From 82dc8266dddc199789f3f1e9a9f21975e1c8ee87 Mon Sep 17 00:00:00 2001 From: Tom Prats Date: Sun, 12 Jul 2015 02:01:30 -0400 Subject: Update session to have indifferent access --- actionpack/test/dispatch/request/session_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/request/session_test.rb b/actionpack/test/dispatch/request/session_test.rb index 7dcbcc5c21..3fc4ffd71c 100644 --- a/actionpack/test/dispatch/request/session_test.rb +++ b/actionpack/test/dispatch/request/session_test.rb @@ -105,6 +105,16 @@ module ActionDispatch end end + def test_with_indifferent_access + s = Session.create(store, req, {}) + + s[:one] = { test: "deep" } + s[:two] = { "test" => "deep" } + + assert_equal 'deep', s[:one]["test"] + assert_equal 'deep', s[:two][:test] + end + private def store Class.new { -- cgit v1.2.3 From 45a75a3fcc96b22954caf69be2df4e302b134d7a Mon Sep 17 00:00:00 2001 From: Tom Prats Date: Sat, 30 Jan 2016 19:30:32 -0500 Subject: Update Session to utilize indiffernt access --- actionpack/test/dispatch/request/session_test.rb | 2 +- .../test/dispatch/session/abstract_store_test.rb | 16 ++++++++++ .../test/dispatch/session/cache_store_test.rb | 29 ++++++++++++++++++ .../test/dispatch/session/cookie_store_test.rb | 34 ++++++++++++++++++++++ .../test/dispatch/session/mem_cache_store_test.rb | 31 ++++++++++++++++++++ .../test/dispatch/session/test_session_test.rb | 7 +++++ 6 files changed, 118 insertions(+), 1 deletion(-) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/request/session_test.rb b/actionpack/test/dispatch/request/session_test.rb index 3fc4ffd71c..3433d82791 100644 --- a/actionpack/test/dispatch/request/session_test.rb +++ b/actionpack/test/dispatch/request/session_test.rb @@ -105,7 +105,7 @@ module ActionDispatch end end - def test_with_indifferent_access + def test_indifferent_access s = Session.create(store, req, {}) s[:one] = { test: "deep" } diff --git a/actionpack/test/dispatch/session/abstract_store_test.rb b/actionpack/test/dispatch/session/abstract_store_test.rb index d38d1bbce6..c9ce5cad42 100644 --- a/actionpack/test/dispatch/session/abstract_store_test.rb +++ b/actionpack/test/dispatch/session/abstract_store_test.rb @@ -46,6 +46,22 @@ module ActionDispatch assert_equal session.to_hash, session1.to_hash end + def test_previous_session_has_indifferent_access + env = {} + as = MemoryStore.new app + as.call(env) + + assert @env + session = Request::Session.find ActionDispatch::Request.new @env + session[:foo] = { bar: "baz" } + + as.call(@env) + session = Request::Session.find ActionDispatch::Request.new @env + + assert_equal session[:foo][:bar], "baz" + assert_equal session[:foo]["bar"], "baz" + end + private def app(&block) @env = nil diff --git a/actionpack/test/dispatch/session/cache_store_test.rb b/actionpack/test/dispatch/session/cache_store_test.rb index dbb996973d..b911392cf1 100644 --- a/actionpack/test/dispatch/session/cache_store_test.rb +++ b/actionpack/test/dispatch/session/cache_store_test.rb @@ -12,6 +12,11 @@ class CacheStoreTest < ActionDispatch::IntegrationTest head :ok end + def set_deep_session_value + session[:foo] = { bar: "baz" } + head :ok + end + def set_serialized_session_value session[:foo] = SessionAutoloadTest::Foo.new head :ok @@ -21,6 +26,14 @@ class CacheStoreTest < ActionDispatch::IntegrationTest render plain: "foo: #{session[:foo].inspect}" end + def get_deep_session_value_with_symbol + render plain: "foo: { bar: #{session[:foo][:bar].inspect} }" + end + + def get_deep_session_value_with_string + render plain: "foo: { \"bar\" => #{session[:foo]["bar"].inspect} }" + end + def get_session_id render plain: "#{request.session.id}" end @@ -160,6 +173,22 @@ class CacheStoreTest < ActionDispatch::IntegrationTest end end + def test_previous_session_has_indifferent_access + with_test_route_set do + get '/set_deep_session_value' + assert_response :success + assert cookies['_session_id'] + + get '/get_deep_session_value_with_symbol' + assert_response :success + assert_equal 'foo: { bar: "baz" }', response.body + + get '/get_deep_session_value_with_string' + assert_response :success + assert_equal 'foo: { "bar" => "baz" }', response.body + end + end + private def with_test_route_set with_routing do |set| diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index f07e215e3a..71402b021a 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -24,10 +24,23 @@ class CookieStoreTest < ActionDispatch::IntegrationTest render plain: Rack::Utils.escape(Verifier.generate(session.to_hash)) end + def set_deep_session_value + session[:foo] = { bar: "baz" } + render plain: Rack::Utils.escape(Verifier.generate(session.to_hash)) + end + def get_session_value render plain: "foo: #{session[:foo].inspect}" end + def get_deep_session_value_with_symbol + render plain: "foo: { bar: #{session[:foo][:bar].inspect} }" + end + + def get_deep_session_value_with_string + render plain: "foo: { \"bar\" => #{session[:foo]["bar"].inspect} }" + end + def get_session_id render plain: "id: #{request.session.id}" end @@ -81,6 +94,15 @@ class CookieStoreTest < ActionDispatch::IntegrationTest end end + def test_session_indifferent_access + with_test_route_set do + cookies[SessionKey] = SignedBar + get '/get_session_value' + assert_response :success + assert_equal 'foo: "bar"', response.body + end + end + def test_getting_session_id with_test_route_set do cookies[SessionKey] = SignedBar @@ -332,6 +354,18 @@ class CookieStoreTest < ActionDispatch::IntegrationTest end end + def test_previous_session_has_indifferent_access + with_test_route_set do + get '/set_deep_session_value' + + get '/get_deep_session_value_with_symbol' + assert_equal 'foo: { bar: "baz" }', response.body + + get '/get_deep_session_value_with_string' + assert_equal 'foo: { "bar" => "baz" }', response.body + end + end + private # Overwrite get to send SessionSecret in env hash diff --git a/actionpack/test/dispatch/session/mem_cache_store_test.rb b/actionpack/test/dispatch/session/mem_cache_store_test.rb index 3fed9bad4f..2e6b42856f 100644 --- a/actionpack/test/dispatch/session/mem_cache_store_test.rb +++ b/actionpack/test/dispatch/session/mem_cache_store_test.rb @@ -13,6 +13,11 @@ class MemCacheStoreTest < ActionDispatch::IntegrationTest head :ok end + def set_deep_session_value + session[:foo] = { bar: "baz" } + head :ok + end + def set_serialized_session_value session[:foo] = SessionAutoloadTest::Foo.new head :ok @@ -22,6 +27,14 @@ class MemCacheStoreTest < ActionDispatch::IntegrationTest render plain: "foo: #{session[:foo].inspect}" end + def get_deep_session_value_with_symbol + render plain: "foo: { bar: #{session[:foo][:bar].inspect} }" + end + + def get_deep_session_value_with_string + render plain: "foo: { \"bar\" => #{session[:foo]["bar"].inspect} }" + end + def get_session_id render plain: "#{request.session.id}" end @@ -179,6 +192,24 @@ class MemCacheStoreTest < ActionDispatch::IntegrationTest rescue Dalli::RingError => ex skip ex.message, ex.backtrace end + + def test_previous_session_has_indifferent_access + with_test_route_set do + get '/set_deep_session_value' + assert_response :success + assert cookies['_session_id'] + + get '/get_deep_session_value_with_symbol' + assert_response :success + assert_equal 'foo: { bar: "baz" }', response.body + + get '/get_deep_session_value_with_string' + assert_response :success + assert_equal 'foo: { "bar" => "baz" }', response.body + end + rescue Dalli::RingError => ex + skip ex.message, ex.backtrace + end rescue LoadError, RuntimeError, Dalli::DalliError $stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again." end diff --git a/actionpack/test/dispatch/session/test_session_test.rb b/actionpack/test/dispatch/session/test_session_test.rb index 3e61d123e3..332c2ae3c8 100644 --- a/actionpack/test/dispatch/session/test_session_test.rb +++ b/actionpack/test/dispatch/session/test_session_test.rb @@ -60,4 +60,11 @@ class ActionController::TestSessionTest < ActiveSupport::TestCase session = ActionController::TestSession.new(one: '1') assert_equal(2, session.fetch('2') { |key| key.to_i }) end + + def test_fetch_returns_indifferent_access + session = ActionController::TestSession.new(three: { two: '1' }) + three = session.fetch(:three) + assert_equal('1', three[:two]) + assert_equal('1', three["two"]) + end end -- cgit v1.2.3 From b4558c10fb8f5379ffe23860c9ad1ee7a227de44 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Mon, 15 Feb 2016 22:47:44 +0100 Subject: Make collection caching explicit. Having collection caching that wraps templates and automatically tries to infer if they are cachable proved to be too much of a hassle. We'd rather have it be something you explicitly turn on. This removes much of the code and docs to explain the previous automatic behavior. This change also removes scoped cache keys and passing cache_options. --- actionpack/test/controller/caching_test.rb | 21 +++++---------------- .../test/fixtures/collection_cache/index.html.erb | 2 +- 2 files changed, 6 insertions(+), 17 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/caching_test.rb b/actionpack/test/controller/caching_test.rb index 7556f984f2..754ac144cc 100644 --- a/actionpack/test/controller/caching_test.rb +++ b/actionpack/test/controller/caching_test.rb @@ -381,19 +381,14 @@ class CollectionCacheController < ActionController::Base render 'index' end - def index_explicit_render + def index_explicit_render_in_controller @customers = [Customer.new('david', 1)] - render partial: 'customers/customer', collection: @customers + render partial: 'customers/customer', collection: @customers, cached: true end def index_with_comment @customers = [Customer.new('david', 1)] - render partial: 'customers/commented_customer', collection: @customers, as: :customer - end - - def index_with_callable_cache_key - @customers = [Customer.new('david', 1)] - render @customers, cache: -> customer { 'cached_david' } + render partial: 'customers/commented_customer', collection: @customers, as: :customer, cached: true end end @@ -404,7 +399,7 @@ class AutomaticCollectionCacheTest < ActionController::TestCase @controller.perform_caching = true @controller.partial_rendered_times = 0 @controller.cache_store = ActiveSupport::Cache::MemoryStore.new - ActionView::PartialRenderer.collection_cache = @controller.cache_store + ActionView::PartialRenderer.collection_cache = ActiveSupport::Cache::MemoryStore.new end def test_collection_fetches_cached_views @@ -427,7 +422,7 @@ class AutomaticCollectionCacheTest < ActionController::TestCase end def test_explicit_render_call_with_options - get :index_explicit_render + get :index_explicit_render_in_controller assert_select ':root', "david, 1" end @@ -440,12 +435,6 @@ class AutomaticCollectionCacheTest < ActionController::TestCase assert_equal 1, @controller.partial_rendered_times end - def test_caching_with_callable_cache_key - get :index_with_callable_cache_key - assert_customer_cached 'cached_david', 'david, 1' - assert_customer_cached 'david/1', 'david, 1' - end - private def assert_customer_cached(key, content) assert_match content, diff --git a/actionpack/test/fixtures/collection_cache/index.html.erb b/actionpack/test/fixtures/collection_cache/index.html.erb index 521b1450df..853e501ab4 100644 --- a/actionpack/test/fixtures/collection_cache/index.html.erb +++ b/actionpack/test/fixtures/collection_cache/index.html.erb @@ -1 +1 @@ -<%= render @customers %> \ No newline at end of file +<%= render partial: 'customers/customer', collection: @customers, cached: true %> -- cgit v1.2.3 From 92203d754f535c01c5ec3175627425d20e3d2839 Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Thu, 18 Feb 2016 17:38:19 +0530 Subject: Fixed passing of delete method on button_to tag, creating wrong form csrf token Fixes #23524 --- .../controller/request_forgery_protection_test.rb | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 1984ad8825..6dc4f3fe51 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -136,6 +136,10 @@ class PerFormTokensController < ActionController::Base render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>" end + def button_to + render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>" + end + def post_one render plain: '' end @@ -710,6 +714,46 @@ class PerFormTokensControllerTest < ActionController::TestCase end end + def test_rejects_token_for_incorrect_method_button_to + get :button_to, params: { form_method: 'delete' } + + form_token = nil + assert_select 'input[name=custom_authenticity_token]' do |elts| + form_token = elts.first['value'] + assert_not_nil form_token + end + + actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) + expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'delete') + assert_equal expected, actual + + # This is required because PATH_INFO isn't reset between requests. + @request.env['PATH_INFO'] = '/per_form_tokens/post_one' + assert_raises(ActionController::InvalidAuthenticityToken) do + patch :post_one, params: { custom_authenticity_token: form_token } + end + end + + def test_accepts_proper_token_for_delete_method_button_to + get :button_to, params: { form_method: 'delete' } + + form_token = nil + assert_select 'input[name=custom_authenticity_token]' do |elts| + form_token = elts.first['value'] + assert_not_nil form_token + end + + actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) + expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'delete') + assert_equal expected, actual + + # This is required because PATH_INFO isn't reset between requests. + @request.env['PATH_INFO'] = '/per_form_tokens/post_one' + assert_nothing_raised do + delete :post_one, params: { custom_authenticity_token: form_token } + end + end + def test_accepts_global_csrf_token get :index -- cgit v1.2.3 From 2b4c0ae144768d72f042b2c2ec1bca4df386fb6f Mon Sep 17 00:00:00 2001 From: Vipul A M Date: Mon, 22 Feb 2016 00:21:46 +0530 Subject: Refactored Request Forgery CSRF PerFormTokensController tests and DRY'ed them up. --- .../controller/request_forgery_protection_test.rb | 108 ++++++++------------- 1 file changed, 38 insertions(+), 70 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 6dc4f3fe51..c645af88d7 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -656,15 +656,9 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_accepts_token_for_correct_path_and_method get :index - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post') - assert_equal expected, actual + assert_matches_session_token_on_server form_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one' @@ -677,15 +671,9 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_rejects_token_for_incorrect_path get :index - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post') - assert_equal expected, actual + assert_matches_session_token_on_server form_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_two' @@ -697,15 +685,9 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_rejects_token_for_incorrect_method get :index - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post') - assert_equal expected, actual + assert_matches_session_token_on_server form_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one' @@ -717,15 +699,9 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_rejects_token_for_incorrect_method_button_to get :button_to, params: { form_method: 'delete' } - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'delete') - assert_equal expected, actual + assert_matches_session_token_on_server form_token, 'delete' # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one' @@ -734,23 +710,19 @@ class PerFormTokensControllerTest < ActionController::TestCase end end - def test_accepts_proper_token_for_delete_method_button_to - get :button_to, params: { form_method: 'delete' } + %w{delete post patch}.each do |verb| + test "Accepts proper token for #{verb} method on button_to tag" do + get :button_to, params: { form_method: verb } - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'delete') - assert_equal expected, actual + assert_matches_session_token_on_server form_token, verb - # This is required because PATH_INFO isn't reset between requests. - @request.env['PATH_INFO'] = '/per_form_tokens/post_one' - assert_nothing_raised do - delete :post_one, params: { custom_authenticity_token: form_token } + # This is required because PATH_INFO isn't reset between requests. + @request.env['PATH_INFO'] = '/per_form_tokens/post_one' + assert_nothing_raised do + send verb, :post_one, params: { custom_authenticity_token: form_token } + end end end @@ -770,15 +742,9 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_ignores_params get :index, params: {form_path: '/per_form_tokens/post_one?foo=bar'} - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token - actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) - expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', 'post') - assert_equal expected, actual + assert_matches_session_token_on_server form_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one?foo=baz' @@ -791,11 +757,7 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_ignores_trailing_slash_during_generation get :index, params: {form_path: '/per_form_tokens/post_one/'} - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one' @@ -808,11 +770,7 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_ignores_trailing_slash_during_validation get :index - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end + form_token = assert_presence_and_fetch_form_csrf_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one/' @@ -825,12 +783,7 @@ class PerFormTokensControllerTest < ActionController::TestCase def test_method_is_case_insensitive get :index, params: {form_method: "POST"} - form_token = nil - assert_select 'input[name=custom_authenticity_token]' do |elts| - form_token = elts.first['value'] - assert_not_nil form_token - end - + form_token = assert_presence_and_fetch_form_csrf_token # This is required because PATH_INFO isn't reset between requests. @request.env['PATH_INFO'] = '/per_form_tokens/post_one/' assert_nothing_raised do @@ -838,4 +791,19 @@ class PerFormTokensControllerTest < ActionController::TestCase end assert_response :success end + + private + def assert_presence_and_fetch_form_csrf_token + assert_select 'input[name="custom_authenticity_token"]' do |input| + form_csrf_token = input.first['value'] + assert_not_nil form_csrf_token + return form_csrf_token + end + end + + def assert_matches_session_token_on_server(form_token, method = 'post') + actual = @controller.send(:unmask_token, Base64.strict_decode64(form_token)) + expected = @controller.send(:per_form_csrf_token, session, '/per_form_tokens/post_one', method) + assert_equal expected, actual + end end -- cgit v1.2.3 From 1358fce5aa77982b8b7eabcad959e1799d420a2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 22 Feb 2016 18:40:48 -0300 Subject: Make per form token work when method is not provided When `button_to 'Botton', url` form was being used the per form token was not correct because the method that is was being used to generate it was an empty string. --- .../test/controller/request_forgery_protection_test.rb | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index c645af88d7..f7dcbc1984 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -133,11 +133,11 @@ class PerFormTokensController < ActionController::Base self.per_form_csrf_tokens = true def index - render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>" + render inline: "<%= form_tag (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>" end def button_to - render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: (params[:form_method] || :post) %>" + render inline: "<%= button_to 'Button', (params[:form_path] || '/per_form_tokens/post_one'), method: params[:form_method] %>" end def post_one @@ -710,6 +710,20 @@ class PerFormTokensControllerTest < ActionController::TestCase end end + test "Accepts proper token for implicit post method on button_to tag" do + get :button_to + + form_token = assert_presence_and_fetch_form_csrf_token + + assert_matches_session_token_on_server form_token, 'post' + + # This is required because PATH_INFO isn't reset between requests. + @request.env['PATH_INFO'] = '/per_form_tokens/post_one' + assert_nothing_raised do + post :post_one, params: { custom_authenticity_token: form_token } + end + end + %w{delete post patch}.each do |verb| test "Accepts proper token for #{verb} method on button_to tag" do get :button_to, params: { form_method: verb } -- cgit v1.2.3 From 97ed810cfc15725a0856227fa9f9eb26930f16c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mehmet=20Emin=20=C4=B0NA=C3=87?= Date: Sat, 20 Feb 2016 11:33:05 +0200 Subject: Use symbol of mime type instead of object to get correct parser After registering new `:json` mime type `parsers.fetch` can't find the mime type because new mime type is not equal to old one. Using symbol of the mime type as key on parsers hash solves the problem. Closes #23766 --- actionpack/test/controller/webservice_test.rb | 4 ++-- .../test/dispatch/request/json_params_parsing_test.rb | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb index 6d377c4691..f02898e10c 100644 --- a/actionpack/test/controller/webservice_test.rb +++ b/actionpack/test/controller/webservice_test.rb @@ -65,7 +65,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest def test_register_and_use_json_simple with_test_route_set do - with_params_parsers Mime[:json] => Proc.new { |data| ActiveSupport::JSON.decode(data)['request'].with_indifferent_access } do + with_params_parsers json: Proc.new { |data| ActiveSupport::JSON.decode(data)['request'].with_indifferent_access } do post "/", params: '{"request":{"summary":"content...","title":"JSON"}}', headers: { 'CONTENT_TYPE' => 'application/json' } @@ -99,7 +99,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest def test_parsing_json_doesnot_rescue_exception req = Class.new(ActionDispatch::Request) do def params_parsers - { Mime[:json] => Proc.new { |data| raise Interrupt } } + { json: Proc.new { |data| raise Interrupt } } end def content_length; get_header('rack.input').length; end diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb index 64801bff39..0c3c6d5f93 100644 --- a/actionpack/test/dispatch/request/json_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb @@ -150,6 +150,22 @@ class RootLessJSONParamsParsingTest < ActionDispatch::IntegrationTest ) end + test "parses json params after custom json mime type registered" do + Mime::Type.register "application/json", :json, %w(application/vnd.api+json) + assert_parses( + {"user" => {"username" => "meinac"}, "username" => "meinac"}, + "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/json' } + ) + end + + test "parses json params after custom json mime type registered with synonym" do + Mime::Type.register "application/json", :json, %w(application/vnd.api+json) + assert_parses( + {"user" => {"username" => "meinac"}, "username" => "meinac"}, + "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/vnd.api+json' } + ) + end + private def assert_parses(expected, actual, headers = {}) with_test_routing(UsersController) do -- cgit v1.2.3 From a087cf4312c1ec01f3bb021a6791ac3a6ef1cec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 22 Feb 2016 17:20:37 -0300 Subject: Transform the mime object to symbol when registering the parsers This will keep our current API working without having the users to change their codebases. --- actionpack/test/controller/webservice_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/webservice_test.rb b/actionpack/test/controller/webservice_test.rb index f02898e10c..daf17558aa 100644 --- a/actionpack/test/controller/webservice_test.rb +++ b/actionpack/test/controller/webservice_test.rb @@ -65,7 +65,7 @@ class WebServiceTest < ActionDispatch::IntegrationTest def test_register_and_use_json_simple with_test_route_set do - with_params_parsers json: Proc.new { |data| ActiveSupport::JSON.decode(data)['request'].with_indifferent_access } do + with_params_parsers Mime[:json] => Proc.new { |data| ActiveSupport::JSON.decode(data)['request'].with_indifferent_access } do post "/", params: '{"request":{"summary":"content...","title":"JSON"}}', headers: { 'CONTENT_TYPE' => 'application/json' } -- cgit v1.2.3 From 4f30df4b524b5da22491090e22f5c2de789dd016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 22 Feb 2016 17:37:53 -0300 Subject: Make sure we unregister the mime type before registering Also make sure we don't change the global state of our test suite. --- .../dispatch/request/json_params_parsing_test.rb | 32 +++++++++++++++------- 1 file changed, 22 insertions(+), 10 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb index 0c3c6d5f93..3655c7f570 100644 --- a/actionpack/test/dispatch/request/json_params_parsing_test.rb +++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb @@ -151,19 +151,31 @@ class RootLessJSONParamsParsingTest < ActionDispatch::IntegrationTest end test "parses json params after custom json mime type registered" do - Mime::Type.register "application/json", :json, %w(application/vnd.api+json) - assert_parses( - {"user" => {"username" => "meinac"}, "username" => "meinac"}, - "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/json' } - ) + begin + Mime::Type.unregister :json + Mime::Type.register "application/json", :json, %w(application/vnd.api+json) + assert_parses( + {"user" => {"username" => "meinac"}, "username" => "meinac"}, + "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/json' } + ) + ensure + Mime::Type.unregister :json + Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest ) + end end test "parses json params after custom json mime type registered with synonym" do - Mime::Type.register "application/json", :json, %w(application/vnd.api+json) - assert_parses( - {"user" => {"username" => "meinac"}, "username" => "meinac"}, - "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/vnd.api+json' } - ) + begin + Mime::Type.unregister :json + Mime::Type.register "application/json", :json, %w(application/vnd.api+json) + assert_parses( + {"user" => {"username" => "meinac"}, "username" => "meinac"}, + "{\"username\": \"meinac\"}", { 'CONTENT_TYPE' => 'application/vnd.api+json' } + ) + ensure + Mime::Type.unregister :json + Mime::Type.register "application/json", :json, %w( text/x-json application/jsonrequest ) + end end private -- cgit v1.2.3 From cd8bb8b6ce96cbfbade45cd5845e5862adf21125 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Sat, 13 Feb 2016 22:18:22 -0500 Subject: Add `internal` attribute to routes This is meant to provide a way for Action Cable, Sprockets, and possibly other Rack applications to mark themselves as internal, and to exclude themselves from the routing inspector, and thus `rails routes` / `rake routes`. I think this is the only way to have mounted Rack apps be marked as internal, within AD/Journey. Another option would be to create an array of regexes for internal apps, and then to iterate over that everytime a request comes through. Also, I only had the first `add_route` method set `internal`'s default to false, to avoid littering it all over the codebase. --- actionpack/test/dispatch/routing/inspector_test.rb | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/dispatch/routing/inspector_test.rb b/actionpack/test/dispatch/routing/inspector_test.rb index f72a87b994..fd85cc6e9f 100644 --- a/actionpack/test/dispatch/routing/inspector_test.rb +++ b/actionpack/test/dispatch/routing/inspector_test.rb @@ -389,6 +389,29 @@ module ActionDispatch ], output end + def test_displaying_routes_for_internal_engines + engine = Class.new(Rails::Engine) do + def self.inspect + "Blog::Engine" + end + end + engine.routes.draw do + get '/cart', to: 'cart#show' + post '/cart', to: 'cart#create' + patch '/cart', to: 'cart#update' + end + + output = draw do + get '/custom/assets', to: 'custom_assets#show' + mount engine => "/blog", as: "blog", internal: true + end + + assert_equal [ + " Prefix Verb URI Pattern Controller#Action", + "custom_assets GET /custom/assets(.:format) custom_assets#show", + ], output + end + end end end -- cgit v1.2.3 From 926a24a7510be3d7f611c03feaf83f50d36076e8 Mon Sep 17 00:00:00 2001 From: Tara Scherner de la Fuente Date: Fri, 19 Feb 2016 20:05:49 -0800 Subject: remove args from assert_nothing_raised in tests --- actionpack/test/controller/integration_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index ea50f05f4d..6277407ff7 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -390,7 +390,7 @@ class IntegrationTestUsesCorrectClass < ActionDispatch::IntegrationTest reset! %w( get post head patch put delete ).each do |verb| - assert_nothing_raised("'#{verb}' should use integration test methods") { __send__(verb, '/') } + assert_nothing_raised { __send__(verb, '/') } end end end -- cgit v1.2.3 From 6edfcdd4aa896dbbf431fcf3992e0d1cd2dac3b2 Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Thu, 11 Feb 2016 19:41:27 -0500 Subject: Fix `request.ssl?` bug with Action Cable This bug affects `wss://` requests when running Action Cable in-app. Fixes #23620. --- actionpack/test/controller/force_ssl_test.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/force_ssl_test.rb b/actionpack/test/controller/force_ssl_test.rb index 22f1cc7c22..03a9c9ae78 100644 --- a/actionpack/test/controller/force_ssl_test.rb +++ b/actionpack/test/controller/force_ssl_test.rb @@ -322,3 +322,12 @@ class RedirectToSSLTest < ActionController::TestCase assert_equal 'ihaz', response.body end end + +class ForceSSLControllerLevelTest < ActionController::TestCase + def test_no_redirect_websocket_ssl_request + request.env['rack.url_scheme'] = 'wss' + request.env['Upgrade'] = 'websocket' + get :cheeseburger + assert_response 200 + end +end -- cgit v1.2.3 From 5f59c10471fee7bca43f65bb2bc776ed047715b6 Mon Sep 17 00:00:00 2001 From: Prathamesh Sonpatki Date: Wed, 24 Feb 2016 12:48:39 +0530 Subject: Show permitted flag in the output of AC::Parameters#inspect - Fixes #23822. --- actionpack/test/controller/parameters/accessors_test.rb | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/parameters/accessors_test.rb b/actionpack/test/controller/parameters/accessors_test.rb index 4ef5bed30d..cea265f9ab 100644 --- a/actionpack/test/controller/parameters/accessors_test.rb +++ b/actionpack/test/controller/parameters/accessors_test.rb @@ -4,6 +4,8 @@ require 'active_support/core_ext/hash/transform_values' class ParametersAccessorsTest < ActiveSupport::TestCase setup do + ActionController::Parameters.permit_all_parameters = false + @params = ActionController::Parameters.new( person: { age: '32', @@ -176,12 +178,20 @@ class ParametersAccessorsTest < ActiveSupport::TestCase assert(@params != false) end - test "inspect shows both class name and parameters" do + test "inspect shows both class name, parameters and permitted flag" do assert_equal( '{"age"=>"32", '\ - '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \ - '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}}>', + '"name"=>{"first"=>"David", "last"=>"Heinemeier Hansson"}, ' \ + '"addresses"=>[{"city"=>"Chicago", "state"=>"Illinois"}]}} permitted: false>', @params.inspect ) end + + test "inspect prints updated permitted flag in the output" do + assert_match(/permitted: false/, @params.inspect) + + @params.permit! + + assert_match(/permitted: true/, @params.inspect) + end end -- cgit v1.2.3