aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #16637 from Agis-/redirect-with-constraint-routeAaron Patterson2014-08-281-0/+24
|\ | | | | Fix the router ignoring constraints when used together with a redirect route
| * Don't ignore constraints in redirect routesAgis-2014-08-251-0/+24
| | | | | | | | | | | | | | | | https://github.com/rails/rails/commit/402c2af55053c2f29319091ad21fd6fa6b90ee89 introduced a regression that caused any constraints added to redirect routes to be ignored. Fixes #16605
* | Refactor out Dir.glob from ActionDispatch::Staticschneems2014-08-275-0/+8
| | | | | | | | | | | | | | | | Dir.glob can be a security concern. The original use was to provide logic of fallback files. Example a request to `/` should render the file from `/public/index.html`. We can replace the dir glob with the specific logic it represents. The glob {,index,index.html} will look for the current path, then in the directory of the path with index file and then in the directory of the path with index.html. This PR replaces the glob logic by manually checking each potential match. Best case scenario this results in one less file API request, worst case, this has one more file API request. Related to #16464 Update: added a test for when a file of a given name (`public/bar.html` and a directory `public/bar` both exist in the same root directory. Changed logic to accommodate this scenario.
* | Use less iterations for KeyGenerator in testsPeter Suschlik2014-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | This commit improves performance of cookie tests: Ruby | After | Before ----- | --------:| --------: MRI | 5.03s | 9.28s JRuby | 25.45s | 1648.23s Please note the improvement for JRuby.
* | Address comments on Gzip implementationschneems2014-08-245-2/+32
|/ | | | | | | | | | | | | | | - don't mutate PATH_INFO in env, test - test fallback content type matches Rack::File - change assertion style - make HTTP_ACCEPT_ENCODING comparison case insensitive - return gzip path from method instead of true/false so we don't have to assume later - don't allocate un-needed hash. Original comments: https://github.com/rails/rails/commit/ cfaaacd9763642e91761de54c90669a88d772e5a#commitcomment-7468728 cc @jeremy
* Improve router test.Guo Xiang Tan2014-08-211-6/+11
| | | | | We should assert that routes will not be recognized if the verbs do not match.
* Avoid duplicating routes for HEAD requests.Guo Xiang Tan2014-08-212-1/+32
| | | | | | | | Follow up to rails#15321 Instead of duplicating the routes, we will first match the HEAD request to HEAD routes. If no match is found, we will then map the HEAD request to GET routes.
* Enable gzip compression by defaultschneems2014-08-205-2/+30
| | | | | | If someone is using ActionDispatch::Static to serve assets and makes it past the `match?` then the file exists on disk and it will be served. This PR adds in logic that checks to see if the file being served is already compressed (via gzip) and on disk, if it is it will be served as long as the client can handle gzip encoding. If not, then a non gzip file will be served. This additional logic slows down an individual asset request but should speed up the consumer experience as compressed files are served and production applications should be delivered with a CDN. This PR allows a CDN to cache a gzip file by setting the `Vary` header appropriately. In net this should speed up a production application that are using Rails as an origin for a CDN. Non-asset request speed is not affected in this PR.
* Merge pull request #16570 from bradleybuda/breach-mitigation-mask-csrf-tokenJeremy Kemper2014-08-191-5/+6
|\ | | | | CSRF token mask from breach-mitigation-rails gem
| * Auth token mask from breach-mitigation-rails gemBradley Buda2014-08-191-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | This merges in the code from the breach-mitigation-rails gem that masks authenticity tokens on each request by XORing them with a random set of bytes. The masking is used to make it impossible for an attacker to steal a CSRF token from an SSL session by using techniques like the BREACH attack. The patch is pretty simple - I've copied over the [relevant code](https://github.com/meldium/breach-mitigation-rails/blob/master/lib/breach_mitigation/masking_secrets.rb) and updated the tests to pass, mostly by adjusting stubs and mocks.
* | Protect against error when parsing parameters with Bad RequestRafael Mendonça França2014-08-191-0/+25
| | | | | | | | Related with #11795.
* | Fix failing test on several methods on ParameterPrem Sichanugrist2014-08-182-2/+11
| | | | | | | | | | | | | | * `each` * `each_pair` * `delete` * `select!`
* | Seperate Parameters accessors and mutators testsPrem Sichanugrist2014-08-183-57/+215
| |
* | Add missing `Hash` methods to `AC::Parameters`Prem Sichanugrist2014-08-181-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | This is to make sure that `permitted` status is maintained on the resulting object. I found these methods that needs to be redefined by looking for `self.class.new` in the code. * extract! * transform_keys * transform_values
* | Make `AC::Params#to_h` return Hash with safe keysPrem Sichanugrist2014-08-181-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
* | Expectations firstAkira Matsuda2014-08-187-34/+34
| |
* | Merge branch 'master' into loofahRafael Mendonça França2014-08-1716-753/+198
|\ \ | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md
| * | Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
| * | `responders` 1.x won't do it. Told you to RTFM for details!Godfrey Chan2014-08-171-0/+2
| | |
| * | The gem is called 'responders'Godfrey Chan2014-08-171-2/+2
| | |
| * | Raise a more helpful error for people who are using these extracted featuresGodfrey Chan2014-08-171-0/+30
| | |
| * | Fixed broken reference caused by 14965baGodfrey Chan2014-08-171-2/+2
| | |
| * | Merge pull request #16467 from strzalek/cookies-digest-config-option2Godfrey Chan2014-08-171-0/+50
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
| | * | Add config option for cookies digestŁukasz Strzałkowski2014-08-121-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
| * | | Remove more references to respond_withJosé Valim2014-08-177-6/+0
| | | |
| * | | Move respond_with to the responders gemJosé Valim2014-08-171-737/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | respond_with (and consequently the class-level respond_to) are being removed from Rails. Instead of moving it to a 3rd library, the functionality will be moved to responders gem (at github.com/plataformatec/responders) which already provides some responders extensions.
| * | | When your templates change, browser caches bust automatically.Jeremy Kemper2014-08-172-3/+35
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New default: the template digest is automatically included in your ETags. When you call `fresh_when @post`, the digest for `posts/show.html.erb` is mixed in so future changes to the HTML will blow HTTP caches for you. This makes it easy to HTTP-cache many more of your actions. If you render a different template, you can now pass the `:template` option to include its digest instead: fresh_when @post, template: 'widgets/show' Pass `template: false` to skip the lookup. To turn this off entirely, set: config.action_controller.etag_with_template_digest = false
| * | Merge pull request #16027 from tgxworld/template_assertionsYves Senn2014-08-141-0/+23
| |\ \ | | | | | | | | Fixes to ActionController::TemplateAssertions
| | * | Fix assert_template for files.Guo Xiang Tan2014-08-141-0/+23
| | | | | | | | | | | | | | | | | | | | The test was not failing for `assert_template file: nil` when a file has been rendered.
| * | | fewer operations on the options hashAaron Patterson2014-08-131-1/+1
| | | | | | | | | | | | | | | | | | | | since we pass `as` down, then we won't have to do an insert / delete dance with the options hash
| * | | UnexpectedErrors may reference exceptions that can't be dumpedAaron Patterson2014-08-131-0/+17
| |/ / | | | | | | | | | | | | | | | UnexpectedError exceptions wrap the original exception, and the original exception may contain a reference to something that can't be marshal dumped which will cause the process to die.
| * | Merge pull request #16491 from akshay-vishnoi/doc-changesYves Senn2014-08-131-1/+1
| |\ \ | | | | | | | | [ci skip] fix spelling of overridden
| | * | [ci skip] fix spelling of overrideAkshay Vishnoi2014-08-131-1/+1
| | | |
| * | | AM, AP, AV, and AMo tests are already order_independent!Akira Matsuda2014-08-131-5/+0
| |/ /
* | | Merge branch 'master' into loofahRafael Mendonça França2014-08-1285-397/+630
|\| | | | | | | | | | | | | | | | | | | | Conflicts: actionpack/CHANGELOG.md actionpack/test/controller/integration_test.rb actionview/CHANGELOG.md
| * | Nobody sucks so nobody should call this awful method nameRafael Mendonça França2014-08-121-1/+1
| | |
| * | users_dont_suck_but_only_we_suck_and_only_our_tests_are_order_dependent!Akira Matsuda2014-08-121-0/+5
| | | | | | | | | | | | | | | Calling ActiveSupport::TestCase.i_suck_and_my_tests_are_order_dependent! in AS::TestCase makes everyone's tests order dependent, which should never be done by the framework.
| * | Revert "Merge pull request #16434 from strzalek/cookies-digest-config-option"Santiago Pastorino2014-08-081-17/+0
| | | | | | | | | | | | | | | | | | | | | This reverts commit 705977620539e2be6548027042f33175ebdc2505, reversing changes made to dde91e9bf5ab246f0f684b40288b272f4ba9a699. IT BROKE THE BUILD!!!
| * | Add config option for cookies digestŁukasz Strzałkowski2014-08-081-0/+17
| |/ | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = \SHA256'
| * Fixes to TestCaseTest.Guo Xiang Tan2014-08-081-4/+5
| |
| * Fix spelling.Guo Xiang Tan2014-08-071-1/+1
| |
| * call the routes method on enginesAaron Patterson2014-08-051-74/+37
| | | | | | | | if we access the instance, we can free up lots of codes
| * a rails application should be an engine subclassAaron Patterson2014-08-051-1/+1
| |
| * no reason to lazily instantiate the routesAaron Patterson2014-08-051-45/+42
| | | | | | | | | | especially if you're just going to add a call two lines down that populates the cache. common.
| * just assign the instance variables on the testAaron Patterson2014-08-051-7/+3
| |
| * Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-041-9/+8
| | | | | | | | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
| * Remove unnecessary call to #tapCarlos Antonio da Silva2014-07-311-5/+3
| | | | | | | | | | This is not storying the RouteSet instance anywhere as the other examples in the file, so no need to use #tap.
| * Deprecate `*_path` methods in mailers@schneems and @sgrif2014-07-301-0/+14
| | | | | | | | | | | | | | | | | | | | | | Email does not support relative links since there is no implicit host. Therefore all links inside of emails must be fully qualified URLs. All path helpers are now deprecated. When removed, the error will give early indication to developers to use `*_url` methods instead. Currently if a developer uses a `*_path` helper, their tests and `mail_view` will not catch the mistake. The only way to see the error is by sending emails in production. Preventing sending out emails with non-working path's is the desired end goal of this PR. Currently path helpers are mixed-in to controllers (the ActionMailer::Base acts as a controller). All `*_url` and `*_path` helpers are made available through the same module. This PR separates this behavior into two modules so we can extend the `*_path` methods to add a Deprecation to them. Once deprecated we can use this same area to raise a NoMethodError and add an informative message directing the developer to use `*_url` instead. The module with warnings is only mixed in when a controller returns false from the newly added `supports_relative_path?`. Paired @sgrif & @schneems
| * Merge pull request #16303 from rajcybage/removing_masterYves Senn2014-07-281-0/+2
| |\ | | | | | | | | | remove empty unused method
| | * add comment to the empty each method for not removing it in futureRajarshi Das2014-07-261-1/+2
| |/