actionpack 2.1.2 → 2.2.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of actionpack might be problematic. Click here for more details.
- data/CHANGELOG +223 -7
- data/README +6 -12
- data/Rakefile +11 -11
- data/lib/action_controller.rb +9 -9
- data/lib/action_controller/assertions/response_assertions.rb +29 -78
- data/lib/action_controller/assertions/routing_assertions.rb +33 -33
- data/lib/action_controller/assertions/selector_assertions.rb +9 -5
- data/lib/action_controller/base.rb +227 -161
- data/lib/action_controller/benchmarking.rb +37 -24
- data/lib/action_controller/caching/actions.rb +53 -21
- data/lib/action_controller/caching/fragments.rb +10 -36
- data/lib/action_controller/caching/sweeping.rb +3 -3
- data/lib/action_controller/cgi_ext/session.rb +2 -22
- data/lib/action_controller/cgi_process.rb +8 -46
- data/lib/action_controller/components.rb +4 -1
- data/lib/action_controller/cookies.rb +10 -0
- data/lib/action_controller/dispatcher.rb +49 -15
- data/lib/action_controller/filters.rb +48 -10
- data/lib/action_controller/headers.rb +16 -14
- data/lib/action_controller/helpers.rb +2 -2
- data/lib/action_controller/http_authentication.rb +1 -1
- data/lib/action_controller/integration.rb +57 -60
- data/lib/action_controller/layout.rb +27 -53
- data/lib/action_controller/mime_responds.rb +5 -1
- data/lib/action_controller/mime_type.rb +64 -42
- data/lib/action_controller/mime_types.rb +2 -1
- data/lib/action_controller/performance_test.rb +16 -0
- data/lib/action_controller/polymorphic_routes.rb +16 -9
- data/lib/action_controller/rack_process.rb +303 -0
- data/lib/action_controller/request.rb +205 -97
- data/lib/action_controller/request_forgery_protection.rb +2 -2
- data/lib/action_controller/request_profiler.rb +0 -0
- data/lib/action_controller/rescue.rb +20 -115
- data/lib/action_controller/resources.rb +186 -83
- data/lib/action_controller/response.rb +140 -26
- data/lib/action_controller/routing.rb +28 -30
- data/lib/action_controller/routing/builder.rb +45 -54
- data/lib/action_controller/routing/optimisations.rb +31 -21
- data/lib/action_controller/routing/recognition_optimisation.rb +33 -27
- data/lib/action_controller/routing/route.rb +162 -147
- data/lib/action_controller/routing/route_set.rb +8 -7
- data/lib/action_controller/routing/routing_ext.rb +4 -1
- data/lib/action_controller/routing/segments.rb +50 -21
- data/lib/action_controller/session/cookie_store.rb +3 -2
- data/lib/action_controller/session/drb_server.rb +7 -7
- data/lib/action_controller/session_management.rb +6 -2
- data/lib/action_controller/streaming.rb +15 -8
- data/lib/action_controller/templates/rescues/diagnostics.erb +2 -2
- data/lib/action_controller/templates/rescues/template_error.erb +2 -2
- data/lib/action_controller/test_case.rb +66 -2
- data/lib/action_controller/test_process.rb +71 -66
- data/lib/action_controller/translation.rb +13 -0
- data/lib/action_controller/url_rewriter.rb +90 -13
- data/lib/action_controller/vendor/html-scanner/html/node.rb +9 -2
- data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +1 -1
- data/lib/action_controller/vendor/html-scanner/html/selector.rb +2 -2
- data/lib/action_controller/verification.rb +2 -2
- data/lib/action_pack/version.rb +1 -1
- data/lib/action_view.rb +19 -11
- data/lib/action_view/base.rb +184 -150
- data/lib/action_view/helpers.rb +38 -0
- data/lib/action_view/helpers/active_record_helper.rb +56 -27
- data/lib/action_view/helpers/asset_tag_helper.rb +356 -153
- data/lib/action_view/helpers/atom_feed_helper.rb +74 -19
- data/lib/action_view/helpers/benchmark_helper.rb +3 -3
- data/lib/action_view/helpers/cache_helper.rb +1 -2
- data/lib/action_view/helpers/capture_helper.rb +19 -44
- data/lib/action_view/helpers/date_helper.rb +486 -296
- data/lib/action_view/helpers/debug_helper.rb +20 -13
- data/lib/action_view/helpers/form_helper.rb +71 -30
- data/lib/action_view/helpers/form_options_helper.rb +15 -85
- data/lib/action_view/helpers/form_tag_helper.rb +61 -38
- data/lib/action_view/helpers/javascript_helper.rb +80 -89
- data/lib/action_view/helpers/number_helper.rb +179 -74
- data/lib/action_view/helpers/prototype_helper.rb +216 -201
- data/lib/action_view/helpers/record_tag_helper.rb +4 -5
- data/lib/action_view/helpers/sanitize_helper.rb +65 -33
- data/lib/action_view/helpers/scriptaculous_helper.rb +2 -2
- data/lib/action_view/helpers/tag_helper.rb +39 -22
- data/lib/action_view/helpers/text_helper.rb +212 -118
- data/lib/action_view/helpers/translation_helper.rb +21 -0
- data/lib/action_view/helpers/url_helper.rb +100 -58
- data/lib/action_view/inline_template.rb +13 -14
- data/lib/action_view/locale/en.yml +91 -0
- data/lib/action_view/partials.rb +100 -55
- data/lib/action_view/paths.rb +125 -0
- data/lib/action_view/renderable.rb +102 -0
- data/lib/action_view/renderable_partial.rb +48 -0
- data/lib/action_view/template.rb +90 -101
- data/lib/action_view/template_error.rb +11 -21
- data/lib/action_view/template_handler.rb +8 -28
- data/lib/action_view/template_handlers.rb +45 -0
- data/lib/action_view/template_handlers/builder.rb +5 -15
- data/lib/action_view/template_handlers/erb.rb +9 -6
- data/lib/action_view/template_handlers/rjs.rb +2 -17
- data/lib/action_view/test_case.rb +7 -4
- data/test/abstract_unit.rb +4 -1
- data/test/active_record_unit.rb +28 -30
- data/test/activerecord/render_partial_with_record_identification_test.rb +25 -12
- data/test/controller/action_pack_assertions_test.rb +8 -37
- data/test/controller/addresses_render_test.rb +0 -3
- data/test/controller/assert_select_test.rb +51 -24
- data/test/controller/base_test.rb +4 -4
- data/test/controller/caching_test.rb +136 -66
- data/test/controller/capture_test.rb +1 -21
- data/test/controller/cgi_test.rb +157 -10
- data/test/controller/components_test.rb +41 -25
- data/test/controller/content_type_test.rb +49 -17
- data/test/controller/cookie_test.rb +1 -1
- data/test/controller/deprecation/deprecated_base_methods_test.rb +0 -3
- data/test/controller/dispatcher_test.rb +9 -1
- data/test/controller/filter_params_test.rb +2 -2
- data/test/controller/filters_test.rb +13 -13
- data/test/controller/html-scanner/cdata_node_test.rb +15 -0
- data/test/controller/html-scanner/node_test.rb +21 -0
- data/test/controller/html-scanner/sanitizer_test.rb +14 -0
- data/test/controller/integration_test.rb +167 -6
- data/test/controller/layout_test.rb +11 -68
- data/test/controller/logging_test.rb +46 -0
- data/test/controller/mime_responds_test.rb +61 -59
- data/test/controller/mime_type_test.rb +6 -6
- data/test/controller/polymorphic_routes_test.rb +37 -2
- data/test/controller/rack_test.rb +323 -0
- data/test/controller/redirect_test.rb +72 -71
- data/test/controller/render_test.rb +1120 -108
- data/test/controller/request_forgery_protection_test.rb +66 -52
- data/test/controller/request_test.rb +103 -146
- data/test/controller/rescue_test.rb +20 -24
- data/test/controller/resources_test.rb +408 -25
- data/test/controller/routing_test.rb +1774 -1774
- data/test/controller/send_file_test.rb +0 -4
- data/test/controller/session/cookie_store_test.rb +53 -1
- data/test/controller/test_test.rb +15 -37
- data/test/controller/translation_test.rb +26 -0
- data/test/controller/url_rewriter_test.rb +27 -28
- data/test/controller/view_paths_test.rb +48 -47
- data/test/fixtures/_top_level_partial.html.erb +1 -0
- data/test/fixtures/_top_level_partial_only.erb +1 -0
- data/test/fixtures/developers/_developer.erb +1 -0
- data/test/fixtures/fun/games/_game.erb +1 -0
- data/test/fixtures/fun/serious/games/_game.erb +1 -0
- data/test/fixtures/functional_caching/formatted_fragment_cached.html.erb +3 -0
- data/test/fixtures/functional_caching/formatted_fragment_cached.js.rjs +6 -0
- data/test/fixtures/functional_caching/formatted_fragment_cached.xml.builder +5 -0
- data/test/fixtures/functional_caching/inline_fragment_cached.html.erb +2 -0
- data/test/fixtures/layouts/_column.html.erb +2 -0
- data/test/fixtures/projects/_project.erb +1 -0
- data/test/fixtures/public/javascripts/subdir/subdir.js +1 -0
- data/test/fixtures/public/stylesheets/subdir/subdir.css +1 -0
- data/test/fixtures/replies/_reply.erb +1 -0
- data/test/fixtures/test/_counter.html.erb +1 -0
- data/test/fixtures/test/_customer.erb +1 -1
- data/test/fixtures/test/_customer_with_var.erb +1 -0
- data/test/fixtures/test/_layout_for_block_with_args.html.erb +3 -0
- data/test/fixtures/test/_local_inspector.html.erb +1 -0
- data/test/fixtures/test/_partial_with_only_html_version.html.erb +1 -0
- data/test/fixtures/test/hello.builder +1 -1
- data/test/fixtures/test/hyphen-ated.erb +1 -0
- data/test/fixtures/test/implicit_content_type.atom.builder +2 -0
- data/test/fixtures/test/nested_layout.erb +3 -0
- data/test/fixtures/test/non_erb_block_content_for.builder +1 -1
- data/test/fixtures/test/sub_template_raise.html.erb +1 -0
- data/test/fixtures/test/template.erb +1 -0
- data/test/fixtures/test/using_layout_around_block_with_args.html.erb +1 -0
- data/test/template/active_record_helper_i18n_test.rb +46 -0
- data/test/template/active_record_helper_test.rb +24 -24
- data/test/template/asset_tag_helper_test.rb +161 -29
- data/test/template/atom_feed_helper_test.rb +114 -5
- data/test/template/compiled_templates_test.rb +59 -0
- data/test/template/date_helper_i18n_test.rb +113 -0
- data/test/template/date_helper_test.rb +403 -109
- data/test/template/form_helper_test.rb +213 -154
- data/test/template/form_options_helper_test.rb +249 -897
- data/test/template/form_tag_helper_test.rb +80 -32
- data/test/template/javascript_helper_test.rb +17 -18
- data/test/template/number_helper_i18n_test.rb +54 -0
- data/test/template/number_helper_test.rb +43 -13
- data/test/template/prototype_helper_test.rb +101 -84
- data/test/template/record_tag_helper_test.rb +24 -20
- data/test/template/render_test.rb +193 -0
- data/test/template/sanitize_helper_test.rb +3 -3
- data/test/template/tag_helper_test.rb +34 -14
- data/test/template/text_helper_test.rb +83 -9
- data/test/template/translation_helper_test.rb +28 -0
- data/test/template/url_helper_test.rb +55 -18
- metadata +57 -18
- data/lib/action_view/helpers/javascripts/controls.js +0 -963
- data/lib/action_view/helpers/javascripts/dragdrop.js +0 -972
- data/lib/action_view/helpers/javascripts/effects.js +0 -1120
- data/lib/action_view/helpers/javascripts/prototype.js +0 -4225
- data/lib/action_view/partial_template.rb +0 -70
- data/lib/action_view/template_finder.rb +0 -177
- data/lib/action_view/template_handlers/compilable.rb +0 -128
- data/test/controller/custom_handler_test.rb +0 -45
- data/test/controller/new_render_test.rb +0 -945
- data/test/fixtures/test/block_content_for.erb +0 -2
- data/test/fixtures/test/erb_content_for.erb +0 -2
- data/test/template/deprecated_erb_variable_test.rb +0 -9
- data/test/template/template_finder_test.rb +0 -73
- data/test/template/template_object_test.rb +0 -95
@@ -77,57 +77,61 @@ module RequestForgeryProtectionTests
|
|
77
77
|
ActionController::Base.request_forgery_protection_token = nil
|
78
78
|
end
|
79
79
|
|
80
|
+
|
80
81
|
def test_should_render_form_with_token_tag
|
81
|
-
|
82
|
-
|
82
|
+
get :index
|
83
|
+
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
|
84
|
+
end
|
85
|
+
|
86
|
+
def test_should_render_button_to_with_token_tag
|
87
|
+
get :show_button
|
88
|
+
assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
|
89
|
+
end
|
90
|
+
|
91
|
+
def test_should_render_remote_form_with_only_one_token_parameter
|
92
|
+
get :remote_form
|
93
|
+
assert_equal 1, @response.body.scan(@token).size
|
94
|
+
end
|
95
|
+
|
96
|
+
def test_should_allow_get
|
97
|
+
get :index
|
98
|
+
assert_response :success
|
99
|
+
end
|
100
|
+
|
101
|
+
def test_should_allow_post_without_token_on_unsafe_action
|
102
|
+
post :unsafe
|
103
|
+
assert_response :success
|
104
|
+
end
|
105
|
+
|
106
|
+
def test_should_not_allow_html_post_without_token
|
107
|
+
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
|
108
|
+
assert_raises(ActionController::InvalidAuthenticityToken) { post :index, :format => :html }
|
83
109
|
end
|
84
110
|
|
85
|
-
def
|
86
|
-
|
87
|
-
|
88
|
-
end
|
89
|
-
|
90
|
-
def test_should_render_remote_form_with_only_one_token_parameter
|
91
|
-
get :remote_form
|
92
|
-
assert_equal 1, @response.body.scan(@token).size
|
93
|
-
end
|
94
|
-
|
95
|
-
def test_should_allow_get
|
96
|
-
get :index
|
97
|
-
assert_response :success
|
111
|
+
def test_should_not_allow_html_put_without_token
|
112
|
+
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
|
113
|
+
assert_raises(ActionController::InvalidAuthenticityToken) { put :index, :format => :html }
|
98
114
|
end
|
99
115
|
|
100
|
-
def
|
101
|
-
|
102
|
-
|
116
|
+
def test_should_not_allow_html_delete_without_token
|
117
|
+
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
|
118
|
+
assert_raises(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html }
|
103
119
|
end
|
104
120
|
|
105
|
-
def
|
106
|
-
|
107
|
-
end
|
108
|
-
|
109
|
-
def test_should_not_allow_put_without_token
|
110
|
-
assert_raises(ActionController::InvalidAuthenticityToken) { put :index }
|
111
|
-
end
|
112
|
-
|
113
|
-
def test_should_not_allow_delete_without_token
|
114
|
-
assert_raises(ActionController::InvalidAuthenticityToken) { delete :index }
|
115
|
-
end
|
116
|
-
|
117
|
-
def test_should_not_allow_api_formatted_post_without_token
|
118
|
-
assert_raises(ActionController::InvalidAuthenticityToken) do
|
121
|
+
def test_should_allow_api_formatted_post_without_token
|
122
|
+
assert_nothing_raised do
|
119
123
|
post :index, :format => 'xml'
|
120
124
|
end
|
121
125
|
end
|
122
126
|
|
123
127
|
def test_should_not_allow_api_formatted_put_without_token
|
124
|
-
|
128
|
+
assert_nothing_raised do
|
125
129
|
put :index, :format => 'xml'
|
126
130
|
end
|
127
131
|
end
|
128
132
|
|
129
|
-
def
|
130
|
-
|
133
|
+
def test_should_allow_api_formatted_delete_without_token
|
134
|
+
assert_nothing_raised do
|
131
135
|
delete :index, :format => 'xml'
|
132
136
|
end
|
133
137
|
end
|
@@ -174,16 +178,20 @@ module RequestForgeryProtectionTests
|
|
174
178
|
end
|
175
179
|
end
|
176
180
|
|
177
|
-
def
|
178
|
-
|
181
|
+
def test_should_allow_xhr_post_without_token
|
182
|
+
assert_nothing_raised { xhr :post, :index }
|
183
|
+
end
|
184
|
+
def test_should_not_allow_xhr_post_with_html_without_token
|
185
|
+
@request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
|
186
|
+
assert_raise(ActionController::InvalidAuthenticityToken) { xhr :post, :index }
|
179
187
|
end
|
180
188
|
|
181
|
-
def
|
182
|
-
|
189
|
+
def test_should_allow_xhr_put_without_token
|
190
|
+
assert_nothing_raised { xhr :put, :index }
|
183
191
|
end
|
184
192
|
|
185
|
-
def
|
186
|
-
|
193
|
+
def test_should_allow_xhr_delete_without_token
|
194
|
+
assert_nothing_raised { xhr :delete, :index }
|
187
195
|
end
|
188
196
|
|
189
197
|
def test_should_allow_post_with_token
|
@@ -227,6 +235,7 @@ class RequestForgeryProtectionControllerTest < Test::Unit::TestCase
|
|
227
235
|
def setup
|
228
236
|
@controller = RequestForgeryProtectionController.new
|
229
237
|
@request = ActionController::TestRequest.new
|
238
|
+
@request.format = :html
|
230
239
|
@response = ActionController::TestResponse.new
|
231
240
|
class << @request.session
|
232
241
|
def session_id() '123' end
|
@@ -248,11 +257,11 @@ class RequestForgeryProtectionWithoutSecretControllerTest < Test::Unit::TestCase
|
|
248
257
|
ActionController::Base.request_forgery_protection_token = :authenticity_token
|
249
258
|
end
|
250
259
|
|
251
|
-
def test_should_raise_error_without_secret
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
end
|
260
|
+
# def test_should_raise_error_without_secret
|
261
|
+
# assert_raises ActionController::InvalidAuthenticityToken do
|
262
|
+
# get :index
|
263
|
+
# end
|
264
|
+
# end
|
256
265
|
end
|
257
266
|
|
258
267
|
class CsrfCookieMonsterControllerTest < Test::Unit::TestCase
|
@@ -304,10 +313,15 @@ class SessionOffControllerTest < Test::Unit::TestCase
|
|
304
313
|
@token = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123')
|
305
314
|
end
|
306
315
|
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
|
316
|
+
# TODO: Rewrite this test.
|
317
|
+
# This test was passing but for the wrong reason.
|
318
|
+
# Sessions aren't really being turned off, so an exception was raised
|
319
|
+
# because sessions weren't on - not because the token didn't match.
|
320
|
+
#
|
321
|
+
# def test_should_raise_correct_exception
|
322
|
+
# @request.session = {} # session(:off) doesn't appear to work with controller tests
|
323
|
+
# assert_raises(ActionController::InvalidAuthenticityToken) do
|
324
|
+
# post :index, :authenticity_token => @token, :format => :html
|
325
|
+
# end
|
326
|
+
# end
|
313
327
|
end
|
@@ -3,67 +3,72 @@ require 'action_controller/integration'
|
|
3
3
|
|
4
4
|
class RequestTest < Test::Unit::TestCase
|
5
5
|
def setup
|
6
|
+
ActionController::Base.relative_url_root = nil
|
6
7
|
@request = ActionController::TestRequest.new
|
7
8
|
end
|
8
9
|
|
10
|
+
def teardown
|
11
|
+
ActionController::Base.relative_url_root = nil
|
12
|
+
end
|
13
|
+
|
9
14
|
def test_remote_ip
|
10
15
|
assert_equal '0.0.0.0', @request.remote_ip
|
11
16
|
|
12
17
|
@request.remote_addr = '1.2.3.4'
|
13
|
-
assert_equal '1.2.3.4', @request.remote_ip
|
18
|
+
assert_equal '1.2.3.4', @request.remote_ip(true)
|
14
19
|
|
15
20
|
@request.remote_addr = '1.2.3.4,3.4.5.6'
|
16
|
-
assert_equal '1.2.3.4', @request.remote_ip
|
21
|
+
assert_equal '1.2.3.4', @request.remote_ip(true)
|
17
22
|
|
18
23
|
@request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
|
19
|
-
assert_equal '1.2.3.4', @request.remote_ip
|
24
|
+
assert_equal '1.2.3.4', @request.remote_ip(true)
|
20
25
|
|
21
26
|
@request.remote_addr = '192.168.0.1'
|
22
|
-
assert_equal '2.3.4.5', @request.remote_ip
|
27
|
+
assert_equal '2.3.4.5', @request.remote_ip(true)
|
23
28
|
@request.env.delete 'HTTP_CLIENT_IP'
|
24
29
|
|
25
30
|
@request.remote_addr = '1.2.3.4'
|
26
31
|
@request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
|
27
|
-
assert_equal '1.2.3.4', @request.remote_ip
|
32
|
+
assert_equal '1.2.3.4', @request.remote_ip(true)
|
28
33
|
|
29
34
|
@request.remote_addr = '127.0.0.1'
|
30
35
|
@request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
|
31
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
36
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
32
37
|
|
33
38
|
@request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,3.4.5.6'
|
34
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
39
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
35
40
|
|
36
41
|
@request.env['HTTP_X_FORWARDED_FOR'] = '172.16.0.1,3.4.5.6'
|
37
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
42
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
38
43
|
|
39
44
|
@request.env['HTTP_X_FORWARDED_FOR'] = '192.168.0.1,3.4.5.6'
|
40
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
45
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
41
46
|
|
42
47
|
@request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,3.4.5.6'
|
43
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
44
|
-
|
48
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
49
|
+
|
45
50
|
@request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1, 10.0.0.1, 3.4.5.6'
|
46
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
51
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
47
52
|
|
48
53
|
@request.env['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,3.4.5.6'
|
49
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
54
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
50
55
|
|
51
56
|
@request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,192.168.0.1'
|
52
|
-
assert_equal 'unknown', @request.remote_ip
|
57
|
+
assert_equal 'unknown', @request.remote_ip(true)
|
53
58
|
|
54
59
|
@request.env['HTTP_X_FORWARDED_FOR'] = '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
|
55
|
-
assert_equal '3.4.5.6', @request.remote_ip
|
60
|
+
assert_equal '3.4.5.6', @request.remote_ip(true)
|
56
61
|
|
57
62
|
@request.env['HTTP_CLIENT_IP'] = '8.8.8.8'
|
58
63
|
e = assert_raises(ActionController::ActionControllerError) {
|
59
|
-
@request.remote_ip
|
64
|
+
@request.remote_ip(true)
|
60
65
|
}
|
61
66
|
assert_match /IP spoofing attack/, e.message
|
62
67
|
assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message
|
63
68
|
assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message
|
64
69
|
|
65
70
|
@request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
|
66
|
-
assert_equal '8.8.8.8', @request.remote_ip
|
71
|
+
assert_equal '8.8.8.8', @request.remote_ip(true)
|
67
72
|
|
68
73
|
@request.env.delete 'HTTP_CLIENT_IP'
|
69
74
|
@request.env.delete 'HTTP_X_FORWARDED_FOR'
|
@@ -123,169 +128,118 @@ class RequestTest < Test::Unit::TestCase
|
|
123
128
|
assert_equal ":8080", @request.port_string
|
124
129
|
end
|
125
130
|
|
126
|
-
def test_relative_url_root
|
127
|
-
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
128
|
-
@request.env['SERVER_SOFTWARE'] = 'lighttpd/1.2.3'
|
129
|
-
assert_equal '', @request.relative_url_root, "relative_url_root should be disabled on lighttpd"
|
130
|
-
|
131
|
-
@request.env['SERVER_SOFTWARE'] = 'apache/1.2.3 some random text'
|
132
|
-
|
133
|
-
@request.env['SCRIPT_NAME'] = nil
|
134
|
-
assert_equal "", @request.relative_url_root
|
135
|
-
|
136
|
-
@request.env['SCRIPT_NAME'] = "/dispatch.cgi"
|
137
|
-
assert_equal "", @request.relative_url_root
|
138
|
-
|
139
|
-
@request.env['SCRIPT_NAME'] = "/myapp.rb"
|
140
|
-
assert_equal "", @request.relative_url_root
|
141
|
-
|
142
|
-
@request.relative_url_root = nil
|
143
|
-
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
144
|
-
assert_equal "/hieraki", @request.relative_url_root
|
145
|
-
|
146
|
-
@request.relative_url_root = nil
|
147
|
-
@request.env['SCRIPT_NAME'] = "/collaboration/hieraki/dispatch.cgi"
|
148
|
-
assert_equal "/collaboration/hieraki", @request.relative_url_root
|
149
|
-
|
150
|
-
# apache/scgi case
|
151
|
-
@request.relative_url_root = nil
|
152
|
-
@request.env['SCRIPT_NAME'] = "/collaboration/hieraki"
|
153
|
-
assert_equal "/collaboration/hieraki", @request.relative_url_root
|
154
|
-
|
155
|
-
@request.relative_url_root = nil
|
156
|
-
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
157
|
-
@request.env['SERVER_SOFTWARE'] = 'lighttpd/1.2.3'
|
158
|
-
@request.env['RAILS_RELATIVE_URL_ROOT'] = "/hieraki"
|
159
|
-
assert_equal "/hieraki", @request.relative_url_root
|
160
|
-
|
161
|
-
# @env overrides path guess
|
162
|
-
@request.relative_url_root = nil
|
163
|
-
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
164
|
-
@request.env['SERVER_SOFTWARE'] = 'apache/1.2.3 some random text'
|
165
|
-
@request.env['RAILS_RELATIVE_URL_ROOT'] = "/real_url"
|
166
|
-
assert_equal "/real_url", @request.relative_url_root
|
167
|
-
end
|
168
|
-
|
169
131
|
def test_request_uri
|
170
132
|
@request.env['SERVER_SOFTWARE'] = 'Apache 42.342.3432'
|
171
133
|
|
172
|
-
@request.relative_url_root = nil
|
173
134
|
@request.set_REQUEST_URI "http://www.rubyonrails.org/path/of/some/uri?mapped=1"
|
174
135
|
assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
|
175
136
|
assert_equal "/path/of/some/uri", @request.path
|
176
137
|
|
177
|
-
@request.relative_url_root = nil
|
178
138
|
@request.set_REQUEST_URI "http://www.rubyonrails.org/path/of/some/uri"
|
179
139
|
assert_equal "/path/of/some/uri", @request.request_uri
|
180
140
|
assert_equal "/path/of/some/uri", @request.path
|
181
141
|
|
182
|
-
@request.relative_url_root = nil
|
183
142
|
@request.set_REQUEST_URI "/path/of/some/uri"
|
184
143
|
assert_equal "/path/of/some/uri", @request.request_uri
|
185
144
|
assert_equal "/path/of/some/uri", @request.path
|
186
145
|
|
187
|
-
@request.relative_url_root = nil
|
188
146
|
@request.set_REQUEST_URI "/"
|
189
147
|
assert_equal "/", @request.request_uri
|
190
148
|
assert_equal "/", @request.path
|
191
149
|
|
192
|
-
@request.relative_url_root = nil
|
193
150
|
@request.set_REQUEST_URI "/?m=b"
|
194
151
|
assert_equal "/?m=b", @request.request_uri
|
195
152
|
assert_equal "/", @request.path
|
196
153
|
|
197
|
-
@request.relative_url_root = nil
|
198
154
|
@request.set_REQUEST_URI "/"
|
199
155
|
@request.env['SCRIPT_NAME'] = "/dispatch.cgi"
|
200
156
|
assert_equal "/", @request.request_uri
|
201
157
|
assert_equal "/", @request.path
|
202
158
|
|
203
|
-
|
159
|
+
ActionController::Base.relative_url_root = "/hieraki"
|
204
160
|
@request.set_REQUEST_URI "/hieraki/"
|
205
161
|
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
206
162
|
assert_equal "/hieraki/", @request.request_uri
|
207
163
|
assert_equal "/", @request.path
|
164
|
+
ActionController::Base.relative_url_root = nil
|
208
165
|
|
209
|
-
|
166
|
+
ActionController::Base.relative_url_root = "/collaboration/hieraki"
|
210
167
|
@request.set_REQUEST_URI "/collaboration/hieraki/books/edit/2"
|
211
168
|
@request.env['SCRIPT_NAME'] = "/collaboration/hieraki/dispatch.cgi"
|
212
169
|
assert_equal "/collaboration/hieraki/books/edit/2", @request.request_uri
|
213
170
|
assert_equal "/books/edit/2", @request.path
|
171
|
+
ActionController::Base.relative_url_root = nil
|
214
172
|
|
215
173
|
# The following tests are for when REQUEST_URI is not supplied (as in IIS)
|
216
|
-
@request.relative_url_root = nil
|
217
|
-
@request.set_REQUEST_URI nil
|
218
174
|
@request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
|
219
175
|
@request.env['SCRIPT_NAME'] = nil #"/path/dispatch.rb"
|
176
|
+
@request.set_REQUEST_URI nil
|
220
177
|
assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
|
221
178
|
assert_equal "/path/of/some/uri", @request.path
|
222
179
|
|
223
|
-
|
224
|
-
@request.relative_url_root = nil
|
180
|
+
ActionController::Base.relative_url_root = '/path'
|
225
181
|
@request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
|
226
182
|
@request.env['SCRIPT_NAME'] = "/path/dispatch.rb"
|
227
|
-
assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
|
228
|
-
assert_equal "/of/some/uri", @request.path
|
229
|
-
|
230
183
|
@request.set_REQUEST_URI nil
|
231
|
-
@request.
|
184
|
+
assert_equal "/path/of/some/uri?mapped=1", @request.request_uri(true)
|
185
|
+
assert_equal "/of/some/uri", @request.path(true)
|
186
|
+
ActionController::Base.relative_url_root = nil
|
187
|
+
|
232
188
|
@request.env['PATH_INFO'] = "/path/of/some/uri"
|
233
189
|
@request.env['SCRIPT_NAME'] = nil
|
190
|
+
@request.set_REQUEST_URI nil
|
234
191
|
assert_equal "/path/of/some/uri", @request.request_uri
|
235
192
|
assert_equal "/path/of/some/uri", @request.path
|
236
193
|
|
237
|
-
@request.set_REQUEST_URI nil
|
238
|
-
@request.relative_url_root = nil
|
239
194
|
@request.env['PATH_INFO'] = "/"
|
195
|
+
@request.set_REQUEST_URI nil
|
240
196
|
assert_equal "/", @request.request_uri
|
241
197
|
assert_equal "/", @request.path
|
242
198
|
|
243
|
-
@request.set_REQUEST_URI nil
|
244
|
-
@request.relative_url_root = nil
|
245
199
|
@request.env['PATH_INFO'] = "/?m=b"
|
200
|
+
@request.set_REQUEST_URI nil
|
246
201
|
assert_equal "/?m=b", @request.request_uri
|
247
202
|
assert_equal "/", @request.path
|
248
203
|
|
249
|
-
@request.set_REQUEST_URI nil
|
250
|
-
@request.relative_url_root = nil
|
251
204
|
@request.env['PATH_INFO'] = "/"
|
252
205
|
@request.env['SCRIPT_NAME'] = "/dispatch.cgi"
|
206
|
+
@request.set_REQUEST_URI nil
|
253
207
|
assert_equal "/", @request.request_uri
|
254
208
|
assert_equal "/", @request.path
|
255
209
|
|
256
|
-
|
257
|
-
@request.relative_url_root = nil
|
210
|
+
ActionController::Base.relative_url_root = '/hieraki'
|
258
211
|
@request.env['PATH_INFO'] = "/hieraki/"
|
259
212
|
@request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
|
213
|
+
@request.set_REQUEST_URI nil
|
260
214
|
assert_equal "/hieraki/", @request.request_uri
|
261
215
|
assert_equal "/", @request.path
|
216
|
+
ActionController::Base.relative_url_root = nil
|
262
217
|
|
263
218
|
@request.set_REQUEST_URI '/hieraki/dispatch.cgi'
|
264
|
-
|
265
|
-
assert_equal "/dispatch.cgi", @request.path
|
266
|
-
|
219
|
+
ActionController::Base.relative_url_root = '/hieraki'
|
220
|
+
assert_equal "/dispatch.cgi", @request.path(true)
|
221
|
+
ActionController::Base.relative_url_root = nil
|
267
222
|
|
268
223
|
@request.set_REQUEST_URI '/hieraki/dispatch.cgi'
|
269
|
-
|
270
|
-
assert_equal "/hieraki/dispatch.cgi", @request.path
|
271
|
-
|
224
|
+
ActionController::Base.relative_url_root = '/foo'
|
225
|
+
assert_equal "/hieraki/dispatch.cgi", @request.path(true)
|
226
|
+
ActionController::Base.relative_url_root = nil
|
272
227
|
|
273
228
|
# This test ensures that Rails uses REQUEST_URI over PATH_INFO
|
274
|
-
|
229
|
+
ActionController::Base.relative_url_root = nil
|
275
230
|
@request.env['REQUEST_URI'] = "/some/path"
|
276
231
|
@request.env['PATH_INFO'] = "/another/path"
|
277
232
|
@request.env['SCRIPT_NAME'] = "/dispatch.cgi"
|
278
|
-
assert_equal "/some/path", @request.request_uri
|
279
|
-
assert_equal "/some/path", @request.path
|
233
|
+
assert_equal "/some/path", @request.request_uri(true)
|
234
|
+
assert_equal "/some/path", @request.path(true)
|
280
235
|
end
|
281
236
|
|
282
|
-
|
283
237
|
def test_host_with_default_port
|
284
238
|
@request.host = "rubyonrails.org"
|
285
239
|
@request.port = 80
|
286
240
|
assert_equal "rubyonrails.org", @request.host_with_port
|
287
241
|
end
|
288
|
-
|
242
|
+
|
289
243
|
def test_host_with_non_default_port
|
290
244
|
@request.host = "rubyonrails.org"
|
291
245
|
@request.port = 81
|
@@ -293,13 +247,13 @@ class RequestTest < Test::Unit::TestCase
|
|
293
247
|
end
|
294
248
|
|
295
249
|
def test_server_software
|
296
|
-
assert_equal nil, @request.server_software
|
250
|
+
assert_equal nil, @request.server_software(true)
|
297
251
|
|
298
252
|
@request.env['SERVER_SOFTWARE'] = 'Apache3.422'
|
299
|
-
assert_equal 'apache', @request.server_software
|
253
|
+
assert_equal 'apache', @request.server_software(true)
|
300
254
|
|
301
255
|
@request.env['SERVER_SOFTWARE'] = 'lighttpd(1.1.4)'
|
302
|
-
assert_equal 'lighttpd', @request.server_software
|
256
|
+
assert_equal 'lighttpd', @request.server_software(true)
|
303
257
|
end
|
304
258
|
|
305
259
|
def test_xml_http_request
|
@@ -329,44 +283,44 @@ class RequestTest < Test::Unit::TestCase
|
|
329
283
|
|
330
284
|
def test_symbolized_request_methods
|
331
285
|
[:get, :post, :put, :delete].each do |method|
|
332
|
-
|
286
|
+
self.request_method = method
|
333
287
|
assert_equal method, @request.method
|
334
288
|
end
|
335
289
|
end
|
336
290
|
|
337
291
|
def test_invalid_http_method_raises_exception
|
338
|
-
set_request_method_to :random_method
|
339
292
|
assert_raises(ActionController::UnknownHttpMethod) do
|
340
|
-
|
293
|
+
self.request_method = :random_method
|
341
294
|
end
|
342
295
|
end
|
343
296
|
|
344
297
|
def test_allow_method_hacking_on_post
|
345
|
-
|
298
|
+
self.request_method = :post
|
346
299
|
[:get, :head, :options, :put, :post, :delete].each do |method|
|
347
|
-
@request.instance_eval { @parameters = { :_method => method } ; @request_method = nil }
|
300
|
+
@request.instance_eval { @parameters = { :_method => method.to_s } ; @request_method = nil }
|
301
|
+
@request.request_method(true)
|
348
302
|
assert_equal(method == :head ? :get : method, @request.method)
|
349
303
|
end
|
350
304
|
end
|
351
305
|
|
352
306
|
def test_invalid_method_hacking_on_post_raises_exception
|
353
|
-
|
307
|
+
self.request_method = :post
|
354
308
|
@request.instance_eval { @parameters = { :_method => :random_method } ; @request_method = nil }
|
355
309
|
assert_raises(ActionController::UnknownHttpMethod) do
|
356
|
-
@request.
|
310
|
+
@request.request_method(true)
|
357
311
|
end
|
358
312
|
end
|
359
313
|
|
360
314
|
def test_restrict_method_hacking
|
361
315
|
@request.instance_eval { @parameters = { :_method => 'put' } }
|
362
316
|
[:get, :put, :delete].each do |method|
|
363
|
-
|
317
|
+
self.request_method = method
|
364
318
|
assert_equal method, @request.method
|
365
319
|
end
|
366
320
|
end
|
367
321
|
|
368
|
-
def
|
369
|
-
|
322
|
+
def test_head_masquerading_as_get
|
323
|
+
self.request_method = :head
|
370
324
|
assert_equal :get, @request.method
|
371
325
|
assert @request.get?
|
372
326
|
assert @request.head?
|
@@ -388,9 +342,16 @@ class RequestTest < Test::Unit::TestCase
|
|
388
342
|
end
|
389
343
|
|
390
344
|
def test_nil_format
|
391
|
-
|
392
|
-
|
345
|
+
ActionController::Base.use_accept_header, old =
|
346
|
+
false, ActionController::Base.use_accept_header
|
347
|
+
|
348
|
+
@request.instance_eval { @parameters = {} }
|
349
|
+
@request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
|
350
|
+
assert @request.xhr?
|
393
351
|
assert_equal Mime::JS, @request.format
|
352
|
+
|
353
|
+
ensure
|
354
|
+
ActionController::Base.use_accept_header = old
|
394
355
|
end
|
395
356
|
|
396
357
|
def test_content_type
|
@@ -418,28 +379,27 @@ class RequestTest < Test::Unit::TestCase
|
|
418
379
|
@request.env["CONTENT_TYPE"] = "application/xml; charset=UTF-8"
|
419
380
|
assert_equal Mime::XML, @request.content_type
|
420
381
|
end
|
421
|
-
|
382
|
+
|
422
383
|
def test_user_agent
|
423
384
|
assert_not_nil @request.user_agent
|
424
385
|
end
|
425
|
-
|
386
|
+
|
426
387
|
def test_parameters
|
427
388
|
@request.instance_eval { @request_parameters = { "foo" => 1 } }
|
428
389
|
@request.instance_eval { @query_parameters = { "bar" => 2 } }
|
429
|
-
|
390
|
+
|
430
391
|
assert_equal({"foo" => 1, "bar" => 2}, @request.parameters)
|
431
392
|
assert_equal({"foo" => 1}, @request.request_parameters)
|
432
393
|
assert_equal({"bar" => 2}, @request.query_parameters)
|
433
394
|
end
|
434
395
|
|
435
396
|
protected
|
436
|
-
def
|
397
|
+
def request_method=(method)
|
437
398
|
@request.env['REQUEST_METHOD'] = method.to_s.upcase
|
438
|
-
@request.
|
399
|
+
@request.request_method(true)
|
439
400
|
end
|
440
401
|
end
|
441
402
|
|
442
|
-
|
443
403
|
class UrlEncodedRequestParameterParsingTest < Test::Unit::TestCase
|
444
404
|
def setup
|
445
405
|
@query_string = "action=create_customer&full_name=David%20Heinemeier%20Hansson&customerId=1"
|
@@ -551,7 +511,6 @@ class UrlEncodedRequestParameterParsingTest < Test::Unit::TestCase
|
|
551
511
|
)
|
552
512
|
end
|
553
513
|
|
554
|
-
|
555
514
|
def test_request_hash_parsing
|
556
515
|
query = {
|
557
516
|
"note[viewers][viewer][][type]" => ["User", "Group"],
|
@@ -563,7 +522,6 @@ class UrlEncodedRequestParameterParsingTest < Test::Unit::TestCase
|
|
563
522
|
assert_equal(expected, ActionController::AbstractRequest.parse_request_parameters(query))
|
564
523
|
end
|
565
524
|
|
566
|
-
|
567
525
|
def test_parse_params
|
568
526
|
input = {
|
569
527
|
"customers[boston][first][name]" => [ "David" ],
|
@@ -746,7 +704,6 @@ class UrlEncodedRequestParameterParsingTest < Test::Unit::TestCase
|
|
746
704
|
end
|
747
705
|
end
|
748
706
|
|
749
|
-
|
750
707
|
class MultipartRequestParameterParsingTest < Test::Unit::TestCase
|
751
708
|
FIXTURE_PATH = File.dirname(__FILE__) + '/../fixtures/multipart'
|
752
709
|
|
@@ -777,30 +734,24 @@ class MultipartRequestParameterParsingTest < Test::Unit::TestCase
|
|
777
734
|
|
778
735
|
file = params['file']
|
779
736
|
foo = params['foo']
|
780
|
-
|
781
|
-
|
782
|
-
|
783
|
-
else
|
784
|
-
assert_kind_of Tempfile, file
|
785
|
-
end
|
786
|
-
|
737
|
+
|
738
|
+
assert_kind_of Tempfile, file
|
739
|
+
|
787
740
|
assert_equal 'file.txt', file.original_filename
|
788
741
|
assert_equal "text/plain", file.content_type
|
789
|
-
|
742
|
+
|
790
743
|
assert_equal 'bar', foo
|
791
744
|
end
|
792
|
-
|
745
|
+
|
793
746
|
def test_large_text_file
|
794
747
|
params = process('large_text_file')
|
795
748
|
assert_equal %w(file foo), params.keys.sort
|
796
749
|
assert_equal 'bar', params['foo']
|
797
750
|
|
798
751
|
file = params['file']
|
799
|
-
|
800
|
-
|
801
|
-
|
802
|
-
assert_kind_of Tempfile, file
|
803
|
-
end
|
752
|
+
|
753
|
+
assert_kind_of Tempfile, file
|
754
|
+
|
804
755
|
assert_equal 'file.txt', file.original_filename
|
805
756
|
assert_equal "text/plain", file.content_type
|
806
757
|
assert ('a' * 20480) == file.read
|
@@ -894,35 +845,41 @@ class XmlParamsParsingTest < Test::Unit::TestCase
|
|
894
845
|
|
895
846
|
private
|
896
847
|
def parse_body(body)
|
897
|
-
env = { '
|
848
|
+
env = { 'rack.input' => StringIO.new(body),
|
849
|
+
'CONTENT_TYPE' => 'application/xml',
|
898
850
|
'CONTENT_LENGTH' => body.size.to_s }
|
899
|
-
|
900
|
-
ActionController::CgiRequest.new(cgi).request_parameters
|
851
|
+
ActionController::RackRequest.new(env).request_parameters
|
901
852
|
end
|
902
853
|
end
|
903
854
|
|
904
855
|
class LegacyXmlParamsParsingTest < XmlParamsParsingTest
|
905
856
|
private
|
906
857
|
def parse_body(body)
|
907
|
-
env = { '
|
908
|
-
'
|
909
|
-
|
910
|
-
ActionController::
|
858
|
+
env = { 'rack.input' => StringIO.new(body),
|
859
|
+
'HTTP_X_POST_DATA_FORMAT' => 'xml',
|
860
|
+
'CONTENT_LENGTH' => body.size.to_s }
|
861
|
+
ActionController::RackRequest.new(env).request_parameters
|
911
862
|
end
|
912
863
|
end
|
913
864
|
|
914
865
|
class JsonParamsParsingTest < Test::Unit::TestCase
|
915
|
-
def
|
916
|
-
person = parse_body({:person => {:name => "David"}}.to_json)[:person]
|
866
|
+
def test_hash_params_for_application_json
|
867
|
+
person = parse_body({:person => {:name => "David"}}.to_json,'application/json')[:person]
|
868
|
+
assert_kind_of Hash, person
|
869
|
+
assert_equal 'David', person['name']
|
870
|
+
end
|
871
|
+
|
872
|
+
def test_hash_params_for_application_jsonrequest
|
873
|
+
person = parse_body({:person => {:name => "David"}}.to_json,'application/jsonrequest')[:person]
|
917
874
|
assert_kind_of Hash, person
|
918
875
|
assert_equal 'David', person['name']
|
919
876
|
end
|
920
877
|
|
921
878
|
private
|
922
|
-
def parse_body(body)
|
923
|
-
env = { '
|
879
|
+
def parse_body(body,content_type)
|
880
|
+
env = { 'rack.input' => StringIO.new(body),
|
881
|
+
'CONTENT_TYPE' => content_type,
|
924
882
|
'CONTENT_LENGTH' => body.size.to_s }
|
925
|
-
|
926
|
-
ActionController::CgiRequest.new(cgi).request_parameters
|
883
|
+
ActionController::RackRequest.new(env).request_parameters
|
927
884
|
end
|
928
885
|
end
|