Privatize unneededly protected methods in Action Pack

actionpack/lib/abstract_controller/caching.rb

@@ -52,9 +52,9 @@ def view_cache_dependencies
       self.class._view_cache_dependencies.map { |dep| instance_exec(&dep) }.compact
     end
 
-    protected
+    private
       # Convenience accessor.
-      def cache(key, options = {}, &block)
+      def cache(key, options = {}, &block) # :doc:
         if cache_configured?
           cache_store.fetch(ActiveSupport::Cache.expand_cache_key(key, :controller), options, &block)
         else

actionpack/lib/abstract_controller/collector.rb

@@ -19,7 +19,7 @@ def #{sym}(*args, &block)
       generate_method_for_mime(mime) unless instance_methods.include?(mime.to_sym)
     end
 
-  protected
+  private
 
     def method_missing(symbol, &block)
       unless mime_constant = Mime[symbol]

actionpack/lib/action_controller/metal/data_streaming.rb

@@ -11,7 +11,7 @@ module DataStreaming
     DEFAULT_SEND_FILE_TYPE        = "application/octet-stream".freeze #:nodoc:
     DEFAULT_SEND_FILE_DISPOSITION = "attachment".freeze #:nodoc:
 
-    protected
+    private
       # Sends the file. This uses a server-appropriate method (such as X-Sendfile)
       # via the Rack::Sendfile middleware. The header to use is set via
       # +config.action_dispatch.x_sendfile_header+.
@@ -108,7 +108,6 @@ def send_data(data, options = {}) #:doc:
         render options.slice(:status, :content_type).merge(body: data)
       end
 
-    private
       def send_file_headers!(options)
         type_provided = options.has_key?(:type)
 

actionpack/lib/action_controller/metal/flash.rb

@@ -42,7 +42,7 @@ def add_flash_types(*types)
       end
     end
 
-    protected
+    private
       def redirect_to(options = {}, response_status_and_flash = {}) #:doc:
         self.class._flash_types.each do |flash_type|
           if type = response_status_and_flash.delete(flash_type)

actionpack/lib/action_controller/metal/http_authentication.rb

@@ -28,7 +28,7 @@ module HttpAuthentication
     #   class ApplicationController < ActionController::Base
     #     before_action :set_account, :authenticate
     #
-    #     protected
+    #     private
     #       def set_account
     #         @account = Account.find_by(url_name: request.subdomains.first)
     #       end
@@ -363,7 +363,7 @@ def opaque(secret_key)
     #   class ApplicationController < ActionController::Base
     #     before_action :set_account, :authenticate
     #
-    #     protected
+    #     private
     #       def set_account
     #         @account = Account.find_by(url_name: request.subdomains.first)
     #       end

actionpack/lib/action_controller/metal/request_forgery_protection.rb

@@ -152,7 +152,7 @@ def handle_unverified_request
           request.cookie_jar = NullCookieJar.build(request, {})
         end
 
-        protected
+        private
 
           class NullSessionHash < Rack::Session::Abstract::SessionHash #:nodoc:
             def initialize(req)
@@ -197,7 +197,7 @@ def handle_unverified_request
       end
     end
 
-    protected
+    private
       # The actual before_action that is used to verify the CSRF token.
       # Don't override this directly. Provide your own forgery protection
       # strategy instead. If you override, you'll disable same-origin
@@ -208,7 +208,7 @@ def handle_unverified_request
       # enabled on an action, this before_action flags its after_action to
       # verify that JavaScript responses are for XHR requests, ensuring they
       # follow the browser's same-origin policy.
-      def verify_authenticity_token
+      def verify_authenticity_token # :doc:
         mark_for_same_origin_verification!
 
         if !verified_request?
@@ -219,7 +219,7 @@ def verify_authenticity_token
         end
       end
 
-      def handle_unverified_request
+      def handle_unverified_request # :doc:
         forgery_protection_strategy.new(self).handle_unverified_request
       end
 
@@ -233,7 +233,7 @@ def handle_unverified_request
       # If `verify_authenticity_token` was run (indicating that we have
       # forgery protection enabled for this request) then also verify that
       # we aren't serving an unauthorized cross-origin response.
-      def verify_same_origin_request
+      def verify_same_origin_request # :doc:
         if marked_for_same_origin_verification? && non_xhr_javascript_response?
           if logger && log_warning_on_csrf_failure
             logger.warn CROSS_ORIGIN_JAVASCRIPT_WARNING
@@ -243,18 +243,18 @@ def verify_same_origin_request
       end
 
       # GET requests are checked for cross-origin JavaScript after rendering.
-      def mark_for_same_origin_verification!
+      def mark_for_same_origin_verification! # :doc:
         @marked_for_same_origin_verification = request.get?
       end
 
       # If the `verify_authenticity_token` before_action ran, verify that
       # JavaScript responses are only served to same-origin GET requests.
-      def marked_for_same_origin_verification?
+      def marked_for_same_origin_verification? # :doc:
         @marked_for_same_origin_verification ||= false
       end
 
       # Check for cross-origin JavaScript responses.
-      def non_xhr_javascript_response?
+      def non_xhr_javascript_response? # :doc:
         content_type =~ %r(\Atext/javascript) && !request.xhr?
       end
 
@@ -265,20 +265,20 @@ def non_xhr_javascript_response?
       # * Is it a GET or HEAD request?  Gets should be safe and idempotent
       # * Does the form_authenticity_token match the given token value from the params?
       # * Does the X-CSRF-Token header match the form_authenticity_token
-      def verified_request?
+      def verified_request? # :doc:
         !protect_against_forgery? || request.get? || request.head? ||
           (valid_request_origin? && any_authenticity_token_valid?)
       end
 
       # Checks if any of the authenticity tokens from the request are valid.
-      def any_authenticity_token_valid?
+      def any_authenticity_token_valid? # :doc:
         request_authenticity_tokens.any? do |token|
           valid_authenticity_token?(session, token)
         end
       end
 
       # Possible authenticity tokens sent in the request.
-      def request_authenticity_tokens
+      def request_authenticity_tokens # :doc:
         [form_authenticity_param, request.x_csrf_token]
       end
 
@@ -290,7 +290,7 @@ def form_authenticity_token(form_options: {})
       # Creates a masked version of the authenticity token that varies
       # on each request. The masking is used to mitigate SSL attacks
       # like BREACH.
-      def masked_authenticity_token(session, form_options: {})
+      def masked_authenticity_token(session, form_options: {}) # :doc:
         action, method = form_options.values_at(:action, :method)
 
         raw_token = if per_form_csrf_tokens && action && method
@@ -309,7 +309,7 @@ def masked_authenticity_token(session, form_options: {})
       # Checks the client's masked token to see if it matches the
       # session token. Essentially the inverse of
       # +masked_authenticity_token+.
-      def valid_authenticity_token?(session, encoded_masked_token)
+      def valid_authenticity_token?(session, encoded_masked_token) # :doc:
         if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
           return false
         end
@@ -340,7 +340,7 @@ def valid_authenticity_token?(session, encoded_masked_token)
         end
       end
 
-      def unmask_token(masked_token)
+      def unmask_token(masked_token) # :doc:
         # Split the token into the one-time pad and the encrypted
         # value and decrypt it
         one_time_pad = masked_token[0...AUTHENTICITY_TOKEN_LENGTH]
@@ -348,11 +348,11 @@ def unmask_token(masked_token)
         xor_byte_strings(one_time_pad, encrypted_csrf_token)
       end
 
-      def compare_with_real_token(token, session)
+      def compare_with_real_token(token, session) # :doc:
         ActiveSupport::SecurityUtils.secure_compare(token, real_csrf_token(session))
       end
 
-      def valid_per_form_csrf_token?(token, session)
+      def valid_per_form_csrf_token?(token, session) # :doc:
         if per_form_csrf_tokens
           correct_token = per_form_csrf_token(
             session,
@@ -366,12 +366,12 @@ def valid_per_form_csrf_token?(token, session)
         end
       end
 
-      def real_csrf_token(session)
+      def real_csrf_token(session) # :doc:
         session[:_csrf_token] ||= SecureRandom.base64(AUTHENTICITY_TOKEN_LENGTH)
         Base64.strict_decode64(session[:_csrf_token])
       end
 
-      def per_form_csrf_token(session, action_path, method)
+      def per_form_csrf_token(session, action_path, method) # :doc:
         OpenSSL::HMAC.digest(
           OpenSSL::Digest::SHA256.new,
           real_csrf_token(session),
@@ -379,25 +379,25 @@ def per_form_csrf_token(session, action_path, method)
         )
       end
 
-      def xor_byte_strings(s1, s2)
+      def xor_byte_strings(s1, s2) # :doc:
         s2_bytes = s2.bytes
         s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 }
         s2_bytes.pack("C*")
       end
 
       # The form's authenticity parameter. Override to provide your own.
-      def form_authenticity_param
+      def form_authenticity_param # :doc:
         params[request_forgery_protection_token]
       end
 
       # Checks if the controller allows forgery protection.
-      def protect_against_forgery?
+      def protect_against_forgery? # :doc:
         allow_forgery_protection
       end
 
       # Checks if the request originated from the same origin by looking at the
       # Origin header.
-      def valid_request_origin?
+      def valid_request_origin? # :doc:
         if forgery_protection_origin_check
           # We accept blank origin headers because some user agents don't send it.
           request.origin.nil? || request.origin == request.base_url
@@ -406,7 +406,7 @@ def valid_request_origin?
         end
       end
 
-      def normalize_action_path(action_path)
+      def normalize_action_path(action_path) # :doc:
         uri = URI.parse(action_path)
         uri.path.chomp("/")
       end

actionpack/lib/action_controller/metal/streaming.rb

@@ -193,10 +193,10 @@ module ActionController #:nodoc:
   module Streaming
     extend ActiveSupport::Concern
 
-    protected
+    private
 
       # Set proper cache control and transfer encoding when streaming
-      def _process_options(options) #:nodoc:
+      def _process_options(options)
         super
         if options[:stream]
           if request.version == "HTTP/1.0"
@@ -210,7 +210,7 @@ def _process_options(options) #:nodoc:
       end
 
       # Call render_body if we are streaming instead of usual +render+.
-      def _render_template(options) #:nodoc:
+      def _render_template(options)
         if options.delete(:stream)
           Rack::Chunked::Body.new view_renderer.render_body(view_context, options)
         else

actionpack/lib/action_dispatch/http/filter_parameters.rb

@@ -51,28 +51,28 @@ def filtered_path
         @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
       end
 
-    protected
+    private
 
-      def parameter_filter
+      def parameter_filter # :doc:
         parameter_filter_for fetch_header("action_dispatch.parameter_filter") {
           return NULL_PARAM_FILTER
         }
       end
 
-      def env_filter
+      def env_filter # :doc:
         user_key = fetch_header("action_dispatch.parameter_filter") {
           return NULL_ENV_FILTER
         }
         parameter_filter_for(Array(user_key) + ENV_MATCH)
       end
 
-      def parameter_filter_for(filters)
+      def parameter_filter_for(filters) # :doc:
         ParameterFilter.new(filters)
       end
 
       KV_RE   = "[^&;=]+"
       PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
-      def filtered_query_string
+      def filtered_query_string # :doc:
         query_string.gsub(PAIR_RE) do |_|
           parameter_filter.filter([[$1, $2]]).first.join("=")
         end

actionpack/lib/action_dispatch/http/mime_negotiation.rb

@@ -150,20 +150,20 @@ def negotiate_mime(order)
         order.include?(Mime::ALL) ? format : nil
       end
 
-      protected
+      private
 
         BROWSER_LIKE_ACCEPTS = /,\s*\*\/\*|\*\/\*\s*,/
 
-        def valid_accept_header
+        def valid_accept_header # :doc:
           (xhr? && (accept.present? || content_mime_type)) ||
             (accept.present? && accept !~ BROWSER_LIKE_ACCEPTS)
         end
 
-        def use_accept_header
+        def use_accept_header # :doc:
           !self.class.ignore_accept_header
         end
 
-        def format_from_path_extension
+        def format_from_path_extension # :doc:
           path = get_header("action_dispatch.original_path") || get_header("PATH_INFO")
           if match = path && path.match(/\.(\w+)\z/)
             Mime[match.captures.first]

actionpack/lib/action_dispatch/journey/router/utils.rb

@@ -58,12 +58,12 @@ def unescape_uri(uri)
             uri.gsub(ESCAPED) { |match| [match[1, 2].hex].pack("C") }.force_encoding(encoding)
           end
 
-          protected
-            def escape(component, pattern)
+          private
+            def escape(component, pattern) # :doc:
               component.gsub(pattern) { |unsafe| percent_encode(unsafe) }.force_encoding(US_ASCII)
             end
 
-            def percent_encode(unsafe)
+            def percent_encode(unsafe) # :doc:
               safe = EMPTY.dup
               unsafe.each_byte { |b| safe << DEC2HEX[b] }
               safe

actionpack/lib/action_dispatch/middleware/flash.rb

@@ -281,7 +281,8 @@ def now_is_loaded?
           @now
         end
 
-        def stringify_array(array)
+      private
+        def stringify_array(array) # :doc:
           array.map do |item|
             item.kind_of?(Symbol) ? item.to_s : item
           end

actionpack/lib/action_dispatch/middleware/remote_ip.rb

@@ -153,9 +153,9 @@ def to_s
         @ip ||= calculate_ip
       end
 
-    protected
+    private
 
-      def ips_from(header)
+      def ips_from(header) # :doc:
         return [] unless header
         # Split the comma-separated list into an array of strings
         ips = header.strip.split(/[,\s]+/)
@@ -171,7 +171,7 @@ def ips_from(header)
         end
       end
 
-      def filter_proxies(ips)
+      def filter_proxies(ips) # :doc:
         ips.reject do |ip|
           @proxies.any? { |proxy| proxy === ip }
         end

actionpack/lib/action_dispatch/middleware/session/abstract_store.rb

@@ -27,17 +27,16 @@ def generate_sid
         sid
       end
 
-    protected
+    private
 
-      def initialize_sid
+      def initialize_sid # :doc:
         @default_options.delete(:sidbits)
         @default_options.delete(:secure_random)
       end
 
-      private
-        def make_request(env)
-          ActionDispatch::Request.new env
-        end
+      def make_request(env)
+        ActionDispatch::Request.new env
+      end
     end
 
     module StaleSessionCheck

actionpack/lib/action_dispatch/routing/mapper.rb

@@ -1619,13 +1619,13 @@ def root(path, options = {})
           end
         end
 
-        protected
+        private
 
-          def parent_resource #:nodoc:
+          def parent_resource
             @scope[:scope_level_resource]
           end
 
-          def apply_common_behavior_for(method, resources, options, &block) #:nodoc:
+          def apply_common_behavior_for(method, resources, options, &block)
             if resources.length > 1
               resources.each { |r| send(method, r, options, &block) }
               return true
@@ -1658,39 +1658,39 @@ def apply_common_behavior_for(method, resources, options, &block) #:nodoc:
             false
           end
 
-          def apply_action_options(options) # :nodoc:
+          def apply_action_options(options)
             return options if action_options? options
             options.merge scope_action_options
           end
 
-          def action_options?(options) #:nodoc:
+          def action_options?(options)
             options[:only] || options[:except]
           end
 
-          def scope_action_options #:nodoc:
+          def scope_action_options
             @scope[:action_options] || {}
           end
 
-          def resource_scope? #:nodoc:
+          def resource_scope?
             @scope.resource_scope?
           end
 
-          def resource_method_scope? #:nodoc:
+          def resource_method_scope?
             @scope.resource_method_scope?
           end
 
-          def nested_scope? #:nodoc:
+          def nested_scope?
             @scope.nested?
           end
 
-          def with_scope_level(kind)
+          def with_scope_level(kind) # :doc:
             @scope = @scope.new_level(kind)
             yield
           ensure
             @scope = @scope.parent
           end
 
-          def resource_scope(resource) #:nodoc:
+          def resource_scope(resource)
             @scope = @scope.new(scope_level_resource: resource)
 
             controller(resource.resource_scope) { yield }
@@ -1698,7 +1698,7 @@ def resource_scope(resource) #:nodoc:
             @scope = @scope.parent
           end
 
-          def nested_options #:nodoc:
+          def nested_options
             options = { as: parent_resource.member_name }
             options[:constraints] = {
               parent_resource.nested_param => param_constraint
@@ -1707,25 +1707,25 @@ def nested_options #:nodoc:
             options
           end
 
-          def shallow_nesting_depth #:nodoc:
+          def shallow_nesting_depth
             @scope.find_all { |node|
               node.frame[:scope_level_resource]
             }.count { |node| node.frame[:scope_level_resource].shallow? }
           end
 
-          def param_constraint? #:nodoc:
+          def param_constraint?
             @scope[:constraints] && @scope[:constraints][parent_resource.param].is_a?(Regexp)
           end
 
-          def param_constraint #:nodoc:
+          def param_constraint
             @scope[:constraints][parent_resource.param]
           end
 
-          def canonical_action?(action) #:nodoc:
+          def canonical_action?(action)
             resource_method_scope? && CANONICAL_ACTIONS.include?(action.to_s)
           end
 
-          def shallow_scope #:nodoc:
+          def shallow_scope
             scope = { as: @scope[:shallow_prefix],
                       path: @scope[:shallow_path] }
             @scope = @scope.new scope
@@ -1735,7 +1735,7 @@ def shallow_scope #:nodoc:
             @scope = @scope.parent
           end
 
-          def path_for_action(action, path) #:nodoc:
+          def path_for_action(action, path)
             return "#{@scope[:path]}/#{path}" if path
 
             if canonical_action?(action)
@@ -1745,11 +1745,11 @@ def path_for_action(action, path) #:nodoc:
             end
           end
 
-          def action_path(name) #:nodoc:
+          def action_path(name)
             @scope[:path_names][name.to_sym] || name
           end
 
-          def prefix_name_for_action(as, action) #:nodoc:
+          def prefix_name_for_action(as, action)
             if as
               prefix = as
             elsif !canonical_action?(action)
@@ -1761,7 +1761,7 @@ def prefix_name_for_action(as, action) #:nodoc:
             end
           end
 
-          def name_for_action(as, action) #:nodoc:
+          def name_for_action(as, action)
             prefix = prefix_name_for_action(as, action)
             name_prefix = @scope[:as]
 
@@ -1787,7 +1787,7 @@ def name_for_action(as, action) #:nodoc:
             end
           end
 
-          def set_member_mappings_for_resource
+          def set_member_mappings_for_resource # :doc:
             member do
               get :edit if parent_resource.actions.include?(:edit)
               get :show if parent_resource.actions.include?(:show)
@@ -1799,12 +1799,10 @@ def set_member_mappings_for_resource
             end
           end
 
-          def api_only?
+          def api_only? # :doc:
             @set.api_only?
           end
 
-        private
-
           def path_scope(path)
             @scope = @scope.new(path: merge_path_scope(@scope[:path], path))
             yield

actionpack/lib/action_dispatch/routing/url_for.rb

@@ -198,14 +198,16 @@ def optimize_routes_generation?
           _routes.optimize_routes_generation? && default_url_options.empty?
         end
 
-        def _with_routes(routes)
+      private
+
+        def _with_routes(routes) # :doc:
           old_routes, @_routes = @_routes, routes
           yield
         ensure
           @_routes = old_routes
         end
 
-        def _routes_context
+        def _routes_context # :doc:
           self
         end
     end