aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
Commit message (Collapse)AuthorAgeFilesLines
* Add AC::Parameters#to_unsafe_hPrem Sichanugrist2014-12-121-0/+6
| | | | | | | | | As suggested in #16299([1]), this method should be a new public API for retrieving unfiltered parameters from `ActionController::Parameters` object, given that `Parameters#to_hash` will no longer work in Rails 5.0+ as we stop inheriting `Parameters` from `Hash`. [1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919
* Typo: Hello = Guten Tag (in German)Tu Hoang2014-12-051-2/+2
|
* Pass symbol as an argument instead of a blockErik Michaels-Ober2014-11-292-5/+5
|
* Merge pull request #17186 from tgxworld/header_authentication_tokenMatthew Draper2014-11-271-2/+21
|\ | | | | | | Allow authentication header to not have to specify 'token=' key.
| * Allow authentication header to not have to specify 'token=' key.Guo Xiang Tan2014-10-101-2/+21
| | | | | | | | Fixes: https://github.com/rails/rails/issues/17108.
* | Merge pull request #17733 from yuki24/do-not-rescue-exception-in-params-parserRafael Mendonça França2014-11-251-0/+10
|\ \ | | | | | | Do not rescue Exception in ActionDispatch::ParamsParser
| * | Do not rescue Exception in ParamsParserYuki Nishijima2014-11-231-0/+10
| | | | | | | | | | | | | | | Unlike ShowExceptions or PublicExceptions, ParamsParser shouldn't transform exceptions like Interrupt and NoMemoryError into ParserError.
* | | Merge branch 'nil_script_name'Santiago Pastorino2014-11-251-0/+7
|\ \ \
| * | | Add regression test case to ensure script_name as nil is not used anymore in ↵Santiago Pastorino2014-11-251-0/+7
|/ / / | | | | | | | | | url_for
* | | Deprecate `use_route` in controller testsGodfrey Chan2014-11-231-2/+2
| | | | | | | | | | | | Reference #17453
* | | Fix cases where the wrong name is passed to `Formatter#generate`Godfrey Chan2014-11-231-1/+1
|/ / | | | | | | | | These are currently working "by accident" because `match_route` does not check that the name is valid.
* | Test using `ActionController::TestCase` with enginesGodfrey Chan2014-11-231-0/+52
| | | | | | | | | | | | Reference #17453 [Godfrey Chan, Washington Luiz]
* | Anchor should not be appended when set to nil/false.Guo Xiang Tan2014-11-232-0/+17
| | | | | | | | Fixes https://github.com/rails/rails/issues/17714.
* | Make sure assert_select can assert body tagRafael Mendonça França2014-11-182-3/+24
| | | | | | | | | | | | | | | | | | This reverts commit f93df52845766216f0fe36a4586f8abad505cac4, reversing changes made to a455e3f4e9dbfb9630d47878e1239bc424fb7d13. Conflicts: actionpack/lib/action_controller/test_case.rb actionview/lib/action_view/test_case.rb
* | Make FlashHash#key? work with symbol and stringRafael Mendonça França2014-11-111-0/+9
| | | | | | | | Closes #17586
* | Remove useless `only_path: true` in path helpersGodfrey Chan2014-11-101-3/+2
| | | | | | | | | | | | We added a deprecation warning for these cases in aa1fadd, so these are now causing deprecation warnings in the test output. AFAICT, in these two cases, the option is not integral to the purpose of the test, so they can be safely removed
* | Pass the route name explicitlyGodfrey Chan2014-11-101-0/+12
| | | | | | | | | | | | Follow up to 212057b9. Since that commit, we need to pass the `route_name` explicitly. This is one of the left-over cases that was not handled in that commit, which was causing `use_route` to be ignored in functional tests.
* | Remove session to allow `with_routing` to be called twice.Guo Xiang Tan2014-11-051-0/+36
| | | | | | | | Fixes: https://github.com/rails/rails/issues/16814
* | Remove redundant `to_s` in interpolationclaudiob2014-10-301-2/+2
| |
* | give a better error message for misspelled helpersXavier Noria2014-10-251-0/+22
| | | | | | | | | | | | See comment in this patch for the rationale. References #16468
* | Add regression test for router was overwriting PATH_INFOArthur Neves2014-10-101-0/+8
|/ | | | [related #17233]
* Parse HTML as document fragment.Kasper Timm Hansen2014-09-291-3/+3
| | | | This is to match the changes in Rails Dom Testing rails/rails-dom-testing#20.
* Use Hash#each_key instead of Hash#keys.eachErik Michaels-Ober2014-09-292-7/+7
| | | | | | Hash#keys.each allocates an array of keys; Hash#each_key iterates through the keys without allocating a new array. This is the reason why Hash#each_key exists.
* Fix actionpack test cases broken by #16888Godfrey Chan2014-09-262-29/+9
|
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-5/+6
|\ | | | | CSRF token mask from breach-mitigation-rails gem
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks.
* | Fix failing test on several methods on ParameterPrem Sichanugrist2014-08-182-2/+11
| | | | | | | | | | | | | | * `each` * `each_pair` * `delete` * `select!`
* | Seperate Parameters accessors and mutators testsPrem Sichanugrist2014-08-183-57/+215
| |
* | Add missing `Hash` methods to `AC::Parameters`Prem Sichanugrist2014-08-181-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | This is to make sure that `permitted` status is maintained on the resulting object. I found these methods that needs to be redefined by looking for `self.class.new` in the code. * extract! * transform_keys * transform_values
* | Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-181-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* | Expectations firstAkira Matsuda2014-08-183-23/+23
| |
* | Merge branch 'master' into loofahRafael Mendonça França2014-08-175-740/+90
|\ \ | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * | `responders` 1.x won't do it. Told you to RTFM for details!Godfrey Chan2014-08-171-0/+2
| | |
| * | The gem is called 'responders'Godfrey Chan2014-08-171-2/+2
| | |
| * | Raise a more helpful error for people who are using these extracted featuresGodfrey Chan2014-08-171-0/+30
| | |
| * | Move respond_with to the responders gemJosé Valim2014-08-171-737/+0
| | | | | | | | | | | | | | | | | | | | | | | | respond_with (and consequently the class-level respond_to) are being removed from Rails. Instead of moving it to a 3rd library, the functionality will be moved to responders gem (at github.com/plataformatec/responders) which already provides some responders extensions.
| * | When your templates change, browser caches bust automatically.Jeremy Kemper2014-08-172-3/+35
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New default: the template digest is automatically included in your ETags. When you call `fresh_when @post`, the digest for `posts/show.html.erb` is mixed in so future changes to the HTML will blow HTTP caches for you. This makes it easy to HTTP-cache many more of your actions. If you render a different template, you can now pass the `:template` option to include its digest instead: fresh_when @post, template: 'widgets/show' Pass `template: false` to skip the lookup. To turn this off entirely, set: config.action_controller.etag_with_template_digest = false
| * Fix assert_template for files.Guo Xiang Tan2014-08-141-0/+23
| | | | | | | | | | The test was not failing for `assert_template file: nil` when a file has been rendered.
* | Merge branch 'master' into loofahRafael Mendonça França2014-08-1213-165/+273
|\| | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md
| * Fixes to TestCaseTest.Guo Xiang Tan2014-08-081-4/+5
| |
| * Fix spelling.Guo Xiang Tan2014-08-071-1/+1
| |
| * LOCALHOST definition should match any 127.0.0.0/8 addressEarl J St Sauver2014-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The entire 127.0.0.0/8 range is assigned to the loopback address, not only 127.0.0.0/24. This patch allows ActionDispatch::Request::LOCALHOST to match any IPv4 127.0.0.0/8 loopback address. The only place that the #local? method was previously under test was in the show_expectations_test.rb file. I don't particularly like that that's implicitly where this code is under test, and I feel like I should move some of that testing code into the test/dispatch/request_test.rb file, but I wanted some feedback first. Credit goes to @sriedel for discovering the issue and adding the patch.
| * fix filesystem race conditionAaron Patterson2014-07-171-1/+1
| |
| * helper methods are public, so we can just call themAaron Patterson2014-07-171-4/+4
| | | | | | | | | | also if you want a path from a named helper, you should call helper_path, not helper_url(:only_path => true).
| * Rails-ish apps should descend from Rails::RailtieAaron Patterson2014-07-161-1/+2
| | | | | | | | | | Use an is_a check to ensure it's a Railsish app so we can avoid respond_to calls everywhere.
| * Don't accept parameters as argument for redirect to [via @homakov]Santiago Pastorino2014-07-161-0/+10
| | | | | | | | Closes #16170
| * stop passing recall to url_forAaron Patterson2014-07-151-35/+46
| |
| * stop calling url_for with recall parameters and actually use a requestAaron Patterson2014-07-151-82/+123
| |
| * execute a request and check the path_parametersAaron Patterson2014-07-151-17/+59
| | | | | | | | | | | | | | | | This actually runs a request through the system, using the actual routing methods as we would use in production, then tests the path_parameters set on the request object. The `recognize_path` method isn't actually used in production, so testing what it returns isn't useful.
| * set `set` in the setup methodAaron Patterson2014-07-151-2/+5
| |