diff options
Diffstat (limited to 'actionpack/test/dispatch')
20 files changed, 866 insertions, 101 deletions
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index 5ada5a7603..91ac13e7c6 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -1,6 +1,14 @@ require 'abstract_unit' -# FIXME remove DummyKeyGenerator and this require in 4.1 + +begin + require 'openssl' + OpenSSL::PKCS5 +rescue LoadError, NameError + $stderr.puts "Skipping KeyGenerator test: broken OpenSSL install" +else + require 'active_support/key_generator' +require 'active_support/message_verifier' class CookiesTest < ActionController::TestCase class TestController < ActionController::Base @@ -67,11 +75,21 @@ class CookiesTest < ActionController::TestCase head :ok end + def get_signed_cookie + cookies.signed[:user_id] + head :ok + end + def set_encrypted_cookie cookies.encrypted[:foo] = 'bar' head :ok end + def get_encrypted_cookie + cookies.encrypted[:foo] + head :ok + end + def set_invalid_encrypted_cookie cookies[:invalid_cookie] = 'invalid--9170e00a57cfc27083363b5c75b835e477bd90cf' head :ok @@ -330,12 +348,17 @@ class CookiesTest < ActionController::TestCase assert response.headers["Set-Cookie"] =~ /user_name=david/ end - def test_permanent_cookie + def test_set_permanent_cookie get :set_permanent_cookie assert_match(/Jamie/, @response.headers["Set-Cookie"]) assert_match(%r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"]) end + def test_read_permanent_cookie + get :set_permanent_cookie + assert_equal 'Jamie', @controller.send(:cookies).permanent[:user_name] + end + def test_signed_cookie get :set_signed_cookie assert_equal 45, @controller.send(:cookies).signed[:user_id] @@ -394,33 +417,148 @@ class CookiesTest < ActionController::TestCase def test_raises_argument_error_if_missing_secret assert_raise(ArgumentError, nil.inspect) { - @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new(nil) + @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new(nil) get :set_signed_cookie } assert_raise(ArgumentError, ''.inspect) { - @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new("") + @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new("") get :set_signed_cookie } end def test_raises_argument_error_if_secret_is_probably_insecure assert_raise(ArgumentError, "password".inspect) { - @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new("password") + @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new("password") get :set_signed_cookie } assert_raise(ArgumentError, "secret".inspect) { - @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new("secret") + @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new("secret") get :set_signed_cookie } assert_raise(ArgumentError, "12345678901234567890123456789".inspect) { - @request.env["action_dispatch.key_generator"] = ActiveSupport::DummyKeyGenerator.new("12345678901234567890123456789") + @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new("12345678901234567890123456789") get :set_signed_cookie } end + def test_signed_uses_signed_cookie_jar_if_only_secret_token_is_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = nil + get :set_signed_cookie + assert_kind_of ActionDispatch::Cookies::SignedCookieJar, cookies.signed + end + + def test_signed_uses_signed_cookie_jar_if_only_secret_key_base_is_set + @request.env["action_dispatch.secret_token"] = nil + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :set_signed_cookie + assert_kind_of ActionDispatch::Cookies::SignedCookieJar, cookies.signed + end + + def test_signed_uses_upgrade_legacy_signed_cookie_jar_if_both_secret_token_and_secret_key_base_are_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :set_signed_cookie + assert_kind_of ActionDispatch::Cookies::UpgradeLegacySignedCookieJar, cookies.signed + end + + def test_signed_or_encrypted_uses_signed_cookie_jar_if_only_secret_token_is_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = nil + get :get_encrypted_cookie + assert_kind_of ActionDispatch::Cookies::SignedCookieJar, cookies.signed_or_encrypted + end + + def test_signed_or_encrypted_uses_encrypted_cookie_jar_if_only_secret_key_base_is_set + @request.env["action_dispatch.secret_token"] = nil + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :get_encrypted_cookie + assert_kind_of ActionDispatch::Cookies::EncryptedCookieJar, cookies.signed_or_encrypted + end + + def test_signed_or_encrypted_uses_upgrade_legacy_encrypted_cookie_jar_if_both_secret_token_and_secret_key_base_are_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :get_encrypted_cookie + assert_kind_of ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar, cookies.signed_or_encrypted + end + + def test_encrypted_uses_encrypted_cookie_jar_if_only_secret_key_base_is_set + @request.env["action_dispatch.secret_token"] = nil + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :get_encrypted_cookie + assert_kind_of ActionDispatch::Cookies::EncryptedCookieJar, cookies.encrypted + end + + def test_encrypted_uses_upgrade_legacy_encrypted_cookie_jar_if_both_secret_token_and_secret_key_base_are_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + get :get_encrypted_cookie + assert_kind_of ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar, cookies.encrypted + end + + def test_legacy_signed_cookie_is_read_and_transparently_upgraded_by_signed_cookie_jar_if_both_secret_token_and_secret_key_base_are_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + + legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate(45) + + @request.headers["Cookie"] = "user_id=#{legacy_value}" + get :get_signed_cookie + + assert_equal 45, @controller.send(:cookies).signed[:user_id] + + key_generator = @request.env["action_dispatch.key_generator"] + secret = key_generator.generate_key(@request.env["action_dispatch.signed_cookie_salt"]) + verifier = ActiveSupport::MessageVerifier.new(secret) + assert_equal 45, verifier.verify(@response.cookies["user_id"]) + end + + def test_legacy_signed_cookie_is_read_and_transparently_encrypted_by_encrypted_cookie_jar_if_both_secret_token_and_secret_key_base_are_set + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee" + @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9" + + legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate('bar') + + @request.headers["Cookie"] = "foo=#{legacy_value}" + get :get_encrypted_cookie + + assert_equal 'bar', @controller.send(:cookies).encrypted[:foo] + + key_generator = @request.env["action_dispatch.key_generator"] + secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"]) + sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"]) + encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret) + assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"]) + end + + def test_legacy_signed_cookie_is_treated_as_nil_by_signed_cookie_jar_if_tampered + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + + @request.headers["Cookie"] = "user_id=45" + get :get_signed_cookie + + assert_equal nil, @controller.send(:cookies).signed[:user_id] + assert_equal nil, @response.cookies["user_id"] + end + + def test_legacy_signed_cookie_is_treated_as_nil_by_encrypted_cookie_jar_if_tampered + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" + @request.env["action_dispatch.secret_key_base"] = "c3b95688f35581fad38df788add315ff" + + @request.headers["Cookie"] = "foo=baz" + get :get_encrypted_cookie + + assert_equal nil, @controller.send(:cookies).encrypted[:foo] + assert_equal nil, @response.cookies["foo"] + end + def test_cookie_with_all_domain_option get :set_cookie_with_domain assert_response :success @@ -669,3 +807,5 @@ class CookiesTest < ActionController::TestCase end end end + +end diff --git a/actionpack/test/dispatch/debug_exceptions_test.rb b/actionpack/test/dispatch/debug_exceptions_test.rb index 9fafc3a0e9..6e28e4a982 100644 --- a/actionpack/test/dispatch/debug_exceptions_test.rb +++ b/actionpack/test/dispatch/debug_exceptions_test.rb @@ -29,6 +29,8 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest raise RuntimeError when "/method_not_allowed" raise ActionController::MethodNotAllowed + when "/unknown_http_method" + raise ActionController::UnknownHttpMethod when "/not_implemented" raise ActionController::NotImplemented when "/unprocessable_entity" @@ -115,6 +117,10 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest assert_response 405 assert_match(/ActionController::MethodNotAllowed/, body) + get "/unknown_http_method", {}, {'action_dispatch.show_exceptions' => true} + assert_response 405 + assert_match(/ActionController::UnknownHttpMethod/, body) + get "/bad_request", {}, {'action_dispatch.show_exceptions' => true} assert_response 400 assert_match(/ActionController::BadRequest/, body) @@ -128,6 +134,47 @@ class DebugExceptionsTest < ActionDispatch::IntegrationTest assert_match(/ActionController::EmptyParameter/, body) end + test "rescue with text error for xhr request" do + @app = DevelopmentApp + xhr_request_env = {'action_dispatch.show_exceptions' => true, 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'} + + get "/", {}, xhr_request_env + assert_response 500 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/puke/, body) + + get "/not_found", {}, xhr_request_env + assert_response 404 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/#{AbstractController::ActionNotFound.name}/, body) + + get "/method_not_allowed", {}, xhr_request_env + assert_response 405 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/ActionController::MethodNotAllowed/, body) + + get "/unknown_http_method", {}, xhr_request_env + assert_response 405 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/ActionController::UnknownHttpMethod/, body) + + get "/bad_request", {}, xhr_request_env + assert_response 400 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/ActionController::BadRequest/, body) + + get "/parameter_missing", {}, xhr_request_env + assert_response 400 + assert_no_match(/<body>/, body) + assert_equal response.content_type, "text/plain" + assert_match(/ActionController::ParameterMissing/, body) + end + test "does not show filtered parameters" do @app = DevelopmentApp diff --git a/actionpack/test/dispatch/header_test.rb b/actionpack/test/dispatch/header_test.rb index 42432510c3..9e37b96951 100644 --- a/actionpack/test/dispatch/header_test.rb +++ b/actionpack/test/dispatch/header_test.rb @@ -1,41 +1,137 @@ -require 'abstract_unit' +require "abstract_unit" class HeaderTest < ActiveSupport::TestCase - def setup + setup do @headers = ActionDispatch::Http::Headers.new( - "HTTP_CONTENT_TYPE" => "text/plain" + "CONTENT_TYPE" => "text/plain", + "HTTP_REFERER" => "/some/page" ) end - def test_each + test "#new does not normalize the data" do + headers = ActionDispatch::Http::Headers.new( + "Content-Type" => "application/json", + "HTTP_REFERER" => "/some/page", + "Host" => "http://test.com") + + assert_equal({"Content-Type" => "application/json", + "HTTP_REFERER" => "/some/page", + "Host" => "http://test.com"}, headers.env) + end + + test "#env returns the headers as env variables" do + assert_equal({"CONTENT_TYPE" => "text/plain", + "HTTP_REFERER" => "/some/page"}, @headers.env) + end + + test "#each iterates through the env variables" do headers = [] @headers.each { |pair| headers << pair } - assert_equal [["HTTP_CONTENT_TYPE", "text/plain"]], headers + assert_equal [["CONTENT_TYPE", "text/plain"], + ["HTTP_REFERER", "/some/page"]], headers + end + + test "set new headers" do + @headers["Host"] = "127.0.0.1" + + assert_equal "127.0.0.1", @headers["Host"] + assert_equal "127.0.0.1", @headers["HTTP_HOST"] + end + + test "headers can contain numbers" do + @headers["Content-MD5"] = "Q2hlY2sgSW50ZWdyaXR5IQ==" + + assert_equal "Q2hlY2sgSW50ZWdyaXR5IQ==", @headers["Content-MD5"] + assert_equal "Q2hlY2sgSW50ZWdyaXR5IQ==", @headers["HTTP_CONTENT_MD5"] + end + + test "set new env variables" do + @headers["HTTP_HOST"] = "127.0.0.1" + + assert_equal "127.0.0.1", @headers["Host"] + assert_equal "127.0.0.1", @headers["HTTP_HOST"] end - def test_setter - @headers['foo'] = "bar" - assert_equal "bar", @headers['foo'] + test "key?" do + assert @headers.key?("CONTENT_TYPE") + assert @headers.include?("CONTENT_TYPE") end - def test_key? - assert @headers.key?('HTTP_CONTENT_TYPE') - assert @headers.include?('HTTP_CONTENT_TYPE') + test "fetch with block" do + assert_equal "omg", @headers.fetch("notthere") { "omg" } end - def test_fetch_with_block - assert_equal 'omg', @headers.fetch('notthere') { 'omg' } + test "accessing http header" do + assert_equal "/some/page", @headers["Referer"] + assert_equal "/some/page", @headers["referer"] + assert_equal "/some/page", @headers["HTTP_REFERER"] end - test "content type" do + test "accessing special header" do assert_equal "text/plain", @headers["Content-Type"] assert_equal "text/plain", @headers["content-type"] assert_equal "text/plain", @headers["CONTENT_TYPE"] - assert_equal "text/plain", @headers["HTTP_CONTENT_TYPE"] end test "fetch" do assert_equal "text/plain", @headers.fetch("content-type", nil) - assert_equal "not found", @headers.fetch('not-found', 'not found') + assert_equal "not found", @headers.fetch("not-found", "not found") + end + + test "#merge! headers with mutation" do + @headers.merge!("Host" => "http://example.test", + "Content-Type" => "text/html") + assert_equal({"HTTP_HOST" => "http://example.test", + "CONTENT_TYPE" => "text/html", + "HTTP_REFERER" => "/some/page"}, @headers.env) + end + + test "#merge! env with mutation" do + @headers.merge!("HTTP_HOST" => "http://first.com", + "CONTENT_TYPE" => "text/html") + assert_equal({"HTTP_HOST" => "http://first.com", + "CONTENT_TYPE" => "text/html", + "HTTP_REFERER" => "/some/page"}, @headers.env) + end + + test "merge without mutation" do + combined = @headers.merge("HTTP_HOST" => "http://example.com", + "CONTENT_TYPE" => "text/html") + assert_equal({"HTTP_HOST" => "http://example.com", + "CONTENT_TYPE" => "text/html", + "HTTP_REFERER" => "/some/page"}, combined.env) + + assert_equal({"CONTENT_TYPE" => "text/plain", + "HTTP_REFERER" => "/some/page"}, @headers.env) + end + + test "env variables with . are not modified" do + headers = ActionDispatch::Http::Headers.new + headers.merge! "rack.input" => "", + "rack.request.cookie_hash" => "", + "action_dispatch.logger" => "" + + assert_equal(["action_dispatch.logger", + "rack.input", + "rack.request.cookie_hash"], headers.env.keys.sort) + end + + test "symbols are treated as strings" do + headers = ActionDispatch::Http::Headers.new + headers.merge!(:SERVER_NAME => "example.com", + "HTTP_REFERER" => "/", + :Host => "test.com") + assert_equal "example.com", headers["SERVER_NAME"] + assert_equal "/", headers[:HTTP_REFERER] + assert_equal "test.com", headers["HTTP_HOST"] + end + + test "headers directly modifies the passed environment" do + env = {"HTTP_REFERER" => "/"} + headers = ActionDispatch::Http::Headers.new(env) + headers['Referer'] = "http://example.com/" + headers.merge! "CONTENT_TYPE" => "text/plain" + assert_equal({"HTTP_REFERER"=>"http://example.com/", + "CONTENT_TYPE"=>"text/plain"}, env) end end diff --git a/actionpack/test/dispatch/mime_type_test.rb b/actionpack/test/dispatch/mime_type_test.rb index e2a9ba782d..8a19129695 100644 --- a/actionpack/test/dispatch/mime_type_test.rb +++ b/actionpack/test/dispatch/mime_type_test.rb @@ -75,7 +75,7 @@ class MimeTypeTest < ActiveSupport::TestCase assert_equal expect, Mime::Type.parse(accept) end - test "parse arbitarry media type parameters" do + test "parse arbitrary media type parameters" do accept = 'multipart/form-data; boundary="simple boundary"' expect = [Mime::MULTIPART_FORM] assert_equal expect, Mime::Type.parse(accept) @@ -185,11 +185,6 @@ class MimeTypeTest < ActiveSupport::TestCase all_types.uniq! # Remove custom Mime::Type instances set in other tests, like Mime::GIF and Mime::IPHONE all_types.delete_if { |type| !Mime.const_defined?(type.upcase) } - assert_deprecated do - verified, unverified = all_types.partition { |type| Mime::Type.browser_generated_types.include? type } - assert verified.each { |type| assert Mime.const_get(type.upcase).verify_request?, "Verifiable Mime Type is not verified: #{type.inspect}" } - assert unverified.each { |type| assert !Mime.const_get(type.upcase).verify_request?, "Nonverifiable Mime Type is verified: #{type.inspect}" } - end end test "references gives preference to symbols before strings" do diff --git a/actionpack/test/dispatch/mount_test.rb b/actionpack/test/dispatch/mount_test.rb index 3b008fdff0..30e95a0b75 100644 --- a/actionpack/test/dispatch/mount_test.rb +++ b/actionpack/test/dispatch/mount_test.rb @@ -21,7 +21,7 @@ class TestRoutingMount < ActionDispatch::IntegrationTest mount SprocketsApp, :at => "/sprockets" mount SprocketsApp => "/shorthand" - mount FakeEngine, :at => "/fakeengine" + mount FakeEngine, :at => "/fakeengine", :as => :fake mount FakeEngine, :at => "/getfake", :via => :get scope "/its_a" do @@ -33,6 +33,11 @@ class TestRoutingMount < ActionDispatch::IntegrationTest Router end + def test_trailing_slash_is_not_removed_from_path_info + get "/sprockets/omg/" + assert_equal "/sprockets -- /omg/", response.body + end + def test_mounting_sets_script_name get "/sprockets/omg" assert_equal "/sprockets -- /omg", response.body diff --git a/actionpack/test/dispatch/prefix_generation_test.rb b/actionpack/test/dispatch/prefix_generation_test.rb index 113608ecf4..e519fff51e 100644 --- a/actionpack/test/dispatch/prefix_generation_test.rb +++ b/actionpack/test/dispatch/prefix_generation_test.rb @@ -31,6 +31,14 @@ module TestGenerationPrefix get "/polymorphic_path_for_engine", :to => "inside_engine_generating#polymorphic_path_for_engine" get "/conflicting_url", :to => "inside_engine_generating#conflicting" get "/foo", :to => "never#invoked", :as => :named_helper_that_should_be_invoked_only_in_respond_to_test + + get "/relative_path_redirect", :to => redirect("foo") + get "/relative_option_redirect", :to => redirect(:path => "foo") + get "/relative_custom_redirect", :to => redirect { |params, request| "foo" } + + get "/absolute_path_redirect", :to => redirect("/foo") + get "/absolute_option_redirect", :to => redirect(:path => "/foo") + get "/absolute_custom_redirect", :to => redirect { |params, request| "/foo" } end routes @@ -182,6 +190,48 @@ module TestGenerationPrefix assert_equal "engine", last_response.body end + test "[ENGINE] relative path redirect uses SCRIPT_NAME from request" do + get "/awesome/blog/relative_path_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/awesome/blog/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/awesome/blog/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] relative option redirect uses SCRIPT_NAME from request" do + get "/awesome/blog/relative_option_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/awesome/blog/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/awesome/blog/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] relative custom redirect uses SCRIPT_NAME from request" do + get "/awesome/blog/relative_custom_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/awesome/blog/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/awesome/blog/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute path redirect doesn't use SCRIPT_NAME from request" do + get "/awesome/blog/absolute_path_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute option redirect doesn't use SCRIPT_NAME from request" do + get "/awesome/blog/absolute_option_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute custom redirect doesn't use SCRIPT_NAME from request" do + get "/awesome/blog/absolute_custom_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + # Inside Application test "[APP] generating engine's route includes prefix" do get "/generate" @@ -281,6 +331,14 @@ module TestGenerationPrefix routes = ActionDispatch::Routing::RouteSet.new routes.draw do get "/posts/:id", :to => "posts#show", :as => :post + + get "/relative_path_redirect", :to => redirect("foo") + get "/relative_option_redirect", :to => redirect(:path => "foo") + get "/relative_custom_redirect", :to => redirect { |params, request| "foo" } + + get "/absolute_path_redirect", :to => redirect("/foo") + get "/absolute_option_redirect", :to => redirect(:path => "/foo") + get "/absolute_custom_redirect", :to => redirect { |params, request| "/foo" } end routes @@ -331,5 +389,47 @@ module TestGenerationPrefix get "/posts/1" assert_equal "/posts/1", last_response.body end + + test "[ENGINE] relative path redirect uses SCRIPT_NAME from request" do + get "/relative_path_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] relative option redirect uses SCRIPT_NAME from request" do + get "/relative_option_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] relative custom redirect uses SCRIPT_NAME from request" do + get "/relative_custom_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute path redirect doesn't use SCRIPT_NAME from request" do + get "/absolute_path_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute option redirect doesn't use SCRIPT_NAME from request" do + get "/absolute_option_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end + + test "[ENGINE] absolute custom redirect doesn't use SCRIPT_NAME from request" do + get "/absolute_custom_redirect" + assert_equal 301, last_response.status + assert_equal "http://example.org/foo", last_response.headers["Location"] + assert_equal %(<html><body>You are being <a href="http://example.org/foo">redirected</a>.</body></html>), last_response.body + end end end diff --git a/actionpack/test/dispatch/rack_test.rb b/actionpack/test/dispatch/rack_test.rb index 6d239d0a0c..42067854ee 100644 --- a/actionpack/test/dispatch/rack_test.rb +++ b/actionpack/test/dispatch/rack_test.rb @@ -174,22 +174,6 @@ class RackRequestParamsParsingTest < BaseRackTest end end -class RackRequestContentTypeTest < BaseRackTest - test "html content type verification" do - assert_deprecated do - @request.env['CONTENT_TYPE'] = Mime::HTML.to_s - assert @request.content_mime_type.verify_request? - end - end - - test "xml content type verification" do - assert_deprecated do - @request.env['CONTENT_TYPE'] = Mime::XML.to_s - assert !@request.content_mime_type.verify_request? - end - end -end - class RackRequestNeedsRewoundTest < BaseRackTest test "body should be rewound" do data = 'foo' diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb index 7d3fc84089..dba9ab688f 100644 --- a/actionpack/test/dispatch/request/json_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb @@ -50,7 +50,7 @@ class JsonParamsParsingTest < ActionDispatch::IntegrationTest output = StringIO.new json = "[\"person]\": {\"name\": \"David\"}}" post "/parse", json, {'CONTENT_TYPE' => 'application/json', 'action_dispatch.show_exceptions' => true, 'action_dispatch.logger' => ActiveSupport::Logger.new(output)} - assert_response :error + assert_response :bad_request output.rewind && err = output.read assert err =~ /Error occurred while parsing request parameters/ end @@ -62,7 +62,7 @@ class JsonParamsParsingTest < ActionDispatch::IntegrationTest $stderr = StringIO.new # suppress the log json = "[\"person]\": {\"name\": \"David\"}}" exception = assert_raise(ActionDispatch::ParamsParser::ParseError) { post "/parse", json, {'CONTENT_TYPE' => 'application/json', 'action_dispatch.show_exceptions' => false} } - assert_equal MultiJson::DecodeError, exception.original_exception.class + assert_equal JSON::ParserError, exception.original_exception.class assert_equal exception.original_exception.message, exception.message ensure $stderr = STDERR @@ -70,6 +70,13 @@ class JsonParamsParsingTest < ActionDispatch::IntegrationTest end end + test 'raw_post is not empty for JSON request' do + with_test_routing do + post '/parse', '{"posts": [{"title": "Post Title"}]}', 'CONTENT_TYPE' => 'application/json' + assert_equal '{"posts": [{"title": "Post Title"}]}', request.raw_post + end + end + private def assert_parses(expected, actual, headers = {}) with_test_routing do diff --git a/actionpack/test/dispatch/request/multipart_params_parsing_test.rb b/actionpack/test/dispatch/request/multipart_params_parsing_test.rb index 399f15199c..2a2f92b5b3 100644 --- a/actionpack/test/dispatch/request/multipart_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/multipart_params_parsing_test.rb @@ -1,13 +1,15 @@ +# encoding: utf-8 require 'abstract_unit' class MultipartParamsParsingTest < ActionDispatch::IntegrationTest class TestController < ActionController::Base class << self - attr_accessor :last_request_parameters + attr_accessor :last_request_parameters, :last_parameters end def parse self.class.last_request_parameters = request.request_parameters + self.class.last_parameters = request.parameters head :ok end @@ -30,6 +32,23 @@ class MultipartParamsParsingTest < ActionDispatch::IntegrationTest assert_equal({ 'foo' => { 'baz' => 'bar'}}, parse_multipart('bracketed_param')) end + test "parse single utf8 parameter" do + assert_equal({ 'Iñtërnâtiônàlizætiøn_name' => 'Iñtërnâtiônàlizætiøn_value'}, + parse_multipart('single_utf8_param'), "request.request_parameters") + assert_equal( + 'Iñtërnâtiônàlizætiøn_value', + TestController.last_parameters['Iñtërnâtiônàlizætiøn_name'], "request.parameters") + end + + test "parse bracketed utf8 parameter" do + assert_equal({ 'Iñtërnâtiônàlizætiøn_name' => { + 'Iñtërnâtiônàlizætiøn_nested_name' => 'Iñtërnâtiônàlizætiøn_value'} }, + parse_multipart('bracketed_utf8_param'), "request.request_parameters") + assert_equal( + {'Iñtërnâtiônàlizætiøn_nested_name' => 'Iñtërnâtiônàlizætiøn_value'}, + TestController.last_parameters['Iñtërnâtiônàlizætiøn_name'], "request.parameters") + end + test "parses text file" do params = parse_multipart('text_file') assert_equal %w(file foo), params.keys.sort @@ -89,8 +108,7 @@ class MultipartParamsParsingTest < ActionDispatch::IntegrationTest # Rack doesn't handle multipart/mixed for us. files = params['files'] - files.force_encoding('ASCII-8BIT') - assert_equal 19756, files.size + assert_equal 19756, files.bytesize end test "does not create tempfile if no file has been selected" do diff --git a/actionpack/test/dispatch/request/session_test.rb b/actionpack/test/dispatch/request/session_test.rb index 1517f96fdc..a244d1364c 100644 --- a/actionpack/test/dispatch/request/session_test.rb +++ b/actionpack/test/dispatch/request/session_test.rb @@ -61,6 +61,23 @@ module ActionDispatch assert_equal([], s.values) end + def test_fetch + session = Session.create(store, {}, {}) + + session['one'] = '1' + assert_equal '1', session.fetch(:one) + + assert_equal '2', session.fetch(:two, '2') + assert_equal '2', session.fetch(:two) + + assert_equal 'three', session.fetch(:three) {|el| el.to_s } + assert_equal 'three', session.fetch(:three) + + assert_raise KeyError do + session.fetch(:four) + end + end + private def store Class.new { diff --git a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb index e9b59f55a7..9a77454f30 100644 --- a/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/url_encoded_params_parsing_test.rb @@ -17,10 +17,9 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest end test "parses unbalanced query string with array" do - assert_parses( - {'location' => ["1", "2"], 'age_group' => ["2"]}, - "location[]=1&location[]=2&age_group[]=2" - ) + query = "location[]=1&location[]=2&age_group[]=2" + expected = { 'location' => ["1", "2"], 'age_group' => ["2"] } + assert_parses expected, query end test "parses nested hash" do @@ -30,9 +29,17 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest "note[viewers][viewer][][type]=Group", "note[viewers][viewer][][id]=2" ].join("&") - - expected = { "note" => { "viewers"=>{"viewer"=>[{ "id"=>"1", "type"=>"User"}, {"type"=>"Group", "id"=>"2"} ]} } } - assert_parses(expected, query) + expected = { + "note" => { + "viewers" => { + "viewer" => [ + { "id" => "1", "type" => "User" }, + { "type" => "Group", "id" => "2" } + ] + } + } + } + assert_parses expected, query end test "parses more complex nesting" do @@ -48,7 +55,6 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest "products[second]=Pc", "=Save" ].join("&") - expected = { "customers" => { "boston" => { @@ -70,13 +76,12 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest "second" => "Pc" } } - assert_parses expected, query end test "parses params with array" do - query = "selected[]=1&selected[]=2&selected[]=3" - expected = { "selected" => [ "1", "2", "3" ] } + query = "selected[]=1&selected[]=2&selected[]=3" + expected = { "selected" => ["1", "2", "3"] } assert_parses expected, query end @@ -88,13 +93,13 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest test "parses params with array prefix and hashes" do query = "a[][b][c]=d" - expected = {"a" => [{"b" => {"c" => "d"}}]} + expected = { "a" => [{ "b" => { "c" => "d" } }] } assert_parses expected, query end test "parses params with complex nesting" do query = "a[][b][c][][d][]=e" - expected = {"a" => [{"b" => {"c" => [{"d" => ["e"]}]}}]} + expected = { "a" => [{ "b" => { "c" => [{ "d" => ["e"] }] } }] } assert_parses expected, query end @@ -104,7 +109,6 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest "something_else=blah", "logo=#{File.expand_path(__FILE__)}" ].join("&") - expected = { "customers" => { "boston" => { @@ -116,22 +120,20 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest "something_else" => "blah", "logo" => File.expand_path(__FILE__), } - assert_parses expected, query end test "parses params with Safari 2 trailing null character" do - query = "selected[]=1&selected[]=2&selected[]=3\0" - expected = { "selected" => [ "1", "2", "3" ] } + query = "selected[]=1&selected[]=2&selected[]=3\0" + expected = { "selected" => ["1", "2", "3"] } assert_parses expected, query end test "ambiguous params returns a bad request" do with_routing do |set| set.draw do - post ':action', :to => ::UrlEncodedParamsParsingTest::TestController + post ':action', to: ::UrlEncodedParamsParsingTest::TestController end - post "/parse", "foo[]=bar&foo[4]=bar" assert_response :bad_request end @@ -141,7 +143,7 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest def with_test_routing with_routing do |set| set.draw do - post ':action', :to => ::UrlEncodedParamsParsingTest::TestController + post ':action', to: ::UrlEncodedParamsParsingTest::TestController end yield end @@ -151,8 +153,8 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest with_test_routing do post "/parse", actual assert_response :ok - assert_equal(expected, TestController.last_request_parameters) - assert_utf8(TestController.last_request_parameters) + assert_equal expected, TestController.last_request_parameters + assert_utf8 TestController.last_request_parameters end end @@ -164,14 +166,14 @@ class UrlEncodedParamsParsingTest < ActionDispatch::IntegrationTest return end - object.each do |k,v| + object.each_value do |v| case v when Hash - assert_utf8(v) + assert_utf8 v when Array - v.each {|el| assert_utf8(el) } + v.each { |el| assert_utf8 el } else - assert_utf8(v) + assert_utf8 v end end end diff --git a/actionpack/test/dispatch/response_test.rb b/actionpack/test/dispatch/response_test.rb index 74f5253c11..4501ea095c 100644 --- a/actionpack/test/dispatch/response_test.rb +++ b/actionpack/test/dispatch/response_test.rb @@ -182,8 +182,7 @@ class ResponseTest < ActiveSupport::TestCase ActionDispatch::Response.default_headers = { 'X-Frame-Options' => 'DENY', 'X-Content-Type-Options' => 'nosniff', - 'X-XSS-Protection' => '1;', - 'X-UA-Compatible' => 'chrome=1' + 'X-XSS-Protection' => '1;' } resp = ActionDispatch::Response.new.tap { |response| response.body = 'Hello' @@ -193,7 +192,6 @@ class ResponseTest < ActiveSupport::TestCase assert_equal('DENY', resp.headers['X-Frame-Options']) assert_equal('nosniff', resp.headers['X-Content-Type-Options']) assert_equal('1;', resp.headers['X-XSS-Protection']) - assert_equal('chrome=1', resp.headers['X-UA-Compatible']) ensure ActionDispatch::Response.default_headers = nil end @@ -214,6 +212,11 @@ class ResponseTest < ActiveSupport::TestCase ActionDispatch::Response.default_headers = nil end end + + test "respond_to? accepts include_private" do + assert_not @response.respond_to?(:method_missing) + assert @response.respond_to?(:method_missing, true) + end end class ResponseIntegrationTest < ActionDispatch::IntegrationTest diff --git a/actionpack/test/dispatch/routing/inspector_test.rb b/actionpack/test/dispatch/routing/inspector_test.rb index 234ae5764f..4f97d28d2b 100644 --- a/actionpack/test/dispatch/routing/inspector_test.rb +++ b/actionpack/test/dispatch/routing/inspector_test.rb @@ -234,6 +234,15 @@ module ActionDispatch " PUT /posts/:id(.:format) posts#update", " DELETE /posts/:id(.:format) posts#destroy"], output end + + def test_regression_route_with_controller_regexp + output = draw do + get ':controller(/:action)', controller: /api\/[^\/]+/, format: false + end + + assert_equal ["Prefix Verb URI Pattern Controller#Action", + " GET /:controller(/:action) (?-mix:api\\/[^\\/]+)#:action"], output + end end end end diff --git a/actionpack/test/dispatch/routing/route_set_test.rb b/actionpack/test/dispatch/routing/route_set_test.rb index d57b1a5637..0e488d2b88 100644 --- a/actionpack/test/dispatch/routing/route_set_test.rb +++ b/actionpack/test/dispatch/routing/route_set_test.rb @@ -69,6 +69,17 @@ module ActionDispatch end end + test "explicit keys win over implicit keys" do + draw do + resources :foo do + resources :bar, to: SimpleApp.new('foo#show') + end + end + + assert_equal '/foo/1/bar/2', url_helpers.foo_bar_path(1, 2) + assert_equal '/foo/1/bar/2', url_helpers.foo_bar_path(2, foo_id: 1) + end + private def clear! @set.clear! diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 2bf7056ff7..3e9e90a950 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -1102,6 +1102,70 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal 'projects#index', @response.body end + def test_scoped_root_as_name + draw do + scope '(:locale)', :locale => /en|pl/ do + root :to => 'projects#index', :as => 'projects' + end + end + + assert_equal '/en', projects_path(:locale => 'en') + assert_equal '/', projects_path + get '/en' + assert_equal 'projects#index', @response.body + end + + def test_scope_with_format_option + draw do + get "direct/index", as: :no_format_direct, format: false + + scope format: false do + get "scoped/index", as: :no_format_scoped + end + end + + assert_equal "/direct/index", no_format_direct_path + assert_equal "/direct/index?format=html", no_format_direct_path(format: "html") + + assert_equal "/scoped/index", no_format_scoped_path + assert_equal "/scoped/index?format=html", no_format_scoped_path(format: "html") + + get '/scoped/index' + assert_equal "scoped#index", @response.body + + get '/scoped/index.html' + assert_equal "Not Found", @response.body + end + + def test_resources_with_format_false_from_scope + draw do + scope format: false do + resources :posts + resource :user + end + end + + get "/posts" + assert_response :success + assert_equal "posts#index", @response.body + assert_equal "/posts", posts_path + + get "/posts.html" + assert_response :not_found + assert_equal "Not Found", @response.body + assert_equal "/posts?format=html", posts_path(format: "html") + + get "/user" + assert_response :success + assert_equal "users#show", @response.body + assert_equal "/user", user_path + + get "/user.html" + assert_response :not_found + assert_equal "Not Found", @response.body + assert_equal "/user?format=html", user_path(format: "html") + end + def test_index draw do get '/info' => 'projects#info', :as => 'info' @@ -1112,6 +1176,21 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal 'projects#info', @response.body end + def test_match_with_many_paths_containing_a_slash + draw do + get 'get/first', 'get/second', 'get/third', :to => 'get#show' + end + + get '/get/first' + assert_equal 'get#show', @response.body + + get '/get/second' + assert_equal 'get#show', @response.body + + get '/get/third' + assert_equal 'get#show', @response.body + end + def test_match_shorthand_with_no_scope draw do get 'account/overview' @@ -1134,6 +1213,20 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal 'account#shorthand', @response.body end + def test_match_shorthand_with_multiple_paths_inside_namespace + draw do + namespace :proposals do + put 'activate', 'inactivate' + end + end + + put '/proposals/activate' + assert_equal 'proposals#activate', @response.body + + put '/proposals/inactivate' + assert_equal 'proposals#inactivate', @response.body + end + def test_match_shorthand_inside_namespace_with_controller draw do namespace :api do @@ -1173,6 +1266,19 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal 'api/v3/products#list', @response.body end + def test_controller_option_with_nesting_and_leading_slash + draw do + scope '/job', controller: 'job' do + scope ':id', action: 'manage_applicant' do + get "/active" + end + end + end + + get '/job/5/active' + assert_equal 'job#manage_applicant', @response.body + end + def test_dynamically_generated_helpers_on_collection_do_not_clobber_resources_url_helper draw do resources :replies do @@ -2577,36 +2683,30 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_raises(ActionController::UrlGenerationError){ list_todo_path(:list_id => '2', :id => '1') } end - def test_named_routes_collision_is_avoided_unless_explicitly_given_as - draw do - scope :as => "routes" do - get "/c/:id", :as => :collision, :to => "collision#show" - get "/collision", :to => "collision#show" - get "/no_collision", :to => "collision#show", :as => nil - - get "/fc/:id", :as => :forced_collision, :to => "forced_collision#show" - get "/forced_collision", :as => :forced_collision, :to => "forced_collision#show" - end - end - - assert_equal "/c/1", routes_collision_path(1) - assert_equal "/fc/1", routes_forced_collision_path(1) - end - def test_redirect_argument_error routes = Class.new { include ActionDispatch::Routing::Redirection }.new assert_raises(ArgumentError) { routes.redirect Object.new } end + def test_named_route_check + before, after = nil + + draw do + before = has_named_route?(:hello) + get "/hello", as: :hello, to: "hello#world" + after = has_named_route?(:hello) + end + + assert !before, "expected to not have named route :hello before route definition" + assert after, "expected to have named route :hello after route definition" + end + def test_explicitly_avoiding_the_named_route draw do scope :as => "routes" do get "/c/:id", :as => :collision, :to => "collision#show" get "/collision", :to => "collision#show" get "/no_collision", :to => "collision#show", :as => nil - - get "/fc/:id", :as => :forced_collision, :to => "forced_collision#show" - get "/forced_collision", :as => :forced_collision, :to => "forced_collision#show" end end @@ -2657,6 +2757,24 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + def test_duplicate_route_name_raises_error + assert_raise(ArgumentError) do + draw do + get '/collision', :to => 'collision#show', :as => 'collision' + get '/duplicate', :to => 'duplicate#show', :as => 'collision' + end + end + end + + def test_duplicate_route_name_via_resources_raises_error + assert_raise(ArgumentError) do + draw do + resources :collisions + get '/collision', :to => 'collision#show', :as => 'collision' + end + end + end + def test_nested_route_in_nested_resource draw do resources :posts, :only => [:index, :show] do @@ -3272,6 +3390,10 @@ class TestUrlConstraints < ActionDispatch::IntegrationTest end get '/' => ok, :as => :alternate_root, :constraints => { :port => 8080 } + + get '/search' => ok, :constraints => { :subdomain => false } + + get '/logs' => ok, :constraints => { :subdomain => true } end end @@ -3298,6 +3420,24 @@ class TestUrlConstraints < ActionDispatch::IntegrationTest get 'http://www.example.com:8080/' assert_response :success end + + test "false constraint expressions check for absence of values" do + get 'http://example.com/search' + assert_response :success + assert_equal 'http://example.com/search', search_url + + get 'http://api.example.com/search' + assert_response :not_found + end + + test "true constraint expressions check for presence of values" do + get 'http://api.example.com/logs' + assert_response :success + assert_equal 'http://api.example.com/logs', logs_url + + get 'http://example.com/logs' + assert_response :not_found + end end class TestInvalidUrls < ActionDispatch::IntegrationTest @@ -3493,3 +3633,56 @@ class TestRouteDefaults < ActionDispatch::IntegrationTest assert_equal '/projects/1', url_for(controller: 'projects', action: 'show', id: 1, only_path: true) end end + +class TestRackAppRouteGeneration < ActionDispatch::IntegrationTest + stub_controllers do |routes| + Routes = routes + Routes.draw do + rack_app = lambda { |env| [200, { 'Content-Type' => 'text/plain' }, []] } + mount rack_app, at: '/account', as: 'account' + mount rack_app, at: '/:locale/account', as: 'localized_account' + end + end + + def app + Routes + end + + include Routes.url_helpers + + def test_mounted_application_doesnt_match_unnamed_route + assert_raise(ActionController::UrlGenerationError) do + assert_equal '/account?controller=products', url_for(controller: 'products', action: 'index', only_path: true) + end + + assert_raise(ActionController::UrlGenerationError) do + assert_equal '/de/account?controller=products', url_for(controller: 'products', action: 'index', :locale => 'de', only_path: true) + end + end +end + +class TestRedirectRouteGeneration < ActionDispatch::IntegrationTest + stub_controllers do |routes| + Routes = routes + Routes.draw do + get '/account', to: redirect('/myaccount'), as: 'account' + get '/:locale/account', to: redirect('/%{locale}/myaccount'), as: 'localized_account' + end + end + + def app + Routes + end + + include Routes.url_helpers + + def test_redirect_doesnt_match_unnamed_route + assert_raise(ActionController::UrlGenerationError) do + assert_equal '/account?controller=products', url_for(controller: 'products', action: 'index', only_path: true) + end + + assert_raise(ActionController::UrlGenerationError) do + assert_equal '/de/account?controller=products', url_for(controller: 'products', action: 'index', :locale => 'de', only_path: true) + end + end +end diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index d8bf22dec8..e99ff46edf 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -1,12 +1,11 @@ require 'abstract_unit' require 'stringio' -# FIXME remove DummyKeyGenerator and this require in 4.1 require 'active_support/key_generator' class CookieStoreTest < ActionDispatch::IntegrationTest SessionKey = '_myapp_session' SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' - Generator = ActiveSupport::DummyKeyGenerator.new(SessionSecret) + Generator = ActiveSupport::LegacyKeyGenerator.new(SessionSecret) Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, :digest => 'SHA1') SignedBar = Verifier.generate(:foo => "bar", :session_id => SecureRandom.hex(16)) diff --git a/actionpack/test/dispatch/show_exceptions_test.rb b/actionpack/test/dispatch/show_exceptions_test.rb index 45f8fc11b3..38bd234f37 100644 --- a/actionpack/test/dispatch/show_exceptions_test.rb +++ b/actionpack/test/dispatch/show_exceptions_test.rb @@ -8,8 +8,12 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest case req.path when "/not_found" raise AbstractController::ActionNotFound + when "/bad_params" + raise ActionDispatch::ParamsParser::ParseError.new("", StandardError.new) when "/method_not_allowed" raise ActionController::MethodNotAllowed + when "/unknown_http_method" + raise ActionController::UnknownHttpMethod when "/not_found_original_exception" raise ActionView::Template::Error.new('template', AbstractController::ActionNotFound.new) else @@ -33,6 +37,10 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest get "/", {}, {'action_dispatch.show_exceptions' => true} assert_response 500 assert_equal "500 error fixture\n", body + + get "/bad_params", {}, {'action_dispatch.show_exceptions' => true} + assert_response 400 + assert_equal "400 error fixture\n", body get "/not_found", {}, {'action_dispatch.show_exceptions' => true} assert_response 404 @@ -41,6 +49,10 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest get "/method_not_allowed", {}, {'action_dispatch.show_exceptions' => true} assert_response 405 assert_equal "", body + + get "/unknown_http_method", {}, {'action_dispatch.show_exceptions' => true} + assert_response 405 + assert_equal "", body end test "localize rescue error page" do diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb index a9bea7ea73..94969f795a 100644 --- a/actionpack/test/dispatch/ssl_test.rb +++ b/actionpack/test/dispatch/ssl_test.rb @@ -37,6 +37,11 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Strict-Transport-Security'] end + def test_no_hsts_with_insecure_connection + get "http://example.org/" + assert_not response.headers['Strict-Transport-Security'] + end + def test_hsts_header self.app = ActionDispatch::SSL.new(default_app, :hsts => true) get "https://example.org/" @@ -119,6 +124,49 @@ class SSLTest < ActionDispatch::IntegrationTest response.headers['Set-Cookie'].split("\n") end + + def test_flag_cookies_as_secure_with_has_not_spaces_before + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/;secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/;secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_has_not_spaces_after + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; secure;HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; secure;HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + + def test_flag_cookies_as_secure_with_ignore_case + self.app = ActionDispatch::SSL.new(lambda { |env| + headers = { + 'Content-Type' => "text/html", + 'Set-Cookie' => "problem=def; path=/; Secure; HttpOnly" + } + [200, headers, ["OK"]] + }) + + get "https://example.org/" + assert_equal ["problem=def; path=/; Secure; HttpOnly"], + response.headers['Set-Cookie'].split("\n") + end + def test_no_cookies self.app = ActionDispatch::SSL.new(lambda { |env| [200, {'Content-Type' => "text/html"}, ["OK"]] diff --git a/actionpack/test/dispatch/test_request_test.rb b/actionpack/test/dispatch/test_request_test.rb index 3db862c810..65ad8677f3 100644 --- a/actionpack/test/dispatch/test_request_test.rb +++ b/actionpack/test/dispatch/test_request_test.rb @@ -62,6 +62,36 @@ class TestRequestTest < ActiveSupport::TestCase assert_equal false, req.env.empty? end + test "default remote address is 0.0.0.0" do + req = ActionDispatch::TestRequest.new + assert_equal '0.0.0.0', req.remote_addr + end + + test "allows remote address to be overridden" do + req = ActionDispatch::TestRequest.new('REMOTE_ADDR' => '127.0.0.1') + assert_equal '127.0.0.1', req.remote_addr + end + + test "default host is test.host" do + req = ActionDispatch::TestRequest.new + assert_equal 'test.host', req.host + end + + test "allows host to be overridden" do + req = ActionDispatch::TestRequest.new('HTTP_HOST' => 'www.example.com') + assert_equal 'www.example.com', req.host + end + + test "default user agent is 'Rails Testing'" do + req = ActionDispatch::TestRequest.new + assert_equal 'Rails Testing', req.user_agent + end + + test "allows user agent to be overridden" do + req = ActionDispatch::TestRequest.new('HTTP_USER_AGENT' => 'GoogleBot') + assert_equal 'GoogleBot', req.user_agent + end + private def assert_cookies(expected, cookie_jar) assert_equal(expected, cookie_jar.instance_variable_get("@cookies")) diff --git a/actionpack/test/dispatch/url_generation_test.rb b/actionpack/test/dispatch/url_generation_test.rb index e56e8ddc57..f919592d24 100644 --- a/actionpack/test/dispatch/url_generation_test.rb +++ b/actionpack/test/dispatch/url_generation_test.rb @@ -48,6 +48,55 @@ module TestUrlGeneration https! assert_equal "http://www.example.com/foo", foo_url(:protocol => "http") end + + test "extracting protocol from host when protocol not present" do + assert_equal "httpz://www.example.com/foo", foo_url(host: "httpz://www.example.com", protocol: nil) + end + + test "formatting host when protocol is present" do + assert_equal "http://www.example.com/foo", foo_url(host: "httpz://www.example.com", protocol: "http://") + end + + test "default ports are removed from the host" do + assert_equal "http://www.example.com/foo", foo_url(host: "www.example.com:80", protocol: "http://") + assert_equal "https://www.example.com/foo", foo_url(host: "www.example.com:443", protocol: "https://") + end + + test "port is extracted from the host" do + assert_equal "http://www.example.com:8080/foo", foo_url(host: "www.example.com:8080", protocol: "http://") + end + + test "port option overides the host" do + assert_equal "http://www.example.com:8080/foo", foo_url(host: "www.example.com:8443", protocol: "http://", port: 8080) + end + + test "port option disables the host when set to nil" do + assert_equal "http://www.example.com/foo", foo_url(host: "www.example.com:8443", protocol: "http://", port: nil) + end + + test "port option disables the host when set to false" do + assert_equal "http://www.example.com/foo", foo_url(host: "www.example.com:8443", protocol: "http://", port: false) + end + + test "keep subdomain when key is true" do + assert_equal "http://www.example.com/foo", foo_url(subdomain: true) + end + + test "keep subdomain when key is missing" do + assert_equal "http://www.example.com/foo", foo_url + end + + test "omit subdomain when key is nil" do + assert_equal "http://example.com/foo", foo_url(subdomain: nil) + end + + test "omit subdomain when key is false" do + assert_equal "http://example.com/foo", foo_url(subdomain: false) + end + + test "omit subdomain when key is blank" do + assert_equal "http://example.com/foo", foo_url(subdomain: "") + end end end |