| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a `GET` request is sent `as: :json` in an integration test the test
should use Rack's method override to change to a post request so the
paramters are included in the postdata. Otherwise it will not encode the
parameters correctly for the integration test.
Because integration test sets up it's own middleware,
`Rack::MethodOverride` needs to be included in the integration tests as
well.
`headers ||= {}` was moved so that headers are never nil. They should
default to a hash.
Fixes #26033
[Eileen M. Uchitelle & Aaron Patterson]
|
| |
|
|
| |
Screwed up both the left and right hand sides!
|
| |
|
|
|
|
|
| |
The tests were written with the common false value seen in Rails apps,
show that intent in the code.
Should also fix the build on 5-0-stable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get:
```yaml
--- !ruby/hash:ActionController::Parameters
key: :value
```
Because 2.0.8 didn't store instance variables, while 2.0.9 did:
https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c
That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was
deserialized just fine:
https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926
However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and
Rails 5, it would start to blow up because `initialize` will never be called, and thus
`@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :)
To fix this we register another variant of the previous serialization format and take
it into account in `init_with`.
I've tested this in our app and previously raising code now deserializes like a champ.
I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how
to make us use 2.0.9+ for just one test.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By changing ActionController::Parameter's superclass, Rails 5 also changed
the YAML serialization format.
Since YAML doesn't know how to handle parameters it would fallback to its
routine for the superclass, which in Rails 4.2 was Hash while just Object
in Rails 5. As evident in the tags YAML would spit out:
4.2: !ruby/hash-with-ivars:ActionController::Parameters
5.0: !ruby/object:ActionController::Parameters
Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a
hash dump as it would an Object class.
To fix this we have to provide our own `init_with` to be aware of the past
format as well as the new one. Then we add a `load_tags` mapping, such that
when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`,
it knows to call our `init_with` function and not try to instantiate it as
a normal hash subclass.
|
| |\
| |
| | |
Reset rack.input when the environment is scrubbed for the next request
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this change, posted parameters would leak across requests. The included
test case failed like so:
1) Failure:
TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input:
--- expected
+++ actual
@@ -1 +1 @@
-{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
+{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"}
An argument could be made that this situation isn't encountered often and that
one should limit the number of requests per test case, but I still think the
parameter leaking is an unexpected side-effect.
|
| |\ \
| |/
|/|
| | |
Fix keyed defaults with root
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The merging of the 'defaults' option was moved up the stack in e852daa
This allows us to see where these options originate from the standard
HttpHelpers (get, post, patch, put, delete)
Unfortunately this move didn't incorporate the 'root' method, which has
always allowed the same 'defaults' option before.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Fixes #25926
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For those tests that use start we don't need to assert the actual order
of mime types that are returned.
This happen because this order is more about the order the mime type was
registered than the order that it is expected to it resolve.
We need to sort because we remove the json mime type in
json_params_parsing_test and add it to the end of the mime types set so
if that file runs before those tests we will have a failing test.
[Rafael Mendonça França + Lucas Hosseini]
|
| | |
|
| |\
| |
| |
| |
| | |
junaruga/hotfix/actionpack-depending-on-activerecord
Remove unused activerecord requirement in actionpack.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Check for any non-UTF8 characters in path parameters at the point they're
set in `env`. Previously they were checked for when used to get a controller
class, but this meant routes that went directly to a Rack app, or skipped
controller instantiation for some other reason, had to defend against
non-UTF8 characters themselves.
|
| |\ \
| | |
| | |
| | |
| | | |
greysteil/dont-raise-unknown-http-method-low-in-stack
Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `ActionDispatch::Static` middleware is used low down in the stack to serve
static assets before doing much processing. Since it's called from so low in
the stack, we don't have access to the request ID at this point, and generally
won't have any exception handling defined (by default `ShowExceptions` is added
to the stack quite a bit higher and relies on logging and request ID).
Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3
this middleware would ignore unknown HTTP methods, and an exception about these
would be raised higher in the stack. After that commit, however, that exception
will be raised here.
If we want to keep `ActionDispatch::Static` so low in the stack (I think we do)
we should suppress the `ActionController::UnknownHttpMethod` exception here,
and instead let it be raised higher up the stack, once we've had a chance to
define exception handling behaviour.
This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to
`ActionDispatch::FileHandler`, which won't raise an
`ActionController::UnknownHttpMethod` error. If an unknown method is
passed, it should exception higher in the stack instead, once we've had a
chance to define exception handling behaviour.`
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
javan/fix-namespaced-implicit-render-etag-template-digest
Fix adding implicitly rendered namespaced template digests to ETags
|
| | |/ / |
|
| |\ \ \
| |/ /
|/| | |
Let TestResponse assign a parser.
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we'd only assign a response parser when a request came through
Action Dispatch integration tests. This made calls to `parsed_body` when a TestResponse
was manually instantiated — though own doing or perhaps from a framework — unintentionally
blow up because no parser was set at that time.
The response can lookup a parser entirely through its own ivars. Extract request encoder to
its own file and assume that a viable content type is present at TestResponse instantiation.
Since the default response parser is a no-op, making `parsed_body` equal to `body`, no
exceptions will be thrown.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rack [recently](https://github.com/rack/rack/commit/7e7a3890449b5cf5b86929c79373506e5f1909fb)
moved the namespace of its `ParameterTypeError` and `InvalidParameterError`
errors. Whilst an alias for the old name was added, the logic in
`ActionDispatch::ExceptionWrapper` was still broken by this change, since it
relies on the class name.
This PR updates `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0
namespaced errors correctly. We no longer need to worry about the old names,
since Rails specifies Rack ~> 2.0.
|
| | |
| |
| |
| |
| | |
- Tests for dup'ing params was separately added in a separate file in
https://github.com/rails/rails/pull/25735.
|
| |\ \
| |/
|/| |
Stop changes to a dupped `ActionController::Parameters` mutating the original
|
| | |
| |
| |
| |
| |
| | |
`#initialize_copy` to manually duplicate the underlying parameters hash
It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following:
```
params = ActionController::Parameters.new(foo: "bar")
duplicated_params = params.dup
duplicated_params.delete(:foo)
params == duplicated_params
```
This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In response_test.rb, we haven't had a test to make sure that
1) these responses don't have a message-body as described in RFC7231[1]
2) 1xx and 204 responses must not have a Content-Length header field
as described in RFC7230-section3.3.2[2]
[1] https://tools.ietf.org/html/rfc7231
[2] https://tools.ietf.org/html/rfc7230#section-3.3.2
Even though our implementation doesn't allow users to send
a Content-Length header field in a 304 response, sending the
header field is valid as mentioned in RFC7230-section3.3.2[2].
So I've decided not to test whether or not a 304 response has
the header.
The citation from the section is as follows;
```
A server MAY send a Content-Length header field in a 304 (Not
Modified) response to a conditional GET request (Section 4.1 of
[RFC7232]); a server MUST NOT send Content-Length in such a response
unless its field-value equals the decimal number of octets that would
have been sent in the payload body of a 200 (OK) response to the same
request.
```
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Rails 4 these kind of routes used to work:
```ruby
scope '/*id', controller: :builds, as: :build do
get action: :show
end
```
But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for
paths specified as strings or symbols. Implicit `nil` paths are just ignored,
with no deprecation warnings or errors. Routes are simply not created. This come
as a surprise for people migrating to Rails 5, since the lack of logs or errors
makes hard to understand where the problem is.
This commit introduces a deprecation warning in case of path as `nil`, while
still allowing the route definition.
|
| |\
| |
| | |
Renamed NestedParametersTest to NestedParametersPermitTest
|
| | |
| |
| |
| | |
what we are actually testing in this file
|
| | | |
|
| |\ \
| | |
| | | |
Fix setting route's to in a scope
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes #25488
97d7dc4 introduced a regression that resulted in ArgumentError when to
was in options of the scope and not of particular route.
|
| |/ /
| |
| |
| | |
Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
|
| |\ \
| | |
| | | |
Modifies mime-registration test not to interfere with real mime types
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The tests introduced in
https://github.com/rails/rails/pull/23816/files#diff-384a5a15d8d53de799fb6541688ea5f9R153
register the JSON API media type `application/vnd.api+json` with
`Mime[:json]`. The JSON API media type should not be registered
with `Mime[:json]`, as discussed in #23712. Moreover,
since the actual mime type used in the test is
incidental, I've changed this to a valid, but fictional
`applcation/vnd.rails+json`.
These tests were causing failures in
https://github.com/rails/rails/pull/25050#issuecomment-221092934 where
`Mime[:jsonapi]` is being added, so that JSON API request params are parsed
with the JSONAPI gem.
|
| |\ \ \
| | | |
| | | | |
make `as` option work with get parameters
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, if path is a relative path, add format without the discrimination of the query.
Therefore, if there is a query, format at end of the query would been added,
format was not be specified correctly.
This fix add format to end of path rather than query.
|
| |/ / /
| | |
| | |
| | |
| | | |
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional
* Add a test when render_to_string called on ActionController::Base.new()
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Forgotten followup to #23669 :grimacing:
If you went to an internal route (e.g. `/rails/info/routes`), you would
previously see the following in your logger:
```bash
Processing by Rails::InfoController#routes as HTML
Parameters: {"internal"=>true}
Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application
Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (10.5ms)
Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (2.5ms)
Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (23.5ms)
Completed 200 OK in 50ms (Views: 35.1ms | ActiveRecord: 0.0ms)
```
Now, with this change, you would see:
```bash
Processing by Rails::InfoController#routes as HTML
Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application
Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (1.6ms)
Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (10.2ms)
Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (17.4ms)
Completed 200 OK in 44ms (Views: 28.0ms | ActiveRecord: 0.0ms)
```
|
| | | |
| | |
| | |
| | |
| | | |
Was worried the `as` might impede on users doing the long form
JSON response encoding; test for certainty.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since 69009f, `ActionController::Metal::DataStreaming#send_file` doesn't
set `@_response_body` anymore.
`AbstractController::Callbacks` used `@_response_body` in its callback
terminator, so it failed to halt the callback cycle when using `#send_file`
from a `before_action`.
Instead, it now uses `#performed?` on `AbstractController::Base` and
`ActionController::Metal`, which checks `response.committed?`, besides
checking if `@_response_body` is set, if possible.
Example application: https://gist.github.com/jeffkreeftmeijer/78ae4572f36b198e729724b0cf79ef8e
|
| |\ \ \
| | | |
| | | | |
fix typo [ci skip]
|
| | | | | |
|
