Merge branch 'master' into treewip

* master: (113 commits) remove useless method Updated file documentation [ci skip] changes caching guide to add note on weak etags Don't put config.action_mailer.perform_caching entry twice in development.rb Fix wording and wrong reference Add Ruby formatting to CHANGELOG entry Fix ActionView's cache section reference Do not define methods in the included block Add caching guide in ActionMailer basics Add ActionMailer configuration options Preparing for 5.0.0.beta3 release Update 5.0 release notes Enable tmp_restart plugin for puma Prep release for Rails 5 beta3 [ci skip] Move collection caching changelog entry. Ensure `drop_table` even if tests failure or interrupted :bomb: run the test @rafaelfranca :angry: Remove changelog entry for reverted commit Add CHANGELOG for https://github.com/rails/rails/pull/23734 [ci skip] No need CHANGELOG entry for #23849. ...
author: Aaron Patterson <aaron.patterson@gmail.com> 2016-02-24 11:29:16 -0800
committer: Aaron Patterson <aaron.patterson@gmail.com> 2016-02-24 11:29:16 -0800
commit: a5776ed2b2bf8bccb083e303992a174110b3ef7f (patch)
tree: cfef331bdccd3742e2696a5e2f50312d2f4e132d /actionpack/test/controller
parent: 0c9f5f56f7a1628c8c9ff3a91a52f17a15e31b26 (diff)
parent: f6fecabc0cb8ad7be3783d31656a0b10fe3b5bc7 (diff)
download: rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.tar.gz
rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.tar.bz2
rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.zip
6 files changed, 104 insertions, 70 deletions
diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb
index 7556f984f2..754ac144cc 100644
--- a/actionpack/test/controller/caching_test.rb
+++ b/actionpack/test/controller/caching_test.rb
@@ -381,19 +381,14 @@ class CollectionCacheController < ActionController::Base
     render 'index'
   end
 
-  def index_explicit_render
+  def index_explicit_render_in_controller
     @customers = [Customer.new('david', 1)]
-    render partial: 'customers/customer', collection: @customers
+    render partial: 'customers/customer', collection: @customers, cached: true
   end
 
   def index_with_comment
     @customers = [Customer.new('david', 1)]
-    render partial: 'customers/commented_customer', collection: @customers, as: :customer
-  end
-
-  def index_with_callable_cache_key
-    @customers = [Customer.new('david', 1)]
-    render @customers, cache: -> customer { 'cached_david' }
+    render partial: 'customers/commented_customer', collection: @customers, as: :customer, cached: true
   end
 end
 
@@ -404,7 +399,7 @@ class AutomaticCollectionCacheTest < ActionController::TestCase
     @controller.perform_caching = true
     @controller.partial_rendered_times = 0
     @controller.cache_store = ActiveSupport::Cache::MemoryStore.new
-    ActionView::PartialRenderer.collection_cache = @controller.cache_store
+    ActionView::PartialRenderer.collection_cache = ActiveSupport::Cache::MemoryStore.new
   end
 
   def test_collection_fetches_cached_views
@@ -427,7 +422,7 @@ class AutomaticCollectionCacheTest < ActionController::TestCase
   end
 
   def test_explicit_render_call_with_options
-    get :index_explicit_render
+    get :index_explicit_render_in_controller
 
     assert_select ':root', "david, 1"
   end
@@ -440,12 +435,6 @@ class AutomaticCollectionCacheTest < ActionController::TestCase
     assert_equal 1, @controller.partial_rendered_times
   end
 
-  def test_caching_with_callable_cache_key
-    get :index_with_callable_cache_key
-    assert_customer_cached 'cached_david', 'david, 1'
-    assert_customer_cached 'david/1', 'david, 1'
-  end
-
   private
     def assert_customer_cached(key, content)
       assert_match content,
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index 22f1cc7c22..03a9c9ae78 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -322,3 +322,12 @@ class RedirectToSSLTest < ActionController::TestCase
     assert_equal 'ihaz', response.body
   end
 end
+
+class ForceSSLControllerLevelTest < ActionController::TestCase
+  def test_no_redirect_websocket_ssl_request
+    request.env['rack.url_scheme'] = 'wss'
+    request.env['Upgrade'] = 'websocket'
+    get :cheeseburger
+    assert_response 200
+  end
+end
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index ea50f05f4d..6277407ff7 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -390,7 +390,7 @@ class IntegrationTestUsesCorrectClass < ActionDispatch::IntegrationTest
     reset!
 
     %w( get post head patch put delete ).each do |verb|
-      assert_nothing_raised("'#{verb}' should use integration test methods") { __send__(verb, '/') }
+      assert_nothing_raised { __send__(verb, '/') }
     end
   end
 end
diff --git a/actionpack/test/controller/parameters/accessors_test.rb b/actionpack/test/controller/parameters/accessors_test.rb
index 4ef5bed30d..cea265f9ab 100644
--- a/actionpack/test/controller/parameters/accessors_test.rb
+++ b/actionpack/test/controller/parameters/accessors_test.rb
@@ -4,6 +4,8 @@ require 'active_support/core_ext/hash/transform_values'
 
 class ParametersAccessorsTest < ActiveSupport::TestCase
   setup do
+    ActionController::Parameters.permit_all_parameters = false
+
     @params = ActionController::Parameters.new(
       person: {
         age: '32',
@@ -176,12 +178,20 @@ class ParametersAccessorsTest < ActiveSupport::TestCase
     assert(@params != false)
   end
 
-  test "inspect shows both class name and parameters" do
+  test "inspect shows both class name, parameters and permitted flag" do
     assert_equal(
       '<ActionController::Parameters {"person"=>{"age"=>"32", '\
-      '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \
-      '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}}>',
+        '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \
+        '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}} permitted: false>',
       @params.inspect
     )
   end
+
+  test "inspect prints updated permitted flag in the output" do
+    assert_match(/permitted: false/, @params.inspect)
+
+    @params.permit!
+
+    assert_match(/permitted: true/, @params.inspect)
+  end
 end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 1984ad8825..f7dcbc1984 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -133,7 +133,11 @@ class PerFormTokensController < ActionController::Base
   self.per_form_csrf_tokens = true
 
   def index
-    render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>"
+    render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>"
+  end
+
+  def button_to
+    render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>"
   end
 
   def post_one
@@ -652,15 +656,9 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_accepts_token_for_correct_path_and_method
     get :index
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
-    actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token))
-    expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post')
-    assert_equal expected, actual
+    assert_matches_session_token_on_server form_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
@@ -673,15 +671,9 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_rejects_token_for_incorrect_path
     get :index
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
-    actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token))
-    expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post')
-    assert_equal expected, actual
+    assert_matches_session_token_on_server form_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_two'
@@ -693,15 +685,9 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_rejects_token_for_incorrect_method
     get :index
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
-    actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token))
-    expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post')
-    assert_equal expected, actual
+    assert_matches_session_token_on_server form_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
@@ -710,6 +696,50 @@ class PerFormTokensControllerTest < ActionController::TestCase
     end
   end
 
+  def test_rejects_token_for_incorrect_method_button_to
+    get :button_to, params: { form_method: 'delete' }
+
+    form_token = assert_presence_and_fetch_form_csrf_token
+
+    assert_matches_session_token_on_server form_token, 'delete'
+
+    # This is required because PATH_INFO isn't reset between requests.
+    @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
+    assert_raises(ActionController::InvalidAuthenticityToken) do
+      patch :post_one, params: { custom_authenticity_token: form_token }
+    end
+  end
+
+  test "Accepts proper token for implicit post method on button_to tag" do
+    get :button_to
+
+    form_token = assert_presence_and_fetch_form_csrf_token
+
+    assert_matches_session_token_on_server form_token, 'post'
+
+    # This is required because PATH_INFO isn't reset between requests.
+    @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
+    assert_nothing_raised do
+      post :post_one, params: { custom_authenticity_token: form_token }
+    end
+  end
+
+  %w{delete post patch}.each do |verb|
+    test "Accepts proper token for #{verb} method on button_to tag" do
+      get :button_to, params: { form_method: verb }
+
+      form_token = assert_presence_and_fetch_form_csrf_token
+
+      assert_matches_session_token_on_server form_token, verb
+
+      # This is required because PATH_INFO isn't reset between requests.
+      @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
+      assert_nothing_raised do
+        send verb, :post_one, params: { custom_authenticity_token: form_token }
+      end
+    end
+  end
+
   def test_accepts_global_csrf_token
     get :index
 
@@ -726,15 +756,9 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_ignores_params
     get :index, params: {form_path: '/per_form_tokens/post_one?foo=bar'}
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
-    actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token))
-    expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post')
-    assert_equal expected, actual
+    assert_matches_session_token_on_server form_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one?foo=baz'
@@ -747,11 +771,7 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_ignores_trailing_slash_during_generation
     get :index, params: {form_path: '/per_form_tokens/post_one/'}
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
@@ -764,11 +784,7 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_ignores_trailing_slash_during_validation
     get :index
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
+    form_token = assert_presence_and_fetch_form_csrf_token
 
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one/'
@@ -781,12 +797,7 @@ class PerFormTokensControllerTest < ActionController::TestCase
   def test_method_is_case_insensitive
     get :index, params: {form_method: "POST"}
 
-    form_token = nil
-    assert_select 'input[name=custom_authenticity_token]' do |elts|
-      form_token = elts.first['value']
-      assert_not_nil form_token
-    end
-
+    form_token = assert_presence_and_fetch_form_csrf_token
     # This is required because PATH_INFO isn't reset between requests.
     @request.env['PATH_INFO'] = '/per_form_tokens/post_one/'
     assert_nothing_raised do
@@ -794,4 +805,19 @@ class PerFormTokensControllerTest < ActionController::TestCase
     end
     assert_response :success
   end
+
+  private
+    def assert_presence_and_fetch_form_csrf_token
+      assert_select 'input[name="custom_authenticity_token"]' do |input|
+        form_csrf_token = input.first['value']
+        assert_not_nil form_csrf_token
+        return form_csrf_token
+      end
+    end
+
+    def assert_matches_session_token_on_server(form_token, method = 'post')
+      actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token))
+      expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', method)
+      assert_equal expected, actual
+    end
 end
diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb
index 6d377c4691..daf17558aa 100644
--- a/actionpack/test/controller/webservice_test.rb
+++ b/actionpack/test/controller/webservice_test.rb
@@ -99,7 +99,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest
   def test_parsing_json_doesnot_rescue_exception
     req = Class.new(ActionDispatch::Request) do
       def params_parsers
-        { Mime[:json] => Proc.new { |data| raise Interrupt } }
+        { json: Proc.new { |data| raise Interrupt } }
       end
 
       def content_length; get_header('rack.input').length; end
author	Aaron Patterson <aaron.patterson@gmail.com>	2016-02-24 11:29:16 -0800
committer	Aaron Patterson <aaron.patterson@gmail.com>	2016-02-24 11:29:16 -0800
commit	a5776ed2b2bf8bccb083e303992a174110b3ef7f (patch)
tree	cfef331bdccd3742e2696a5e2f50312d2f4e132d /actionpack/test/controller
parent	0c9f5f56f7a1628c8c9ff3a91a52f17a15e31b26 (diff)
parent	f6fecabc0cb8ad7be3783d31656a0b10fe3b5bc7 (diff)
download	rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.tar.gz rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.tar.bz2 rails-a5776ed2b2bf8bccb083e303992a174110b3ef7f.zip