1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
require "abstract_unit"
class QueryStringParsingTest < ActionDispatch::IntegrationTest
class TestController < ActionController::Base
class << self
attr_accessor :last_query_parameters
end
def parse
self.class.last_query_parameters = request.query_parameters
head :ok
end
end
class EarlyParse
def initialize(app)
@app = app
end
def call(env)
# Trigger a Rack parse so that env caches the query params
Rack::Request.new(env).params
@app.call(env)
end
end
def teardown
TestController.last_query_parameters = nil
end
test "query string" do
assert_parses(
{ "action" => "create_customer", "full_name" => "David Heinemeier Hansson", "customerId" => "1" },
"action=create_customer&full_name=David%20Heinemeier%20Hansson&customerId=1"
)
end
test "deep query string" do
assert_parses(
{ "x" => { "y" => { "z" => "10" } } },
"x[y][z]=10"
)
end
test "deep query string with array" do
assert_parses({ "x" => { "y" => { "z" => ["10"] } } }, "x[y][z][]=10")
assert_parses({ "x" => { "y" => { "z" => ["10", "5"] } } }, "x[y][z][]=10&x[y][z][]=5")
end
test "deep query string with array of hash" do
assert_parses({ "x" => { "y" => [{ "z" => "10" }] } }, "x[y][][z]=10")
assert_parses({ "x" => { "y" => [{ "z" => "10", "w" => "10" }] } }, "x[y][][z]=10&x[y][][w]=10")
assert_parses({ "x" => { "y" => [{ "z" => "10", "v" => { "w" => "10" } }] } }, "x[y][][z]=10&x[y][][v][w]=10")
end
test "deep query string with array of hashes with one pair" do
assert_parses({ "x" => { "y" => [{ "z" => "10" }, { "z" => "20" }] } }, "x[y][][z]=10&x[y][][z]=20")
end
test "deep query string with array of hashes with multiple pairs" do
assert_parses(
{ "x" => { "y" => [{ "z" => "10", "w" => "a" }, { "z" => "20", "w" => "b" }] } },
"x[y][][z]=10&x[y][][w]=a&x[y][][z]=20&x[y][][w]=b"
)
end
test "query string with nil" do
assert_parses(
{ "action" => "create_customer", "full_name" => "" },
"action=create_customer&full_name="
)
end
test "query string with array" do
assert_parses(
{ "action" => "create_customer", "selected" => ["1", "2", "3"] },
"action=create_customer&selected[]=1&selected[]=2&selected[]=3"
)
end
test "query string with amps" do
assert_parses(
{ "action" => "create_customer", "name" => "Don't & Does" },
"action=create_customer&name=Don%27t+%26+Does"
)
end
test "query string with many equal" do
assert_parses(
{ "action" => "create_customer", "full_name" => "abc=def=ghi" },
"action=create_customer&full_name=abc=def=ghi"
)
end
test "query string without equal" do
assert_parses({ "action" => nil }, "action")
assert_parses({ "action" => { "foo" => nil } }, "action[foo]")
assert_parses({ "action" => { "foo" => { "bar" => nil } } }, "action[foo][bar]")
assert_parses({ "action" => { "foo" => { "bar" => [] } } }, "action[foo][bar][]")
assert_parses({ "action" => { "foo" => [] } }, "action[foo][]")
assert_parses({ "action"=>{ "foo"=>[{ "bar"=>nil }] } }, "action[foo][][bar]")
end
def test_array_parses_without_nil
assert_parses({ "action" => ["1"] }, "action[]=1&action[]")
end
test "perform_deep_munge" do
old_perform_deep_munge = ActionDispatch::Request::Utils.perform_deep_munge
ActionDispatch::Request::Utils.perform_deep_munge = false
begin
assert_parses({ "action" => nil }, "action")
assert_parses({ "action" => { "foo" => nil } }, "action[foo]")
assert_parses({ "action" => { "foo" => { "bar" => nil } } }, "action[foo][bar]")
assert_parses({ "action" => { "foo" => { "bar" => [nil] } } }, "action[foo][bar][]")
assert_parses({ "action" => { "foo" => [nil] } }, "action[foo][]")
assert_parses({ "action" => { "foo" => [{ "bar" => nil }] } }, "action[foo][][bar]")
assert_parses({ "action" => ["1",nil] }, "action[]=1&action[]")
ensure
ActionDispatch::Request::Utils.perform_deep_munge = old_perform_deep_munge
end
end
test "query string with empty key" do
assert_parses(
{ "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
"action=create_customer&full_name=David%20Heinemeier%20Hansson&=Save"
)
end
test "query string with many ampersands" do
assert_parses(
{ "action" => "create_customer", "full_name" => "David Heinemeier Hansson" },
"&action=create_customer&&&full_name=David%20Heinemeier%20Hansson"
)
end
test "unbalanced query string with array" do
assert_parses(
{ "location" => ["1", "2"], "age_group" => ["2"] },
"location[]=1&location[]=2&age_group[]=2"
)
end
test "ambiguous query string returns a bad request" do
with_routing do |set|
set.draw do
ActiveSupport::Deprecation.silence do
get ":action", to: ::QueryStringParsingTest::TestController
end
end
get "/parse", headers: { "QUERY_STRING" => "foo[]=bar&foo[4]=bar" }
assert_response :bad_request
end
end
private
def assert_parses(expected, actual)
with_routing do |set|
set.draw do
ActiveSupport::Deprecation.silence do
get ":action", to: ::QueryStringParsingTest::TestController
end
end
@app = self.class.build_app(set) do |middleware|
middleware.use(EarlyParse)
end
get "/parse", params: actual
assert_response :ok
assert_equal(expected, ::QueryStringParsingTest::TestController.last_query_parameters)
end
end
end
|