diff options
| author | Pratik Naik <pratiknaik@gmail.com> | 2008-12-16 12:05:27 +0000 |
|---|---|---|
| committer | Pratik Naik <pratiknaik@gmail.com> | 2008-12-16 12:05:27 +0000 |
| commit | ce0e2084107a20a773a587335cfe54bf70ade795 (patch) | |
| tree | fded8e2f6a2d459bdd4676bb9646d3b54cc9f3fe /actionpack/test | |
| parent | 016fffff6d6e434ee7fa69531b08b07d99f48583 (diff) | |
| parent | 9e2b4a10f7f091868b3c3701efb4c04048455706 (diff) | |
| download | rails-ce0e2084107a20a773a587335cfe54bf70ade795.tar.gz rails-ce0e2084107a20a773a587335cfe54bf70ade795.tar.bz2 rails-ce0e2084107a20a773a587335cfe54bf70ade795.zip | |
Merge commit 'mainstream/master'
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/abstract_unit.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/activerecord/active_record_store_test.rb | 202 | ||||
| -rw-r--r-- | actionpack/test/controller/action_pack_assertions_test.rb | 6 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_upload_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/mime_type_test.rb | 8 | ||||
| -rw-r--r-- | actionpack/test/controller/rack_test.rb | 26 | ||||
| -rw-r--r-- | actionpack/test/controller/render_test.rb | 16 | ||||
| -rw-r--r-- | actionpack/test/controller/send_file_test.rb | 1 | ||||
| -rw-r--r-- | actionpack/test/controller/session/cookie_store_test.rb | 348 | ||||
| -rw-r--r-- | actionpack/test/controller/session/mem_cache_store_test.rb | 207 | ||||
| -rw-r--r-- | actionpack/test/controller/session_fixation_test.rb | 168 | ||||
| -rw-r--r-- | actionpack/test/controller/session_management_test.rb | 178 | ||||
| -rw-r--r-- | actionpack/test/controller/webservice_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/view/test_case_test.rb | 8 |
15 files changed, 372 insertions, 804 deletions
diff --git a/actionpack/test/abstract_unit.rb b/actionpack/test/abstract_unit.rb index 51697fda2f..2ba056e60f 100644 --- a/actionpack/test/abstract_unit.rb +++ b/actionpack/test/abstract_unit.rb @@ -30,6 +30,8 @@ ActiveSupport::Deprecation.debug = true ActionController::Base.logger = nil ActionController::Routing::Routes.reload rescue nil +ActionController::Base.session_store = nil + FIXTURE_LOAD_PATH = File.join(File.dirname(__FILE__), 'fixtures') ActionController::Base.view_paths = FIXTURE_LOAD_PATH ActionController::Base.view_paths.load diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb index 677d434f9c..6a75e6050d 100644 --- a/actionpack/test/activerecord/active_record_store_test.rb +++ b/actionpack/test/activerecord/active_record_store_test.rb @@ -1,140 +1,128 @@ -# These tests exercise CGI::Session::ActiveRecordStore, so you're going to -# need AR in a sibling directory to AP and have SQLite installed. require 'active_record_unit' -module CommonActiveRecordStoreTests - def test_basics - s = session_class.new(:session_id => '1234', :data => { 'foo' => 'bar' }) - assert_equal 'bar', s.data['foo'] - assert s.save - assert_equal 'bar', s.data['foo'] +class ActiveRecordStoreTest < ActionController::IntegrationTest + DispatcherApp = ActionController::Dispatcher.new + SessionApp = ActiveRecord::SessionStore.new(DispatcherApp, + :key => '_session_id') + SessionAppWithFixation = ActiveRecord::SessionStore.new(DispatcherApp, + :key => '_session_id', :cookie_only => false) - assert_not_nil t = session_class.find_by_session_id('1234') - assert_not_nil t.data - assert_equal 'bar', t.data['foo'] - end - - def test_reload_same_session - @new_session.update - reloaded = CGI::Session.new(CGI.new, 'session_id' => @new_session.session_id, 'database_manager' => CGI::Session::ActiveRecordStore) - assert_equal 'bar', reloaded['foo'] - end - - def test_tolerates_close_close - assert_nothing_raised do - @new_session.close - @new_session.close + class TestController < ActionController::Base + def no_session_access + head :ok end - end -end -class ActiveRecordStoreTest < ActiveRecordTestCase - include CommonActiveRecordStoreTests + def set_session_value + session[:foo] = params[:foo] || "bar" + head :ok + end - def session_class - CGI::Session::ActiveRecordStore::Session - end + def get_session_value + render :text => "foo: #{session[:foo].inspect}" + end - def session_id_column - "session_id" + def rescue_action(e) raise end end def setup - session_class.create_table! - - ENV['REQUEST_METHOD'] = 'GET' - ENV['REQUEST_URI'] = '/' - CGI::Session::ActiveRecordStore.session_class = session_class - - @cgi = CGI.new - @new_session = CGI::Session.new(@cgi, 'database_manager' => CGI::Session::ActiveRecordStore, 'new_session' => true) - @new_session['foo'] = 'bar' + ActiveRecord::SessionStore.session_class.create_table! + @integration_session = open_session(SessionApp) end -# this test only applies for eager session saving -# def test_another_instance -# @another = CGI::Session.new(@cgi, 'session_id' => @new_session.session_id, 'database_manager' => CGI::Session::ActiveRecordStore) -# assert_equal @new_session.session_id, @another.session_id -# end - - def test_model_attribute - assert_kind_of CGI::Session::ActiveRecordStore::Session, @new_session.model - assert_equal({ 'foo' => 'bar' }, @new_session.model.data) + def teardown + ActiveRecord::SessionStore.session_class.drop_table! end - def test_save_unloaded_session - c = session_class.connection - bogus_class = c.quote(ActiveSupport::Base64.encode64("\004\010o:\vBlammo\000")) - c.insert("INSERT INTO #{session_class.table_name} ('#{session_id_column}', 'data') VALUES ('abcdefghijklmnop', #{bogus_class})") + def test_setting_and_getting_session_value + with_test_route_set do + get '/set_session_value' + assert_response :success + assert cookies['_session_id'] - sess = session_class.find_by_session_id('abcdefghijklmnop') - assert_not_nil sess - assert !sess.loaded? + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body - # because the session is not loaded, the save should be a no-op. If it - # isn't, this'll try and unmarshall the bogus class, and should get an error. - assert_nothing_raised { sess.save } - end + get '/set_session_value', :foo => "baz" + assert_response :success + assert cookies['_session_id'] - def teardown - session_class.drop_table! + get '/get_session_value' + assert_response :success + assert_equal 'foo: "baz"', response.body + end end -end -class ColumnLimitTest < ActiveRecordTestCase - def setup - @session_class = CGI::Session::ActiveRecordStore::Session - @session_class.create_table! + def test_getting_nil_session_value + with_test_route_set do + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body + end end - def teardown - @session_class.drop_table! - end + def test_prevents_session_fixation + with_test_route_set do + get '/set_session_value' + assert_response :success + assert cookies['_session_id'] - def test_protection_from_data_larger_than_column - # Can't test this unless there is a limit - return unless limit = @session_class.data_column_size_limit - too_big = ':(' * limit - s = @session_class.new(:session_id => '666', :data => {'foo' => too_big}) - s.data - assert_raise(ActionController::SessionOverflowError) { s.save } - end -end + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body + session_id = cookies['_session_id'] + assert session_id + + reset! -class DeprecatedActiveRecordStoreTest < ActiveRecordStoreTest - def session_id_column - "sessid" + get '/set_session_value', :_session_id => session_id, :foo => "baz" + assert_response :success + assert_equal nil, cookies['_session_id'] + + get '/get_session_value', :_session_id => session_id + assert_response :success + assert_equal 'foo: nil', response.body + assert_equal nil, cookies['_session_id'] + end end - def setup - session_class.connection.execute 'create table old_sessions (id integer primary key, sessid text unique, data text)' - session_class.table_name = 'old_sessions' - session_class.send :setup_sessid_compatibility! + def test_allows_session_fixation + @integration_session = open_session(SessionAppWithFixation) - ENV['REQUEST_METHOD'] = 'GET' - CGI::Session::ActiveRecordStore.session_class = session_class + with_test_route_set do + get '/set_session_value' + assert_response :success + assert cookies['_session_id'] - @new_session = CGI::Session.new(CGI.new, 'database_manager' => CGI::Session::ActiveRecordStore, 'new_session' => true) - @new_session['foo'] = 'bar' - end + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body + session_id = cookies['_session_id'] + assert session_id - def teardown - session_class.connection.execute 'drop table old_sessions' - session_class.table_name = 'sessions' - end -end + reset! + @integration_session = open_session(SessionAppWithFixation) + + get '/set_session_value', :_session_id => session_id, :foo => "baz" + assert_response :success + assert_equal session_id, cookies['_session_id'] -class SqlBypassActiveRecordStoreTest < ActiveRecordStoreTest - def session_class - unless defined? @session_class - @session_class = CGI::Session::ActiveRecordStore::SqlBypass - @session_class.connection = CGI::Session::ActiveRecordStore::Session.connection + get '/get_session_value', :_session_id => session_id + assert_response :success + assert_equal 'foo: "baz"', response.body + assert_equal session_id, cookies['_session_id'] end - @session_class end - def test_model_attribute - assert_kind_of CGI::Session::ActiveRecordStore::SqlBypass, @new_session.model - assert_equal({ 'foo' => 'bar' }, @new_session.model.data) - end + private + def with_test_route_set + with_routing do |set| + set.draw do |map| + map.with_options :controller => "active_record_store_test/test" do |c| + c.connect "/:action" + end + end + yield + end + end end diff --git a/actionpack/test/controller/action_pack_assertions_test.rb b/actionpack/test/controller/action_pack_assertions_test.rb index ea56048f37..87c12ee4ee 100644 --- a/actionpack/test/controller/action_pack_assertions_test.rb +++ b/actionpack/test/controller/action_pack_assertions_test.rb @@ -326,11 +326,11 @@ class ActionPackAssertionsControllerTest < ActionController::TestCase # check if we were rendered by a file-based template? def test_rendered_action process :nothing - assert_nil @response.rendered_template + assert_nil @response.rendered[:template] process :hello_world - assert @response.rendered_template - assert 'hello_world', @response.rendered_template.to_s + assert @response.rendered[:template] + assert 'hello_world', @response.rendered[:template].to_s end # check the redirection location diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 6a793c8bb6..fd985a9a46 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -231,8 +231,6 @@ end class IntegrationProcessTest < ActionController::IntegrationTest class IntegrationController < ActionController::Base - session :off - def get respond_to do |format| format.html { render :text => "OK", :status => 200 } diff --git a/actionpack/test/controller/integration_upload_test.rb b/actionpack/test/controller/integration_upload_test.rb index b1dd6a6341..39d2e164e4 100644 --- a/actionpack/test/controller/integration_upload_test.rb +++ b/actionpack/test/controller/integration_upload_test.rb @@ -6,8 +6,6 @@ unless defined? ApplicationController end class UploadTestController < ActionController::Base - session :off - def update SessionUploadTest.last_request_type = ActionController::Base.param_parsers[request.content_type] render :text => "got here" diff --git a/actionpack/test/controller/mime_type_test.rb b/actionpack/test/controller/mime_type_test.rb index 21ae0419f1..9c4416ecf0 100644 --- a/actionpack/test/controller/mime_type_test.rb +++ b/actionpack/test/controller/mime_type_test.rb @@ -81,4 +81,12 @@ class MimeTypeTest < Test::Unit::TestCase assert verified.each { |type| assert Mime.const_get(type.to_s.upcase).verify_request?, "Verifiable Mime Type is not verified: #{type.inspect}" } assert unverified.each { |type| assert !Mime.const_get(type.to_s.upcase).verify_request?, "Nonverifiable Mime Type is verified: #{type.inspect}" } end + + def test_regexp_matcher + assert Mime::JS =~ "text/javascript" + assert Mime::JS =~ "application/javascript" + assert Mime::JS !~ "text/html" + assert !(Mime::JS !~ "text/javascript") + assert !(Mime::JS !~ "application/javascript") + end end diff --git a/actionpack/test/controller/rack_test.rb b/actionpack/test/controller/rack_test.rb index 641ef9626e..e2ec686c41 100644 --- a/actionpack/test/controller/rack_test.rb +++ b/actionpack/test/controller/rack_test.rb @@ -229,7 +229,7 @@ end class RackResponseTest < BaseRackTest def setup super - @response = ActionController::RackResponse.new(@request) + @response = ActionController::RackResponse.new end def test_simple_output @@ -265,34 +265,12 @@ class RackResponseTest < BaseRackTest body.each { |part| parts << part } assert_equal ["0", "1", "2", "3", "4"], parts end - - def test_set_session_cookie - cookie = CGI::Cookie.new({"name" => "name", "value" => "Josh"}) - @request.cgi.send :instance_variable_set, '@output_cookies', [cookie] - - @response.body = "Hello, World!" - @response.prepare! - - status, headers, body = @response.out - assert_equal "200 OK", status - assert_equal({ - "Content-Type" => "text/html; charset=utf-8", - "Cache-Control" => "private, max-age=0, must-revalidate", - "ETag" => '"65a8e27d8879283831b664bd8b7f0ad4"', - "Set-Cookie" => ["name=Josh; path="], - "Content-Length" => "13" - }, headers) - - parts = [] - body.each { |part| parts << part } - assert_equal ["Hello, World!"], parts - end end class RackResponseHeadersTest < BaseRackTest def setup super - @response = ActionController::RackResponse.new(@request) + @response = ActionController::RackResponse.new @response.headers['Status'] = "200 OK" end diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index c5496a9af5..a6721fd903 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -208,6 +208,10 @@ class TestController < ActionController::Base def greeting # let's just rely on the template end + + def blank_response + render :text => ' ' + end def layout_test render :action => "hello_world" @@ -1310,21 +1314,28 @@ class RenderTest < ActionController::TestCase def test_partial_collection_with_spacer get :partial_collection_with_spacer assert_equal "Hello: davidonly partialHello: mary", @response.body + assert_template :partial => 'test/_partial_only' + assert_template :partial => '_customer' end def test_partial_collection_shorthand_with_locals get :partial_collection_shorthand_with_locals assert_equal "Bonjour: davidBonjour: mary", @response.body + assert_template :partial => 'customers/_customer', :count => 2 + assert_template :partial => '_completely_fake_and_made_up_template_that_cannot_possibly_be_rendered', :count => 0 end def test_partial_collection_shorthand_with_different_types_of_records get :partial_collection_shorthand_with_different_types_of_records assert_equal "Bonjour bad customer: mark0Bonjour good customer: craig1Bonjour bad customer: john2Bonjour good customer: zach3Bonjour good customer: brandon4Bonjour bad customer: dan5", @response.body + assert_template :partial => 'good_customers/_good_customer', :count => 3 + assert_template :partial => 'bad_customers/_bad_customer', :count => 3 end def test_empty_partial_collection get :empty_partial_collection assert_equal " ", @response.body + assert_template :partial => false end def test_partial_with_hash_object @@ -1373,6 +1384,11 @@ class EtagRenderTest < ActionController::TestCase @request.host = "www.nextangle.com" @expected_bang_etag = etag_for(expand_key([:foo, 123])) end + + def test_render_blank_body_shouldnt_set_etag + get :blank_response + assert !@response.etag? + end def test_render_200_should_set_etag get :render_hello_world_from_variable diff --git a/actionpack/test/controller/send_file_test.rb b/actionpack/test/controller/send_file_test.rb index c003abf094..ffbaa457f8 100644 --- a/actionpack/test/controller/send_file_test.rb +++ b/actionpack/test/controller/send_file_test.rb @@ -69,6 +69,7 @@ class SendFileTest < Test::Unit::TestCase assert_equal @controller.file_path, response.headers['X-Sendfile'] assert response.body.blank? + assert !response.etag? end def test_data diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index b5f14acc1f..8098059d46 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -1,298 +1,146 @@ require 'abstract_unit' require 'stringio' +class CookieStoreTest < ActionController::IntegrationTest + SessionKey = '_myapp_session' + SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' -class CGI::Session::CookieStore - def ensure_secret_secure_with_test_hax(secret) - if secret == CookieStoreTest.default_session_options['secret'] - return true - else - ensure_secret_secure_without_test_hax(secret) - end - end - alias_method_chain :ensure_secret_secure, :test_hax -end + DispatcherApp = ActionController::Dispatcher.new + CookieStoreApp = ActionController::Session::CookieStore.new(DispatcherApp, + :key => SessionKey, :secret => SessionSecret) + SignedBar = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" -# Expose for tests. -class CGI - attr_reader :output_cookies, :output_hidden - - class Session - attr_reader :dbman + class TestController < ActionController::Base + def no_session_access + head :ok + end - class CookieStore - attr_reader :data, :original, :cookie_options + def set_session_value + session[:foo] = "bar" + head :ok end - end -end -class CookieStoreTest < Test::Unit::TestCase - def self.default_session_options - { 'database_manager' => CGI::Session::CookieStore, - 'session_key' => '_myapp_session', - 'secret' => 'Keep it secret; keep it safe.', - 'no_cookies' => true, - 'no_hidden' => true, - 'session_http_only' => true - } - end + def get_session_value + render :text => "foo: #{session[:foo].inspect}" + end - def self.cookies - { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], - :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], - :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] - } + def raise_data_overflow + session[:foo] = 'bye!' * 1024 + head :ok + end + def rescue_action(e) raise end end def setup - ENV.delete('HTTP_COOKIE') + @integration_session = open_session(CookieStoreApp) end def test_raises_argument_error_if_missing_session_key - [nil, ''].each do |blank| - assert_raise(ArgumentError, blank.inspect) { new_session 'session_key' => blank } - end + assert_raise(ArgumentError, nil.inspect) { + ActionController::Session::CookieStore.new(nil, + :key => nil, :secret => SessionSecret) + } + + assert_raise(ArgumentError, ''.inspect) { + ActionController::Session::CookieStore.new(nil, + :key => '', :secret => SessionSecret) + } end def test_raises_argument_error_if_missing_secret - [nil, ''].each do |blank| - assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank } - end - end + assert_raise(ArgumentError, nil.inspect) { + ActionController::Session::CookieStore.new(nil, + :key => SessionKey, :secret => nil) + } - def test_raises_argument_error_if_secret_is_probably_insecure - ["password", "secret", "12345678901234567890123456789"].each do |blank| - assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank } - end + assert_raise(ArgumentError, ''.inspect) { + ActionController::Session::CookieStore.new(nil, + :key => SessionKey, :secret => '') + } end - def test_reconfigures_session_to_omit_id_cookie_and_hidden_field - new_session do |session| - assert_equal true, @options['no_hidden'] - assert_equal true, @options['no_cookies'] - end - end + def test_raises_argument_error_if_secret_is_probably_insecure + assert_raise(ArgumentError, "password".inspect) { + ActionController::Session::CookieStore.new(nil, + :key => SessionKey, :secret => "password") + } - def test_restore_unmarshals_missing_cookie_as_empty_hash - new_session do |session| - assert_nil session.dbman.data - assert_nil session['test'] - assert_equal Hash.new, session.dbman.data - end - end + assert_raise(ArgumentError, "secret".inspect) { + ActionController::Session::CookieStore.new(nil, + :key => SessionKey, :secret => "secret") + } - def test_restore_unmarshals_good_cookies - cookies(:empty, :a_one, :typical).each do |value, expected| - set_cookie! value - new_session do |session| - assert_nil session['lazy loads the data hash'] - assert_equal expected, session.dbman.data - end - end + assert_raise(ArgumentError, "12345678901234567890123456789".inspect) { + ActionController::Session::CookieStore.new(nil, + :key => SessionKey, :secret => "12345678901234567890123456789") + } end - def test_restore_deletes_tampered_cookies - set_cookie! 'a--b' - new_session do |session| - assert_raise(CGI::Session::CookieStore::TamperedWithCookie) { session['fail'] } - assert_cookie_deleted session - end + def test_setting_session_value + with_test_route_set do + get '/set_session_value' + assert_response :success + assert_equal ["_myapp_session=#{SignedBar}; path=/"], + headers['Set-Cookie'] + end end - def test_close_doesnt_write_cookie_if_data_is_blank - new_session do |session| - assert_no_cookies session - session.close - assert_no_cookies session - end + def test_getting_session_value + with_test_route_set do + cookies[SessionKey] = SignedBar + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body + end end - def test_close_doesnt_write_cookie_if_data_is_unchanged - set_cookie! cookie_value(:typical) - new_session do |session| - assert_no_cookies session - session['user_id'] = session['user_id'] - session.close - assert_no_cookies session + def test_disregards_tampered_sessions + with_test_route_set do + cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780" + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body end end def test_close_raises_when_data_overflows - set_cookie! cookie_value(:empty) - new_session do |session| - session['overflow'] = 'bye!' * 1024 - assert_raise(CGI::Session::CookieStore::CookieOverflow) { session.close } - assert_no_cookies session - end - end - - def test_close_marshals_and_writes_cookie - set_cookie! cookie_value(:typical) - new_session do |session| - assert_no_cookies session - session['flash'] = {} - assert_no_cookies session - session.close - assert_equal 1, session.cgi.output_cookies.size - cookie = session.cgi.output_cookies.first - assert_cookie cookie, cookie_value(:flashed) - assert_http_only_cookie cookie - assert_secure_cookie cookie, false - end - end - - def test_writes_non_secure_cookie_by_default - set_cookie! cookie_value(:typical) - new_session do |session| - session['flash'] = {} - session.close - cookie = session.cgi.output_cookies.first - assert_secure_cookie cookie,false - end - end - - def test_writes_secure_cookie - set_cookie! cookie_value(:typical) - new_session('session_secure'=>true) do |session| - session['flash'] = {} - session.close - cookie = session.cgi.output_cookies.first - assert_secure_cookie cookie + with_test_route_set do + assert_raise(ActionController::Session::CookieStore::CookieOverflow) { + get '/raise_data_overflow' + } end end - def test_http_only_cookie_by_default - set_cookie! cookie_value(:typical) - new_session do |session| - session['flash'] = {} - session.close - cookie = session.cgi.output_cookies.first - assert_http_only_cookie cookie + def test_doesnt_write_session_cookie_if_session_is_not_accessed + with_test_route_set do + get '/no_session_access' + assert_response :success + assert_equal [], headers['Set-Cookie'] end end - def test_overides_http_only_cookie - set_cookie! cookie_value(:typical) - new_session('session_http_only'=>false) do |session| - session['flash'] = {} - session.close - cookie = session.cgi.output_cookies.first - assert_http_only_cookie cookie, false - end - end - - def test_delete_writes_expired_empty_cookie_and_sets_data_to_nil - set_cookie! cookie_value(:typical) - new_session do |session| - assert_no_cookies session - session.delete - assert_cookie_deleted session - - # @data is set to nil so #close doesn't send another cookie. - session.close - assert_cookie_deleted session - end - end - - def test_new_session_doesnt_reuse_deleted_cookie_data - set_cookie! cookie_value(:typical) - - new_session do |session| - assert_not_nil session['user_id'] - session.delete - - # Start a new session using the same CGI instance. - post_delete_session = CGI::Session.new(session.cgi, self.class.default_session_options) - assert_nil post_delete_session['user_id'] + def test_doesnt_write_session_cookie_if_session_is_unchanged + with_test_route_set do + cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--" + + "fef868465920f415f2c0652d6910d3af288a0367" + get '/no_session_access' + assert_response :success + assert_equal [], headers['Set-Cookie'] end end private - def assert_no_cookies(session) - assert_nil session.cgi.output_cookies, session.cgi.output_cookies.inspect - end - - def assert_cookie_deleted(session, message = 'Expected session deletion cookie to be set') - assert_equal 1, session.cgi.output_cookies.size - cookie = session.cgi.output_cookies.first - assert_cookie cookie, nil, 1.year.ago.to_date, "#{message}: #{cookie.name} => #{cookie.value}" - end - - def assert_cookie(cookie, value = nil, expires = nil, message = nil) - assert_equal '_myapp_session', cookie.name, message - assert_equal [value].compact, cookie.value, message - assert_equal expires, cookie.expires ? cookie.expires.to_date : cookie.expires, message - end - - def assert_secure_cookie(cookie,value=true) - assert cookie.secure==value - end - - def assert_http_only_cookie(cookie,value=true) - assert cookie.http_only==value - end - - def cookies(*which) - self.class.cookies.values_at(*which) - end - - def cookie_value(which) - self.class.cookies[which].first - end - - def set_cookie!(value) - ENV['HTTP_COOKIE'] = "_myapp_session=#{value}" - end - - def new_session(options = {}) - with_cgi do |cgi| - assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}" - assert_nil cgi.output_cookies, "Output cookies should be empty: #{cgi.output_cookies.inspect}" - - @options = self.class.default_session_options.merge(options) - session = CGI::Session.new(cgi, @options) - ObjectSpace.undefine_finalizer(session) - - assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}" - assert_nil cgi.output_cookies, "Output cookies should be empty: #{cgi.output_cookies.inspect}" - - yield session if block_given? - session + def with_test_route_set + with_routing do |set| + set.draw do |map| + map.with_options :controller => "cookie_store_test/test" do |c| + c.connect "/:action" + end + end + yield end end - - def with_cgi - ENV['REQUEST_METHOD'] = 'GET' - ENV['HTTP_HOST'] = 'example.com' - ENV['QUERY_STRING'] = '' - - cgi = CGI.new('query', StringIO.new('')) - yield cgi if block_given? - cgi - end -end - - -class CookieStoreWithBlockAsSecretTest < CookieStoreTest - def self.default_session_options - CookieStoreTest.default_session_options.merge 'secret' => Proc.new { 'Keep it secret; keep it safe.' } - end -end - - -class CookieStoreWithMD5DigestTest < CookieStoreTest - def self.default_session_options - CookieStoreTest.default_session_options.merge 'digest' => 'MD5' - end - - def self.cookies - { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], - :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], - :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }], - :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] } - end end diff --git a/actionpack/test/controller/session/mem_cache_store_test.rb b/actionpack/test/controller/session/mem_cache_store_test.rb index 9ab927a01f..52e31b78da 100644 --- a/actionpack/test/controller/session/mem_cache_store_test.rb +++ b/actionpack/test/controller/session/mem_cache_store_test.rb @@ -1,178 +1,81 @@ require 'abstract_unit' -class CGI::Session - def cache - dbman.instance_variable_get(:@cache) - end -end - - -uses_mocha 'MemCacheStore tests' do -if defined? MemCache::MemCacheError +# You need to start a memcached server inorder to run these tests +class MemCacheStoreTest < ActionController::IntegrationTest + class TestController < ActionController::Base + def no_session_access + head :ok + end -class MemCacheStoreTest < Test::Unit::TestCase - SESSION_KEY_RE = /^session:[0-9a-z]+/ - CONN_TEST_KEY = 'connection_test' - MULTI_TEST_KEY = '0123456789' - TEST_DATA = 'Hello test' + def set_session_value + session[:foo] = "bar" + head :ok + end - def self.get_mem_cache_if_available - begin - require 'memcache' - cache = MemCache.new('127.0.0.1') - # Test availability of the connection - cache.set(CONN_TEST_KEY, 1) - unless cache.get(CONN_TEST_KEY) == 1 - puts 'Warning: memcache server available but corrupted.' - return nil - end - rescue LoadError, MemCache::MemCacheError - return nil + def get_session_value + render :text => "foo: #{session[:foo].inspect}" end - return cache + + def rescue_action(e) raise end end - CACHE = get_mem_cache_if_available + begin + DispatcherApp = ActionController::Dispatcher.new + MemCacheStoreApp = ActionController::Session::MemCacheStore.new( + DispatcherApp, :key => '_session_id') - def test_initialization - assert_raise(ArgumentError) { new_session('session_id' => '!invalid_id') } - new_session do |s| - assert_equal Hash.new, s.cache.get('session:' + s.session_id) + def setup + @integration_session = open_session(MemCacheStoreApp) end - end + def test_setting_and_getting_session_value + with_test_route_set do + get '/set_session_value' + assert_response :success + assert cookies['_session_id'] - def test_storage - d = rand(0xffff) - new_session do |s| - session_key = 'session:' + s.session_id - unless CACHE - s.cache.expects(:get).with(session_key) \ - .returns(:test => d) - s.cache.expects(:set).with(session_key, - has_entry(:test, d), - 0) - end - s[:test] = d - s.close - assert_equal d, s.cache.get(session_key)[:test] - assert_equal d, s[:test] - end - end - - def test_deletion - new_session do |s| - session_key = 'session:' + s.session_id - unless CACHE - s.cache.expects(:delete) - s.cache.expects(:get).with(session_key) \ - .returns(nil) + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body end - s[:test] = rand(0xffff) - s.delete - assert_nil s.cache.get(session_key) end - end - - def test_other_session_retrieval - new_session do |sa| - unless CACHE - sa.cache.expects(:set).with('session:' + sa.session_id, - has_entry(:test, TEST_DATA), - 0) - end - sa[:test] = TEST_DATA - sa.close - new_session('session_id' => sa.session_id) do |sb| - unless CACHE - sb.cache.expects(:[]).with('session:' + sb.session_id) \ - .returns(:test => TEST_DATA) - end - assert_equal(TEST_DATA, sb[:test]) + def test_getting_nil_session_value + with_test_route_set do + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body end end - end + def test_prevents_session_fixation + with_test_route_set do + get '/get_session_value' + assert_response :success + assert_equal 'foo: nil', response.body + session_id = cookies['_session_id'] - def test_multiple_sessions - s_slots = Array.new(10) - operation = :write - last_data = nil - reads = writes = 0 - 50.times do - current = rand(10) - s_slots[current] ||= new_session('session_id' => MULTI_TEST_KEY, - 'new_session' => true) - s = s_slots[current] - case operation - when :write - last_data = rand(0xffff) - unless CACHE - s.cache.expects(:set).with('session:' + MULTI_TEST_KEY, - { :test => last_data }, - 0) - end - s[:test] = last_data - s.close - writes += 1 - when :read - # Make CGI::Session#[] think there was no data retrieval yet. - # Normally, the session caches the data during its lifetime. - s.instance_variable_set(:@data, nil) - unless CACHE - s.cache.expects(:[]).with('session:' + MULTI_TEST_KEY) \ - .returns(:test => last_data) - end - d = s[:test] - assert_equal(last_data, d, "OK reads: #{reads}, OK writes: #{writes}") - reads += 1 + reset! + + get '/set_session_value', :_session_id => session_id + assert_response :success + assert_equal nil, cookies['_session_id'] end - operation = rand(5) == 0 ? :write : :read end + rescue LoadError, RuntimeError + $stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again." end - - private - def obtain_session_options - options = { 'database_manager' => CGI::Session::MemCacheStore, - 'session_key' => '_test_app_session' - } - # if don't have running memcache server we use mock instead - unless CACHE - options['cache'] = c = mock - c.stubs(:[]).with(regexp_matches(SESSION_KEY_RE)) - c.stubs(:get).with(regexp_matches(SESSION_KEY_RE)) \ - .returns(Hash.new) - c.stubs(:add).with(regexp_matches(SESSION_KEY_RE), - instance_of(Hash), - 0) - end - options - end - - - def new_session(options = {}) - with_cgi do |cgi| - @options = obtain_session_options.merge(options) - session = CGI::Session.new(cgi, @options) - yield session if block_given? - return session + def with_test_route_set + with_routing do |set| + set.draw do |map| + map.with_options :controller => "mem_cache_store_test/test" do |c| + c.connect "/:action" + end + end + yield + end end - end - - def with_cgi - ENV['REQUEST_METHOD'] = 'GET' - ENV['HTTP_HOST'] = 'example.com' - ENV['QUERY_STRING'] = '' - - cgi = CGI.new('query', StringIO.new('')) - yield cgi if block_given? - cgi - end end - -end # defined? MemCache -end # uses_mocha diff --git a/actionpack/test/controller/session_fixation_test.rb b/actionpack/test/controller/session_fixation_test.rb index e8dc8bd295..9e5b45dc3d 100644 --- a/actionpack/test/controller/session_fixation_test.rb +++ b/actionpack/test/controller/session_fixation_test.rb @@ -1,84 +1,84 @@ -require 'abstract_unit' - -class SessionFixationTest < ActionController::IntegrationTest - class TestController < ActionController::Base - session :session_key => '_myapp_session_id', - :secret => CGI::Session.generate_unique_id, - :except => :default_session_key - - session :cookie_only => false, - :only => :allow_session_fixation - - def default_session_key - render :text => "default_session_key" - end - - def custom_session_key - render :text => "custom_session_key: #{params[:id]}" - end - - def allow_session_fixation - render :text => "allow_session_fixation" - end - - def rescue_action(e) raise end - end - - def setup - @controller = TestController.new - end - - def test_should_be_able_to_make_a_successful_request - with_test_route_set do - assert_nothing_raised do - get '/custom_session_key', :id => "1" - end - assert_equal 'custom_session_key: 1', @controller.response.body - assert_not_nil @controller.session - end - end - - def test_should_catch_session_fixation_attempt - with_test_route_set do - assert_raises(ActionController::RackRequest::SessionFixationAttempt) do - get '/custom_session_key', :_myapp_session_id => "42" - end - assert_nil @controller.session - end - end - - def test_should_not_catch_session_fixation_attempt_when_cookie_only_setting_is_disabled - with_test_route_set do - assert_nothing_raised do - get '/allow_session_fixation', :_myapp_session_id => "42" - end - assert !@controller.response.body.blank? - assert_not_nil @controller.session - end - end - - def test_should_catch_session_fixation_attempt_with_default_session_key - # using the default session_key is not possible with cookie store - ActionController::Base.session_store = :p_store - - with_test_route_set do - assert_raises ActionController::RackRequest::SessionFixationAttempt do - get '/default_session_key', :_session_id => "42" - end - assert_nil @controller.response - assert_nil @controller.session - end - end - - private - def with_test_route_set - with_routing do |set| - set.draw do |map| - map.with_options :controller => "session_fixation_test/test" do |c| - c.connect "/:action" - end - end - yield - end - end -end +# require 'abstract_unit' +# +# class SessionFixationTest < ActionController::IntegrationTest +# class TestController < ActionController::Base +# session :session_key => '_myapp_session_id', +# :secret => CGI::Session.generate_unique_id, +# :except => :default_session_key +# +# session :cookie_only => false, +# :only => :allow_session_fixation +# +# def default_session_key +# render :text => "default_session_key" +# end +# +# def custom_session_key +# render :text => "custom_session_key: #{params[:id]}" +# end +# +# def allow_session_fixation +# render :text => "allow_session_fixation" +# end +# +# def rescue_action(e) raise end +# end +# +# def setup +# @controller = TestController.new +# end +# +# def test_should_be_able_to_make_a_successful_request +# with_test_route_set do +# assert_nothing_raised do +# get '/custom_session_key', :id => "1" +# end +# assert_equal 'custom_session_key: 1', @controller.response.body +# assert_not_nil @controller.session +# end +# end +# +# def test_should_catch_session_fixation_attempt +# with_test_route_set do +# assert_raises(ActionController::RackRequest::SessionFixationAttempt) do +# get '/custom_session_key', :_myapp_session_id => "42" +# end +# assert_nil @controller.session +# end +# end +# +# def test_should_not_catch_session_fixation_attempt_when_cookie_only_setting_is_disabled +# with_test_route_set do +# assert_nothing_raised do +# get '/allow_session_fixation', :_myapp_session_id => "42" +# end +# assert !@controller.response.body.blank? +# assert_not_nil @controller.session +# end +# end +# +# def test_should_catch_session_fixation_attempt_with_default_session_key +# # using the default session_key is not possible with cookie store +# ActionController::Base.session_store = :p_store +# +# with_test_route_set do +# assert_raises ActionController::RackRequest::SessionFixationAttempt do +# get '/default_session_key', :_session_id => "42" +# end +# assert_nil @controller.response +# assert_nil @controller.session +# end +# end +# +# private +# def with_test_route_set +# with_routing do |set| +# set.draw do |map| +# map.with_options :controller => "session_fixation_test/test" do |c| +# c.connect "/:action" +# end +# end +# yield +# end +# end +# end diff --git a/actionpack/test/controller/session_management_test.rb b/actionpack/test/controller/session_management_test.rb deleted file mode 100644 index 592b0b549d..0000000000 --- a/actionpack/test/controller/session_management_test.rb +++ /dev/null @@ -1,178 +0,0 @@ -require 'abstract_unit' - -class SessionManagementTest < Test::Unit::TestCase - class SessionOffController < ActionController::Base - session :off - - def show - render :text => "done" - end - - def tell - render :text => "done" - end - end - - class SessionOffOnController < ActionController::Base - session :off - session :on, :only => :tell - - def show - render :text => "done" - end - - def tell - render :text => "done" - end - end - - class TestController < ActionController::Base - session :off, :only => :show - session :session_secure => true, :except => :show - session :off, :only => :conditional, - :if => Proc.new { |r| r.parameters[:ws] } - - def show - render :text => "done" - end - - def tell - render :text => "done" - end - - def conditional - render :text => ">>>#{params[:ws]}<<<" - end - end - - class SpecializedController < SessionOffController - session :disabled => false, :only => :something - - def something - render :text => "done" - end - - def another - render :text => "done" - end - end - - class AssociationCachingTestController < ActionController::Base - class ObjectWithAssociationCache - def initialize - @cached_associations = false - end - - def fetch_associations - @cached_associations = true - end - - def clear_association_cache - @cached_associations = false - end - - def has_cached_associations? - @cached_associations - end - end - - def show - session[:object] = ObjectWithAssociationCache.new - session[:object].fetch_associations - if session[:object].has_cached_associations? - render :text => "has cached associations" - else - render :text => "does not have cached associations" - end - end - - def tell - if session[:object] - if session[:object].has_cached_associations? - render :text => "has cached associations" - else - render :text => "does not have cached associations" - end - else - render :text => "there is no object" - end - end - end - - - def setup - @request, @response = ActionController::TestRequest.new, - ActionController::TestResponse.new - end - - def test_session_off_globally - @controller = SessionOffController.new - get :show - assert_equal false, @request.session_options - get :tell - assert_equal false, @request.session_options - end - - def test_session_off_then_on_globally - @controller = SessionOffOnController.new - get :show - assert_equal false, @request.session_options - get :tell - assert_instance_of Hash, @request.session_options - assert_equal false, @request.session_options[:disabled] - end - - def test_session_off_conditionally - @controller = TestController.new - get :show - assert_equal false, @request.session_options - get :tell - assert_instance_of Hash, @request.session_options - assert @request.session_options[:session_secure] - end - - def test_controller_specialization_overrides_settings - @controller = SpecializedController.new - get :something - assert_instance_of Hash, @request.session_options - get :another - assert_equal false, @request.session_options - end - - def test_session_off_with_if - @controller = TestController.new - get :conditional - assert_instance_of Hash, @request.session_options - get :conditional, :ws => "ws" - assert_equal false, @request.session_options - end - - def test_session_store_setting - ActionController::Base.session_store = :drb_store - assert_equal CGI::Session::DRbStore, ActionController::Base.session_store - - if Object.const_defined?(:ActiveRecord) - ActionController::Base.session_store = :active_record_store - assert_equal CGI::Session::ActiveRecordStore, ActionController::Base.session_store - end - end - - def test_process_cleanup_with_session_management_support - @controller = AssociationCachingTestController.new - get :show - assert_equal "has cached associations", @response.body - get :tell - assert_equal "does not have cached associations", @response.body - end - - def test_session_is_enabled - @controller = TestController.new - get :show - assert_nothing_raised do - assert_equal false, @controller.session_enabled? - end - - get :tell - assert @controller.session_enabled? - end -end diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb index 4c44ea4205..e89d6bb960 100644 --- a/actionpack/test/controller/webservice_test.rb +++ b/actionpack/test/controller/webservice_test.rb @@ -2,8 +2,6 @@ require 'abstract_unit' class WebServiceTest < ActionController::IntegrationTest class TestController < ActionController::Base - session :off - def assign_parameters if params[:full] render :text => dump_params_keys diff --git a/actionpack/test/view/test_case_test.rb b/actionpack/test/view/test_case_test.rb new file mode 100644 index 0000000000..9124198b28 --- /dev/null +++ b/actionpack/test/view/test_case_test.rb @@ -0,0 +1,8 @@ +require 'abstract_unit' + +class TestCaseTest < ActionView::TestCase + def test_should_have_current_url + controller = TestController.new + assert_nothing_raised(NoMethodError){ controller.url_for({:controller => "foo", :action => "index"}) } + end +end |