9 files changed, 181 insertions, 1 deletions

diff --git a/actionpack/test/controller/http_digest_authentication_test.rb b/actionpack/test/controller/http_digest_authentication_test.rb
index a91e3cafa5..828ea5b0fb 100644
--- a/actionpack/test/controller/http_digest_authentication_test.rb
+++ b/actionpack/test/controller/http_digest_authentication_test.rb
@@ -274,6 +274,6 @@ class HttpDigestAuthenticationTest < ActionController::TestCase
   end
 
   def decode_credentials(header)
-    ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
+    ActionController::HttpAuthentication::Digest.decode_credentials(header)
   end
 end
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index 8167fc2fd2..09d9e65d38 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -559,6 +559,23 @@ class TestController < ActionController::Base
     render :template => "test/hello_world"
   end
 
+  def render_to_string_with_template_and_html_partial
+    @text = render_to_string :template => "test/with_partial", :formats => [:text]
+    @html = render_to_string :template => "test/with_partial", :formats => [:html]
+    render :template => "test/with_html_partial"
+  end
+
+  def render_to_string_and_render_with_different_formats
+    @html = render_to_string :template => "test/with_partial", :formats => [:html]
+    render :template => "test/with_partial", :formats => [:text]
+  end
+
+  def render_template_within_a_template_with_other_format
+    render  :template => "test/with_xml_template",
+            :formats  => [:html],
+            :layout   => "with_html_partial"
+  end
+
   def partial_with_counter
     render :partial => "counter", :locals => { :counter_counter => 5 }
   end
@@ -1268,6 +1285,28 @@ class RenderTest < ActionController::TestCase
     assert_equal "text/html", @response.content_type
   end
 
+  def test_render_to_string_with_template_and_html_partial
+    get :render_to_string_with_template_and_html_partial
+    assert_equal "**only partial**\n", assigns(:text)
+    assert_equal "<strong>only partial</strong>\n", assigns(:html)
+    assert_equal "<strong>only html partial</strong>\n", @response.body
+    assert_equal "text/html", @response.content_type
+  end
+
+  def test_render_to_string_and_render_with_different_formats
+    get :render_to_string_and_render_with_different_formats
+    assert_equal "<strong>only partial</strong>\n", assigns(:html)
+    assert_equal "**only partial**\n", @response.body
+    assert_equal "text/plain", @response.content_type
+  end
+
+  def test_render_template_within_a_template_with_other_format
+    get :render_template_within_a_template_with_other_format
+    expected = "only html partial<p>This is grand!</p>"
+    assert_equal expected, @response.body.strip
+    assert_equal "text/html", @response.content_type
+  end
+
   def test_partial_with_counter
     get :partial_with_counter
     assert_equal "5", @response.body
diff --git a/actionpack/test/dispatch/ssl_test.rb b/actionpack/test/dispatch/ssl_test.rb
new file mode 100644
index 0000000000..b1463f31cf
--- /dev/null
+++ b/actionpack/test/dispatch/ssl_test.rb
@@ -0,0 +1,135 @@
+require 'abstract_unit'
+
+class SSLTest < ActionDispatch::IntegrationTest
+  def default_app
+    lambda { |env|
+      headers = {'Content-Type' => "text/html"}
+      headers['Set-Cookie'] = "id=1; path=/\ntoken=abc; path=/; secure; HttpOnly"
+      [200, headers, ["OK"]]
+    }
+  end
+
+  def app
+    @app ||= ActionDispatch::SSL.new(default_app)
+  end
+  attr_writer :app
+
+  def test_allows_https_url
+    get "https://example.org/path?key=value"
+    assert_response :success
+  end
+
+  def test_allows_https_proxy_header_url
+    get "http://example.org/", {}, 'HTTP_X_FORWARDED_PROTO' => "https"
+    assert_response :success
+  end
+
+  def test_redirects_http_to_https
+    get "http://example.org/path?key=value"
+    assert_response :redirect
+    assert_equal "https://example.org/path?key=value",
+      response.headers['Location']
+  end
+
+  def test_exclude_from_redirect
+    self.app = ActionDispatch::SSL.new(default_app, :exclude => lambda { |env| true })
+    get "http://example.org/"
+    assert_response :success
+  end
+
+  def test_hsts_header_by_default
+    get "https://example.org/"
+    assert_equal "max-age=31536000",
+      response.headers['Strict-Transport-Security']
+  end
+
+  def test_hsts_header
+    self.app = ActionDispatch::SSL.new(default_app, :hsts => true)
+    get "https://example.org/"
+    assert_equal "max-age=31536000",
+      response.headers['Strict-Transport-Security']
+  end
+
+  def test_disable_hsts_header
+    self.app = ActionDispatch::SSL.new(default_app, :hsts => false)
+    get "https://example.org/"
+    refute response.headers['Strict-Transport-Security']
+  end
+
+  def test_hsts_expires
+    self.app = ActionDispatch::SSL.new(default_app, :hsts => { :expires => 500 })
+    get "https://example.org/"
+    assert_equal "max-age=500",
+      response.headers['Strict-Transport-Security']
+  end
+
+  def test_hsts_include_subdomains
+    self.app = ActionDispatch::SSL.new(default_app, :hsts => { :subdomains => true })
+    get "https://example.org/"
+    assert_equal "max-age=31536000; includeSubDomains",
+      response.headers['Strict-Transport-Security']
+  end
+
+  def test_flag_cookies_as_secure
+    get "https://example.org/"
+    assert_equal ["id=1; path=/; secure", "token=abc; path=/; secure; HttpOnly" ],
+      response.headers['Set-Cookie'].split("\n")
+  end
+
+  def test_flag_cookies_as_secure_at_end_of_line
+    self.app = ActionDispatch::SSL.new(lambda { |env|
+      headers = {
+        'Content-Type' => "text/html",
+        'Set-Cookie' => "problem=def; path=/; HttpOnly; secure"
+      }
+      [200, headers, ["OK"]]
+    })
+
+    get "https://example.org/"
+    assert_equal ["problem=def; path=/; HttpOnly; secure"],
+      response.headers['Set-Cookie'].split("\n")
+  end
+
+  def test_no_cookies
+    self.app = ActionDispatch::SSL.new(lambda { |env|
+      [200, {'Content-Type' => "text/html"}, ["OK"]]
+    })
+    get "https://example.org/"
+    assert !response.headers['Set-Cookie']
+  end
+
+  def test_redirect_to_host
+    self.app = ActionDispatch::SSL.new(default_app, :host => "ssl.example.org")
+    get "http://example.org/path?key=value"
+    assert_equal "https://ssl.example.org/path?key=value",
+      response.headers['Location']
+  end
+
+  def test_redirect_to_port
+    self.app = ActionDispatch::SSL.new(default_app, :port => 8443)
+    get "http://example.org/path?key=value"
+    assert_equal "https://example.org:8443/path?key=value",
+      response.headers['Location']
+  end
+
+  def test_redirect_to_host_and_port
+    self.app = ActionDispatch::SSL.new(default_app, :host => "ssl.example.org", :port => 8443)
+    get "http://example.org/path?key=value"
+    assert_equal "https://ssl.example.org:8443/path?key=value",
+      response.headers['Location']
+  end
+
+  def test_redirect_to_secure_host_when_on_subdomain
+    self.app = ActionDispatch::SSL.new(default_app, :host => "ssl.example.org")
+    get "http://ssl.example.org/path?key=value"
+    assert_equal "https://ssl.example.org/path?key=value",
+      response.headers['Location']
+  end
+
+  def test_redirect_to_secure_subdomain_when_on_deep_subdomain
+    self.app = ActionDispatch::SSL.new(default_app, :host => "example.co.uk")
+    get "http://double.rainbow.what.does.it.mean.example.co.uk/path?key=value"
+    assert_equal "https://example.co.uk/path?key=value",
+      response.headers['Location']
+  end
+end
diff --git a/actionpack/test/fixtures/layouts/with_html_partial.html.erb b/actionpack/test/fixtures/layouts/with_html_partial.html.erb
new file mode 100644
index 0000000000..fd2896aeaa
--- /dev/null
+++ b/actionpack/test/fixtures/layouts/with_html_partial.html.erb
@@ -0,0 +1 @@
+<%= render :partial => "partial_only_html" %><%= yield %>
diff --git a/actionpack/test/fixtures/test/_partial_only_html.html b/actionpack/test/fixtures/test/_partial_only_html.html
new file mode 100644
index 0000000000..d2d630bd40
--- /dev/null
+++ b/actionpack/test/fixtures/test/_partial_only_html.html
@@ -0,0 +1 @@
+only html partial
\ No newline at end of file
diff --git a/actionpack/test/fixtures/test/with_html_partial.html.erb b/actionpack/test/fixtures/test/with_html_partial.html.erb
new file mode 100644
index 0000000000..d84d909d64
--- /dev/null
+++ b/actionpack/test/fixtures/test/with_html_partial.html.erb
@@ -0,0 +1 @@
+<strong><%= render :partial => "partial_only_html" %></strong>
diff --git a/actionpack/test/fixtures/test/with_partial.html.erb b/actionpack/test/fixtures/test/with_partial.html.erb
new file mode 100644
index 0000000000..7502364cf5
--- /dev/null
+++ b/actionpack/test/fixtures/test/with_partial.html.erb
@@ -0,0 +1 @@
+<strong><%= render :partial => "partial_only" %></strong>
diff --git a/actionpack/test/fixtures/test/with_partial.text.erb b/actionpack/test/fixtures/test/with_partial.text.erb
new file mode 100644
index 0000000000..5f068ebf27
--- /dev/null
+++ b/actionpack/test/fixtures/test/with_partial.text.erb
@@ -0,0 +1 @@
+**<%= render :partial => "partial_only" %>**
diff --git a/actionpack/test/fixtures/test/with_xml_template.html.erb b/actionpack/test/fixtures/test/with_xml_template.html.erb
new file mode 100644
index 0000000000..e54a7cd001
--- /dev/null
+++ b/actionpack/test/fixtures/test/with_xml_template.html.erb
@@ -0,0 +1 @@
+<%= render :template => "test/greeting", :formats => :xml %>