diff options
Diffstat (limited to 'railties')
29 files changed, 235 insertions, 473 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 1c28ac7476..8c2b64d543 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,5 +1,21 @@ ## Rails 4.0.0 (unreleased) ## +* Remove highly uncommon `config.assets.manifest` option for moving the manifest path. + This option is now unsupported in sprockets-rails. + + *Guillermo Iguaran & Dmitry Vorotilin* + +* Add `config.action_controller.permit_all_parameters` to disable + StrongParameters protection, it's false by default. + + *Guillermo Iguaran* + +* Remove `config.active_record.whitelist_attributes` and + `config.active_record.mass_assignment_sanitizer` from new applications since + MassAssignmentSecurity has been extracted from Rails. + + *Guillermo Iguaran* + * Change `rails new` and `rails plugin new` generators to name the `.gitkeep` files as `.keep` in a more SCM-agnostic way. diff --git a/railties/lib/rails.rb b/railties/lib/rails.rb index 670477f91a..a15965a9da 100644 --- a/railties/lib/rails.rb +++ b/railties/lib/rails.rb @@ -22,7 +22,6 @@ end module Rails autoload :Info, 'rails/info' autoload :InfoController, 'rails/info_controller' - autoload :Queueing, 'rails/queueing' class << self def application diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index 80b8e4b9ba..050190cba6 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -1,4 +1,5 @@ require 'fileutils' +require 'active_support/queueing' require 'rails/engine' module Rails @@ -88,8 +89,8 @@ module Rails @initialized end - # Implements call according to the Rack API. It simples - # dispatch the request to the underlying middleware stack. + # Implements call according to the Rack API. It simply + # dispatches the request to the underlying middleware stack. def call(env) env["ORIGINAL_FULLPATH"] = build_original_fullpath(env) super(env) @@ -188,7 +189,7 @@ module Rails end def queue #:nodoc: - @queue ||= Queueing::Container.new(build_queue) + @queue ||= ActiveSupport::QueueContainer.new(build_queue) end def build_queue #:nodoc: diff --git a/railties/lib/rails/application/configuration.rb b/railties/lib/rails/application/configuration.rb index 7a0bb21043..613c5b25f0 100644 --- a/railties/lib/rails/application/configuration.rb +++ b/railties/lib/rails/application/configuration.rb @@ -1,5 +1,6 @@ require 'active_support/core_ext/kernel/reporting' require 'active_support/file_update_checker' +require 'active_support/queueing' require 'rails/engine/configuration' module Rails @@ -12,7 +13,7 @@ module Rails :railties_order, :relative_url_root, :secret_token, :serve_static_assets, :ssl_options, :static_cache_control, :session_options, :time_zone, :reload_classes_only_on_change, - :queue, :queue_consumer + :queue, :queue_consumer, :beginning_of_week attr_writer :log_level attr_reader :encoding @@ -30,6 +31,7 @@ module Rails @session_store = :cookie_store @session_options = {} @time_zone = "UTC" + @beginning_of_week = :monday @log_level = nil @middleware = app_middleware @generators = app_generators @@ -41,8 +43,8 @@ module Rails @exceptions_app = nil @autoflush_log = true @log_formatter = ActiveSupport::Logger::SimpleFormatter.new - @queue = Rails::Queueing::SynchronousQueue - @queue_consumer = Rails::Queueing::ThreadedConsumer + @queue = ActiveSupport::SynchronousQueue + @queue_consumer = ActiveSupport::ThreadedQueueConsumer @eager_load = nil @assets = ActiveSupport::OrderedOptions.new @@ -55,7 +57,6 @@ module Rails @assets.debug = false @assets.compile = true @assets.digest = false - @assets.manifest = nil @assets.cache_store = [ :file_store, "#{root}/tmp/cache/assets/" ] @assets.js_compressor = nil @assets.css_compressor = nil diff --git a/railties/lib/rails/application/finisher.rb b/railties/lib/rails/application/finisher.rb index 777f0d269e..d2a402aa51 100644 --- a/railties/lib/rails/application/finisher.rb +++ b/railties/lib/rails/application/finisher.rb @@ -97,8 +97,8 @@ module Rails end initializer :activate_queue_consumer do |app| - if config.queue == Rails::Queueing::Queue - app.queue_consumer = config.queue_consumer.start(app.queue) + if config.queue == ActiveSupport::Queue + app.queue_consumer = config.queue_consumer.start(app.queue, {logger: Rails.logger}) at_exit { app.queue_consumer.shutdown } end end diff --git a/railties/lib/rails/deprecation.rb b/railties/lib/rails/deprecation.rb index c5811b2629..89f54069e9 100644 --- a/railties/lib/rails/deprecation.rb +++ b/railties/lib/rails/deprecation.rb @@ -3,7 +3,8 @@ require 'active_support/deprecation/proxy_wrappers' module Rails class DeprecatedConstant < ActiveSupport::Deprecation::DeprecatedConstantProxy def self.deprecate(old, current) - constant = new(old, current) + # double assignment is used to avoid "assigned but unused variable" warning + constant = constant = new(old, current) eval "::#{old} = constant" end diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt index 6c0ef31725..d83690e1b9 100644 --- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb.tt @@ -1,5 +1,5 @@ class ApplicationController < ActionController::Base # Prevent CSRF attacks by raising an exception. - # For APIs, you may want to use :reset_session instead. + # For APIs, you may want to use :null_session instead. protect_from_forgery with: :exception end diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb index 09b08d5663..f7d8f718de 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/application.rb +++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb @@ -46,11 +46,6 @@ module <%= app_const_base %> # like if you have constraints or database-specific column types. # config.active_record.schema_format = :sql - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - <%= comment_if :skip_active_record %>config.active_record.whitelist_attributes = true <% unless options.skip_sprockets? -%> # Enable the asset pipeline. diff --git a/railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt index bcd0e7c898..6b5b3a0b1f 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/environments/development.rb.tt @@ -23,9 +23,6 @@ config.action_dispatch.best_standards_support = :builtin <%- unless options.skip_active_record? -%> - # Raise exception on mass assignment protection for Active Record models. - config.active_record.mass_assignment_sanitizer = :strict - # Log the query plan for queries taking more than this (works # with SQLite, MySQL, and PostgreSQL). config.active_record.auto_explain_threshold_in_seconds = 0.5 diff --git a/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt index fdf011a510..cb3e8b123e 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/environments/production.rb.tt @@ -82,5 +82,5 @@ # Default the production mode queue to an synchronous queue. You will probably # want to replace this with an out-of-process queueing solution. - # config.queue = Rails::Queueing::SynchronousQueue + # config.queue = ActiveSupport::SynchronousQueue end diff --git a/railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt b/railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt index 8ab27eb6e1..202fc98adf 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt +++ b/railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt @@ -31,14 +31,9 @@ # ActionMailer::Base.deliveries array. config.action_mailer.delivery_method = :test - <%- unless options.skip_active_record? -%> - # Raise exception on mass assignment protection for Active Record models. - config.active_record.mass_assignment_sanitizer = :strict - <%- end -%> - # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr # Use the testing queue. - config.queue = Rails::Queueing::TestQueue + config.queue = ActiveSupport::TestQueue end diff --git a/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb b/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb index 0618b16984..f30ad6e20d 100644 --- a/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb +++ b/railties/lib/rails/generators/rails/scaffold_controller/scaffold_controller_generator.rb @@ -10,6 +10,8 @@ module Rails class_option :orm, :banner => "NAME", :type => :string, :required => true, :desc => "ORM to generate the controller for" + argument :attributes, :type => :array, :default => [], :banner => "field:type field:type" + def create_controller_files template "controller.rb", File.join('app/controllers', class_path, "#{controller_file_name}_controller.rb") end diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb index b3e74f9b02..5d038d20e7 100644 --- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb +++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb @@ -45,7 +45,7 @@ class <%= controller_class_name %>Controller < ApplicationController # POST <%= route_url %> # POST <%= route_url %>.json def create - @<%= singular_table_name %> = <%= orm_class.build(class_name, "params[:#{singular_table_name}]") %> + @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %> respond_to do |format| if @<%= orm_instance.save %> @@ -64,7 +64,7 @@ class <%= controller_class_name %>Controller < ApplicationController @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %> respond_to do |format| - if @<%= orm_instance.update_attributes("params[:#{singular_table_name}]") %> + if @<%= orm_instance.update_attributes("#{singular_table_name}_params") %> format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %> } format.json { head :no_content } else @@ -85,5 +85,17 @@ class <%= controller_class_name %>Controller < ApplicationController format.json { head :no_content } end end + + private + + # Use this method to whitelist the permissible parameters. Example: params.require(:person).permit(:name, :age) + # Also, you can specialize this method with per-user checking of permissible attributes. + def <%= "#{singular_table_name}_params" %> + <%- if attributes.empty? -%> + params[<%= ":#{singular_table_name}" %>] + <%- else -%> + params.require(<%= ":#{singular_table_name}" %>).permit(<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>) + <%- end -%> + end end <% end -%> diff --git a/railties/lib/rails/queueing.rb b/railties/lib/rails/queueing.rb deleted file mode 100644 index 7cd755b0f7..0000000000 --- a/railties/lib/rails/queueing.rb +++ /dev/null @@ -1,115 +0,0 @@ -require "thread" -require 'delegate' - -module Rails - module Queueing - # A container for multiple queues. This class delegates to a default Queue - # so that <tt>Rails.queue.push</tt> and friends will Just Work. To use this class - # with multiple queues: - # - # # In your configuration: - # Rails.queue[:image_queue] = SomeQueue.new - # Rails.queue[:mail_queue] = SomeQueue.new - # - # # In your app code: - # Rails.queue[:mail_queue].push SomeJob.new - # - class Container < DelegateClass(::Queue) - def initialize(default_queue) - @queues = { :default => default_queue } - super(default_queue) - end - - def [](queue_name) - @queues[queue_name] - end - - def []=(queue_name, queue) - @queues[queue_name] = queue - end - end - - # A Queue that simply inherits from STDLIB's Queue. Everytime this - # queue is used, Rails automatically sets up a ThreadedConsumer - # to consume it. - class Queue < ::Queue - end - - class SynchronousQueue < ::Queue - def push(job) - job.run - end - alias << push - alias enq push - end - - # In test mode, the Rails queue is backed by an Array so that assertions - # can be made about its contents. The test queue provides a +jobs+ - # method to make assertions about the queue's contents and a +drain+ - # method to drain the queue and run the jobs. - # - # Jobs are run in a separate thread to catch mistakes where code - # assumes that the job is run in the same thread. - class TestQueue < ::Queue - # Get a list of the jobs off this queue. This method may not be - # available on production queues. - def jobs - @que.dup - end - - # Marshal and unmarshal job before pushing it onto the queue. This will - # raise an exception on any attempts in tests to push jobs that can't (or - # shouldn't) be marshalled. - def push(job) - super Marshal.load(Marshal.dump(job)) - end - - # Drain the queue, running all jobs in a different thread. This method - # may not be available on production queues. - def drain - # run the jobs in a separate thread so assumptions of synchronous - # jobs are caught in test mode. - Thread.new { pop.run until empty? }.join - end - end - - # The threaded consumer will run jobs in a background thread in - # development mode or in a VM where running jobs on a thread in - # production mode makes sense. - # - # When the process exits, the consumer pushes a nil onto the - # queue and joins the thread, which will ensure that all jobs - # are executed before the process finally dies. - class ThreadedConsumer - def self.start(queue) - new(queue).start - end - - def initialize(queue) - @queue = queue - end - - def start - @thread = Thread.new do - while job = @queue.pop - begin - job.run - rescue Exception => e - handle_exception e - end - end - end - self - end - - def shutdown - @queue.push nil - @thread.join - end - - def handle_exception(e) - Rails.logger.error "Job Error: #{e.message}\n#{e.backtrace.join("\n")}" - end - end - end -end diff --git a/railties/test/application/assets_test.rb b/railties/test/application/assets_test.rb index 841828e634..12466d4187 100644 --- a/railties/test/application/assets_test.rb +++ b/railties/test/application/assets_test.rb @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- require 'isolation/abstract_unit' -require 'active_support/core_ext/kernel/reporting' require 'rack/test' module ApplicationTests @@ -28,10 +27,18 @@ module ApplicationTests def clean_assets! quietly do - assert Dir.chdir(app_path){ system('bundle exec rake assets:clean') } + assert Dir.chdir(app_path) { system('bundle exec rake assets:clean') } end end + def assert_file_exists(filename) + assert File.exists?(filename), "missing #{filename}" + end + + def assert_no_file_exists(filename) + assert !File.exists?(filename), "#{filename} does exist" + end + test "assets routes have higher priority" do app_file "app/assets/javascripts/demo.js.erb", "a = <%= image_path('rails.png').inspect %>;" @@ -92,9 +99,8 @@ module ApplicationTests images_should_compile = ["a.png", "happyface.png", "happy_face.png", "happy.face.png", "happy-face.png", "happy.happy_face.png", "happy_happy.face.png", - "happy.happy.face.png", "happy", "happy.face", "-happyface", - "-happy.png", "-happy.face.png", "_happyface", "_happy.face.png", - "_happy.png"] + "happy.happy.face.png", "-happy.png", "-happy.face.png", + "_happy.face.png", "_happy.png"] images_should_compile.each do |filename| app_file "app/assets/images/#{filename}", "happy" @@ -103,7 +109,7 @@ module ApplicationTests precompile! images_should_compile.each do |filename| - assert_file_exists "#{app_path}/public/assets/#{filename}" + assert_file_exists("#{app_path}/public/assets/#{filename}") end assert_file_exists("#{app_path}/public/assets/application.js") @@ -119,12 +125,13 @@ module ApplicationTests assert_no_file_exists("#{app_path}/public/assets/something.else.css") end - def assert_file_exists(filename) - assert File.exists?(filename), "missing #{filename}" - end + test "precompile something.js for directory containing index file" do + add_to_config "config.assets.precompile = [ 'something.js' ]" + app_file "app/assets/javascripts/something/index.js.erb", "alert();" - def assert_no_file_exists(filename) - assert !File.exists?(filename), "#{filename} does exist" + precompile! + + assert_file_exists("#{app_path}/public/assets/something.js") end test "asset pipeline should use a Sprockets::Index when config.assets.digest is true" do @@ -151,21 +158,6 @@ module ApplicationTests assert_match(/application-([0-z]+)\.css/, assets["application.css"]) end - test "precompile creates a manifest file in a custom path with all the assets listed" do - app_file "app/assets/stylesheets/application.css.erb", "<%= asset_path('rails.png') %>" - app_file "app/assets/javascripts/application.js", "alert();" - # digest is default in false, we must enable it for test environment - add_to_config "config.assets.digest = true" - add_to_config "config.assets.manifest = '#{app_path}/shared'" - - precompile! - manifest = "#{app_path}/shared/manifest.yml" - - assets = YAML.load_file(manifest) - assert_match(/application-([0-z]+)\.js/, assets["application.js"]) - assert_match(/application-([0-z]+)\.css/, assets["application.css"]) - end - test "the manifest file should be saved by default in the same assets folder" do app_file "app/assets/javascripts/application.js", "alert();" # digest is default in false, we must enable it for test environment @@ -186,8 +178,8 @@ module ApplicationTests precompile! - assert File.exists?("#{app_path}/public/assets/application.js") - assert File.exists?("#{app_path}/public/assets/application.css") + assert_file_exists("#{app_path}/public/assets/application.js") + assert_file_exists("#{app_path}/public/assets/application.css") manifest = "#{app_path}/public/assets/manifest.yml" @@ -238,7 +230,7 @@ module ApplicationTests get '/posts' assert_match(/AssetNotPrecompiledError/, last_response.body) - assert_match(/app.js isn't precompiled/, last_response.body) + assert_match(/app\.js isn't precompiled/, last_response.body) end test "assets raise AssetNotPrecompiledError when manifest file is present and requested file isn't precompiled if digest is disabled" do @@ -262,7 +254,7 @@ module ApplicationTests get '/posts' assert_match(/AssetNotPrecompiledError/, last_response.body) - assert_match(/app.js isn't precompiled/, last_response.body) + assert_match(/app\.js isn't precompiled/, last_response.body) end test "precompile properly refers files referenced with asset_path and and run in the provided RAILS_ENV" do @@ -318,7 +310,7 @@ module ApplicationTests get "/assets/#{URI.parser.escape(filename)}" assert_match "not a image really", last_response.body - assert File.exists?("#{app_path}/public/assets/#{filename}") + assert_file_exists("#{app_path}/public/assets/#{filename}") end test "assets are cleaned up properly" do @@ -454,7 +446,6 @@ module ApplicationTests add_to_config "config.assets.compile = true" add_to_config "config.assets.digest = true" - clean_assets! precompile! files = Dir["#{app_path}/public/assets/application-*.js"] @@ -504,6 +495,18 @@ module ApplicationTests assert_match 'src="/sub/uri/assets/rails.png"', File.read("#{app_path}/public/assets/app.js") end + test "html assets are compiled when executing precompile" do + app_file "app/assets/pages/page.html.erb", "<%= javascript_include_tag :application %>" + ENV["RAILS_ENV"] = "production" + ENV["RAILS_GROUP"] = "assets" + + quietly do + Dir.chdir(app_path){ `bundle exec rake assets:precompile` } + end + + assert_file_exists("#{app_path}/public/assets/page.html") + end + test "assets:cache:clean should clean cache" do ENV["RAILS_ENV"] = "production" precompile! diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 039b08c723..d014e5e362 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -358,19 +358,6 @@ module ApplicationTests assert_equal "utf-16", ActionDispatch::Response.default_charset end - test "sets all Active Record models to whitelist all attributes by default" do - add_to_config <<-RUBY - config.active_record.whitelist_attributes = true - RUBY - - require "#{app_path}/config/environment" - - klass = Class.new(ActiveRecord::Base) - - assert_equal ActiveModel::MassAssignmentSecurity::WhiteList, klass.active_authorizers[:default].class - assert_equal [], klass.active_authorizers[:default].to_a - end - test "registers interceptors with ActionMailer" do add_to_config <<-RUBY config.action_mailer.interceptors = MyMailInterceptor @@ -445,6 +432,28 @@ module ApplicationTests end end + test "valid beginning of week is setup correctly" do + add_to_config <<-RUBY + config.root = "#{app_path}" + config.beginning_of_week = :wednesday + RUBY + + require "#{app_path}/config/environment" + + assert_equal :wednesday, Rails.application.config.beginning_of_week + end + + test "raises when an invalid beginning of week is defined in the config" do + add_to_config <<-RUBY + config.root = "#{app_path}" + config.beginning_of_week = :invalid + RUBY + + assert_raise(ArgumentError) do + require "#{app_path}/config/environment" + end + end + test "config.action_controller.perform_caching = false" do make_basic_app do |app| app.config.action_controller.perform_caching = false @@ -573,6 +582,28 @@ module ApplicationTests assert_equal '{"title"=>"foo"}', last_response.body end + test "config.action_controller.permit_all_parameters = true" do + app_file 'app/controllers/posts_controller.rb', <<-RUBY + class PostsController < ActionController::Base + def create + render :text => params[:post].permitted? ? "permitted" : "forbidden" + end + end + RUBY + + add_to_config <<-RUBY + routes.prepend do + resources :posts + end + config.action_controller.permit_all_parameters = true + RUBY + + require "#{app_path}/config/environment" + + post "/posts", {:post => {"title" =>"zomg"}} + assert_equal 'permitted', last_response.body + end + test "config.action_dispatch.ignore_accept_header" do make_basic_app do |app| app.config.action_dispatch.ignore_accept_header = true diff --git a/railties/test/application/initializers/frameworks_test.rb b/railties/test/application/initializers/frameworks_test.rb index 1eb5fce384..5268257d62 100644 --- a/railties/test/application/initializers/frameworks_test.rb +++ b/railties/test/application/initializers/frameworks_test.rb @@ -52,19 +52,19 @@ module ApplicationTests test "uses the default queue for ActionMailer" do require "#{app_path}/config/environment" - assert_kind_of Rails::Queueing::Container, ActionMailer::Base.queue + assert_kind_of ActiveSupport::QueueContainer, ActionMailer::Base.queue end test "allows me to configure queue for ActionMailer" do app_file "config/environments/development.rb", <<-RUBY AppTemplate::Application.configure do - Rails.queue[:mailer] = Rails::Queueing::TestQueue.new + Rails.queue[:mailer] = ActiveSupport::TestQueue.new config.action_mailer.queue = Rails.queue[:mailer] end RUBY require "#{app_path}/config/environment" - assert_kind_of Rails::Queueing::TestQueue, ActionMailer::Base.queue + assert_kind_of ActiveSupport::TestQueue, ActionMailer::Base.queue end test "does not include url helpers as action methods" do diff --git a/railties/test/application/loading_test.rb b/railties/test/application/loading_test.rb index e0286502f3..fcbc3c048c 100644 --- a/railties/test/application/loading_test.rb +++ b/railties/test/application/loading_test.rb @@ -20,7 +20,6 @@ class LoadingTest < ActiveSupport::TestCase app_file "app/models/post.rb", <<-MODEL class Post < ActiveRecord::Base validates_acceptance_of :title, :accept => "omg" - attr_accessible :title end MODEL diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb index 07134cc935..06dec81d40 100644 --- a/railties/test/application/middleware/session_test.rb +++ b/railties/test/application/middleware/session_test.rb @@ -46,5 +46,87 @@ module ApplicationTests assert last_request.env["HTTP_COOKIE"] assert !last_response.headers["Set-Cookie"] end + + test "session is empty and isn't saved on unverified request when using :null_session protect method" do + app_file 'config/routes.rb', <<-RUBY + AppTemplate::Application.routes.draw do + get ':controller(/:action)' + post ':controller(/:action)' + end + RUBY + + controller :foo, <<-RUBY + class FooController < ActionController::Base + protect_from_forgery with: :null_session + + def write_session + session[:foo] = 1 + render nothing: true + end + + def read_session + render text: session[:foo].inspect + end + end + RUBY + + add_to_config <<-RUBY + config.action_controller.allow_forgery_protection = true + RUBY + + require "#{app_path}/config/environment" + + get '/foo/write_session' + get '/foo/read_session' + assert_equal '1', last_response.body + + post '/foo/read_session' # Read session using POST request without CSRF token + assert_equal 'nil', last_response.body # Stored value shouldn't be accessible + + post '/foo/write_session' # Write session using POST request without CSRF token + get '/foo/read_session' # Session shouldn't be changed + assert_equal '1', last_response.body + end + + test "cookie jar is empty and isn't saved on unverified request when using :null_session protect method" do + app_file 'config/routes.rb', <<-RUBY + AppTemplate::Application.routes.draw do + get ':controller(/:action)' + post ':controller(/:action)' + end + RUBY + + controller :foo, <<-RUBY + class FooController < ActionController::Base + protect_from_forgery with: :null_session + + def write_cookie + cookies[:foo] = '1' + render nothing: true + end + + def read_cookie + render text: cookies[:foo].inspect + end + end + RUBY + + add_to_config <<-RUBY + config.action_controller.allow_forgery_protection = true + RUBY + + require "#{app_path}/config/environment" + + get '/foo/write_cookie' + get '/foo/read_cookie' + assert_equal '"1"', last_response.body + + post '/foo/read_cookie' # Read cookie using POST request without CSRF token + assert_equal 'nil', last_response.body # Stored value shouldn't be accessible + + post '/foo/write_cookie' # Write cookie using POST request without CSRF token + get '/foo/read_cookie' # Cookie shouldn't be changed + assert_equal '"1"', last_response.body + end end end diff --git a/railties/test/application/queue_test.rb b/railties/test/application/queue_test.rb index f4c11c5f4f..e67c6cc371 100644 --- a/railties/test/application/queue_test.rb +++ b/railties/test/application/queue_test.rb @@ -19,14 +19,14 @@ module ApplicationTests test "the queue is a TestQueue in test mode" do app("test") - assert_kind_of Rails::Queueing::TestQueue, Rails.application.queue[:default] - assert_kind_of Rails::Queueing::TestQueue, Rails.queue[:default] + assert_kind_of ActiveSupport::TestQueue, Rails.application.queue[:default] + assert_kind_of ActiveSupport::TestQueue, Rails.queue[:default] end test "the queue is a SynchronousQueue in development mode" do app("development") - assert_kind_of Rails::Queueing::SynchronousQueue, Rails.application.queue[:default] - assert_kind_of Rails::Queueing::SynchronousQueue, Rails.queue[:default] + assert_kind_of ActiveSupport::SynchronousQueue, Rails.application.queue[:default] + assert_kind_of ActiveSupport::SynchronousQueue, Rails.queue[:default] end class ThreadTrackingJob @@ -58,7 +58,7 @@ module ApplicationTests refute job.ran_in_different_thread?, "Expected job to run in the same thread" end - test "in test mode, explicitly draining the queue will process it in a separate thread" do + test "in test mode, explicitly draining the queue will process it in the same thread" do app("test") Rails.queue.push ThreadTrackingJob.new @@ -66,7 +66,7 @@ module ApplicationTests Rails.queue.drain assert job.ran?, "Expected job to be run" - assert job.ran_in_different_thread?, "Expected job to run in a different thread" + refute job.ran_in_different_thread?, "Expected job to run in the same thread" end class IdentifiableJob @@ -160,12 +160,12 @@ module ApplicationTests test "a custom consumer implementation can be provided" do add_to_env_config "production", <<-RUBY require "my_queue_consumer" - config.queue = Rails::Queueing::Queue + config.queue = ActiveSupport::Queue config.queue_consumer = MyQueueConsumer RUBY app_file "lib/my_queue_consumer.rb", <<-RUBY - class MyQueueConsumer < Rails::Queueing::ThreadedConsumer + class MyQueueConsumer < ActiveSupport::ThreadedQueueConsumer attr_reader :started def start diff --git a/railties/test/application/rake/dbs_test.rb b/railties/test/application/rake/dbs_test.rb index 52c07cee9f..03798d572a 100644 --- a/railties/test/application/rake/dbs_test.rb +++ b/railties/test/application/rake/dbs_test.rb @@ -100,8 +100,8 @@ module ApplicationTests `rails generate model book title:string` `bundle exec rake db:migrate` `bundle exec rake db:fixtures:load` - assert_match /#{expected[:database]}/, - ActiveRecord::Base.connection_config[:database] + assert_match(/#{expected[:database]}/, + ActiveRecord::Base.connection_config[:database]) require "#{app_path}/app/models/book" assert_equal 2, Book.count end @@ -129,8 +129,8 @@ module ApplicationTests assert_match(/CREATE TABLE \"books\"/, structure_dump) `bundle exec rake db:drop` `bundle exec rake db:structure:load` - assert_match /#{expected[:database]}/, - ActiveRecord::Base.connection_config[:database] + assert_match(/#{expected[:database]}/, + ActiveRecord::Base.connection_config[:database]) require "#{app_path}/app/models/book" #if structure is not loaded correctly, exception would be raised assert Book.count, 0 @@ -161,8 +161,8 @@ module ApplicationTests require "#{app_path}/app/models/book" #if structure is not loaded correctly, exception would be raised assert Book.count, 0 - assert_match /#{ActiveRecord::Base.configurations['test']['database']}/, - ActiveRecord::Base.connection_config[:database] + assert_match(/#{ActiveRecord::Base.configurations['test']['database']}/, + ActiveRecord::Base.connection_config[:database]) end end diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 3ceb8c22a0..e7b6a20b32 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -212,7 +212,6 @@ class AppGeneratorTest < Rails::Generators::TestCase run_generator [destination_root, "--skip-active-record"] assert_no_file "config/database.yml" assert_file "config/application.rb", /#\s+require\s+["']active_record\/railtie["']/ - assert_file "config/application.rb", /#\s+config\.active_record\.whitelist_attributes = true/ assert_file "test/test_helper.rb" do |helper_content| assert_no_match(/fixtures :all/, helper_content) end @@ -343,15 +342,6 @@ class AppGeneratorTest < Rails::Generators::TestCase end end - def test_generated_environments_file_for_sanitizer - run_generator [destination_root, "--skip-active-record"] - %w(development test).each do |env| - assert_file "config/environments/#{env}.rb" do |file| - assert_no_match(/config.active_record.mass_assignment_sanitizer = :strict/, file) - end - end - end - def test_generated_environments_file_for_auto_explain run_generator [destination_root, "--skip-active-record"] %w(development production).each do |env| @@ -361,11 +351,6 @@ class AppGeneratorTest < Rails::Generators::TestCase end end - def test_active_record_whitelist_attributes_is_present_application_config - run_generator - assert_file "config/application.rb", /config\.active_record\.whitelist_attributes = true/ - end - def test_pretend_option output = run_generator [File.join(destination_root, "myapp"), "--pretend"] assert_no_match(/run bundle install/, output) diff --git a/railties/test/generators/model_generator_test.rb b/railties/test/generators/model_generator_test.rb index ec33bd7c6b..436de26826 100644 --- a/railties/test/generators/model_generator_test.rb +++ b/railties/test/generators/model_generator_test.rb @@ -328,14 +328,4 @@ class ModelGeneratorTest < Rails::Generators::TestCase end end end - - def test_attr_accessible_added_with_non_reference_attributes - run_generator - assert_file 'app/models/account.rb', /attr_accessible :age, :name/ - end - - def test_attr_accessible_added_with_comments_when_no_attributes_present - run_generator ["Account"] - assert_file 'app/models/account.rb', /# attr_accessible :title, :body/ - end end diff --git a/railties/test/generators/scaffold_controller_generator_test.rb b/railties/test/generators/scaffold_controller_generator_test.rb index 1eea50b0d9..1e16f04d85 100644 --- a/railties/test/generators/scaffold_controller_generator_test.rb +++ b/railties/test/generators/scaffold_controller_generator_test.rb @@ -33,14 +33,14 @@ class ScaffoldControllerGeneratorTest < Rails::Generators::TestCase end assert_instance_method :create, content do |m| - assert_match(/@user = User\.new\(params\[:user\]\)/, m) + assert_match(/@user = User\.new\(user_params\)/, m) assert_match(/@user\.save/, m) assert_match(/@user\.errors/, m) end assert_instance_method :update, content do |m| assert_match(/@user = User\.find\(params\[:id\]\)/, m) - assert_match(/@user\.update_attributes\(params\[:user\]\)/, m) + assert_match(/@user\.update_attributes\(user_params\)/, m) assert_match(/@user\.errors/, m) end @@ -48,6 +48,9 @@ class ScaffoldControllerGeneratorTest < Rails::Generators::TestCase assert_match(/@user = User\.find\(params\[:id\]\)/, m) assert_match(/@user\.destroy/, m) end + + assert_match(/def user_params/, content) + assert_match(/params\.require\(:user\)\.permit\(:age, :name\)/, content) end end diff --git a/railties/test/generators/scaffold_generator_test.rb b/railties/test/generators/scaffold_generator_test.rb index 9b456c64ef..40c5188042 100644 --- a/railties/test/generators/scaffold_generator_test.rb +++ b/railties/test/generators/scaffold_generator_test.rb @@ -43,14 +43,14 @@ class ScaffoldGeneratorTest < Rails::Generators::TestCase end assert_instance_method :create, content do |m| - assert_match(/@product_line = ProductLine\.new\(params\[:product_line\]\)/, m) + assert_match(/@product_line = ProductLine\.new\(product_line_params\)/, m) assert_match(/@product_line\.save/, m) assert_match(/@product_line\.errors/, m) end assert_instance_method :update, content do |m| assert_match(/@product_line = ProductLine\.find\(params\[:id\]\)/, m) - assert_match(/@product_line\.update_attributes\(params\[:product_line\]\)/, m) + assert_match(/@product_line\.update_attributes\(product_line_params\)/, m) assert_match(/@product_line\.errors/, m) end @@ -166,14 +166,14 @@ class ScaffoldGeneratorTest < Rails::Generators::TestCase end assert_instance_method :create, content do |m| - assert_match(/@admin_role = Admin::Role\.new\(params\[:admin_role\]\)/, m) + assert_match(/@admin_role = Admin::Role\.new\(admin_role_params\)/, m) assert_match(/@admin_role\.save/, m) assert_match(/@admin_role\.errors/, m) end assert_instance_method :update, content do |m| assert_match(/@admin_role = Admin::Role\.find\(params\[:id\]\)/, m) - assert_match(/@admin_role\.update_attributes\(params\[:admin_role\]\)/, m) + assert_match(/@admin_role\.update_attributes\(admin_role_params\)/, m) assert_match(/@admin_role\.errors/, m) end diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index 07a7faa3af..0f36eb67e5 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -253,9 +253,6 @@ module TestHelpers def use_frameworks(arr) to_remove = [:actionmailer, :activerecord] - arr - if to_remove.include? :activerecord - remove_from_config "config.active_record.whitelist_attributes = true" - end $:.reject! {|path| path =~ %r'/(#{to_remove.join('|')})/' } end diff --git a/railties/test/queueing/container_test.rb b/railties/test/queueing/container_test.rb deleted file mode 100644 index 69e59a3871..0000000000 --- a/railties/test/queueing/container_test.rb +++ /dev/null @@ -1,30 +0,0 @@ -require 'abstract_unit' -require 'rails/queueing' - -module Rails - module Queueing - class ContainerTest < ActiveSupport::TestCase - def test_delegates_to_default - q = Queue.new - container = Container.new q - job = Object.new - - container.push job - assert_equal job, q.pop - end - - def test_access_default - q = Queue.new - container = Container.new q - assert_equal q, container[:default] - end - - def test_assign_queue - container = Container.new Object.new - q = Object.new - container[:foo] = q - assert_equal q, container[:foo] - end - end - end -end diff --git a/railties/test/queueing/test_queue_test.rb b/railties/test/queueing/test_queue_test.rb deleted file mode 100644 index 2f0f507adb..0000000000 --- a/railties/test/queueing/test_queue_test.rb +++ /dev/null @@ -1,102 +0,0 @@ -require 'abstract_unit' -require 'rails/queueing' - -class TestQueueTest < ActiveSupport::TestCase - def setup - @queue = Rails::Queueing::TestQueue.new - end - - class ExceptionRaisingJob - def run - raise - end - end - - def test_drain_raises - @queue.push ExceptionRaisingJob.new - assert_raises(RuntimeError) { @queue.drain } - end - - def test_jobs - @queue.push 1 - @queue.push 2 - assert_equal [1,2], @queue.jobs - end - - class EquivalentJob - def initialize - @initial_id = self.object_id - end - - def run - end - - def ==(other) - other.same_initial_id?(@initial_id) - end - - def same_initial_id?(other_id) - other_id == @initial_id - end - end - - def test_contents - assert @queue.empty? - job = EquivalentJob.new - @queue.push job - refute @queue.empty? - assert_equal job, @queue.pop - end - - class ProcessingJob - def self.clear_processed - @processed = [] - end - - def self.processed - @processed - end - - def initialize(object) - @object = object - end - - def run - self.class.processed << @object - end - end - - def test_order - ProcessingJob.clear_processed - job1 = ProcessingJob.new(1) - job2 = ProcessingJob.new(2) - - @queue.push job1 - @queue.push job2 - @queue.drain - - assert_equal [1,2], ProcessingJob.processed - end - - class ThreadTrackingJob - attr_reader :thread_id - - def run - @thread_id = Thread.current.object_id - end - - def ran? - @thread_id - end - end - - def test_drain - @queue.push ThreadTrackingJob.new - job = @queue.jobs.last - @queue.drain - - assert @queue.empty? - assert job.ran?, "The job runs synchronously when the queue is drained" - assert_not_equal job.thread_id, Thread.current.object_id - end -end diff --git a/railties/test/queueing/threaded_consumer_test.rb b/railties/test/queueing/threaded_consumer_test.rb deleted file mode 100644 index c34a966d6e..0000000000 --- a/railties/test/queueing/threaded_consumer_test.rb +++ /dev/null @@ -1,100 +0,0 @@ -require 'abstract_unit' -require 'rails/queueing' - -class TestThreadConsumer < ActiveSupport::TestCase - class Job - attr_reader :id - def initialize(id, &block) - @id = id - @block = block - end - - def run - @block.call if @block - end - end - - def setup - @queue = Rails::Queueing::Queue.new - @consumer = Rails::Queueing::ThreadedConsumer.start(@queue) - end - - def teardown - @queue.push nil - end - - test "the jobs are executed" do - ran = false - - job = Job.new(1) do - ran = true - end - - @queue.push job - sleep 0.1 - assert_equal true, ran - end - - test "the jobs are not executed synchronously" do - ran = false - - job = Job.new(1) do - sleep 0.1 - ran = true - end - - @queue.push job - assert_equal false, ran - end - - test "shutting down the queue synchronously drains the jobs" do - ran = false - - job = Job.new(1) do - sleep 0.1 - ran = true - end - - @queue.push job - assert_equal false, ran - - @consumer.shutdown - - assert_equal true, ran - end - - test "log job that raises an exception" do - require "active_support/log_subscriber/test_helper" - logger = ActiveSupport::LogSubscriber::TestHelper::MockLogger.new - Rails.logger = logger - - job = Job.new(1) do - raise "RuntimeError: Error!" - end - - @queue.push job - sleep 0.1 - - assert_equal 1, logger.logged(:error).size - assert_match(/Job Error: RuntimeError: Error!/, logger.logged(:error).last) - end - - test "test overriding exception handling" do - @consumer.shutdown - @consumer = Class.new(Rails::Queueing::ThreadedConsumer) do - attr_reader :last_error - def handle_exception(e) - @last_error = e.message - end - end.start(@queue) - - job = Job.new(1) do - raise "RuntimeError: Error!" - end - - @queue.push job - sleep 0.1 - - assert_equal "RuntimeError: Error!", @consumer.last_error - end -end |