diff options
Diffstat (limited to 'actionpack/test/controller')
-rw-r--r-- | actionpack/test/controller/http_basic_authentication_test.rb | 42 | ||||
-rw-r--r-- | actionpack/test/controller/http_digest_authentication_test.rb | 130 | ||||
-rw-r--r-- | actionpack/test/controller/render_test.rb | 8 | ||||
-rw-r--r-- | actionpack/test/controller/session/cookie_store_test.rb | 33 | ||||
-rw-r--r-- | actionpack/test/controller/session/test_session_test.rb | 58 | ||||
-rw-r--r-- | actionpack/test/controller/test_test.rb | 23 | ||||
-rw-r--r-- | actionpack/test/controller/url_rewriter_test.rb | 17 |
7 files changed, 287 insertions, 24 deletions
diff --git a/actionpack/test/controller/http_basic_authentication_test.rb b/actionpack/test/controller/http_basic_authentication_test.rb index 08a25bfdb8..fbc94a0df7 100644 --- a/actionpack/test/controller/http_basic_authentication_test.rb +++ b/actionpack/test/controller/http_basic_authentication_test.rb @@ -1,35 +1,35 @@ require 'abstract_unit' -class DummyController < ActionController::Base - before_filter :authenticate, :only => :index - before_filter :authenticate_with_request, :only => :display +class HttpBasicAuthenticationTest < ActionController::TestCase + class DummyController < ActionController::Base + before_filter :authenticate, :only => :index + before_filter :authenticate_with_request, :only => :display - def index - render :text => "Hello Secret" - end + def index + render :text => "Hello Secret" + end - def display - render :text => 'Definitely Maybe' - end + def display + render :text => 'Definitely Maybe' + end - private + private - def authenticate - authenticate_or_request_with_http_basic do |username, password| - username == 'lifo' && password == 'world' + def authenticate + authenticate_or_request_with_http_basic do |username, password| + username == 'lifo' && password == 'world' + end end - end - def authenticate_with_request - if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' } - @logged_in = true - else - request_http_basic_authentication("SuperSecret") + def authenticate_with_request + if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' } + @logged_in = true + else + request_http_basic_authentication("SuperSecret") + end end end -end -class HttpBasicAuthenticationTest < ActionController::TestCase AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION'] tests DummyController diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb new file mode 100644 index 0000000000..59f7a403b5 --- /dev/null +++ b/actionpack/test/controller/http_digest_authentication_test.rb @@ -0,0 +1,130 @@ +require 'abstract_unit' + +class HttpDigestAuthenticationTest < ActionController::TestCase + class DummyDigestController < ActionController::Base + before_filter :authenticate, :only => :index + before_filter :authenticate_with_request, :only => :display + + USERS = { 'lifo' => 'world', 'pretty' => 'please' } + + def index + render :text => "Hello Secret" + end + + def display + render :text => 'Definitely Maybe' + end + + private + + def authenticate + authenticate_or_request_with_http_digest("SuperSecret") do |username| + # Return the password + USERS[username] + end + end + + def authenticate_with_request + if authenticate_with_http_digest("SuperSecret") { |username| USERS[username] } + @logged_in = true + else + request_http_digest_authentication("SuperSecret", "Authentication Failed") + end + end + end + + AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION'] + + tests DummyDigestController + + AUTH_HEADERS.each do |header| + test "successful authentication with #{header.downcase}" do + @request.env[header] = encode_credentials(:username => 'lifo', :password => 'world') + get :index + + assert_response :success + assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}" + end + end + + AUTH_HEADERS.each do |header| + test "unsuccessful authentication with #{header.downcase}" do + @request.env[header] = encode_credentials(:username => 'h4x0r', :password => 'world') + get :index + + assert_response :unauthorized + assert_equal "HTTP Digest: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}" + end + end + + test "authentication request without credential" do + get :display + + assert_response :unauthorized + assert_equal "Authentication Failed", @response.body + credentials = decode_credentials(@response.headers['WWW-Authenticate']) + assert_equal 'SuperSecret', credentials[:realm] + end + + test "authentication request with invalid password" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo') + get :display + + assert_response :unauthorized + assert_equal "Authentication Failed", @response.body + end + + test "authentication request with invalid nonce" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please', :nonce => "xxyyzz") + get :display + + assert_response :unauthorized + assert_equal "Authentication Failed", @response.body + end + + test "authentication request with invalid opaque" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :opaque => "xxyyzz") + get :display + + assert_response :unauthorized + assert_equal "Authentication Failed", @response.body + end + + test "authentication request with invalid realm" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :realm => "NotSecret") + get :display + + assert_response :unauthorized + assert_equal "Authentication Failed", @response.body + end + + test "authentication request with valid credential" do + @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please') + get :display + + assert_response :success + assert assigns(:logged_in) + assert_equal 'Definitely Maybe', @response.body + end + + private + + def encode_credentials(options) + options.reverse_merge!(:nc => "00000001", :cnonce => "0a4f113b") + password = options.delete(:password) + + # Perform unautheticated get to retrieve digest parameters to use on subsequent request + get :index + + assert_response :unauthorized + + credentials = decode_credentials(@response.headers['WWW-Authenticate']) + credentials.merge!(options) + credentials.merge!(:uri => "http://#{@request.host}#{@request.env['REQUEST_URI']}") + ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password) + end + + def decode_credentials(header) + ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate']) + end +end
\ No newline at end of file diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index a339bb524c..72b33629ff 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -274,6 +274,9 @@ class TestController < ActionController::Base def render_explicit_html_template end + def render_implicit_html_template_from_xhr_request + end + def formatted_html_erb end @@ -1010,6 +1013,11 @@ class RenderTest < ActionController::TestCase end end + def test_should_implicitly_render_html_template_from_xhr_request + get :render_implicit_html_template_from_xhr_request, :format => :js + assert_equal "Hello HTML!", @response.body + end + def test_should_render_formatted_template get :formatted_html_erb assert_equal 'formatted html erb', @response.body diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d77be31c9a..3a1a9854c3 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -11,8 +11,7 @@ class CookieStoreTest < ActionController::IntegrationTest Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1') - SignedBar = "BAh7BjoIZm9vIghiYXI%3D--" + - "fef868465920f415f2c0652d6910d3af288a0367" + SignedBar = "BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367" class TestController < ActionController::Base def no_session_access @@ -177,6 +176,36 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_session_store_with_expire_after + app = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret, :expire_after => 5.hours) + @integration_session = open_session(app) + + with_test_route_set do + # First request accesses the session + time = Time.local(2008, 4, 24) + Time.stubs(:now).returns(time) + expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT") + + cookies[SessionKey] = SignedBar + + get '/set_session_value' + assert_response :success + + cookie_body = response.body + assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + + # Second request does not access the session + time = Time.local(2008, 4, 25) + Time.stubs(:now).returns(time) + expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT") + + get '/no_session_access' + assert_response :success + + assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + end + end + private def with_test_route_set with_routing do |set| diff --git a/actionpack/test/controller/session/test_session_test.rb b/actionpack/test/controller/session/test_session_test.rb new file mode 100644 index 0000000000..83103be3ec --- /dev/null +++ b/actionpack/test/controller/session/test_session_test.rb @@ -0,0 +1,58 @@ +require 'abstract_unit' +require 'stringio' + +class ActionController::TestSessionTest < ActiveSupport::TestCase + + def test_calling_delete_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session + assert_deprecated(/use clear instead/){ ActionController::TestSession.new.delete } + end + + def test_calling_update_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session + assert_deprecated(/use replace instead/){ ActionController::TestSession.new.update } + end + + def test_calling_close_raises_deprecation_warning + assert_deprecated(/sessions should no longer be closed/){ ActionController::TestSession.new.close } + end + + def test_defaults + session = ActionController::TestSession.new + assert_equal({}, session.data) + assert_equal('', session.session_id) + end + + def test_ctor_allows_setting + session = ActionController::TestSession.new({:one => 'one', :two => 'two'}) + assert_equal('one', session[:one]) + assert_equal('two', session[:two]) + end + + def test_setting_session_item_sets_item + session = ActionController::TestSession.new + session[:key] = 'value' + assert_equal('value', session[:key]) + end + + def test_calling_delete_removes item + session = ActionController::TestSession.new + session[:key] = 'value' + assert_equal('value', session[:key]) + session.delete(:key) + assert_nil(session[:key]) + end + + def test_calling_update_with_params_passes_to_attributes + session = ActionController::TestSession.new() + session.update('key' => 'value') + assert_equal('value', session[:key]) + end + + def test_clear_emptys_session + params = {:one => 'one', :two => 'two'} + session = ActionController::TestSession.new({:one => 'one', :two => 'two'}) + session.clear + assert_nil(session[:one]) + assert_nil(session[:two]) + end + +end
\ No newline at end of file diff --git a/actionpack/test/controller/test_test.rb b/actionpack/test/controller/test_test.rb index 5708a1768f..d378188b43 100644 --- a/actionpack/test/controller/test_test.rb +++ b/actionpack/test/controller/test_test.rb @@ -23,6 +23,11 @@ class TestTest < ActionController::TestCase render :text => 'Success' end + def reset_the_session + reset_session + render :text => 'ignore me' + end + def render_raw_post raise ActiveSupport::TestCase::Assertion, "#raw_post is blank" if request.raw_post.blank? render :text => request.raw_post @@ -171,6 +176,24 @@ XML assert_equal 'value2', session[:symbol] end + def test_session_is_cleared_from_controller_after_reset_session + process :set_session + process :reset_the_session + assert_equal Hash.new, @controller.session.to_hash + end + + def test_session_is_cleared_from_response_after_reset_session + process :set_session + process :reset_the_session + assert_equal Hash.new, @response.session.to_hash + end + + def test_session_is_cleared_from_request_after_reset_session + process :set_session + process :reset_the_session + assert_equal Hash.new, @request.session.to_hash + end + def test_process_with_request_uri_with_no_params process :test_uri assert_equal "/test_test/test/test_uri", @response.body diff --git a/actionpack/test/controller/url_rewriter_test.rb b/actionpack/test/controller/url_rewriter_test.rb index e9d372544e..09a8356fec 100644 --- a/actionpack/test/controller/url_rewriter_test.rb +++ b/actionpack/test/controller/url_rewriter_test.rb @@ -303,7 +303,6 @@ class UrlWriterTests < ActionController::TestCase def test_named_routes_with_nil_keys ActionController::Routing::Routes.clear! - add_host! ActionController::Routing::Routes.draw do |map| map.main '', :controller => 'posts' map.resources :posts @@ -311,6 +310,8 @@ class UrlWriterTests < ActionController::TestCase end # We need to create a new class in order to install the new named route. kls = Class.new { include ActionController::UrlWriter } + kls.default_url_options[:host] = 'www.basecamphq.com' + controller = kls.new params = {:action => :index, :controller => :posts, :format => :xml} assert_equal("http://www.basecamphq.com/posts.xml", controller.send(:url_for, params)) @@ -337,6 +338,20 @@ class UrlWriterTests < ActionController::TestCase ensure ActionController::Routing::Routes.load! end + + def test_multiple_includes_maintain_distinct_options + first_class = Class.new { include ActionController::UrlWriter } + second_class = Class.new { include ActionController::UrlWriter } + + first_host, second_host = 'firsthost.com', 'secondhost.com' + + first_class.default_url_options[:host] = first_host + second_class.default_url_options[:host] = second_host + + assert_equal first_class.default_url_options[:host], first_host + assert_equal second_class.default_url_options[:host], second_host + end + private def extract_params(url) url.split('?', 2).last.split('&') |