require 'isolation/abstract_unit' module ApplicationTests class MiddlewareTest < Test::Unit::TestCase include ActiveSupport::Testing::Isolation def setup build_app boot_rails FileUtils.rm_rf "#{app_path}/config/environments" end def app @app ||= Rails.application end test "default middleware stack" do boot! assert_equal [ "ActionDispatch::Static", "Rack::Lock", "ActiveSupport::Cache::Strategy::LocalCache", "Rack::Runtime", "Rails::Rack::Logger", "ActionDispatch::ShowExceptions", "ActionDispatch::RemoteIp", "Rack::Sendfile", "ActionDispatch::Callbacks", "ActiveRecord::ConnectionAdapters::ConnectionManagement", "ActiveRecord::QueryCache", "ActionDispatch::Cookies", "ActionDispatch::Session::CookieStore", "ActionDispatch::Flash", "ActionDispatch::ParamsParser", "Rack::MethodOverride", "ActionDispatch::Head" ], middleware end test "removing activerecord omits its middleware" do use_frameworks [] boot! assert !middleware.include?("ActiveRecord::ConnectionAdapters::ConnectionManagement") assert !middleware.include?("ActiveRecord::QueryCache") end test "removes lock if allow concurrency is set" do add_to_config "config.allow_concurrency = true" boot! assert !middleware.include?("Rack::Lock") end test "removes static asset server if serve_static_assets is disabled" do add_to_config "config.serve_static_assets = false" boot! assert !middleware.include?("ActionDispatch::Static") end test "removes show exceptions if action_dispatch.show_exceptions is disabled" do add_to_config "config.action_dispatch.show_exceptions = false" boot! assert !middleware.include?("ActionDispatch::ShowExceptions") end test "use middleware" do use_frameworks [] add_to_config "config.middleware.use Rack::Config" boot! assert_equal "Rack::Config", middleware.last end test "insert middleware after" do add_to_config "config.middleware.insert_after ActionDispatch::Static, Rack::Config" boot! assert_equal "Rack::Config", middleware.second end test "insert middleware before" do add_to_config "config.middleware.insert_before ActionDispatch::Static, Rack::Config" boot! assert_equal "Rack::Config", middleware.first end test "shows cascade if any metal exists" do app_file "app/metal/foo.rb", "class Foo; end" boot! assert middleware.include?("ActionDispatch::Cascade") end # x_sendfile_header middleware test "config.action_dispatch.x_sendfile_header defaults to ''" do make_basic_app class ::OmgController < ActionController::Base def index send_file __FILE__ end end get "/" assert_equal File.read(__FILE__), last_response.body end test "config.action_dispatch.x_sendfile_header can be set" do make_basic_app do |app| app.config.action_dispatch.x_sendfile_header = "X-Sendfile" end class ::OmgController < ActionController::Base def index send_file __FILE__ end end get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Sendfile"] end test "config.action_dispatch.x_sendfile_header is sent to Rack::Sendfile" do make_basic_app do |app| app.config.action_dispatch.x_sendfile_header = 'X-Lighttpd-Send-File' end class ::OmgController < ActionController::Base def index send_file __FILE__ end end get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"] end # remote_ip tests test "remote_ip works" do make_basic_app assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1") end test "checks IP spoofing by default" do make_basic_app assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") end end test "can disable IP spoofing check" do make_basic_app do |app| app.config.action_dispatch.ip_spoofing_check = false end assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") end end test "the user can set trusted proxies" do make_basic_app do |app| app.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/ end assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "4.2.42.42,1.1.1.1") end private def boot! require "#{app_path}/config/environment" end def middleware AppTemplate::Application.middleware.active.map(&:klass).map(&:name) end def remote_ip(env = {}) remote_ip = nil env = Rack::MockRequest.env_for("/").merge(env).merge!( 'action_dispatch.show_exceptions' => false, 'action_dispatch.secret_token' => 'b3c631c314c0bbca50c1b2843150fe33' ) endpoint = Proc.new do |e| remote_ip = ActionDispatch::Request.new(e).remote_ip [200, {}, ["Hello"]] end Rails.application.middleware.build(endpoint).call(env) remote_ip end end end