aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test
Commit message (Collapse)AuthorAgeFilesLines
* Trust `Object#dup` in `ActionController::Parameters`, using ↵Tim Rogers2016-07-081-1/+19
| | | | | | `#initialize_copy` to manually duplicate the underlying parameters hash It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
* Changes to a dupped `ActionController::Parameters` mutate the originalTim Rogers2016-07-071-0/+25
| | | | | | | | | | | | | | When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following: ``` params = ActionController::Parameters.new(foo: "bar") duplicated_params = params.dup duplicated_params.delete(:foo) params == duplicated_params ``` This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
* Deprecate usage of nil as route pathVolmer2016-07-051-0/+7
| | | | | | | | | | | | | | | | | | | In Rails 4 these kind of routes used to work: ```ruby scope '/*id', controller: :builds, as: :build do get action: :show end ``` But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for paths specified as strings or symbols. Implicit `nil` paths are just ignored, with no deprecation warnings or errors. Routes are simply not created. This come as a surprise for people migrating to Rails 5, since the lack of logs or errors makes hard to understand where the problem is. This commit introduces a deprecation warning in case of path as `nil`, while still allowing the route definition.
* Merge pull request #24177 from vipulnsward/rename-testRafael França2016-07-011-1/+1
|\ | | | | Renamed NestedParametersTest to NestedParametersPermitTest
| * - Renamed NestedParametersTest to NestedParametersPermitTest, to indicate ↵Vipul A M2016-03-131-1/+1
| | | | | | | | what we are actually testing in this file
* | Ensure logging on exceptions only includes what we expectMatthew Draper2016-07-021-0/+23
| |
* | Merge pull request #25544 from piotrj/pj-issue-25488Rafael França2016-06-281-0/+12
|\ \ | | | | | | Fix setting route's to in a scope
| * | Fix setting route's to in a scopePiotr Jakubowski2016-06-281-0/+12
| | | | | | | | | | | | | | | | | | Fixes #25488 97d7dc4 introduced a regression that resulted in ArgumentError when to was in options of the scope and not of particular route.
* | | Fix adding implicitly rendered template digests to ETagsJavan Makhmali2016-06-282-10/+36
|/ / | | | | | | Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
* | Merge pull request #25123 from bf4/remove_problematic_mime_testRafael França2016-06-271-3/+3
|\ \ | | | | | | Modifies mime-registration test not to interfere with real mime types
| * | Modifies mime-registration test not to interfere with real mime typesBenjamin Fleischer2016-05-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The tests introduced in https://github.com/rails/rails/pull/23816/files#diff-384a5a15d8d53de799fb6541688ea5f9R153 register the JSON API media type `application/vnd.api+json` with `Mime[:json]`. The JSON API media type should not be registered with `Mime[:json]`, as discussed in #23712. Moreover, since the actual mime type used in the test is incidental, I've changed this to a valid, but fictional `applcation/vnd.rails+json`. These tests were causing failures in https://github.com/rails/rails/pull/25050#issuecomment-221092934 where `Mime[:jsonapi]` is being added, so that JSON API request params are parsed with the JSONAPI gem.
* | | Merge pull request #25435 from y-yagi/make_as_option_work_with_get_parametersKasper Timm Hansen2016-06-251-0/+14
|\ \ \ | | | | | | | | make `as` option work with get parameters
| * | | make `as` option work with get parametersyuuji.yaginuma2016-06-251-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if path is a relative path, add format without the discrimination of the query. Therefore, if there is a query, format at end of the query would been added, format was not be specified correctly. This fix add format to end of path rather than query.
* | | | `params.permitted?` is false by defaultJon Moss2016-06-231-0/+6
|/ / / | | | | | | | | | | | | In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+."
* | | render_to_string Regression Outside of Real Requests in Rails 5.0.0.rc1 (#25308)Brandon Medenwald2016-06-091-0/+7
| | | | | | | | | | | | | | | | | | * Restore the functionality of PR#14129, but do so with not nil to better indicate the purpose of the conditional * Add a test when render_to_string called on ActionController::Base.new()
* | | existant => existentAbhishek Jain2016-06-091-2/+2
| | |
* | | Prevent `{ internal: true }` from being stored in the routerJon Moss2016-06-071-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Forgotten followup to #23669 :grimacing: If you went to an internal route (e.g. `/rails/info/routes`), you would previously see the following in your logger: ```bash Processing by Rails::InfoController#routes as HTML Parameters: {"internal"=>true} Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (10.5ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (2.5ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (23.5ms) Completed 200 OK in 50ms (Views: 35.1ms | ActiveRecord: 0.0ms) ``` Now, with this change, you would see: ```bash Processing by Rails::InfoController#routes as HTML Rendering /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application Rendered collection of /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_route.html.erb [2 times] (1.6ms) Rendered /Users/jon/code/rails/rails/actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb (10.2ms) Rendered /Users/jon/code/rails/rails/railties/lib/rails/templates/rails/info/routes.html.erb within layouts/application (17.4ms) Completed 200 OK in 44ms (Views: 28.0ms | ActiveRecord: 0.0ms) ```
* | | Add regression test to `as` option.Kasper Timm Hansen2016-06-071-0/+16
| | | | | | | | | | | | | | | Was worried the `as` might impede on users doing the long form JSON response encoding; test for certainty.
* | | Use `#performed?` to terminate controller callbacksJeff Kreeftmeijer2016-06-031-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 69009f, `ActionController::Metal::DataStreaming#send_file` doesn't set `@_response_body` anymore. `AbstractController::Callbacks` used `@_response_body` in its callback terminator, so it failed to halt the callback cycle when using `#send_file` from a `before_action`. Instead, it now uses `#performed?` on `AbstractController::Base` and `ActionController::Metal`, which checks `response.committed?`, besides checking if `@_response_body` is set, if possible. Example application: https://gist.github.com/jeffkreeftmeijer/78ae4572f36b198e729724b0cf79ef8e
* | | Merge pull request #25236 from rajatbansal93/fix-typoArun Agrawal2016-06-011-5/+5
|\ \ \ | | | | | | | | fix typo [ci skip]
| * | | fix typoRajat Bansal2016-06-011-5/+5
| | | |
* | | | Clean up the test request/response even after an exceptionMatthew Draper2016-06-011-0/+24
| | | |
* | | | More Action Pack `abstract_unit` cleanup (#25211)Jon Moss2016-05-314-28/+23
|/ / / | | | | | | | | | | | | - Remove dead classes / dead code - Move class definitions to where they are used, don't define in a shared space
* / / Move `Workshop` class definitionJon Moss2016-05-302-18/+18
|/ / | | | | | | | | We should define it only where we need it, not in the global abstract unit :grimacing:
* | Respect `log_warning_on_csrf_failure` setting for all CSRF failuresMatthew Caruana Galizia2016-05-231-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | CSRF verification for non-XHR GET requests (cross-origin `<script>` tags) didn't check this flag before logging failures. Setting `config.action_controller.log_warning_on_csrf_failure = false` now disables logging for these CSRF failures as well. Closes #25086. Signed-off-by: Jeremy Daer <jeremydaer@gmail.com>
* | Support for unified Integer class in Ruby 2.4+Jeremy Daer2016-05-183-4/+4
| | | | | | | | | | | | | | | | Ruby 2.4 unifies Fixnum and Bignum into Integer: https://bugs.ruby-lang.org/issues/12005 * Forward compat with new unified Integer class in Ruby 2.4+. * Backward compat with separate Fixnum/Bignum in Ruby 2.2 & 2.3. * Drops needless Fixnum distinction in docs, preferring Integer.
* | Action Mailer: Declarative exception handling with `rescue_from`.Jeremy Daer2016-05-151-30/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Follows the same pattern as controllers and jobs. Exceptions raised in delivery jobs (enqueued by `#deliver_later`) are also delegated to the mailer's rescue_from handlers, so you can handle the DeserializationError raised by delivery jobs: ```ruby class MyMailer < ApplicationMailer rescue_from ActiveJob::DeserializationError do … end ``` ActiveSupport::Rescuable polish: * Add the `rescue_with_handler` class method so exceptions may be handled at the class level without requiring an instance. * Rationalize `exception.cause` handling. If no handler matches the exception, fall back to the handler that matches its cause. * Handle exceptions raised elsewhere. Pass `object: …` to execute the `rescue_from` handler (e.g. a method call or a block to instance_exec) against a different object. Defaults to `self`.
* | Document and test ActionDispatch server_portTom Kadwill2016-05-121-0/+11
| |
* | Merge pull request #24982 from tomkadwill/improve_clarity_of_raw_host_with_portKasper Timm Hansen2016-05-111-0/+20
|\ \ | | | | | | Improve documentation and tests for raw_host_with_port and host_with_…
| * | Improve documentation and tests for raw_host_with_port and host_with_portTom Kadwill2016-05-111-0/+20
| | |
* | | Merge pull request #24912 from prathamesh-sonpatki/api-fix-response-formatSantiago Pastorino2016-05-111-32/+50
|\ \ \ | | | | | | | | API only apps: Preserve request format for HTML requests too
| * | | API only apps: Preserve request format for HTML requests tooPrathamesh Sonpatki2016-05-111-32/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Earlier we were responding with JSON format for HTML requests in a API app. - Now we will respond with HTML format for such requests in API apps. - Also earlier we were not testing the API app's JSON requests properly. We were actually sending HTML requests. Now we send correct JSON requests. Also added more test coverage. - Based on the discussion from this commit - https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614. [Prathamesh Sonpatki, Jorge Bejar]
* | | | Make flash messages cookie compatible with Rails 4Rafael Mendonça França2016-05-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In #18721 we removed the discard key from the session hash used to flash messages and that broke compatibility with Rails 4 applications because they try to map in the discarded flash messages and it returns nil. Fixes #24726.
* | | | Merge pull request #24896 from prathamesh-sonpatki/api-cleanupGuillermo Iguaran2016-05-061-7/+0
|\ \ \ \ | | | | | | | | | | BoomerAPI is not used anywhere, so removed it!
| * | | | BoomerAPI is not used anywhere, so removed it!Prathamesh Sonpatki2016-05-061-7/+0
| |/ / / | | | | | | | | | | | | | | | | - It was originally added in 83b4e9073f0852afc065 and partially removed in 05d89410bf97d0778e7.
* | | | Merge pull request #24029 from ↵Sean Griffin2016-05-063-2/+36
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | rthbound/dont-call-each-when-calling-body-on-response Dont call each when calling body on response to fix #23964 Fixes #23964
| * | | Fixes #23964Ryan T. Hosford2016-03-133-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Adds #each_chunk to ActionDispatch::Response. it's a method which will be called by ActionDispatch::Response#each. - Make Response#each a proper method instead of delegating to @stream - In Live, instead of overriding #each, override #each_chunk. - `#each` should just spit out @str_body if it's already set - Adds #test_set_header_after_read_body_during_action to prove this fixes #23964 - Adds #test_each_isnt_called_if_str_body_is_written to ensure #each_chunk is not called when @str_body is available - Call `@response.sent!` in AC::TestCase's #perform so a test response acts a bit more like a real response. Makes test that call `#assert_stream_closed` pass again. - Additionally assert `#committed?` in `#assert_stream_closed` - Make test that was calling @response.stream.each pass again by calling @response.each instead.
* | | | Implement helpers proxy in controller instance levelRafael Mendonça França2016-05-051-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is a common pattern in the Rails community that when people want to :xa use any kind of helper that is defined inside app/helpers they includes the helper module inside the controller like: module UserHelper def my_user_helper # ... end end class UsersController < ApplicationController include UserHelper def index render inline: my_user_helper end end This has problem because the helper can't access anything that is defined in the view level context class. Also all public methods of the helper become available in the controller what can lead to undesirable methods being routed and behaving as actions. Also if you helper depends on other helpers or even Action View helpers you need to include each one of these dependencies in your controller otherwise your helper is not going to work. We already have a helpers proxy at controller class level but that proxy doesn't have access to the instance variables defined in the controller. With this new instance level helper proxy users can reuse helpers in the controller without having to include the modules and with access to instance variables defined in the controller. class UsersController < ApplicationController def index render inline: helpers.my_user_helper end end
* | | | Ensure compatibility between ActionDispatch::Request::Session and RackJon Moss2016-05-041-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding the `each` method is required for ensuring compatibility between Rails, and other Rack frameworks (like Sinatra, etc.), that are mounted within Rails, and wish to use its session tooling. Prior to this, there was an inconsistency between ActionDispatch::Request::Session and Rack::Session::Cookie, due to the absence of the `each` method. This should hopefully fix that error. :) For a full integration test with Sinatra and a standalone Rack application, you can check out the gist for that here: https://gist.github.com/maclover7/08cd95b0bfe259465314311941326470. Solves #15843.
* | | | Remove last uses of `@env[]` and `@env[]=`Jon Moss2016-04-281-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Last August (2015), @tenderlove worked to remove all `@env[]` and `@env[]=`, in favor of using `set_header`, `get_header`, etc. (Here's an [example commit](https://github.com/rails/rails/commit/f16a33b68efc3dc57cfafa27651b9a765e363fbf)). This PR should remove the last uses of these methods, and fully convert them to the newly standardized API.
* | | | Add more info to insecure URL generation errorDerek Prior2016-04-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
* | | | Merge pull request #24641 from rafaelfranca/fix-per-form-token-with-full-urlJeremy Daer2016-04-251-0/+13
|\ \ \ \ | | | | | | | | | | | | | | | Discart the schema and host information when building the per-form token
| * | | | Discart the schema and host information when building the per-form tokenRafael Mendonça França2016-04-201-0/+13
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the token is generated by the form we were using the schema and host information while only using the path to compare if the action was the same. This was causing the token to be invalid. To fix this we use the same information to generate the token and check it. Fix #24257
* | | | Merge pull request #23103 from rails/refactor-handling-of-action-defaultJeremy Daer2016-04-243-14/+54
|\ \ \ \ | | | | | | | | | | | | | | | Refactor handling of :action default in routing
| * | | | Refactor handling of :action default in routingAndrew White2016-02-163-14/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The longstanding convention in Rails is that if the :action parameter is missing or nil then it defaults to 'index'. Up until Rails 5.0.0.beta1 this was handled slightly differently than other routing defaults by deleting it from the route options and adding it to the recall parameters. With the recent focus of removing unnecessary duplications this has exposed a problem in this strategy - we are now mutating the request's path parameters and causing problems for later url generation. This will typically affect url_for rather a named url helper since the latter explicitly pass :controller, :action, etc. The fix is to add a default for :action in the route class if the path contains an :action segment and no default is passed. This change also revealed an issue with the parameterized part expiry in that it doesn't follow a right to left order - as soon as a dynamic segment is required then all other segments become required. Fixes #23019.
* | | | | Deprecate `request_via_redirect` method.Prathamesh Sonpatki2016-04-241-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Followup of https://github.com/rails/rails/issues/18693. - I think we missed deprecating `request_via_redirect` in that pull request. - Originally requested by DHH here https://github.com/rails/rails/issues/18333.
* | | | | Fix ApplicationController.renderer.defaults.merge!Jon Moss2016-04-201-0/+8
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | Previously, users were trying to modify a frozen Hash. Includes a regression test :) Fixes #22975
* | | | Merge pull request #24031 from ↵Jeremy Daer2016-04-191-0/+13
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | samphilipd/sam/do_not_clobber_options_in_route_definitions Do not destructively mutate passed options hash in route definitions
| * | | | Do not destructively mutate passed options hash in route definitionsSam Davies2016-03-031-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixes #24030 An example scope might be specified as such: ```ruby HTML = { constraints: { format: :html } }.freeze scope HTML do get 'x' end ``` This currently raises an error because the mapper attempts to destructively modify the passed options hash. This is dangerous because this options hash might even be shared with other scopes. We should instead always instantiate a new object instead of modifying the passed options.
* | | | | Properly verify that cache accepts and user `expires` value.Vipul A M2016-04-172-2/+5
| | | | |