aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
Diffstat (limited to 'railties')
-rw-r--r--railties/lib/rails/configuration.rb5
-rw-r--r--railties/lib/rails/engine/configuration.rb3
-rw-r--r--railties/lib/rails/log_subscriber.rb1
-rw-r--r--railties/lib/rails/rack/logger.rb2
-rw-r--r--railties/test/application/metal_test.rb4
-rw-r--r--railties/test/application/middleware_stack_defaults_test.rb53
-rw-r--r--railties/test/application/middleware_test.rb1
-rw-r--r--railties/test/railties/shared_tests.rb2
8 files changed, 65 insertions, 6 deletions
diff --git a/railties/lib/rails/configuration.rb b/railties/lib/rails/configuration.rb
index a1e901f04f..a78e115fe1 100644
--- a/railties/lib/rails/configuration.rb
+++ b/railties/lib/rails/configuration.rb
@@ -84,11 +84,12 @@ module Rails
middleware.use('::Rack::Runtime')
middleware.use('::Rails::Rack::Logger')
middleware.use('::ActionDispatch::ShowExceptions', lambda { consider_all_requests_local })
+ middleware.use("::ActionDispatch::RemoteIp", lambda { action_dispatch.ip_spoofing_check }, lambda { action_dispatch.trusted_proxies })
middleware.use('::Rack::Sendfile', lambda { action_dispatch.x_sendfile_header })
middleware.use('::ActionDispatch::Callbacks', lambda { !cache_classes })
middleware.use('::ActionDispatch::Cookies')
- middleware.use(lambda { ActionController::Base.session_store }, lambda { ActionController::Base.session_options })
- middleware.use('::ActionDispatch::Flash', :if => lambda { ActionController::Base.session_store })
+ middleware.use(lambda { ActionController::SessionManagement.session_store_for(action_controller.session_store) }, lambda { action_controller.session })
+ middleware.use('::ActionDispatch::Flash', :if => lambda { action_controller.session_store })
middleware.use(lambda { metal_loader.build_middleware(metals) }, :if => lambda { metal_loader.metals.any? })
middleware.use('ActionDispatch::ParamsParser')
middleware.use('::Rack::MethodOverride')
diff --git a/railties/lib/rails/engine/configuration.rb b/railties/lib/rails/engine/configuration.rb
index 93b882f874..5d3e768cfd 100644
--- a/railties/lib/rails/engine/configuration.rb
+++ b/railties/lib/rails/engine/configuration.rb
@@ -26,6 +26,9 @@ module Rails
paths.config.initializers "config/initializers", :glob => "**/*.rb"
paths.config.locales "config/locales", :glob => "*.{rb,yml}"
paths.config.routes "config/routes.rb"
+ paths.public "public"
+ paths.public.javascripts "public/javascripts"
+ paths.public.stylesheets "public/stylesheets"
paths
end
end
diff --git a/railties/lib/rails/log_subscriber.rb b/railties/lib/rails/log_subscriber.rb
index 0fbc19d89c..42697d2e32 100644
--- a/railties/lib/rails/log_subscriber.rb
+++ b/railties/lib/rails/log_subscriber.rb
@@ -87,6 +87,7 @@ module Rails
%w(info debug warn error fatal unknown).each do |level|
class_eval <<-METHOD, __FILE__, __LINE__ + 1
def #{level}(*args, &block)
+ return unless logger
logger.#{level}(*args, &block)
end
METHOD
diff --git a/railties/lib/rails/rack/logger.rb b/railties/lib/rails/rack/logger.rb
index 2efe224e94..dd8b342f59 100644
--- a/railties/lib/rails/rack/logger.rb
+++ b/railties/lib/rails/rack/logger.rb
@@ -19,7 +19,7 @@ module Rails
def before_dispatch(env)
request = ActionDispatch::Request.new(env)
- path = request.request_uri.inspect rescue "unknown"
+ path = request.fullpath.inspect rescue "unknown"
info "\n\nStarted #{request.method.to_s.upcase} #{path} " <<
"for #{request.remote_ip} at #{Time.now.to_s(:db)}"
diff --git a/railties/test/application/metal_test.rb b/railties/test/application/metal_test.rb
index 225bede117..1ec62282c8 100644
--- a/railties/test/application/metal_test.rb
+++ b/railties/test/application/metal_test.rb
@@ -28,7 +28,7 @@ module ApplicationTests
end
RUBY
- get "/"
+ get "/not/slash"
assert_equal 200, last_response.status
assert_equal "FooMetal", last_response.body
end
@@ -50,7 +50,7 @@ module ApplicationTests
end
RUBY
- get "/"
+ get "/not/slash"
assert_equal 200, last_response.status
assert_equal "Metal B", last_response.body
end
diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb
new file mode 100644
index 0000000000..94151a90da
--- /dev/null
+++ b/railties/test/application/middleware_stack_defaults_test.rb
@@ -0,0 +1,53 @@
+require 'isolation/abstract_unit'
+
+class MiddlewareStackDefaultsTest < Test::Unit::TestCase
+ include ActiveSupport::Testing::Isolation
+
+ def setup
+ boot_rails
+ require "rails"
+ require "action_controller/railtie"
+
+ Object.const_set(:MyApplication, Class.new(Rails::Application))
+ MyApplication.class_eval do
+ config.action_controller.session = { :key => "_myapp_session", :secret => "OMG A SEKRET" * 10 }
+ end
+ end
+
+ def remote_ip(env = {})
+ remote_ip = nil
+ env = Rack::MockRequest.env_for("/").merge(env).merge('action_dispatch.show_exceptions' => false)
+
+ endpoint = Proc.new do |e|
+ remote_ip = ActionDispatch::Request.new(e).remote_ip
+ [200, {}, ["Hello"]]
+ end
+
+ out = MyApplication.middleware.build(endpoint).call(env)
+ remote_ip
+ end
+
+ test "remote_ip works" do
+ assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1")
+ end
+
+ test "checks IP spoofing by default" do
+ assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+ remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+ end
+ end
+
+ test "can disable IP spoofing check" do
+ MyApplication.config.action_dispatch.ip_spoofing_check = false
+
+ assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+ assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+ end
+ end
+
+ test "the user can set trusted proxies" do
+ MyApplication.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/
+
+ assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "4.2.42.42,1.1.1.1")
+ end
+end
diff --git a/railties/test/application/middleware_test.rb b/railties/test/application/middleware_test.rb
index 5e869bff1e..9a359d20b1 100644
--- a/railties/test/application/middleware_test.rb
+++ b/railties/test/application/middleware_test.rb
@@ -19,6 +19,7 @@ module ApplicationTests
"Rack::Runtime",
"Rails::Rack::Logger",
"ActionDispatch::ShowExceptions",
+ "ActionDispatch::RemoteIp",
"Rack::Sendfile",
"ActionDispatch::Callbacks",
"ActionDispatch::Cookies",
diff --git a/railties/test/railties/shared_tests.rb b/railties/test/railties/shared_tests.rb
index 151abe21f8..0ebc8a2d3f 100644
--- a/railties/test/railties/shared_tests.rb
+++ b/railties/test/railties/shared_tests.rb
@@ -254,7 +254,7 @@ YAML
require 'rack/test'
extend Rack::Test::Methods
- get "/"
+ get "/not/slash"
assert_equal 200, last_response.status
assert_equal "FooMetal", last_response.body
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-19 23:17:04 +0000