diff options
author | rick <rick@spacemonkey.local> | 2008-05-13 09:41:10 -0700 |
---|---|---|
committer | rick <rick@spacemonkey.local> | 2008-05-13 09:41:10 -0700 |
commit | 74fd17346f30fddba0e174ae17f5697f2c22279e (patch) | |
tree | 1267cea613ee4a73a2f5ddf3fb24d224dc8bbded /actionpack/test | |
parent | d09a8446d5606a5a0b5c024224b09a1318e9cf4d (diff) | |
parent | 4dedc7ddcaffa8c606af11ae2d32707131b99a2e (diff) | |
download | rails-74fd17346f30fddba0e174ae17f5697f2c22279e.tar.gz rails-74fd17346f30fddba0e174ae17f5697f2c22279e.tar.bz2 rails-74fd17346f30fddba0e174ae17f5697f2c22279e.zip |
Merge branch 'master' of git@github.com:rails/rails
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/cookie_test.rb | 5 | ||||
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 24 | ||||
-rwxr-xr-x | actionpack/test/controller/session/cookie_store_test.rb | 16 | ||||
-rw-r--r-- | actionpack/test/controller/session_management_test.rb | 22 | ||||
-rw-r--r-- | actionpack/test/controller/test_test.rb | 10 |
5 files changed, 75 insertions, 2 deletions
diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 42f3bd26a4..b8f3c629f4 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -137,4 +137,9 @@ class CookieTest < Test::Unit::TestCase cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true') assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies) end + + def test_cookies_should_not_be_split_on_values_with_newlines + cookies = CGI::Cookie.new("name" => "val", "value" => "this\nis\na\ntest") + assert cookies.size == 1 + end end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 833e8d8e00..f7adaa7d4e 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -50,6 +50,14 @@ class CsrfCookieMonsterController < ActionController::Base protect_from_forgery :only => :index end +# sessions are turned off +class SessionOffController < ActionController::Base + protect_from_forgery :secret => 'foobar' + session :off + def rescue_action(e) raise e end + include RequestForgeryProtectionActions +end + class FreeCookieController < CsrfCookieMonsterController self.allow_forgery_protection = false @@ -287,3 +295,19 @@ class FreeCookieControllerTest < Test::Unit::TestCase end end end + +class SessionOffControllerTest < Test::Unit::TestCase + def setup + @controller = SessionOffController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + @token = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123') + end + + def test_should_raise_correct_exception + @request.session = {} # session(:off) doesn't appear to work with controller tests + assert_raises(ActionController::InvalidAuthenticityToken) do + post :index, :authenticity_token => @token + end + end +end diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d308f2a31b..5adaeaf5c5 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -43,7 +43,9 @@ class CookieStoreTest < Test::Unit::TestCase { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] } + end def setup @@ -101,6 +103,15 @@ class CookieStoreTest < Test::Unit::TestCase end end + def test_restores_double_encoded_cookies + set_cookie! cookie_value(:double_escaped) + new_session do |session| + session.dbman.restore + assert_equal session["user_id"], 123 + assert_equal session["flash"], {} + end + end + def test_close_doesnt_write_cookie_if_data_is_blank new_session do |session| assert_no_cookies session @@ -241,6 +252,7 @@ class CookieStoreWithMD5DigestTest < CookieStoreTest { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] } end end diff --git a/actionpack/test/controller/session_management_test.rb b/actionpack/test/controller/session_management_test.rb index 495a9153f8..592b0b549d 100644 --- a/actionpack/test/controller/session_management_test.rb +++ b/actionpack/test/controller/session_management_test.rb @@ -13,6 +13,19 @@ class SessionManagementTest < Test::Unit::TestCase end end + class SessionOffOnController < ActionController::Base + session :off + session :on, :only => :tell + + def show + render :text => "done" + end + + def tell + render :text => "done" + end + end + class TestController < ActionController::Base session :off, :only => :show session :session_secure => true, :except => :show @@ -100,6 +113,15 @@ class SessionManagementTest < Test::Unit::TestCase assert_equal false, @request.session_options end + def test_session_off_then_on_globally + @controller = SessionOffOnController.new + get :show + assert_equal false, @request.session_options + get :tell + assert_instance_of Hash, @request.session_options + assert_equal false, @request.session_options[:disabled] + end + def test_session_off_conditionally @controller = TestController.new get :show diff --git a/actionpack/test/controller/test_test.rb b/actionpack/test/controller/test_test.rb index 04cc2a20d8..ba6c7f4299 100644 --- a/actionpack/test/controller/test_test.rb +++ b/actionpack/test/controller/test_test.rb @@ -12,6 +12,11 @@ class TestTest < Test::Unit::TestCase render :text => 'ignore me' end + def set_flash_now + flash.now["test_now"] = ">#{flash["test_now"]}<" + render :text => 'ignore me' + end + def set_session session['string'] = 'A wonder' session[:symbol] = 'it works' @@ -145,6 +150,11 @@ XML assert_equal '>value<', flash['test'] end + def test_process_with_flash_now + process :set_flash_now, nil, nil, { "test_now" => "value_now" } + assert_equal '>value_now<', flash['test_now'] + end + def test_process_with_session process :set_session assert_equal 'A wonder', session['string'], "A value stored in the session should be available by string key" |