aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
Commit message (Collapse)AuthorAgeFilesLines
* Permit string and float values in the multiparameter attributesRafael Mendonça França2012-10-181-9/+14
|
* Cleanup trailing whitespacesdfens2012-10-121-1/+1
|
* When executing permit with just a key that points to a hash, DO NOT allow ↵Santiago Pastorino2012-10-121-1/+5
| | | | | | | | | | | | | | all the hash params.require(:person).permit(:projects_attributes) was returning => {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}} When should return => {} You should be doing ... params.require(:person).permit(projects_attributes: :name) to get just the projects attributes you want to allow
* can't pass :locals to #assert_template without a view test case. Closes #3415Yves Senn2012-10-061-0/+11
| | | | | | | | | | | the documentation on #assert_template states that the :locals option is only available in view test cases: # In a view test case, you can also assert that specific locals are passed # to partials: I added a warning when it's passed in an inapropriate context to prevent a NoMethodError.
* Allow parameter filters to match multi-parameter attributesRafael Mendonça França2012-10-051-0/+33
| | | | | | | This will make easier to permit date/time attributes generated by helpers like date_select. [Sven Schwyn + Rafael Mendonça França]
* ActionController::Parameters#permit! is recursiveBrendan Loudermilk2012-10-041-0/+7
|
* rename page_cache_extension option to default_static_extensionFrancesco Rodriguez2012-10-031-0/+15
|
* extract AP Page and Action caching to actionpack-deprecated_caching gemFrancesco Rodriguez2012-10-032-739/+16
|
* Failsafe exception returns text/plain.Steve Klabnik2012-10-011-0/+16
| | | | | | | It's best to just return text/plain when something has gone terribly wrong. Fixes #5660.
* `assert_template` no more passing with what ever string that matches.Hugo Roque2012-09-291-0/+22
| | | | | | | | | | | | | | | | | | | | | | | Given Im rendering an template `/layout/hello.html.erb`, assert_template was passing with any string that matches. This behavior allowed false passing like: assert_template "layout" assert_template "out/hello" Now the passing possibilities are: assert_template "layout/hello" assert_template "hello" fixing assert_template bug when template matches expected, but not ends with Cherry Pick Merge: Fixes issue #3849 assert_template false positive taking redundant test off prevening incorrect assert_template when rendering with repeated names in path updating CHANGELOG with bugfix: assert_template false passing
* move metal/caching_test into controller/caching_testFrancesco Rodriguez2012-09-271-5/+42
|
* remove method redefinition warningsRafael Mendonça França2012-09-271-1/+1
| | | | | actionpack/test/template/spec_type_test.rb:32: warning: method redefined; discarding old test_spec_type_wont_match_non_space_characters actionpack/test/controller/spec_type_test.rb:30: warning: previous definition of test_spec_type_wont_match_non_space_characters was here
* Allow strings in the controller test describe blocksMike Moore2012-09-242-0/+129
| | | | | Allow controller tests using the spec DSL to match strings. Add test coverage for the register_spec_type calls.
* Support controller tests using spec DSL - fixes #7743Mike Moore2012-09-241-0/+116
| | | | Add tests for controller tests using the minitest spec DSL.
* Correct parameter access.Philip Arndt2012-09-191-1/+1
| | | * The params as supplied pass born in authors[0] but not authors[1] so it seems like the test isn't covering what it should be covering.
* Merge pull request #7251 from rails/integrate-strong_parametersDavid Heinemeier Hansson2012-09-186-40/+251
|\ | | | | Integrate strong_parameters in Rails 4
| * Support fields_for attributes, which may have numeric symbols as hash keysGuillermo Iguaran2012-09-161-0/+18
| |
| * Add config.action_controller.permit_all_attributes to bypass ↵Guillermo Iguaran2012-09-161-0/+14
| | | | | | | | StrongParameters protection
| * Change tainted/untainted wording to permitted/forbiddenGuillermo Iguaran2012-09-163-26/+26
| |
| * Don't use assert_nothing_raised when assert_equal is usedGuillermo Iguaran2012-09-161-4/+2
| |
| * require abstract_unit in parameters testsGuillermo Iguaran2012-09-163-0/+3
| |
| * Remove integration between attr_accessible/protected and ↵Guillermo Iguaran2012-09-161-40/+0
| | | | | | | | AC::Metal::ParamsWrapper
| * Integrate ActionController::Parameters from StrongParameters gemGuillermo Iguaran2012-09-165-0/+218
| |
* | log 404 status when ActiveRecord::RecordNotFound was raised (#7646)Yves Senn2012-09-171-0/+15
|/
* Merge pull request #7616 from lest/null-session-forgery-protectionMichael Koziarski2012-09-131-10/+6
|\ | | | | Implement :null_session CSRF protection method
| * Implement :null_session CSRF protection methodSergey Nartimov2012-09-131-10/+6
| | | | | | | | | | | | | | | | It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946. The :null_session CSRF protection method provide an empty session during request processing but doesn't reset it completely (as :reset_session does).
* | Define a SynchronousQueue for test in Action Pack.Rafael Mendonça França2012-09-121-0/+10
|/ | | | We don't need to rely on rails/queueing in Action Pack tests
* AS::Callbacks: deprecate monkey patch of object callbacksBogdan Gusiev2012-09-071-7/+7
|
* Added controller-level etag additions that will be part of the action etag ↵David Heinemeier Hansson2012-08-291-0/+32
| | | | computation *Jeremy Kemper/DHH*
* Add automatic template digests to all CacheHelper#cache calls (originally ↵David Heinemeier Hansson2012-08-291-5/+16
| | | | spiked in the cache_digests plugin) *DHH*
* Add Missing Keys from Journey on failed URL formatschneems2012-08-281-6/+6
| | | | | | | | | | | | | | | | | | | | | | | Many named routes have keys that are required to successfully resolve. If a key is left off like this: <%= link_to 'user', user_path %> This will produce an error like this: No route matches {:action=>"show", :controller=>"users"} Since we know that the :id is missing, we can add extra debugging information to the error message. No route matches {:action=>"show", :controller=>"users"} missing required keys: [:id] This will help new and seasoned developers look closer at their parameters. I've also subclassed the routing error to be clear that this error is a result of attempting to generate a url and not because the user is trying to visit a bad url. While this may sound trivial this error message is misleading and confuses most developers. The important part isn't what's in the options its's what's missing. Adding this information to the error message will make debugging much more obvious. This is the sister pull request of https://github.com/rails/journey/pull/44 which will be required to get they missing keys into the correct error message. Example Development Error in Rails: http://cl.ly/image/3S0T0n1T3421
* Deprecate AV::RecordIdentifier in controllersPiotr Sarnacki2012-08-281-0/+41
| | | | | | | | Methods provided by RecordIdentifier are not widely used in controllers nowadays as they're view specific (this is probably a legacy left after RJS rendering directly in controllers). However if people still need to use it, it's trivial to include ActionView::RecordIdentifier by themselves.
* Use ActionView::Base.logger instead of AC::Base.loggerPiotr Sarnacki2012-08-281-1/+1
|
* Move action_controller/vendor/html-scanner to action_viewPiotr Sarnacki2012-08-283-3/+3
| | | | | | This is another step in moving Action View's dependencies in Action Pack to Action View itself. Also, HtmlScanner seems to be better suited for views rather than controllers.
* Move ActionController::RecordIdentifier to ActionViewPiotr Sarnacki2012-08-281-40/+0
| | | | | | | Since it's more about DOM classes and ids it belongs to Action View better. What's more, it's more convenient to make it part of Action View to follow the rule that Action Pack can depend on Action View, but not the other way round.
* Access @rs only through attr_accessortomykaira2012-08-201-11/+11
|
* Extract common controllers to abstract_unitRafael Mendonça França2012-08-131-29/+0
|
* set the controller under test so we no longer need the reset! methodAaron Patterson2012-08-091-38/+4
|
* removes usage of Object#in? from the code base (the method remains defined ↵Xavier Noria2012-08-062-7/+8
| | | | | | | | | | | | | | | | | | | by Active Support) Selecting which key extensions to include in active_support/rails made apparent the systematic usage of Object#in? in the code base. After some discussion in https://github.com/rails/rails/commit/5ea6b0df9a36d033f21b52049426257a4637028d we decided to remove it and use plain Ruby, which seems enough for this particular idiom. In this commit the refactor has been made case by case. Sometimes include? is the natural alternative, others a simple || is the way you actually spell the condition in your head, others a case statement seems more appropriate. I have chosen the one I liked the most in each case.
* make sure the body finishes rendering before checking response closureAaron Patterson2012-08-031-1/+2
|
* Collapsed dual checks (one for content headers and one for content) into a ↵Armand du Plessis2012-08-022-4/+34
| | | | | | | | | | | | single check. Rails includes a single character body to a head(:no_content) response to work around an old Safari bug where headers were ignored if no body sent. This patch brings the behavior slightly closer to spec if :no_content/204 is explicity requested via a head only response. Status comparison done on symbolic and numeric values Not returning any content when responding with head and limited to a status code that explicitly states no content will be returned - 100..199, 204, 205, 304.
* Merge pull request #7240 from steveklabnik/fix_2301Rafael Mendonça França2012-08-021-3/+4
|\ | | | | Fix for digest authentication bug - issue #2301 in rails/rails
| * Fix for digest authentication bug - issue #2301 in rails/railsArthur Smith2012-08-021-3/+4
| |
* | load active_support/core_ext/object/inclusion in active_support/railsXavier Noria2012-08-022-2/+0
|/
* html_escape should escape single quotesSantiago Pastorino2012-07-312-3/+3
| | | | | https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215
* close the response when the response body is set so that normal render calls ↵Aaron Patterson2012-07-291-0/+9
| | | | will work
* header hash is duped before being sent up the rack stackAaron Patterson2012-07-291-0/+13
|
* make sure set_response! sets the correct response objectAaron Patterson2012-07-291-0/+6
|
* Controller actions are processed in a separate thread for liveAaron Patterson2012-07-291-3/+69
| | | | | | | | | | responses. Processing controller actions in a separate thread allows us to work around the rack api - we can allow the user to set status and headers, then block until the first bytes are written. As soon as the first bytes are written, the main thread can return the status, headers, and (essentially) a queue for the body.
* added live responses which can be written and read in separate threadsAaron Patterson2012-07-291-0/+26
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-13 10:48:06 +0000