From e00867bc437b6a681491ef59e13423051e6d98f0 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Sun, 6 Mar 2011 07:08:50 +0000 Subject: Raise ArgumentError if route name is invalid [#6517 state:resolved] --- actionpack/test/dispatch/routing_test.rb | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'actionpack/test/dispatch') diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 1a96587836..5e5758a60e 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -2313,6 +2313,38 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest end end + def test_invalid_route_name_raises_error + assert_raise(ArgumentError) do + self.class.stub_controllers do |routes| + routes.draw { get '/products', :to => 'products#index', :as => 'products ' } + end + end + + assert_raise(ArgumentError) do + self.class.stub_controllers do |routes| + routes.draw { get '/products', :to => 'products#index', :as => ' products' } + end + end + + assert_raise(ArgumentError) do + self.class.stub_controllers do |routes| + routes.draw { get '/products', :to => 'products#index', :as => 'products!' } + end + end + + assert_raise(ArgumentError) do + self.class.stub_controllers do |routes| + routes.draw { get '/products', :to => 'products#index', :as => 'products index' } + end + end + + assert_raise(ArgumentError) do + self.class.stub_controllers do |routes| + routes.draw { get '/products', :to => 'products#index', :as => '1products' } + end + end + end + def test_nested_route_in_nested_resource get "/posts/1/comments/2/views" assert_equal "comments#views", @response.body -- cgit v1.2.3 From 31f09f9dbc1b8e598fc82d86b622167bfc01d18a Mon Sep 17 00:00:00 2001 From: Andrew White Date: Sun, 6 Mar 2011 12:49:44 +0000 Subject: Improve testing of cookies in functional tests: - cookies can be set using string or symbol keys - cookies are preserved across calls to get, post, etc. - cookie names and values are escaped - cookies can be cleared using @request.cookies.clear [#6272 state:resolved] --- actionpack/test/dispatch/cookies_test.rb | 65 +++++++++++++++++++++++++++ actionpack/test/dispatch/test_request_test.rb | 4 +- 2 files changed, 67 insertions(+), 2 deletions(-) (limited to 'actionpack/test/dispatch') diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index 1cfea6aa12..39159fd629 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -124,6 +124,20 @@ class CookiesTest < ActionController::TestCase cookies['user_name'] = "david" head :ok end + + def symbol_key_mock + cookies[:user_name] = "david" if cookies[:user_name] == "andrew" + head :ok + end + + def string_key_mock + cookies['user_name'] = "david" if cookies['user_name'] == "andrew" + head :ok + end + + def noop + head :ok + end end tests TestController @@ -411,6 +425,57 @@ class CookiesTest < ActionController::TestCase end end + def test_setting_request_cookies_is_indifferent_access + @request.cookies.clear + @request.cookies[:user_name] = "andrew" + get :string_key_mock + assert_equal "david", cookies[:user_name] + + @request.cookies.clear + @request.cookies['user_name'] = "andrew" + get :symbol_key_mock + assert_equal "david", cookies['user_name'] + end + + def test_cookies_retained_across_requests + get :symbol_key + assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"] + assert_equal "david", cookies[:user_name] + + get :noop + assert_nil @response.headers["Set-Cookie"] + assert_equal "user_name=david", @request.env['HTTP_COOKIE'] + assert_equal "david", cookies[:user_name] + + get :noop + assert_nil @response.headers["Set-Cookie"] + assert_equal "user_name=david", @request.env['HTTP_COOKIE'] + assert_equal "david", cookies[:user_name] + end + + def test_cookies_can_be_cleared + get :symbol_key + assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"] + assert_equal "david", cookies[:user_name] + + @request.cookies.clear + get :noop + assert_nil @response.headers["Set-Cookie"] + assert_nil @request.env['HTTP_COOKIE'] + assert_nil cookies[:user_name] + + get :symbol_key + assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"] + assert_equal "david", cookies[:user_name] + end + + def test_cookies_are_escaped + @request.cookies[:user_ids] = '1;2' + get :noop + assert_equal "user_ids=1%3B2", @request.env['HTTP_COOKIE'] + assert_equal "1;2", cookies[:user_ids] + end + private def assert_cookie_header(expected) header = @response.headers["Set-Cookie"] diff --git a/actionpack/test/dispatch/test_request_test.rb b/actionpack/test/dispatch/test_request_test.rb index e42ade73d1..81a8c24525 100644 --- a/actionpack/test/dispatch/test_request_test.rb +++ b/actionpack/test/dispatch/test_request_test.rb @@ -36,10 +36,10 @@ class TestRequestTest < ActiveSupport::TestCase req.cookies["user_name"] = "david" assert_equal({"user_name" => "david"}, req.cookies) - assert_equal "user_name=david;", req.env["HTTP_COOKIE"] + assert_equal "user_name=david", req.env["HTTP_COOKIE"] req.cookies["login"] = "XJ-122" assert_equal({"user_name" => "david", "login" => "XJ-122"}, req.cookies) - assert_equal %w(login=XJ-122 user_name=david), req.env["HTTP_COOKIE"].split(/; ?/).sort + assert_equal %w(login=XJ-122 user_name=david), req.env["HTTP_COOKIE"].split(/; /).sort end end -- cgit v1.2.3 From 68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist & Xavier Noria Date: Sat, 1 Jan 2011 23:51:05 +0700 Subject: Filter sensitive query string parameters in the log [#6244 state:committed] This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria --- actionpack/test/dispatch/request_test.rb | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'actionpack/test/dispatch') diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb index dd5bf5ec2d..f03ae7f2b3 100644 --- a/actionpack/test/dispatch/request_test.rb +++ b/actionpack/test/dispatch/request_test.rb @@ -518,6 +518,44 @@ class RequestTest < ActiveSupport::TestCase assert_equal "1", request.params["step"] end + test "filtered_path returns path with filtered query string" do + %w(; &).each do |sep| + request = stub_request('QUERY_STRING' => %w(username=sikachu secret=bd4f21f api_key=b1bc3b3cd352f68d79d7).join(sep), + 'PATH_INFO' => '/authenticate', + 'action_dispatch.parameter_filter' => [:secret, :api_key]) + + path = request.filtered_path + assert_equal %w(/authenticate?username=sikachu secret=[FILTERED] api_key=[FILTERED]).join(sep), path + end + end + + test "filtered_path should not unescape a genuine '[FILTERED]' value" do + request = stub_request('QUERY_STRING' => "secret=bd4f21f&genuine=%5BFILTERED%5D", + 'PATH_INFO' => '/authenticate', + 'action_dispatch.parameter_filter' => [:secret]) + + path = request.filtered_path + assert_equal "/authenticate?secret=[FILTERED]&genuine=%5BFILTERED%5D", path + end + + test "filtered_path should preserve duplication of keys in query string" do + request = stub_request('QUERY_STRING' => "username=sikachu&secret=bd4f21f&username=fxn", + 'PATH_INFO' => '/authenticate', + 'action_dispatch.parameter_filter' => [:secret]) + + path = request.filtered_path + assert_equal "/authenticate?username=sikachu&secret=[FILTERED]&username=fxn", path + end + + test "filtered_path should ignore searchparts" do + request = stub_request('QUERY_STRING' => "secret", + 'PATH_INFO' => '/authenticate', + 'action_dispatch.parameter_filter' => [:secret]) + + path = request.filtered_path + assert_equal "/authenticate?secret", path + end + protected def stub_request(env = {}) -- cgit v1.2.3