aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoshua Peek <josh@joshpeek.com>2010-01-30 15:42:30 -0600
committerJoshua Peek <josh@joshpeek.com>2010-01-30 15:42:30 -0600
commit9c2c307ee48b91177c3e1cb8831afe4f972d19eb (patch)
tree82aadaceabadbe18546b9f62976ff385711546f9
parent779094a6024c762b3dfb60db7efb1d5d7f0c4ddc (diff)
downloadrails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.tar.gz
rails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.tar.bz2
rails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.zip
Move form_remote_tag and remote_form_for into prototype_legacy_helper
-rw-r--r--actionpack/lib/action_view/helpers/prototype_helper.rb109
-rw-r--r--actionpack/test/controller/request_forgery_protection_test.rb45
-rw-r--r--actionpack/test/template/form_helper_test.rb29
-rw-r--r--actionpack/test/template/prototype_helper_test.rb100
4 files changed, 18 insertions, 265 deletions
diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb
index 818412c345..1fa2fed460 100644
--- a/actionpack/lib/action_view/helpers/prototype_helper.rb
+++ b/actionpack/lib/action_view/helpers/prototype_helper.rb
@@ -102,115 +102,6 @@ module ActionView
:form, :with, :update, :script, :type ]).merge(CALLBACKS)
end
- # Returns a form tag that will submit using XMLHttpRequest in the
- # background instead of the regular reloading POST arrangement. Even
- # though it's using JavaScript to serialize the form elements, the form
- # submission will work just like a regular submission as viewed by the
- # receiving side (all elements available in <tt>params</tt>). The options for
- # specifying the target with <tt>:url</tt> and defining callbacks is the same as
- # +link_to_remote+.
- #
- # A "fall-through" target for browsers that doesn't do JavaScript can be
- # specified with the <tt>:action</tt>/<tt>:method</tt> options on <tt>:html</tt>.
- #
- # Example:
- # # Generates:
- # # <form action="/some/place" method="post" onsubmit="new Ajax.Request('',
- # # {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">
- # form_remote_tag :html => { :action =>
- # url_for(:controller => "some", :action => "place") }
- #
- # The Hash passed to the <tt>:html</tt> key is equivalent to the options (2nd)
- # argument in the FormTagHelper.form_tag method.
- #
- # By default the fall-through action is the same as the one specified in
- # the <tt>:url</tt> (and the default method is <tt>:post</tt>).
- #
- # form_remote_tag also takes a block, like form_tag:
- # # Generates:
- # # <form action="/" method="post" onsubmit="new Ajax.Request('/',
- # # {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)});
- # # return false;"> <div><input name="commit" type="submit" value="Save" /></div>
- # # </form>
- # <% form_remote_tag :url => '/posts' do -%>
- # <div><%= submit_tag 'Save' %></div>
- # <% end -%>
- def form_remote_tag(options = {}, &block)
- options[:form] = true
-
- options[:html] ||= {}
- options[:html][:onsubmit] =
- (options[:html][:onsubmit] ? options[:html][:onsubmit] + "; " : "") +
- "#{remote_function(options)}; return false;"
-
- form_tag(options[:html].delete(:action) || url_for(options[:url]), options[:html], &block)
- end
-
- # Creates a form that will submit using XMLHttpRequest in the background
- # instead of the regular reloading POST arrangement and a scope around a
- # specific resource that is used as a base for questioning about
- # values for the fields.
- #
- # === Resource
- #
- # Example:
- # <% remote_form_for(@post) do |f| %>
- # ...
- # <% end %>
- #
- # This will expand to be the same as:
- #
- # <% remote_form_for :post, @post, :url => post_path(@post), :html => { :method => :put, :class => "edit_post", :id => "edit_post_45" } do |f| %>
- # ...
- # <% end %>
- #
- # === Nested Resource
- #
- # Example:
- # <% remote_form_for([@post, @comment]) do |f| %>
- # ...
- # <% end %>
- #
- # This will expand to be the same as:
- #
- # <% remote_form_for :comment, @comment, :url => post_comment_path(@post, @comment), :html => { :method => :put, :class => "edit_comment", :id => "edit_comment_45" } do |f| %>
- # ...
- # <% end %>
- #
- # If you don't need to attach a form to a resource, then check out form_remote_tag.
- #
- # See FormHelper#form_for for additional semantics.
- def remote_form_for(record_or_name_or_array, *args, &proc)
- options = args.extract_options!
-
- case record_or_name_or_array
- when String, Symbol
- object_name = record_or_name_or_array
- when Array
- object = record_or_name_or_array.last
- object_name = ActionController::RecordIdentifier.singular_class_name(object)
- apply_form_for_options!(record_or_name_or_array, options)
- args.unshift object
- else
- object = record_or_name_or_array
- object_name = ActionController::RecordIdentifier.singular_class_name(record_or_name_or_array)
- apply_form_for_options!(object, options)
- args.unshift object
- end
-
- concat(form_remote_tag(options))
- fields_for(object_name, *(args << options), &proc)
- concat('</form>'.html_safe!)
- end
- alias_method :form_remote_for, :remote_form_for
-
- # Returns '<tt>eval(request.responseText)</tt>' which is the JavaScript function
- # that +form_remote_tag+ can call in <tt>:complete</tt> to evaluate a multiple
- # update return document using +update_element_function+ calls.
- def evaluate_remote_response
- "eval(request.responseText)"
- end
-
# Returns the JavaScript needed for a remote function.
# Takes the same arguments as link_to_remote.
#
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 09003adf73..b2a0e2e2a3 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -6,14 +6,10 @@ module RequestForgeryProtectionActions
def index
render :inline => "<%= form_tag('/') {} %>"
end
-
+
def show_button
render :inline => "<%= button_to('New', '/') {} %>"
end
-
- def remote_form
- render :inline => "<% form_remote_tag(:url => '/') {} %>"
- end
def unsafe
render :text => 'pwn'
@@ -30,11 +26,11 @@ end
class FreeCookieController < RequestForgeryProtectionController
self.allow_forgery_protection = false
-
+
def index
render :inline => "<%= form_tag('/') {} %>"
end
-
+
def show_button
render :inline => "<%= button_to('New', '/') {} %>"
end
@@ -65,11 +61,6 @@ module RequestForgeryProtectionTests
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
end
- def test_should_render_remote_form_with_only_one_token_parameter
- get :remote_form
- assert_equal 1, @response.body.scan(@token).size
- end
-
def test_should_allow_get
get :index
assert_response :success
@@ -84,12 +75,12 @@ module RequestForgeryProtectionTests
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
assert_raise(ActionController::InvalidAuthenticityToken) { post :index, :format => :html }
end
-
+
def test_should_not_allow_html_put_without_token
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
assert_raise(ActionController::InvalidAuthenticityToken) { put :index, :format => :html }
end
-
+
def test_should_not_allow_html_delete_without_token
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
assert_raise(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html }
@@ -154,51 +145,51 @@ module RequestForgeryProtectionTests
delete :index, :format => 'xml'
end
end
-
+
def test_should_allow_xhr_post_without_token
assert_nothing_raised { xhr :post, :index }
end
-
+
def test_should_allow_xhr_put_without_token
assert_nothing_raised { xhr :put, :index }
end
-
+
def test_should_allow_xhr_delete_without_token
assert_nothing_raised { xhr :delete, :index }
end
-
+
def test_should_allow_xhr_post_with_encoded_form_content_type_without_token
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
assert_nothing_raised { xhr :post, :index }
end
-
+
def test_should_allow_post_with_token
post :index, :authenticity_token => @token
assert_response :success
end
-
+
def test_should_allow_put_with_token
put :index, :authenticity_token => @token
assert_response :success
end
-
+
def test_should_allow_delete_with_token
delete :index, :authenticity_token => @token
assert_response :success
end
-
+
def test_should_allow_post_with_xml
@request.env['CONTENT_TYPE'] = Mime::XML.to_s
post :index, :format => 'xml'
assert_response :success
end
-
+
def test_should_allow_put_with_xml
@request.env['CONTENT_TYPE'] = Mime::XML.to_s
put :index, :format => 'xml'
assert_response :success
end
-
+
def test_should_allow_delete_with_xml
@request.env['CONTENT_TYPE'] = Mime::XML.to_s
delete :index, :format => 'xml'
@@ -231,17 +222,17 @@ class FreeCookieControllerTest < ActionController::TestCase
ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
end
-
+
def test_should_not_render_form_with_token_tag
get :index
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false
end
-
+
def test_should_not_render_button_to_with_token_tag
get :show_button
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false
end
-
+
def test_should_allow_all_methods_without_token
[:post, :put, :delete].each do |method|
assert_nothing_raised { send(method, :index)}
diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb
index 0c5c5d17ee..c97343fbe5 100644
--- a/actionpack/test/template/form_helper_test.rb
+++ b/actionpack/test/template/form_helper_test.rb
@@ -1230,26 +1230,6 @@ class FormHelperTest < ActionView::TestCase
end
- # Perhaps this test should be moved to prototype helper tests.
- def test_remote_form_for_with_labelled_builder
- self.extend ActionView::Helpers::PrototypeHelper
-
- remote_form_for(:post, @post, :builder => LabelledFormBuilder) do |f|
- concat f.text_field(:title)
- concat f.text_area(:body)
- concat f.check_box(:secret)
- end
-
- expected =
- %(<form action="http://www.example.com" onsubmit="new Ajax.Request('http://www.example.com', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" method="post">) +
- "<label for='title'>Title:</label> <input name='post[title]' size='30' type='text' id='post_title' value='Hello World' /><br/>" +
- "<label for='body'>Body:</label> <textarea name='post[body]' id='post_body' rows='20' cols='40'>Back to the hill and over it again!</textarea><br/>" +
- "<label for='secret'>Secret:</label> <input name='post[secret]' type='hidden' value='0' /><input name='post[secret]' checked='checked' type='checkbox' id='post_secret' value='1' /><br/>" +
- "</form>"
-
- assert_dom_equal expected, output_buffer
- end
-
def test_fields_for_with_labelled_builder
fields_for(:post, @post, :builder => LabelledFormBuilder) do |f|
concat f.text_field(:title)
@@ -1396,15 +1376,6 @@ class FormHelperTest < ActionView::TestCase
assert_equal expected, output_buffer
end
- def test_remote_form_for_with_html_options_adds_options_to_form_tag
- self.extend ActionView::Helpers::PrototypeHelper
-
- remote_form_for(:post, @post, :html => {:id => 'some_form', :class => 'some_class'}) do |f| end
- expected = "<form action=\"http://www.example.com\" class=\"some_class\" id=\"some_form\" method=\"post\" onsubmit=\"new Ajax.Request('http://www.example.com', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\"></form>"
-
- assert_dom_equal expected, output_buffer
- end
-
protected
def comments_path(post)
"/posts/#{post.id}/comments"
diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb
index 51a03d25a4..d95bdc2b90 100644
--- a/actionpack/test/template/prototype_helper_test.rb
+++ b/actionpack/test/template/prototype_helper_test.rb
@@ -82,106 +82,6 @@ class PrototypeHelperTest < PrototypeHelperBaseTest
super
end
- def test_form_remote_tag
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast })
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">),
- form_remote_tag(:update => { :success => "glass_of_beer" }, :url => { :action => :fast })
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">),
- form_remote_tag(:update => { :failure => "glass_of_water" }, :url => { :action => :fast })
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer',failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">),
- form_remote_tag(:update => { :success => 'glass_of_beer', :failure => "glass_of_water" }, :url => { :action => :fast })
- end
-
- def test_form_remote_tag_with_method
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\"><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div>),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, :html => { :method => :put })
- end
-
- def test_form_remote_tag_with_block_in_erb
- __in_erb_template = ''
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }) { concat "Hello world!" }
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">Hello world!</form>), output_buffer
- end
-
- def test_remote_form_for_with_record_identification_with_new_record
- remote_form_for(@record, {:html => { :id => 'create-author' }}) {}
-
- expected = %(<form action='#{authors_path}' onsubmit="new Ajax.Request('#{authors_path}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_author' id='create-author' method='post'></form>)
- assert_dom_equal expected, output_buffer
- end
-
- def test_remote_form_for_with_record_identification_without_html_options
- remote_form_for(@record) {}
-
- expected = %(<form action='#{authors_path}' onsubmit="new Ajax.Request('#{authors_path}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_author' method='post' id='new_author'></form>)
- assert_dom_equal expected, output_buffer
- end
-
- def test_remote_form_for_with_record_identification_with_existing_record
- @record.save
- remote_form_for(@record) {}
-
- expected = %(<form action='#{author_path(@record)}' id='edit_author_1' method='post' onsubmit="new Ajax.Request('#{author_path(@record)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='edit_author'><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div></form>)
- assert_dom_equal expected, output_buffer
- end
-
- def test_remote_form_for_with_new_object_in_list
- remote_form_for([@author, @article]) {}
-
- expected = %(<form action='#{author_articles_path(@author)}' onsubmit="new Ajax.Request('#{author_articles_path(@author)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_article' method='post' id='new_article'></form>)
- assert_dom_equal expected, output_buffer
- end
-
- def test_remote_form_for_with_existing_object_in_list
- @author.save
- @article.save
- remote_form_for([@author, @article]) {}
-
- expected = %(<form action='#{author_article_path(@author, @article)}' id='edit_article_1' method='post' onsubmit="new Ajax.Request('#{author_article_path(@author, @article)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='edit_article'><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div></form>)
- assert_dom_equal expected, output_buffer
- end
-
- def test_on_callbacks
- callbacks = [:uninitialized, :loading, :loaded, :interactive, :complete, :success, :failure]
- callbacks.each do |callback|
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();")
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => { :success => "glass_of_beer" }, :url => { :action => :fast }, callback=>"monkeys();")
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({failure:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => { :failure => "glass_of_beer" }, :url => { :action => :fast }, callback=>"monkeys();")
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer',failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => { :success => "glass_of_beer", :failure => "glass_of_water" }, :url => { :action => :fast }, callback=>"monkeys();")
- end
-
- #HTTP status codes 200 up to 599 have callbacks
- #these should work
- 100.upto(599) do |callback|
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();")
- end
-
- #test 200 and 404
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on200:function(request){monkeys();}, on404:function(request){bananas();}, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, 200=>"monkeys();", 404=>"bananas();")
-
- #these shouldn't
- 1.upto(99) do |callback|
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();")
- end
- 600.upto(999) do |callback|
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();")
- end
-
- #test ultimate combo
- assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on200:function(request){monkeys();}, on404:function(request){bananas();}, onComplete:function(request){c();}, onFailure:function(request){f();}, onLoading:function(request){c1()}, onSuccess:function(request){s()}, parameters:Form.serialize(this)}); return false;\">),
- form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, :loading => "c1()", :success => "s()", :failure => "f();", :complete => "c();", 200=>"monkeys();", 404=>"bananas();")
-
- end
-
def test_update_page
old_output_buffer = output_buffer