from the params? - def verified_request? - !protect_against_forgery? || - request.method == :get || - !verifiable_request_format? || - form_authenticity_token == params[request_forgery_protection_token] - end - - def verifiable_request_format? - !request.content_type.nil? && request.content_type.verify_request? - end - - # Sets the token value for the current session. Pass a :secret option - # in +protect_from_forgery+ to add a custom salt to the hash. - def form_authenticity_token - session[:_csrf_token] ||= ActiveSupport::SecureRandom.base64(32) - end - - def protect_against_forgery? - allow_forgery_protection && request_forgery_protection_token - end - end -end diff --git a/actionpack/lib/action_controller/rescue.rb b/actionpack/lib/action_controller/rescue.rb deleted file mode 100644 index 3beeb2da83..0000000000 --- a/actionpack/lib/action_controller/rescue.rb +++ /dev/null @@ -1,179 +0,0 @@ -module ActionController #:nodoc: - # Actions that fail to perform as expected throw exceptions. These - # exceptions can either be rescued for the public view (with a nice - # user-friendly explanation) or for the developers view (with tons of - # debugging information). The developers view is already implemented by - # the Action Controller, but the public view should be tailored to your - # specific application. - # - # The default behavior for public exceptions is to render a static html - # file with the name of the error code thrown. If no such file exists, an - # empty response is sent with the correct status code. - # - # You can override what constitutes a local request by overriding the - # local_request? method in your own controller. Custom rescue - # behavior is achieved by overriding the rescue_action_in_public - # and rescue_action_locally methods. - module Rescue - LOCALHOST = '127.0.0.1'.freeze - - DEFAULT_RESCUE_RESPONSE = :internal_server_error - DEFAULT_RESCUE_RESPONSES = { - 'ActionController::RoutingError' => :not_found, - 'ActionController::UnknownAction' => :not_found, - 'ActiveRecord::RecordNotFound' => :not_found, - 'ActiveRecord::StaleObjectError' => :conflict, - 'ActiveRecord::RecordInvalid' => :unprocessable_entity, - 'ActiveRecord::RecordNotSaved' => :unprocessable_entity, - 'ActionController::MethodNotAllowed' => :method_not_allowed, - 'ActionController::NotImplemented' => :not_implemented, - 'ActionController::InvalidAuthenticityToken' => :unprocessable_entity - } - - DEFAULT_RESCUE_TEMPLATE = 'diagnostics' - DEFAULT_RESCUE_TEMPLATES = { - 'ActionView::MissingTemplate' => 'missing_template', - 'ActionController::RoutingError' => 'routing_error', - 'ActionController::UnknownAction' => 'unknown_action', - 'ActionView::TemplateError' => 'template_error' - } - - RESCUES_TEMPLATE_PATH = ActionView::Template::EagerPath.new( - File.join(File.dirname(__FILE__), "templates")) - - def self.included(base) #:nodoc: - base.cattr_accessor :rescue_responses - base.rescue_responses = Hash.new(DEFAULT_RESCUE_RESPONSE) - base.rescue_responses.update DEFAULT_RESCUE_RESPONSES - - base.cattr_accessor :rescue_templates - base.rescue_templates = Hash.new(DEFAULT_RESCUE_TEMPLATE) - base.rescue_templates.update DEFAULT_RESCUE_TEMPLATES - - base.extend(ClassMethods) - base.send :include, ActiveSupport::Rescuable - - base.class_eval do - alias_method_chain :perform_action, :rescue - end - end - - module ClassMethods - def call_with_exception(env, exception) #:nodoc: - request = env["action_controller.rescue.request"] ||= Request.new(env) - response = env["action_controller.rescue.response"] ||= Response.new - new.process(request, response, :rescue_action, exception) - end - end - - protected - # Exception handler called when the performance of an action raises - # an exception. - def rescue_action(exception) - rescue_with_handler(exception) || - rescue_action_without_handler(exception) - end - - # Overwrite to implement custom logging of errors. By default - # logs as fatal. - def log_error(exception) #:doc: - ActiveSupport::Deprecation.silence do - if ActionView::TemplateError === exception - logger.fatal(exception.to_s) - else - logger.fatal( - "\n#{exception.class} (#{exception.message}):\n " + - clean_backtrace(exception).join("\n ") + "\n\n" - ) - end - end - end - - # Overwrite to implement public exception handling (for requests - # answering false to local_request?). By default will call - # render_optional_error_file. Override this method to provide more - # user friendly error messages. - def rescue_action_in_public(exception) #:doc: - render_optional_error_file response_code_for_rescue(exception) - end - - # Attempts to render a static error page based on the - # status_code thrown, or just return headers if no such file - # exists. For example, if a 500 error is being handled Rails will first - # attempt to render the file at public/500.html. If the file - # doesn't exist, the body of the response will be left empty. - def render_optional_error_file(status_code) - status = interpret_status(status_code) - path = "#{Rails.public_path}/#{status.to_s[0,3]}.html" - if File.exist?(path) - render :file => path, :status => status, :content_type => Mime::HTML - else - head status - end - end - - # True if the request came from localhost, 127.0.0.1. Override this - # method if you wish to redefine the meaning of a local request to - # include remote IP addresses or other criteria. - def local_request? #:doc: - request.remote_addr == LOCALHOST && request.remote_ip == LOCALHOST - end - - # Render detailed diagnostics for unhandled exceptions rescued from - # a controller action. - def rescue_action_locally(exception) - @template.instance_variable_set("@exception", exception) - @template.instance_variable_set("@rescues_path", RESCUES_TEMPLATE_PATH) - @template.instance_variable_set("@contents", - @template._render_template(template_path_for_local_rescue(exception))) - - response.content_type = Mime::HTML - response.status = interpret_status(response_code_for_rescue(exception)) - - content = @template._render_template(rescues_path("layout")) - render_for_text(content) - end - - def rescue_action_without_handler(exception) - log_error(exception) if logger - erase_results if performed? - - # Let the exception alter the response if it wants. - # For example, MethodNotAllowed sets the Allow header. - if exception.respond_to?(:handle_response!) - exception.handle_response!(response) - end - - if consider_all_requests_local || local_request? - rescue_action_locally(exception) - else - rescue_action_in_public(exception) - end - end - - private - def perform_action_with_rescue #:nodoc: - perform_action_without_rescue - rescue Exception => exception - rescue_action(exception) - end - - def rescues_path(template_name) - RESCUES_TEMPLATE_PATH.find_template("rescues/#{template_name}.erb") - end - - def template_path_for_local_rescue(exception) - rescues_path(rescue_templates[exception.class.name]) - end - - def response_code_for_rescue(exception) - rescue_responses[exception.class.name] - end - - def clean_backtrace(exception) - defined?(Rails) && Rails.respond_to?(:backtrace_cleaner) ? - Rails.backtrace_cleaner.clean(exception.backtrace) : - exception.backtrace - end - end -end diff --git a/actionpack/lib/action_controller/resources.rb b/actionpack/lib/action_controller/resources.rb deleted file mode 100644 index e8988aa737..0000000000 --- a/actionpack/lib/action_controller/resources.rb +++ /dev/null @@ -1,674 +0,0 @@ -module ActionController - # == Overview - # - # ActionController::Resources are a way of defining RESTful \resources. A RESTful \resource, in basic terms, - # is something that can be pointed at and it will respond with a representation of the data requested. - # In real terms this could mean a user with a browser requests an HTML page, or that a desktop application - # requests XML data. - # - # RESTful design is based on the assumption that there are four generic verbs that a user of an - # application can request from a \resource (the noun). - # - # \Resources can be requested using four basic HTTP verbs (GET, POST, PUT, DELETE), the method used - # denotes the type of action that should take place. - # - # === The Different Methods and their Usage - # - # * GET - Requests for a \resource, no saving or editing of a \resource should occur in a GET request. - # * POST - Creation of \resources. - # * PUT - Editing of attributes on a \resource. - # * DELETE - Deletion of a \resource. - # - # === Examples - # - # # A GET request on the Posts resource is asking for all Posts - # GET /posts - # - # # A GET request on a single Post resource is asking for that particular Post - # GET /posts/1 - # - # # A POST request on the Posts resource is asking for a Post to be created with the supplied details - # POST /posts # with => { :post => { :title => "My Whizzy New Post", :body => "I've got a brand new combine harvester" } } - # - # # A PUT request on a single Post resource is asking for a Post to be updated - # PUT /posts # with => { :id => 1, :post => { :title => "Changed Whizzy Title" } } - # - # # A DELETE request on a single Post resource is asking for it to be deleted - # DELETE /posts # with => { :id => 1 } - # - # By using the REST convention, users of our application can assume certain things about how the data - # is requested and how it is returned. Rails simplifies the routing part of RESTful design by - # supplying you with methods to create them in your routes.rb file. - # - # Read more about REST at http://en.wikipedia.org/wiki/Representational_State_Transfer - module Resources - INHERITABLE_OPTIONS = :namespace, :shallow, :actions - - class Resource #:nodoc: - DEFAULT_ACTIONS = :index, :create, :new, :edit, :show, :update, :destroy - - attr_reader :collection_methods, :member_methods, :new_methods - attr_reader :path_prefix, :name_prefix, :path_segment - attr_reader :plural, :singular - attr_reader :options - - def initialize(entities, options) - @plural ||= entities - @singular ||= options[:singular] || plural.to_s.singularize - @path_segment = options.delete(:as) || @plural - - @options = options - - arrange_actions - add_default_actions - set_allowed_actions - set_prefixes - end - - def controller - @controller ||= "#{options[:namespace]}#{(options[:controller] || plural).to_s}" - end - - def requirements(with_id = false) - @requirements ||= @options[:requirements] || {} - @id_requirement ||= { :id => @requirements.delete(:id) || /[^#{Routing::SEPARATORS.join}]+/ } - - with_id ? @requirements.merge(@id_requirement) : @requirements - end - - def conditions - @conditions ||= @options[:conditions] || {} - end - - def path - @path ||= "#{path_prefix}/#{path_segment}" - end - - def new_path - new_action = self.options[:path_names][:new] if self.options[:path_names] - new_action ||= Base.resources_path_names[:new] - @new_path ||= "#{path}/#{new_action}" - end - - def shallow_path_prefix - @shallow_path_prefix ||= "#{path_prefix unless @options[:shallow]}" - end - - def member_path - @member_path ||= "#{shallow_path_prefix}/#{path_segment}/:id" - end - - def nesting_path_prefix - @nesting_path_prefix ||= "#{shallow_path_prefix}/#{path_segment}/:#{singular}_id" - end - - def shallow_name_prefix - @shallow_name_prefix ||= "#{name_prefix unless @options[:shallow]}" - end - - def nesting_name_prefix - "#{shallow_name_prefix}#{singular}_" - end - - def action_separator - @action_separator ||= Base.resource_action_separator - end - - def uncountable? - @singular.to_s == @plural.to_s - end - - def has_action?(action) - !DEFAULT_ACTIONS.include?(action) || @options[:actions].nil? || @options[:actions].include?(action) - end - - protected - def arrange_actions - @collection_methods = arrange_actions_by_methods(options.delete(:collection)) - @member_methods = arrange_actions_by_methods(options.delete(:member)) - @new_methods = arrange_actions_by_methods(options.delete(:new)) - end - - def add_default_actions - add_default_action(member_methods, :get, :edit) - add_default_action(new_methods, :get, :new) - end - - def set_allowed_actions - only = @options.delete(:only) - except = @options.delete(:except) - - if only && except - raise ArgumentError, 'Please supply either :only or :except, not both.' - elsif only == :all || except == :none - options[:actions] = DEFAULT_ACTIONS - elsif only == :none || except == :all - options[:actions] = [] - elsif only - options[:actions] = DEFAULT_ACTIONS & Array(only).map(&:to_sym) - elsif except - options[:actions] = DEFAULT_ACTIONS - Array(except).map(&:to_sym) - else - # leave options[:actions] alone - end - end - - def set_prefixes - @path_prefix = options.delete(:path_prefix) - @name_prefix = options.delete(:name_prefix) - end - - def arrange_actions_by_methods(actions) - (actions || {}).inject({}) do |flipped_hash, (key, value)| - (flipped_hash[value] ||= []) << key - flipped_hash - end - end - - def add_default_action(collection, method, action) - (collection[method] ||= []).unshift(action) - end - end - - class SingletonResource < Resource #:nodoc: - def initialize(entity, options) - @singular = @plural = entity - options[:controller] ||= @singular.to_s.pluralize - super - end - - alias_method :shallow_path_prefix, :path_prefix - alias_method :shallow_name_prefix, :name_prefix - alias_method :member_path, :path - alias_method :nesting_path_prefix, :path - end - - # Creates named routes for implementing verb-oriented controllers - # for a collection \resource. - # - # For example: - # - # map.resources :messages - # - # will map the following actions in the corresponding controller: - # - # class MessagesController < ActionController::Base - # # GET messages_url - # def index - # # return all messages - # end - # - # # GET new_message_url - # def new - # # return an HTML form for describing a new message - # end - # - # # POST messages_url - # def create - # # create a new message - # end - # - # # GET message_url(:id => 1) - # def show - # # find and return a specific message - # end - # - # # GET edit_message_url(:id => 1) - # def edit - # # return an HTML form for editing a specific message - # end - # - # # PUT message_url(:id => 1) - # def update - # # find and update a specific message - # end - # - # # DELETE message_url(:id => 1) - # def destroy - # # delete a specific message - # end - # end - # - # Along with the routes themselves, +resources+ generates named routes for use in - # controllers and views. map.resources :messages produces the following named routes and helpers: - # - # Named Route Helpers - # ============ ===================================================== - # messages messages_url, hash_for_messages_url, - # messages_path, hash_for_messages_path - # - # message message_url(id), hash_for_message_url(id), - # message_path(id), hash_for_message_path(id) - # - # new_message new_message_url, hash_for_new_message_url, - # new_message_path, hash_for_new_message_path - # - # edit_message edit_message_url(id), hash_for_edit_message_url(id), - # edit_message_path(id), hash_for_edit_message_path(id) - # - # You can use these helpers instead of +url_for+ or methods that take +url_for+ parameters. For example: - # - # redirect_to :controller => 'messages', :action => 'index' - # # and - # <%= link_to "edit this message", :controller => 'messages', :action => 'edit', :id => @message.id %> - # - # now become: - # - # redirect_to messages_url - # # and - # <%= link_to "edit this message", edit_message_url(@message) # calls @message.id automatically - # - # Since web browsers don't support the PUT and DELETE verbs, you will need to add a parameter '_method' to your - # form tags. The form helpers make this a little easier. For an update form with a @message object: - # - # <%= form_tag message_path(@message), :method => :put %> - # - # or - # - # <% form_for :message, @message, :url => message_path(@message), :html => {:method => :put} do |f| %> - # - # or - # - # <% form_for @message do |f| %> - # - # which takes into account whether @message is a new record or not and generates the - # path and method accordingly. - # - # The +resources+ method accepts the following options to customize the resulting routes: - # * :collection - Add named routes for other actions that operate on the collection. - # Takes a hash of #{action} => #{method}, where method is :get/:post/:put/:delete, - # an array of any of the previous, or :any if the method does not matter. - # These routes map to a URL like /messages/rss, with a route of +rss_messages_url+. - # * :member - Same as :collection, but for actions that operate on a specific member. - # * :new - Same as :collection, but for actions that operate on the new \resource action. - # * :controller - Specify the controller name for the routes. - # * :singular - Specify the singular name used in the member routes. - # * :requirements - Set custom routing parameter requirements; this is a hash of either - # regular expressions (which must match for the route to match) or extra parameters. For example: - # - # map.resource :profile, :path_prefix => ':name', :requirements => { :name => /[a-zA-Z]+/, :extra => 'value' } - # - # will only match if the first part is alphabetic, and will pass the parameter :extra to the controller. - # * :conditions - Specify custom routing recognition conditions. \Resources sets the :method value for the method-specific routes. - # * :as - Specify a different \resource name to use in the URL path. For example: - # # products_path == '/productos' - # map.resources :products, :as => 'productos' do |product| - # # product_reviews_path(product) == '/productos/1234/comentarios' - # product.resources :product_reviews, :as => 'comentarios' - # end - # - # * :has_one - Specify nested \resources, this is a shorthand for mapping singleton \resources beneath the current. - # * :has_many - Same has :has_one, but for plural \resources. - # - # You may directly specify the routing association with +has_one+ and +has_many+ like: - # - # map.resources :notes, :has_one => :author, :has_many => [:comments, :attachments] - # - # This is the same as: - # - # map.resources :notes do |notes| - # notes.resource :author - # notes.resources :comments - # notes.resources :attachments - # end - # - # * :path_names - Specify different names for the 'new' and 'edit' actions. For example: - # # new_products_path == '/productos/nuevo' - # map.resources :products, :as => 'productos', :path_names => { :new => 'nuevo', :edit => 'editar' } - # - # You can also set default action names from an environment, like this: - # config.action_controller.resources_path_names = { :new => 'nuevo', :edit => 'editar' } - # - # * :path_prefix - Set a prefix to the routes with required route variables. - # - # Weblog comments usually belong to a post, so you might use +resources+ like: - # - # map.resources :articles - # map.resources :comments, :path_prefix => '/articles/:article_id' - # - # You can nest +resources+ calls to set this automatically: - # - # map.resources :articles do |article| - # article.resources :comments - # end - # - # The comment \resources work the same, but must now include a value for :article_id. - # - # article_comments_url(@article) - # article_comment_url(@article, @comment) - # - # article_comments_url(:article_id => @article) - # article_comment_url(:article_id => @article, :id => @comment) - # - # If you don't want to load all objects from the database you might want to use the article_id directly: - # - # articles_comments_url(@comment.article_id, @comment) - # - # * :name_prefix - Define a prefix for all generated routes, usually ending in an underscore. - # Use this if you have named routes that may clash. - # - # map.resources :tags, :path_prefix => '/books/:book_id', :name_prefix => 'book_' - # map.resources :tags, :path_prefix => '/toys/:toy_id', :name_prefix => 'toy_' - # - # You may also use :name_prefix to override the generic named routes in a nested \resource: - # - # map.resources :articles do |article| - # article.resources :comments, :name_prefix => nil - # end - # - # This will yield named \resources like so: - # - # comments_url(@article) - # comment_url(@article, @comment) - # - # * :shallow - If true, paths for nested resources which reference a specific member - # (ie. those with an :id parameter) will not use the parent path prefix or name prefix. - # - # The :shallow option is inherited by any nested resource(s). - # - # For example, 'users', 'posts' and 'comments' all use shallow paths with the following nested resources: - # - # map.resources :users, :shallow => true do |user| - # user.resources :posts do |post| - # post.resources :comments - # end - # end - # # --> GET /users/1/posts (maps to the PostsController#index action as usual) - # # also adds the usual named route called "user_posts" - # # --> GET /posts/2 (maps to the PostsController#show action as if it were not nested) - # # also adds the named route called "post" - # # --> GET /posts/2/comments (maps to the CommentsController#index action) - # # also adds the named route called "post_comments" - # # --> GET /comments/2 (maps to the CommentsController#show action as if it were not nested) - # # also adds the named route called "comment" - # - # You may also use :shallow in combination with the +has_one+ and +has_many+ shorthand notations like: - # - # map.resources :users, :has_many => { :posts => :comments }, :shallow => true - # - # * :only and :except - Specify which of the seven default actions should be routed to. - # - # :only and :except may be set to :all, :none, an action name or a - # list of action names. By default, routes are generated for all seven actions. - # - # For example: - # - # map.resources :posts, :only => [:index, :show] do |post| - # post.resources :comments, :except => [:update, :destroy] - # end - # # --> GET /posts (maps to the PostsController#index action) - # # --> POST /posts (fails) - # # --> GET /posts/1 (maps to the PostsController#show action) - # # --> DELETE /posts/1 (fails) - # # --> POST /posts/1/comments (maps to the CommentsController#create action) - # # --> PUT /posts/1/comments/1 (fails) - # - # The :only and :except options are inherited by any nested resource(s). - # - # If map.resources is called with multiple resources, they all get the same options applied. - # - # Examples: - # - # map.resources :messages, :path_prefix => "/thread/:thread_id" - # # --> GET /thread/7/messages/1 - # - # map.resources :messages, :collection => { :rss => :get } - # # --> GET /messages/rss (maps to the #rss action) - # # also adds a named route called "rss_messages" - # - # map.resources :messages, :member => { :mark => :post } - # # --> POST /messages/1/mark (maps to the #mark action) - # # also adds a named route called "mark_message" - # - # map.resources :messages, :new => { :preview => :post } - # # --> POST /messages/new/preview (maps to the #preview action) - # # also adds a named route called "preview_new_message" - # - # map.resources :messages, :new => { :new => :any, :preview => :post } - # # --> POST /messages/new/preview (maps to the #preview action) - # # also adds a named route called "preview_new_message" - # # --> /messages/new can be invoked via any request method - # - # map.resources :messages, :controller => "categories", - # :path_prefix => "/category/:category_id", - # :name_prefix => "category_" - # # --> GET /categories/7/messages/1 - # # has named route "category_message" - # - # The +resources+ method sets HTTP method restrictions on the routes it generates. For example, making an - # HTTP POST on new_message_url will raise a RoutingError exception. The default route in - # config/routes.rb overrides this and allows invalid HTTP methods for \resource routes. - def resources(*entities, &block) - options = entities.extract_options! - entities.each { |entity| map_resource(entity, options.dup, &block) } - end - - # Creates named routes for implementing verb-oriented controllers for a singleton \resource. - # A singleton \resource is global to its current context. For unnested singleton \resources, - # the \resource is global to the current user visiting the application, such as a user's - # /account profile. For nested singleton \resources, the \resource is global to its parent - # \resource, such as a projects \resource that has_one :project_manager. - # The project_manager should be mapped as a singleton \resource under projects: - # - # map.resources :projects do |project| - # project.resource :project_manager - # end - # - # See +resources+ for general conventions. These are the main differences: - # * A singular name is given to map.resource. The default controller name is still taken from the plural name. - # * To specify a custom plural name, use the :plural option. There is no :singular option. - # * No default index route is created for the singleton \resource controller. - # * When nesting singleton \resources, only the singular name is used as the path prefix (example: 'account/messages/1') - # - # For example: - # - # map.resource :account - # - # maps these actions in the Accounts controller: - # - # class AccountsController < ActionController::Base - # # GET new_account_url - # def new - # # return an HTML form for describing the new account - # end - # - # # POST account_url - # def create - # # create an account - # end - # - # # GET account_url - # def show - # # find and return the account - # end - # - # # GET edit_account_url - # def edit - # # return an HTML form for editing the account - # end - # - # # PUT account_url - # def update - # # find and update the account - # end - # - # # DELETE account_url - # def destroy - # # delete the account - # end - # end - # - # Along with the routes themselves, +resource+ generates named routes for - # use in controllers and views. map.resource :account produces - # these named routes and helpers: - # - # Named Route Helpers - # ============ ============================================= - # account account_url, hash_for_account_url, - # account_path, hash_for_account_path - # - # new_account new_account_url, hash_for_new_account_url, - # new_account_path, hash_for_new_account_path - # - # edit_account edit_account_url, hash_for_edit_account_url, - # edit_account_path, hash_for_edit_account_path - def resource(*entities, &block) - options = entities.extract_options! - entities.each { |entity| map_singleton_resource(entity, options.dup, &block) } - end - - private - def map_resource(entities, options = {}, &block) - resource = Resource.new(entities, options) - - with_options :controller => resource.controller do |map| - map_collection_actions(map, resource) - map_default_collection_actions(map, resource) - map_new_actions(map, resource) - map_member_actions(map, resource) - - map_associations(resource, options) - - if block_given? - with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) - end - end - end - - def map_singleton_resource(entities, options = {}, &block) - resource = SingletonResource.new(entities, options) - - with_options :controller => resource.controller do |map| - map_collection_actions(map, resource) - map_new_actions(map, resource) - map_member_actions(map, resource) - map_default_singleton_actions(map, resource) - - map_associations(resource, options) - - if block_given? - with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) - end - end - end - - def map_associations(resource, options) - map_has_many_associations(resource, options.delete(:has_many), options) if options[:has_many] - - path_prefix = "#{options.delete(:path_prefix)}#{resource.nesting_path_prefix}" - name_prefix = "#{options.delete(:name_prefix)}#{resource.nesting_name_prefix}" - - Array(options[:has_one]).each do |association| - resource(association, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => path_prefix, :name_prefix => name_prefix)) - end - end - - def map_has_many_associations(resource, associations, options) - case associations - when Hash - associations.each do |association,has_many| - map_has_many_associations(resource, association, options.merge(:has_many => has_many)) - end - when Array - associations.each do |association| - map_has_many_associations(resource, association, options) - end - when Symbol, String - resources(associations, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :has_many => options[:has_many])) - else - end - end - - def map_collection_actions(map, resource) - resource.collection_methods.each do |method, actions| - actions.each do |action| - [method].flatten.each do |m| - map_resource_routes(map, resource, action, "#{resource.path}#{resource.action_separator}#{action}", "#{action}_#{resource.name_prefix}#{resource.plural}", m) - end - end - end - end - - def map_default_collection_actions(map, resource) - index_route_name = "#{resource.name_prefix}#{resource.plural}" - - if resource.uncountable? - index_route_name << "_index" - end - - map_resource_routes(map, resource, :index, resource.path, index_route_name) - map_resource_routes(map, resource, :create, resource.path, index_route_name) - end - - def map_default_singleton_actions(map, resource) - map_resource_routes(map, resource, :create, resource.path, "#{resource.shallow_name_prefix}#{resource.singular}") - end - - def map_new_actions(map, resource) - resource.new_methods.each do |method, actions| - actions.each do |action| - route_path = resource.new_path - route_name = "new_#{resource.name_prefix}#{resource.singular}" - - unless action == :new - route_path = "#{route_path}#{resource.action_separator}#{action}" - route_name = "#{action}_#{route_name}" - end - - map_resource_routes(map, resource, action, route_path, route_name, method) - end - end - end - - def map_member_actions(map, resource) - resource.member_methods.each do |method, actions| - actions.each do |action| - [method].flatten.each do |m| - action_path = resource.options[:path_names][action] if resource.options[:path_names].is_a?(Hash) - action_path ||= Base.resources_path_names[action] || action - - map_resource_routes(map, resource, action, "#{resource.member_path}#{resource.action_separator}#{action_path}", "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", m) - end - end - end - - route_path = "#{resource.shallow_name_prefix}#{resource.singular}" - map_resource_routes(map, resource, :show, resource.member_path, route_path) - map_resource_routes(map, resource, :update, resource.member_path, route_path) - map_resource_routes(map, resource, :destroy, resource.member_path, route_path) - end - - def map_resource_routes(map, resource, action, route_path, route_name = nil, method = nil) - if resource.has_action?(action) - action_options = action_options_for(action, resource, method) - formatted_route_path = "#{route_path}.:format" - - if route_name && @set.named_routes[route_name.to_sym].nil? - map.named_route(route_name, formatted_route_path, action_options) - else - map.connect(formatted_route_path, action_options) - end - end - end - - def add_conditions_for(conditions, method) - returning({:conditions => conditions.dup}) do |options| - options[:conditions][:method] = method unless method == :any - end - end - - def action_options_for(action, resource, method = nil) - default_options = { :action => action.to_s } - require_id = !resource.kind_of?(SingletonResource) - - case default_options[:action] - when "index", "new"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements) - when "create"; default_options.merge(add_conditions_for(resource.conditions, method || :post)).merge(resource.requirements) - when "show", "edit"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements(require_id)) - when "update"; default_options.merge(add_conditions_for(resource.conditions, method || :put)).merge(resource.requirements(require_id)) - when "destroy"; default_options.merge(add_conditions_for(resource.conditions, method || :delete)).merge(resource.requirements(require_id)) - else default_options.merge(add_conditions_for(resource.conditions, method)).merge(resource.requirements) - end - end - end -end diff --git a/actionpack/lib/action_controller/response.rb b/actionpack/lib/action_controller/response.rb deleted file mode 100644 index 27860a6207..0000000000 --- a/actionpack/lib/action_controller/response.rb +++ /dev/null @@ -1,255 +0,0 @@ -require 'digest/md5' - -module ActionController # :nodoc: - # Represents an HTTP response generated by a controller action. One can use - # an ActionController::Response object to retrieve the current state - # of the response, or customize the response. An Response object can - # either represent a "real" HTTP response (i.e. one that is meant to be sent - # back to the web browser) or a test response (i.e. one that is generated - # from integration tests). See CgiResponse and TestResponse, respectively. - # - # Response is mostly a Ruby on Rails framework implement detail, and - # should never be used directly in controllers. Controllers should use the - # methods defined in ActionController::Base instead. For example, if you want - # to set the HTTP response's content MIME type, then use - # ActionControllerBase#headers instead of Response#headers. - # - # Nevertheless, integration tests may want to inspect controller responses in - # more detail, and that's when Response can be useful for application - # developers. Integration test methods such as - # ActionController::Integration::Session#get and - # ActionController::Integration::Session#post return objects of type - # TestResponse (which are of course also of type Response). - # - # For example, the following demo integration "test" prints the body of the - # controller response to the console: - # - # class DemoControllerTest < ActionController::IntegrationTest - # def test_print_root_path_to_console - # get('/') - # puts @response.body - # end - # end - class Response < Rack::Response - DEFAULT_HEADERS = { "Cache-Control" => "no-cache" } - attr_accessor :request - - attr_accessor :session, :assigns, :template, :layout - attr_accessor :redirected_to, :redirected_to_method_params - - delegate :default_charset, :to => 'ActionController::Base' - - def initialize - @status = 200 - @header = DEFAULT_HEADERS.dup - - @writer = lambda { |x| @body << x } - @block = nil - - @body = "", - @session, @assigns = [], [] - end - - def location; headers['Location'] end - def location=(url) headers['Location'] = url end - - - # Sets the HTTP response's content MIME type. For example, in the controller - # you could write this: - # - # response.content_type = "text/plain" - # - # If a character set has been defined for this response (see charset=) then - # the character set information will also be included in the content type - # information. - def content_type=(mime_type) - self.headers["Content-Type"] = - if mime_type =~ /charset/ || (c = charset).nil? - mime_type.to_s - else - "#{mime_type}; charset=#{c}" - end - end - - # Returns the response's content MIME type, or nil if content type has been set. - def content_type - content_type = String(headers["Content-Type"] || headers["type"]).split(";")[0] - content_type.blank? ? nil : content_type - end - - # Set the charset of the Content-Type header. Set to nil to remove it. - # If no content type is set, it defaults to HTML. - def charset=(charset) - headers["Content-Type"] = - if charset - "#{content_type || Mime::HTML}; charset=#{charset}" - else - content_type || Mime::HTML.to_s - end - end - - def charset - charset = String(headers["Content-Type"] || headers["type"]).split(";")[1] - charset.blank? ? nil : charset.strip.split("=")[1] - end - - def last_modified - if last = headers['Last-Modified'] - Time.httpdate(last) - end - end - - def last_modified? - headers.include?('Last-Modified') - end - - def last_modified=(utc_time) - headers['Last-Modified'] = utc_time.httpdate - end - - def etag - headers['ETag'] - end - - def etag? - headers.include?('ETag') - end - - def etag=(etag) - if etag.blank? - headers.delete('ETag') - else - headers['ETag'] = %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(etag))}") - end - end - - def redirect(url, status) - self.status = status - self.location = url.gsub(/[\r\n]/, '') - self.body = "You are being redirected." - end - - def sending_file? - headers["Content-Transfer-Encoding"] == "binary" - end - - def assign_default_content_type_and_charset! - self.content_type ||= Mime::HTML - self.charset ||= default_charset unless sending_file? - end - - def prepare! - assign_default_content_type_and_charset! - handle_conditional_get! - set_content_length! - convert_content_type! - convert_language! - convert_expires! - convert_cookies! - end - - def each(&callback) - if @body.respond_to?(:call) - @writer = lambda { |x| callback.call(x) } - @body.call(self, self) - elsif @body.is_a?(String) - @body.each_line(&callback) - else - @body.each(&callback) - end - - @writer = callback - @block.call(self) if @block - end - - def write(str) - @writer.call str.to_s - str - end - - # Over Rack::Response#set_cookie to add HttpOnly option - def set_cookie(key, value) - case value - when Hash - domain = "; domain=" + value[:domain] if value[:domain] - path = "; path=" + value[:path] if value[:path] - # According to RFC 2109, we need dashes here. - # N.B.: cgi.rb uses spaces... - expires = "; expires=" + value[:expires].clone.gmtime. - strftime("%a, %d-%b-%Y %H:%M:%S GMT") if value[:expires] - secure = "; secure" if value[:secure] - httponly = "; HttpOnly" if value[:http_only] - value = value[:value] - end - value = [value] unless Array === value - cookie = ::Rack::Utils.escape(key) + "=" + - value.map { |v| ::Rack::Utils.escape v }.join("&") + - "#{domain}#{path}#{expires}#{secure}#{httponly}" - - case self["Set-Cookie"] - when Array - self["Set-Cookie"] << cookie - when String - self["Set-Cookie"] = [self["Set-Cookie"], cookie] - when nil - self["Set-Cookie"] = cookie - end - end - - private - def handle_conditional_get! - if etag? || last_modified? - set_conditional_cache_control! - elsif nonempty_ok_response? - self.etag = body - - if request && request.etag_matches?(etag) - self.status = '304 Not Modified' - self.body = '' - end - - set_conditional_cache_control! - end - end - - def nonempty_ok_response? - ok = !status || status.to_s[0..2] == '200' - ok && body.is_a?(String) && !body.empty? - end - - def set_conditional_cache_control! - if headers['Cache-Control'] == DEFAULT_HEADERS['Cache-Control'] - headers['Cache-Control'] = 'private, max-age=0, must-revalidate' - end - end - - def convert_content_type! - headers['Content-Type'] ||= "text/html" - headers['Content-Type'] += "; charset=" + headers.delete('charset') if headers['charset'] - end - - # Don't set the Content-Length for block-based bodies as that would mean - # reading it all into memory. Not nice for, say, a 2GB streaming file. - def set_content_length! - if status && status.to_s[0..2] == '204' - headers.delete('Content-Length') - elsif length = headers['Content-Length'] - headers['Content-Length'] = length.to_s - elsif !body.respond_to?(:call) && (!status || status.to_s[0..2] != '304') - headers["Content-Length"] = body.size.to_s - end - end - - def convert_language! - headers["Content-Language"] = headers.delete("language") if headers["language"] - end - - def convert_expires! - headers["Expires"] = headers.delete("") if headers["expires"] - end - - def convert_cookies! - headers['Set-Cookie'] = Array(headers['Set-Cookie']).compact - end - end -end diff --git a/actionpack/lib/action_controller/rewindable_input.rb b/actionpack/lib/action_controller/rewindable_input.rb deleted file mode 100644 index 36f655c51e..0000000000 --- a/actionpack/lib/action_controller/rewindable_input.rb +++ /dev/null @@ -1,28 +0,0 @@ -module ActionController - class RewindableInput - class RewindableIO < ActiveSupport::BasicObject - def initialize(io) - @io = io - @rewindable = io.is_a?(StringIO) - end - - def method_missing(method, *args, &block) - unless @rewindable - @io = StringIO.new(@io.read) - @rewindable = true - end - - @io.__send__(method, *args, &block) - end - end - - def initialize(app) - @app = app - end - - def call(env) - env['rack.input'] = RewindableIO.new(env['rack.input']) - @app.call(env) - end - end -end diff --git a/actionpack/lib/action_controller/routing/generation/polymorphic_routes.rb b/actionpack/lib/action_controller/routing/generation/polymorphic_routes.rb new file mode 100644 index 0000000000..924d1aa6bd --- /dev/null +++ b/actionpack/lib/action_controller/routing/generation/polymorphic_routes.rb @@ -0,0 +1,201 @@ +module ActionController + # Polymorphic URL helpers are methods for smart resolution to a named route call when + # given an Active Record model instance. They are to be used in combination with + # ActionController::Resources. + # + # These methods are useful when you want to generate correct URL or path to a RESTful + # resource without having to know the exact type of the record in question. + # + # Nested resources and/or namespaces are also supported, as illustrated in the example: + # + # polymorphic_url([:admin, @article, @comment]) + # + # results in: + # + # admin_article_comment_url(@article, @comment) + # + # == Usage within the framework + # + # Polymorphic URL helpers are used in a number of places throughout the Rails framework: + # + # * url_for, so you can use it with a record as the argument, e.g. + # url_for(@article); + # * ActionView::Helpers::FormHelper uses polymorphic_path, so you can write + # form_for(@article) without having to specify :url parameter for the form + # action; + # * redirect_to (which, in fact, uses url_for) so you can write + # redirect_to(post) in your controllers; + # * ActionView::Helpers::AtomFeedHelper, so you don't have to explicitly specify URLs + # for feed entries. + # + # == Prefixed polymorphic helpers + # + # In addition to polymorphic_url and polymorphic_path methods, a + # number of prefixed helpers are available as a shorthand to :action => "..." + # in options. Those are: + # + # * edit_polymorphic_url, edit_polymorphic_path + # * new_polymorphic_url, new_polymorphic_path + # + # Example usage: + # + # edit_polymorphic_path(@post) # => "/posts/1/edit" + # polymorphic_path(@post, :format => :pdf) # => "/posts/1.pdf" + module PolymorphicRoutes + # Constructs a call to a named RESTful route for the given record and returns the + # resulting URL string. For example: + # + # # calls post_url(post) + # polymorphic_url(post) # => "http://example.com/posts/1" + # polymorphic_url([blog, post]) # => "http://example.com/blogs/1/posts/1" + # polymorphic_url([:admin, blog, post]) # => "http://example.com/admin/blogs/1/posts/1" + # polymorphic_url([user, :blog, post]) # => "http://example.com/users/1/blog/posts/1" + # + # ==== Options + # + # * :action - Specifies the action prefix for the named route: + # :new or :edit. Default is no prefix. + # * :routing_type - Allowed values are :path or :url. + # Default is :url. + # + # ==== Examples + # + # # an Article record + # polymorphic_url(record) # same as article_url(record) + # + # # a Comment record + # polymorphic_url(record) # same as comment_url(record) + # + # # it recognizes new records and maps to the collection + # record = Comment.new + # polymorphic_url(record) # same as comments_url() + # + def polymorphic_url(record_or_hash_or_array, options = {}) + if record_or_hash_or_array.kind_of?(Array) + record_or_hash_or_array = record_or_hash_or_array.compact + record_or_hash_or_array = record_or_hash_or_array[0] if record_or_hash_or_array.size == 1 + end + + record = extract_record(record_or_hash_or_array) + namespace = extract_namespace(record_or_hash_or_array) + + args = case record_or_hash_or_array + when Hash; [ record_or_hash_or_array ] + when Array; record_or_hash_or_array.dup + else [ record_or_hash_or_array ] + end + + inflection = + case + when options[:action].to_s == "new" + args.pop + :singular + when record.respond_to?(:new_record?) && record.new_record? + args.pop + :plural + else + :singular + end + + args.delete_if {|arg| arg.is_a?(Symbol) || arg.is_a?(String)} + + named_route = build_named_route_call(record_or_hash_or_array, namespace, inflection, options) + + url_options = options.except(:action, :routing_type) + unless url_options.empty? + args.last.kind_of?(Hash) ? args.last.merge!(url_options) : args << url_options + end + + __send__(named_route, *args) + end + + # Returns the path component of a URL for the given record. It uses + # polymorphic_url with :routing_type => :path. + def polymorphic_path(record_or_hash_or_array, options = {}) + options[:routing_type] = :path + polymorphic_url(record_or_hash_or_array, options) + end + + %w(edit new).each do |action| + module_eval <<-EOT, __FILE__, __LINE__ + def #{action}_polymorphic_url(record_or_hash, options = {}) # def edit_polymorphic_url(record_or_hash, options = {}) + polymorphic_url( # polymorphic_url( + record_or_hash, # record_or_hash, + options.merge(:action => "#{action}")) # options.merge(:action => "edit")) + end # end + # + def #{action}_polymorphic_path(record_or_hash, options = {}) # def edit_polymorphic_path(record_or_hash, options = {}) + polymorphic_url( # polymorphic_url( + record_or_hash, # record_or_hash, + options.merge(:action => "#{action}", :routing_type => :path)) # options.merge(:action => "edit", :routing_type => :path)) + end # end + EOT + end + + def formatted_polymorphic_url(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_url has been deprecated. Please pass :format to the polymorphic_url method instead", caller) + options[:format] = record_or_hash.pop if Array === record_or_hash + polymorphic_url(record_or_hash, options) + end + + def formatted_polymorphic_path(record_or_hash, options = {}) + ActiveSupport::Deprecation.warn("formatted_polymorphic_path has been deprecated. Please pass :format to the polymorphic_path method instead", caller) + options[:format] = record_or_hash.pop if record_or_hash === Array + polymorphic_url(record_or_hash, options.merge(:routing_type => :path)) + end + + private + def action_prefix(options) + options[:action] ? "#{options[:action]}_" : '' + end + + def routing_type(options) + options[:routing_type] || :url + end + + def build_named_route_call(records, namespace, inflection, options = {}) + unless records.is_a?(Array) + record = extract_record(records) + route = '' + else + record = records.pop + route = records.inject("") do |string, parent| + if parent.is_a?(Symbol) || parent.is_a?(String) + string << "#{parent}_" + else + string << "#{RecordIdentifier.__send__("singular_class_name", parent)}_" + end + end + end + + if record.is_a?(Symbol) || record.is_a?(String) + route << "#{record}_" + else + route << "#{RecordIdentifier.__send__("#{inflection}_class_name", record)}_" + end + + action_prefix(options) + namespace + route + routing_type(options).to_s + end + + def extract_record(record_or_hash_or_array) + case record_or_hash_or_array + when Array; record_or_hash_or_array.last + when Hash; record_or_hash_or_array[:id] + else record_or_hash_or_array + end + end + + # Remove the first symbols from the array and return the url prefix + # implied by those symbols. + def extract_namespace(record_or_hash_or_array) + return "" unless record_or_hash_or_array.is_a?(Array) + + namespace_keys = [] + while (key = record_or_hash_or_array.first) && key.is_a?(String) || key.is_a?(Symbol) + namespace_keys << record_or_hash_or_array.shift + end + + namespace_keys.map {|k| "#{k}_"}.join + end + end +end diff --git a/actionpack/lib/action_controller/routing/generation/url_rewriter.rb b/actionpack/lib/action_controller/routing/generation/url_rewriter.rb new file mode 100644 index 0000000000..d86e2db67d --- /dev/null +++ b/actionpack/lib/action_controller/routing/generation/url_rewriter.rb @@ -0,0 +1,219 @@ +module ActionController + # In routes.rb one defines URL-to-controller mappings, but the reverse + # is also possible: an URL can be generated from one of your routing definitions. + # URL generation functionality is centralized in this module. + # + # See ActionController::Routing and ActionController::Resources for general + # information about routing and routes.rb. + # + # Tip: If you need to generate URLs from your models or some other place, + # then ActionController::UrlWriter is what you're looking for. Read on for + # an introduction. + # + # == URL generation from parameters + # + # As you may know, some functions - such as ActionController::Base#url_for + # and ActionView::Helpers::UrlHelper#link_to, can generate URLs given a set + # of parameters. For example, you've probably had the chance to write code + # like this in one of your views: + # + # <%= link_to('Click here', :controller => 'users', + # :action => 'new', :message => 'Welcome!') %> + # + # #=> Generates a link to: /users/new?message=Welcome%21 + # + # link_to, and all other functions that require URL generation functionality, + # actually use ActionController::UrlWriter under the hood. And in particular, + # they use the ActionController::UrlWriter#url_for method. One can generate + # the same path as the above example by using the following code: + # + # include UrlWriter + # url_for(:controller => 'users', + # :action => 'new', + # :message => 'Welcome!', + # :only_path => true) + # # => "/users/new?message=Welcome%21" + # + # Notice the :only_path => true part. This is because UrlWriter has no + # information about the website hostname that your Rails app is serving. So if you + # want to include the hostname as well, then you must also pass the :host + # argument: + # + # include UrlWriter + # url_for(:controller => 'users', + # :action => 'new', + # :message => 'Welcome!', + # :host => 'www.example.com') # Changed this. + # # => "http://www.example.com/users/new?message=Welcome%21" + # + # By default, all controllers and views have access to a special version of url_for, + # that already knows what the current hostname is. So if you use url_for in your + # controllers or your views, then you don't need to explicitly pass the :host + # argument. + # + # For convenience reasons, mailers provide a shortcut for ActionController::UrlWriter#url_for. + # So within mailers, you only have to type 'url_for' instead of 'ActionController::UrlWriter#url_for' + # in full. However, mailers don't have hostname information, and what's why you'll still + # have to specify the :host argument when generating URLs in mailers. + # + # + # == URL generation for named routes + # + # UrlWriter also allows one to access methods that have been auto-generated from + # named routes. For example, suppose that you have a 'users' resource in your + # routes.rb: + # + # map.resources :users + # + # This generates, among other things, the method users_path. By default, + # this method is accessible from your controllers, views and mailers. If you need + # to access this auto-generated method from other places (such as a model), then + # you can do that in two ways. + # + # The first way is to include ActionController::UrlWriter in your class: + # + # class User < ActiveRecord::Base + # include ActionController::UrlWriter # !!! + # + # def name=(value) + # write_attribute('name', value) + # write_attribute('base_uri', users_path) # !!! + # end + # end + # + # The second way is to access them through ActionController::UrlWriter. + # The autogenerated named routes methods are available as class methods: + # + # class User < ActiveRecord::Base + # def name=(value) + # write_attribute('name', value) + # path = ActionController::UrlWriter.users_path # !!! + # write_attribute('base_uri', path) # !!! + # end + # end + module UrlWriter + # The default options for urls written by this writer. Typically a :host + # pair is provided. + mattr_accessor :default_url_options + self.default_url_options = {} + + def self.included(base) #:nodoc: + ActionController::Routing::Routes.install_helpers(base) + base.mattr_accessor :default_url_options + base.default_url_options ||= default_url_options + end + + # Generate a url based on the options provided, default_url_options and the + # routes defined in routes.rb. The following options are supported: + # + # * :only_path - If true, the relative url is returned. Defaults to +false+. + # * :protocol - The protocol to connect to. Defaults to 'http'. + # * :host - Specifies the host the link should be targetted at. + # If :only_path is false, this option must be + # provided either explicitly, or via +default_url_options+. + # * :port - Optionally specify the port to connect to. + # * :anchor - An anchor name to be appended to the path. + # * :skip_relative_url_root - If true, the url is not constructed using the + # +relative_url_root+ set in ActionController::Base.relative_url_root. + # * :trailing_slash - If true, adds a trailing slash, as in "/archive/2009/" + # + # Any other key (:controller, :action, etc.) given to + # +url_for+ is forwarded to the Routes module. + # + # Examples: + # + # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :port=>'8080' # => 'http://somehost.org:8080/tasks/testing' + # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :anchor => 'ok', :only_path => true # => '/tasks/testing#ok' + # url_for :controller => 'tasks', :action => 'testing', :trailing_slash=>true # => 'http://somehost.org/tasks/testing/' + # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :number => '33' # => 'http://somehost.org/tasks/testing?number=33' + def url_for(options) + options = self.class.default_url_options.merge(options) + + url = '' + + unless options.delete(:only_path) + url << (options.delete(:protocol) || 'http') + url << '://' unless url.match("://") + + raise "Missing host to link to! Please provide :host parameter or set default_url_options[:host]" unless options[:host] + + url << options.delete(:host) + url << ":#{options.delete(:port)}" if options.key?(:port) + else + # Delete the unused options to prevent their appearance in the query string. + [:protocol, :host, :port, :skip_relative_url_root].each { |k| options.delete(k) } + end + trailing_slash = options.delete(:trailing_slash) if options.key?(:trailing_slash) + url << ActionController::Base.relative_url_root.to_s unless options[:skip_relative_url_root] + anchor = "##{CGI.escape options.delete(:anchor).to_param.to_s}" if options[:anchor] + generated = Routing::Routes.generate(options, {}) + url << (trailing_slash ? generated.sub(/\?|\z/) { "/" + $& } : generated) + url << anchor if anchor + + url + end + end + + # Rewrites URLs for Base.redirect_to and Base.url_for in the controller. + class UrlRewriter #:nodoc: + RESERVED_OPTIONS = [:anchor, :params, :only_path, :host, :protocol, :port, :trailing_slash, :skip_relative_url_root] + def initialize(request, parameters) + @request, @parameters = request, parameters + end + + def rewrite(options = {}) + rewrite_url(options) + end + + def to_str + "#{@request.protocol}, #{@request.host_with_port}, #{@request.path}, #{@parameters[:controller]}, #{@parameters[:action]}, #{@request.parameters.inspect}" + end + + alias_method :to_s, :to_str + + private + # Given a path and options, returns a rewritten URL string + def rewrite_url(options) + rewritten_url = "" + + unless options[:only_path] + rewritten_url << (options[:protocol] || @request.protocol) + rewritten_url << "://" unless rewritten_url.match("://") + rewritten_url << rewrite_authentication(options) + rewritten_url << (options[:host] || @request.host_with_port) + rewritten_url << ":#{options.delete(:port)}" if options.key?(:port) + end + + path = rewrite_path(options) + rewritten_url << ActionController::Base.relative_url_root.to_s unless options[:skip_relative_url_root] + rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path) + rewritten_url << "##{options[:anchor]}" if options[:anchor] + + rewritten_url + end + + # Given a Hash of options, generates a route + def rewrite_path(options) + options = options.symbolize_keys + options.update(options[:params].symbolize_keys) if options[:params] + + if (overwrite = options.delete(:overwrite_params)) + options.update(@parameters.symbolize_keys) + options.update(overwrite.symbolize_keys) + end + + RESERVED_OPTIONS.each { |k| options.delete(k) } + + # Generates the query string, too + Routing::Routes.generate(options, @request.symbolized_path_parameters) + end + + def rewrite_authentication(options) + if options[:user] && options[:password] + "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@" + else + "" + end + end + end +end diff --git a/actionpack/lib/action_controller/routing/resources.rb b/actionpack/lib/action_controller/routing/resources.rb new file mode 100644 index 0000000000..e8988aa737 --- /dev/null +++ b/actionpack/lib/action_controller/routing/resources.rb @@ -0,0 +1,674 @@ +module ActionController + # == Overview + # + # ActionController::Resources are a way of defining RESTful \resources. A RESTful \resource, in basic terms, + # is something that can be pointed at and it will respond with a representation of the data requested. + # In real terms this could mean a user with a browser requests an HTML page, or that a desktop application + # requests XML data. + # + # RESTful design is based on the assumption that there are four generic verbs that a user of an + # application can request from a \resource (the noun). + # + # \Resources can be requested using four basic HTTP verbs (GET, POST, PUT, DELETE), the method used + # denotes the type of action that should take place. + # + # === The Different Methods and their Usage + # + # * GET - Requests for a \resource, no saving or editing of a \resource should occur in a GET request. + # * POST - Creation of \resources. + # * PUT - Editing of attributes on a \resource. + # * DELETE - Deletion of a \resource. + # + # === Examples + # + # # A GET request on the Posts resource is asking for all Posts + # GET /posts + # + # # A GET request on a single Post resource is asking for that particular Post + # GET /posts/1 + # + # # A POST request on the Posts resource is asking for a Post to be created with the supplied details + # POST /posts # with => { :post => { :title => "My Whizzy New Post", :body => "I've got a brand new combine harvester" } } + # + # # A PUT request on a single Post resource is asking for a Post to be updated + # PUT /posts # with => { :id => 1, :post => { :title => "Changed Whizzy Title" } } + # + # # A DELETE request on a single Post resource is asking for it to be deleted + # DELETE /posts # with => { :id => 1 } + # + # By using the REST convention, users of our application can assume certain things about how the data + # is requested and how it is returned. Rails simplifies the routing part of RESTful design by + # supplying you with methods to create them in your routes.rb file. + # + # Read more about REST at http://en.wikipedia.org/wiki/Representational_State_Transfer + module Resources + INHERITABLE_OPTIONS = :namespace, :shallow, :actions + + class Resource #:nodoc: + DEFAULT_ACTIONS = :index, :create, :new, :edit, :show, :update, :destroy + + attr_reader :collection_methods, :member_methods, :new_methods + attr_reader :path_prefix, :name_prefix, :path_segment + attr_reader :plural, :singular + attr_reader :options + + def initialize(entities, options) + @plural ||= entities + @singular ||= options[:singular] || plural.to_s.singularize + @path_segment = options.delete(:as) || @plural + + @options = options + + arrange_actions + add_default_actions + set_allowed_actions + set_prefixes + end + + def controller + @controller ||= "#{options[:namespace]}#{(options[:controller] || plural).to_s}" + end + + def requirements(with_id = false) + @requirements ||= @options[:requirements] || {} + @id_requirement ||= { :id => @requirements.delete(:id) || /[^#{Routing::SEPARATORS.join}]+/ } + + with_id ? @requirements.merge(@id_requirement) : @requirements + end + + def conditions + @conditions ||= @options[:conditions] || {} + end + + def path + @path ||= "#{path_prefix}/#{path_segment}" + end + + def new_path + new_action = self.options[:path_names][:new] if self.options[:path_names] + new_action ||= Base.resources_path_names[:new] + @new_path ||= "#{path}/#{new_action}" + end + + def shallow_path_prefix + @shallow_path_prefix ||= "#{path_prefix unless @options[:shallow]}" + end + + def member_path + @member_path ||= "#{shallow_path_prefix}/#{path_segment}/:id" + end + + def nesting_path_prefix + @nesting_path_prefix ||= "#{shallow_path_prefix}/#{path_segment}/:#{singular}_id" + end + + def shallow_name_prefix + @shallow_name_prefix ||= "#{name_prefix unless @options[:shallow]}" + end + + def nesting_name_prefix + "#{shallow_name_prefix}#{singular}_" + end + + def action_separator + @action_separator ||= Base.resource_action_separator + end + + def uncountable? + @singular.to_s == @plural.to_s + end + + def has_action?(action) + !DEFAULT_ACTIONS.include?(action) || @options[:actions].nil? || @options[:actions].include?(action) + end + + protected + def arrange_actions + @collection_methods = arrange_actions_by_methods(options.delete(:collection)) + @member_methods = arrange_actions_by_methods(options.delete(:member)) + @new_methods = arrange_actions_by_methods(options.delete(:new)) + end + + def add_default_actions + add_default_action(member_methods, :get, :edit) + add_default_action(new_methods, :get, :new) + end + + def set_allowed_actions + only = @options.delete(:only) + except = @options.delete(:except) + + if only && except + raise ArgumentError, 'Please supply either :only or :except, not both.' + elsif only == :all || except == :none + options[:actions] = DEFAULT_ACTIONS + elsif only == :none || except == :all + options[:actions] = [] + elsif only + options[:actions] = DEFAULT_ACTIONS & Array(only).map(&:to_sym) + elsif except + options[:actions] = DEFAULT_ACTIONS - Array(except).map(&:to_sym) + else + # leave options[:actions] alone + end + end + + def set_prefixes + @path_prefix = options.delete(:path_prefix) + @name_prefix = options.delete(:name_prefix) + end + + def arrange_actions_by_methods(actions) + (actions || {}).inject({}) do |flipped_hash, (key, value)| + (flipped_hash[value] ||= []) << key + flipped_hash + end + end + + def add_default_action(collection, method, action) + (collection[method] ||= []).unshift(action) + end + end + + class SingletonResource < Resource #:nodoc: + def initialize(entity, options) + @singular = @plural = entity + options[:controller] ||= @singular.to_s.pluralize + super + end + + alias_method :shallow_path_prefix, :path_prefix + alias_method :shallow_name_prefix, :name_prefix + alias_method :member_path, :path + alias_method :nesting_path_prefix, :path + end + + # Creates named routes for implementing verb-oriented controllers + # for a collection \resource. + # + # For example: + # + # map.resources :messages + # + # will map the following actions in the corresponding controller: + # + # class MessagesController < ActionController::Base + # # GET messages_url + # def index + # # return all messages + # end + # + # # GET new_message_url + # def new + # # return an HTML form for describing a new message + # end + # + # # POST messages_url + # def create + # # create a new message + # end + # + # # GET message_url(:id => 1) + # def show + # # find and return a specific message + # end + # + # # GET edit_message_url(:id => 1) + # def edit + # # return an HTML form for editing a specific message + # end + # + # # PUT message_url(:id => 1) + # def update + # # find and update a specific message + # end + # + # # DELETE message_url(:id => 1) + # def destroy + # # delete a specific message + # end + # end + # + # Along with the routes themselves, +resources+ generates named routes for use in + # controllers and views. map.resources :messages produces the following named routes and helpers: + # + # Named Route Helpers + # ============ ===================================================== + # messages messages_url, hash_for_messages_url, + # messages_path, hash_for_messages_path + # + # message message_url(id), hash_for_message_url(id), + # message_path(id), hash_for_message_path(id) + # + # new_message new_message_url, hash_for_new_message_url, + # new_message_path, hash_for_new_message_path + # + # edit_message edit_message_url(id), hash_for_edit_message_url(id), + # edit_message_path(id), hash_for_edit_message_path(id) + # + # You can use these helpers instead of +url_for+ or methods that take +url_for+ parameters. For example: + # + # redirect_to :controller => 'messages', :action => 'index' + # # and + # <%= link_to "edit this message", :controller => 'messages', :action => 'edit', :id => @message.id %> + # + # now become: + # + # redirect_to messages_url + # # and + # <%= link_to "edit this message", edit_message_url(@message) # calls @message.id automatically + # + # Since web browsers don't support the PUT and DELETE verbs, you will need to add a parameter '_method' to your + # form tags. The form helpers make this a little easier. For an update form with a @message object: + # + # <%= form_tag message_path(@message), :method => :put %> + # + # or + # + # <% form_for :message, @message, :url => message_path(@message), :html => {:method => :put} do |f| %> + # + # or + # + # <% form_for @message do |f| %> + # + # which takes into account whether @message is a new record or not and generates the + # path and method accordingly. + # + # The +resources+ method accepts the following options to customize the resulting routes: + # * :collection - Add named routes for other actions that operate on the collection. + # Takes a hash of #{action} => #{method}, where method is :get/:post/:put/:delete, + # an array of any of the previous, or :any if the method does not matter. + # These routes map to a URL like /messages/rss, with a route of +rss_messages_url+. + # * :member - Same as :collection, but for actions that operate on a specific member. + # * :new - Same as :collection, but for actions that operate on the new \resource action. + # * :controller - Specify the controller name for the routes. + # * :singular - Specify the singular name used in the member routes. + # * :requirements - Set custom routing parameter requirements; this is a hash of either + # regular expressions (which must match for the route to match) or extra parameters. For example: + # + # map.resource :profile, :path_prefix => ':name', :requirements => { :name => /[a-zA-Z]+/, :extra => 'value' } + # + # will only match if the first part is alphabetic, and will pass the parameter :extra to the controller. + # * :conditions - Specify custom routing recognition conditions. \Resources sets the :method value for the method-specific routes. + # * :as - Specify a different \resource name to use in the URL path. For example: + # # products_path == '/productos' + # map.resources :products, :as => 'productos' do |product| + # # product_reviews_path(product) == '/productos/1234/comentarios' + # product.resources :product_reviews, :as => 'comentarios' + # end + # + # * :has_one - Specify nested \resources, this is a shorthand for mapping singleton \resources beneath the current. + # * :has_many - Same has :has_one, but for plural \resources. + # + # You may directly specify the routing association with +has_one+ and +has_many+ like: + # + # map.resources :notes, :has_one => :author, :has_many => [:comments, :attachments] + # + # This is the same as: + # + # map.resources :notes do |notes| + # notes.resource :author + # notes.resources :comments + # notes.resources :attachments + # end + # + # * :path_names - Specify different names for the 'new' and 'edit' actions. For example: + # # new_products_path == '/productos/nuevo' + # map.resources :products, :as => 'productos', :path_names => { :new => 'nuevo', :edit => 'editar' } + # + # You can also set default action names from an environment, like this: + # config.action_controller.resources_path_names = { :new => 'nuevo', :edit => 'editar' } + # + # * :path_prefix - Set a prefix to the routes with required route variables. + # + # Weblog comments usually belong to a post, so you might use +resources+ like: + # + # map.resources :articles + # map.resources :comments, :path_prefix => '/articles/:article_id' + # + # You can nest +resources+ calls to set this automatically: + # + # map.resources :articles do |article| + # article.resources :comments + # end + # + # The comment \resources work the same, but must now include a value for :article_id. + # + # article_comments_url(@article) + # article_comment_url(@article, @comment) + # + # article_comments_url(:article_id => @article) + # article_comment_url(:article_id => @article, :id => @comment) + # + # If you don't want to load all objects from the database you might want to use the article_id directly: + # + # articles_comments_url(@comment.article_id, @comment) + # + # * :name_prefix - Define a prefix for all generated routes, usually ending in an underscore. + # Use this if you have named routes that may clash. + # + # map.resources :tags, :path_prefix => '/books/:book_id', :name_prefix => 'book_' + # map.resources :tags, :path_prefix => '/toys/:toy_id', :name_prefix => 'toy_' + # + # You may also use :name_prefix to override the generic named routes in a nested \resource: + # + # map.resources :articles do |article| + # article.resources :comments, :name_prefix => nil + # end + # + # This will yield named \resources like so: + # + # comments_url(@article) + # comment_url(@article, @comment) + # + # * :shallow - If true, paths for nested resources which reference a specific member + # (ie. those with an :id parameter) will not use the parent path prefix or name prefix. + # + # The :shallow option is inherited by any nested resource(s). + # + # For example, 'users', 'posts' and 'comments' all use shallow paths with the following nested resources: + # + # map.resources :users, :shallow => true do |user| + # user.resources :posts do |post| + # post.resources :comments + # end + # end + # # --> GET /users/1/posts (maps to the PostsController#index action as usual) + # # also adds the usual named route called "user_posts" + # # --> GET /posts/2 (maps to the PostsController#show action as if it were not nested) + # # also adds the named route called "post" + # # --> GET /posts/2/comments (maps to the CommentsController#index action) + # # also adds the named route called "post_comments" + # # --> GET /comments/2 (maps to the CommentsController#show action as if it were not nested) + # # also adds the named route called "comment" + # + # You may also use :shallow in combination with the +has_one+ and +has_many+ shorthand notations like: + # + # map.resources :users, :has_many => { :posts => :comments }, :shallow => true + # + # * :only and :except - Specify which of the seven default actions should be routed to. + # + # :only and :except may be set to :all, :none, an action name or a + # list of action names. By default, routes are generated for all seven actions. + # + # For example: + # + # map.resources :posts, :only => [:index, :show] do |post| + # post.resources :comments, :except => [:update, :destroy] + # end + # # --> GET /posts (maps to the PostsController#index action) + # # --> POST /posts (fails) + # # --> GET /posts/1 (maps to the PostsController#show action) + # # --> DELETE /posts/1 (fails) + # # --> POST /posts/1/comments (maps to the CommentsController#create action) + # # --> PUT /posts/1/comments/1 (fails) + # + # The :only and :except options are inherited by any nested resource(s). + # + # If map.resources is called with multiple resources, they all get the same options applied. + # + # Examples: + # + # map.resources :messages, :path_prefix => "/thread/:thread_id" + # # --> GET /thread/7/messages/1 + # + # map.resources :messages, :collection => { :rss => :get } + # # --> GET /messages/rss (maps to the #rss action) + # # also adds a named route called "rss_messages" + # + # map.resources :messages, :member => { :mark => :post } + # # --> POST /messages/1/mark (maps to the #mark action) + # # also adds a named route called "mark_message" + # + # map.resources :messages, :new => { :preview => :post } + # # --> POST /messages/new/preview (maps to the #preview action) + # # also adds a named route called "preview_new_message" + # + # map.resources :messages, :new => { :new => :any, :preview => :post } + # # --> POST /messages/new/preview (maps to the #preview action) + # # also adds a named route called "preview_new_message" + # # --> /messages/new can be invoked via any request method + # + # map.resources :messages, :controller => "categories", + # :path_prefix => "/category/:category_id", + # :name_prefix => "category_" + # # --> GET /categories/7/messages/1 + # # has named route "category_message" + # + # The +resources+ method sets HTTP method restrictions on the routes it generates. For example, making an + # HTTP POST on new_message_url will raise a RoutingError exception. The default route in + # config/routes.rb overrides this and allows invalid HTTP methods for \resource routes. + def resources(*entities, &block) + options = entities.extract_options! + entities.each { |entity| map_resource(entity, options.dup, &block) } + end + + # Creates named routes for implementing verb-oriented controllers for a singleton \resource. + # A singleton \resource is global to its current context. For unnested singleton \resources, + # the \resource is global to the current user visiting the application, such as a user's + # /account profile. For nested singleton \resources, the \resource is global to its parent + # \resource, such as a projects \resource that has_one :project_manager. + # The project_manager should be mapped as a singleton \resource under projects: + # + # map.resources :projects do |project| + # project.resource :project_manager + # end + # + # See +resources+ for general conventions. These are the main differences: + # * A singular name is given to map.resource. The default controller name is still taken from the plural name. + # * To specify a custom plural name, use the :plural option. There is no :singular option. + # * No default index route is created for the singleton \resource controller. + # * When nesting singleton \resources, only the singular name is used as the path prefix (example: 'account/messages/1') + # + # For example: + # + # map.resource :account + # + # maps these actions in the Accounts controller: + # + # class AccountsController < ActionController::Base + # # GET new_account_url + # def new + # # return an HTML form for describing the new account + # end + # + # # POST account_url + # def create + # # create an account + # end + # + # # GET account_url + # def show + # # find and return the account + # end + # + # # GET edit_account_url + # def edit + # # return an HTML form for editing the account + # end + # + # # PUT account_url + # def update + # # find and update the account + # end + # + # # DELETE account_url + # def destroy + # # delete the account + # end + # end + # + # Along with the routes themselves, +resource+ generates named routes for + # use in controllers and views. map.resource :account produces + # these named routes and helpers: + # + # Named Route Helpers + # ============ ============================================= + # account account_url, hash_for_account_url, + # account_path, hash_for_account_path + # + # new_account new_account_url, hash_for_new_account_url, + # new_account_path, hash_for_new_account_path + # + # edit_account edit_account_url, hash_for_edit_account_url, + # edit_account_path, hash_for_edit_account_path + def resource(*entities, &block) + options = entities.extract_options! + entities.each { |entity| map_singleton_resource(entity, options.dup, &block) } + end + + private + def map_resource(entities, options = {}, &block) + resource = Resource.new(entities, options) + + with_options :controller => resource.controller do |map| + map_collection_actions(map, resource) + map_default_collection_actions(map, resource) + map_new_actions(map, resource) + map_member_actions(map, resource) + + map_associations(resource, options) + + if block_given? + with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) + end + end + end + + def map_singleton_resource(entities, options = {}, &block) + resource = SingletonResource.new(entities, options) + + with_options :controller => resource.controller do |map| + map_collection_actions(map, resource) + map_new_actions(map, resource) + map_member_actions(map, resource) + map_default_singleton_actions(map, resource) + + map_associations(resource, options) + + if block_given? + with_options(options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix), &block) + end + end + end + + def map_associations(resource, options) + map_has_many_associations(resource, options.delete(:has_many), options) if options[:has_many] + + path_prefix = "#{options.delete(:path_prefix)}#{resource.nesting_path_prefix}" + name_prefix = "#{options.delete(:name_prefix)}#{resource.nesting_name_prefix}" + + Array(options[:has_one]).each do |association| + resource(association, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => path_prefix, :name_prefix => name_prefix)) + end + end + + def map_has_many_associations(resource, associations, options) + case associations + when Hash + associations.each do |association,has_many| + map_has_many_associations(resource, association, options.merge(:has_many => has_many)) + end + when Array + associations.each do |association| + map_has_many_associations(resource, association, options) + end + when Symbol, String + resources(associations, options.slice(*INHERITABLE_OPTIONS).merge(:path_prefix => resource.nesting_path_prefix, :name_prefix => resource.nesting_name_prefix, :has_many => options[:has_many])) + else + end + end + + def map_collection_actions(map, resource) + resource.collection_methods.each do |method, actions| + actions.each do |action| + [method].flatten.each do |m| + map_resource_routes(map, resource, action, "#{resource.path}#{resource.action_separator}#{action}", "#{action}_#{resource.name_prefix}#{resource.plural}", m) + end + end + end + end + + def map_default_collection_actions(map, resource) + index_route_name = "#{resource.name_prefix}#{resource.plural}" + + if resource.uncountable? + index_route_name << "_index" + end + + map_resource_routes(map, resource, :index, resource.path, index_route_name) + map_resource_routes(map, resource, :create, resource.path, index_route_name) + end + + def map_default_singleton_actions(map, resource) + map_resource_routes(map, resource, :create, resource.path, "#{resource.shallow_name_prefix}#{resource.singular}") + end + + def map_new_actions(map, resource) + resource.new_methods.each do |method, actions| + actions.each do |action| + route_path = resource.new_path + route_name = "new_#{resource.name_prefix}#{resource.singular}" + + unless action == :new + route_path = "#{route_path}#{resource.action_separator}#{action}" + route_name = "#{action}_#{route_name}" + end + + map_resource_routes(map, resource, action, route_path, route_name, method) + end + end + end + + def map_member_actions(map, resource) + resource.member_methods.each do |method, actions| + actions.each do |action| + [method].flatten.each do |m| + action_path = resource.options[:path_names][action] if resource.options[:path_names].is_a?(Hash) + action_path ||= Base.resources_path_names[action] || action + + map_resource_routes(map, resource, action, "#{resource.member_path}#{resource.action_separator}#{action_path}", "#{action}_#{resource.shallow_name_prefix}#{resource.singular}", m) + end + end + end + + route_path = "#{resource.shallow_name_prefix}#{resource.singular}" + map_resource_routes(map, resource, :show, resource.member_path, route_path) + map_resource_routes(map, resource, :update, resource.member_path, route_path) + map_resource_routes(map, resource, :destroy, resource.member_path, route_path) + end + + def map_resource_routes(map, resource, action, route_path, route_name = nil, method = nil) + if resource.has_action?(action) + action_options = action_options_for(action, resource, method) + formatted_route_path = "#{route_path}.:format" + + if route_name && @set.named_routes[route_name.to_sym].nil? + map.named_route(route_name, formatted_route_path, action_options) + else + map.connect(formatted_route_path, action_options) + end + end + end + + def add_conditions_for(conditions, method) + returning({:conditions => conditions.dup}) do |options| + options[:conditions][:method] = method unless method == :any + end + end + + def action_options_for(action, resource, method = nil) + default_options = { :action => action.to_s } + require_id = !resource.kind_of?(SingletonResource) + + case default_options[:action] + when "index", "new"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements) + when "create"; default_options.merge(add_conditions_for(resource.conditions, method || :post)).merge(resource.requirements) + when "show", "edit"; default_options.merge(add_conditions_for(resource.conditions, method || :get)).merge(resource.requirements(require_id)) + when "update"; default_options.merge(add_conditions_for(resource.conditions, method || :put)).merge(resource.requirements(require_id)) + when "destroy"; default_options.merge(add_conditions_for(resource.conditions, method || :delete)).merge(resource.requirements(require_id)) + else default_options.merge(add_conditions_for(resource.conditions, method)).merge(resource.requirements) + end + end + end +end diff --git a/actionpack/lib/action_controller/session/management.rb b/actionpack/lib/action_controller/session/management.rb new file mode 100644 index 0000000000..b556f04649 --- /dev/null +++ b/actionpack/lib/action_controller/session/management.rb @@ -0,0 +1,54 @@ +module ActionController #:nodoc: + module SessionManagement #:nodoc: + def self.included(base) + base.class_eval do + extend ClassMethods + end + end + + module ClassMethods + # Set the session store to be used for keeping the session data between requests. + # By default, sessions are stored in browser cookies (:cookie_store), + # but you can also specify one of the other included stores (:active_record_store, + # :mem_cache_store, or your own custom class. + def session_store=(store) + if store == :active_record_store + self.session_store = ActiveRecord::SessionStore + else + @@session_store = store.is_a?(Symbol) ? + Session.const_get(store.to_s.camelize) : + store + end + end + + # Returns the session store class currently used. + def session_store + if defined? @@session_store + @@session_store + else + Session::CookieStore + end + end + + def session=(options = {}) + self.session_store = nil if options.delete(:disabled) + session_options.merge!(options) + end + + # Returns the hash used to configure the session. Example use: + # + # ActionController::Base.session_options[:secure] = true # session only available over HTTPS + def session_options + @session_options ||= {} + end + + def session(*args) + ActiveSupport::Deprecation.warn( + "Disabling sessions for a single controller has been deprecated. " + + "Sessions are now lazy loaded. So if you don't access them, " + + "consider them off. You can still modify the session cookie " + + "options with request.session_options.", caller) + end + end + end +end diff --git a/actionpack/lib/action_controller/session_management.rb b/actionpack/lib/action_controller/session_management.rb deleted file mode 100644 index b556f04649..0000000000 --- a/actionpack/lib/action_controller/session_management.rb +++ /dev/null @@ -1,54 +0,0 @@ -module ActionController #:nodoc: - module SessionManagement #:nodoc: - def self.included(base) - base.class_eval do - extend ClassMethods - end - end - - module ClassMethods - # Set the session store to be used for keeping the session data between requests. - # By default, sessions are stored in browser cookies (:cookie_store), - # but you can also specify one of the other included stores (:active_record_store, - # :mem_cache_store, or your own custom class. - def session_store=(store) - if store == :active_record_store - self.session_store = ActiveRecord::SessionStore - else - @@session_store = store.is_a?(Symbol) ? - Session.const_get(store.to_s.camelize) : - store - end - end - - # Returns the session store class currently used. - def session_store - if defined? @@session_store - @@session_store - else - Session::CookieStore - end - end - - def session=(options = {}) - self.session_store = nil if options.delete(:disabled) - session_options.merge!(options) - end - - # Returns the hash used to configure the session. Example use: - # - # ActionController::Base.session_options[:secure] = true # session only available over HTTPS - def session_options - @session_options ||= {} - end - - def session(*args) - ActiveSupport::Deprecation.warn( - "Disabling sessions for a single controller has been deprecated. " + - "Sessions are now lazy loaded. So if you don't access them, " + - "consider them off. You can still modify the session cookie " + - "options with request.session_options.", caller) - end - end - end -end diff --git a/actionpack/lib/action_controller/status_codes.rb b/actionpack/lib/action_controller/status_codes.rb deleted file mode 100644 index 4977c79491..0000000000 --- a/actionpack/lib/action_controller/status_codes.rb +++ /dev/null @@ -1,88 +0,0 @@ -module ActionController - module StatusCodes #:nodoc: - # Defines the standard HTTP status codes, by integer, with their - # corresponding default message texts. - # Source: http://www.iana.org/assignments/http-status-codes - STATUS_CODES = { - 100 => "Continue", - 101 => "Switching Protocols", - 102 => "Processing", - - 200 => "OK", - 201 => "Created", - 202 => "Accepted", - 203 => "Non-Authoritative Information", - 204 => "No Content", - 205 => "Reset Content", - 206 => "Partial Content", - 207 => "Multi-Status", - 226 => "IM Used", - - 300 => "Multiple Choices", - 301 => "Moved Permanently", - 302 => "Found", - 303 => "See Other", - 304 => "Not Modified", - 305 => "Use Proxy", - 307 => "Temporary Redirect", - - 400 => "Bad Request", - 401 => "Unauthorized", - 402 => "Payment Required", - 403 => "Forbidden", - 404 => "Not Found", - 405 => "Method Not Allowed", - 406 => "Not Acceptable", - 407 => "Proxy Authentication Required", - 408 => "Request Timeout", - 409 => "Conflict", - 410 => "Gone", - 411 => "Length Required", - 412 => "Precondition Failed", - 413 => "Request Entity Too Large", - 414 => "Request-URI Too Long", - 415 => "Unsupported Media Type", - 416 => "Requested Range Not Satisfiable", - 417 => "Expectation Failed", - 422 => "Unprocessable Entity", - 423 => "Locked", - 424 => "Failed Dependency", - 426 => "Upgrade Required", - - 500 => "Internal Server Error", - 501 => "Not Implemented", - 502 => "Bad Gateway", - 503 => "Service Unavailable", - 504 => "Gateway Timeout", - 505 => "HTTP Version Not Supported", - 507 => "Insufficient Storage", - 510 => "Not Extended" - } - - # Provides a symbol-to-fixnum lookup for converting a symbol (like - # :created or :not_implemented) into its corresponding HTTP status - # code (like 200 or 501). - SYMBOL_TO_STATUS_CODE = STATUS_CODES.inject({}) do |hash, (code, message)| - hash[message.gsub(/ /, "").underscore.to_sym] = code - hash - end - - # Given a status parameter, determine whether it needs to be converted - # to a string. If it is a fixnum, use the STATUS_CODES hash to lookup - # the default message. If it is a symbol, use the SYMBOL_TO_STATUS_CODE - # hash to convert it. - def interpret_status(status) - case status - when Fixnum then - "#{status} #{STATUS_CODES[status]}".strip - when Symbol then - interpret_status(SYMBOL_TO_STATUS_CODE[status] || - "500 Unknown Status #{status.inspect}") - else - status.to_s - end - end - private :interpret_status - - end -end \ No newline at end of file diff --git a/actionpack/lib/action_controller/streaming.rb b/actionpack/lib/action_controller/streaming.rb deleted file mode 100644 index e1786913a7..0000000000 --- a/actionpack/lib/action_controller/streaming.rb +++ /dev/null @@ -1,171 +0,0 @@ -module ActionController #:nodoc: - # Methods for sending files and streams to the browser instead of rendering. - module Streaming - DEFAULT_SEND_FILE_OPTIONS = { - :type => 'application/octet-stream'.freeze, - :disposition => 'attachment'.freeze, - :stream => true, - :buffer_size => 4096, - :x_sendfile => false - }.freeze - - X_SENDFILE_HEADER = 'X-Sendfile'.freeze - - protected - # Sends the file, by default streaming it 4096 bytes at a time. This way the - # whole file doesn't need to be read into memory at once. This makes it - # feasible to send even large files. You can optionally turn off streaming - # and send the whole file at once. - # - # Be careful to sanitize the path parameter if it is coming from a web - # page. send_file(params[:path]) allows a malicious user to - # download any file on your server. - # - # Options: - # * :filename - suggests a filename for the browser to use. - # Defaults to File.basename(path). - # * :type - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify - # either a string or a symbol for a registered type register with Mime::Type.register, for example :json - # * :length - used to manually override the length (in bytes) of the content that - # is going to be sent to the client. Defaults to File.size(path). - # * :disposition - specifies whether the file will be shown inline or downloaded. - # Valid values are 'inline' and 'attachment' (default). - # * :stream - whether to send the file to the user agent as it is read (+true+) - # or to read the entire file before sending (+false+). Defaults to +true+. - # * :buffer_size - specifies size (in bytes) of the buffer used to stream the file. - # Defaults to 4096. - # * :status - specifies the status code to send with the response. Defaults to '200 OK'. - # * :url_based_filename - set to +true+ if you want the browser guess the filename from - # the URL, which is necessary for i18n filenames on certain browsers - # (setting :filename overrides this option). - # * :x_sendfile - uses X-Sendfile to send the file when set to +true+. This is currently - # only available with Lighttpd/Apache2 and specific modules installed and activated. Since this - # uses the web server to send the file, this may lower memory consumption on your server and - # it will not block your application for further requests. - # See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile and - # http://tn123.ath.cx/mod_xsendfile/ for details. Defaults to +false+. - # - # The default Content-Type and Content-Disposition headers are - # set to download arbitrary binary files in as many browsers as - # possible. IE versions 4, 5, 5.5, and 6 are all known to have - # a variety of quirks (especially when downloading over SSL). - # - # Simple download: - # - # send_file '/path/to.zip' - # - # Show a JPEG in the browser: - # - # send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline' - # - # Show a 404 page in the browser: - # - # send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404 - # - # Read about the other Content-* HTTP headers if you'd like to - # provide the user with more information (such as Content-Description) in - # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11. - # - # Also be aware that the document may be cached by proxies and browsers. - # The Pragma and Cache-Control headers declare how the file may be cached - # by intermediaries. They default to require clients to validate with - # the server before releasing cached responses. See - # http://www.mnot.net/cache_docs/ for an overview of web caching and - # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9 - # for the Cache-Control header spec. - def send_file(path, options = {}) #:doc: - raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path) - - options[:length] ||= File.size(path) - options[:filename] ||= File.basename(path) unless options[:url_based_filename] - send_file_headers! options - - @performed_render = false - - if options[:x_sendfile] - logger.info "Sending #{X_SENDFILE_HEADER} header #{path}" if logger - head options[:status], X_SENDFILE_HEADER => path - else - if options[:stream] - render :status => options[:status], :text => Proc.new { |response, output| - logger.info "Streaming file #{path}" unless logger.nil? - len = options[:buffer_size] || 4096 - File.open(path, 'rb') do |file| - while buf = file.read(len) - output.write(buf) - end - end - } - else - logger.info "Sending file #{path}" unless logger.nil? - File.open(path, 'rb') { |file| render :status => options[:status], :text => file.read } - end - end - end - - # Send binary data to the user as a file download. May set content type, apparent file name, - # and specify whether to show data inline or download as an attachment. - # - # Options: - # * :filename - suggests a filename for the browser to use. - # * :type - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify - # either a string or a symbol for a registered type register with Mime::Type.register, for example :json - # * :disposition - specifies whether the file will be shown inline or downloaded. - # Valid values are 'inline' and 'attachment' (default). - # * :status - specifies the status code to send with the response. Defaults to '200 OK'. - # - # Generic data download: - # - # send_data buffer - # - # Download a dynamically-generated tarball: - # - # send_data generate_tgz('dir'), :filename => 'dir.tgz' - # - # Display an image Active Record in the browser: - # - # send_data image.data, :type => image.content_type, :disposition => 'inline' - # - # See +send_file+ for more information on HTTP Content-* headers and caching. - def send_data(data, options = {}) #:doc: - logger.info "Sending data #{options[:filename]}" if logger - send_file_headers! options.merge(:length => data.size) - @performed_render = false - render :status => options[:status], :text => data - end - - private - def send_file_headers!(options) - options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options)) - [:length, :type, :disposition].each do |arg| - raise ArgumentError, ":#{arg} option required" if options[arg].nil? - end - - disposition = options[:disposition].dup || 'attachment' - - disposition <<= %(; filename="#{options[:filename]}") if options[:filename] - - content_type = options[:type] - if content_type.is_a?(Symbol) - raise ArgumentError, "Unknown MIME type #{options[:type]}" unless Mime::EXTENSION_LOOKUP.has_key?(content_type.to_s) - content_type = Mime::Type.lookup_by_extension(content_type.to_s) - end - content_type = content_type.to_s.strip # fixes a problem with extra '\r' with some browsers - - headers.update( - 'Content-Length' => options[:length], - 'Content-Type' => content_type, - 'Content-Disposition' => disposition, - 'Content-Transfer-Encoding' => 'binary' - ) - - # Fix a problem with IE 6.0 on opening downloaded files: - # If Cache-Control: no-cache is set (which Rails does by default), - # IE removes the file it just downloaded from its cache immediately - # after it displays the "open/save" dialog, which means that if you - # hit "open" the file isn't there anymore when the application that - # is called for handling the download is run, so let's workaround that - headers['Cache-Control'] = 'private' if headers['Cache-Control'] == 'no-cache' - end - end -end diff --git a/actionpack/lib/action_controller/templates/rescues/_request_and_response.erb b/actionpack/lib/action_controller/templates/rescues/_request_and_response.erb deleted file mode 100644 index 64b34650b1..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/_request_and_response.erb +++ /dev/null @@ -1,24 +0,0 @@ -<% unless @exception.blamed_files.blank? %> - <% if (hide = @exception.blamed_files.length > 8) %> - Show blamed files - <% end %> - 
><%=h @exception.describe_blame %>
-<% end %> - -<% - clean_params = request.parameters.clone - clean_params.delete("action") - clean_params.delete("controller") - - request_dump = clean_params.empty? ? 'None' : clean_params.inspect.gsub(',', ",\n") -%> - -

Request

-

Parameters: 

<%=h request_dump %>

- -

Show session dump

- - - -

Response

-

Headers: 

<%=h response ? response.headers.inspect.gsub(',', ",\n") : 'None' %>

diff --git a/actionpack/lib/action_controller/templates/rescues/_trace.erb b/actionpack/lib/action_controller/templates/rescues/_trace.erb deleted file mode 100644 index bb2d8375bd..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/_trace.erb +++ /dev/null @@ -1,26 +0,0 @@ -<% - traces = [ - ["Application Trace", @exception.application_backtrace], - ["Framework Trace", @exception.framework_backtrace], - ["Full Trace", @exception.clean_backtrace] - ] - names = traces.collect {|name, trace| name} -%> - -

RAILS_ROOT: <%= defined?(RAILS_ROOT) ? RAILS_ROOT : "unset" %>

- -
- <% names.each do |name| %> - <% - show = "document.getElementById('#{name.gsub /\s/, '-'}').style.display='block';" - hide = (names - [name]).collect {|hide_name| "document.getElementById('#{hide_name.gsub /\s/, '-'}').style.display='none';"} - %> - <%= name %> <%= '|' unless names.last == name %> - <% end %> - - <% traces.each do |name, trace| %> -
;"> - 
<%= trace.join "\n" %>
-
- <% end %> -
diff --git a/actionpack/lib/action_controller/templates/rescues/diagnostics.erb b/actionpack/lib/action_controller/templates/rescues/diagnostics.erb deleted file mode 100644 index 95be64511d..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/diagnostics.erb +++ /dev/null @@ -1,10 +0,0 @@ -

- <%=h @exception.class.to_s %> - <% if request.parameters['controller'] %> - in <%=h request.parameters['controller'].humanize %>Controller<% if request.parameters['action'] %>#<%=h request.parameters['action'] %><% end %> - <% end %> -

-
<%=h @exception.clean_message %>
- -<%= @template._render_template(@rescues_path.find_template("rescues/_trace.erb")) %> -<%= @template._render_template(@rescues_path.find_template("rescues/_request_and_response.erb")) %> \ No newline at end of file diff --git a/actionpack/lib/action_controller/templates/rescues/layout.erb b/actionpack/lib/action_controller/templates/rescues/layout.erb deleted file mode 100644 index 4a04742e40..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/layout.erb +++ /dev/null @@ -1,29 +0,0 @@ - - - Action Controller: Exception caught - - - - -<%= @contents %> - - - \ No newline at end of file diff --git a/actionpack/lib/action_controller/templates/rescues/missing_template.erb b/actionpack/lib/action_controller/templates/rescues/missing_template.erb deleted file mode 100644 index dbfdf76947..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/missing_template.erb +++ /dev/null @@ -1,2 +0,0 @@ -

Template is missing

-

<%=h @exception.message %>

diff --git a/actionpack/lib/action_controller/templates/rescues/routing_error.erb b/actionpack/lib/action_controller/templates/rescues/routing_error.erb deleted file mode 100644 index ccfa858cce..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/routing_error.erb +++ /dev/null @@ -1,10 +0,0 @@ -

Routing Error

-

<%=h @exception.message %>

-<% unless @exception.failures.empty? %>

-

Failure reasons:

-
    - <% @exception.failures.each do |route, reason| %> -
  1. <%=h route.inspect.gsub('\\', '') %> failed because <%=h reason.downcase %>
    2. - <% end %> -
-

<% end %> diff --git a/actionpack/lib/action_controller/templates/rescues/template_error.erb b/actionpack/lib/action_controller/templates/rescues/template_error.erb deleted file mode 100644 index 2e34e03bd5..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/template_error.erb +++ /dev/null @@ -1,21 +0,0 @@ -

- <%=h @exception.original_exception.class.to_s %> in - <%=h request.parameters["controller"].capitalize if request.parameters["controller"]%>#<%=h request.parameters["action"] %> -

- -

- Showing <%=h @exception.file_name %> where line #<%=h @exception.line_number %> raised: - 

<%=h @exception.message %>
-

- -

Extracted source (around line #<%=h @exception.line_number %>): -

<%=h @exception.source_extract %>

- -

<%=h @exception.sub_template_message %>

- -<% @real_exception = @exception - @exception = @exception.original_exception || @exception %> -<%= render :file => @rescues_path["rescues/_trace.erb"] %> -<% @exception = @real_exception %> - -<%= render :file => @rescues_path["rescues/_request_and_response.erb"] %> diff --git a/actionpack/lib/action_controller/templates/rescues/unknown_action.erb b/actionpack/lib/action_controller/templates/rescues/unknown_action.erb deleted file mode 100644 index 683379da10..0000000000 --- a/actionpack/lib/action_controller/templates/rescues/unknown_action.erb +++ /dev/null @@ -1,2 +0,0 @@ -

Unknown action

-

<%=h @exception.message %>

diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb deleted file mode 100644 index 0b0d0c799b..0000000000 --- a/actionpack/lib/action_controller/test_case.rb +++ /dev/null @@ -1,199 +0,0 @@ -require 'active_support/test_case' -require 'action_controller/test_process' - -module ActionController - # Superclass for ActionController functional tests. Functional tests allow you to - # test a single controller action per test method. This should not be confused with - # integration tests (see ActionController::IntegrationTest), which are more like - # "stories" that can involve multiple controllers and mutliple actions (i.e. multiple - # different HTTP requests). - # - # == Basic example - # - # Functional tests are written as follows: - # 1. First, one uses the +get+, +post+, +put+, +delete+ or +head+ method to simulate - # an HTTP request. - # 2. Then, one asserts whether the current state is as expected. "State" can be anything: - # the controller's HTTP response, the database contents, etc. - # - # For example: - # - # class BooksControllerTest < ActionController::TestCase - # def test_create - # # Simulate a POST response with the given HTTP parameters. - # post(:create, :book => { :title => "Love Hina" }) - # - # # Assert that the controller tried to redirect us to - # # the created book's URI. - # assert_response :found - # - # # Assert that the controller really put the book in the database. - # assert_not_nil Book.find_by_title("Love Hina") - # end - # end - # - # == Special instance variables - # - # ActionController::TestCase will also automatically provide the following instance - # variables for use in the tests: - # - # @controller:: - # The controller instance that will be tested. - # @request:: - # An ActionController::TestRequest, representing the current HTTP - # request. You can modify this object before sending the HTTP request. For example, - # you might want to set some session properties before sending a GET request. - # @response:: - # An ActionController::TestResponse object, representing the response - # of the last HTTP response. In the above example, @response becomes valid - # after calling +post+. If the various assert methods are not sufficient, then you - # may use this object to inspect the HTTP response in detail. - # - # (Earlier versions of Rails required each functional test to subclass - # Test::Unit::TestCase and define @controller, @request, @response in +setup+.) - # - # == Controller is automatically inferred - # - # ActionController::TestCase will automatically infer the controller under test - # from the test class name. If the controller cannot be inferred from the test - # class name, you can explicity set it with +tests+. - # - # class SpecialEdgeCaseWidgetsControllerTest < ActionController::TestCase - # tests WidgetController - # end - # - # == Testing controller internals - # - # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions - # can be used against. These collections are: - # - # * assigns: Instance variables assigned in the action that are available for the view. - # * session: Objects being saved in the session. - # * flash: The flash objects currently in the session. - # * cookies: Cookies being sent to the user on this request. - # - # These collections can be used just like any other hash: - # - # assert_not_nil assigns(:person) # makes sure that a @person instance variable was set - # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" - # assert flash.empty? # makes sure that there's nothing in the flash - # - # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To - # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing. - # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work. - # - # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. - # - # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another - # action call which can then be asserted against. - # - # == Manipulating the request collections - # - # The collections described above link to the response, so you can test if what the actions were expected to do happened. But - # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions - # and cookies, though. For sessions, you just do: - # - # @request.session[:key] = "value" - # @request.cookies["key"] = "value" - # - # == Testing named routes - # - # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case. - # Example: - # - # assert_redirected_to page_url(:title => 'foo') - class TestCase < ActiveSupport::TestCase - include TestProcess - - module Assertions - %w(response selector tag dom routing model).each do |kind| - include ActionController::Assertions.const_get("#{kind.camelize}Assertions") - end - - def clean_backtrace(&block) - yield - rescue ActiveSupport::TestCase::Assertion => error - framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions")) - error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path } - raise - end - end - include Assertions - - # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline - # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular - # rescue_action process takes place. This means you can test your rescue_action code by setting remote_addr to something else - # than 0.0.0.0. - # - # The exception is stored in the exception accessor for further inspection. - module RaiseActionExceptions - protected - attr_accessor :exception - - def rescue_action_without_handler(e) - self.exception = e - - if request.remote_addr == "0.0.0.0" - raise(e) - else - super(e) - end - end - end - - setup :setup_controller_request_and_response - - @@controller_class = nil - - class << self - # Sets the controller class name. Useful if the name can't be inferred from test class. - # Expects +controller_class+ as a constant. Example: tests WidgetController. - def tests(controller_class) - self.controller_class = controller_class - end - - def controller_class=(new_class) - prepare_controller_class(new_class) if new_class - write_inheritable_attribute(:controller_class, new_class) - end - - def controller_class - if current_controller_class = read_inheritable_attribute(:controller_class) - current_controller_class - else - self.controller_class = determine_default_controller_class(name) - end - end - - def determine_default_controller_class(name) - name.sub(/Test$/, '').constantize - rescue NameError - nil - end - - def prepare_controller_class(new_class) - new_class.send :include, RaiseActionExceptions - end - end - - def setup_controller_request_and_response - @request = TestRequest.new - @response = TestResponse.new - - if klass = self.class.controller_class - @controller ||= klass.new rescue nil - end - - if @controller - @controller.request = @request - @controller.params = {} - @controller.send(:initialize_current_url) - end - end - - # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local - def rescue_action_in_public! - @request.remote_addr = '208.77.188.166' # example.com - end - end -end diff --git a/actionpack/lib/action_controller/test_process.rb b/actionpack/lib/action_controller/test_process.rb deleted file mode 100644 index 22b97fc157..0000000000 --- a/actionpack/lib/action_controller/test_process.rb +++ /dev/null @@ -1,543 +0,0 @@ -module ActionController #:nodoc: - class TestRequest < Request #:nodoc: - attr_accessor :cookies, :session_options - attr_accessor :query_parameters, :path, :session - attr_accessor :host - - def initialize - super(Rack::MockRequest.env_for("/")) - - @query_parameters = {} - @session = TestSession.new - - initialize_default_values - initialize_containers - end - - def reset_session - @session = TestSession.new - end - - # Wraps raw_post in a StringIO. - def body_stream #:nodoc: - StringIO.new(raw_post) - end - - # Either the RAW_POST_DATA environment variable or the URL-encoded request - # parameters. - def raw_post - @env['RAW_POST_DATA'] ||= begin - data = url_encoded_request_parameters - data.force_encoding(Encoding::BINARY) if data.respond_to?(:force_encoding) - data - end - end - - def port=(number) - @env["SERVER_PORT"] = number.to_i - port(true) - end - - def action=(action_name) - @query_parameters.update({ "action" => action_name }) - @parameters = nil - end - - # Used to check AbstractRequest's request_uri functionality. - # Disables the use of @path and @request_uri so superclass can handle those. - def set_REQUEST_URI(value) - @env["REQUEST_URI"] = value - @request_uri = nil - @path = nil - request_uri(true) - path(true) - end - - def request_uri=(uri) - @request_uri = uri - @path = uri.split("?").first - end - - def accept=(mime_types) - @env["HTTP_ACCEPT"] = Array(mime_types).collect { |mime_types| mime_types.to_s }.join(",") - accepts(true) - end - - def if_modified_since=(last_modified) - @env["HTTP_IF_MODIFIED_SINCE"] = last_modified - end - - def if_none_match=(etag) - @env["HTTP_IF_NONE_MATCH"] = etag - end - - def remote_addr=(addr) - @env['REMOTE_ADDR'] = addr - end - - def request_uri(*args) - @request_uri || super - end - - def path(*args) - @path || super - end - - def assign_parameters(controller_path, action, parameters) - parameters = parameters.symbolize_keys.merge(:controller => controller_path, :action => action) - extra_keys = ActionController::Routing::Routes.extra_keys(parameters) - non_path_parameters = get? ? query_parameters : request_parameters - parameters.each do |key, value| - if value.is_a? Fixnum - value = value.to_s - elsif value.is_a? Array - value = ActionController::Routing::PathSegment::Result.new(value) - end - - if extra_keys.include?(key.to_sym) - non_path_parameters[key] = value - else - path_parameters[key.to_s] = value - end - end - raw_post # populate env['RAW_POST_DATA'] - @parameters = nil # reset TestRequest#parameters to use the new path_parameters - end - - def recycle! - self.query_parameters = {} - self.path_parameters = {} - unmemoize_all - end - - def user_agent=(user_agent) - @env['HTTP_USER_AGENT'] = user_agent - end - - private - def initialize_containers - @cookies = {} - end - - def initialize_default_values - @host = "test.host" - @request_uri = "/" - @env['HTTP_USER_AGENT'] = "Rails Testing" - @env['REMOTE_ADDR'] = "0.0.0.0" - @env["SERVER_PORT"] = 80 - @env['REQUEST_METHOD'] = "GET" - end - - def url_encoded_request_parameters - params = self.request_parameters.dup - - %w(controller action only_path).each do |k| - params.delete(k) - params.delete(k.to_sym) - end - - params.to_query - end - end - - # A refactoring of TestResponse to allow the same behavior to be applied - # to the "real" CgiResponse class in integration tests. - module TestResponseBehavior #:nodoc: - # The response code of the request - def response_code - status.to_s[0,3].to_i rescue 0 - end - - # Returns a String to ensure compatibility with Net::HTTPResponse - def code - status.to_s.split(' ')[0] - end - - def message - status.to_s.split(' ',2)[1] - end - - # Was the response successful? - def success? - (200..299).include?(response_code) - end - - # Was the URL not found? - def missing? - response_code == 404 - end - - # Were we redirected? - def redirect? - (300..399).include?(response_code) - end - - # Was there a server-side error? - def error? - (500..599).include?(response_code) - end - - alias_method :server_error?, :error? - - # Was there a client client? - def client_error? - (400..499).include?(response_code) - end - - # Returns the redirection location or nil - def redirect_url - headers['Location'] - end - - # Does the redirect location match this regexp pattern? - def redirect_url_match?( pattern ) - return false if redirect_url.nil? - p = Regexp.new(pattern) if pattern.class == String - p = pattern if pattern.class == Regexp - return false if p.nil? - p.match(redirect_url) != nil - end - - # Returns the template of the file which was used to - # render this response (or nil) - def rendered - template.instance_variable_get(:@_rendered) - end - - # A shortcut to the flash. Returns an empty hash if no session flash exists. - def flash - session['flash'] || {} - end - - # Do we have a flash? - def has_flash? - !flash.empty? - end - - # Do we have a flash that has contents? - def has_flash_with_contents? - !flash.empty? - end - - # Does the specified flash object exist? - def has_flash_object?(name=nil) - !flash[name].nil? - end - - # Does the specified object exist in the session? - def has_session_object?(name=nil) - !session[name].nil? - end - - # A shortcut to the template.assigns - def template_objects - template.assigns || {} - end - - # Does the specified template object exist? - def has_template_object?(name=nil) - !template_objects[name].nil? - end - - # Returns the response cookies, converted to a Hash of (name => value) pairs - # - # assert_equal 'AuthorOfNewPage', r.cookies['author'] - def cookies - cookies = {} - Array(headers['Set-Cookie']).each do |cookie| - key, value = cookie.split(";").first.split("=") - cookies[key] = value - end - cookies - end - - # Returns binary content (downloadable file), converted to a String - def binary_content - raise "Response body is not a Proc: #{body.inspect}" unless body.kind_of?(Proc) - require 'stringio' - - sio = StringIO.new - body.call(self, sio) - - sio.rewind - sio.read - end - end - - # Integration test methods such as ActionController::Integration::Session#get - # and ActionController::Integration::Session#post return objects of class - # TestResponse, which represent the HTTP response results of the requested - # controller actions. - # - # See Response for more information on controller response objects. - class TestResponse < Response - include TestResponseBehavior - - def recycle! - headers.delete('ETag') - headers.delete('Last-Modified') - end - end - - class TestSession #:nodoc: - attr_accessor :session_id - - def initialize(attributes = nil) - @session_id = '' - @attributes = attributes.nil? ? nil : attributes.stringify_keys - @saved_attributes = nil - end - - def data - @attributes ||= @saved_attributes || {} - end - - def [](key) - data[key.to_s] - end - - def []=(key, value) - data[key.to_s] = value - end - - def update - @saved_attributes = @attributes - end - - def delete - @attributes = nil - end - - def close - update - delete - end - end - - # Essentially generates a modified Tempfile object similar to the object - # you'd get from the standard library CGI module in a multipart - # request. This means you can use an ActionController::TestUploadedFile - # object in the params of a test request in order to simulate - # a file upload. - # - # Usage example, within a functional test: - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png') - # - # Pass a true third parameter to ensure the uploaded file is opened in binary mode (only required for Windows): - # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) - require 'tempfile' - class TestUploadedFile - # The filename, *not* including the path, of the "uploaded" file - attr_reader :original_filename - - # The content type of the "uploaded" file - attr_accessor :content_type - - def initialize(path, content_type = Mime::TEXT, binary = false) - raise "#{path} file does not exist" unless File.exist?(path) - @content_type = content_type - @original_filename = path.sub(/^.*#{File::SEPARATOR}([^#{File::SEPARATOR}]+)$/) { $1 } - @tempfile = Tempfile.new(@original_filename) - @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding) - @tempfile.binmode if binary - FileUtils.copy_file(path, @tempfile.path) - end - - def path #:nodoc: - @tempfile.path - end - - alias local_path path - - def method_missing(method_name, *args, &block) #:nodoc: - @tempfile.__send__(method_name, *args, &block) - end - end - - module TestProcess - def self.included(base) - # Executes a request simulating GET HTTP method and set/volley the response - def get(action, parameters = nil, session = nil, flash = nil) - process(action, parameters, session, flash, "GET") - end - - # Executes a request simulating POST HTTP method and set/volley the response - def post(action, parameters = nil, session = nil, flash = nil) - process(action, parameters, session, flash, "POST") - end - - # Executes a request simulating PUT HTTP method and set/volley the response - def put(action, parameters = nil, session = nil, flash = nil) - process(action, parameters, session, flash, "PUT") - end - - # Executes a request simulating DELETE HTTP method and set/volley the response - def delete(action, parameters = nil, session = nil, flash = nil) - process(action, parameters, session, flash, "DELETE") - end - - # Executes a request simulating HEAD HTTP method and set/volley the response - def head(action, parameters = nil, session = nil, flash = nil) - process(action, parameters, session, flash, "HEAD") - end - end - - def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET') - # Sanity check for required instance variables so we can give an - # understandable error message. - %w(@controller @request @response).each do |iv_name| - if !(instance_variable_names.include?(iv_name) || instance_variable_names.include?(iv_name.to_sym)) || instance_variable_get(iv_name).nil? - raise "#{iv_name} is nil: make sure you set it in your test's setup method." - end - end - - @request.recycle! - @response.recycle! - - @html_document = nil - @request.env['REQUEST_METHOD'] = http_method - - @request.action = action.to_s - - parameters ||= {} - @request.assign_parameters(@controller.class.controller_path, action.to_s, parameters) - - @request.session = ActionController::TestSession.new(session) unless session.nil? - @request.session["flash"] = ActionController::Flash::FlashHash.new.update(flash) if flash - build_request_uri(action, parameters) - - Base.class_eval { include ProcessWithTest } unless Base < ProcessWithTest - @controller.process_with_test(@request, @response) - end - - def xml_http_request(request_method, action, parameters = nil, session = nil, flash = nil) - @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' - @request.env['HTTP_ACCEPT'] = [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') - returning __send__(request_method, action, parameters, session, flash) do - @request.env.delete 'HTTP_X_REQUESTED_WITH' - @request.env.delete 'HTTP_ACCEPT' - end - end - alias xhr :xml_http_request - - def assigns(key = nil) - if key.nil? - @response.template.assigns - else - @response.template.assigns[key.to_s] - end - end - - def session - @request.session - end - - def flash - @response.flash - end - - def cookies - @response.cookies - end - - def redirect_to_url - @response.redirect_url - end - - def build_request_uri(action, parameters) - unless @request.env['REQUEST_URI'] - options = @controller.__send__(:rewrite_options, parameters) - options.update(:only_path => true, :action => action) - - url = ActionController::UrlRewriter.new(@request, parameters) - @request.set_REQUEST_URI(url.rewrite(options)) - end - end - - def html_document - xml = @response.content_type =~ /xml$/ - @html_document ||= HTML::Document.new(@response.body, false, xml) - end - - def find_tag(conditions) - html_document.find(conditions) - end - - def find_all_tag(conditions) - html_document.find_all(conditions) - end - - def method_missing(selector, *args, &block) - if @controller && ActionController::Routing::Routes.named_routes.helpers.include?(selector) - @controller.send(selector, *args, &block) - else - super - end - end - - # Shortcut for ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + path, type): - # - # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png') - # - # To upload binary files on Windows, pass :binary as the last parameter. - # This will not affect other platforms: - # - # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png', :binary) - def fixture_file_upload(path, mime_type = nil, binary = false) - fixture_path = ActionController::TestCase.send(:fixture_path) if ActionController::TestCase.respond_to?(:fixture_path) - ActionController::TestUploadedFile.new("#{fixture_path}#{path}", mime_type, binary) - end - - # A helper to make it easier to test different route configurations. - # This method temporarily replaces ActionController::Routing::Routes - # with a new RouteSet instance. - # - # The new instance is yielded to the passed block. Typically the block - # will create some routes using map.draw { map.connect ... }: - # - # with_routing do |set| - # set.draw do |map| - # map.connect ':controller/:action/:id' - # assert_equal( - # ['/content/10/show', {}], - # map.generate(:controller => 'content', :id => 10, :action => 'show') - # end - # end - # end - # - def with_routing - real_routes = ActionController::Routing::Routes - ActionController::Routing.module_eval { remove_const :Routes } - - temporary_routes = ActionController::Routing::RouteSet.new - ActionController::Routing.module_eval { const_set :Routes, temporary_routes } - - yield temporary_routes - ensure - if ActionController::Routing.const_defined? :Routes - ActionController::Routing.module_eval { remove_const :Routes } - end - ActionController::Routing.const_set(:Routes, real_routes) if real_routes - end - end - - module ProcessWithTest #:nodoc: - def self.included(base) - base.class_eval { attr_reader :assigns } - end - - def process_with_test(*args) - process(*args).tap { set_test_assigns } - end - - private - def set_test_assigns - @assigns = {} - (instance_variable_names - self.class.protected_instance_variables).each do |var| - name, value = var[1..-1], instance_variable_get(var) - @assigns[name] = value - response.template.assigns[name] = value if response - end - end - end -end diff --git a/actionpack/lib/action_controller/testing/assertions/dom.rb b/actionpack/lib/action_controller/testing/assertions/dom.rb new file mode 100644 index 0000000000..5ffe5f1883 --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/dom.rb @@ -0,0 +1,39 @@ +module ActionController + module Assertions + module DomAssertions + # Test two HTML strings for equivalency (e.g., identical up to reordering of attributes) + # + # ==== Examples + # + # # assert that the referenced method generates the appropriate HTML string + # assert_dom_equal 'Apples', link_to("Apples", "http://www.example.com") + # + def assert_dom_equal(expected, actual, message = "") + clean_backtrace do + expected_dom = HTML::Document.new(expected).root + actual_dom = HTML::Document.new(actual).root + full_message = build_message(message, " expected to be == to\n.", expected_dom.to_s, actual_dom.to_s) + + assert_block(full_message) { expected_dom == actual_dom } + end + end + + # The negated form of +assert_dom_equivalent+. + # + # ==== Examples + # + # # assert that the referenced method does not generate the specified HTML string + # assert_dom_not_equal 'Apples', link_to("Oranges", "http://www.example.com") + # + def assert_dom_not_equal(expected, actual, message = "") + clean_backtrace do + expected_dom = HTML::Document.new(expected).root + actual_dom = HTML::Document.new(actual).root + full_message = build_message(message, " expected to be != to\n.", expected_dom.to_s, actual_dom.to_s) + + assert_block(full_message) { expected_dom != actual_dom } + end + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/assertions/model.rb b/actionpack/lib/action_controller/testing/assertions/model.rb new file mode 100644 index 0000000000..3a7b39b106 --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/model.rb @@ -0,0 +1,21 @@ +module ActionController + module Assertions + module ModelAssertions + # Ensures that the passed record is valid by Active Record standards and + # returns any error messages if it is not. + # + # ==== Examples + # + # # assert that a newly created record is valid + # model = Model.new + # assert_valid(model) + # + def assert_valid(record) + ::ActiveSupport::Deprecation.warn("assert_valid is deprecated. Use assert record.valid? instead", caller) + clean_backtrace do + assert record.valid?, record.errors.full_messages.join("\n") + end + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/assertions/response.rb b/actionpack/lib/action_controller/testing/assertions/response.rb new file mode 100644 index 0000000000..5976090273 --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/response.rb @@ -0,0 +1,150 @@ +module ActionController + module Assertions + # A small suite of assertions that test responses from Rails applications. + module ResponseAssertions + # Asserts that the response is one of the following types: + # + # * :success - Status code was 200 + # * :redirect - Status code was in the 300-399 range + # * :missing - Status code was 404 + # * :error - Status code was in the 500-599 range + # + # You can also pass an explicit status number like assert_response(501) + # or its symbolic equivalent assert_response(:not_implemented). + # See ActionController::StatusCodes for a full list. + # + # ==== Examples + # + # # assert that the response was a redirection + # assert_response :redirect + # + # # assert that the response code was status code 401 (unauthorized) + # assert_response 401 + # + def assert_response(type, message = nil) + clean_backtrace do + if [ :success, :missing, :redirect, :error ].include?(type) && @response.send("#{type}?") + assert_block("") { true } # to count the assertion + elsif type.is_a?(Fixnum) && @response.response_code == type + assert_block("") { true } # to count the assertion + elsif type.is_a?(Symbol) && @response.response_code == ActionController::StatusCodes::SYMBOL_TO_STATUS_CODE[type] + assert_block("") { true } # to count the assertion + else + if @response.error? + exception = @response.template.instance_variable_get(:@exception) + exception_message = exception && exception.message + assert_block(build_message(message, "Expected response to be a , but was \n", type, @response.response_code, exception_message.to_s)) { false } + else + assert_block(build_message(message, "Expected response to be a , but was ", type, @response.response_code)) { false } + end + end + end + end + + # Assert that the redirection options passed in match those of the redirect called in the latest action. + # This match can be partial, such that assert_redirected_to(:controller => "weblog") will also + # match the redirection of redirect_to(:controller => "weblog", :action => "show") and so on. + # + # ==== Examples + # + # # assert that the redirection was to the "index" action on the WeblogController + # assert_redirected_to :controller => "weblog", :action => "index" + # + # # assert that the redirection was to the named route login_url + # assert_redirected_to login_url + # + # # assert that the redirection was to the url for @customer + # assert_redirected_to @customer + # + def assert_redirected_to(options = {}, message=nil) + clean_backtrace do + assert_response(:redirect, message) + return true if options == @response.redirected_to + + # Support partial arguments for hash redirections + if options.is_a?(Hash) && @response.redirected_to.is_a?(Hash) + return true if options.all? {|(key, value)| @response.redirected_to[key] == value} + end + + redirected_to_after_normalisation = normalize_argument_to_redirection(@response.redirected_to) + options_after_normalisation = normalize_argument_to_redirection(options) + + if redirected_to_after_normalisation != options_after_normalisation + flunk "Expected response to be a redirect to <#{options_after_normalisation}> but was a redirect to <#{redirected_to_after_normalisation}>" + end + end + end + + # Asserts that the request was rendered with the appropriate template file or partials + # + # ==== Examples + # + # # assert that the "new" view template was rendered + # assert_template "new" + # + # # assert that the "_customer" partial was rendered twice + # assert_template :partial => '_customer', :count => 2 + # + # # assert that no partials were rendered + # assert_template :partial => false + # + def assert_template(options = {}, message = nil) + clean_backtrace do + case options + when NilClass, String + rendered = @response.rendered[:template].to_s + msg = build_message(message, + "expecting but rendering with ", + options, rendered) + assert_block(msg) do + if options.nil? + @response.rendered[:template].blank? + else + rendered.to_s.match(options) + end + end + when Hash + if expected_partial = options[:partial] + partials = @response.rendered[:partials] + if expected_count = options[:count] + found = partials.detect { |p, _| p.to_s.match(expected_partial) } + actual_count = found.nil? ? 0 : found.second + msg = build_message(message, + "expecting ? to be rendered ? time(s) but rendered ? time(s)", + expected_partial, expected_count, actual_count) + assert(actual_count == expected_count.to_i, msg) + else + msg = build_message(message, + "expecting partial but action rendered ", + options[:partial], partials.keys) + assert(partials.keys.any? { |p| p.to_s.match(expected_partial) }, msg) + end + else + assert @response.rendered[:partials].empty?, + "Expected no partials to be rendered" + end + end + end + end + + private + # Proxy to to_param if the object will respond to it. + def parameterize(value) + value.respond_to?(:to_param) ? value.to_param : value + end + + def normalize_argument_to_redirection(fragment) + after_routing = @controller.url_for(fragment) + if after_routing =~ %r{^\w+://.*} + after_routing + else + # FIXME - this should probably get removed. + if after_routing.first != '/' + after_routing = '/' + after_routing + end + @request.protocol + @request.host_with_port + after_routing + end + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/assertions/routing.rb b/actionpack/lib/action_controller/testing/assertions/routing.rb new file mode 100644 index 0000000000..5101751cea --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/routing.rb @@ -0,0 +1,146 @@ +module ActionController + module Assertions + # Suite of assertions to test routes generated by Rails and the handling of requests made to them. + module RoutingAssertions + # Asserts that the routing of the given +path+ was handled correctly and that the parsed options (given in the +expected_options+ hash) + # match +path+. Basically, it asserts that Rails recognizes the route given by +expected_options+. + # + # Pass a hash in the second argument (+path+) to specify the request method. This is useful for routes + # requiring a specific HTTP method. The hash should contain a :path with the incoming request path + # and a :method containing the required HTTP verb. + # + # # assert that POSTing to /items will call the create action on ItemsController + # assert_recognizes {:controller => 'items', :action => 'create'}, {:path => 'items', :method => :post} + # + # You can also pass in +extras+ with a hash containing URL parameters that would normally be in the query string. This can be used + # to assert that values in the query string string will end up in the params hash correctly. To test query strings you must use the + # extras argument, appending the query string on the path directly will not work. For example: + # + # # assert that a path of '/items/list/1?view=print' returns the correct options + # assert_recognizes {:controller => 'items', :action => 'list', :id => '1', :view => 'print'}, 'items/list/1', { :view => "print" } + # + # The +message+ parameter allows you to pass in an error message that is displayed upon failure. + # + # ==== Examples + # # Check the default route (i.e., the index action) + # assert_recognizes {:controller => 'items', :action => 'index'}, 'items' + # + # # Test a specific action + # assert_recognizes {:controller => 'items', :action => 'list'}, 'items/list' + # + # # Test an action with a parameter + # assert_recognizes {:controller => 'items', :action => 'destroy', :id => '1'}, 'items/destroy/1' + # + # # Test a custom route + # assert_recognizes {:controller => 'items', :action => 'show', :id => '1'}, 'view/item1' + # + # # Check a Simply RESTful generated route + # assert_recognizes list_items_url, 'items/list' + def assert_recognizes(expected_options, path, extras={}, message=nil) + if path.is_a? Hash + request_method = path[:method] + path = path[:path] + else + request_method = nil + end + + clean_backtrace do + ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? + request = recognized_request_for(path, request_method) + + expected_options = expected_options.clone + extras.each_key { |key| expected_options.delete key } unless extras.nil? + + expected_options.stringify_keys! + routing_diff = expected_options.diff(request.path_parameters) + msg = build_message(message, "The recognized options did not match , difference: ", + request.path_parameters, expected_options, expected_options.diff(request.path_parameters)) + assert_block(msg) { request.path_parameters == expected_options } + end + end + + # Asserts that the provided options can be used to generate the provided path. This is the inverse of +assert_recognizes+. + # The +extras+ parameter is used to tell the request the names and values of additional request parameters that would be in + # a query string. The +message+ parameter allows you to specify a custom error message for assertion failures. + # + # The +defaults+ parameter is unused. + # + # ==== Examples + # # Asserts that the default action is generated for a route with no action + # assert_generates "/items", :controller => "items", :action => "index" + # + # # Tests that the list action is properly routed + # assert_generates "/items/list", :controller => "items", :action => "list" + # + # # Tests the generation of a route with a parameter + # assert_generates "/items/list/1", { :controller => "items", :action => "list", :id => "1" } + # + # # Asserts that the generated route gives us our custom route + # assert_generates "changesets/12", { :controller => 'scm', :action => 'show_diff', :revision => "12" } + def assert_generates(expected_path, options, defaults={}, extras = {}, message=nil) + clean_backtrace do + expected_path = "/#{expected_path}" unless expected_path[0] == ?/ + # Load routes.rb if it hasn't been loaded. + ActionController::Routing::Routes.reload if ActionController::Routing::Routes.empty? + + generated_path, extra_keys = ActionController::Routing::Routes.generate_extras(options, defaults) + found_extras = options.reject {|k, v| ! extra_keys.include? k} + + msg = build_message(message, "found extras , not ", found_extras, extras) + assert_block(msg) { found_extras == extras } + + msg = build_message(message, "The generated path did not match ", generated_path, + expected_path) + assert_block(msg) { expected_path == generated_path } + end + end + + # Asserts that path and options match both ways; in other words, it verifies that path generates + # options and then that options generates path. This essentially combines +assert_recognizes+ + # and +assert_generates+ into one step. + # + # The +extras+ hash allows you to specify options that would normally be provided as a query string to the action. The + # +message+ parameter allows you to specify a custom error message to display upon failure. + # + # ==== Examples + # # Assert a basic route: a controller with the default action (index) + # assert_routing '/home', :controller => 'home', :action => 'index' + # + # # Test a route generated with a specific controller, action, and parameter (id) + # assert_routing '/entries/show/23', :controller => 'entries', :action => 'show', id => 23 + # + # # Assert a basic route (controller + default action), with an error message if it fails + # assert_routing '/store', { :controller => 'store', :action => 'index' }, {}, {}, 'Route for store index not generated properly' + # + # # Tests a route, providing a defaults hash + # assert_routing 'controller/action/9', {:id => "9", :item => "square"}, {:controller => "controller", :action => "action"}, {}, {:item => "square"} + # + # # Tests a route with a HTTP method + # assert_routing { :method => 'put', :path => '/product/321' }, { :controller => "product", :action => "update", :id => "321" } + def assert_routing(path, options, defaults={}, extras={}, message=nil) + assert_recognizes(options, path, extras, message) + + controller, default_controller = options[:controller], defaults[:controller] + if controller && controller.include?(?/) && default_controller && default_controller.include?(?/) + options[:controller] = "/#{controller}" + end + + assert_generates(path.is_a?(Hash) ? path[:path] : path, options, defaults, extras, message) + end + + private + # Recognizes the route for a given path. + def recognized_request_for(path, request_method = nil) + path = "/#{path}" unless path.first == '/' + + # Assume given controller + request = ActionController::TestRequest.new + request.env["REQUEST_METHOD"] = request_method.to_s.upcase if request_method + request.path = path + + ActionController::Routing::Routes.recognize(request) + request + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/assertions/selector.rb b/actionpack/lib/action_controller/testing/assertions/selector.rb new file mode 100644 index 0000000000..0d56ea5ef7 --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/selector.rb @@ -0,0 +1,632 @@ +#-- +# Copyright (c) 2006 Assaf Arkin (http://labnotes.org) +# Under MIT and/or CC By license. +#++ + +module ActionController + module Assertions + unless const_defined?(:NO_STRIP) + NO_STRIP = %w{pre script style textarea} + end + + # Adds the +assert_select+ method for use in Rails functional + # test cases, which can be used to make assertions on the response HTML of a controller + # action. You can also call +assert_select+ within another +assert_select+ to + # make assertions on elements selected by the enclosing assertion. + # + # Use +css_select+ to select elements without making an assertions, either + # from the response HTML or elements selected by the enclosing assertion. + # + # In addition to HTML responses, you can make the following assertions: + # * +assert_select_rjs+ - Assertions on HTML content of RJS update and insertion operations. + # * +assert_select_encoded+ - Assertions on HTML encoded inside XML, for example for dealing with feed item descriptions. + # * +assert_select_email+ - Assertions on the HTML body of an e-mail. + # + # Also see HTML::Selector to learn how to use selectors. + module SelectorAssertions + # :call-seq: + # css_select(selector) => array + # css_select(element, selector) => array + # + # Select and return all matching elements. + # + # If called with a single argument, uses that argument as a selector + # to match all elements of the current page. Returns an empty array + # if no match is found. + # + # If called with two arguments, uses the first argument as the base + # element and the second argument as the selector. Attempts to match the + # base element and any of its children. Returns an empty array if no + # match is found. + # + # The selector may be a CSS selector expression (String), an expression + # with substitution values (Array) or an HTML::Selector object. + # + # ==== Examples + # # Selects all div tags + # divs = css_select("div") + # + # # Selects all paragraph tags and does something interesting + # pars = css_select("p") + # pars.each do |par| + # # Do something fun with paragraphs here... + # end + # + # # Selects all list items in unordered lists + # items = css_select("ul>li") + # + # # Selects all form tags and then all inputs inside the form + # forms = css_select("form") + # forms.each do |form| + # inputs = css_select(form, "input") + # ... + # end + # + def css_select(*args) + # See assert_select to understand what's going on here. + arg = args.shift + + if arg.is_a?(HTML::Node) + root = arg + arg = args.shift + elsif arg == nil + raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" + elsif @selected + matches = [] + + @selected.each do |selected| + subset = css_select(selected, HTML::Selector.new(arg.dup, args.dup)) + subset.each do |match| + matches << match unless matches.any? { |m| m.equal?(match) } + end + end + + return matches + else + root = response_from_page_or_rjs + end + + case arg + when String + selector = HTML::Selector.new(arg, args) + when Array + selector = HTML::Selector.new(*arg) + when HTML::Selector + selector = arg + else raise ArgumentError, "Expecting a selector as the first argument" + end + + selector.select(root) + end + + # :call-seq: + # assert_select(selector, equality?, message?) + # assert_select(element, selector, equality?, message?) + # + # An assertion that selects elements and makes one or more equality tests. + # + # If the first argument is an element, selects all matching elements + # starting from (and including) that element and all its children in + # depth-first order. + # + # If no element if specified, calling +assert_select+ selects from the + # response HTML unless +assert_select+ is called from within an +assert_select+ block. + # + # When called with a block +assert_select+ passes an array of selected elements + # to the block. Calling +assert_select+ from the block, with no element specified, + # runs the assertion on the complete set of elements selected by the enclosing assertion. + # Alternatively the array may be iterated through so that +assert_select+ can be called + # separately for each element. + # + # + # ==== Example + # If the response contains two ordered lists, each with four list elements then: + # assert_select "ol" do |elements| + # elements.each do |element| + # assert_select element, "li", 4 + # end + # end + # + # will pass, as will: + # assert_select "ol" do + # assert_select "li", 8 + # end + # + # The selector may be a CSS selector expression (String), an expression + # with substitution values, or an HTML::Selector object. + # + # === Equality Tests + # + # The equality test may be one of the following: + # * true - Assertion is true if at least one element selected. + # * false - Assertion is true if no element selected. + # * String/Regexp - Assertion is true if the text value of at least + # one element matches the string or regular expression. + # * Integer - Assertion is true if exactly that number of + # elements are selected. + # * Range - Assertion is true if the number of selected + # elements fit the range. + # If no equality test specified, the assertion is true if at least one + # element selected. + # + # To perform more than one equality tests, use a hash with the following keys: + # * :text - Narrow the selection to elements that have this text + # value (string or regexp). + # * :html - Narrow the selection to elements that have this HTML + # content (string or regexp). + # * :count - Assertion is true if the number of selected elements + # is equal to this value. + # * :minimum - Assertion is true if the number of selected + # elements is at least this value. + # * :maximum - Assertion is true if the number of selected + # elements is at most this value. + # + # If the method is called with a block, once all equality tests are + # evaluated the block is called with an array of all matched elements. + # + # ==== Examples + # + # # At least one form element + # assert_select "form" + # + # # Form element includes four input fields + # assert_select "form input", 4 + # + # # Page title is "Welcome" + # assert_select "title", "Welcome" + # + # # Page title is "Welcome" and there is only one title element + # assert_select "title", {:count=>1, :text=>"Welcome"}, + # "Wrong title or more than one title element" + # + # # Page contains no forms + # assert_select "form", false, "This page must contain no forms" + # + # # Test the content and style + # assert_select "body div.header ul.menu" + # + # # Use substitution values + # assert_select "ol>li#?", /item-\d+/ + # + # # All input fields in the form have a name + # assert_select "form input" do + # assert_select "[name=?]", /.+/ # Not empty + # end + def assert_select(*args, &block) + # Start with optional element followed by mandatory selector. + arg = args.shift + + if arg.is_a?(HTML::Node) + # First argument is a node (tag or text, but also HTML root), + # so we know what we're selecting from. + root = arg + arg = args.shift + elsif arg == nil + # This usually happens when passing a node/element that + # happens to be nil. + raise ArgumentError, "First argument is either selector or element to select, but nil found. Perhaps you called assert_select with an element that does not exist?" + elsif @selected + root = HTML::Node.new(nil) + root.children.concat @selected + else + # Otherwise just operate on the response document. + root = response_from_page_or_rjs + end + + # First or second argument is the selector: string and we pass + # all remaining arguments. Array and we pass the argument. Also + # accepts selector itself. + case arg + when String + selector = HTML::Selector.new(arg, args) + when Array + selector = HTML::Selector.new(*arg) + when HTML::Selector + selector = arg + else raise ArgumentError, "Expecting a selector as the first argument" + end + + # Next argument is used for equality tests. + equals = {} + case arg = args.shift + when Hash + equals = arg + when String, Regexp + equals[:text] = arg + when Integer + equals[:count] = arg + when Range + equals[:minimum] = arg.begin + equals[:maximum] = arg.end + when FalseClass + equals[:count] = 0 + when NilClass, TrueClass + equals[:minimum] = 1 + else raise ArgumentError, "I don't understand what you're trying to match" + end + + # By default we're looking for at least one match. + if equals[:count] + equals[:minimum] = equals[:maximum] = equals[:count] + else + equals[:minimum] = 1 unless equals[:minimum] + end + + # Last argument is the message we use if the assertion fails. + message = args.shift + #- message = "No match made with selector #{selector.inspect}" unless message + if args.shift + raise ArgumentError, "Not expecting that last argument, you either have too many arguments, or they're the wrong type" + end + + matches = selector.select(root) + # If text/html, narrow down to those elements that match it. + content_mismatch = nil + if match_with = equals[:text] + matches.delete_if do |match| + text = "" + text.force_encoding(match_with.encoding) if text.respond_to?(:force_encoding) + stack = match.children.reverse + while node = stack.pop + if node.tag? + stack.concat node.children.reverse + else + content = node.content + content.force_encoding(match_with.encoding) if content.respond_to?(:force_encoding) + text << content + end + end + text.strip! unless NO_STRIP.include?(match.name) + unless match_with.is_a?(Regexp) ? (text =~ match_with) : (text == match_with.to_s) + content_mismatch ||= build_message(message, " expected but was\n.", match_with, text) + true + end + end + elsif match_with = equals[:html] + matches.delete_if do |match| + html = match.children.map(&:to_s).join + html.strip! unless NO_STRIP.include?(match.name) + unless match_with.is_a?(Regexp) ? (html =~ match_with) : (html == match_with.to_s) + content_mismatch ||= build_message(message, " expected but was\n.", match_with, html) + true + end + end + end + # Expecting foo found bar element only if found zero, not if + # found one but expecting two. + message ||= content_mismatch if matches.empty? + # Test minimum/maximum occurrence. + min, max = equals[:minimum], equals[:maximum] + message = message || %(Expected #{count_description(min, max)} matching "#{selector.to_s}", found #{matches.size}.) + assert matches.size >= min, message if min + assert matches.size <= max, message if max + + # If a block is given call that block. Set @selected to allow + # nested assert_select, which can be nested several levels deep. + if block_given? && !matches.empty? + begin + in_scope, @selected = @selected, matches + yield matches + ensure + @selected = in_scope + end + end + + # Returns all matches elements. + matches + end + + def count_description(min, max) #:nodoc: + pluralize = lambda {|word, quantity| word << (quantity == 1 ? '' : 's')} + + if min && max && (max != min) + "between #{min} and #{max} elements" + elsif min && !(min == 1 && max == 1) + "at least #{min} #{pluralize['element', min]}" + elsif max + "at most #{max} #{pluralize['element', max]}" + end + end + + # :call-seq: + # assert_select_rjs(id?) { |elements| ... } + # assert_select_rjs(statement, id?) { |elements| ... } + # assert_select_rjs(:insert, position, id?) { |elements| ... } + # + # Selects content from the RJS response. + # + # === Narrowing down + # + # With no arguments, asserts that one or more elements are updated or + # inserted by RJS statements. + # + # Use the +id+ argument to narrow down the assertion to only statements + # that update or insert an element with that identifier. + # + # Use the first argument to narrow down assertions to only statements + # of that type. Possible values are :replace, :replace_html, + # :show, :hide, :toggle, :remove and + # :insert_html. + # + # Use the argument :insert followed by an insertion position to narrow + # down the assertion to only statements that insert elements in that + # position. Possible values are :top, :bottom, :before + # and :after. + # + # Using the :remove statement, you will be able to pass a block, but it will + # be ignored as there is no HTML passed for this statement. + # + # === Using blocks + # + # Without a block, +assert_select_rjs+ merely asserts that the response + # contains one or more RJS statements that replace or update content. + # + # With a block, +assert_select_rjs+ also selects all elements used in + # these statements and passes them to the block. Nested assertions are + # supported. + # + # Calling +assert_select_rjs+ with no arguments and using nested asserts + # asserts that the HTML content is returned by one or more RJS statements. + # Using +assert_select+ directly makes the same assertion on the content, + # but without distinguishing whether the content is returned in an HTML + # or JavaScript. + # + # ==== Examples + # + # # Replacing the element foo. + # # page.replace 'foo', ... + # assert_select_rjs :replace, "foo" + # + # # Replacing with the chained RJS proxy. + # # page[:foo].replace ... + # assert_select_rjs :chained_replace, 'foo' + # + # # Inserting into the element bar, top position. + # assert_select_rjs :insert, :top, "bar" + # + # # Remove the element bar + # assert_select_rjs :remove, "bar" + # + # # Changing the element foo, with an image. + # assert_select_rjs "foo" do + # assert_select "img[src=/images/logo.gif"" + # end + # + # # RJS inserts or updates a list with four items. + # assert_select_rjs do + # assert_select "ol>li", 4 + # end + # + # # The same, but shorter. + # assert_select "ol>li", 4 + def assert_select_rjs(*args, &block) + rjs_type = args.first.is_a?(Symbol) ? args.shift : nil + id = args.first.is_a?(String) ? args.shift : nil + + # If the first argument is a symbol, it's the type of RJS statement we're looking + # for (update, replace, insertion, etc). Otherwise, we're looking for just about + # any RJS statement. + if rjs_type + if rjs_type == :insert + position = args.shift + id = args.shift + insertion = "insert_#{position}".to_sym + raise ArgumentError, "Unknown RJS insertion type #{position}" unless RJS_STATEMENTS[insertion] + statement = "(#{RJS_STATEMENTS[insertion]})" + else + raise ArgumentError, "Unknown RJS statement type #{rjs_type}" unless RJS_STATEMENTS[rjs_type] + statement = "(#{RJS_STATEMENTS[rjs_type]})" + end + else + statement = "#{RJS_STATEMENTS[:any]}" + end + + # Next argument we're looking for is the element identifier. If missing, we pick + # any element, otherwise we replace it in the statement. + pattern = Regexp.new( + id ? statement.gsub(RJS_ANY_ID, "\"#{id}\"") : statement + ) + + # Duplicate the body since the next step involves destroying it. + matches = nil + case rjs_type + when :remove, :show, :hide, :toggle + matches = @response.body.match(pattern) + else + @response.body.gsub(pattern) do |match| + html = unescape_rjs(match) + matches ||= [] + matches.concat HTML::Document.new(html).root.children.select { |n| n.tag? } + "" + end + end + + if matches + assert_block("") { true } # to count the assertion + if block_given? && !([:remove, :show, :hide, :toggle].include? rjs_type) + begin + in_scope, @selected = @selected, matches + yield matches + ensure + @selected = in_scope + end + end + matches + else + # RJS statement not found. + case rjs_type + when :remove, :show, :hide, :toggle + flunk_message = "No RJS statement that #{rjs_type.to_s}s '#{id}' was rendered." + else + flunk_message = "No RJS statement that replaces or inserts HTML content." + end + flunk args.shift || flunk_message + end + end + + # :call-seq: + # assert_select_encoded(element?) { |elements| ... } + # + # Extracts the content of an element, treats it as encoded HTML and runs + # nested assertion on it. + # + # You typically call this method within another assertion to operate on + # all currently selected elements. You can also pass an element or array + # of elements. + # + # The content of each element is un-encoded, and wrapped in the root + # element +encoded+. It then calls the block with all un-encoded elements. + # + # ==== Examples + # # Selects all bold tags from within the title of an ATOM feed's entries (perhaps to nab a section name prefix) + # assert_select_feed :atom, 1.0 do + # # Select each entry item and then the title item + # assert_select "entry>title" do + # # Run assertions on the encoded title elements + # assert_select_encoded do + # assert_select "b" + # end + # end + # end + # + # + # # Selects all paragraph tags from within the description of an RSS feed + # assert_select_feed :rss, 2.0 do + # # Select description element of each feed item. + # assert_select "channel>item>description" do + # # Run assertions on the encoded elements. + # assert_select_encoded do + # assert_select "p" + # end + # end + # end + def assert_select_encoded(element = nil, &block) + case element + when Array + elements = element + when HTML::Node + elements = [element] + when nil + unless elements = @selected + raise ArgumentError, "First argument is optional, but must be called from a nested assert_select" + end + else + raise ArgumentError, "Argument is optional, and may be node or array of nodes" + end + + fix_content = lambda do |node| + # Gets around a bug in the Rails 1.1 HTML parser. + node.content.gsub(/)?/m) { CGI.escapeHTML($1) } + end + + selected = elements.map do |element| + text = element.children.select{ |c| not c.tag? }.map{ |c| fix_content[c] }.join + root = HTML::Document.new(CGI.unescapeHTML("#{text}")).root + css_select(root, "encoded:root", &block)[0] + end + + begin + old_selected, @selected = @selected, selected + assert_select ":root", &block + ensure + @selected = old_selected + end + end + + # :call-seq: + # assert_select_email { } + # + # Extracts the body of an email and runs nested assertions on it. + # + # You must enable deliveries for this assertion to work, use: + # ActionMailer::Base.perform_deliveries = true + # + # ==== Examples + # + # assert_select_email do + # assert_select "h1", "Email alert" + # end + # + # assert_select_email do + # items = assert_select "ol>li" + # items.each do + # # Work with items here... + # end + # end + # + def assert_select_email(&block) + deliveries = ActionMailer::Base.deliveries + assert !deliveries.empty?, "No e-mail in delivery list" + + for delivery in deliveries + for part in delivery.parts + if part["Content-Type"].to_s =~ /^text\/html\W/ + root = HTML::Document.new(part.body).root + assert_select root, ":root", &block + end + end + end + end + + protected + unless const_defined?(:RJS_STATEMENTS) + RJS_PATTERN_HTML = "\"((\\\\\"|[^\"])*)\"" + RJS_ANY_ID = "\"([^\"])*\"" + RJS_STATEMENTS = { + :chained_replace => "\\$\\(#{RJS_ANY_ID}\\)\\.replace\\(#{RJS_PATTERN_HTML}\\)", + :chained_replace_html => "\\$\\(#{RJS_ANY_ID}\\)\\.update\\(#{RJS_PATTERN_HTML}\\)", + :replace_html => "Element\\.update\\(#{RJS_ANY_ID}, #{RJS_PATTERN_HTML}\\)", + :replace => "Element\\.replace\\(#{RJS_ANY_ID}, #{RJS_PATTERN_HTML}\\)" + } + [:remove, :show, :hide, :toggle].each do |action| + RJS_STATEMENTS[action] = "Element\\.#{action}\\(#{RJS_ANY_ID}\\)" + end + RJS_INSERTIONS = ["top", "bottom", "before", "after"] + RJS_INSERTIONS.each do |insertion| + RJS_STATEMENTS["insert_#{insertion}".to_sym] = "Element.insert\\(#{RJS_ANY_ID}, \\{ #{insertion}: #{RJS_PATTERN_HTML} \\}\\)" + end + RJS_STATEMENTS[:insert_html] = "Element.insert\\(#{RJS_ANY_ID}, \\{ (#{RJS_INSERTIONS.join('|')}): #{RJS_PATTERN_HTML} \\}\\)" + RJS_STATEMENTS[:any] = Regexp.new("(#{RJS_STATEMENTS.values.join('|')})") + RJS_PATTERN_UNICODE_ESCAPED_CHAR = /\\u([0-9a-zA-Z]{4})/ + end + + # +assert_select+ and +css_select+ call this to obtain the content in the HTML + # page, or from all the RJS statements, depending on the type of response. + def response_from_page_or_rjs() + content_type = @response.content_type + + if content_type && Mime::JS =~ content_type + body = @response.body.dup + root = HTML::Node.new(nil) + + while true + next if body.sub!(RJS_STATEMENTS[:any]) do |match| + html = unescape_rjs(match) + matches = HTML::Document.new(html).root.children.select { |n| n.tag? } + root.children.concat matches + "" + end + break + end + + root + else + html_document.root + end + end + + # Unescapes a RJS string. + def unescape_rjs(rjs_string) + # RJS encodes double quotes and line breaks. + unescaped= rjs_string.gsub('\"', '"') + unescaped.gsub!(/\\\//, '/') + unescaped.gsub!('\n', "\n") + unescaped.gsub!('\076', '>') + unescaped.gsub!('\074', '<') + # RJS encodes non-ascii characters. + unescaped.gsub!(RJS_PATTERN_UNICODE_ESCAPED_CHAR) {|u| [$1.hex].pack('U*')} + unescaped + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/assertions/tag.rb b/actionpack/lib/action_controller/testing/assertions/tag.rb new file mode 100644 index 0000000000..80249e0e83 --- /dev/null +++ b/actionpack/lib/action_controller/testing/assertions/tag.rb @@ -0,0 +1,127 @@ +module ActionController + module Assertions + # Pair of assertions to testing elements in the HTML output of the response. + module TagAssertions + # Asserts that there is a tag/node/element in the body of the response + # that meets all of the given conditions. The +conditions+ parameter must + # be a hash of any of the following keys (all are optional): + # + # * :tag: the node type must match the corresponding value + # * :attributes: a hash. The node's attributes must match the + # corresponding values in the hash. + # * :parent: a hash. The node's parent must match the + # corresponding hash. + # * :child: a hash. At least one of the node's immediate children + # must meet the criteria described by the hash. + # * :ancestor: a hash. At least one of the node's ancestors must + # meet the criteria described by the hash. + # * :descendant: a hash. At least one of the node's descendants + # must meet the criteria described by the hash. + # * :sibling: a hash. At least one of the node's siblings must + # meet the criteria described by the hash. + # * :after: a hash. The node must be after any sibling meeting + # the criteria described by the hash, and at least one sibling must match. + # * :before: a hash. The node must be before any sibling meeting + # the criteria described by the hash, and at least one sibling must match. + # * :children: a hash, for counting children of a node. Accepts + # the keys: + # * :count: either a number or a range which must equal (or + # include) the number of children that match. + # * :less_than: the number of matching children must be less + # than this number. + # * :greater_than: the number of matching children must be + # greater than this number. + # * :only: another hash consisting of the keys to use + # to match on the children, and only matching children will be + # counted. + # * :content: the textual content of the node must match the + # given value. This will not match HTML tags in the body of a + # tag--only text. + # + # Conditions are matched using the following algorithm: + # + # * if the condition is a string, it must be a substring of the value. + # * if the condition is a regexp, it must match the value. + # * if the condition is a number, the value must match number.to_s. + # * if the condition is +true+, the value must not be +nil+. + # * if the condition is +false+ or +nil+, the value must be +nil+. + # + # === Examples + # + # # Assert that there is a "span" tag + # assert_tag :tag => "span" + # + # # Assert that there is a "span" tag with id="x" + # assert_tag :tag => "span", :attributes => { :id => "x" } + # + # # Assert that there is a "span" tag using the short-hand + # assert_tag :span + # + # # Assert that there is a "span" tag with id="x" using the short-hand + # assert_tag :span, :attributes => { :id => "x" } + # + # # Assert that there is a "span" inside of a "div" + # assert_tag :tag => "span", :parent => { :tag => "div" } + # + # # Assert that there is a "span" somewhere inside a table + # assert_tag :tag => "span", :ancestor => { :tag => "table" } + # + # # Assert that there is a "span" with at least one "em" child + # assert_tag :tag => "span", :child => { :tag => "em" } + # + # # Assert that there is a "span" containing a (possibly nested) + # # "strong" tag. + # assert_tag :tag => "span", :descendant => { :tag => "strong" } + # + # # Assert that there is a "span" containing between 2 and 4 "em" tags + # # as immediate children + # assert_tag :tag => "span", + # :children => { :count => 2..4, :only => { :tag => "em" } } + # + # # Get funky: assert that there is a "div", with an "ul" ancestor + # # and an "li" parent (with "class" = "enum"), and containing a + # # "span" descendant that contains text matching /hello world/ + # assert_tag :tag => "div", + # :ancestor => { :tag => "ul" }, + # :parent => { :tag => "li", + # :attributes => { :class => "enum" } }, + # :descendant => { :tag => "span", + # :child => /hello world/ } + # + # Please note: +assert_tag+ and +assert_no_tag+ only work + # with well-formed XHTML. They recognize a few tags as implicitly self-closing + # (like br and hr and such) but will not work correctly with tags + # that allow optional closing tags (p, li, td). You must explicitly + # close all of your tags to use these assertions. + def assert_tag(*opts) + clean_backtrace do + opts = opts.size > 1 ? opts.last.merge({ :tag => opts.first.to_s }) : opts.first + tag = find_tag(opts) + assert tag, "expected tag, but no tag found matching #{opts.inspect} in:\n#{@response.body.inspect}" + end + end + + # Identical to +assert_tag+, but asserts that a matching tag does _not_ + # exist. (See +assert_tag+ for a full discussion of the syntax.) + # + # === Examples + # # Assert that there is not a "div" containing a "p" + # assert_no_tag :tag => "div", :descendant => { :tag => "p" } + # + # # Assert that an unordered list is empty + # assert_no_tag :tag => "ul", :descendant => { :tag => "li" } + # + # # Assert that there is not a "p" tag with between 1 to 3 "img" tags + # # as immediate children + # assert_no_tag :tag => "p", + # :children => { :count => 1..3, :only => { :tag => "img" } } + def assert_no_tag(*opts) + clean_backtrace do + opts = opts.size > 1 ? opts.last.merge({ :tag => opts.first.to_s }) : opts.first + tag = find_tag(opts) + assert !tag, "expected no tag, but found tag matching #{opts.inspect} in:\n#{@response.body.inspect}" + end + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/integration.rb b/actionpack/lib/action_controller/testing/integration.rb new file mode 100644 index 0000000000..163ba84a3e --- /dev/null +++ b/actionpack/lib/action_controller/testing/integration.rb @@ -0,0 +1,676 @@ +require 'stringio' +require 'uri' +require 'active_support/test_case' + +module ActionController + module Integration #:nodoc: + # An integration Session instance represents a set of requests and responses + # performed sequentially by some virtual user. Becase you can instantiate + # multiple sessions and run them side-by-side, you can also mimic (to some + # limited extent) multiple simultaneous users interacting with your system. + # + # Typically, you will instantiate a new session using + # IntegrationTest#open_session, rather than instantiating + # Integration::Session directly. + class Session + include Test::Unit::Assertions + include ActionController::TestCase::Assertions + include ActionController::TestProcess + + # Rack application to use + attr_accessor :application + + # The integer HTTP status code of the last request. + attr_reader :status + + # The status message that accompanied the status code of the last request. + attr_reader :status_message + + # The URI of the last request. + attr_reader :path + + # The hostname used in the last request. + attr_accessor :host + + # The remote_addr used in the last request. + attr_accessor :remote_addr + + # The Accept header to send. + attr_accessor :accept + + # A map of the cookies returned by the last response, and which will be + # sent with the next request. + attr_reader :cookies + + # A map of the headers returned by the last response. + attr_reader :headers + + # A reference to the controller instance used by the last request. + attr_reader :controller + + # A reference to the request instance used by the last request. + attr_reader :request + + # A reference to the response instance used by the last request. + attr_reader :response + + # A running counter of the number of requests processed. + attr_accessor :request_count + + class MultiPartNeededException < Exception + end + + # Create and initialize a new Session instance. + def initialize(app = nil) + @application = app || ActionController::Dispatcher.new + reset! + end + + # Resets the instance. This can be used to reset the state information + # in an existing session instance, so it can be used from a clean-slate + # condition. + # + # session.reset! + def reset! + @status = @path = @headers = nil + @result = @status_message = nil + @https = false + @cookies = {} + @controller = @request = @response = nil + @request_count = 0 + + self.host = "www.example.com" + self.remote_addr = "127.0.0.1" + self.accept = "text/xml,application/xml,application/xhtml+xml," + + "text/html;q=0.9,text/plain;q=0.8,image/png," + + "*/*;q=0.5" + + unless defined? @named_routes_configured + # install the named routes in this session instance. + klass = class << self; self; end + Routing::Routes.install_helpers(klass) + + # the helpers are made protected by default--we make them public for + # easier access during testing and troubleshooting. + klass.module_eval { public *Routing::Routes.named_routes.helpers } + @named_routes_configured = true + end + end + + # Specify whether or not the session should mimic a secure HTTPS request. + # + # session.https! + # session.https!(false) + def https!(flag = true) + @https = flag + end + + # Return +true+ if the session is mimicking a secure HTTPS request. + # + # if session.https? + # ... + # end + def https? + @https + end + + # Set the host name to use in the next request. + # + # session.host! "www.example.com" + def host!(name) + @host = name + end + + # Follow a single redirect response. If the last response was not a + # redirect, an exception will be raised. Otherwise, the redirect is + # performed on the location header. + def follow_redirect! + raise "not a redirect! #{@status} #{@status_message}" unless redirect? + get(interpret_uri(headers['location'])) + status + end + + # Performs a request using the specified method, following any subsequent + # redirect. Note that the redirects are followed until the response is + # not a redirect--this means you may run into an infinite loop if your + # redirect loops back to itself. + def request_via_redirect(http_method, path, parameters = nil, headers = nil) + send(http_method, path, parameters, headers) + follow_redirect! while redirect? + status + end + + # Performs a GET request, following any subsequent redirect. + # See +request_via_redirect+ for more information. + def get_via_redirect(path, parameters = nil, headers = nil) + request_via_redirect(:get, path, parameters, headers) + end + + # Performs a POST request, following any subsequent redirect. + # See +request_via_redirect+ for more information. + def post_via_redirect(path, parameters = nil, headers = nil) + request_via_redirect(:post, path, parameters, headers) + end + + # Performs a PUT request, following any subsequent redirect. + # See +request_via_redirect+ for more information. + def put_via_redirect(path, parameters = nil, headers = nil) + request_via_redirect(:put, path, parameters, headers) + end + + # Performs a DELETE request, following any subsequent redirect. + # See +request_via_redirect+ for more information. + def delete_via_redirect(path, parameters = nil, headers = nil) + request_via_redirect(:delete, path, parameters, headers) + end + + # Returns +true+ if the last response was a redirect. + def redirect? + status/100 == 3 + end + + # Performs a GET request with the given parameters. + # + # - +path+: The URI (as a String) on which you want to perform a GET + # request. + # - +parameters+: The HTTP parameters that you want to pass. This may + # be +nil+, + # a Hash, or a String that is appropriately encoded + # (application/x-www-form-urlencoded or + # multipart/form-data). + # - +headers+: Additional HTTP headers to pass, as a Hash. The keys will + # automatically be upcased, with the prefix 'HTTP_' added if needed. + # + # This method returns an Response object, which one can use to + # inspect the details of the response. Furthermore, if this method was + # called from an ActionController::IntegrationTest object, then that + # object's @response instance variable will point to the same + # response object. + # + # You can also perform POST, PUT, DELETE, and HEAD requests with +post+, + # +put+, +delete+, and +head+. + def get(path, parameters = nil, headers = nil) + process :get, path, parameters, headers + end + + # Performs a POST request with the given parameters. See get() for more + # details. + def post(path, parameters = nil, headers = nil) + process :post, path, parameters, headers + end + + # Performs a PUT request with the given parameters. See get() for more + # details. + def put(path, parameters = nil, headers = nil) + process :put, path, parameters, headers + end + + # Performs a DELETE request with the given parameters. See get() for + # more details. + def delete(path, parameters = nil, headers = nil) + process :delete, path, parameters, headers + end + + # Performs a HEAD request with the given parameters. See get() for more + # details. + def head(path, parameters = nil, headers = nil) + process :head, path, parameters, headers + end + + # Performs an XMLHttpRequest request with the given parameters, mirroring + # a request from the Prototype library. + # + # The request_method is :get, :post, :put, :delete or :head; the + # parameters are +nil+, a hash, or a url-encoded or multipart string; + # the headers are a hash. Keys are automatically upcased and prefixed + # with 'HTTP_' if not already. + def xml_http_request(request_method, path, parameters = nil, headers = nil) + headers ||= {} + headers['X-Requested-With'] = 'XMLHttpRequest' + headers['Accept'] ||= [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') + process(request_method, path, parameters, headers) + end + alias xhr :xml_http_request + + # Returns the URL for the given options, according to the rules specified + # in the application's routes. + def url_for(options) + controller ? + controller.url_for(options) : + generic_url_rewriter.rewrite(options) + end + + private + # Tailors the session based on the given URI, setting the HTTPS value + # and the hostname. + def interpret_uri(path) + location = URI.parse(path) + https! URI::HTTPS === location if location.scheme + host! location.host if location.host + location.query ? "#{location.path}?#{location.query}" : location.path + end + + # Performs the actual request. + def process(method, path, parameters = nil, headers = nil) + data = requestify(parameters) + path = interpret_uri(path) if path =~ %r{://} + path = "/#{path}" unless path[0] == ?/ + @path = path + env = {} + + if method == :get + env["QUERY_STRING"] = data + data = nil + end + + env["QUERY_STRING"] ||= "" + + data = data.is_a?(IO) ? data : StringIO.new(data || '') + + env.update( + "REQUEST_METHOD" => method.to_s.upcase, + "SERVER_NAME" => host, + "SERVER_PORT" => (https? ? "443" : "80"), + "HTTPS" => https? ? "on" : "off", + "rack.url_scheme" => https? ? "https" : "http", + "SCRIPT_NAME" => "", + + "REQUEST_URI" => path, + "PATH_INFO" => path, + "HTTP_HOST" => host, + "REMOTE_ADDR" => remote_addr, + "CONTENT_TYPE" => "application/x-www-form-urlencoded", + "CONTENT_LENGTH" => data ? data.length.to_s : nil, + "HTTP_COOKIE" => encode_cookies, + "HTTP_ACCEPT" => accept, + + "rack.version" => [0,1], + "rack.input" => data, + "rack.errors" => StringIO.new, + "rack.multithread" => true, + "rack.multiprocess" => true, + "rack.run_once" => false, + + "rack.test" => true + ) + + (headers || {}).each do |key, value| + key = key.to_s.upcase.gsub(/-/, "_") + key = "HTTP_#{key}" unless env.has_key?(key) || key =~ /^HTTP_/ + env[key] = value + end + + [ControllerCapture, ActionController::ProcessWithTest].each do |mod| + unless ActionController::Base < mod + ActionController::Base.class_eval { include mod } + end + end + + ActionController::Base.clear_last_instantiation! + + app = Rack::Lint.new(@application) + + status, headers, body = app.call(env) + @request_count += 1 + + @html_document = nil + + @status = status.to_i + @status_message = StatusCodes::STATUS_CODES[@status] + + @headers = Rack::Utils::HeaderHash.new(headers) + + (@headers['Set-Cookie'] || []).each do |cookie| + name, value = cookie.match(/^([^=]*)=([^;]*);/)[1,2] + @cookies[name] = value + end + + @body = "" + body.each { |part| @body << part } + + if @controller = ActionController::Base.last_instantiation + @request = @controller.request + @response = @controller.response + @controller.send(:set_test_assigns) + else + # Decorate responses from Rack Middleware and Rails Metal + # as an Response for the purposes of integration testing + @response = Response.new + @response.status = status.to_s + @response.headers.replace(@headers) + @response.body = @body + end + + # Decorate the response with the standard behavior of the + # TestResponse so that things like assert_response can be + # used in integration tests. + @response.extend(TestResponseBehavior) + + return @status + rescue MultiPartNeededException + boundary = "----------XnJLe9ZIbbGUYtzPQJ16u1" + status = process(method, path, + multipart_body(parameters, boundary), + (headers || {}).merge( + {"CONTENT_TYPE" => "multipart/form-data; boundary=#{boundary}"})) + return status + end + + # Encode the cookies hash in a format suitable for passing to a + # request. + def encode_cookies + cookies.inject("") do |string, (name, value)| + string << "#{name}=#{value}; " + end + end + + # Get a temporary URL writer object + def generic_url_rewriter + env = { + 'REQUEST_METHOD' => "GET", + 'QUERY_STRING' => "", + "REQUEST_URI" => "/", + "HTTP_HOST" => host, + "SERVER_PORT" => https? ? "443" : "80", + "HTTPS" => https? ? "on" : "off" + } + UrlRewriter.new(Request.new(env), {}) + end + + def name_with_prefix(prefix, name) + prefix ? "#{prefix}[#{name}]" : name.to_s + end + + # Convert the given parameters to a request string. The parameters may + # be a string, +nil+, or a Hash. + def requestify(parameters, prefix=nil) + if TestUploadedFile === parameters + raise MultiPartNeededException + elsif Hash === parameters + return nil if parameters.empty? + parameters.map { |k,v| + requestify(v, name_with_prefix(prefix, k)) + }.join("&") + elsif Array === parameters + parameters.map { |v| + requestify(v, name_with_prefix(prefix, "")) + }.join("&") + elsif prefix.nil? + parameters + else + "#{CGI.escape(prefix)}=#{CGI.escape(parameters.to_s)}" + end + end + + def multipart_requestify(params, first=true) + returning Hash.new do |p| + params.each do |key, value| + k = first ? CGI.escape(key.to_s) : "[#{CGI.escape(key.to_s)}]" + if Hash === value + multipart_requestify(value, false).each do |subkey, subvalue| + p[k + subkey] = subvalue + end + else + p[k] = value + end + end + end + end + + def multipart_body(params, boundary) + multipart_requestify(params).map do |key, value| + if value.respond_to?(:original_filename) + File.open(value.path, "rb") do |f| + f.set_encoding(Encoding::BINARY) if f.respond_to?(:set_encoding) + + <<-EOF +--#{boundary}\r +Content-Disposition: form-data; name="#{key}"; filename="#{CGI.escape(value.original_filename)}"\r +Content-Type: #{value.content_type}\r +Content-Length: #{File.stat(value.path).size}\r +\r +#{f.read}\r +EOF + end + else +<<-EOF +--#{boundary}\r +Content-Disposition: form-data; name="#{key}"\r +\r +#{value}\r +EOF + end + end.join("")+"--#{boundary}--\r" + end + end + + # A module used to extend ActionController::Base, so that integration tests + # can capture the controller used to satisfy a request. + module ControllerCapture #:nodoc: + def self.included(base) + base.extend(ClassMethods) + base.class_eval do + class << self + alias_method_chain :new, :capture + end + end + end + + module ClassMethods #:nodoc: + mattr_accessor :last_instantiation + + def clear_last_instantiation! + self.last_instantiation = nil + end + + def new_with_capture(*args) + controller = new_without_capture(*args) + self.last_instantiation ||= controller + controller + end + end + end + + module Runner + # Reset the current session. This is useful for testing multiple sessions + # in a single test case. + def reset! + @integration_session = open_session + end + + %w(get post put head delete cookies assigns + xml_http_request xhr get_via_redirect post_via_redirect).each do |method| + define_method(method) do |*args| + reset! unless @integration_session + # reset the html_document variable, but only for new get/post calls + @html_document = nil unless %w(cookies assigns).include?(method) + returning @integration_session.__send__(method, *args) do + copy_session_variables! + end + end + end + + # Open a new session instance. If a block is given, the new session is + # yielded to the block before being returned. + # + # session = open_session do |sess| + # sess.extend(CustomAssertions) + # end + # + # By default, a single session is automatically created for you, but you + # can use this method to open multiple sessions that ought to be tested + # simultaneously. + def open_session(application = nil) + session = Integration::Session.new(application) + + # delegate the fixture accessors back to the test instance + extras = Module.new { attr_accessor :delegate, :test_result } + if self.class.respond_to?(:fixture_table_names) + self.class.fixture_table_names.each do |table_name| + name = table_name.tr(".", "_") + next unless respond_to?(name) + extras.__send__(:define_method, name) { |*args| + delegate.send(name, *args) + } + end + end + + # delegate add_assertion to the test case + extras.__send__(:define_method, :add_assertion) { + test_result.add_assertion + } + session.extend(extras) + session.delegate = self + session.test_result = @_result + + yield session if block_given? + session + end + + # Copy the instance variables from the current session instance into the + # test instance. + def copy_session_variables! #:nodoc: + return unless @integration_session + %w(controller response request).each do |var| + instance_variable_set("@#{var}", @integration_session.__send__(var)) + end + end + + # Delegate unhandled messages to the current session instance. + def method_missing(sym, *args, &block) + reset! unless @integration_session + returning @integration_session.__send__(sym, *args, &block) do + copy_session_variables! + end + end + end + end + + # An IntegrationTest is one that spans multiple controllers and actions, + # tying them all together to ensure they work together as expected. It tests + # more completely than either unit or functional tests do, exercising the + # entire stack, from the dispatcher to the database. + # + # At its simplest, you simply extend IntegrationTest and write your tests + # using the get/post methods: + # + # require "#{File.dirname(__FILE__)}/test_helper" + # + # class ExampleTest < ActionController::IntegrationTest + # fixtures :people + # + # def test_login + # # get the login page + # get "/login" + # assert_equal 200, status + # + # # post the login and follow through to the home page + # post "/login", :username => people(:jamis).username, + # :password => people(:jamis).password + # follow_redirect! + # assert_equal 200, status + # assert_equal "/home", path + # end + # end + # + # However, you can also have multiple session instances open per test, and + # even extend those instances with assertions and methods to create a very + # powerful testing DSL that is specific for your application. You can even + # reference any named routes you happen to have defined! + # + # require "#{File.dirname(__FILE__)}/test_helper" + # + # class AdvancedTest < ActionController::IntegrationTest + # fixtures :people, :rooms + # + # def test_login_and_speak + # jamis, david = login(:jamis), login(:david) + # room = rooms(:office) + # + # jamis.enter(room) + # jamis.speak(room, "anybody home?") + # + # david.enter(room) + # david.speak(room, "hello!") + # end + # + # private + # + # module CustomAssertions + # def enter(room) + # # reference a named route, for maximum internal consistency! + # get(room_url(:id => room.id)) + # assert(...) + # ... + # end + # + # def speak(room, message) + # xml_http_request "/say/#{room.id}", :message => message + # assert(...) + # ... + # end + # end + # + # def login(who) + # open_session do |sess| + # sess.extend(CustomAssertions) + # who = people(who) + # sess.post "/login", :username => who.username, + # :password => who.password + # assert(...) + # end + # end + # end + class IntegrationTest < ActiveSupport::TestCase + include Integration::Runner + + # Work around a bug in test/unit caused by the default test being named + # as a symbol (:default_test), which causes regex test filters + # (like "ruby test.rb -n /foo/") to fail because =~ doesn't work on + # symbols. + def initialize(name) #:nodoc: + super(name.to_s) + end + + # Work around test/unit's requirement that every subclass of TestCase have + # at least one test method. Note that this implementation extends to all + # subclasses, as well, so subclasses of IntegrationTest may also exist + # without any test methods. + def run(*args) #:nodoc: + return if @method_name == "default_test" + super + end + + # Because of how use_instantiated_fixtures and use_transactional_fixtures + # are defined, we need to treat them as special cases. Otherwise, users + # would potentially have to set their values for both Test::Unit::TestCase + # ActionController::IntegrationTest, since by the time the value is set on + # TestCase, IntegrationTest has already been defined and cannot inherit + # changes to those variables. So, we make those two attributes + # copy-on-write. + + class << self + def use_transactional_fixtures=(flag) #:nodoc: + @_use_transactional_fixtures = true + @use_transactional_fixtures = flag + end + + def use_instantiated_fixtures=(flag) #:nodoc: + @_use_instantiated_fixtures = true + @use_instantiated_fixtures = flag + end + + def use_transactional_fixtures #:nodoc: + @_use_transactional_fixtures ? + @use_transactional_fixtures : + superclass.use_transactional_fixtures + end + + def use_instantiated_fixtures #:nodoc: + @_use_instantiated_fixtures ? + @use_instantiated_fixtures : + superclass.use_instantiated_fixtures + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/performance.rb b/actionpack/lib/action_controller/testing/performance.rb new file mode 100644 index 0000000000..d88180087d --- /dev/null +++ b/actionpack/lib/action_controller/testing/performance.rb @@ -0,0 +1,15 @@ +require 'active_support/testing/performance' +require 'active_support/testing/default' + +module ActionController + # An integration test that runs a code profiler on your test methods. + # Profiling output for combinations of each test method, measurement, and + # output format are written to your tmp/performance directory. + # + # By default, process_time is measured and both flat and graph_html output + # formats are written, so you'll have two output files per test method. + class PerformanceTest < ActionController::IntegrationTest + include ActiveSupport::Testing::Performance + include ActiveSupport::Testing::Default + end +end diff --git a/actionpack/lib/action_controller/testing/process.rb b/actionpack/lib/action_controller/testing/process.rb new file mode 100644 index 0000000000..22b97fc157 --- /dev/null +++ b/actionpack/lib/action_controller/testing/process.rb @@ -0,0 +1,543 @@ +module ActionController #:nodoc: + class TestRequest < Request #:nodoc: + attr_accessor :cookies, :session_options + attr_accessor :query_parameters, :path, :session + attr_accessor :host + + def initialize + super(Rack::MockRequest.env_for("/")) + + @query_parameters = {} + @session = TestSession.new + + initialize_default_values + initialize_containers + end + + def reset_session + @session = TestSession.new + end + + # Wraps raw_post in a StringIO. + def body_stream #:nodoc: + StringIO.new(raw_post) + end + + # Either the RAW_POST_DATA environment variable or the URL-encoded request + # parameters. + def raw_post + @env['RAW_POST_DATA'] ||= begin + data = url_encoded_request_parameters + data.force_encoding(Encoding::BINARY) if data.respond_to?(:force_encoding) + data + end + end + + def port=(number) + @env["SERVER_PORT"] = number.to_i + port(true) + end + + def action=(action_name) + @query_parameters.update({ "action" => action_name }) + @parameters = nil + end + + # Used to check AbstractRequest's request_uri functionality. + # Disables the use of @path and @request_uri so superclass can handle those. + def set_REQUEST_URI(value) + @env["REQUEST_URI"] = value + @request_uri = nil + @path = nil + request_uri(true) + path(true) + end + + def request_uri=(uri) + @request_uri = uri + @path = uri.split("?").first + end + + def accept=(mime_types) + @env["HTTP_ACCEPT"] = Array(mime_types).collect { |mime_types| mime_types.to_s }.join(",") + accepts(true) + end + + def if_modified_since=(last_modified) + @env["HTTP_IF_MODIFIED_SINCE"] = last_modified + end + + def if_none_match=(etag) + @env["HTTP_IF_NONE_MATCH"] = etag + end + + def remote_addr=(addr) + @env['REMOTE_ADDR'] = addr + end + + def request_uri(*args) + @request_uri || super + end + + def path(*args) + @path || super + end + + def assign_parameters(controller_path, action, parameters) + parameters = parameters.symbolize_keys.merge(:controller => controller_path, :action => action) + extra_keys = ActionController::Routing::Routes.extra_keys(parameters) + non_path_parameters = get? ? query_parameters : request_parameters + parameters.each do |key, value| + if value.is_a? Fixnum + value = value.to_s + elsif value.is_a? Array + value = ActionController::Routing::PathSegment::Result.new(value) + end + + if extra_keys.include?(key.to_sym) + non_path_parameters[key] = value + else + path_parameters[key.to_s] = value + end + end + raw_post # populate env['RAW_POST_DATA'] + @parameters = nil # reset TestRequest#parameters to use the new path_parameters + end + + def recycle! + self.query_parameters = {} + self.path_parameters = {} + unmemoize_all + end + + def user_agent=(user_agent) + @env['HTTP_USER_AGENT'] = user_agent + end + + private + def initialize_containers + @cookies = {} + end + + def initialize_default_values + @host = "test.host" + @request_uri = "/" + @env['HTTP_USER_AGENT'] = "Rails Testing" + @env['REMOTE_ADDR'] = "0.0.0.0" + @env["SERVER_PORT"] = 80 + @env['REQUEST_METHOD'] = "GET" + end + + def url_encoded_request_parameters + params = self.request_parameters.dup + + %w(controller action only_path).each do |k| + params.delete(k) + params.delete(k.to_sym) + end + + params.to_query + end + end + + # A refactoring of TestResponse to allow the same behavior to be applied + # to the "real" CgiResponse class in integration tests. + module TestResponseBehavior #:nodoc: + # The response code of the request + def response_code + status.to_s[0,3].to_i rescue 0 + end + + # Returns a String to ensure compatibility with Net::HTTPResponse + def code + status.to_s.split(' ')[0] + end + + def message + status.to_s.split(' ',2)[1] + end + + # Was the response successful? + def success? + (200..299).include?(response_code) + end + + # Was the URL not found? + def missing? + response_code == 404 + end + + # Were we redirected? + def redirect? + (300..399).include?(response_code) + end + + # Was there a server-side error? + def error? + (500..599).include?(response_code) + end + + alias_method :server_error?, :error? + + # Was there a client client? + def client_error? + (400..499).include?(response_code) + end + + # Returns the redirection location or nil + def redirect_url + headers['Location'] + end + + # Does the redirect location match this regexp pattern? + def redirect_url_match?( pattern ) + return false if redirect_url.nil? + p = Regexp.new(pattern) if pattern.class == String + p = pattern if pattern.class == Regexp + return false if p.nil? + p.match(redirect_url) != nil + end + + # Returns the template of the file which was used to + # render this response (or nil) + def rendered + template.instance_variable_get(:@_rendered) + end + + # A shortcut to the flash. Returns an empty hash if no session flash exists. + def flash + session['flash'] || {} + end + + # Do we have a flash? + def has_flash? + !flash.empty? + end + + # Do we have a flash that has contents? + def has_flash_with_contents? + !flash.empty? + end + + # Does the specified flash object exist? + def has_flash_object?(name=nil) + !flash[name].nil? + end + + # Does the specified object exist in the session? + def has_session_object?(name=nil) + !session[name].nil? + end + + # A shortcut to the template.assigns + def template_objects + template.assigns || {} + end + + # Does the specified template object exist? + def has_template_object?(name=nil) + !template_objects[name].nil? + end + + # Returns the response cookies, converted to a Hash of (name => value) pairs + # + # assert_equal 'AuthorOfNewPage', r.cookies['author'] + def cookies + cookies = {} + Array(headers['Set-Cookie']).each do |cookie| + key, value = cookie.split(";").first.split("=") + cookies[key] = value + end + cookies + end + + # Returns binary content (downloadable file), converted to a String + def binary_content + raise "Response body is not a Proc: #{body.inspect}" unless body.kind_of?(Proc) + require 'stringio' + + sio = StringIO.new + body.call(self, sio) + + sio.rewind + sio.read + end + end + + # Integration test methods such as ActionController::Integration::Session#get + # and ActionController::Integration::Session#post return objects of class + # TestResponse, which represent the HTTP response results of the requested + # controller actions. + # + # See Response for more information on controller response objects. + class TestResponse < Response + include TestResponseBehavior + + def recycle! + headers.delete('ETag') + headers.delete('Last-Modified') + end + end + + class TestSession #:nodoc: + attr_accessor :session_id + + def initialize(attributes = nil) + @session_id = '' + @attributes = attributes.nil? ? nil : attributes.stringify_keys + @saved_attributes = nil + end + + def data + @attributes ||= @saved_attributes || {} + end + + def [](key) + data[key.to_s] + end + + def []=(key, value) + data[key.to_s] = value + end + + def update + @saved_attributes = @attributes + end + + def delete + @attributes = nil + end + + def close + update + delete + end + end + + # Essentially generates a modified Tempfile object similar to the object + # you'd get from the standard library CGI module in a multipart + # request. This means you can use an ActionController::TestUploadedFile + # object in the params of a test request in order to simulate + # a file upload. + # + # Usage example, within a functional test: + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png') + # + # Pass a true third parameter to ensure the uploaded file is opened in binary mode (only required for Windows): + # post :change_avatar, :avatar => ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + '/files/spongebob.png', 'image/png', :binary) + require 'tempfile' + class TestUploadedFile + # The filename, *not* including the path, of the "uploaded" file + attr_reader :original_filename + + # The content type of the "uploaded" file + attr_accessor :content_type + + def initialize(path, content_type = Mime::TEXT, binary = false) + raise "#{path} file does not exist" unless File.exist?(path) + @content_type = content_type + @original_filename = path.sub(/^.*#{File::SEPARATOR}([^#{File::SEPARATOR}]+)$/) { $1 } + @tempfile = Tempfile.new(@original_filename) + @tempfile.set_encoding(Encoding::BINARY) if @tempfile.respond_to?(:set_encoding) + @tempfile.binmode if binary + FileUtils.copy_file(path, @tempfile.path) + end + + def path #:nodoc: + @tempfile.path + end + + alias local_path path + + def method_missing(method_name, *args, &block) #:nodoc: + @tempfile.__send__(method_name, *args, &block) + end + end + + module TestProcess + def self.included(base) + # Executes a request simulating GET HTTP method and set/volley the response + def get(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "GET") + end + + # Executes a request simulating POST HTTP method and set/volley the response + def post(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "POST") + end + + # Executes a request simulating PUT HTTP method and set/volley the response + def put(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "PUT") + end + + # Executes a request simulating DELETE HTTP method and set/volley the response + def delete(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "DELETE") + end + + # Executes a request simulating HEAD HTTP method and set/volley the response + def head(action, parameters = nil, session = nil, flash = nil) + process(action, parameters, session, flash, "HEAD") + end + end + + def process(action, parameters = nil, session = nil, flash = nil, http_method = 'GET') + # Sanity check for required instance variables so we can give an + # understandable error message. + %w(@controller @request @response).each do |iv_name| + if !(instance_variable_names.include?(iv_name) || instance_variable_names.include?(iv_name.to_sym)) || instance_variable_get(iv_name).nil? + raise "#{iv_name} is nil: make sure you set it in your test's setup method." + end + end + + @request.recycle! + @response.recycle! + + @html_document = nil + @request.env['REQUEST_METHOD'] = http_method + + @request.action = action.to_s + + parameters ||= {} + @request.assign_parameters(@controller.class.controller_path, action.to_s, parameters) + + @request.session = ActionController::TestSession.new(session) unless session.nil? + @request.session["flash"] = ActionController::Flash::FlashHash.new.update(flash) if flash + build_request_uri(action, parameters) + + Base.class_eval { include ProcessWithTest } unless Base < ProcessWithTest + @controller.process_with_test(@request, @response) + end + + def xml_http_request(request_method, action, parameters = nil, session = nil, flash = nil) + @request.env['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' + @request.env['HTTP_ACCEPT'] = [Mime::JS, Mime::HTML, Mime::XML, 'text/xml', Mime::ALL].join(', ') + returning __send__(request_method, action, parameters, session, flash) do + @request.env.delete 'HTTP_X_REQUESTED_WITH' + @request.env.delete 'HTTP_ACCEPT' + end + end + alias xhr :xml_http_request + + def assigns(key = nil) + if key.nil? + @response.template.assigns + else + @response.template.assigns[key.to_s] + end + end + + def session + @request.session + end + + def flash + @response.flash + end + + def cookies + @response.cookies + end + + def redirect_to_url + @response.redirect_url + end + + def build_request_uri(action, parameters) + unless @request.env['REQUEST_URI'] + options = @controller.__send__(:rewrite_options, parameters) + options.update(:only_path => true, :action => action) + + url = ActionController::UrlRewriter.new(@request, parameters) + @request.set_REQUEST_URI(url.rewrite(options)) + end + end + + def html_document + xml = @response.content_type =~ /xml$/ + @html_document ||= HTML::Document.new(@response.body, false, xml) + end + + def find_tag(conditions) + html_document.find(conditions) + end + + def find_all_tag(conditions) + html_document.find_all(conditions) + end + + def method_missing(selector, *args, &block) + if @controller && ActionController::Routing::Routes.named_routes.helpers.include?(selector) + @controller.send(selector, *args, &block) + else + super + end + end + + # Shortcut for ActionController::TestUploadedFile.new(ActionController::TestCase.fixture_path + path, type): + # + # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png') + # + # To upload binary files on Windows, pass :binary as the last parameter. + # This will not affect other platforms: + # + # post :change_avatar, :avatar => fixture_file_upload('/files/spongebob.png', 'image/png', :binary) + def fixture_file_upload(path, mime_type = nil, binary = false) + fixture_path = ActionController::TestCase.send(:fixture_path) if ActionController::TestCase.respond_to?(:fixture_path) + ActionController::TestUploadedFile.new("#{fixture_path}#{path}", mime_type, binary) + end + + # A helper to make it easier to test different route configurations. + # This method temporarily replaces ActionController::Routing::Routes + # with a new RouteSet instance. + # + # The new instance is yielded to the passed block. Typically the block + # will create some routes using map.draw { map.connect ... }: + # + # with_routing do |set| + # set.draw do |map| + # map.connect ':controller/:action/:id' + # assert_equal( + # ['/content/10/show', {}], + # map.generate(:controller => 'content', :id => 10, :action => 'show') + # end + # end + # end + # + def with_routing + real_routes = ActionController::Routing::Routes + ActionController::Routing.module_eval { remove_const :Routes } + + temporary_routes = ActionController::Routing::RouteSet.new + ActionController::Routing.module_eval { const_set :Routes, temporary_routes } + + yield temporary_routes + ensure + if ActionController::Routing.const_defined? :Routes + ActionController::Routing.module_eval { remove_const :Routes } + end + ActionController::Routing.const_set(:Routes, real_routes) if real_routes + end + end + + module ProcessWithTest #:nodoc: + def self.included(base) + base.class_eval { attr_reader :assigns } + end + + def process_with_test(*args) + process(*args).tap { set_test_assigns } + end + + private + def set_test_assigns + @assigns = {} + (instance_variable_names - self.class.protected_instance_variables).each do |var| + name, value = var[1..-1], instance_variable_get(var) + @assigns[name] = value + response.template.assigns[name] = value if response + end + end + end +end diff --git a/actionpack/lib/action_controller/testing/test_case.rb b/actionpack/lib/action_controller/testing/test_case.rb new file mode 100644 index 0000000000..c14785ba83 --- /dev/null +++ b/actionpack/lib/action_controller/testing/test_case.rb @@ -0,0 +1,199 @@ +require 'active_support/test_case' +require 'action_controller/testing/process' + +module ActionController + # Superclass for ActionController functional tests. Functional tests allow you to + # test a single controller action per test method. This should not be confused with + # integration tests (see ActionController::IntegrationTest), which are more like + # "stories" that can involve multiple controllers and mutliple actions (i.e. multiple + # different HTTP requests). + # + # == Basic example + # + # Functional tests are written as follows: + # 1. First, one uses the +get+, +post+, +put+, +delete+ or +head+ method to simulate + # an HTTP request. + # 2. Then, one asserts whether the current state is as expected. "State" can be anything: + # the controller's HTTP response, the database contents, etc. + # + # For example: + # + # class BooksControllerTest < ActionController::TestCase + # def test_create + # # Simulate a POST response with the given HTTP parameters. + # post(:create, :book => { :title => "Love Hina" }) + # + # # Assert that the controller tried to redirect us to + # # the created book's URI. + # assert_response :found + # + # # Assert that the controller really put the book in the database. + # assert_not_nil Book.find_by_title("Love Hina") + # end + # end + # + # == Special instance variables + # + # ActionController::TestCase will also automatically provide the following instance + # variables for use in the tests: + # + # @controller:: + # The controller instance that will be tested. + # @request:: + # An ActionController::TestRequest, representing the current HTTP + # request. You can modify this object before sending the HTTP request. For example, + # you might want to set some session properties before sending a GET request. + # @response:: + # An ActionController::TestResponse object, representing the response + # of the last HTTP response. In the above example, @response becomes valid + # after calling +post+. If the various assert methods are not sufficient, then you + # may use this object to inspect the HTTP response in detail. + # + # (Earlier versions of Rails required each functional test to subclass + # Test::Unit::TestCase and define @controller, @request, @response in +setup+.) + # + # == Controller is automatically inferred + # + # ActionController::TestCase will automatically infer the controller under test + # from the test class name. If the controller cannot be inferred from the test + # class name, you can explicity set it with +tests+. + # + # class SpecialEdgeCaseWidgetsControllerTest < ActionController::TestCase + # tests WidgetController + # end + # + # == Testing controller internals + # + # In addition to these specific assertions, you also have easy access to various collections that the regular test/unit assertions + # can be used against. These collections are: + # + # * assigns: Instance variables assigned in the action that are available for the view. + # * session: Objects being saved in the session. + # * flash: The flash objects currently in the session. + # * cookies: Cookies being sent to the user on this request. + # + # These collections can be used just like any other hash: + # + # assert_not_nil assigns(:person) # makes sure that a @person instance variable was set + # assert_equal "Dave", cookies[:name] # makes sure that a cookie called :name was set as "Dave" + # assert flash.empty? # makes sure that there's nothing in the flash + # + # For historic reasons, the assigns hash uses string-based keys. So assigns[:person] won't work, but assigns["person"] will. To + # appease our yearning for symbols, though, an alternative accessor has been devised using a method call instead of index referencing. + # So assigns(:person) will work just like assigns["person"], but again, assigns[:person] will not work. + # + # On top of the collections, you have the complete url that a given action redirected to available in redirect_to_url. + # + # For redirects within the same controller, you can even call follow_redirect and the redirect will be followed, triggering another + # action call which can then be asserted against. + # + # == Manipulating the request collections + # + # The collections described above link to the response, so you can test if what the actions were expected to do happened. But + # sometimes you also want to manipulate these collections in the incoming request. This is really only relevant for sessions + # and cookies, though. For sessions, you just do: + # + # @request.session[:key] = "value" + # @request.cookies["key"] = "value" + # + # == Testing named routes + # + # If you're using named routes, they can be easily tested using the original named routes' methods straight in the test case. + # Example: + # + # assert_redirected_to page_url(:title => 'foo') + class TestCase < ActiveSupport::TestCase + include TestProcess + + module Assertions + %w(response selector tag dom routing model).each do |kind| + include ActionController::Assertions.const_get("#{kind.camelize}Assertions") + end + + def clean_backtrace(&block) + yield + rescue ActiveSupport::TestCase::Assertion => error + framework_path = Regexp.new(File.expand_path("#{File.dirname(__FILE__)}/assertions")) + error.backtrace.reject! { |line| File.expand_path(line) =~ framework_path } + raise + end + end + include Assertions + + # When the request.remote_addr remains the default for testing, which is 0.0.0.0, the exception is simply raised inline + # (bystepping the regular exception handling from rescue_action). If the request.remote_addr is anything else, the regular + # rescue_action process takes place. This means you can test your rescue_action code by setting remote_addr to something else + # than 0.0.0.0. + # + # The exception is stored in the exception accessor for further inspection. + module RaiseActionExceptions + protected + attr_accessor :exception + + def rescue_action_without_handler(e) + self.exception = e + + if request.remote_addr == "0.0.0.0" + raise(e) + else + super(e) + end + end + end + + setup :setup_controller_request_and_response + + @@controller_class = nil + + class << self + # Sets the controller class name. Useful if the name can't be inferred from test class. + # Expects +controller_class+ as a constant. Example: tests WidgetController. + def tests(controller_class) + self.controller_class = controller_class + end + + def controller_class=(new_class) + prepare_controller_class(new_class) if new_class + write_inheritable_attribute(:controller_class, new_class) + end + + def controller_class + if current_controller_class = read_inheritable_attribute(:controller_class) + current_controller_class + else + self.controller_class = determine_default_controller_class(name) + end + end + + def determine_default_controller_class(name) + name.sub(/Test$/, '').constantize + rescue NameError + nil + end + + def prepare_controller_class(new_class) + new_class.send :include, RaiseActionExceptions + end + end + + def setup_controller_request_and_response + @request = TestRequest.new + @response = TestResponse.new + + if klass = self.class.controller_class + @controller ||= klass.new rescue nil + end + + if @controller + @controller.request = @request + @controller.params = {} + @controller.send(:initialize_current_url) + end + end + + # Cause the action to be rescued according to the regular rules for rescue_action when the visitor is not local + def rescue_action_in_public! + @request.remote_addr = '208.77.188.166' # example.com + end + end +end diff --git a/actionpack/lib/action_controller/uploaded_file.rb b/actionpack/lib/action_controller/uploaded_file.rb deleted file mode 100644 index 376ba3621a..0000000000 --- a/actionpack/lib/action_controller/uploaded_file.rb +++ /dev/null @@ -1,44 +0,0 @@ -module ActionController - module UploadedFile - def self.included(base) - base.class_eval do - attr_accessor :original_path, :content_type - alias_method :local_path, :path - end - end - - def self.extended(object) - object.class_eval do - attr_accessor :original_path, :content_type - alias_method :local_path, :path - end - end - - # Take the basename of the upload's original filename. - # This handles the full Windows paths given by Internet Explorer - # (and perhaps other broken user agents) without affecting - # those which give the lone filename. - # The Windows regexp is adapted from Perl's File::Basename. - def original_filename - unless defined? @original_filename - @original_filename = - unless original_path.blank? - if original_path =~ /^(?:.*[:\\\/])?(.*)/m - $1 - else - File.basename original_path - end - end - end - @original_filename - end - end - - class UploadedStringIO < StringIO - include UploadedFile - end - - class UploadedTempfile < Tempfile - include UploadedFile - end -end diff --git a/actionpack/lib/action_controller/url_encoded_pair_parser.rb b/actionpack/lib/action_controller/url_encoded_pair_parser.rb deleted file mode 100644 index 57594c4259..0000000000 --- a/actionpack/lib/action_controller/url_encoded_pair_parser.rb +++ /dev/null @@ -1,155 +0,0 @@ -module ActionController - class UrlEncodedPairParser < StringScanner #:nodoc: - class << self - def parse_query_parameters(query_string) - return {} if query_string.blank? - - pairs = query_string.split('&').collect do |chunk| - next if chunk.empty? - key, value = chunk.split('=', 2) - next if key.empty? - value = value.nil? ? nil : CGI.unescape(value) - [ CGI.unescape(key), value ] - end.compact - - new(pairs).result - end - - def parse_hash_parameters(params) - parser = new - - params = params.dup - until params.empty? - for key, value in params - if key.blank? - params.delete(key) - elsif value.is_a?(Array) - parser.parse(key, get_typed_value(value.shift)) - params.delete(key) if value.empty? - else - parser.parse(key, get_typed_value(value)) - params.delete(key) - end - end - end - - parser.result - end - - private - def get_typed_value(value) - case value - when String - value - when NilClass - '' - when Array - value.map { |v| get_typed_value(v) } - when Hash - if value.has_key?(:tempfile) && value[:filename].any? - upload = value[:tempfile] - upload.extend(UploadedFile) - upload.original_path = value[:filename] - upload.content_type = value[:type] - upload - else - nil - end - else - raise "Unknown form value: #{value.inspect}" - end - end - end - - attr_reader :top, :parent, :result - - def initialize(pairs = []) - super('') - @result = {} - pairs.each { |key, value| parse(key, value) } - end - - KEY_REGEXP = %r{([^\[\]=&]+)} - BRACKETED_KEY_REGEXP = %r{\[([^\[\]=&]+)\]} - - # Parse the query string - def parse(key, value) - self.string = key - @top, @parent = result, nil - - # First scan the bare key - key = scan(KEY_REGEXP) or return - key = post_key_check(key) - - # Then scan as many nestings as present - until eos? - r = scan(BRACKETED_KEY_REGEXP) or return - key = self[1] - key = post_key_check(key) - end - - bind(key, value) - end - - private - # After we see a key, we must look ahead to determine our next action. Cases: - # - # [] follows the key. Then the value must be an array. - # = follows the key. (A value comes next) - # & or the end of string follows the key. Then the key is a flag. - # otherwise, a hash follows the key. - def post_key_check(key) - if scan(/\[\]/) # a[b][] indicates that b is an array - container(key, Array) - nil - elsif check(/\[[^\]]/) # a[b] indicates that a is a hash - container(key, Hash) - nil - else # End of key? We do nothing. - key - end - end - - # Add a container to the stack. - def container(key, klass) - type_conflict! klass, top[key] if top.is_a?(Hash) && top.key?(key) && ! top[key].is_a?(klass) - value = bind(key, klass.new) - type_conflict! klass, value unless value.is_a?(klass) - push(value) - end - - # Push a value onto the 'stack', which is actually only the top 2 items. - def push(value) - @parent, @top = @top, value - end - - # Bind a key (which may be nil for items in an array) to the provided value. - def bind(key, value) - if top.is_a? Array - if key - if top[-1].is_a?(Hash) && ! top[-1].key?(key) - top[-1][key] = value - else - top << {key => value}.with_indifferent_access - end - push top.last - return top[key] - else - top << value - return value - end - elsif top.is_a? Hash - key = CGI.unescape(key) - parent << (@top = {}) if top.key?(key) && parent.is_a?(Array) - top[key] ||= value - return top[key] - else - raise ArgumentError, "Don't know what to do: top is #{top.inspect}" - end - end - - def type_conflict!(klass, value) - raise TypeError, "Conflicting types for parameter containers. Expected an instance of #{klass} but found an instance of #{value.class}. This can be caused by colliding Array and Hash parameters like qs[]=value&qs[key]=value. (The parameters received were #{value.inspect}.)" - end - end -end diff --git a/actionpack/lib/action_controller/url_rewriter.rb b/actionpack/lib/action_controller/url_rewriter.rb deleted file mode 100644 index d86e2db67d..0000000000 --- a/actionpack/lib/action_controller/url_rewriter.rb +++ /dev/null @@ -1,219 +0,0 @@ -module ActionController - # In routes.rb one defines URL-to-controller mappings, but the reverse - # is also possible: an URL can be generated from one of your routing definitions. - # URL generation functionality is centralized in this module. - # - # See ActionController::Routing and ActionController::Resources for general - # information about routing and routes.rb. - # - # Tip: If you need to generate URLs from your models or some other place, - # then ActionController::UrlWriter is what you're looking for. Read on for - # an introduction. - # - # == URL generation from parameters - # - # As you may know, some functions - such as ActionController::Base#url_for - # and ActionView::Helpers::UrlHelper#link_to, can generate URLs given a set - # of parameters. For example, you've probably had the chance to write code - # like this in one of your views: - # - # <%= link_to('Click here', :controller => 'users', - # :action => 'new', :message => 'Welcome!') %> - # - # #=> Generates a link to: /users/new?message=Welcome%21 - # - # link_to, and all other functions that require URL generation functionality, - # actually use ActionController::UrlWriter under the hood. And in particular, - # they use the ActionController::UrlWriter#url_for method. One can generate - # the same path as the above example by using the following code: - # - # include UrlWriter - # url_for(:controller => 'users', - # :action => 'new', - # :message => 'Welcome!', - # :only_path => true) - # # => "/users/new?message=Welcome%21" - # - # Notice the :only_path => true part. This is because UrlWriter has no - # information about the website hostname that your Rails app is serving. So if you - # want to include the hostname as well, then you must also pass the :host - # argument: - # - # include UrlWriter - # url_for(:controller => 'users', - # :action => 'new', - # :message => 'Welcome!', - # :host => 'www.example.com') # Changed this. - # # => "http://www.example.com/users/new?message=Welcome%21" - # - # By default, all controllers and views have access to a special version of url_for, - # that already knows what the current hostname is. So if you use url_for in your - # controllers or your views, then you don't need to explicitly pass the :host - # argument. - # - # For convenience reasons, mailers provide a shortcut for ActionController::UrlWriter#url_for. - # So within mailers, you only have to type 'url_for' instead of 'ActionController::UrlWriter#url_for' - # in full. However, mailers don't have hostname information, and what's why you'll still - # have to specify the :host argument when generating URLs in mailers. - # - # - # == URL generation for named routes - # - # UrlWriter also allows one to access methods that have been auto-generated from - # named routes. For example, suppose that you have a 'users' resource in your - # routes.rb: - # - # map.resources :users - # - # This generates, among other things, the method users_path. By default, - # this method is accessible from your controllers, views and mailers. If you need - # to access this auto-generated method from other places (such as a model), then - # you can do that in two ways. - # - # The first way is to include ActionController::UrlWriter in your class: - # - # class User < ActiveRecord::Base - # include ActionController::UrlWriter # !!! - # - # def name=(value) - # write_attribute('name', value) - # write_attribute('base_uri', users_path) # !!! - # end - # end - # - # The second way is to access them through ActionController::UrlWriter. - # The autogenerated named routes methods are available as class methods: - # - # class User < ActiveRecord::Base - # def name=(value) - # write_attribute('name', value) - # path = ActionController::UrlWriter.users_path # !!! - # write_attribute('base_uri', path) # !!! - # end - # end - module UrlWriter - # The default options for urls written by this writer. Typically a :host - # pair is provided. - mattr_accessor :default_url_options - self.default_url_options = {} - - def self.included(base) #:nodoc: - ActionController::Routing::Routes.install_helpers(base) - base.mattr_accessor :default_url_options - base.default_url_options ||= default_url_options - end - - # Generate a url based on the options provided, default_url_options and the - # routes defined in routes.rb. The following options are supported: - # - # * :only_path - If true, the relative url is returned. Defaults to +false+. - # * :protocol - The protocol to connect to. Defaults to 'http'. - # * :host - Specifies the host the link should be targetted at. - # If :only_path is false, this option must be - # provided either explicitly, or via +default_url_options+. - # * :port - Optionally specify the port to connect to. - # * :anchor - An anchor name to be appended to the path. - # * :skip_relative_url_root - If true, the url is not constructed using the - # +relative_url_root+ set in ActionController::Base.relative_url_root. - # * :trailing_slash - If true, adds a trailing slash, as in "/archive/2009/" - # - # Any other key (:controller, :action, etc.) given to - # +url_for+ is forwarded to the Routes module. - # - # Examples: - # - # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :port=>'8080' # => 'http://somehost.org:8080/tasks/testing' - # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :anchor => 'ok', :only_path => true # => '/tasks/testing#ok' - # url_for :controller => 'tasks', :action => 'testing', :trailing_slash=>true # => 'http://somehost.org/tasks/testing/' - # url_for :controller => 'tasks', :action => 'testing', :host=>'somehost.org', :number => '33' # => 'http://somehost.org/tasks/testing?number=33' - def url_for(options) - options = self.class.default_url_options.merge(options) - - url = '' - - unless options.delete(:only_path) - url << (options.delete(:protocol) || 'http') - url << '://' unless url.match("://") - - raise "Missing host to link to! Please provide :host parameter or set default_url_options[:host]" unless options[:host] - - url << options.delete(:host) - url << ":#{options.delete(:port)}" if options.key?(:port) - else - # Delete the unused options to prevent their appearance in the query string. - [:protocol, :host, :port, :skip_relative_url_root].each { |k| options.delete(k) } - end - trailing_slash = options.delete(:trailing_slash) if options.key?(:trailing_slash) - url << ActionController::Base.relative_url_root.to_s unless options[:skip_relative_url_root] - anchor = "##{CGI.escape options.delete(:anchor).to_param.to_s}" if options[:anchor] - generated = Routing::Routes.generate(options, {}) - url << (trailing_slash ? generated.sub(/\?|\z/) { "/" + $& } : generated) - url << anchor if anchor - - url - end - end - - # Rewrites URLs for Base.redirect_to and Base.url_for in the controller. - class UrlRewriter #:nodoc: - RESERVED_OPTIONS = [:anchor, :params, :only_path, :host, :protocol, :port, :trailing_slash, :skip_relative_url_root] - def initialize(request, parameters) - @request, @parameters = request, parameters - end - - def rewrite(options = {}) - rewrite_url(options) - end - - def to_str - "#{@request.protocol}, #{@request.host_with_port}, #{@request.path}, #{@parameters[:controller]}, #{@parameters[:action]}, #{@request.parameters.inspect}" - end - - alias_method :to_s, :to_str - - private - # Given a path and options, returns a rewritten URL string - def rewrite_url(options) - rewritten_url = "" - - unless options[:only_path] - rewritten_url << (options[:protocol] || @request.protocol) - rewritten_url << "://" unless rewritten_url.match("://") - rewritten_url << rewrite_authentication(options) - rewritten_url << (options[:host] || @request.host_with_port) - rewritten_url << ":#{options.delete(:port)}" if options.key?(:port) - end - - path = rewrite_path(options) - rewritten_url << ActionController::Base.relative_url_root.to_s unless options[:skip_relative_url_root] - rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path) - rewritten_url << "##{options[:anchor]}" if options[:anchor] - - rewritten_url - end - - # Given a Hash of options, generates a route - def rewrite_path(options) - options = options.symbolize_keys - options.update(options[:params].symbolize_keys) if options[:params] - - if (overwrite = options.delete(:overwrite_params)) - options.update(@parameters.symbolize_keys) - options.update(overwrite.symbolize_keys) - end - - RESERVED_OPTIONS.each { |k| options.delete(k) } - - # Generates the query string, too - Routing::Routes.generate(options, @request.symbolized_path_parameters) - end - - def rewrite_authentication(options) - if options[:user] && options[:password] - "#{CGI.escape(options.delete(:user))}:#{CGI.escape(options.delete(:password))}@" - else - "" - end - end - end -end diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb deleted file mode 100644 index 7bf09ba6ea..0000000000 --- a/actionpack/lib/action_controller/verification.rb +++ /dev/null @@ -1,130 +0,0 @@ -module ActionController #:nodoc: - module Verification #:nodoc: - def self.included(base) #:nodoc: - base.extend(ClassMethods) - end - - # This module provides a class-level method for specifying that certain - # actions are guarded against being called without certain prerequisites - # being met. This is essentially a special kind of before_filter. - # - # An action may be guarded against being invoked without certain request - # parameters being set, or without certain session values existing. - # - # When a verification is violated, values may be inserted into the flash, and - # a specified redirection is triggered. If no specific action is configured, - # verification failures will by default result in a 400 Bad Request response. - # - # Usage: - # - # class GlobalController < ActionController::Base - # # Prevent the #update_settings action from being invoked unless - # # the 'admin_privileges' request parameter exists. The - # # settings action will be redirected to in current controller - # # if verification fails. - # verify :params => "admin_privileges", :only => :update_post, - # :redirect_to => { :action => "settings" } - # - # # Disallow a post from being updated if there was no information - # # submitted with the post, and if there is no active post in the - # # session, and if there is no "note" key in the flash. The route - # # named category_url will be redirected to if verification fails. - # - # verify :params => "post", :session => "post", "flash" => "note", - # :only => :update_post, - # :add_flash => { "alert" => "Failed to create your message" }, - # :redirect_to => :category_url - # - # Note that these prerequisites are not business rules. They do not examine - # the content of the session or the parameters. That level of validation should - # be encapsulated by your domain model or helper methods in the controller. - module ClassMethods - # Verify the given actions so that if certain prerequisites are not met, - # the user is redirected to a different action. The +options+ parameter - # is a hash consisting of the following key/value pairs: - # - # :params:: - # a single key or an array of keys that must be in the params - # hash in order for the action(s) to be safely called. - # :session:: - # a single key or an array of keys that must be in the session - # in order for the action(s) to be safely called. - # :flash:: - # a single key or an array of keys that must be in the flash in order - # for the action(s) to be safely called. - # :method:: - # a single key or an array of keys--any one of which must match the - # current request method in order for the action(s) to be safely called. - # (The key should be a symbol: :get or :post, for - # example.) - # :xhr:: - # true/false option to ensure that the request is coming from an Ajax - # call or not. - # :add_flash:: - # a hash of name/value pairs that should be merged into the session's - # flash if the prerequisites cannot be satisfied. - # :add_headers:: - # a hash of name/value pairs that should be merged into the response's - # headers hash if the prerequisites cannot be satisfied. - # :redirect_to:: - # the redirection parameters to be used when redirecting if the - # prerequisites cannot be satisfied. You can redirect either to named - # route or to the action in some controller. - # :render:: - # the render parameters to be used when the prerequisites cannot be satisfied. - # :only:: - # only apply this verification to the actions specified in the associated - # array (may also be a single value). - # :except:: - # do not apply this verification to the actions specified in the associated - # array (may also be a single value). - def verify(options={}) - before_filter :only => options[:only], :except => options[:except] do |c| - c.__send__ :verify_action, options - end - end - end - - private - - def verify_action(options) #:nodoc: - if prereqs_invalid?(options) - flash.update(options[:add_flash]) if options[:add_flash] - response.headers.update(options[:add_headers]) if options[:add_headers] - apply_remaining_actions(options) unless performed? - end - end - - def prereqs_invalid?(options) # :nodoc: - verify_presence_of_keys_in_hash_flash_or_params(options) || - verify_method(options) || - verify_request_xhr_status(options) - end - - def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc: - [*options[:params] ].find { |v| params[v].nil? } || - [*options[:session]].find { |v| session[v].nil? } || - [*options[:flash] ].find { |v| flash[v].nil? } - end - - def verify_method(options) # :nodoc: - [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method] - end - - def verify_request_xhr_status(options) # :nodoc: - request.xhr? != options[:xhr] unless options[:xhr].nil? - end - - def apply_redirect_to(redirect_to_option) # :nodoc: - (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option - end - - def apply_remaining_actions(options) # :nodoc: - case - when options[:render] ; render(options[:render]) - when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to])) - else head(:bad_request) - end - end - end -end \ No newline at end of file diff --git a/actionpack/lib/action_view/render/partials.rb b/actionpack/lib/action_view/render/partials.rb index aa4c4af213..e337dcb63b 100644 --- a/actionpack/lib/action_view/render/partials.rb +++ b/actionpack/lib/action_view/render/partials.rb @@ -243,6 +243,34 @@ module ActionView end end + def _render_partial_with_block(layout, block, options) + @_proc_for_layout = block + concat(_render_partial(options.merge(:partial => layout))) + ensure + @_proc_for_layout = nil + end + + def _render_partial_with_layout(layout, options) + if layout + prefix = controller && !layout.include?("/") ? controller.controller_path : nil + layout = find_by_parts(layout, formats, prefix, true) + end + content = _render_partial(options) + return _render_content_with_layout(content, layout, options[:locals]) + end + + def _deprecated_ivar_assign(template) + if respond_to?(:controller) + ivar = :"@#{template.variable_name}" + object = + if controller.instance_variable_defined?(ivar) + ActiveSupport::Deprecation::DeprecatedObjectProxy.new( + controller.instance_variable_get(ivar), + "#{ivar} will no longer be implicitly assigned to #{template.variable_name}") + end + end + end + def _array_like_objects array_like = [Array] if defined?(ActiveRecord) -- cgit v1.2.3