diff options
author | Jon Leighton <j@jonathanleighton.com> | 2011-03-02 21:24:56 +0000 |
---|---|---|
committer | Jon Leighton <j@jonathanleighton.com> | 2011-03-04 09:30:27 +0000 |
commit | 735844db712c511dd8abf36a5279318fbc0ff9d0 (patch) | |
tree | 5fbd5d224ef85d8c878bf221db98b422c9345466 /actionpack/test/controller | |
parent | 9a98c766e045aebc2ef6d5b716936b73407f095d (diff) | |
parent | b171b9e73dcc6a89b1da652da61c5127fe605b51 (diff) | |
download | rails-735844db712c511dd8abf36a5279318fbc0ff9d0.tar.gz rails-735844db712c511dd8abf36a5279318fbc0ff9d0.tar.bz2 rails-735844db712c511dd8abf36a5279318fbc0ff9d0.zip |
Merge branch 'master' into nested_has_many_through
Conflicts:
activerecord/CHANGELOG
activerecord/lib/active_record/association_preload.rb
activerecord/lib/active_record/associations.rb
activerecord/lib/active_record/associations/class_methods/join_dependency.rb
activerecord/lib/active_record/associations/class_methods/join_dependency/join_association.rb
activerecord/lib/active_record/associations/has_many_association.rb
activerecord/lib/active_record/associations/has_many_through_association.rb
activerecord/lib/active_record/associations/has_one_association.rb
activerecord/lib/active_record/associations/has_one_through_association.rb
activerecord/lib/active_record/associations/through_association_scope.rb
activerecord/lib/active_record/reflection.rb
activerecord/test/cases/associations/has_many_through_associations_test.rb
activerecord/test/cases/associations/has_one_through_associations_test.rb
activerecord/test/cases/reflection_test.rb
activerecord/test/cases/relations_test.rb
activerecord/test/fixtures/memberships.yml
activerecord/test/models/categorization.rb
activerecord/test/models/category.rb
activerecord/test/models/member.rb
activerecord/test/models/reference.rb
activerecord/test/models/tagging.rb
Diffstat (limited to 'actionpack/test/controller')
-rw-r--r-- | actionpack/test/controller/caching_test.rb | 18 | ||||
-rw-r--r-- | actionpack/test/controller/filters_test.rb | 10 | ||||
-rw-r--r-- | actionpack/test/controller/log_subscriber_test.rb | 23 | ||||
-rw-r--r-- | actionpack/test/controller/mime_responds_test.rb | 4 | ||||
-rw-r--r-- | actionpack/test/controller/new_base/bare_metal_test.rb | 2 | ||||
-rw-r--r-- | actionpack/test/controller/new_base/content_negotiation_test.rb | 9 | ||||
-rw-r--r-- | actionpack/test/controller/new_base/render_once_test.rb | 8 | ||||
-rw-r--r-- | actionpack/test/controller/new_base/render_partial_test.rb | 25 | ||||
-rw-r--r-- | actionpack/test/controller/new_base/render_test.rb | 42 | ||||
-rw-r--r-- | actionpack/test/controller/render_json_test.rb | 10 | ||||
-rw-r--r-- | actionpack/test/controller/render_test.rb | 10 | ||||
-rw-r--r-- | actionpack/test/controller/request/test_request_test.rb | 3 | ||||
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 207 | ||||
-rw-r--r-- | actionpack/test/controller/routing_test.rb | 4 | ||||
-rw-r--r-- | actionpack/test/controller/url_for_test.rb | 15 | ||||
-rw-r--r-- | actionpack/test/controller/webservice_test.rb | 2 |
16 files changed, 250 insertions, 142 deletions
diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index c7b54eb0ba..01f3e8f2b6 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -156,6 +156,17 @@ class PageCachingTest < ActionController::TestCase assert_page_not_cached :ok end + def test_page_caching_directory_set_as_pathname + begin + ActionController::Base.page_cache_directory = Pathname.new(FILE_STORE_PATH) + get :ok + assert_response :ok + assert_page_cached :ok + ensure + ActionController::Base.page_cache_directory = FILE_STORE_PATH + end + end + private def assert_page_cached(action, message = "#{action} should have been cached") assert page_cached?(action), message @@ -257,7 +268,6 @@ class ActionCachingMockController end def request - mocked_path = @mock_path Object.new.instance_eval(<<-EVAL) def path; '#{@mock_path}' end def format; 'all' end @@ -416,7 +426,6 @@ class ActionCacheTest < ActionController::TestCase get :index assert_response :success - new_cached_time = content_to_cache assert_not_equal cached_time, @response.body end @@ -550,6 +559,11 @@ class ActionCacheTest < ActionController::TestCase assert_response 404 end + def test_four_oh_four_renders_content + get :four_oh_four + assert_equal "404'd!", @response.body + end + def test_simple_runtime_error_returns_500_for_multiple_requests get :simple_runtime_error assert_response 500 diff --git a/actionpack/test/controller/filters_test.rb b/actionpack/test/controller/filters_test.rb index 68febf425d..330fa276d0 100644 --- a/actionpack/test/controller/filters_test.rb +++ b/actionpack/test/controller/filters_test.rb @@ -664,7 +664,7 @@ class FilterTest < ActionController::TestCase end def test_prepending_and_appending_around_filter - controller = test_process(MixedFilterController) + test_process(MixedFilterController) assert_equal " before aroundfilter before procfilter before appended aroundfilter " + " after appended aroundfilter after procfilter after aroundfilter ", MixedFilterController.execution_log @@ -677,26 +677,26 @@ class FilterTest < ActionController::TestCase end def test_before_filter_rendering_breaks_filtering_chain_for_after_filter - response = test_process(RenderingController) + test_process(RenderingController) assert_equal %w( before_filter_rendering ), assigns["ran_filter"] assert !assigns["ran_action"] end def test_before_filter_redirects_breaks_filtering_chain_for_after_filter - response = test_process(BeforeFilterRedirectionController) + test_process(BeforeFilterRedirectionController) assert_response :redirect assert_equal "http://test.host/filter_test/before_filter_redirection/target_of_redirection", redirect_to_url assert_equal %w( before_filter_redirects ), assigns["ran_filter"] end def test_before_filter_rendering_breaks_filtering_chain_for_preprend_after_filter - response = test_process(RenderingForPrependAfterFilterController) + test_process(RenderingForPrependAfterFilterController) assert_equal %w( before_filter_rendering ), assigns["ran_filter"] assert !assigns["ran_action"] end def test_before_filter_redirects_breaks_filtering_chain_for_preprend_after_filter - response = test_process(BeforeFilterRedirectionForPrependAfterFilterController) + test_process(BeforeFilterRedirectionForPrependAfterFilterController) assert_response :redirect assert_equal "http://test.host/filter_test/before_filter_redirection_for_prepend_after_filter/target_of_redirection", redirect_to_url assert_equal %w( before_filter_redirects ), assigns["ran_filter"] diff --git a/actionpack/test/controller/log_subscriber_test.rb b/actionpack/test/controller/log_subscriber_test.rb index e6fe0b1f04..ddfa3df552 100644 --- a/actionpack/test/controller/log_subscriber_test.rb +++ b/actionpack/test/controller/log_subscriber_test.rb @@ -32,6 +32,11 @@ module Another cache_page("Super soaker", "/index.html") render :nothing => true end + + def with_exception + raise Exception + end + end end @@ -139,20 +144,20 @@ class ACLogSubscriberTest < ActionController::TestCase wait assert_equal 4, logs.size - assert_match(/Exist fragment\? views\/foo/, logs[1]) + assert_match(/Read fragment views\/foo/, logs[1]) assert_match(/Write fragment views\/foo/, logs[2]) ensure @controller.config.perform_caching = true end - + def test_with_fragment_cache_and_percent_in_key @controller.config.perform_caching = true get :with_fragment_cache_and_percent_in_key wait assert_equal 4, logs.size - assert_match(/Exist fragment\? views\/foo%bar/, logs[1]) - assert_match(/Write fragment views\/foo%bar/, logs[2]) + assert_match(/Read fragment views\/foo/, logs[1]) + assert_match(/Write fragment views\/foo/, logs[2]) ensure @controller.config.perform_caching = true end @@ -169,6 +174,16 @@ class ACLogSubscriberTest < ActionController::TestCase @controller.config.perform_caching = true end + def test_process_action_with_exception_includes_http_status_code + begin + get :with_exception + wait + rescue Exception + end + assert_equal 2, logs.size + assert_match(/Completed 500/, logs.last) + end + def logs @logs ||= @logger.logged(:info) end diff --git a/actionpack/test/controller/mime_responds_test.rb b/actionpack/test/controller/mime_responds_test.rb index 98c9d43b93..5debf96232 100644 --- a/actionpack/test/controller/mime_responds_test.rb +++ b/actionpack/test/controller/mime_responds_test.rb @@ -565,7 +565,7 @@ class RespondWithController < ActionController::Base def using_resource_with_action respond_with(resource, :action => :foo) do |format| - format.html { raise ActionView::MissingTemplate.new([], "foo/bar", {}, false) } + format.html { raise ActionView::MissingTemplate.new([], "bar", ["foo"], {}, false) } end end @@ -658,7 +658,7 @@ class RespondWithControllerTest < ActionController::TestCase @request.accept = "application/json" get :using_hash_resource assert_equal "application/json", @response.content_type - assert_equal %Q[{"result":["david",13]}], @response.body + assert_equal %Q[{"result":{"name":"david","id":13}}], @response.body end def test_using_resource_with_block diff --git a/actionpack/test/controller/new_base/bare_metal_test.rb b/actionpack/test/controller/new_base/bare_metal_test.rb index 543c02b2c5..3ca29f1bcf 100644 --- a/actionpack/test/controller/new_base/bare_metal_test.rb +++ b/actionpack/test/controller/new_base/bare_metal_test.rb @@ -35,7 +35,7 @@ module BareMetalTest class HeadTest < ActiveSupport::TestCase test "head works on its own" do - status, headers, body = HeadController.action(:index).call(Rack::MockRequest.env_for("/")) + status = HeadController.action(:index).call(Rack::MockRequest.env_for("/")).first assert_equal 404, status end end diff --git a/actionpack/test/controller/new_base/content_negotiation_test.rb b/actionpack/test/controller/new_base/content_negotiation_test.rb index b98a22dfcc..5fd5946619 100644 --- a/actionpack/test/controller/new_base/content_negotiation_test.rb +++ b/actionpack/test/controller/new_base/content_negotiation_test.rb @@ -7,6 +7,10 @@ module ContentNegotiation self.view_paths = [ActionView::FixtureResolver.new( "content_negotiation/basic/hello.html.erb" => "Hello world <%= request.formats.first.to_s %>!" )] + + def all + render :text => self.formats.inspect + end end class TestContentNegotiation < Rack::TestCase @@ -14,5 +18,10 @@ module ContentNegotiation get "/content_negotiation/basic/hello", {}, "HTTP_ACCEPT" => "*/*" assert_body "Hello world */*!" end + + test "Not all mimes are converted to symbol" do + get "/content_negotiation/basic/all", {}, "HTTP_ACCEPT" => "text/plain, mime/another" + assert_body '[:text, "mime/another"]' + end end end diff --git a/actionpack/test/controller/new_base/render_once_test.rb b/actionpack/test/controller/new_base/render_once_test.rb index 3035ed4ff2..175abf8a7e 100644 --- a/actionpack/test/controller/new_base/render_once_test.rb +++ b/actionpack/test/controller/new_base/render_once_test.rb @@ -18,8 +18,8 @@ module RenderTemplate self.view_paths = [RESOLVER] - def _prefix - "test" + def _prefixes + %w(test) end def multiple @@ -39,11 +39,11 @@ module RenderTemplate end def with_prefix - render :once => "result", :prefix => "other" + render :once => "result", :prefixes => %w(other) end def with_nil_prefix - render :once => "test/result", :prefix => nil + render :once => "test/result", :prefixes => [] end end diff --git a/actionpack/test/controller/new_base/render_partial_test.rb b/actionpack/test/controller/new_base/render_partial_test.rb index d800ea264d..83b0d039ad 100644 --- a/actionpack/test/controller/new_base/render_partial_test.rb +++ b/actionpack/test/controller/new_base/render_partial_test.rb @@ -9,7 +9,10 @@ module RenderPartial "render_partial/basic/basic.html.erb" => "<%= @test_unchanged = 'goodbye' %><%= render :partial => 'basic' %><%= @test_unchanged %>", "render_partial/basic/with_json.html.erb" => "<%= render 'with_json.json' %>", "render_partial/basic/_with_json.json.erb" => "<%= render 'final' %>", - "render_partial/basic/_final.json.erb" => "{ final: json }" + "render_partial/basic/_final.json.erb" => "{ final: json }", + "render_partial/basic/overriden.html.erb" => "<%= @test_unchanged = 'goodbye' %><%= render :partial => 'overriden' %><%= @test_unchanged %>", + "render_partial/basic/_overriden.html.erb" => "ParentPartial!", + "render_partial/child/_overriden.html.erb" => "OverridenPartial!" )] def html_with_json_inside_json @@ -20,7 +23,13 @@ module RenderPartial @test_unchanged = 'hello' render :action => "basic" end + + def overriden + @test_unchanged = 'hello' + end end + + class ChildController < BasicController; end class TestPartial < Rack::TestCase testing BasicController @@ -37,4 +46,18 @@ module RenderPartial end end + class TestInheritedPartial < Rack::TestCase + testing ChildController + + test "partial from parent controller gets picked if missing in child one" do + get :changing + assert_response("goodbyeBasicPartial!goodbye") + end + + test "partial from child controller gets picked" do + get :overriden + assert_response("goodbyeOverridenPartial!goodbye") + end + end + end diff --git a/actionpack/test/controller/new_base/render_test.rb b/actionpack/test/controller/new_base/render_test.rb index df97a2725b..d6062bfa8c 100644 --- a/actionpack/test/controller/new_base/render_test.rb +++ b/actionpack/test/controller/new_base/render_test.rb @@ -6,7 +6,11 @@ module Render "render/blank_render/index.html.erb" => "Hello world!", "render/blank_render/access_request.html.erb" => "The request: <%= request.method.to_s.upcase %>", "render/blank_render/access_action_name.html.erb" => "Action Name: <%= action_name %>", - "render/blank_render/access_controller_name.html.erb" => "Controller Name: <%= controller_name %>" + "render/blank_render/access_controller_name.html.erb" => "Controller Name: <%= controller_name %>", + "render/blank_render/overriden_with_own_view_paths_appended.html.erb" => "parent content", + "render/blank_render/overriden_with_own_view_paths_prepended.html.erb" => "parent content", + "render/blank_render/overriden.html.erb" => "parent content", + "render/child_render/overriden.html.erb" => "child content" )] def index @@ -21,6 +25,15 @@ module Render render :action => "access_action_name" end + def overriden_with_own_view_paths_appended + end + + def overriden_with_own_view_paths_prepended + end + + def overriden + end + private def secretz @@ -35,6 +48,11 @@ module Render end end + class ChildRenderController < BlankRenderController + append_view_path ActionView::FixtureResolver.new("render/child_render/overriden_with_own_view_paths_appended.html.erb" => "child content") + prepend_view_path ActionView::FixtureResolver.new("render/child_render/overriden_with_own_view_paths_prepended.html.erb" => "child content") + end + class RenderTest < Rack::TestCase test "render with blank" do with_routing do |set| @@ -94,4 +112,26 @@ module Render assert_body "Controller Name: blank_render" end end + + class TestViewInheritance < Rack::TestCase + test "Template from child controller gets picked over parent one" do + get "/render/child_render/overriden" + assert_body "child content" + end + + test "Template from child controller with custom view_paths prepended gets picked over parent one" do + get "/render/child_render/overriden_with_own_view_paths_prepended" + assert_body "child content" + end + + test "Template from child controller with custom view_paths appended gets picked over parent one" do + get "/render/child_render/overriden_with_own_view_paths_appended" + assert_body "child content" + end + + test "Template from parent controller gets picked if missing in child controller" do + get "/render/child_render/index" + assert_body "Hello world!" + end + end end diff --git a/actionpack/test/controller/render_json_test.rb b/actionpack/test/controller/render_json_test.rb index 6dd2a9f23d..fc604a2db3 100644 --- a/actionpack/test/controller/render_json_test.rb +++ b/actionpack/test/controller/render_json_test.rb @@ -26,6 +26,10 @@ class RenderJsonTest < ActionController::TestCase render :json => nil end + def render_json_render_to_string + render :text => render_to_string(:json => '[]') + end + def render_json_hello_world render :json => ActiveSupport::JSON.encode(:hello => 'world') end @@ -76,6 +80,12 @@ class RenderJsonTest < ActionController::TestCase assert_equal 'application/json', @response.content_type end + def test_render_json_render_to_string + get :render_json_render_to_string + assert_equal '[]', @response.body + end + + def test_render_json get :render_json_hello_world assert_equal '{"hello":"world"}', @response.body diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index fca8de60bc..be492152f2 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -125,6 +125,10 @@ class TestController < ActionController::Base render :action => "hello_world" end + def render_action_upcased_hello_world + render :action => "Hello_world" + end + def render_action_hello_world_as_string render "hello_world" end @@ -742,6 +746,12 @@ class RenderTest < ActionController::TestCase assert_template "test/hello_world" end + def test_render_action_upcased + assert_raise ActionView::MissingTemplate do + get :render_action_upcased_hello_world + end + end + # :ported: def test_render_action_hello_world_as_string get :render_action_hello_world_as_string diff --git a/actionpack/test/controller/request/test_request_test.rb b/actionpack/test/controller/request/test_request_test.rb index 0a39feb7fe..e624f11773 100644 --- a/actionpack/test/controller/request/test_request_test.rb +++ b/actionpack/test/controller/request/test_request_test.rb @@ -29,8 +29,7 @@ class ActionController::TestRequestTest < ActiveSupport::TestCase end def test_session_id_different_on_each_call - prev_id = assert_not_equal(@request.session_options[:id], ActionController::TestRequest.new.session_options[:id]) end -end
\ No newline at end of file +end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 2c9aa6187b..d520b5e512 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -12,6 +12,14 @@ module RequestForgeryProtectionActions render :inline => "<%= button_to('New', '/') {} %>" end + def external_form + render :inline => "<%= form_tag('http://farfar.away/form', :authenticity_token => 'external_token') {} %>" + end + + def external_form_without_protection + render :inline => "<%= form_tag('http://farfar.away/form', :authenticity_token => false) {} %>" + end + def unsafe render :text => 'pwn' end @@ -20,6 +28,14 @@ module RequestForgeryProtectionActions render :inline => "<%= csrf_meta_tags %>" end + def external_form_for + render :inline => "<%= form_for(:some_resource, :authenticity_token => 'external_token') {} %>" + end + + def form_for_without_protection + render :inline => "<%= form_for(:some_resource, :authenticity_token => false ) {} %>" + end + def rescue_action(e) raise e end end @@ -29,6 +45,16 @@ class RequestForgeryProtectionController < ActionController::Base protect_from_forgery :only => %w(index meta) end +class RequestForgeryProtectionControllerUsingOldBehaviour < ActionController::Base + include RequestForgeryProtectionActions + protect_from_forgery :only => %w(index meta) + + def handle_unverified_request + raise(ActionController::InvalidAuthenticityToken) + end +end + + class FreeCookieController < RequestForgeryProtectionController self.allow_forgery_protection = false @@ -51,152 +77,92 @@ end # common test methods module RequestForgeryProtectionTests - def teardown - ActionController::Base.request_forgery_protection_token = nil + def setup + @token = "cf50faa3fe97702ca1ae" + + ActiveSupport::SecureRandom.stubs(:base64).returns(@token) + ActionController::Base.request_forgery_protection_token = :authenticity_token end + def test_should_render_form_with_token_tag - get :index + assert_not_blocked do + get :index + end assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token end def test_should_render_button_to_with_token_tag - get :show_button + assert_not_blocked do + get :show_button + end assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token end def test_should_allow_get - get :index - assert_response :success + assert_not_blocked { get :index } end def test_should_allow_post_without_token_on_unsafe_action - post :unsafe - assert_response :success - end - - def test_should_not_allow_html_post_without_token - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - assert_raise(ActionController::InvalidAuthenticityToken) { post :index, :format => :html } - end - - def test_should_not_allow_html_put_without_token - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - assert_raise(ActionController::InvalidAuthenticityToken) { put :index, :format => :html } - end - - def test_should_not_allow_html_delete_without_token - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - assert_raise(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html } - end - - def test_should_allow_api_formatted_post_without_token - assert_nothing_raised do - post :index, :format => 'xml' - end - end - - def test_should_not_allow_api_formatted_put_without_token - assert_nothing_raised do - put :index, :format => 'xml' - end - end - - def test_should_allow_api_formatted_delete_without_token - assert_nothing_raised do - delete :index, :format => 'xml' - end + assert_not_blocked { post :unsafe } end - def test_should_not_allow_api_formatted_post_sent_as_url_encoded_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - post :index, :format => 'xml' - end + def test_should_not_allow_post_without_token + assert_blocked { post :index } end - def test_should_not_allow_api_formatted_put_sent_as_url_encoded_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - put :index, :format => 'xml' - end + def test_should_not_allow_post_without_token_irrespective_of_format + assert_blocked { post :index, :format=>'xml' } end - def test_should_not_allow_api_formatted_delete_sent_as_url_encoded_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - delete :index, :format => 'xml' - end + def test_should_not_allow_put_without_token + assert_blocked { put :index } end - def test_should_not_allow_api_formatted_post_sent_as_multipart_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s - post :index, :format => 'xml' - end - end - - def test_should_not_allow_api_formatted_put_sent_as_multipart_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s - put :index, :format => 'xml' - end - end - - def test_should_not_allow_api_formatted_delete_sent_as_multipart_form_without_token - assert_raise(ActionController::InvalidAuthenticityToken) do - @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s - delete :index, :format => 'xml' - end + def test_should_not_allow_delete_without_token + assert_blocked { delete :index } end - def test_should_allow_xhr_post_without_token - assert_nothing_raised { xhr :post, :index } + def test_should_not_allow_xhr_post_without_token + assert_blocked { xhr :post, :index } end - def test_should_allow_xhr_put_without_token - assert_nothing_raised { xhr :put, :index } + def test_should_allow_post_with_token + assert_not_blocked { post :index, :authenticity_token => @token } end - def test_should_allow_xhr_delete_without_token - assert_nothing_raised { xhr :delete, :index } + def test_should_allow_put_with_token + assert_not_blocked { put :index, :authenticity_token => @token } end - def test_should_allow_xhr_post_with_encoded_form_content_type_without_token - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - assert_nothing_raised { xhr :post, :index } + def test_should_allow_delete_with_token + assert_not_blocked { delete :index, :authenticity_token => @token } end - def test_should_allow_post_with_token - post :index, :authenticity_token => @token - assert_response :success + def test_should_allow_post_with_token_in_header + @request.env['HTTP_X_CSRF_TOKEN'] = @token + assert_not_blocked { post :index } end - def test_should_allow_put_with_token - put :index, :authenticity_token => @token - assert_response :success + def test_should_allow_delete_with_token_in_header + @request.env['HTTP_X_CSRF_TOKEN'] = @token + assert_not_blocked { delete :index } end - def test_should_allow_delete_with_token - delete :index, :authenticity_token => @token - assert_response :success + def test_should_allow_put_with_token_in_header + @request.env['HTTP_X_CSRF_TOKEN'] = @token + assert_not_blocked { put :index } end - def test_should_allow_post_with_xml - @request.env['CONTENT_TYPE'] = Mime::XML.to_s - post :index, :format => 'xml' + def assert_blocked + session[:something_like_user_id] = 1 + yield + assert_nil session[:something_like_user_id], "session values are still present" assert_response :success end - def test_should_allow_put_with_xml - @request.env['CONTENT_TYPE'] = Mime::XML.to_s - put :index, :format => 'xml' - assert_response :success - end - - def test_should_allow_delete_with_xml - @request.env['CONTENT_TYPE'] = Mime::XML.to_s - delete :index, :format => 'xml' + def assert_not_blocked + assert_nothing_raised { yield } assert_response :success end end @@ -205,16 +171,6 @@ end class RequestForgeryProtectionControllerTest < ActionController::TestCase include RequestForgeryProtectionTests - def setup - @controller = RequestForgeryProtectionController.new - @request = ActionController::TestRequest.new - @request.format = :html - @response = ActionController::TestResponse.new - @token = "cf50faa3fe97702ca1ae" - - ActiveSupport::SecureRandom.stubs(:base64).returns(@token) - ActionController::Base.request_forgery_protection_token = :authenticity_token - end test 'should emit a csrf-token meta tag' do ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') @@ -226,6 +182,15 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase end end +class RequestForgeryProtectionControllerUsingOldBehaviourTest < ActionController::TestCase + include RequestForgeryProtectionTests + def assert_blocked + assert_raises(ActionController::InvalidAuthenticityToken) do + yield + end + end +end + class FreeCookieControllerTest < ActionController::TestCase def setup @controller = FreeCookieController.new @@ -258,13 +223,23 @@ class FreeCookieControllerTest < ActionController::TestCase end end + + + + class CustomAuthenticityParamControllerTest < ActionController::TestCase def setup + ActionController::Base.request_forgery_protection_token = :custom_token_name + super + end + + def teardown ActionController::Base.request_forgery_protection_token = :authenticity_token + super end def test_should_allow_custom_token - post :index, :authenticity_token => 'foobar' + post :index, :custom_token_name => 'foobar' assert_response :ok end end diff --git a/actionpack/test/controller/routing_test.rb b/actionpack/test/controller/routing_test.rb index 89f0d03c56..5f6f1b61c0 100644 --- a/actionpack/test/controller/routing_test.rb +++ b/actionpack/test/controller/routing_test.rb @@ -701,7 +701,7 @@ class RouteSetTest < ActiveSupport::TestCase set.draw do match '/users/index' => 'users#index' end - params = set.recognize_path('/users/index', :method => :get) + set.recognize_path('/users/index', :method => :get) assert_equal 1, set.routes.size end @@ -980,7 +980,7 @@ class RouteSetTest < ActiveSupport::TestCase match '/profile' => 'profile#index' end - params = set.recognize_path("/profile") rescue nil + set.recognize_path("/profile") rescue nil assert !Object.const_defined?("Profiler__"), "Profiler should not be loaded" end diff --git a/actionpack/test/controller/url_for_test.rb b/actionpack/test/controller/url_for_test.rb index 1f62d29e80..1c28da33bd 100644 --- a/actionpack/test/controller/url_for_test.rb +++ b/actionpack/test/controller/url_for_test.rb @@ -95,16 +95,29 @@ module AbstractController ) end - def test_protocol_with_and_without_separator + def test_protocol_with_and_without_separators add_host! assert_equal('https://www.basecamphq.com/c/a/i', W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => 'https') ) assert_equal('https://www.basecamphq.com/c/a/i', + W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => 'https:') + ) + assert_equal('https://www.basecamphq.com/c/a/i', W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => 'https://') ) end + def test_without_protocol + add_host! + assert_equal('//www.basecamphq.com/c/a/i', + W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => '//') + ) + assert_equal('//www.basecamphq.com/c/a/i', + W.new.url_for(:controller => 'c', :action => 'a', :id => 'i', :protocol => false) + ) + end + def test_trailing_slash add_host! options = {:controller => 'foo', :trailing_slash => true, :action => 'bar', :id => '33'} diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb index 6ba4c6c48d..621fb79915 100644 --- a/actionpack/test/controller/webservice_test.rb +++ b/actionpack/test/controller/webservice_test.rb @@ -216,7 +216,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest def test_typecast_as_yaml with_test_route_set do with_params_parsers Mime::YAML => :yaml do - yaml = <<-YAML + yaml = (<<-YAML).strip --- data: a: 15 |