require 'abstract_unit'
class RedirectController < ActionController::Base
# empty method not used anywhere to ensure methods like
# `status` and `location` aren't called on `redirect_to` calls
def status; render plain: 'called status'; end
def location; render plain: 'called location'; end
def simple_redirect
redirect_to :action => "hello_world"
end
def redirect_with_status
redirect_to({:action => "hello_world", :status => 301})
end
def redirect_with_status_hash
redirect_to({:action => "hello_world"}, {:status => 301})
end
def redirect_with_protocol
redirect_to :action => "hello_world", :protocol => "https"
end
def url_redirect_with_status
redirect_to("http://www.example.com", :status => :moved_permanently)
end
def url_redirect_with_status_hash
redirect_to("http://www.example.com", {:status => 301})
end
def relative_url_redirect_with_status
redirect_to("/things/stuff", :status => :found)
end
def relative_url_redirect_with_status_hash
redirect_to("/things/stuff", {:status => 301})
end
def redirect_to_back_with_status
redirect_to :back, :status => 307
end
def redirect_back_with_status
redirect_back(fallback_location: "/things/stuff", status: 307)
end
def host_redirect
redirect_to :action => "other_host", :only_path => false, :host => 'other.test.host'
end
def module_redirect
redirect_to :controller => 'module_test/module_redirect', :action => "hello_world"
end
def redirect_to_url
redirect_to "http://www.rubyonrails.org/"
end
def redirect_to_url_with_unescaped_query_string
redirect_to "http://example.com/query?status=new"
end
def redirect_to_url_with_complex_scheme
redirect_to "x-test+scheme.complex:redirect"
end
def redirect_to_url_with_network_path_reference
redirect_to "//www.rubyonrails.org/"
end
def redirect_to_back
redirect_to :back
end
def redirect_to_existing_record
redirect_to Workshop.new(5)
end
def redirect_to_new_record
redirect_to Workshop.new(nil)
end
def redirect_to_nil
redirect_to nil
end
def redirect_to_params
redirect_to ActionController::Parameters.new(status: 200, protocol: 'javascript', f: '%0Aeval(name)')
end
def redirect_to_with_block
redirect_to proc { "http://www.rubyonrails.org/" }
end
def redirect_to_with_block_and_assigns
@url = "http://www.rubyonrails.org/"
redirect_to proc { @url }
end
def redirect_to_with_block_and_options
redirect_to proc { {:action => "hello_world"} }
end
def redirect_with_header_break
redirect_to "/lol\r\nwat"
end
def redirect_with_null_bytes
redirect_to "\000/lol\r\nwat"
end
def rescue_errors(e) raise e end
protected
def dashbord_url(id, message)
url_for :action => "dashboard", :params => { "id" => id, "message" => message }
end
end
class RedirectTest < ActionController::TestCase
tests RedirectController
def test_simple_redirect
get :simple_redirect
assert_response :redirect
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
def test_redirect_with_header_break
get :redirect_with_header_break
assert_response :redirect
assert_equal "http://test.host/lolwat", redirect_to_url
end
def test_redirect_with_null_bytes
get :redirect_with_null_bytes
assert_response :redirect
assert_equal "http://test.host/lolwat", redirect_to_url
end
def test_redirect_with_no_status
get :simple_redirect
assert_response 302
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
def test_redirect_with_status
get :redirect_with_status
assert_response 301
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
def test_redirect_with_status_hash
get :redirect_with_status_hash
assert_response 301
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
def test_redirect_with_protocol
get :redirect_with_protocol
assert_response 302
assert_equal "https://test.host/redirect/hello_world", redirect_to_url
end
def test_url_redirect_with_status
get :url_redirect_with_status
assert_response 301
assert_equal "http://www.example.com", redirect_to_url
end
def test_url_redirect_with_status_hash
get :url_redirect_with_status_hash
assert_response 301
assert_equal "http://www.example.com", redirect_to_url
end
def test_relative_url_redirect_with_status
get :relative_url_redirect_with_status
assert_response 302
assert_equal "http://test.host/things/stuff", redirect_to_url
end
def test_relative_url_redirect_with_status_hash
get :relative_url_redirect_with_status_hash
assert_response 301
assert_equal "http://test.host/things/stuff", redirect_to_url
end
def test_redirect_to_back_with_status
@request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
assert_deprecated do
get :redirect_to_back_with_status
end
assert_response 307
assert_equal "http://www.example.com/coming/from", redirect_to_url
end
def test_simple_redirect_using_options
get :host_redirect
assert_response :redirect
assert_redirected_to :action => "other_host", :only_path => false, :host => 'other.test.host'
end
def test_module_redirect
get :module_redirect
assert_response :redirect
assert_redirected_to "http://test.host/module_test/module_redirect/hello_world"
end
def test_module_redirect_using_options
get :module_redirect
assert_response :redirect
assert_redirected_to :controller => 'module_test/module_redirect', :action => 'hello_world'
end
def test_redirect_to_url
get :redirect_to_url
assert_response :redirect
assert_redirected_to "http://www.rubyonrails.org/"
end
def test_redirect_to_url_with_unescaped_query_string
get :redirect_to_url_with_unescaped_query_string
assert_response :redirect
assert_redirected_to "http://example.com/query?status=new"
end
def test_redirect_to_url_with_complex_scheme
get :redirect_to_url_with_complex_scheme
assert_response :redirect
assert_equal "x-test+scheme.complex:redirect", redirect_to_url
end
def test_redirect_to_url_with_network_path_reference
get :redirect_to_url_with_network_path_reference
assert_response :redirect
assert_equal "//www.rubyonrails.org/", redirect_to_url
end
def test_redirect_to_back
@request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
assert_deprecated do
get :redirect_to_back
end
assert_response :redirect
assert_equal "http://www.example.com/coming/from", redirect_to_url
end
def test_redirect_to_back_with_no_referer
assert_raise(ActionController::RedirectBackError) {
@request.env["HTTP_REFERER"] = nil
assert_deprecated do
get :redirect_to_back
end
get :redirect_to_back
}
end
def test_redirect_back
referer = "http://www.example.com/coming/from"
@request.env["HTTP_REFERER"] = referer
get :redirect_back_with_status
assert_response 307
assert_equal referer, redirect_to_url
end
def test_redirect_back_with_no_referer
get :redirect_back_with_status
assert_response 307
assert_equal "http://test.host/things/stuff", redirect_to_url
end
def test_redirect_to_record
with_routing do |set|
set.draw do
resources :workshops
get ':controller/:action'
end
get :redirect_to_existing_record
assert_equal "http://test.host/workshops/5", redirect_to_url
assert_redirected_to Workshop.new(5)
get :redirect_to_new_record
assert_equal "http://test.host/workshops", redirect_to_url
assert_redirected_to Workshop.new(nil)
end
end
def test_redirect_to_nil
error = assert_raise(ActionController::ActionControllerError) do
get :redirect_to_nil
end
assert_equal "Cannot redirect to nil!", error.message
end
def test_redirect_to_params
error = assert_raise(ArgumentError) do
get :redirect_to_params
end
assert_equal "Generating a URL from non sanitized request parameters is insecure!", error.message
end
def test_redirect_to_with_block
get :redirect_to_with_block
assert_response :redirect
assert_redirected_to "http://www.rubyonrails.org/"
end
def test_redirect_to_with_block_and_assigns
get :redirect_to_with_block_and_assigns
assert_response :redirect
assert_redirected_to "http://www.rubyonrails.org/"
end
def test_redirect_to_with_block_and_accepted_options
with_routing do |set|
set.draw do
get ':controller/:action'
end
get :redirect_to_with_block_and_options
assert_response :redirect
assert_redirected_to "http://test.host/redirect/hello_world"
end
end
end
module ModuleTest
class ModuleRedirectController < ::RedirectController
def module_redirect
redirect_to :controller => '/redirect', :action => "hello_world"
end
end
class ModuleRedirectTest < ActionController::TestCase
tests ModuleRedirectController
def test_simple_redirect
get :simple_redirect
assert_response :redirect
assert_equal "http://test.host/module_test/module_redirect/hello_world", redirect_to_url
end
def test_simple_redirect_using_options
get :host_redirect
assert_response :redirect
assert_redirected_to :action => "other_host", :only_path => false, :host => 'other.test.host'
end
def test_module_redirect
get :module_redirect
assert_response :redirect
assert_equal "http://test.host/redirect/hello_world", redirect_to_url
end
def test_module_redirect_using_options
get :module_redirect
assert_response :redirect
assert_redirected_to :controller => '/redirect', :action => "hello_world"
end
end
end