7 files changed, 287 insertions, 24 deletions
diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb
index 08a25bfdb8..fbc94a0df7 100644
--- a/actionpack/test/controller/http_basic_authentication_test.rb
+++ b/actionpack/test/controller/http_basic_authentication_test.rb
@@ -1,35 +1,35 @@
 require 'abstract_unit'
 
-class DummyController < ActionController::Base
-  before_filter :authenticate, :only => :index
-  before_filter :authenticate_with_request, :only => :display
+class HttpBasicAuthenticationTest < ActionController::TestCase
+  class DummyController < ActionController::Base
+    before_filter :authenticate, :only => :index
+    before_filter :authenticate_with_request, :only => :display
 
-  def index
-    render :text => "Hello Secret"
-  end
+    def index
+      render :text => "Hello Secret"
+    end
 
-  def display
-    render :text => 'Definitely Maybe'
-  end
+    def display
+      render :text => 'Definitely Maybe'
+    end
 
-  private
+    private
 
-  def authenticate
-    authenticate_or_request_with_http_basic do |username, password|
-      username == 'lifo' && password == 'world'
+    def authenticate
+      authenticate_or_request_with_http_basic do |username, password|
+        username == 'lifo' && password == 'world'
+      end
     end
-  end
 
-  def authenticate_with_request
-    if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' }
-      @logged_in = true
-    else
-      request_http_basic_authentication("SuperSecret")
+    def authenticate_with_request
+      if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' }
+        @logged_in = true
+      else
+        request_http_basic_authentication("SuperSecret")
+      end
     end
   end
-end
 
-class HttpBasicAuthenticationTest < ActionController::TestCase
   AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
 
   tests DummyController
diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
new file mode 100644
index 0000000000..59f7a403b5
--- /dev/null
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -0,0 +1,130 @@
+require 'abstract_unit'
+
+class HttpDigestAuthenticationTest < ActionController::TestCase
+  class DummyDigestController < ActionController::Base
+    before_filter :authenticate, :only => :index
+    before_filter :authenticate_with_request, :only => :display
+
+    USERS = { 'lifo' => 'world', 'pretty' => 'please' }
+
+    def index
+      render :text => "Hello Secret"
+    end
+
+    def display
+      render :text => 'Definitely Maybe'
+    end
+
+    private
+
+    def authenticate
+      authenticate_or_request_with_http_digest("SuperSecret") do |username|
+        # Return the password
+        USERS[username]
+      end
+    end
+
+    def authenticate_with_request
+      if authenticate_with_http_digest("SuperSecret")  { |username| USERS[username] }
+        @logged_in = true
+      else
+        request_http_digest_authentication("SuperSecret", "Authentication Failed")
+      end
+    end
+  end
+
+  AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
+
+  tests DummyDigestController
+
+  AUTH_HEADERS.each do |header|
+    test "successful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials(:username => 'lifo', :password => 'world')
+      get :index
+
+      assert_response :success
+      assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}"
+    end
+  end
+
+  AUTH_HEADERS.each do |header|
+    test "unsuccessful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials(:username => 'h4x0r', :password => 'world')
+      get :index
+
+      assert_response :unauthorized
+      assert_equal "HTTP Digest: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}"
+    end
+  end
+
+  test "authentication request without credential" do
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+    credentials = decode_credentials(@response.headers['WWW-Authenticate'])
+    assert_equal 'SuperSecret', credentials[:realm]
+  end
+
+  test "authentication request with invalid password" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo')
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid nonce" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please', :nonce => "xxyyzz")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid opaque" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :opaque => "xxyyzz")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid realm" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :realm => "NotSecret")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with valid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  private
+
+  def encode_credentials(options)
+    options.reverse_merge!(:nc => "00000001", :cnonce => "0a4f113b")
+    password = options.delete(:password)
+
+    # Perform unautheticated get to retrieve digest parameters to use on subsequent request
+    get :index
+
+    assert_response :unauthorized
+
+    credentials = decode_credentials(@response.headers['WWW-Authenticate'])
+    credentials.merge!(options)
+    credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}")
+    ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password)
+  end
+
+  def decode_credentials(header)
+    ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
+  end
+end
+\ No newline at end of file
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index a339bb524c..72b33629ff 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -274,6 +274,9 @@ class TestController < ActionController::Base
   def render_explicit_html_template
   end
 
+  def render_implicit_html_template_from_xhr_request
+  end
+
   def formatted_html_erb
   end
 
@@ -1010,6 +1013,11 @@ class RenderTest < ActionController::TestCase
     end
   end
 
+  def test_should_implicitly_render_html_template_from_xhr_request
+    get :render_implicit_html_template_from_xhr_request, :format => :js
+    assert_equal "Hello HTML!", @response.body
+  end
+
   def test_should_render_formatted_template
     get :formatted_html_erb
     assert_equal 'formatted html erb', @response.body
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index d77be31c9a..3a1a9854c3 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -11,8 +11,7 @@ class CookieStoreTest < ActionController::IntegrationTest
 
   Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1')
 
-  SignedBar = "BAh7BjoIZm9vIghiYXI%3D--" +
-    "fef868465920f415f2c0652d6910d3af288a0367"
+  SignedBar = "BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367"
 
   class TestController < ActionController::Base
     def no_session_access
@@ -177,6 +176,36 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
+  def test_session_store_with_expire_after
+    app = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret, :expire_after => 5.hours)
+    @integration_session = open_session(app)
+
+    with_test_route_set do
+      # First request accesses the session
+      time = Time.local(2008, 4, 24)
+      Time.stubs(:now).returns(time)
+      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT")
+
+      cookies[SessionKey] = SignedBar
+
+      get '/set_session_value'
+      assert_response :success
+
+      cookie_body = response.body
+      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie']
+
+      # Second request does not access the session
+      time = Time.local(2008, 4, 25)
+      Time.stubs(:now).returns(time)
+      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT")
+
+      get '/no_session_access'
+      assert_response :success
+
+      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie']
+    end
+  end
+
   private
     def with_test_route_set
       with_routing do |set|
diff --git a/actionpack/test/controller/session/test_session_test.rb b/actionpack/test/controller/session/test_session_test.rb
new file mode 100644
index 0000000000..83103be3ec
--- /dev/null
+++ b/actionpack/test/controller/session/test_session_test.rb
@@ -0,0 +1,58 @@
+require 'abstract_unit'
+require 'stringio'
+
+class ActionController::TestSessionTest < ActiveSupport::TestCase
+  
+  def test_calling_delete_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
+    assert_deprecated(/use clear instead/){ ActionController::TestSession.new.delete }
+  end
+  
+  def test_calling_update_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
+    assert_deprecated(/use replace instead/){ ActionController::TestSession.new.update }
+  end
+  
+  def test_calling_close_raises_deprecation_warning
+    assert_deprecated(/sessions should no longer be closed/){ ActionController::TestSession.new.close }
+  end
+  
+  def test_defaults
+    session = ActionController::TestSession.new
+    assert_equal({}, session.data)
+    assert_equal('', session.session_id)
+  end
+  
+  def test_ctor_allows_setting
+    session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
+    assert_equal('one', session[:one])
+    assert_equal('two', session[:two])
+  end
+  
+  def test_setting_session_item_sets_item
+    session = ActionController::TestSession.new
+    session[:key] = 'value'
+    assert_equal('value', session[:key])
+  end
+  
+  def test_calling_delete_removes item
+    session = ActionController::TestSession.new
+    session[:key] = 'value'
+    assert_equal('value', session[:key])
+    session.delete(:key)
+    assert_nil(session[:key])
+  end
+  
+  def test_calling_update_with_params_passes_to_attributes
+    session = ActionController::TestSession.new()
+    session.update('key' => 'value')
+    assert_equal('value', session[:key])
+  end
+  
+  def test_clear_emptys_session
+    params = {:one => 'one', :two => 'two'}
+    session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
+    session.clear
+    assert_nil(session[:one])
+    assert_nil(session[:two])
+  end
+  
+end
+\ No newline at end of file
diff --git a/actionpack/test/controller/test_test.rb b/actionpack/test/controller/test_test.rb
index 5708a1768f..d378188b43 100644
--- a/actionpack/test/controller/test_test.rb
+++ b/actionpack/test/controller/test_test.rb
@@ -23,6 +23,11 @@ class TestTest < ActionController::TestCase
       render :text => 'Success'
     end
 
+    def reset_the_session
+      reset_session
+      render :text => 'ignore me'
+    end
+
     def render_raw_post
       raise ActiveSupport::TestCase::Assertion, "#raw_post is blank" if request.raw_post.blank?
       render :text => request.raw_post
@@ -171,6 +176,24 @@ XML
     assert_equal 'value2', session[:symbol]
   end
 
+  def test_session_is_cleared_from_controller_after_reset_session
+    process :set_session
+    process :reset_the_session
+    assert_equal Hash.new, @controller.session.to_hash
+  end
+
+  def test_session_is_cleared_from_response_after_reset_session
+    process :set_session
+    process :reset_the_session
+    assert_equal Hash.new, @response.session.to_hash
+  end
+
+  def test_session_is_cleared_from_request_after_reset_session
+    process :set_session
+    process :reset_the_session
+    assert_equal Hash.new, @request.session.to_hash
+  end
+
   def test_process_with_request_uri_with_no_params
     process :test_uri
     assert_equal "/test_test/test/test_uri", @response.body
diff --git a/actionpack/test/controller/url_rewriter_test.rb b/actionpack/test/controller/url_rewriter_test.rb
index e9d372544e..09a8356fec 100644
--- a/actionpack/test/controller/url_rewriter_test.rb
+++ b/actionpack/test/controller/url_rewriter_test.rb
@@ -303,7 +303,6 @@ class UrlWriterTests < ActionController::TestCase
 
   def test_named_routes_with_nil_keys
     ActionController::Routing::Routes.clear!
-    add_host!
     ActionController::Routing::Routes.draw do |map|
       map.main '', :controller => 'posts'
       map.resources :posts
@@ -311,6 +310,8 @@ class UrlWriterTests < ActionController::TestCase
     end
     # We need to create a new class in order to install the new named route.
     kls = Class.new { include ActionController::UrlWriter }
+    kls.default_url_options[:host] = 'www.basecamphq.com'
+
     controller = kls.new
     params = {:action => :index, :controller => :posts, :format => :xml}
     assert_equal("http://www.basecamphq.com/posts.xml", controller.send(:url_for, params))    
@@ -337,6 +338,20 @@ class UrlWriterTests < ActionController::TestCase
   ensure
     ActionController::Routing::Routes.load!
   end
+
+  def test_multiple_includes_maintain_distinct_options
+    first_class = Class.new { include ActionController::UrlWriter }
+    second_class = Class.new { include ActionController::UrlWriter }
+
+    first_host, second_host = 'firsthost.com', 'secondhost.com'
+
+    first_class.default_url_options[:host] = first_host
+    second_class.default_url_options[:host] = second_host
+
+    assert_equal first_class.default_url_options[:host], first_host
+    assert_equal second_class.default_url_options[:host], second_host
+  end
+
   private
     def extract_params(url)
       url.split('?', 2).last.split('&')