13 files changed, 330 insertions, 54 deletions

diff --git a/actionpack/test/controller/log_subscriber_test.rb b/actionpack/test/controller/log_subscriber_test.rb
index 700fd788fa..a72b6dde1a 100644
--- a/actionpack/test/controller/log_subscriber_test.rb
+++ b/actionpack/test/controller/log_subscriber_test.rb
@@ -54,6 +54,10 @@ module Another
     def with_rescued_exception
       raise SpecialException
     end
+
+    def with_action_not_found
+      raise AbstractController::ActionNotFound
+    end
   end
 end
 
@@ -225,6 +229,17 @@ class ACLogSubscriberTest < ActionController::TestCase
     assert_match(/Completed 406/, logs.last)
   end
 
+  def test_process_action_with_with_action_not_found_logs_404
+    begin
+      get :with_action_not_found
+      wait
+    rescue AbstractController::ActionNotFound
+    end
+
+    assert_equal 2, logs.size
+    assert_match(/Completed 404/, logs.last)
+  end
+
   def logs
     @logs ||= @logger.logged(:info)
   end
diff --git a/actionpack/test/controller/parameters/nested_parameters_test.rb b/actionpack/test/controller/parameters/nested_parameters_test.rb
new file mode 100644
index 0000000000..41f5b6e127
--- /dev/null
+++ b/actionpack/test/controller/parameters/nested_parameters_test.rb
@@ -0,0 +1,113 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class NestedParametersTest < ActiveSupport::TestCase
+  test "permitted nested parameters" do
+    params = ActionController::Parameters.new({
+      book: {
+        title: "Romeo and Juliet",
+        authors: [{
+          name: "William Shakespeare",
+          born: "1564-04-26"
+        }, {
+          name: "Christopher Marlowe"
+        }],
+        details: {
+          pages: 200,
+          genre: "Tragedy"
+        }
+      },
+      magazine: "Mjallo!"
+    })
+
+    permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
+
+    assert permitted.permitted?
+    assert_equal "Romeo and Juliet", permitted[:book][:title]
+    assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
+    assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
+    assert_equal 200, permitted[:book][:details][:pages]
+    assert_nil permitted[:book][:details][:genre]
+    assert_nil permitted[:book][:authors][0][:born]
+    assert_nil permitted[:magazine]
+  end
+
+  test "nested arrays with strings" do
+    params = ActionController::Parameters.new({
+      :book => {
+        :genres => ["Tragedy"]
+      }
+    })
+
+    permitted = params.permit :book => :genres
+    assert_equal ["Tragedy"], permitted[:book][:genres]
+  end
+
+  test "permit may specify symbols or strings" do
+    params = ActionController::Parameters.new({
+      :book => {
+        :title => "Romeo and Juliet",
+        :author => "William Shakespeare"
+      },
+      :magazine => "Shakespeare Today"
+    })
+
+    permitted = params.permit({:book => ["title", :author]}, "magazine")
+    assert_equal "Romeo and Juliet", permitted[:book][:title]
+    assert_equal "William Shakespeare", permitted[:book][:author]
+    assert_equal "Shakespeare Today", permitted[:magazine]
+  end
+
+  test "nested array with strings that should be hashes" do
+    params = ActionController::Parameters.new({
+      book: {
+        genres: ["Tragedy"]
+      }
+    })
+
+    permitted = params.permit book: { genres: :type }
+    assert_empty permitted[:book][:genres]
+  end
+
+  test "nested array with strings that should be hashes and additional values" do
+    params = ActionController::Parameters.new({
+      book: {
+        title: "Romeo and Juliet",
+        genres: ["Tragedy"]
+      }
+    })
+
+    permitted = params.permit book: [ :title, { genres: :type } ]
+    assert_equal "Romeo and Juliet", permitted[:book][:title]
+    assert_empty permitted[:book][:genres]
+  end
+
+  test "nested string that should be a hash" do
+    params = ActionController::Parameters.new({
+      book: {
+        genre: "Tragedy"
+      }
+    })
+
+    permitted = params.permit book: { genre: :type }
+    assert_nil permitted[:book][:genre]
+  end
+
+  test "fields_for-style nested params" do
+    params = ActionController::Parameters.new({
+      book: {
+        authors_attributes: {
+          :'0' => { name: 'William Shakespeare', age_of_death: '52' },
+          :'-1' => { name: 'Unattributed Assistant' }
+        }
+      }
+    })
+    permitted = params.permit book: { authors_attributes: [ :name ] }
+
+    assert_not_nil permitted[:book][:authors_attributes]['0']
+    assert_not_nil permitted[:book][:authors_attributes]['-1']
+    assert_nil permitted[:book][:authors_attributes]['0'][:age_of_death]
+    assert_equal 'William Shakespeare', permitted[:book][:authors_attributes]['0'][:name]
+    assert_equal 'Unattributed Assistant', permitted[:book][:authors_attributes]['-1'][:name]
+  end
+end
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
new file mode 100644
index 0000000000..7fe8e6051b
--- /dev/null
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -0,0 +1,73 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class ParametersPermitTest < ActiveSupport::TestCase
+  setup do
+    @params = ActionController::Parameters.new({ person: { 
+      age: "32", name: { first: "David", last: "Heinemeier Hansson" }
+    }})
+  end
+
+  test "fetch raises ParameterMissing exception" do
+    e = assert_raises(ActionController::ParameterMissing) do
+      @params.fetch :foo
+    end
+    assert_equal :foo, e.param
+  end
+
+  test "fetch doesnt raise ParameterMissing exception if there is a default" do
+    assert_equal "monkey", @params.fetch(:foo, "monkey")
+    assert_equal "monkey", @params.fetch(:foo) { "monkey" }
+  end
+
+  test "permitted is sticky on accessors" do
+    assert !@params.slice(:person).permitted?
+    assert !@params[:person][:name].permitted?
+
+    @params.each { |key, value| assert(value.permitted?) if key == :person }
+
+    assert !@params.fetch(:person).permitted?
+
+    assert !@params.values_at(:person).first.permitted?
+  end
+
+  test "permitted is sticky on mutators" do
+    assert !@params.delete_if { |k| k == :person }.permitted?
+    assert !@params.keep_if { |k,v| k == :person }.permitted?
+  end
+
+  test "permitted is sticky beyond merges" do
+    assert !@params.merge(a: "b").permitted?
+  end
+
+  test "modifying the parameters" do
+    @params[:person][:hometown] = "Chicago"
+    @params[:person][:family] = { brother: "Jonas" }
+
+    assert_equal "Chicago", @params[:person][:hometown]
+    assert_equal "Jonas", @params[:person][:family][:brother]
+  end
+
+  test "permitting parameters that are not there should not include the keys" do
+    assert !@params.permit(:person, :funky).has_key?(:funky)
+  end
+
+  test "permit state is kept on a dup" do
+    @params.permit!
+    assert_equal @params.permitted?, @params.dup.permitted?
+  end
+
+  test "permitted takes a default value when Parameters.permit_all_parameters is set" do
+    begin
+      ActionController::Parameters.permit_all_parameters = true
+      params = ActionController::Parameters.new({ person: {
+        age: "32", name: { first: "David", last: "Heinemeier Hansson" }
+      }})
+
+      assert params.slice(:person).permitted?
+      assert params[:person][:name].permitted?
+    ensure
+      ActionController::Parameters.permit_all_parameters = false
+    end
+  end
+end
diff --git a/actionpack/test/controller/parameters/parameters_require_test.rb b/actionpack/test/controller/parameters/parameters_require_test.rb
new file mode 100644
index 0000000000..bdaba8d2d8
--- /dev/null
+++ b/actionpack/test/controller/parameters/parameters_require_test.rb
@@ -0,0 +1,10 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class ParametersRequireTest < ActiveSupport::TestCase
+  test "required parameters must be present not merely not nil" do
+    assert_raises(ActionController::ParameterMissing) do
+      ActionController::Parameters.new(person: {}).require(:person)
+    end
+  end
+end
diff --git a/actionpack/test/controller/params_wrapper_test.rb b/actionpack/test/controller/params_wrapper_test.rb
index 5b05f77045..209f021cf7 100644
--- a/actionpack/test/controller/params_wrapper_test.rb
+++ b/actionpack/test/controller/params_wrapper_test.rb
@@ -155,7 +155,6 @@ class ParamsWrapperTest < ActionController::TestCase
   end
 
   def test_derived_wrapped_keys_from_matching_model
-    User.expects(:respond_to?).with(:accessible_attributes).returns(false)
     User.expects(:respond_to?).with(:attribute_names).returns(true)
     User.expects(:attribute_names).twice.returns(["username"])
 
@@ -168,7 +167,6 @@ class ParamsWrapperTest < ActionController::TestCase
 
   def test_derived_wrapped_keys_from_specified_model
     with_default_wrapper_options do
-      Person.expects(:respond_to?).with(:accessible_attributes).returns(false)
       Person.expects(:respond_to?).with(:attribute_names).returns(true)
       Person.expects(:attribute_names).twice.returns(["username"])
 
@@ -179,46 +177,8 @@ class ParamsWrapperTest < ActionController::TestCase
       assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
     end
   end
-  
-  def test_accessible_wrapped_keys_from_matching_model
-    User.expects(:respond_to?).with(:accessible_attributes).returns(true)
-    User.expects(:accessible_attributes).with(:default).twice.returns(["username"])
-    
-    with_default_wrapper_options do
-      @request.env['CONTENT_TYPE'] = 'application/json'
-      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
-      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'user' => { 'username' => 'sikachu' }})
-    end
-  end
-  
-  def test_accessible_wrapped_keys_from_specified_model
-    with_default_wrapper_options do
-      Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
-      Person.expects(:accessible_attributes).with(:default).twice.returns(["username"])
-
-      UsersController.wrap_parameters Person
-
-      @request.env['CONTENT_TYPE'] = 'application/json'
-      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
-      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
-    end
-  end
-  
-  def test_accessible_wrapped_keys_with_role_from_specified_model
-    with_default_wrapper_options do
-      Person.expects(:respond_to?).with(:accessible_attributes).returns(true)
-      Person.expects(:accessible_attributes).with(:admin).twice.returns(["username"])
-
-      UsersController.wrap_parameters Person, :as => :admin
-
-      @request.env['CONTENT_TYPE'] = 'application/json'
-      post :parse, { 'username' => 'sikachu', 'title' => 'Developer' }
-      assert_parameters({ 'username' => 'sikachu', 'title' => 'Developer', 'person' => { 'username' => 'sikachu' }})
-    end
-  end
 
   def test_not_wrapping_abstract_model
-    User.expects(:respond_to?).with(:accessible_attributes).returns(false)
     User.expects(:respond_to?).with(:attribute_names).returns(true)
     User.expects(:attribute_names).returns([])
 
diff --git a/actionpack/test/controller/permitted_params_test.rb b/actionpack/test/controller/permitted_params_test.rb
new file mode 100644
index 0000000000..f46249d712
--- /dev/null
+++ b/actionpack/test/controller/permitted_params_test.rb
@@ -0,0 +1,25 @@
+require 'abstract_unit'
+
+class PeopleController < ActionController::Base
+  def create
+    render text: params[:person].permitted? ? "permitted" : "forbidden"
+  end
+
+  def create_with_permit
+    render text: params[:person].permit(:name).permitted? ? "permitted" : "forbidden"
+  end
+end
+
+class ActionControllerPermittedParamsTest < ActionController::TestCase
+  tests PeopleController
+
+  test "parameters are forbidden" do
+    post :create, { person: { name: "Mjallo!" } }
+    assert_equal "forbidden", response.body
+  end
+
+  test "parameters can be permitted and are then not forbidden" do
+    post :create_with_permit, { person: { name: "Mjallo!" } }
+    assert_equal "permitted", response.body
+  end
+end
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 0289f4070b..1f637eb791 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -56,22 +56,18 @@ module RequestForgeryProtectionActions
 end
 
 # sample controllers
-class RequestForgeryProtectionController < ActionController::Base
+class RequestForgeryProtectionControllerUsingResetSession < ActionController::Base
   include RequestForgeryProtectionActions
-  protect_from_forgery :only => %w(index meta)
+  protect_from_forgery :only => %w(index meta), :with => :reset_session
 end
 
 class RequestForgeryProtectionControllerUsingException < ActionController::Base
   include RequestForgeryProtectionActions
-  protect_from_forgery :only => %w(index meta)
-
-  def handle_unverified_request
-    raise(ActionController::InvalidAuthenticityToken)
-  end
+  protect_from_forgery :only => %w(index meta), :with => :exception
 end
 
 
-class FreeCookieController < RequestForgeryProtectionController
+class FreeCookieController < RequestForgeryProtectionControllerUsingResetSession
   self.allow_forgery_protection = false
 
   def index
@@ -83,7 +79,7 @@ class FreeCookieController < RequestForgeryProtectionController
   end
 end
 
-class CustomAuthenticityParamController < RequestForgeryProtectionController
+class CustomAuthenticityParamController < RequestForgeryProtectionControllerUsingResetSession
   def form_authenticity_param
     'foobar'
   end
@@ -268,7 +264,7 @@ end
 
 # OK let's get our test on
 
-class RequestForgeryProtectionControllerTest < ActionController::TestCase
+class RequestForgeryProtectionControllerUsingResetSessionTest < ActionController::TestCase
   include RequestForgeryProtectionTests
 
   setup do
diff --git a/actionpack/test/controller/required_params_test.rb b/actionpack/test/controller/required_params_test.rb
new file mode 100644
index 0000000000..661bcb3945
--- /dev/null
+++ b/actionpack/test/controller/required_params_test.rb
@@ -0,0 +1,30 @@
+require 'abstract_unit'
+
+class BooksController < ActionController::Base
+  def create
+    params.require(:book).require(:name)
+    head :ok
+  end
+end
+
+class ActionControllerRequiredParamsTest < ActionController::TestCase
+  tests BooksController
+
+  test "missing required parameters will raise exception" do
+    post :create, { magazine: { name: "Mjallo!" } }
+    assert_response :bad_request
+
+    post :create, { book: { title: "Mjallo!" } }
+    assert_response :bad_request
+  end
+
+  test "required parameters that are present will not raise" do
+    post :create, { book: { name: "Mjallo!" } }
+    assert_response :ok
+  end
+
+  test "missing parameters will be mentioned in the return" do
+    post :create, { magazine: { name: "Mjallo!" } }
+    assert_equal "Required parameter missing: book", response.body
+  end
+end
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index a434e49dbd..a2b9571660 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -746,6 +746,45 @@ class RequestTest < ActiveSupport::TestCase
     assert_equal "/foo?bar", path
   end
 
+  test "if_none_match_etags none" do
+    request = stub_request
+
+    assert_equal nil, request.if_none_match
+    assert_equal [], request.if_none_match_etags
+    assert !request.etag_matches?("foo")
+    assert !request.etag_matches?(nil)
+  end
+
+  test "if_none_match_etags single" do
+    header = 'the-etag'
+    request = stub_request('HTTP_IF_NONE_MATCH' => header)
+
+    assert_equal header, request.if_none_match
+    assert_equal [header], request.if_none_match_etags
+    assert request.etag_matches?("the-etag")
+  end
+
+  test "if_none_match_etags quoted single" do
+    header = '"the-etag"'
+    request = stub_request('HTTP_IF_NONE_MATCH' => header)
+
+    assert_equal header, request.if_none_match
+    assert_equal ['the-etag'], request.if_none_match_etags
+    assert request.etag_matches?("the-etag")
+  end
+
+  test "if_none_match_etags multiple" do
+    header = 'etag1, etag2, "third etag", "etag4"'
+    expected = ['etag1', 'etag2', 'third etag', 'etag4']
+    request = stub_request('HTTP_IF_NONE_MATCH' => header)
+
+    assert_equal header, request.if_none_match
+    assert_equal expected, request.if_none_match_etags
+    expected.each do |etag|
+      assert request.etag_matches?(etag), etag
+    end
+  end
+
 protected
 
   def stub_request(env = {})
diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb
index 856248e2ac..4e83ad16d7 100644
--- a/actionpack/test/dispatch/routing_test.rb
+++ b/actionpack/test/dispatch/routing_test.rb
@@ -363,6 +363,7 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
         resources :errors, :shallow => true do
           resources :notices
         end
+        get 'api/version'
       end
 
       scope :path => 'api' do
@@ -1280,6 +1281,12 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
     assert_equal 'account#shorthand', @response.body
   end
 
+  def test_match_shorthand_with_module
+    assert_equal '/api/version', api_version_path
+    get '/api/version'
+    assert_equal 'api/api#version', @response.body
+  end
+
   def test_dynamically_generated_helpers_on_collection_do_not_clobber_resources_url_helper
     assert_equal '/replies', replies_path
   end
diff --git a/actionpack/test/fixtures/company.rb b/actionpack/test/fixtures/company.rb
index e29978801e..f3ac3642fa 100644
--- a/actionpack/test/fixtures/company.rb
+++ b/actionpack/test/fixtures/company.rb
@@ -1,6 +1,5 @@
 class Company < ActiveRecord::Base
   has_one :mascot
-  attr_protected :rating
   self.sequence_name = :companies_nonstd_seq
 
   validates_presence_of :name
diff --git a/actionpack/test/fixtures/ruby_template.rb b/actionpack/test/fixtures/ruby_template.ruby
index 5097bce47c..5097bce47c 100644
--- a/actionpack/test/fixtures/ruby_template.rb
+++ b/actionpack/test/fixtures/ruby_template.ruby
diff --git a/actionpack/test/template/render_test.rb b/actionpack/test/template/render_test.rb
index 6279abaae5..ddf5c6a1b3 100644
--- a/actionpack/test/template/render_test.rb
+++ b/actionpack/test/template/render_test.rb
@@ -97,12 +97,12 @@ module RenderTestCases
     assert_equal %q;Here are some characters: !@#$%^&*()-="'}{`; + "\n", @view.render(:template => "plain_text_with_characters")
   end
 
-  def test_render_rb_template_with_handlers
+  def test_render_ruby_template_with_handlers
     assert_equal "Hello from Ruby code", @view.render(:template => "ruby_template")
   end
 
-  def test_render_rb_template_inline
-    assert_equal '4', @view.render(:inline => "(2**2).to_s", :type => :rb)
+  def test_render_ruby_template_inline
+    assert_equal '4', @view.render(:inline => "(2**2).to_s", :type => :ruby)
   end
 
   def test_render_file_with_localization_on_context_level
@@ -451,6 +451,15 @@ module RenderTestCases
     assert_equal %(<title>David</title>),
       @view.render(:file => "test/layout_render_object")
   end
+  
+  def test_render_with_passing_couple_extensions_to_one_register_template_handler_function_call
+    ActionView::Template.register_template_handler :foo1, :foo2, CustomHandler
+    assert_equal @view.render(:inline => "Hello, World!", :type => :foo1), @view.render(:inline => "Hello, World!", :type => :foo2)
+  end
+  
+  def test_render_throws_exception_when_no_extensions_passed_to_register_template_handler_function_call
+    assert_raises(ArgumentError) { ActionView::Template.register_template_handler CustomHandler }
+  end
 end
 
 class CachedViewRenderTest < ActiveSupport::TestCase