diff options
Diffstat (limited to 'actionpack')
24 files changed, 393 insertions, 55 deletions
diff --git a/actionpack/lib/action_controller/metal/mime_responds.rb b/actionpack/lib/action_controller/metal/mime_responds.rb index 0f6bc10dd5..618a6cdb7d 100644 --- a/actionpack/lib/action_controller/metal/mime_responds.rb +++ b/actionpack/lib/action_controller/metal/mime_responds.rb @@ -1,5 +1,6 @@ require 'abstract_controller/collector' require 'active_support/core_ext/class/attribute' +require 'active_support/core_ext/object/inclusion' module ActionController #:nodoc: module MimeResponds @@ -248,9 +249,9 @@ module ActionController #:nodoc: config = self.class.mimes_for_respond_to[mime] if config[:except] - !config[:except].include?(action) + !action.in?(config[:except]) elsif config[:only] - config[:only].include?(action) + action.in?(config[:only]) else true end diff --git a/actionpack/lib/action_dispatch.rb b/actionpack/lib/action_dispatch.rb index 49971fc9f8..7f972fc281 100644 --- a/actionpack/lib/action_dispatch.rb +++ b/actionpack/lib/action_dispatch.rb @@ -60,6 +60,7 @@ module ActionDispatch autoload :Static end + autoload :ClosedError, 'action_dispatch/middleware/closed_error' autoload :MiddlewareStack, 'action_dispatch/middleware/stack' autoload :Routing diff --git a/actionpack/lib/action_dispatch/middleware/closed_error.rb b/actionpack/lib/action_dispatch/middleware/closed_error.rb new file mode 100644 index 0000000000..0a4db47f4b --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/closed_error.rb @@ -0,0 +1,7 @@ +module ActionDispatch + class ClosedError < StandardError #:nodoc: + def initialize(kind) + super "Cannot modify #{kind} because it was closed. This means it was already streamed back to the client or converted to HTTP headers." + end + end +end diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 7ac608f0a8..24ebb8fed7 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -83,7 +83,7 @@ module ActionDispatch # Raised when storing more than 4K of session data. class CookieOverflow < StandardError; end - class CookieJar < Hash #:nodoc: + class CookieJar #:nodoc: # This regular expression is used to split the levels of a domain. # The top level domain can be any string without a period or @@ -115,13 +115,22 @@ module ActionDispatch @delete_cookies = {} @host = host @secure = secure - - super() + @closed = false + @cookies = {} end + attr_reader :closed + alias :closed? :closed + def close!; @closed = true end + # Returns the value of the cookie by +name+, or +nil+ if no such cookie exists. def [](name) - super(name.to_s) + @cookies[name.to_s] + end + + def update(other_hash) + @cookies.update other_hash + self end def handle_options(options) #:nodoc: @@ -145,6 +154,7 @@ module ActionDispatch # Sets the cookie named +name+. The second argument may be the very cookie # value, or a hash of options as documented above. def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! value = options[:value] @@ -153,7 +163,7 @@ module ActionDispatch options = { :value => value } end - value = super(key.to_s, value) + value = @cookies[key.to_s] = value handle_options(options) @@ -170,7 +180,7 @@ module ActionDispatch handle_options(options) - value = super(key.to_s) + value = @cookies.delete(key.to_s) @delete_cookies[key] = options value end @@ -225,6 +235,7 @@ module ActionDispatch end def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! else @@ -263,6 +274,7 @@ module ActionDispatch end def []=(key, options) + raise ClosedError, :cookies if closed? if options.is_a?(Hash) options.symbolize_keys! options[:value] = @verifier.generate(options[:value]) @@ -305,6 +317,7 @@ module ActionDispatch end def call(env) + cookie_jar = nil status, headers, body = @app.call(env) if cookie_jar = env['action_dispatch.cookies'] @@ -315,6 +328,9 @@ module ActionDispatch end [status, headers, body] + ensure + cookie_jar = ActionDispatch::Request.new(env).cookie_jar unless cookie_jar + cookie_jar.close! end end end diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb index 21aeeb217a..027ff7f8ac 100644 --- a/actionpack/lib/action_dispatch/middleware/flash.rb +++ b/actionpack/lib/action_dispatch/middleware/flash.rb @@ -43,9 +43,15 @@ module ActionDispatch class FlashNow #:nodoc: def initialize(flash) @flash = flash + @closed = false end + attr_reader :closed + alias :closed? :closed + def close!; @closed = true end + def []=(k, v) + raise ClosedError, :flash if closed? @flash[k] = v @flash.discard(k) v @@ -66,27 +72,70 @@ module ActionDispatch end end - class FlashHash < Hash + class FlashHash + include Enumerable + def initialize #:nodoc: - super - @used = Set.new + @used = Set.new + @closed = false + @flashes = {} end + attr_reader :closed + alias :closed? :closed + def close!; @closed = true end + def []=(k, v) #:nodoc: + raise ClosedError, :flash if closed? keep(k) - super + @flashes[k] = v + end + + def [](k) + @flashes[k] end def update(h) #:nodoc: h.keys.each { |k| keep(k) } - super + @flashes.update h + self + end + + def keys + @flashes.keys + end + + def key?(name) + @flashes.key? name + end + + def delete(key) + @flashes.delete key + self + end + + def to_hash + @flashes.dup + end + + def empty? + @flashes.empty? + end + + def clear + @flashes.clear + end + + def each(&block) + @flashes.each(&block) end alias :merge! :update def replace(h) #:nodoc: @used = Set.new - super + @flashes.replace h + self end # Sets a flash that will not be available to the next action, only to the current. @@ -100,7 +149,7 @@ module ActionDispatch # # Entries set via <tt>now</tt> are accessed the same way as standard entries: <tt>flash['my-key']</tt>. def now - FlashNow.new(self) + @now ||= FlashNow.new(self) end # Keeps either the entire current flash or a specific flash entry available for the next action: @@ -184,8 +233,11 @@ module ActionDispatch session = env['rack.session'] || {} flash_hash = env['action_dispatch.request.flash_hash'] - if flash_hash && (!flash_hash.empty? || session.key?('flash')) + if flash_hash + if !flash_hash.empty? || session.key?('flash') session["flash"] = flash_hash + end + flash_hash.close! end if session.key?('flash') && session['flash'].empty? diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index 35be0b3a27..13aef18ee1 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -1,6 +1,7 @@ require 'erb' require 'active_support/core_ext/hash/except' require 'active_support/core_ext/object/blank' +require 'active_support/core_ext/object/inclusion' require 'active_support/inflector' require 'action_dispatch/routing/redirection' @@ -1345,11 +1346,11 @@ module ActionDispatch end def resource_scope? #:nodoc: - [:resource, :resources].include?(@scope[:scope_level]) + @scope[:scope_level].among?(:resource, :resources) end def resource_method_scope? #:nodoc: - [:collection, :member, :new].include?(@scope[:scope_level]) + @scope[:scope_level].among?(:collection, :member, :new) end def with_exclusive_scope diff --git a/actionpack/lib/action_dispatch/testing/assertions/response.rb b/actionpack/lib/action_dispatch/testing/assertions/response.rb index 77a15f3e97..16a6b93ce8 100644 --- a/actionpack/lib/action_dispatch/testing/assertions/response.rb +++ b/actionpack/lib/action_dispatch/testing/assertions/response.rb @@ -1,3 +1,5 @@ +require 'active_support/core_ext/object/inclusion' + module ActionDispatch module Assertions # A small suite of assertions that test responses from \Rails applications. @@ -33,7 +35,7 @@ module ActionDispatch def assert_response(type, message = nil) validate_request! - if [ :success, :missing, :redirect, :error ].include?(type) && @response.send("#{type}?") + if type.among?(:success, :missing, :redirect, :error) && @response.send("#{type}?") assert_block("") { true } # to count the assertion elsif type.is_a?(Fixnum) && @response.response_code == type assert_block("") { true } # to count the assertion diff --git a/actionpack/lib/action_dispatch/testing/assertions/selector.rb b/actionpack/lib/action_dispatch/testing/assertions/selector.rb index 2b862fb7d6..f41d3e5ddb 100644 --- a/actionpack/lib/action_dispatch/testing/assertions/selector.rb +++ b/actionpack/lib/action_dispatch/testing/assertions/selector.rb @@ -1,4 +1,5 @@ require 'action_controller/vendor/html-scanner' +require 'active_support/core_ext/object/inclusion' #-- # Copyright (c) 2006 Assaf Arkin (http://labnotes.org) @@ -441,7 +442,7 @@ module ActionDispatch if matches assert_block("") { true } # to count the assertion - if block_given? && !([:remove, :show, :hide, :toggle].include? rjs_type) + if block_given? && !rjs_type.among?(:remove, :show, :hide, :toggle) begin @selected ||= nil in_scope, @selected = @selected, matches diff --git a/actionpack/lib/action_dispatch/testing/integration.rb b/actionpack/lib/action_dispatch/testing/integration.rb index 4706112a06..174babb9aa 100644 --- a/actionpack/lib/action_dispatch/testing/integration.rb +++ b/actionpack/lib/action_dispatch/testing/integration.rb @@ -1,6 +1,7 @@ require 'stringio' require 'uri' require 'active_support/core_ext/kernel/singleton_class' +require 'active_support/core_ext/object/inclusion' require 'active_support/core_ext/object/try' require 'rack/test' require 'test/unit/assertions' @@ -243,7 +244,8 @@ module ActionDispatch end # Performs the actual request. - def process(method, path, parameters = nil, rack_environment = nil) + def process(method, path, parameters = nil, env = nil) + env ||= {} if path =~ %r{://} location = URI.parse(path) https! URI::HTTPS === location if location.scheme @@ -259,7 +261,7 @@ module ActionDispatch hostname, port = host.split(':') - env = { + default_env = { :method => method, :params => parameters, @@ -277,9 +279,7 @@ module ActionDispatch session = Rack::Test::Session.new(_mock_session) - (rack_environment || {}).each do |key, value| - env[key] = value - end + env.reverse_merge!(default_env) # NOTE: rack-test v0.5 doesn't build a default uri correctly # Make sure requested path is always a full uri @@ -321,7 +321,7 @@ module ActionDispatch define_method(method) do |*args| reset! unless integration_session # reset the html_document variable, but only for new get/post calls - @html_document = nil unless %w(cookies assigns).include?(method) + @html_document = nil unless method.among?("cookies", "assigns") integration_session.__send__(method, *args).tap do copy_session_variables! end diff --git a/actionpack/lib/action_view/helpers/csrf_helper.rb b/actionpack/lib/action_view/helpers/csrf_helper.rb index 65c8debc76..1f2bc28cac 100644 --- a/actionpack/lib/action_view/helpers/csrf_helper.rb +++ b/actionpack/lib/action_view/helpers/csrf_helper.rb @@ -17,10 +17,12 @@ module ActionView # Note that regular forms generate hidden fields, and that Ajax calls are whitelisted, # so they do not use these tags. def csrf_meta_tags - <<-METAS.strip_heredoc.chomp.html_safe if protect_against_forgery? - <meta name="csrf-param" content="#{Rack::Utils.escape_html(request_forgery_protection_token)}"/> - <meta name="csrf-token" content="#{Rack::Utils.escape_html(form_authenticity_token)}"/> - METAS + if protect_against_forgery? + [ + tag('meta', :name => 'csrf-param', :content => request_forgery_protection_token), + tag('meta', :name => 'csrf-token', :content => form_authenticity_token) + ].join("\n").html_safe + end end # For backwards compatibility. diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 2d3c5fe7e7..bdda1df437 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -303,7 +303,7 @@ module ActionView # # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.myblog.com</a>. # Please e-mail me at <a href=\"mailto:me@email.com\">me@email.com</a>." def auto_link(text, *args, &block)#link = :all, html = {}, &block) - return ''.html_safe if text.blank? + return '' if text.blank? options = args.size == 2 ? {} : args.extract_options! # this is necessary because the old auto_link API has a Hash as its last parameter unless args.empty? @@ -507,7 +507,7 @@ module ActionView end content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') end - end.html_safe + end end # Turns all email addresses into clickable links. If a block is given, diff --git a/actionpack/test/controller/flash_hash_test.rb b/actionpack/test/controller/flash_hash_test.rb new file mode 100644 index 0000000000..9b69a2648e --- /dev/null +++ b/actionpack/test/controller/flash_hash_test.rb @@ -0,0 +1,90 @@ +require 'abstract_unit' + +module ActionDispatch + class FlashHashTest < ActiveSupport::TestCase + def setup + @hash = Flash::FlashHash.new + end + + def test_set_get + @hash[:foo] = 'zomg' + assert_equal 'zomg', @hash[:foo] + end + + def test_keys + assert_equal [], @hash.keys + + @hash['foo'] = 'zomg' + assert_equal ['foo'], @hash.keys + + @hash['bar'] = 'zomg' + assert_equal ['foo', 'bar'].sort, @hash.keys.sort + end + + def test_update + @hash['foo'] = 'bar' + @hash.update('foo' => 'baz', 'hello' => 'world') + + assert_equal 'baz', @hash['foo'] + assert_equal 'world', @hash['hello'] + end + + def test_delete + @hash['foo'] = 'bar' + @hash.delete 'foo' + + assert !@hash.key?('foo') + assert_nil @hash['foo'] + end + + def test_to_hash + @hash['foo'] = 'bar' + assert_equal({'foo' => 'bar'}, @hash.to_hash) + + @hash.to_hash['zomg'] = 'aaron' + assert !@hash.key?('zomg') + assert_equal({'foo' => 'bar'}, @hash.to_hash) + end + + def test_empty? + assert @hash.empty? + @hash['zomg'] = 'bears' + assert !@hash.empty? + @hash.clear + assert @hash.empty? + end + + def test_each + @hash['hello'] = 'world' + @hash['foo'] = 'bar' + + things = [] + @hash.each do |k,v| + things << [k,v] + end + + assert_equal([%w{ hello world }, %w{ foo bar }].sort, things.sort) + end + + def test_replace + @hash['hello'] = 'world' + @hash.replace('omg' => 'aaron') + assert_equal({'omg' => 'aaron'}, @hash.to_hash) + end + + def test_discard_no_args + @hash['hello'] = 'world' + @hash.discard + @hash.sweep + assert_equal({}, @hash.to_hash) + end + + def test_discard_one_arg + @hash['hello'] = 'world' + @hash['omg'] = 'world' + @hash.discard 'hello' + @hash.sweep + assert_equal({'omg' => 'world'}, @hash.to_hash) + end + end +end diff --git a/actionpack/test/controller/flash_test.rb b/actionpack/test/controller/flash_test.rb index 3569a2f213..9c89f1334d 100644 --- a/actionpack/test/controller/flash_test.rb +++ b/actionpack/test/controller/flash_test.rb @@ -174,13 +174,13 @@ class FlashTest < ActionController::TestCase assert_equal(:foo_indeed, flash.discard(:foo)) # valid key passed assert_nil flash.discard(:unknown) # non existant key passed - assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.discard()) # nothing passed - assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.discard(nil)) # nothing passed + assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.discard().to_hash) # nothing passed + assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.discard(nil).to_hash) # nothing passed assert_equal(:foo_indeed, flash.keep(:foo)) # valid key passed assert_nil flash.keep(:unknown) # non existant key passed - assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.keep()) # nothing passed - assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.keep(nil)) # nothing passed + assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.keep().to_hash) # nothing passed + assert_equal({:foo => :foo_indeed, :bar => :bar_indeed}, flash.keep(nil).to_hash) # nothing passed end def test_redirect_to_with_alert @@ -214,11 +214,20 @@ class FlashIntegrationTest < ActionDispatch::IntegrationTest SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' class TestController < ActionController::Base + def dont_set_flash + head :ok + end + def set_flash flash["that"] = "hello" head :ok end + def set_flash_now + flash.now["that"] = "hello" + head :ok + end + def use_flash render :inline => "flash: #{flash["that"]}" end @@ -245,6 +254,47 @@ class FlashIntegrationTest < ActionDispatch::IntegrationTest end end + def test_setting_flash_raises_after_stream_back_to_client + with_test_route_set do + env = { 'action_dispatch.request.flash_hash' => ActionDispatch::Flash::FlashHash.new } + get '/set_flash', nil, env + assert_raise(ActionDispatch::ClosedError) { + @request.flash['alert'] = 'alert' + } + end + end + + def test_setting_flash_raises_after_stream_back_to_client_even_with_an_empty_flash + with_test_route_set do + env = { 'action_dispatch.request.flash_hash' => ActionDispatch::Flash::FlashHash.new } + get '/dont_set_flash', nil, env + assert_raise(ActionDispatch::ClosedError) { + @request.flash['alert'] = 'alert' + } + end + end + + def test_setting_flash_now_raises_after_stream_back_to_client + with_test_route_set do + env = { 'action_dispatch.request.flash_hash' => ActionDispatch::Flash::FlashHash.new } + get '/set_flash_now', nil, env + assert_raise(ActionDispatch::ClosedError) { + @request.flash.now['alert'] = 'alert' + } + end + end + + def test_setting_flash_now_raises_after_stream_back_to_client_even_with_an_empty_flash + with_test_route_set do + env = { 'action_dispatch.request.flash_hash' => ActionDispatch::Flash::FlashHash.new } + get '/dont_set_flash', nil, env + assert_raise(ActionDispatch::ClosedError) { + @request.flash.now['alert'] = 'alert' + } + end + end + + private # Overwrite get to send SessionSecret in env hash diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index f0d62b0b13..01dc2f2091 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -521,4 +521,12 @@ class ApplicationIntegrationTest < ActionDispatch::IntegrationTest get '/foo' assert_raise(NameError) { missing_path } end + + test "process reuse the env we pass as argument" do + env = { :SERVER_NAME => 'server', 'action_dispatch.custom' => 'custom' } + get '/foo', nil, env + assert_equal :get, env[:method] + assert_equal 'server', env[:SERVER_NAME] + assert_equal 'custom', env['action_dispatch.custom'] + end end diff --git a/actionpack/test/controller/mime_responds_test.rb b/actionpack/test/controller/mime_responds_test.rb index 41f80d0784..be5866e5aa 100644 --- a/actionpack/test/controller/mime_responds_test.rb +++ b/actionpack/test/controller/mime_responds_test.rb @@ -1,6 +1,7 @@ require 'abstract_unit' require 'controller/fake_models' require 'active_support/core_ext/hash/conversions' +require 'active_support/core_ext/object/inclusion' class StarStarMimeController < ActionController::Base layout nil @@ -158,7 +159,7 @@ class RespondToController < ActionController::Base protected def set_layout - if ["all_types_with_layout", "iphone_with_html_response_type"].include?(action_name) + if action_name.among?("all_types_with_layout", "iphone_with_html_response_type") "respond_to/layouts/standard" elsif action_name == "iphone_with_html_response_type_without_layout" "respond_to/layouts/missing" diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index d520b5e512..31f4bf3a76 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -172,13 +172,11 @@ end class RequestForgeryProtectionControllerTest < ActionController::TestCase include RequestForgeryProtectionTests - test 'should emit a csrf-token meta tag' do + test 'should emit a csrf-param meta tag and a csrf-token meta tag' do ActiveSupport::SecureRandom.stubs(:base64).returns(@token + '<=?') get :meta - assert_equal <<-METAS.strip_heredoc.chomp, @response.body - <meta name="csrf-param" content="authenticity_token"/> - <meta name="csrf-token" content="cf50faa3fe97702ca1ae<=?"/> - METAS + assert_select 'meta[name=?][content=?]', 'csrf-param', 'authenticity_token' + assert_select 'meta[name=?][content=?]', 'csrf-token', 'cf50faa3fe97702ca1ae<=?' end end diff --git a/actionpack/test/controller/resources_test.rb b/actionpack/test/controller/resources_test.rb index acb4617a60..6ea492cf8b 100644 --- a/actionpack/test/controller/resources_test.rb +++ b/actionpack/test/controller/resources_test.rb @@ -1,6 +1,7 @@ require 'abstract_unit' require 'active_support/core_ext/object/try' require 'active_support/core_ext/object/with_options' +require 'active_support/core_ext/object/inclusion' class ResourcesController < ActionController::Base def index() render :nothing => true end @@ -1292,7 +1293,7 @@ class ResourcesTest < ActionController::TestCase def assert_resource_methods(expected, resource, action_method, method) assert_equal expected.length, resource.send("#{action_method}_methods")[method].size, "#{resource.send("#{action_method}_methods")[method].inspect}" expected.each do |action| - assert resource.send("#{action_method}_methods")[method].include?(action), + assert action.in?(resource.send("#{action_method}_methods")[method]) "#{method} not in #{action_method} methods: #{resource.send("#{action_method}_methods")[method].inspect}" end end @@ -1329,9 +1330,9 @@ class ResourcesTest < ActionController::TestCase options = options.merge(:action => action.to_s) path_options = { :path => path, :method => method } - if Array(allowed).include?(action) + if action.in?(Array(allowed)) assert_recognizes options, path_options - elsif Array(not_allowed).include?(action) + elsif action.in?(Array(not_allowed)) assert_not_recognizes options, path_options end end diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index 39159fd629..ebc16694db 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -495,3 +495,99 @@ class CookiesTest < ActionController::TestCase end end end + +class CookiesIntegrationTest < ActionDispatch::IntegrationTest + SessionKey = '_myapp_session' + SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' + + class TestController < ActionController::Base + def dont_set_cookies + head :ok + end + + def set_cookies + cookies["that"] = "hello" + head :ok + end + end + + def test_setting_cookies_raises_after_stream_back_to_client + with_test_route_set do + get '/set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar['alert'] = 'alert' + cookies['alert'] = 'alert' + } + end + end + + def test_setting_cookies_raises_after_stream_back_to_client_even_without_cookies + with_test_route_set do + get '/dont_set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar['alert'] = 'alert' + } + end + end + + def test_setting_permanent_cookies_raises_after_stream_back_to_client + with_test_route_set do + get '/set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar.permanent['alert'] = 'alert' + cookies['alert'] = 'alert' + } + end + end + + def test_setting_permanent_cookies_raises_after_stream_back_to_client_even_without_cookies + with_test_route_set do + get '/dont_set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar.permanent['alert'] = 'alert' + } + end + end + + def test_setting_signed_cookies_raises_after_stream_back_to_client + with_test_route_set do + get '/set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar.signed['alert'] = 'alert' + cookies['alert'] = 'alert' + } + end + end + + def test_setting_signed_cookies_raises_after_stream_back_to_client_even_without_cookies + with_test_route_set do + get '/dont_set_cookies' + assert_raise(ActionDispatch::ClosedError) { + request.cookie_jar.signed['alert'] = 'alert' + } + end + end + + private + + # Overwrite get to send SessionSecret in env hash + def get(path, parameters = nil, env = {}) + env["action_dispatch.secret_token"] ||= SessionSecret + super + end + + def with_test_route_set + with_routing do |set| + set.draw do + match ':action', :to => CookiesIntegrationTest::TestController + end + + @app = self.class.build_app(set) do |middleware| + middleware.use ActionDispatch::Cookies + middleware.delete "ActionDispatch::ShowExceptions" + end + + yield + end + end +end diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 5e5758a60e..cf7a5aaa3b 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -1,6 +1,7 @@ require 'erb' require 'abstract_unit' require 'controller/fake_controllers' +require 'active_support/core_ext/object/inclusion' class TestRoutingMapper < ActionDispatch::IntegrationTest SprocketsApp = lambda { |env| @@ -495,7 +496,7 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest resources :todos, :id => /\d+/ end - scope '/countries/:country', :constraints => lambda { |params, req| %[all France].include?(params[:country]) } do + scope '/countries/:country', :constraints => lambda { |params, req| params[:country].among?("all", "France") } do match '/', :to => 'countries#index' match '/cities', :to => 'countries#cities' end diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index d1891094e8..30f6d1a213 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -1,4 +1,5 @@ require 'abstract_unit' +require 'active_support/core_ext/object/inclusion' class ErbUtilTest < Test::Unit::TestCase include ERB::Util @@ -29,7 +30,7 @@ class ErbUtilTest < Test::Unit::TestCase def test_rest_in_ascii (0..127).to_a.map {|int| int.chr }.each do |chr| - next if %w(& " < >).include?(chr) + next if chr.in?('&"<>') assert_equal chr, html_escape(chr) end end diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index ff183d097d..435ce81238 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -1,5 +1,6 @@ require 'abstract_unit' require 'controller/fake_models' +require 'active_support/core_ext/object/inclusion' class FormHelperTest < ActionView::TestCase tests ActionView::Helpers::FormHelper @@ -1743,7 +1744,7 @@ class FormHelperTest < ActionView::TestCase def snowman(method = nil) txt = %{<div style="margin:0;padding:0;display:inline">} txt << %{<input name="utf8" type="hidden" value="✓" />} - if (method && !['get','post'].include?(method.to_s)) + if method && !method.to_s.among?('get', 'post') txt << %{<input name="_method" type="hidden" value="#{method}" />} end txt << %{</div>} diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb index 93ff7ba0fd..76236aee41 100644 --- a/actionpack/test/template/form_options_helper_test.rb +++ b/actionpack/test/template/form_options_helper_test.rb @@ -1,5 +1,6 @@ require 'abstract_unit' require 'tzinfo' +require 'active_support/core_ext/object/inclusion' class Map < Hash def category @@ -82,7 +83,7 @@ class FormOptionsHelperTest < ActionView::TestCase def test_collection_options_with_proc_for_disabled assert_dom_equal( "<option value=\"<Abe>\"><Abe> went home</option>\n<option value=\"Babe\" disabled=\"disabled\">Babe went home</option>\n<option value=\"Cabe\" disabled=\"disabled\">Cabe went home</option>", - options_from_collection_for_select(dummy_posts, "author_name", "title", :disabled => lambda{|p| %w(Babe Cabe).include? p.author_name }) + options_from_collection_for_select(dummy_posts, "author_name", "title", :disabled => lambda{|p| p.author_name.among?("Babe", "Cabe") }) ) end diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb index f8671f2980..aa2114ff79 100644 --- a/actionpack/test/template/form_tag_helper_test.rb +++ b/actionpack/test/template/form_tag_helper_test.rb @@ -1,4 +1,5 @@ require 'abstract_unit' +require 'active_support/core_ext/object/inclusion' class FormTagHelperTest < ActionView::TestCase tests ActionView::Helpers::FormTagHelper @@ -13,7 +14,7 @@ class FormTagHelperTest < ActionView::TestCase txt = %{<div style="margin:0;padding:0;display:inline">} txt << %{<input name="utf8" type="hidden" value="✓" />} - if (method && !['get','post'].include?(method.to_s)) + if method && !method.to_s.among?('get','post') txt << %{<input name="_method" type="hidden" value="#{method}" />} end txt << %{</div>} diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index d0d4286393..a4fcff5167 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -315,14 +315,20 @@ class TextHelperTest < ActionView::TestCase end end - def test_auto_link_should_be_html_safe + def test_auto_link_should_not_be_html_safe email_raw = 'santiago@wyeworks.com' link_raw = 'http://www.rubyonrails.org' - assert auto_link(nil).html_safe? - assert auto_link('').html_safe? - assert auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe? - assert auto_link("hello #{email_raw}").html_safe? + assert !auto_link(nil).html_safe?, 'should not be html safe' + assert !auto_link('').html_safe?, 'should not be html safe' + assert !auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe?, 'should not be html safe' + assert !auto_link("hello #{email_raw}").html_safe?, 'should not be html safe' + end + + def test_auto_link_email_address + email_raw = 'aaron@tenderlovemaking.com' + email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>} + assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe' end def test_auto_link |