Merge commit 'rails/master'

Conflicts:
	railties/guides/source/index.html.erb

3 files changed, 148 insertions, 2 deletions

diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb
index 115cc91467..4431eb2e2a 100644
--- a/actionpack/test/controller/caching_test.rb
+++ b/actionpack/test/controller/caching_test.rb
@@ -265,23 +265,27 @@ class ActionCacheTest < ActionController::TestCase
 
   def test_simple_action_cache
     get :index
+    assert_response :success
     cached_time = content_to_cache
     assert_equal cached_time, @response.body
     assert fragment_exist?('hostname.com/action_caching_test')
     reset!
 
     get :index
+    assert_response :success
     assert_equal cached_time, @response.body
   end
 
   def test_simple_action_not_cached
     get :destroy
+    assert_response :success
     cached_time = content_to_cache
     assert_equal cached_time, @response.body
     assert !fragment_exist?('hostname.com/action_caching_test/destroy')
     reset!
 
     get :destroy
+    assert_response :success
     assert_not_equal cached_time, @response.body
   end
 
@@ -289,12 +293,14 @@ class ActionCacheTest < ActionController::TestCase
 
   def test_action_cache_with_layout
     get :with_layout
+    assert_response :success
     cached_time = content_to_cache
     assert_not_equal cached_time, @response.body
     assert fragment_exist?('hostname.com/action_caching_test/with_layout')
     reset!
 
     get :with_layout
+    assert_response :success
     assert_not_equal cached_time, @response.body
     body = body_to_string(read_fragment('hostname.com/action_caching_test/with_layout'))
     assert_equal @response.body, body
@@ -302,12 +308,14 @@ class ActionCacheTest < ActionController::TestCase
 
   def test_action_cache_with_layout_and_layout_cache_false
     get :layout_false
+    assert_response :success
     cached_time = content_to_cache
     assert_not_equal cached_time, @response.body
     assert fragment_exist?('hostname.com/action_caching_test/layout_false')
     reset!
 
     get :layout_false
+    assert_response :success
     assert_not_equal cached_time, @response.body
 
     body = body_to_string(read_fragment('hostname.com/action_caching_test/layout_false'))
@@ -317,6 +325,7 @@ class ActionCacheTest < ActionController::TestCase
   def test_action_cache_conditional_options
     @request.env['HTTP_ACCEPT'] = 'application/json'
     get :index
+    assert_response :success
     assert !fragment_exist?('hostname.com/action_caching_test')
   end
 
@@ -325,41 +334,50 @@ class ActionCacheTest < ActionController::TestCase
     @controller.expects(:read_fragment).with('hostname.com/action_caching_test', :expires_in => 1.hour).once
     @controller.expects(:write_fragment).with('hostname.com/action_caching_test', '12345.0', :expires_in => 1.hour).once
     get :index
+    assert_response :success
   end
 
   def test_action_cache_with_custom_cache_path
     get :show
+    assert_response :success
     cached_time = content_to_cache
     assert_equal cached_time, @response.body
     assert fragment_exist?('test.host/custom/show')
     reset!
 
     get :show
+    assert_response :success
     assert_equal cached_time, @response.body
   end
 
   def test_action_cache_with_custom_cache_path_in_block
     get :edit
+    assert_response :success
     assert fragment_exist?('test.host/edit')
     reset!
 
     get :edit, :id => 1
+    assert_response :success
     assert fragment_exist?('test.host/1;edit')
   end
 
   def test_cache_expiration
     get :index
+    assert_response :success
     cached_time = content_to_cache
     reset!
 
     get :index
+    assert_response :success
     assert_equal cached_time, @response.body
     reset!
 
     get :expire
+    assert_response :success
     reset!
 
     get :index
+    assert_response :success
     new_cached_time = content_to_cache
     assert_not_equal cached_time, @response.body
     reset!
@@ -376,9 +394,11 @@ class ActionCacheTest < ActionController::TestCase
 
     @request.request_uri = "/action_caching_test/expire.xml"
     get :expire, :format => :xml
+    assert_response :success
     reset!
 
     get :index
+    assert_response :success
     new_cached_time = content_to_cache
     assert_not_equal cached_time, @response.body
   end
@@ -386,12 +406,14 @@ class ActionCacheTest < ActionController::TestCase
   def test_cache_is_scoped_by_subdomain
     @request.host = 'jamis.hostname.com'
     get :index
+    assert_response :success
     jamis_cache = content_to_cache
 
     reset!
 
     @request.host = 'david.hostname.com'
     get :index
+    assert_response :success
     david_cache = content_to_cache
     assert_not_equal jamis_cache, @response.body
 
@@ -399,12 +421,14 @@ class ActionCacheTest < ActionController::TestCase
 
     @request.host = 'jamis.hostname.com'
     get :index
+    assert_response :success
     assert_equal jamis_cache, @response.body
 
     reset!
 
     @request.host = 'david.hostname.com'
     get :index
+    assert_response :success
     assert_equal david_cache, @response.body
   end
 
@@ -433,20 +457,24 @@ class ActionCacheTest < ActionController::TestCase
       end
 
       get :index, :format => 'xml'
+      assert_response :success
       cached_time = content_to_cache
       assert_equal cached_time, @response.body
       assert fragment_exist?('hostname.com/action_caching_test/index.xml')
       reset!
 
       get :index, :format => 'xml'
+      assert_response :success
       assert_equal cached_time, @response.body
       assert_equal 'application/xml', @response.content_type
       reset!
 
       get :expire_xml
+      assert_response :success
       reset!
 
       get :index, :format => 'xml'
+      assert_response :success
       assert_not_equal cached_time, @response.body
     end
   end
@@ -455,6 +483,7 @@ class ActionCacheTest < ActionController::TestCase
     # run it twice to cache it the first time
     get :index, :id => 'content-type', :format => 'xml'
     get :index, :id => 'content-type', :format => 'xml'
+    assert_response :success
     assert_equal 'application/xml', @response.content_type
   end
 
@@ -462,6 +491,7 @@ class ActionCacheTest < ActionController::TestCase
     # run it twice to cache it the first time
     get :show, :format => 'xml'
     get :show, :format => 'xml'
+    assert_response :success
     assert_equal 'application/xml', @response.content_type
   end
 
@@ -469,6 +499,7 @@ class ActionCacheTest < ActionController::TestCase
     # run it twice to cache it the first time
     get :edit, :id => 1, :format => 'xml'
     get :edit, :id => 1, :format => 'xml'
+    assert_response :success
     assert_equal 'application/xml', @response.content_type
   end
 
diff --git a/actionpack/test/controller/http_token_authentication_test.rb b/actionpack/test/controller/http_token_authentication_test.rb
new file mode 100644
index 0000000000..3dfccae3db
--- /dev/null
+++ b/actionpack/test/controller/http_token_authentication_test.rb
@@ -0,0 +1,113 @@
+require 'abstract_unit'
+
+class HttpTokenAuthenticationTest < ActionController::TestCase
+  class DummyController < ActionController::Base
+    before_filter :authenticate, :only => :index
+    before_filter :authenticate_with_request, :only => :display
+    before_filter :authenticate_long_credentials, :only => :show
+
+    def index
+      render :text => "Hello Secret"
+    end
+
+    def display
+      render :text => 'Definitely Maybe'
+    end
+    
+    def show
+      render :text => 'Only for loooooong credentials'
+    end
+
+    private
+
+    def authenticate
+      authenticate_or_request_with_http_token do |token, options|
+        token == 'lifo'
+      end
+    end
+
+    def authenticate_with_request
+      if authenticate_with_http_token { |token, options| token == '"quote" pretty' && options[:algorithm] == 'test' }
+        @logged_in = true
+      else
+        request_http_token_authentication("SuperSecret")
+      end
+    end
+    
+    def authenticate_long_credentials
+      authenticate_or_request_with_http_token do |token, options|
+        token == '1234567890123456789012345678901234567890' && options[:algorithm] == 'test'
+      end
+    end
+  end
+
+  AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
+
+  tests DummyController
+
+  AUTH_HEADERS.each do |header|
+    test "successful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials('lifo')
+      get :index
+
+      assert_response :success
+      assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}"
+    end
+    test "successful authentication with #{header.downcase} and long credentials" do
+      @request.env[header] = encode_credentials('1234567890123456789012345678901234567890', :algorithm => 'test')
+      get :show
+      
+      assert_response :success
+      assert_equal 'Only for loooooong credentials', @response.body, "Authentication failed for request header #{header} and long credentials"
+    end
+  end
+
+  AUTH_HEADERS.each do |header|
+    test "unsuccessful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials('h4x0r')
+      get :index
+
+      assert_response :unauthorized
+      assert_equal "HTTP Token: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}"
+    end
+    test "unsuccessful authentication with #{header.downcase} and long credentials" do
+      @request.env[header] = encode_credentials('h4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0rh4x0r')
+      get :show
+
+      assert_response :unauthorized
+      assert_equal "HTTP Token: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header} and long credentials"
+    end
+  end
+
+  test "authentication request without credential" do
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "HTTP Token: Access denied.\n", @response.body
+    assert_equal 'Token realm="SuperSecret"', @response.headers['WWW-Authenticate']
+  end
+
+  test "authentication request with invalid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('"quote" pretty')
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "HTTP Token: Access denied.\n", @response.body
+    assert_equal 'Token realm="SuperSecret"', @response.headers['WWW-Authenticate']
+  end
+
+  test "authentication request with valid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('"quote" pretty', :algorithm => 'test')
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  private
+
+  def encode_credentials(token, options = {})
+    ActionController::HttpAuthentication::Token.encode_credentials(token, options)
+  end
+end
diff --git a/actionpack/test/controller/rescue_test.rb b/actionpack/test/controller/rescue_test.rb
index dd991898a8..0f64b77647 100644
--- a/actionpack/test/controller/rescue_test.rb
+++ b/actionpack/test/controller/rescue_test.rb
@@ -326,7 +326,8 @@ class RescueTest < ActionController::IntegrationTest
   end
 
   test 'rescue routing exceptions' do
-    @app = ActionDispatch::Rescue.new(SharedTestRoutes) do
+    raiser = proc { |env| raise ActionController::RoutingError, "Did not handle the request" }
+    @app = ActionDispatch::Rescue.new(raiser) do
       rescue_from ActionController::RoutingError, lambda { |env| [200, {"Content-Type" => "text/html"}, ["Gotcha!"]] }
     end
 
@@ -335,7 +336,8 @@ class RescueTest < ActionController::IntegrationTest
   end
 
   test 'unrescued exception' do
-    @app = ActionDispatch::Rescue.new(SharedTestRoutes)
+    raiser = proc { |env| raise ActionController::RoutingError, "Did not handle the request" }
+    @app = ActionDispatch::Rescue.new(raiser)
     assert_raise(ActionController::RoutingError) { get '/b00m' }
   end