diff options
Diffstat (limited to 'actionpack/test/controller')
8 files changed, 184 insertions, 25 deletions
diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 7faf3cd8c6..9c2619dc3d 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -393,9 +393,14 @@ class CollectionCacheController < ActionController::Base @customers = [Customer.new('david', 1)] render partial: 'customers/commented_customer', collection: @customers, as: :customer, cached: true end + + def index_with_callable_cache_key + @customers = [Customer.new('david', 1)] + render partial: 'customers/customer', collection: @customers, cached: -> customer { 'cached_david' } + end end -class AutomaticCollectionCacheTest < ActionController::TestCase +class CollectionCacheTest < ActionController::TestCase def setup super @controller = CollectionCacheController.new @@ -438,6 +443,11 @@ class AutomaticCollectionCacheTest < ActionController::TestCase assert_equal 1, @controller.partial_rendered_times end + def test_caching_with_callable_cache_key + get :index_with_callable_cache_key + assert_customer_cached 'cached_david', 'david, 1' + end + private def assert_customer_cached(key, content) assert_match content, diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 3b89531e90..e02b0b267d 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -625,6 +625,20 @@ class IntegrationProcessTest < ActionDispatch::IntegrationTest end end + def test_post_then_get_with_parameters_do_not_leak_across_requests + with_test_route_set do + post '/post', params: { leaks: "does-leak?" } + + get '/get_with_params', params: { foo: "bar" } + + assert request.env['rack.input'].string.empty? + assert_equal 'foo=bar', request.env["QUERY_STRING"] + assert_equal 'foo=bar', request.query_string + assert_equal 'bar', request.parameters['foo'] + assert request.parameters['leaks'].nil? + end + end + def test_head with_test_route_set do head '/get' diff --git a/actionpack/test/controller/parameters/dup_test.rb b/actionpack/test/controller/parameters/dup_test.rb new file mode 100644 index 0000000000..66bc8155c8 --- /dev/null +++ b/actionpack/test/controller/parameters/dup_test.rb @@ -0,0 +1,43 @@ +require 'abstract_unit' +require 'action_controller/metal/strong_parameters' + +class ParametersDupTest < ActiveSupport::TestCase + setup do + ActionController::Parameters.permit_all_parameters = false + + @params = ActionController::Parameters.new( + person: { + age: '32', + name: { + first: 'David', + last: 'Heinemeier Hansson' + }, + addresses: [{city: 'Chicago', state: 'Illinois'}] + } + ) + end + + test "a duplicate maintains the original's permitted status" do + @params.permit! + dupped_params = @params.dup + assert dupped_params.permitted? + end + + test "a duplicate maintains the original's parameters" do + @params.permit! + dupped_params = @params.dup + assert_equal @params.to_h, dupped_params.to_h + end + + test "changes to a duplicate's parameters do not affect the original" do + dupped_params = @params.dup + dupped_params.delete(:person) + assert_not_equal @params, dupped_params + end + + test "changes to a duplicate's permitted status do not affect the original" do + dupped_params = @params.dup + dupped_params.permit! + assert_not_equal @params, dupped_params + end +end diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 2eed2996f6..2dd94c7230 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -245,11 +245,6 @@ class ParametersPermitTest < ActiveSupport::TestCase assert_equal "Jonas", @params[:person][:family][:brother] end - test "permit state is kept on a dup" do - @params.permit! - assert_equal @params.permitted?, @params.dup.permitted? - end - test "permit is recursive" do @params.permit! assert @params.permitted? diff --git a/actionpack/test/controller/parameters/serialization_test.rb b/actionpack/test/controller/parameters/serialization_test.rb new file mode 100644 index 0000000000..c9d38c1f48 --- /dev/null +++ b/actionpack/test/controller/parameters/serialization_test.rb @@ -0,0 +1,55 @@ +require 'abstract_unit' +require 'action_controller/metal/strong_parameters' +require 'active_support/core_ext/string/strip' + +class ParametersSerializationTest < ActiveSupport::TestCase + setup do + @old_permitted_parameters = ActionController::Parameters.permit_all_parameters + ActionController::Parameters.permit_all_parameters = false + end + + teardown do + ActionController::Parameters.permit_all_parameters = @old_permitted_parameters + end + + test 'yaml serialization' do + params = ActionController::Parameters.new(key: :value) + assert_equal <<-end_of_yaml.strip_heredoc, YAML.dump(params) + --- !ruby/object:ActionController::Parameters + parameters: !ruby/hash:ActiveSupport::HashWithIndifferentAccess + key: :value + permitted: false + end_of_yaml + end + + test 'yaml deserialization' do + params = ActionController::Parameters.new(key: :value) + roundtripped = YAML.load(YAML.dump(params)) + + assert_equal params, roundtripped + assert_not roundtripped.permitted? + end + + test 'yaml backwardscompatible with psych 2.0.8 format' do + params = YAML.load <<-end_of_yaml.strip_heredoc + --- !ruby/hash:ActionController::Parameters + key: :value + end_of_yaml + + assert_equal :value, params[:key] + assert_not params.permitted? + end + + test 'yaml backwardscompatible with psych 2.0.9+ format' do + params = YAML.load(<<-end_of_yaml.strip_heredoc) + --- !ruby/hash-with-ivars:ActionController::Parameters + elements: + key: :value + ivars: + :@permitted: false + end_of_yaml + + assert_equal :value, params[:key] + assert_not params.permitted? + end +end diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index 652c06af19..e56f6e840a 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -42,6 +42,14 @@ class ImplicitRenderTestController < ActionController::Base end end +module Namespaced + class ImplicitRenderTestController < ActionController::Base + def hello_world + fresh_when(etag: 'abc') + end + end +end + class TestController < ActionController::Base protect_from_forgery @@ -258,6 +266,19 @@ class TestController < ActionController::Base end end +module TemplateModificationHelper + private + def modify_template(name) + path = File.expand_path("../../fixtures/#{name}.erb", __FILE__) + original = File.read(path) + File.write(path, "#{original} Modified!") + ActionView::LookupContext::DetailsKey.clear + yield + ensure + File.write(path, original) + end +end + class MetalTestController < ActionController::Metal include AbstractController::Rendering include ActionView::Rendering @@ -487,6 +508,7 @@ end class EtagRenderTest < ActionController::TestCase tests TestControllerWithExtraEtags + include TemplateModificationHelper def test_strong_etag @request.if_none_match = strong_etag(['strong', 'ab', :cde, [:f]]) @@ -535,7 +557,7 @@ class EtagRenderTest < ActionController::TestCase get :with_template assert_response :not_modified - modify_template(:hello_world) do + modify_template("test/hello_world") do request.if_none_match = etag get :with_template assert_response :ok @@ -552,7 +574,7 @@ class EtagRenderTest < ActionController::TestCase get :with_implicit_template assert_response :not_modified - modify_template(:with_implicit_template) do + modify_template("test/with_implicit_template") do request.if_none_match = etag get :with_implicit_template assert_response :ok @@ -568,16 +590,28 @@ class EtagRenderTest < ActionController::TestCase def strong_etag(record) %("#{Digest::MD5.hexdigest(ActiveSupport::Cache.expand_cache_key(record))}") end +end - def modify_template(name) - path = File.expand_path("../../fixtures/test/#{name}.erb", __FILE__) - original = File.read(path) - File.write(path, "#{original} Modified!") - ActionView::LookupContext::DetailsKey.clear - yield - ensure - File.write(path, original) +class NamespacedEtagRenderTest < ActionController::TestCase + tests Namespaced::ImplicitRenderTestController + include TemplateModificationHelper + + def test_etag_reflects_template_digest + get :hello_world + assert_response :ok + assert_not_nil etag = @response.etag + + request.if_none_match = etag + get :hello_world + assert_response :not_modified + + modify_template("namespaced/implicit_render_test/hello_world") do + request.if_none_match = etag + get :hello_world + assert_response :ok + assert_not_equal etag, @response.etag end + end end class MetalRenderTest < ActionController::TestCase diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index d3f2ec6aa1..37a54e7878 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -509,15 +509,6 @@ end class RequestForgeryProtectionControllerUsingResetSessionTest < ActionController::TestCase include RequestForgeryProtectionTests - setup do - @old_request_forgery_protection_token = ActionController::Base.request_forgery_protection_token - ActionController::Base.request_forgery_protection_token = :custom_authenticity_token - end - - teardown do - ActionController::Base.request_forgery_protection_token = @old_request_forgery_protection_token - end - test 'should emit a csrf-param meta tag and a csrf-token meta tag' do @controller.stub :form_authenticity_token, @token + '<=?' do get :meta @@ -677,6 +668,15 @@ class CustomAuthenticityParamControllerTest < ActionController::TestCase end class PerFormTokensControllerTest < ActionController::TestCase + def setup + @old_request_forgery_protection_token = ActionController::Base.request_forgery_protection_token + ActionController::Base.request_forgery_protection_token = :custom_authenticity_token + end + + def teardown + ActionController::Base.request_forgery_protection_token = @old_request_forgery_protection_token + end + def test_per_form_token_is_same_size_as_global_token get :index expected = ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH diff --git a/actionpack/test/controller/test_case_test.rb b/actionpack/test/controller/test_case_test.rb index ea59156f65..e288b51716 100644 --- a/actionpack/test/controller/test_case_test.rb +++ b/actionpack/test/controller/test_case_test.rb @@ -854,6 +854,14 @@ XML assert_nil cookies['foo'] end + def test_multiple_mixed_method_process_should_scrub_rack_input + post :test_params, params: { id: 1, foo: 'an foo' } + assert_equal({"id"=>"1", "foo" => "an foo", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + + get :test_params, params: { bar: 'an bar' } + assert_equal({"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}, ::JSON.parse(@response.body)) + end + %w(controller response request).each do |variable| %w(get post put delete head process).each do |method| define_method("test_#{variable}_missing_for_#{method}_raises_error") do |