aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch
Commit message (Collapse)AuthorAgeFilesLines
* applies new string literal convention in actionpack/testXavier Noria2016-08-0640-2942/+2942
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Merge pull request #25913 from chrisarcand/fix-keyed-defaults-with-rootRafael Mendonça França2016-07-271-0/+18
|\ | | | | | | Fix keyed defaults with root
| * Fix 'defaults' option for root routeChris Arcand2016-07-211-0/+18
|/ | | | | | | | | The merging of the 'defaults' option was moved up the stack in e852daa This allows us to see where these options originate from the standard HttpHelpers (get, post, patch, put, delete) Unfortunately this move didn't incorporate the 'root' method, which has always allowed the same 'defaults' option before.
* Sort the mime types before comparingRafael Mendonça França2016-07-171-2/+2
| | | | | | | | | | | | | | For those tests that use start we don't need to assert the actual order of mime types that are returned. This happen because this order is more about the order the mime type was registered than the order that it is expected to it resolve. We need to sort because we remove the json mime type in json_params_parsing_test and add it to the end of the mime types set so if that file runs before those tests we will have a failing test. [Rafael Mendonça França + Lucas Hosseini]
* Check `request.path_parameters` encoding at the point they're setGrey Baker2016-07-142-16/+18
| | | | | | | | Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
* Merge pull request #25798 from ↵Matthew Draper2016-07-141-0/+9
|\ | | | | | | | | greysteil/dont-raise-unknown-http-method-low-in-stack Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static
| * Don't raise ActionController::UnknownHttpMethod from ActionDispatch::StaticGrey Baker2016-07-131-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `ActionDispatch::Static` middleware is used low down in the stack to serve static assets before doing much processing. Since it's called from so low in the stack, we don't have access to the request ID at this point, and generally won't have any exception handling defined (by default `ShowExceptions` is added to the stack quite a bit higher and relies on logging and request ID). Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3 this middleware would ignore unknown HTTP methods, and an exception about these would be raised higher in the stack. After that commit, however, that exception will be raised here. If we want to keep `ActionDispatch::Static` so low in the stack (I think we do) we should suppress the `ActionController::UnknownHttpMethod` exception here, and instead let it be raised higher up the stack, once we've had a chance to define exception handling behaviour. This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to `ActionDispatch::FileHandler`, which won't raise an `ActionController::UnknownHttpMethod` error. If an unknown method is passed, it should exception higher in the stack instead, once we've had a chance to define exception handling behaviour.`
* | Merge pull request #25771 from kaspth/make-test-response-assign-response-parserKasper Timm Hansen2016-07-131-0/+8
|\ \ | |/ |/| Let TestResponse assign a parser.
| * Let TestResponse assign a parser.Kasper Timm Hansen2016-07-101-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously we'd only assign a response parser when a request came through Action Dispatch integration tests. This made calls to `parsed_body` when a TestResponse was manually instantiated — though own doing or perhaps from a framework — unintentionally blow up because no parser was set at that time. The response can lookup a parser entirely through its own ivars. Extract request encoder to its own file and assume that a viable content type is present at TestResponse instantiation. Since the default response parser is a no-op, making `parsed_body` equal to `body`, no exceptions will be thrown.
* | Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`Grey Baker2016-07-121-0/+6
|/ | | | | | | | | | | | Rack [recently](https://github.com/rack/rack/commit/7e7a3890449b5cf5b86929c79373506e5f1909fb) moved the namespace of its `ParameterTypeError` and `InvalidParameterError` errors. Whilst an alias for the old name was added, the logic in `ActionDispatch::ExceptionWrapper` was still broken by this change, since it relies on the class name. This PR updates `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespaced errors correctly. We no longer need to worry about the old names, since Rails specifies Rack ~> 2.0.
* Add tests for 1xx, 204 and 304 responses to response_test.rbMasaru Nomura2016-07-091-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In response_test.rb, we haven't had a test to make sure that 1) these responses don't have a message-body as described in RFC7231[1] 2) 1xx and 204 responses must not have a Content-Length header field as described in RFC7230-section3.3.2[2] [1] https://tools.ietf.org/html/rfc7231 [2] https://tools.ietf.org/html/rfc7230#section-3.3.2 Even though our implementation doesn't allow users to send a Content-Length header field in a 304 response, sending the header field is valid as mentioned in RFC7230-section3.3.2[2]. So I've decided not to test whether or not a 304 response has the header. The citation from the section is as follows; ``` A server MAY send a Content-Length header field in a 304 (Not Modified) response to a conditional GET request (Section 4.1 of [RFC7232]); a server MUST NOT send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent in the payload body of a 200 (OK) response to the same request. ```
* Deprecate usage of nil as route pathVolmer2016-07-051-0/+7
| | | | | | | | | | | | | | | | | | | In Rails 4 these kind of routes used to work: ```ruby scope '/*id', controller: :builds, as: :build do get action: :show end ``` But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for paths specified as strings or symbols. Implicit `nil` paths are just ignored, with no deprecation warnings or errors. Routes are simply not created. This come as a surprise for people migrating to Rails 5, since the lack of logs or errors makes hard to understand where the problem is. This commit introduces a deprecation warning in case of path as `nil`, while still allowing the route definition.
* Ensure logging on exceptions only includes what we expectMatthew Draper2016-07-021-0/+23
|
* Fix setting route's to in a scopePiotr Jakubowski2016-06-281-0/+12
| | | | | | Fixes #25488 97d7dc4 introduced a regression that resulted in ArgumentError when to was in options of the scope and not of particular route.
* Merge pull request #25123 from bf4/remove_problematic_mime_testRafael França2016-06-271-3/+3
|\ | | | | Modifies mime-registration test not to interfere with real mime types
| * Modifies mime-registration test not to interfere with real mime typesBenjamin Fleischer2016-05-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The tests introduced in https://github.com/rails/rails/pull/23816/files#diff-384a5a15d8d53de799fb6541688ea5f9R153 register the JSON API media type `application/vnd.api+json` with `Mime[:json]`. The JSON API media type should not be registered with `Mime[:json]`, as discussed in #23712. Moreover, since the actual mime type used in the test is incidental, I've changed this to a valid, but fictional `applcation/vnd.rails+json`. These tests were causing failures in https://github.com/rails/rails/pull/25050#issuecomment-221092934 where `Mime[:jsonapi]` is being added, so that JSON API request params are parsed with the JSONAPI gem.
* | existant => existentAbhishek Jain2016-06-091-2/+2
| |
* | Prevent `{ internal: true }` from being stored in the routerJon Moss2016-06-071-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Forgotten followup to #23669 :grimacing: If you went to an internal route (e.g. `/rails/info/routes`), you would previously see the following in your logger: ```bash Processing by Rails::InfoController#routes as HTML Parameters: {"internal"=>true} Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (10.5ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (2.5ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (23.5ms) Completed 200 OK in 50ms (Views: 35.1ms | ActiveRecord: 0.0ms) ``` Now, with this change, you would see: ```bash Processing by Rails::InfoController#routes as HTML Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (1.6ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (10.2ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (17.4ms) Completed 200 OK in 44ms (Views: 28.0ms | ActiveRecord: 0.0ms) ```
* | Merge pull request #25236 from rajatbansal93/fix-typoArun Agrawal2016-06-011-5/+5
|\ \ | | | | | | fix typo [ci skip]
| * | fix typoRajat Bansal2016-06-011-5/+5
| |/
* / More Action Pack `abstract_unit` cleanup (#25211)Jon Moss2016-05-311-0/+2
|/ | | | | - Remove dead classes / dead code - Move class definitions to where they are used, don't define in a shared space
* Document and test ActionDispatch server_portTom Kadwill2016-05-121-0/+11
|
* Merge pull request #24982 from tomkadwill/improve_clarity_of_raw_host_with_portKasper Timm Hansen2016-05-111-0/+20
|\ | | | | Improve documentation and tests for raw_host_with_port and host_with_…
| * Improve documentation and tests for raw_host_with_port and host_with_portTom Kadwill2016-05-111-0/+20
| |
* | Merge pull request #24912 from prathamesh-sonpatki/api-fix-response-formatSantiago Pastorino2016-05-111-32/+50
|\ \ | | | | | | API only apps: Preserve request format for HTML requests too
| * | API only apps: Preserve request format for HTML requests tooPrathamesh Sonpatki2016-05-111-32/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Earlier we were responding with JSON format for HTML requests in a API app. - Now we will respond with HTML format for such requests in API apps. - Also earlier we were not testing the API app's JSON requests properly. We were actually sending HTML requests. Now we send correct JSON requests. Also added more test coverage. - Based on the discussion from this commit - https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614. [Prathamesh Sonpatki, Jorge Bejar]
* | | Merge pull request #24896 from prathamesh-sonpatki/api-cleanupGuillermo Iguaran2016-05-061-7/+0
|\ \ \ | | | | | | | | BoomerAPI is not used anywhere, so removed it!
| * | | BoomerAPI is not used anywhere, so removed it!Prathamesh Sonpatki2016-05-061-7/+0
| |/ / | | | | | | | | | | | | - It was originally added in 83b4e9073f0852afc065 and partially removed in 05d89410bf97d0778e7.
* | | Merge pull request #24029 from ↵Sean Griffin2016-05-062-1/+34
|\ \ \ | |/ / |/| | | | | | | | | | | | | | rthbound/dont-call-each-when-calling-body-on-response Dont call each when calling body on response to fix #23964 Fixes #23964
| * | Fixes #23964Ryan T. Hosford2016-03-132-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adds #each_chunk to ActionDispatch::Response. it's a method which will be called by ActionDispatch::Response#each. - Make Response#each a proper method instead of delegating to @stream - In Live, instead of overriding #each, override #each_chunk. - `#each` should just spit out @str_body if it's already set - Adds #test_set_header_after_read_body_during_action to prove this fixes #23964 - Adds #test_each_isnt_called_if_str_body_is_written to ensure #each_chunk is not called when @str_body is available - Call `@response.sent!` in AC::TestCase's #perform so a test response acts a bit more like a real response. Makes test that call `#assert_stream_closed` pass again. - Additionally assert `#committed?` in `#assert_stream_closed` - Make test that was calling @response.stream.each pass again by calling @response.each instead.
* | | Ensure compatibility between ActionDispatch::Request::Session and RackJon Moss2016-05-041-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding the `each` method is required for ensuring compatibility between Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted within Rails, and wish to use its session tooling. Prior to this, there was an inconsistency between ActionDispatch::Request::Session and Rack::Session::Cookie, due to the absence of the `each` method. This should hopefully fix that error. :) For a full integration test with Sinatra and a standalone Rack application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470. Solves #15843.
* | | Remove last uses of `@env[]` and `@env[]=`Jon Moss2016-04-281-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in favor of using `set_header`, `get_header`, etc. (Here's an [example commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)). This PR should remove the last uses of these methods, and fully convert them to the newly standardized API.
* | | Merge pull request #23103 from rails/refactor-handling-of-action-defaultJeremy Daer2016-04-242-12/+52
|\ \ \ | |_|/ |/| | | | | Refactor handling of :action default in routing
| * | Refactor handling of :action default in routingAndrew White2016-02-162-12/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The longstanding convention in Rails is that if the :action parameter is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1 this was handled slightly differently than other routing defaults by deleting it from the route options and adding it to the recall parameters. With the recent focus of removing unnecessary duplications this has exposed a problem in this strategy - we are now mutating the request's path parameters and causing problems for later url generation. This will typically affect url_for rather a named url helper since the latter explicitly pass :controller, :action, etc. The fix is to add a default for :action in the route class if the path contains an :action segment and no default is passed. This change also revealed an issue with the parameterized part expiry in that it doesn't follow a right to left order - as soon as a dynamic segment is required then all other segments become required. Fixes #23019.
* | | Merge pull request #24031 from ↵Jeremy Daer2016-04-191-0/+13
|\ \ \ | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-031-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | Strong ETag validatorsJeremy Daer2016-03-312-20/+50
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag. Strong ETags are desirable when you're serving byte-for-byte identical responses that support Range requests, like PDFs or videos (typically done by reproxying the response from a backend storage service). Also desirable when fronted by some CDNs that support strong ETags only, like Akamai. * No longer strips quotes (`"`) from ETag values before comparing them. Quotes are significant, part of the ETag. A quoted ETag and an unquoted one are not the same entity. * Support `If-None-Match: *`. Rarely useful for GET requests; meant to provide some optimistic concurrency control for PUT requests.
* | | Rename constrain_to to exclude.Kasper Timm Hansen2016-03-031-4/+4
|/ / | | | | | | | | | | | | | | | | `ActionDispatch::SSL` redirects all HTTP requests to HTTPS, not just some. The `constrain_to` option inverts this, so it sounds like the middleware only handles a few requests, rather than the majority with a few routes to opt out of the redirect. Renaming to `exclude` matches this intent more closely.
* | [ci skip] Use rails routes instead of rake routes in inspector test descriptionAbhishek Jain2016-03-021-9/+9
| |
* | Merge pull request #23980 from rails/deprecate-controller-action-segmentsAndrew White2016-03-019-35/+101
|\ \ | | | | | | Deprecate :controller and :action path parameters
| * | Deprecate :controller and :action path parametersAndrew White2016-03-019-35/+101
| | | | | | | | | | | | | | | | | | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* | | Publish AS::Executor and AS::Reloader APIsMatthew Draper2016-03-023-24/+191
|/ / | | | | | | | | | | These should allow external code to run blocks of user code to do "work", at a similar unit size to a web request, without needing to get intimate with ActionDipatch.
* | add `constraint_to` option to SSL middlewareGreg Molnar2016-02-281-0/+7
| |
* | Merge pull request #23852 from prathamesh-sonpatki/hsts-subdomainsRafael França2016-02-251-7/+16
|\ \ | | | | | | Enable HSTS with IncludeSubdomains header by default for new apps
| * | Added deprecation for older appsPrathamesh Sonpatki2016-02-251-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | - For old apps which are not setting any value for hsts[:subdomains], a deprecation warning will be shown saying that hsts[:subdomains] will be turned on by default in Rails 5.1. Currently it will be set to false for backward compatibility. - Adjusted tests to reflect this change.
* | | Revert "Merge pull request #20851 from tomprats/indifferent-sessions"Matthew Draper2016-02-261-10/+0
| | | | | | | | | | | | | | | | | | | | | This reverts commit 22db455dbe9c26fe6d723cac0758705d9943ea4b, reversing changes made to 40be61dfda1e04c3f306022a40370862e3a2ce39. This finishes off what I meant to do in 6216a092ccfe6422f113db906a52fe8ffdafdbe6.
* | | Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-266-118/+1
|/ / | | | | | | | | | | | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* | Added a test for generating Strong ETagPrathamesh Sonpatki2016-02-241-0/+8
| |
* | Merge pull request #20851 from tomprats/indifferent-sessionsRafael Mendonça França2016-02-246-0/+127
|\ \ | | | | | | | | | Give Sessions Indifferent Access
| * | Update Session to utilize indiffernt accessTom Prats2016-01-306-1/+118
| | |