aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | Render default template if block doesn't renderJustin Coyne2016-02-251-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a `respond_to` collector doesn't have a response, then a `:no_content` response should be rendered. This brings the default rendering behavior introduced by https://github.com/rails/rails/issues/19036 to controller methods employing `respond_to`
* | | | Add `ActionController::Parameters#dig`Sean Griffin2016-03-091-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | This method will only be added when used with Ruby 2.3.0 or greater. This method has the same behavior as `Hash#dig`, except it will convert hashes to `ActionController::Parameters`, similar to `#[]` and `#fetch`.
* | | | Pass headers through to payload for logging.Gareth du Plooy2016-03-081-0/+6
| | | | | | | | | | | | | | | | Make request headers available in the event payload so that it is available to attached ActionController::LogSubscribers.
* | | | Remove http_cache_forever's version parameterJean Boussier2016-03-051-9/+1
| |_|/ |/| |
* | | Deprecate :controller and :action path parametersAndrew White2016-03-0119-114/+292
|/ / | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | Lock down new `ImplicitRender` behavior for 5.0 RCGodfrey Chan2016-02-252-35/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Conceptually revert #20276 The feature was implemented for the `responders` gem. In the end, they did not need that feature, and have found a better fix (see plataformatec/responders#131). `ImplicitRender` is the place where Rails specifies our default policies for the case where the user did not explicitly tell us what to render, essentially describing a set of heuristics. If the gem (or the user) knows exactly what they want, they could just perform the correct `render` to avoid falling through to here, as `responders` did (the user called `respond_with`). Reverting the patch allows us to avoid exploding the complexity and defining “the fallback for a fallback” policies. 2. `respond_to` and templates are considered exhaustive enumerations If the user specified a list of formats/variants in a `respond_to` block, anything that is not explicitly included should result in an `UnknownFormat` error (which is then caught upstream to mean “406 Not Acceptable” by default). This is already how it works before this commit. Same goes for templates – if the user defined a set of templates (usually in the file system), that set is now considered exhaustive, which means that “missing” templates are considered `UnknownFormat` errors (406). 3. To keep API endpoints simple, the implicit render behavior for actions with no templates defined at all (regardless of formats, locales, variants, etc) are defaulted to “204 No Content”. This is a strictly narrower version of the feature landed in #19036 and #19377. 4. To avoid confusion when interacting in the browser, these actions will raise an `UnknownFormat` error for “interactive” requests instead. (The precise definition of “interactive” requests might change – the spirit here is to give helpful messages and avoid confusions.) Closes #20666, #23062, #23077, #23564 [Godfrey Chan, Jon Moss, Kasper Timm Hansen, Mike Clark, Matthew Draper]
* | Show permitted flag in the output of AC::Parameters#inspectPrathamesh Sonpatki2016-02-241-3/+13
| | | | | | | | - Fixes #23822.
* | Fix `request.ssl?` bug with Action CableJon Moss2016-02-231-0/+9
| | | | | | | | | | This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620.
* | remove args from assert_nothing_raised in testsTara Scherner de la Fuente2016-02-221-1/+1
| |
* | Transform the mime object to symbol when registering the parsersRafael Mendonça França2016-02-221-1/+1
| | | | | | | | | | This will keep our current API working without having the users to change their codebases.
* | Use symbol of mime type instead of object to get correct parserMehmet Emin İNAÇ2016-02-221-2/+2
| | | | | | | | | | | | After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766
* | Make per form token work when method is not providedRafael Mendonça França2016-02-221-2/+16
| | | | | | | | | | | | When `button_to 'Botton', url` form was being used the per form token was not correct because the method that is was being used to generate it was an empty string.
* | Merge pull request #23752 from vipulnsward/23524-fix-button_to_deleteRafael Mendonça França2016-02-221-48/+60
|\ \ | | | | | | | | | Fixed passing of delete method on button_to tag, creating wrong form csrf token
| * | Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed ↵Vipul A M2016-02-221-70/+38
| | | | | | | | | | | | them up.
| * | Fixed passing of delete method on button_to tag, creating wrong form csrf tokenVipul A M2016-02-211-0/+44
| | | | | | | | | | | | Fixes #23524
* | | Merge pull request #23695 from kaspth/remove-automatic-collection-cachingKasper Timm Hansen2016-02-201-16/+5
|\ \ \ | |/ / |/| | Make collection caching explicit.
| * | Make collection caching explicit.Kasper Timm Hansen2016-02-201-16/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Having collection caching that wraps templates and automatically tries to infer if they are cachable proved to be too much of a hassle. We'd rather have it be something you explicitly turn on. This removes much of the code and docs to explain the previous automatic behavior. This change also removes scoped cache keys and passing cache_options.
* | | Deprecate AC::Parameters#== with a HashBenjamin Quorning2016-02-191-2/+4
| | |
* | | Fix AC::Parameters#== with other AC::ParametersBenjamin Quorning2016-02-191-0/+33
| | | | | | | | | | | | Creating a protected getter method for `@parameters`.
* | | Tests for AC::Parameters#==Benjamin Quorning2016-02-191-0/+6
| | |
* | | Fix master buildJon Moss2016-02-181-1/+1
|/ /
* | fields_for_style needs to test for AC::ParametersAaron Patterson2016-02-171-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | While iterating an AC::Parameters object, the object will mutate itself and stick AC::Parameters objects where there used to be hashes: https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632 If you use `permit` after this iteration, the `fields_for_style` method wouldn't return true because the child objects are now AC::Parameters objects rather than Hashes. fixes #23701
* | Implement ActionController::Parameters#inspectBenjamin Quorning2016-02-171-0/+9
|/ | | | Now that AC::Parameters is no longer a Hash, it shouldn't look like a hash.
* Merge pull request #23692 from abhishekjain16/docsYves Senn2016-02-161-1/+1
|\ | | | | Use a URL instead of an URL everywhere
| * Use a URL instead of an URL everywhereAbhishek Jain2016-02-151-1/+1
| |
* | Remove unused test controller actionAndrew White2016-02-161-5/+0
| |
* | Move test for #22828 into it's own testAndrew White2016-02-161-2/+10
| | | | | | | | | | | | The `cookies` hash isn't updated with the value generated by the output from `to_header` so it wasn't testing anything. Rendering the cookie value in the controller makes sure that the escaping is actually working.
* | Merge branch 'should-escape-cookie' of https://github.com/ma2gedev/rails ↵Andrew White2016-02-161-0/+7
|\ \ | | | | | | | | | into ma2gedev-should-escape-cookie
| * | Escape cookie's key and value in ActionController::TestCaseTakayuki Matsubara2015-12-301-0/+7
| | | | | | | | | | | | | | | Get an incorrect cookie value in controller action method if cookie value contains an escapable string.
* | | Remove `const_missing` which fallback to deprecated `NEVER_UNPERMITTED_PARAMS`Ryuta Kamizono2016-02-151-6/+0
| | | | | | | | | | | | `NEVER_UNPERMITTED_PARAMS` is deprecated in Rails 4.2. See #15933.
* | | Only write to collection cache if we have a callable cache key.Kasper Timm Hansen2016-02-121-15/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A callable cache key writes to the collection cache under a certain namespace. Which means if we don't have scoped cache key we can just rely on the `cache model_name do` in the templates to cache them. Less writes, more sharing. Add `assert_customer_cached` to better illustrate this in tests, and remove tests which then don't communicate as much.
* | | Check `partial_rendered_times` to clarify expectations.Kasper Timm Hansen2016-02-121-1/+4
| | | | | | | | | | | | | | | It was difficult to see when the partials were rendered, and how many times we expected it to be rendered before. Because we weren't explaining it.
* | | Test collection caching with callable cache key.Kasper Timm Hansen2016-02-121-0/+25
| |/ |/| | | | | | | | | | | When people pass `cache: -> item { item.upcase }` they scope the collection cache keys so the individual partial cache isn't reused. Test that behavior.
* | Make `parsed_body` extract parser from the content type.Kasper Timm Hansen2016-02-111-0/+10
| | | | | | | | | | | | | | We're not guaranteed to have a `RequestEncoder` to assign on `get` requests because we aren't extracting the parser from the response content type. Until now.
* | Add `parsed_body` to spare writing out parsing routines.Kasper Timm Hansen2016-02-101-11/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When testing: ```ruby post articles_path, params: { article: { title: 'Ahoy!' } }, as: :json ``` It's common to want to make assertions on the response body. Perhaps the server responded with JSON, so you write `JSON.parse(response.body)`. But that gets tedious real quick. Instead add `parsed_body` which will automatically parse the reponse body as what the last request was encoded `as`.
* | Merge pull request #21671 from kaspth/integration-request-encoding-helpersDavid Heinemeier Hansson2016-02-101-0/+43
|\ \ | | | | | | Add `as` to encode a request as a specific mime type.
| * | Add `as` to encode a request as a specific mime type.Kasper Timm Hansen2016-01-041-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Turns ``` post articles_path(format: :json), params: { article: { name: 'Ahoy!' } }.to_json, headers: { 'Content-Type' => 'application/json' } ``` into ``` post articles_path, params: { article: { name: 'Ahoy!' } }, as: :json ```
* | | disable controller / view thread spawning in testsAaron Patterson2016-02-051-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests can (and do) access the database from the main thread. In this case they were starting a transaction, then making a request. The request would create a new thread, which would allocate a new database connection. Since the main thread started a transaction that contains data that the new thread wants to see, the new thread would not see it due to data visibility from transactions. Spawning the new thread in production is fine because middleware should not be doing database manipulation similar to the test harness. Before 603fe20c it was possible to set the database connection id based on a thread local, but 603fe20c changes the connection lookup code to never look at the "connection id" but only at the thread object itself. Without that indirection, we can't force threads to use the same connection pool as another thread. Fixes #23483
* | | Merge pull request #23342 from y-yagi/remove_unused_variableRafael França2016-01-301-1/+1
|\ \ \ | | | | | | | | remove unused variable from render test
| * | | remove unused variable from render testyuuji.yaginuma2016-01-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This removes the following warning. ``` rails/actionpack/test/controller/render_test.rb:278: warning: assigned but unused variable - response ```
* | | | Handle response_body= when body is nileileencodes2016-01-301-0/+16
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | There are some cases when the `body` in `response_body=` can be set to nil. One of those cases is in `actionpack-action_caching` which I found while upgrading it for Rails 5. It's not possible to run `body.each` on a `nil` body so we have to return after we run `response.reset_body!`.
* | | Merge pull request #22800 from dgynn/pr_cache_helper_optionsRafael Mendonça França2016-01-291-0/+12
|\ \ \ | | | | | | | | | | | | Restore ability to pass extra options to cache stores
| * | | restore ability to pass extra options to cache storesDave Gynn2015-12-261-0/+12
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | The `cache` helper methods should pass any extra options to the cache store. For example :expires_in would be a valid option if memcache was the cache store. The change in commit da16745 broke the ability to pass any options other than :skip_digest and :virtual_path. This PR restores that functionality and adds a test for it.
* | | Run `file.close` before unlinking for traviseileencodes2016-01-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This works on OSX but for some reason travis is throwing a ``` 1) Error: ExpiresInRenderTest#test_dynamic_render_with_absolute_path: NoMethodError: undefined method `unlink' for nil:NilClass ``` Looking at other tests in Railties the file has a name and we close it before unlinking, so I'm going to try that.
* | | Regression test for rendering file from absolute patheileencodes2016-01-281-0/+11
| | | | | | | | | | | | | | | | | | Test that we are not allowing you to grab a file with an absolute path outside of your application directory. This is dangerous because it could be used to retrieve files from the server like `/etc/passwd`.
* | | doc typoAkira Matsuda2016-01-271-2/+2
| | | | | | | | | | | | [ci skip]
* | | add a skip for failing testAaron Patterson2016-01-261-1/+2
| | |
* | | fix permitted? conditional for `render` callsAaron Patterson2016-01-261-0/+11
| | |
* | | clear view path cache between testsAaron Patterson2016-01-261-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | The cache for `render file:` seems to also be used in the case of `render(string)`. If one is supposed to be a hit and the other is supposed to be a miss, and they both reference the same file, then the cache could return incorrect values. This commit clears the cache between runs so that we get non-cached behavior.
* | | Merge branch '5-0-beta-sec'Aaron Patterson2016-01-251-0/+31
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 01:20:28 +0000