diff options
| author | José Valim <jose.valim@gmail.com> | 2010-04-10 11:47:20 +0200 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2010-04-10 11:47:20 +0200 |
| commit | ece157e9504e192dcc065909c86316d520992221 (patch) | |
| tree | 1650e1693a479d67168305c340d9d1989910bdbf | |
| parent | 26e05efdb6c29430c5d282870b1e236dff8465c9 (diff) | |
| download | rails-ece157e9504e192dcc065909c86316d520992221.tar.gz rails-ece157e9504e192dcc065909c86316d520992221.tar.bz2 rails-ece157e9504e192dcc065909c86316d520992221.zip | |
Move verification to a plugin as well: http://github.com/rails/verification.git
| -rw-r--r-- | actionpack/lib/action_controller.rb | 1 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/base.rb | 1 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/deprecated/base.rb | 28 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/verification.rb | 130 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/active_model_helper.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/controller/verification_test.rb | 270 |
6 files changed, 21 insertions, 413 deletions
diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index 536154fc6b..c14393dda7 100644 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -33,7 +33,6 @@ module ActionController autoload :Streaming autoload :Testing autoload :UrlFor - autoload :Verification end autoload :Dispatcher, 'action_controller/deprecated/dispatcher' diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 1dfc240029..2e94a20d9d 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -30,7 +30,6 @@ module ActionController Cookies, Flash, - Verification, RequestForgeryProtection, Streaming, RecordIdentifier, diff --git a/actionpack/lib/action_controller/deprecated/base.rb b/actionpack/lib/action_controller/deprecated/base.rb index 05551ffee4..5d9cfb153a 100644 --- a/actionpack/lib/action_controller/deprecated/base.rb +++ b/actionpack/lib/action_controller/deprecated/base.rb @@ -6,15 +6,6 @@ module ActionController deprecated_config_writer(option, message) end - # This method has been moved to ActionDispatch::Request.filter_parameters - def filter_parameter_logging(*args, &block) - ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller) - filter = Rails.application.config.filter_parameters - filter.concat(args) - filter << block if block - filter - end - def deprecated_config_reader(option, message = nil) message ||= "Reading #{option} directly from ActionController::Base is deprecated. " \ "Please read it from config.#{option}" @@ -136,6 +127,25 @@ module ActionController end end + module DeprecatedBehavior + # This method has been moved to ActionDispatch::Request.filter_parameters + def filter_parameter_logging(*args, &block) + ActiveSupport::Deprecation.warn("Setting filter_parameter_logging in ActionController is deprecated and has no longer effect, please set 'config.filter_parameters' in config/application.rb instead", caller) + filter = Rails.application.config.filter_parameters + filter.concat(args) + filter << block if block + filter + end + + # This was moved to a plugin + def verify(*args) + ActiveSupport::Deprecation.warn "verify was removed from Rails and is now available as a plugin. " << + "Please install it with `rails plugin install git://github.com/rails/verification.git`.", caller + end + end + + extend DeprecatedBehavior + deprecated_config_writer :session_store deprecated_config_writer :session_options deprecated_config_accessor :relative_url_root, "relative_url_root is ineffective. Please stop using it" diff --git a/actionpack/lib/action_controller/metal/verification.rb b/actionpack/lib/action_controller/metal/verification.rb deleted file mode 100644 index b7fc2b7421..0000000000 --- a/actionpack/lib/action_controller/metal/verification.rb +++ /dev/null @@ -1,130 +0,0 @@ -module ActionController #:nodoc: - module Verification #:nodoc: - extend ActiveSupport::Concern - - include AbstractController::Callbacks, Flash, Rendering - - # This module provides a class-level method for specifying that certain - # actions are guarded against being called without certain prerequisites - # being met. This is essentially a special kind of before_filter. - # - # An action may be guarded against being invoked without certain request - # parameters being set, or without certain session values existing. - # - # When a verification is violated, values may be inserted into the flash, and - # a specified redirection is triggered. If no specific action is configured, - # verification failures will by default result in a 400 Bad Request response. - # - # Usage: - # - # class GlobalController < ActionController::Base - # # Prevent the #update_settings action from being invoked unless - # # the 'admin_privileges' request parameter exists. The - # # settings action will be redirected to in current controller - # # if verification fails. - # verify :params => "admin_privileges", :only => :update_post, - # :redirect_to => { :action => "settings" } - # - # # Disallow a post from being updated if there was no information - # # submitted with the post, and if there is no active post in the - # # session, and if there is no "note" key in the flash. The route - # # named category_url will be redirected to if verification fails. - # - # verify :params => "post", :session => "post", "flash" => "note", - # :only => :update_post, - # :add_flash => { "alert" => "Failed to create your message" }, - # :redirect_to => :category_url - # - # Note that these prerequisites are not business rules. They do not examine - # the content of the session or the parameters. That level of validation should - # be encapsulated by your domain model or helper methods in the controller. - module ClassMethods - # Verify the given actions so that if certain prerequisites are not met, - # the user is redirected to a different action. The +options+ parameter - # is a hash consisting of the following key/value pairs: - # - # <tt>:params</tt>:: - # a single key or an array of keys that must be in the <tt>params</tt> - # hash in order for the action(s) to be safely called. - # <tt>:session</tt>:: - # a single key or an array of keys that must be in the <tt>session</tt> - # in order for the action(s) to be safely called. - # <tt>:flash</tt>:: - # a single key or an array of keys that must be in the flash in order - # for the action(s) to be safely called. - # <tt>:method</tt>:: - # a single key or an array of keys--any one of which must match the - # current request method in order for the action(s) to be safely called. - # (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for - # example.) - # <tt>:xhr</tt>:: - # true/false option to ensure that the request is coming from an Ajax - # call or not. - # <tt>:add_flash</tt>:: - # a hash of name/value pairs that should be merged into the session's - # flash if the prerequisites cannot be satisfied. - # <tt>:add_headers</tt>:: - # a hash of name/value pairs that should be merged into the response's - # headers hash if the prerequisites cannot be satisfied. - # <tt>:redirect_to</tt>:: - # the redirection parameters to be used when redirecting if the - # prerequisites cannot be satisfied. You can redirect either to named - # route or to the action in some controller. - # <tt>:render</tt>:: - # the render parameters to be used when the prerequisites cannot be satisfied. - # <tt>:only</tt>:: - # only apply this verification to the actions specified in the associated - # array (may also be a single value). - # <tt>:except</tt>:: - # do not apply this verification to the actions specified in the associated - # array (may also be a single value). - def verify(options={}) - before_filter :only => options[:only], :except => options[:except] do - verify_action options - end - end - end - - private - - def verify_action(options) #:nodoc: - if prereqs_invalid?(options) - flash.update(options[:add_flash]) if options[:add_flash] - response.headers.merge!(options[:add_headers]) if options[:add_headers] - apply_remaining_actions(options) unless performed? - end - end - - def prereqs_invalid?(options) # :nodoc: - verify_presence_of_keys_in_hash_flash_or_params(options) || - verify_method(options) || - verify_request_xhr_status(options) - end - - def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc: - [*options[:params] ].find { |v| v && params[v.to_sym].nil? } || - [*options[:session]].find { |v| session[v].nil? } || - [*options[:flash] ].find { |v| flash[v].nil? } - end - - def verify_method(options) # :nodoc: - [*options[:method]].all? { |v| request.method_symbol != v.to_sym } if options[:method] - end - - def verify_request_xhr_status(options) # :nodoc: - request.xhr? != options[:xhr] unless options[:xhr].nil? - end - - def apply_redirect_to(redirect_to_option) # :nodoc: - (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option - end - - def apply_remaining_actions(options) # :nodoc: - case - when options[:render] ; render(options[:render]) - when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to])) - else head(:bad_request) - end - end - end -end diff --git a/actionpack/lib/action_view/helpers/active_model_helper.rb b/actionpack/lib/action_view/helpers/active_model_helper.rb index 92530246a6..a7650c0050 100644 --- a/actionpack/lib/action_view/helpers/active_model_helper.rb +++ b/actionpack/lib/action_view/helpers/active_model_helper.rb @@ -16,7 +16,7 @@ module ActionView %w(input form error_messages_for error_message_on).each do |method| class_eval <<-RUBY, __FILE__, __LINE__ + 1 def #{method}(*args) - ActiveSupport::Deprecation.warn "#{method} was removed from Rails and is now available as plugin. " << + ActiveSupport::Deprecation.warn "#{method} was removed from Rails and is now available as a plugin. " << "Please install it with `rails plugin install git://github.com/rails/dynamic_form.git`.", caller end RUBY @@ -27,7 +27,7 @@ module ActionView %w(error_messages error_message_on).each do |method| class_eval <<-RUBY, __FILE__, __LINE__ + 1 def #{method}(*args) - ActiveSupport::Deprecation.warn "f.#{method} was removed from Rails and is now available as plugin. " << + ActiveSupport::Deprecation.warn "f.#{method} was removed from Rails and is now available as a plugin. " << "Please install it with `rails plugin install git://github.com/rails/dynamic_form.git`.", caller end RUBY diff --git a/actionpack/test/controller/verification_test.rb b/actionpack/test/controller/verification_test.rb deleted file mode 100644 index 0600ec2ec1..0000000000 --- a/actionpack/test/controller/verification_test.rb +++ /dev/null @@ -1,270 +0,0 @@ -require 'abstract_unit' - -class VerificationTest < ActionController::TestCase - class TestController < ActionController::Base - verify :only => :guarded_one, :params => "one", - :add_flash => { :error => 'unguarded' }, - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_two, :params => %w( one two ), - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_with_flash, :params => "one", - :add_flash => { :notice => "prereqs failed" }, - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_in_session, :session => "one", - :redirect_to => { :action => "unguarded" } - - verify :only => [:multi_one, :multi_two], :session => %w( one two ), - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_by_method, :method => :post, - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_by_xhr, :xhr => true, - :redirect_to => { :action => "unguarded" } - - verify :only => :guarded_by_not_xhr, :xhr => false, - :redirect_to => { :action => "unguarded" } - - before_filter :unconditional_redirect, :only => :two_redirects - verify :only => :two_redirects, :method => :post, - :redirect_to => { :action => "unguarded" } - - verify :only => :must_be_post, :method => :post, :render => { :status => 405, :text => "Must be post" }, :add_headers => { "Allow" => "POST" } - - verify :only => :guarded_one_for_named_route_test, :params => "one", - :redirect_to => :foo_url - - verify :only => :no_default_action, :params => "santa" - - verify :only => :guarded_with_back, :method => :post, - :redirect_to => :back - - def guarded_one - render :text => "#{params[:one]}" - end - - def guarded_one_for_named_route_test - render :text => "#{params[:one]}" - end - - def guarded_with_flash - render :text => "#{params[:one]}" - end - - def guarded_two - render :text => "#{params[:one]}:#{params[:two]}" - end - - def guarded_in_session - render :text => "#{session["one"]}" - end - - def multi_one - render :text => "#{session["one"]}:#{session["two"]}" - end - - def multi_two - render :text => "#{session["two"]}:#{session["one"]}" - end - - def guarded_by_method - render :text => "#{request.method.downcase}" - end - - def guarded_by_xhr - render :text => "#{request.xhr?}" - end - - def guarded_by_not_xhr - render :text => "#{request.xhr?}" - end - - def unguarded - render :text => "#{params[:one]}" - end - - def two_redirects - render :nothing => true - end - - def must_be_post - render :text => "Was a post!" - end - - def guarded_with_back - render :text => "#{params[:one]}" - end - - def no_default_action - # Will never run - end - - protected - - def unconditional_redirect - redirect_to :action => "unguarded" - end - end - - tests TestController - - def test_using_symbol_back_with_no_referrer - assert_raise(ActionController::RedirectBackError) { get :guarded_with_back } - end - - def test_using_symbol_back_redirects_to_referrer - @request.env["HTTP_REFERER"] = "/foo" - get :guarded_with_back - assert_redirected_to '/foo' - end - - def test_no_deprecation_warning_for_named_route - assert_not_deprecated do - with_routing do |set| - set.draw do |map| - match 'foo', :to => 'test#foo', :as => :foo - match 'verification_test/:action', :to => ::VerificationTest::TestController - end - get :guarded_one_for_named_route_test, :two => "not one" - assert_redirected_to '/foo' - end - end - end - - def test_guarded_one_with_prereqs - get :guarded_one, :one => "here" - assert_equal "here", @response.body - end - - def test_guarded_one_without_prereqs - get :guarded_one - assert_redirected_to :action => "unguarded" - assert_equal 'unguarded', flash[:error] - end - - def test_guarded_with_flash_with_prereqs - get :guarded_with_flash, :one => "here" - assert_equal "here", @response.body - assert flash.empty? - end - - def test_guarded_with_flash_without_prereqs - get :guarded_with_flash - assert_redirected_to :action => "unguarded" - assert_equal "prereqs failed", flash[:notice] - end - - def test_guarded_two_with_prereqs - get :guarded_two, :one => "here", :two => "there" - assert_equal "here:there", @response.body - end - - def test_guarded_two_without_prereqs_one - get :guarded_two, :two => "there" - assert_redirected_to :action => "unguarded" - end - - def test_guarded_two_without_prereqs_two - get :guarded_two, :one => "here" - assert_redirected_to :action => "unguarded" - end - - def test_guarded_two_without_prereqs_both - get :guarded_two - assert_redirected_to :action => "unguarded" - end - - def test_unguarded_with_params - get :unguarded, :one => "here" - assert_equal "here", @response.body - end - - def test_unguarded_without_params - get :unguarded - assert @response.body.blank? - end - - def test_guarded_in_session_with_prereqs - get :guarded_in_session, {}, "one" => "here" - assert_equal "here", @response.body - end - - def test_guarded_in_session_without_prereqs - get :guarded_in_session - assert_redirected_to :action => "unguarded" - end - - def test_multi_one_with_prereqs - get :multi_one, {}, "one" => "here", "two" => "there" - assert_equal "here:there", @response.body - end - - def test_multi_one_without_prereqs - get :multi_one - assert_redirected_to :action => "unguarded" - end - - def test_multi_two_with_prereqs - get :multi_two, {}, "one" => "here", "two" => "there" - assert_equal "there:here", @response.body - end - - def test_multi_two_without_prereqs - get :multi_two - assert_redirected_to :action => "unguarded" - end - - def test_guarded_by_method_with_prereqs - post :guarded_by_method - assert_equal "post", @response.body - end - - def test_guarded_by_method_without_prereqs - get :guarded_by_method - assert_redirected_to :action => "unguarded" - end - - def test_guarded_by_xhr_with_prereqs - xhr :post, :guarded_by_xhr - assert_equal "true", @response.body - end - - def test_guarded_by_xhr_without_prereqs - get :guarded_by_xhr - assert_redirected_to :action => "unguarded" - end - - def test_guarded_by_not_xhr_with_prereqs - get :guarded_by_not_xhr - assert_equal "false", @response.body - end - - def test_guarded_by_not_xhr_without_prereqs - xhr :post, :guarded_by_not_xhr - assert_redirected_to :action => "unguarded" - end - - def test_guarded_post_and_calls_render_succeeds - post :must_be_post - assert_equal "Was a post!", @response.body - end - - def test_default_failure_should_be_a_bad_request - post :no_default_action - assert_response :bad_request - end - - def test_guarded_post_and_calls_render_fails_and_sets_allow_header - get :must_be_post - assert_response 405 - assert_equal "Must be post", @response.body - assert_equal "POST", @response.headers["Allow"] - end - - def test_second_redirect - assert_nothing_raised { get :two_redirects } - end -end |