| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
key length
|
|
|
|
|
|
|
|
|
| |
Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts.
keys of same value but different lenght and greater than key size of cipher, produce the same results
as reproduced at https://gist.github.com/rhenium/b81355fe816dcfae459cc5eadfc4f6f9
Since our default cipher is 'aes-256-cbc', key length for which is 32 bytes, limit the length of key being passed to Encryptor to 32 bytes.
This continues to support backwards compat with any existing signed data, already encrupted and signed with 32+ byte keys.
Also fixes the passing of this value in multiple tests.
|
| |
|
|\
| |
| | |
Allow `send_file` to declare a charset
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PR #20940 enabled the use of multiple roots with different constraints
at the top level but unfortunately didn't work when those roots were inside
a namespace and also broke the use of root inside a namespace after a top
level root was defined because the check for the existence of the named route
used the global :root name and not the namespaced name.
This is fixed by using the name_for_action method to expand the :root name to
the full namespaced name. We can pass nil for the second argument as we're not
dealing with resource definitions so don't need to handle the cases for edit
and new routes.
Fixes #26148.
|
|
|
|
|
| |
This is the intended behavior. You should not do more than one request
in a controller test.
|
|
|
|
|
|
| |
It should not throw a NameError, but should throw a KeyError.
Fixes #26278
|
|\
| |
| |
| |
| | |
samphippen/allow-early-setting-of-integration-session
Allow the `integration_sesion` to be set early on ActionDispatch::Integration::Runner.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ActionDispatch::Integration::Runner.
In commit fa63448420d3385dbd043aca22dba973b45b8bb2, @tenderlove changed
the behaviour of the way `integration_session` is set up in this object.
It used to be the case that the first time it was accessed, it was
memoized with nil, however, this means that if it had already been set
it was not replaced. After that commit, it is now always set to `nil` in
the execution of `before_setup`.
In RSpec, users are able to invoke `host!` in `before(:all)` blocks,
which execute well before `before_setup` is ever invoked (which happens
in what is equivalent to a `before(:each)` block, for each test. `host!`
causes the integration session to be set up to correctly change the
host, but after fa63448420d3385dbd043aca22dba973b45b8bb2 the
`integration_session` gets overwritten, meaning that users lose their
`host!` configuration (see https://github.com/rspec/rspec-rails/issues/1662).
This commit changes the behaviour back to memoizing with `nil`, as
opposed to directly overwriting with `nil`. This causes the correct
behaviour to occur in RSpec, and unless I'm mistaken will also ensure
that users who want to modify their integration sessions early in rails
will also be able to do so.
|
| |
| |
| | |
Include the content of the flash in the auto-generated etag
|
|/
|
|
|
|
|
|
|
|
|
| |
When `config.force_ssl` is set to `true`, any POST/PUT/DELETE requests coming in to non-secure url are being redirected with a 301 status.
However, when that happens, the request is converted to a GET request and ends up hitting a different action on the controller.
Since we can not do non-GET redirects, we can instead redirect with a 307 status code instead to indicate to the caller that a fresh request should be tried preserving the original request method.
`rack-ssl` gem which was used to achieve this before we had this middleware directly baked into Rails also used to do the same, ref: https://github.com/josh/rack-ssl/blob/master/lib/rack/ssl.rb#L54
This would be specially important for any apps switching from older version of Rails or apps which expose an API through Rails.
|
|
|
|
| |
Documentation & testing
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since e852daa6976cc6b6b28ad0c80a188c06e226df3c only the verb methods
where extracting the defaults options. It was merged a fix for the
`root` method in 31fbbb7faccba25b2e3b5e10b8fca1468579d629 but `match`
was still broken since `:defaults` where not extracted.
This was causing routes defined using `match` and having the `:defaults`
keys to not be recognized.
To fix this it was extracted a new private method with the actual
content of `match` and the `:defaults` extracting was moved to `match`.
|
|\
| |
| | |
Show unpermitted parameters as symbols in logs (so they could be copy…
|
| |
| |
| |
| | |
to the code)
|
| |
| |
| |
| |
| |
| |
| |
| | |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
| |
| |
| | |
after writing to the stream.
|
|\ \
| | |
| | | |
Allow specifying encoding of parameters by action
|
| |/
| |
| |
| |
| | |
At GitHub we need to handle parameter encodings that are not UTF-8. This
patch allows us to specify encodings per parameter per action.
|
|/
|
|
| |
Hash syntax auto-correcting breaks alignments. 411ccbdab2608c62aabdb320d52cb02d446bb39c
|
|
|
|
|
|
|
|
|
| |
A few have been left for aesthetic reasons, but have made a pass
and removed most of them.
Note that if the method `foo` returns an array, `foo << 1`
is a regular push, nothing to do with assignments, so
no self required.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some test runs `ActionController::Base.enable_fragment_cache_logging` would be false,
based on the test order.
Turns out it was off because we assigned the config to the `@controller` variable, and
not on `ActionController::Base`.
The test failure was reproducible with, and now passes after this:
```
bin/test test/controller/log_subscriber_test.rb --seed 19918
```
|
|\
| |
| | |
Better logging of cached partial renders
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement naive partial caching mechanism.
Add test for LogSubscriber
Use ActionView::Base#log_payload to store log_subscriber's payload, so we can pass cache result into it.
Fixed tests
Remove useless settings
Check if #log_payload exists before calling it. Because other classes also includes CacheHelper but don't have is attribute
Use @log_payload_for_partial_reder instead of #log_payload to carry ActionView's payload.
Update test's hash syntax
Add configuration to enable/disable fragment caching logging
Remove unless test and add new test to ensure cache info won't effect next rendering's log
Move :enable_fragment_cache_logging config from ActionView to ActionPack
Apply new config to tests
Update actionview's changelog
Update configuration guide
Improve actionview's changelog
Refactor PartialRenderer#render and log tests
Mute subscriber's log instead of disabling instrumentation.
Fix typo, remove useless comment and use new hash syntax
Improve actionpack's log_subscriber test
Fix rebase mistake
Apply new config to all caching intstrument actions
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In integration test when specify the "Accept" header with "xhr: true"
option, the Accept header is overridden with a default xhr Accept
header. The issue only affects HTTP header "Accept" but not CGI variable
"HTTP_ACCEPT".
For example:
get '/page', headers: { 'Accept' => 'application/json' }, xhr: true
# This is WRONG! And the response.content_type is also affected.
# It should be "application/json"
assert_equal "text/javascript, text/html, ...", request.accept
assert_equal 'text/html', response.content_type
The issue is in `ActionDispatch::Integration::RequestHelpers`. When
setting "xhr: true" the helper sets a default HTTP_ACCEPT if blank.
But the code doesn't consider supporting both HTTP header style and
CGI variable style.
For detail see this GitHub issue:
https://github.com/rails/rails/issues/25859
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a `GET` request is sent `as: :json` in an integration test the test
should use Rack's method override to change to a post request so the
paramters are included in the postdata. Otherwise it will not encode the
parameters correctly for the integration test.
Because integration test sets up it's own middleware,
`Rack::MethodOverride` needs to be included in the integration tests as
well.
`headers ||= {}` was moved so that headers are never nil. They should
default to a hash.
Fixes #26033
[Eileen M. Uchitelle & Aaron Patterson]
|
|
|
|
| |
Screwed up both the left and right hand sides!
|
|
|
|
|
|
|
| |
The tests were written with the common false value seen in Rails apps,
show that intent in the code.
Should also fix the build on 5-0-stable.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get:
```yaml
--- !ruby/hash:ActionController::Parameters
key: :value
```
Because 2.0.8 didn't store instance variables, while 2.0.9 did:
https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c
That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was
deserialized just fine:
https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926
However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and
Rails 5, it would start to blow up because `initialize` will never be called, and thus
`@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :)
To fix this we register another variant of the previous serialization format and take
it into account in `init_with`.
I've tested this in our app and previously raising code now deserializes like a champ.
I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how
to make us use 2.0.9+ for just one test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By changing ActionController::Parameter's superclass, Rails 5 also changed
the YAML serialization format.
Since YAML doesn't know how to handle parameters it would fallback to its
routine for the superclass, which in Rails 4.2 was Hash while just Object
in Rails 5. As evident in the tags YAML would spit out:
4.2: !ruby/hash-with-ivars:ActionController::Parameters
5.0: !ruby/object:ActionController::Parameters
Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a
hash dump as it would an Object class.
To fix this we have to provide our own `init_with` to be aware of the past
format as well as the new one. Then we add a `load_tags` mapping, such that
when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`,
it knows to call our `init_with` function and not try to instantiate it as
a normal hash subclass.
|
|\
| |
| | |
Reset rack.input when the environment is scrubbed for the next request
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this change, posted parameters would leak across requests. The included
test case failed like so:
1) Failure:
TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input:
--- expected
+++ actual
@@ -1 +1 @@
-{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
+{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
An argument could be made that this situation isn't encountered often and that
one should limit the number of requests per test case, but I still think the
parameter leaking is an unexpected side-effect.
|
|\ \
| |/
|/|
| | |
Fix keyed defaults with root
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The merging of the 'defaults' option was moved up the stack in e852daa
This allows us to see where these options originate from the standard
HttpHelpers (get, post, patch, put, delete)
Unfortunately this move didn't incorporate the 'root' method, which has
always allowed the same 'defaults' option before.
|
| | |
|
| | |
|
| |
| |
| |
| | |
Fixes #25926
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For those tests that use start we don't need to assert the actual order
of mime types that are returned.
This happen because this order is more about the order the mime type was
registered than the order that it is expected to it resolve.
We need to sort because we remove the json mime type in
json_params_parsing_test and add it to the end of the mime types set so
if that file runs before those tests we will have a failing test.
[Rafael Mendonça França + Lucas Hosseini]
|
| |
|