7 files changed, 123 insertions, 42 deletions
diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb
index 22f1cc7c22..03a9c9ae78 100644
--- a/actionpack/test/controller/force_ssl_test.rb
+++ b/actionpack/test/controller/force_ssl_test.rb
@@ -322,3 +322,12 @@ class RedirectToSSLTest < ActionController::TestCase
     assert_equal 'ihaz', response.body
   end
 end
+
+class ForceSSLControllerLevelTest < ActionController::TestCase
+  def test_no_redirect_websocket_ssl_request
+    request.env['rack.url_scheme'] = 'wss'
+    request.env['Upgrade'] = 'websocket'
+    get :cheeseburger
+    assert_response 200
+  end
+end
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index ea50f05f4d..6277407ff7 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -390,7 +390,7 @@ class IntegrationTestUsesCorrectClass < ActionDispatch::IntegrationTest
     reset!
 
     %w( get post head patch put delete ).each do |verb|
-      assert_nothing_raised("'#{verb}' should use integration test methods") { __send__(verb, '/') }
+      assert_nothing_raised { __send__(verb, '/') }
     end
   end
 end
diff --git a/actionpack/test/controller/mime/respond_to_test.rb b/actionpack/test/controller/mime/respond_to_test.rb
index 76e2d3ff43..d0c7b2e06a 100644
--- a/actionpack/test/controller/mime/respond_to_test.rb
+++ b/actionpack/test/controller/mime/respond_to_test.rb
@@ -160,7 +160,14 @@ class RespondToController < ActionController::Base
     end
   end
 
-  def variant_with_implicit_rendering
+  def variant_with_implicit_template_rendering
+    # This has exactly one variant template defined in the file system (+mobile.html.erb),
+    # which raises the regular MissingTemplate error for other variants.
+  end
+
+  def variant_without_implicit_template_rendering
+    # This differs from the above in that it does not have any templates defined in the file
+    # system, which triggers the ImplicitRender (204 No Content) behavior.
   end
 
   def variant_with_format_and_custom_render
@@ -272,6 +279,8 @@ class RespondToController < ActionController::Base
 end
 
 class RespondToControllerTest < ActionController::TestCase
+  NO_CONTENT_WARNING = "No template found for RespondToController#variant_without_implicit_template_rendering, rendering head :no_content"
+
   def setup
     super
     @request.host = "www.example.com"
@@ -616,30 +625,69 @@ class RespondToControllerTest < ActionController::TestCase
   end
 
   def test_invalid_variant
+    assert_raises(ActionController::UnknownFormat) do
+      get :variant_with_implicit_template_rendering, params: { v: :invalid }
+    end
+  end
+
+  def test_variant_not_set_regular_unknown_format
+    assert_raises(ActionController::UnknownFormat) do
+      get :variant_with_implicit_template_rendering
+    end
+  end
+
+  def test_variant_with_implicit_template_rendering
+    get :variant_with_implicit_template_rendering, params: { v: :mobile }
+    assert_equal "text/html", @response.content_type
+    assert_equal "mobile", @response.body
+  end
+
+  def test_variant_without_implicit_rendering_from_browser
+    assert_raises(ActionController::UnknownFormat) do
+      get :variant_without_implicit_template_rendering, params: { v: :does_not_matter }
+    end
+  end
+
+  def test_variant_variant_not_set_and_without_implicit_rendering_from_browser
+    assert_raises(ActionController::UnknownFormat) do
+      get :variant_without_implicit_template_rendering
+    end
+  end
+
+  def test_variant_without_implicit_rendering_from_xhr
     logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
     old_logger, ActionController::Base.logger = ActionController::Base.logger, logger
 
-    get :variant_with_implicit_rendering, params: { v: :invalid }
+    get :variant_without_implicit_template_rendering, xhr: true, params: { v: :does_not_matter }
     assert_response :no_content
-    assert_equal 1, logger.logged(:info).select{ |s| s =~ /No template found/ }.size, "Implicit head :no_content not logged"
+
+    assert_equal 1, logger.logged(:info).select{ |s| s == NO_CONTENT_WARNING }.size, "Implicit head :no_content not logged"
   ensure
     ActionController::Base.logger = old_logger
   end
 
-  def test_variant_not_set_regular_template_missing
-    get :variant_with_implicit_rendering
+  def test_variant_without_implicit_rendering_from_api
+    logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
+    old_logger, ActionController::Base.logger = ActionController::Base.logger, logger
+
+    get :variant_without_implicit_template_rendering, format: 'json', params: { v: :does_not_matter }
     assert_response :no_content
+
+    assert_equal 1, logger.logged(:info).select{ |s| s == NO_CONTENT_WARNING }.size, "Implicit head :no_content not logged"
+  ensure
+    ActionController::Base.logger = old_logger
   end
 
-  def test_variant_with_implicit_rendering
-    get :variant_with_implicit_rendering, params: { v: :implicit }
+  def test_variant_variant_not_set_and_without_implicit_rendering_from_xhr
+    logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new
+    old_logger, ActionController::Base.logger = ActionController::Base.logger, logger
+
+    get :variant_without_implicit_template_rendering, xhr: true
     assert_response :no_content
-  end
 
-  def test_variant_with_implicit_template_rendering
-    get :variant_with_implicit_rendering, params: { v: :mobile }
-    assert_equal "text/html", @response.content_type
-    assert_equal "mobile", @response.body
+    assert_equal 1, logger.logged(:info).select { |s| s == NO_CONTENT_WARNING }.size, "Implicit head :no_content not logged"
+  ensure
+    ActionController::Base.logger = old_logger
   end
 
   def test_variant_with_format_and_custom_render
@@ -778,24 +826,3 @@ class RespondToControllerTest < ActionController::TestCase
     assert_equal "phone", @response.body
   end
 end
-
-class RespondToWithBlockOnDefaultRenderController < ActionController::Base
-  def show
-    default_render do
-      render body: 'default_render yielded'
-    end
-  end
-end
-
-class RespondToWithBlockOnDefaultRenderControllerTest < ActionController::TestCase
-  def setup
-    super
-    @request.host = "www.example.com"
-  end
-
-  def test_default_render_uses_block_when_no_template_exists
-    get :show
-    assert_equal "default_render yielded", @response.body
-    assert_equal "text/plain", @response.content_type
-  end
-end
diff --git a/actionpack/test/controller/parameters/accessors_test.rb b/actionpack/test/controller/parameters/accessors_test.rb
index 4ef5bed30d..cea265f9ab 100644
--- a/actionpack/test/controller/parameters/accessors_test.rb
+++ b/actionpack/test/controller/parameters/accessors_test.rb
@@ -4,6 +4,8 @@ require 'active_support/core_ext/hash/transform_values'
 
 class ParametersAccessorsTest < ActiveSupport::TestCase
   setup do
+    ActionController::Parameters.permit_all_parameters = false
+
     @params = ActionController::Parameters.new(
       person: {
         age: '32',
@@ -176,12 +178,20 @@ class ParametersAccessorsTest < ActiveSupport::TestCase
     assert(@params != false)
   end
 
-  test "inspect shows both class name and parameters" do
+  test "inspect shows both class name, parameters and permitted flag" do
     assert_equal(
       '<ActionController::Parameters {"person"=>{"age"=>"32", '\
-      '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \
-      '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}}>',
+        '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \
+        '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}} permitted: false>',
       @params.inspect
     )
   end
+
+  test "inspect prints updated permitted flag in the output" do
+    assert_match(/permitted: false/, @params.inspect)
+
+    @params.permit!
+
+    assert_match(/permitted: true/, @params.inspect)
+  end
 end
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index 60c6518c62..83d7405e4d 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -26,6 +26,9 @@ end
 class ImplicitRenderTestController < ActionController::Base
   def empty_action
   end
+
+  def empty_action_with_template
+  end
 end
 
 class TestController < ActionController::Base
@@ -537,10 +540,28 @@ end
 class ImplicitRenderTest < ActionController::TestCase
   tests ImplicitRenderTestController
 
-  def test_implicit_no_content_response
-    get :empty_action
+  def test_implicit_no_content_response_as_browser
+    assert_raises(ActionController::UnknownFormat) do
+      get :empty_action
+    end
+  end
+
+  def test_implicit_no_content_response_as_xhr
+    get :empty_action, xhr: true
     assert_response :no_content
   end
+
+  def test_implicit_success_response_with_right_format
+    get :empty_action_with_template
+    assert_equal "<h1>Empty action rendered this implicitly.</h1>\n", @response.body
+    assert_response :success
+  end
+
+  def test_implicit_unknown_format_response
+    assert_raises(ActionController::UnknownFormat) do
+      get :empty_action_with_template, format: 'json'
+    end
+  end
 end
 
 class HeadRenderTest < ActionController::TestCase
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index c645af88d7..f7dcbc1984 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -133,11 +133,11 @@ class PerFormTokensController < ActionController::Base
   self.per_form_csrf_tokens = true
 
   def index
-    render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>"
+    render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>"
   end
 
   def button_to
-    render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>"
+    render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>"
   end
 
   def post_one
@@ -710,6 +710,20 @@ class PerFormTokensControllerTest < ActionController::TestCase
     end
   end
 
+  test "Accepts proper token for implicit post method on button_to tag" do
+    get :button_to
+
+    form_token = assert_presence_and_fetch_form_csrf_token
+
+    assert_matches_session_token_on_server form_token, 'post'
+
+    # This is required because PATH_INFO isn't reset between requests.
+    @request.env['PATH_INFO'] = '/per_form_tokens/post_one'
+    assert_nothing_raised do
+      post :post_one, params: { custom_authenticity_token: form_token }
+    end
+  end
+
   %w{delete post patch}.each do |verb|
     test "Accepts proper token for #{verb} method on button_to tag" do
       get :button_to, params: { form_method: verb }
diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb
index 6d377c4691..daf17558aa 100644
--- a/actionpack/test/controller/webservice_test.rb
+++ b/actionpack/test/controller/webservice_test.rb
@@ -99,7 +99,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest
   def test_parsing_json_doesnot_rescue_exception
     req = Class.new(ActionDispatch::Request) do
       def params_parsers
-        { Mime[:json] => Proc.new { |data| raise Interrupt } }
+        { json: Proc.new { |data| raise Interrupt } }
       end
 
       def content_length; get_header('rack.input').length; end