aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
Commit message (Collapse)AuthorAgeFilesLines
...
* | Set `always_permitted_parameters`.Kasper Timm Hansen2016-08-021-0/+9
| | | | | | | | | | | | | | The tests were written with the common false value seen in Rails apps, show that intent in the code. Should also fix the build on 5-0-stable.
* | Move the YAML hook closer to `init_with`.Kasper Timm Hansen2016-08-021-8/+9
| | | | | | | | | | Looked odd, so completely detached from the other necessary part of the implementation.
* | Replace implicit formats with a case statement.Kasper Timm Hansen2016-08-021-7/+8
| | | | | | | | | | | | The coder that Psych passes in has a `tag` method we can use to detect which serialization format we're reviving for. Use it and make it clearer alongside the `load_tags` fiddling.
* | Let Psych 2.0.9+ deserialize 2.0.8 serialized parameters.Kasper Timm Hansen2016-08-022-4/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we were to serialize an `ActionController::Parameters` on Psych 2.0.8, we'd get: ```yaml --- !ruby/hash:ActionController::Parameters key: :value ``` Because 2.0.8 didn't store instance variables, while 2.0.9 did: https://github.com/tenderlove/psych/commit/8f84ad0fc711a82a1040def861cb121e8985fd4c That, coupled with 2.0.8 calling `new` instead of `allocate` meant parameters was deserialized just fine: https://github.com/tenderlove/psych/commit/af308f8307899cb9e1c0fffea4bce3110a1c3926 However, if users have 2.0.8 serialized parameters, then upgrade to Psych 2.0.9+ and Rails 5, it would start to blow up because `initialize` will never be called, and thus `@parameters` will never be assigned. Hello, `NoMethodErrors` on `NilClass`! :) To fix this we register another variant of the previous serialization format and take it into account in `init_with`. I've tested this in our app and previously raising code now deserializes like a champ. I'm unsure how to test this in our suite because we use Psych 2.0.8 and don't know how to make us use 2.0.9+ for just one test.
* | Make Parameters support legacy YAML encodings.Kasper Timm Hansen2016-08-012-0/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By changing ActionController::Parameter's superclass, Rails 5 also changed the YAML serialization format. Since YAML doesn't know how to handle parameters it would fallback to its routine for the superclass, which in Rails 4.2 was Hash while just Object in Rails 5. As evident in the tags YAML would spit out: 4.2: !ruby/hash-with-ivars:ActionController::Parameters 5.0: !ruby/object:ActionController::Parameters Thus when loading parameters YAML from 4.2 in Rails 5, it would parse a hash dump as it would an Object class. To fix this we have to provide our own `init_with` to be aware of the past format as well as the new one. Then we add a `load_tags` mapping, such that when the YAML parser sees `!ruby/hash-with-ivars:ActionController::Parameters`, it knows to call our `init_with` function and not try to instantiate it as a normal hash subclass.
* | Merge pull request #25965 from nicksieger/ac_test_case_reset_rack_inputGuillermo Iguaran2016-07-283-0/+23
|\ \ | | | | | | Reset rack.input when the environment is scrubbed for the next request
| * | Test that ActionDispatch::IntegrationTest does not leak parametersNick Sieger2016-07-281-0/+14
| | |
| * | Reset rack.input when the environment is scrubbed for the next requestNick Sieger2016-07-272-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, posted parameters would leak across requests. The included test case failed like so: 1) Failure: TestCaseTest#test_multiple_mixed_method_process_should_scrub_rack_input: --- expected +++ actual @@ -1 +1 @@ -{"bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} +{"foo"=>"an foo", "bar"=>"an bar", "controller"=>"test_case_test/test", "action"=>"test_params"} An argument could be made that this situation isn't encountered often and that one should limit the number of requests per test case, but I still think the parameter leaking is an unexpected side-effect.
* | | Merge pull request #25913 from chrisarcand/fix-keyed-defaults-with-rootRafael Mendonça França2016-07-273-1/+33
|\ \ \ | |/ / |/| | | | | Fix keyed defaults with root
| * | Update changelogChris Arcand2016-07-261-0/+7
| | |
| * | Fix 'defaults' option for root routeChris Arcand2016-07-212-1/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | The merging of the 'defaults' option was moved up the stack in e852daa This allows us to see where these options originate from the standard HttpHelpers (get, post, patch, put, delete) Unfortunately this move didn't incorporate the 'root' method, which has always allowed the same 'defaults' option before.
* | | There are some cases where @@app is not definedSantiago Pastorino2016-07-262-20/+5
| | |
* | | Be more explicit with the expected resultSantiago Pastorino2016-07-261-1/+1
| | |
* | | Return ActionDispatch.test_app when no app is set on IntegrationTest.app methodSantiago Pastorino2016-07-262-1/+20
| | | | | | | | | | | | Fixes #25926
* | | Also yield in parameters for a nil content_mime_typeJulian Nadeau2016-07-251-1/+1
| | |
* | | Fix incorrect indentation in method comment [ci skip]Junya Ogura2016-07-211-3/+3
| | |
* | | Bring back support for callable cache_key on collection renderingIgnatius Reza2016-07-211-1/+11
|/ /
* | Sort the mime types before comparingRafael Mendonça França2016-07-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | For those tests that use start we don't need to assert the actual order of mime types that are returned. This happen because this order is more about the order the mime type was registered than the order that it is expected to it resolve. We need to sort because we remove the json mime type in json_params_parsing_test and add it to the end of the mime types set so if that file runs before those tests we will have a failing test. [Rafael Mendonça França + Lucas Hosseini]
* | Make sure the tests setup are made correctlyRafael Mendonça França2016-07-171-9/+9
| |
* | Fix failing requirement of duplicable in ParameterFilterVipul A M2016-07-161-0/+2
|/
* CHANGELOG for https://github.com/rails/rails/pull/25257 [ci skip]Prathamesh Sonpatki2016-07-171-1/+1
| | | | - Also minor weekly CHANGELOG cleanup.
* Merge pull request #25775 from ↵Eileen M. Uchitelle2016-07-161-1/+0
|\ | | | | | | | | junaruga/hotfix/actionpack-depending-on-activerecord Remove unused activerecord requirement in actionpack.
| * Remove unused activerecord requirement in actionpack.Jun Aruga2016-07-111-1/+0
| |
* | Check `request.path_parameters` encoding at the point they're setGrey Baker2016-07-146-29/+35
| | | | | | | | | | | | | | | | Check for any non-UTF8 characters in path parameters at the point they're set in `env`. Previously they were checked for when used to get a controller class, but this meant routes that went directly to a Rack app, or skipped controller instantiation for some other reason, had to defend against non-UTF8 characters themselves.
* | Merge pull request #25798 from ↵Matthew Draper2016-07-143-3/+21
|\ \ | | | | | | | | | | | | greysteil/dont-raise-unknown-http-method-low-in-stack Don't raise ActionController::UnknownHttpMethod from ActionDispatch::Static
| * | Don't raise ActionController::UnknownHttpMethod from ActionDispatch::StaticGrey Baker2016-07-133-3/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `ActionDispatch::Static` middleware is used low down in the stack to serve static assets before doing much processing. Since it's called from so low in the stack, we don't have access to the request ID at this point, and generally won't have any exception handling defined (by default `ShowExceptions` is added to the stack quite a bit higher and relies on logging and request ID). Before https://github.com/rails/rails/commit/8f27d6036a2ddc3cb7a7ad98afa2666ec163c2c3 this middleware would ignore unknown HTTP methods, and an exception about these would be raised higher in the stack. After that commit, however, that exception will be raised here. If we want to keep `ActionDispatch::Static` so low in the stack (I think we do) we should suppress the `ActionController::UnknownHttpMethod` exception here, and instead let it be raised higher up the stack, once we've had a chance to define exception handling behaviour. This PR updates `ActionDispatch::Static` so it passes `Rack::Request` objects to `ActionDispatch::FileHandler`, which won't raise an `ActionController::UnknownHttpMethod` error. If an unknown method is passed, it should exception higher in the stack instead, once we've had a chance to define exception handling behaviour.`
* | | Merge pull request #25817 from ↵Rafael França2016-07-133-11/+46
|\ \ \ | | | | | | | | | | | | | | | | javan/fix-namespaced-implicit-render-etag-template-digest Fix adding implicitly rendered namespaced template digests to ETags
| * | | Fix adding implicitly rendered namespaced template digests to ETagsJavan Makhmali2016-07-133-11/+46
| |/ /
* | | Merge pull request #25771 from kaspth/make-test-response-assign-response-parserKasper Timm Hansen2016-07-134-57/+72
|\ \ \ | |/ / |/| | Let TestResponse assign a parser.
| * | Let TestResponse assign a parser.Kasper Timm Hansen2016-07-104-57/+72
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Previously we'd only assign a response parser when a request came through Action Dispatch integration tests. This made calls to `parsed_body` when a TestResponse was manually instantiated — though own doing or perhaps from a framework — unintentionally blow up because no parser was set at that time. The response can lookup a parser entirely through its own ivars. Extract request encoder to its own file and assume that a viable content type is present at TestResponse instantiation. Since the default response parser is a no-op, making `parsed_body` equal to `body`, no exceptions will be thrown.
* | Handle `Rack::QueryParser` errors in `ActionDispatch::ExceptionWrapper`Grey Baker2016-07-123-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | Rack [recently](https://github.com/rack/rack/commit/7e7a3890449b5cf5b86929c79373506e5f1909fb) moved the namespace of its `ParameterTypeError` and `InvalidParameterError` errors. Whilst an alias for the old name was added, the logic in `ActionDispatch::ExceptionWrapper` was still broken by this change, since it relies on the class name. This PR updates `ActionDispatch::ExceptionWrapper` to handle the Rack 2.0 namespaced errors correctly. We no longer need to worry about the old names, since Rails specifies Rack ~> 2.0.
* | Remove duplicate test and fix a typo in the testPrathamesh Sonpatki2016-07-122-6/+1
| | | | | | | | | | - Tests for dup'ing params was separately added in a separate file in https://github.com/rails/rails/pull/25735.
* | Merge pull request #25735 from timrogers/actioncontroller-parameters-dupMatthew Draper2016-07-122-14/+48
|\ \ | |/ |/| Stop changes to a dupped `ActionController::Parameters` mutating the original
| * Trust `Object#dup` in `ActionController::Parameters`, using ↵Tim Rogers2016-07-082-16/+20
| | | | | | | | | | | | `#initialize_copy` to manually duplicate the underlying parameters hash It looks like `ActionController::Parameters#dup` is leftover from when the class inherited from `Hash`. We can just trust `#dup`, which already copies the `@permitted` instance variable (confirmed by tests). We still define a `#initialize_copy` to make `@parameters` a copy that can be mutated without affecting the original instance.
| * Changes to a dupped `ActionController::Parameters` mutate the originalTim Rogers2016-07-072-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When `ActionController::Parameters` is duplicated with `#dup`, it doesn't create a duplicate of the instance variables (e.g. `@parameters`) but rather maintains the reference (see <http://ruby-doc.org/core-2.3.1/Object.html>). Given that the parameters object is often manipulated as if it were a hash (e.g. with `#delete` and similar methods), this leads to unexpected behaviour, like the following: ``` params = ActionController::Parameters.new(foo: "bar") duplicated_params = params.dup duplicated_params.delete(:foo) params == duplicated_params ``` This fixes the bug by defining a private `#initialize_copy` method, used internally by `#dup`, which makes a copy of `@parameters`.
* | Add tests for 1xx, 204 and 304 responses to response_test.rbMasaru Nomura2016-07-091-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In response_test.rb, we haven't had a test to make sure that 1) these responses don't have a message-body as described in RFC7231[1] 2) 1xx and 204 responses must not have a Content-Length header field as described in RFC7230-section3.3.2[2] [1] https://tools.ietf.org/html/rfc7231 [2] https://tools.ietf.org/html/rfc7230#section-3.3.2 Even though our implementation doesn't allow users to send a Content-Length header field in a 304 response, sending the header field is valid as mentioned in RFC7230-section3.3.2[2]. So I've decided not to test whether or not a 304 response has the header. The citation from the section is as follows; ``` A server MAY send a Content-Length header field in a 304 (Not Modified) response to a conditional GET request (Section 4.1 of [RFC7232]); a server MUST NOT send Content-Length in such a response unless its field-value equals the decimal number of octets that would have been sent in the payload body of a 200 (OK) response to the same request. ```
* | Add a test case for verifying `cookie_only` is set even if user tries to set ↵Prathamesh Sonpatki2016-07-071-1/+1
| | | | | | | | it false
* | [ci skip] Correct defaults in documentation for ActionDispatch::SSLTim Rogers2016-07-061-4/+5
|/ | | | `config.ssl_options` permits configuring various options for the middleware. Default options for HSTS (specified with the `:hsts` key in the options hash) are specified in `.default_hsts_options`. The documentation did not make clear these defaults, and in one case was wrong.
* Deprecate usage of nil as route pathVolmer2016-07-052-0/+13
| | | | | | | | | | | | | | | | | | | In Rails 4 these kind of routes used to work: ```ruby scope '/*id', controller: :builds, as: :build do get action: :show end ``` But since 1a830cbd830c7f80936dff7e3c8b26f60dcc371d, routes are only created for paths specified as strings or symbols. Implicit `nil` paths are just ignored, with no deprecation warnings or errors. Routes are simply not created. This come as a surprise for people migrating to Rails 5, since the lack of logs or errors makes hard to understand where the problem is. This commit introduces a deprecation warning in case of path as `nil`, while still allowing the route definition.
* Merge pull request #24177 from vipulnsward/rename-testRafael França2016-07-011-1/+1
|\ | | | | Renamed NestedParametersTest to NestedParametersPermitTest
| * - Renamed NestedParametersTest to NestedParametersPermitTest, to indicate ↵Vipul A M2016-03-131-1/+1
| | | | | | | | what we are actually testing in this file
* | Fix conditional order broken in ea40ec56.Kasper Timm Hansen2016-07-021-2/+2
| |
* | Merge pull request #25344 from matthewd/debug-locksMatthew Draper2016-07-022-0/+123
|\ \ | | | | | | ActionDispatch::DebugLocks
| * | Provide a middleware to debug misbehaving locksMatthew Draper2016-06-102-0/+123
| | | | | | | | | | | | | | | Only intended to be enabled when in use; by necessity, it sits above any reasonable access control.
* | | Ensure logging on exceptions only includes what we expectMatthew Draper2016-07-021-0/+23
| | |
* | | Silence DebugExceptions template render logs during exceptionsGenadi Samokovarov2016-07-021-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an exception is raised, those Action View rendering logs are just noise for the end developer. I recently silenced those from Web Console, as we do use Action View rendering in it as well. It used created a half a screen of rendering logs. I think we can save those in this recent push for cleaner development logs. Now, the silencing is a bit hacky and we have a bunch of it now, so we can also invest in turning off the logs directly from Action View objects instead of silencing off the logging stream.
* | | Make mutation stand out some more.Kasper Timm Hansen2016-07-011-2/+5
| | | | | | | | | | | | | | | | | | Felt that += overwriting the path variable was a little too hidden. Make the outcomes easier to spot with an if-else branch.
* | | Fix request encoding in tests when string literals are frozenVolmer2016-07-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running tests with `--enable-frozen-string-literal` or `# frozen_string_literal: true`, it's currently attempted to mutate the path string in order to append the format, causing a `RuntimeError`. ```ruby get '/posts', as: :json ``` ``` RuntimeError: can't modify frozen String ``` This commit fixes the problem by replacing the mutation with a concatenation, returning a new string.
* | | Merge pull request #25582 from alexcameron89/action_controller_baseप्रथमेश Sonpatki2016-07-011-4/+4
|\ \ \ | | | | | | | | [ci skip] Add 'params' formatting in ActionController::Base
| * | | [ci skip] Add 'params' formatting in ActionController::BaseAlex Kitchens2016-06-301-4/+4
| | | |