Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed session ID fixation for ActiveRecord::SessionStore | Joseph Wong | 2011-07-12 | 1 | -0/+31 |
| | | | | | | | | | | | | | | | | | I have found that Rails will take an invalid session ID specified by the client and materialize a session based on that session ID. This means that it is possible, among other things, for a client to use an arbitrarily weak session ID or for a client to resurrect a previous used session ID. In other words, we cannot guarantee that all session IDs are generated by the server and that they are (statistically) unique through time. The fix is to always generate a new session ID in #get_session if an existing session cannot be found under the incoming session ID. Also added new tests that make sure that an invalid session ID is never materialized into a new session, regardless of whether it comes in via a cookie or a URL parameter (when :cookie_only => false). | ||||
* | provide a more explicit message when using url_for with nil | Damien Mathieu | 2011-07-02 | 1 | -0/+8 |
| | | | This fixes the problem of having a non-explicit message when the :location option is not provided in respond_with. | ||||
* | Take into account time spent in AR even if a redirect occurs or if it is ↵ | Frederick Cheung | 2011-05-23 | 1 | -0/+26 |
| | | | | after the render | ||||
* | Reset ActiveRecord::LogSubscriber runtime at the start of each request | Tom Ward | 2011-05-14 | 1 | -0/+13 |
| | | | | Previously the runtime was reset implicitly when #cleanup_view_runtime was called at the end of most requests. However, this doesn't happen when the request redirects, or send_file is called. Consequently, the ActiveRecord runtime recorded in the logs included the time taken for both the current request and the previous redirect. Explicitly resetting at the start of each request ensures that this can't happen, no matter what occurs previously. | ||||
* | Escape regex in controller_runtime_test to actually check that the ↵ | Tom Ward | 2011-05-14 | 1 | -1/+1 |
| | | | | ActiveRecord message appears | ||||
* | minor cleaning | Vishnu Atrai | 2011-05-10 | 1 | -1/+1 |
| | |||||
* | Replace rudimentary named_scope with scope. [#6052 state:resolved] | Pavel Gorbokon | 2010-12-15 | 1 | -3/+3 |
| | | | | | | | * rename method names (actually in tests) * rename instance variable @_named_scopes_cache to @_scopes_cache * rename references in doc comments * don't touch CHANGELOG :) | ||||
* | Ensure calling reset session twice does not raise errors. | José Valim | 2010-11-20 | 1 | -0/+12 |
| | |||||
* | Allow AR Session Store to be renewed | José Valim | 2010-11-11 | 1 | -0/+20 |
| | |||||
* | in regexps, the dot in a character class is not a metacharacter | Xavier Noria | 2010-10-15 | 1 | -1/+1 |
| | |||||
* | Remove duplicated class test. copy/paste fail? | Emilio Tagua | 2010-09-28 | 1 | -32/+0 |
| | |||||
* | Use parentheses when using assert_match followed by a regexp to avoid warnings. | Emilio Tagua | 2010-09-27 | 1 | -2/+2 |
| | |||||
* | Remove deprecated stuff in ActionController | Carlos Antonio da Silva | 2010-09-26 | 1 | -1/+1 |
| | | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController. | ||||
* | Removed deprecated RouteSet API, still many tests fail | Piotr Sarnacki | 2010-09-05 | 2 | -10/+10 |
| | |||||
* | Use new ActiveModel::Naming.route_key in polymorphic_routes | Piotr Sarnacki | 2010-09-03 | 1 | -1/+1 |
| | |||||
* | Add possibility to explicitly call engine's routes through ↵ | Piotr Sarnacki | 2010-09-03 | 1 | -0/+8 |
| | | | | polymorphic_routes, for example: polymorphic_url([blog, @post]) | ||||
* | Added more tests for polymorphic_url with namespaced models and implemented ↵ | Piotr Sarnacki | 2010-09-03 | 1 | -0/+56 |
| | | | | missing use cases | ||||
* | Deprecate the old router DSL. Since it is still used intensively across ↵ | José Valim | 2010-06-28 | 1 | -15/+15 |
| | | | | ActionPack test suite, patches that translates Rails internal tests to the new router DSL are welcome (note though that a few tests shouldn't be translated since they are testing exactly the old mapper API, like the ones in actionpack/test/controller/resource_test.rb and actionpack/test/controller/routing_test.rb) | ||||
* | Make sure that Rails doesn't resent session_id cookie over and over again if ↵ | Prem Sichanugrist | 2010-06-25 | 1 | -0/+12 |
| | | | | | | | | it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Move Rails::LogSubscriber to ActiveSupport::LogSubscriber, allowing ↵ | José Valim | 2010-06-24 | 1 | -5/+5 |
| | | | | frameworks like ActiveRecord and ActiveResource to log outsude Rails::Application [#4816 state:resolved] | ||||
* | Sessions should not be created until written to and session data should be ↵ | Michael Lovitt | 2010-06-23 | 1 | -2/+33 |
| | | | | | | | | destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Make polymorphic_url and scaffolding work with uncountable resources [#3930 ↵ | Andrew White | 2010-06-20 | 1 | -0/+1 |
| | | | | | | state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Cut the fat and make session stores rely on request.cookie_jar and change ↵ | José Valim | 2010-05-18 | 1 | -1/+7 |
| | | | | set_session semantics to return the cookie value instead of a boolean. | ||||
* | Consistent routing language | Joshua Peek | 2010-03-30 | 1 | -82/+82 |
| | |||||
* | Fix failing Action Pack tests | Carlhuda | 2010-03-02 | 1 | -1/+1 |
| | |||||
* | Stop setting UrlFor using SharedTestHelpers | Carlhuda | 2010-02-26 | 1 | -1/+1 |
| | |||||
* | Rename named_url_helpers to url_helpers and url_helpers to url_for | Carlhuda | 2010-02-26 | 1 | -3/+3 |
| | |||||
* | Fix all of AP's tests with the non global router | Carlhuda | 2010-02-25 | 1 | -3/+3 |
| | |||||
* | Revert "Fix test load paths for those not using bundler" | Carlhuda | 2010-02-23 | 1 | -5/+2 |
| | | | | | | This reverts commit eec2d301d4ce9df9c71c1a5aa63053eb970b6818. This commit broke tests. You cannot have a file called "bundler" on the load path. | ||||
* | Use ActionDispatch::Routing everywhere | Martin Schürrer | 2010-02-21 | 1 | -3/+3 |
| | |||||
* | Merge master. | José Valim | 2010-02-17 | 1 | -2/+5 |
|\ | |||||
| * | Fix test load paths for those not using bundler | Joshua Peek | 2010-02-15 | 1 | -3/+6 |
| | | |||||
* | | Rename Rails::Subscriber to Rails::LogSubscriber | Prem Sichanugrist | 2010-02-16 | 1 | -8/+8 |
|/ | |||||
* | Default to sync instrumentation. | José Valim | 2010-01-21 | 1 | -15/+4 |
| | |||||
* | Move parameters to the top on logging. | José Valim | 2010-01-19 | 1 | -2/+2 |
| | |||||
* | Add ActionDispatch::Railties::Subscriber and finish tidying up the logging. | José Valim | 2010-01-17 | 1 | -2/+2 |
| | |||||
* | Tidy up ActiveRecord and Views runtime information on process action logger. | José Valim | 2010-01-14 | 1 | -2/+2 |
| | |||||
* | ControllerRuntime tests also use Rails::Subscriber::TestHelper. | José Valim | 2010-01-13 | 1 | -17/+32 |
| | |||||
* | From now on, parameters defined in default_url_options can be absent from ↵ | José Valim | 2010-01-07 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | named routes. This allows the following setup to work: # app/controllers/application_controller.rb class ApplicationController def default_url_options(options=nil) { :locale => I18n.locale } end end # From your views and controllers: I18n.locale #=> :en users_url #=> "/en/users" users_url(:pl) #=> "/pl/users" user_url(1) #=> "/en/users/1" user_url(:pl, 1) #=> "/pl/users/1" user_url(1, :locale => :pl) #=> "/pl/users/1" If you provide all expected parameters, it still works as previously. But if any parameter is missing, it tries to assign all possible ones with the hash returned in default_url_options or the one passed straight to the named route method. Beware that default_url_options in ApplicationController is not shared with ActionMailer, so you are required to always give the locale in your email views. | ||||
* | Ensure no notification is on the queue before running notifications related ↵ | José Valim | 2010-01-03 | 1 | -0/+2 |
| | | | | tests. | ||||
* | Use namespaces in notifications. | José Valim | 2010-01-03 | 1 | -4/+1 |
| | |||||
* | Fix controller runtime test | Jeremy Kemper | 2009-12-30 | 1 | -2/+2 |
| | |||||
* | Kick AR logging back to life and move ControllerRuntime inside ↵ | José Valim | 2009-12-30 | 1 | -0/+39 |
| | | | | ActiveRecord::Rails. | ||||
* | Use new routing dsl in tests | Joshua Peek | 2009-12-08 | 1 | -1/+1 |
| | |||||
* | Make polymorphic_url work with symbols again and refactor it [#1384 ↵ | José Valim | 2009-10-28 | 1 | -8/+6 |
| | | | | | | status:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com> | ||||
* | Add custom "with_routing" to internal tests to fix reseting session after using | Joshua Peek | 2009-10-03 | 1 | -1/+0 |
| | | | | with_routing. This only affects our internal AP tests. | ||||
* | Allow integration test rack app to be set with "@app" ivar instead of using ↵ | Joshua Peek | 2009-09-26 | 1 | -8/+5 |
| | | | | open_session | ||||
* | Clean up session integration tests so they don't reference AC::Dispatcher | Joshua Peek | 2009-09-26 | 1 | -21/+6 |
| | |||||
* | Need to reset session for AR session tests after altering the route set | Joshua Peek | 2009-09-06 | 1 | -0/+1 |
| | |||||
* | Reset session in integration tests after changing routes to reload the ↵ | Joshua Peek | 2009-08-27 | 1 | -11/+14 |
| | | | | middleware stack |