actionpack 2.2.3 → 2.3.2

data/test/controller/dispatcher_test.rb

@@ -1,24 +1,22 @@
 require 'abstract_unit'
 
-uses_mocha 'dispatcher tests' do
-
-require 'action_controller/dispatcher'
-
 class DispatcherTest < Test::Unit::TestCase
   Dispatcher = ActionController::Dispatcher
 
   def setup
-    @output = StringIO.new
     ENV['REQUEST_METHOD'] = 'GET'
 
+    Dispatcher.middleware = ActionController::MiddlewareStack.new do |middleware|
+      middlewares = File.expand_path(File.join(File.dirname(__FILE__), "../../lib/action_controller/middlewares.rb"))
+      middleware.instance_eval(File.read(middlewares))
+    end
+
     # Clear callbacks as they are redefined by Dispatcher#define_dispatcher_callbacks
     Dispatcher.instance_variable_set("@prepare_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
     Dispatcher.instance_variable_set("@before_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
     Dispatcher.instance_variable_set("@after_dispatch_callbacks", ActiveSupport::Callbacks::CallbackChain.new)
 
     Dispatcher.stubs(:require_dependency)
-
-    @dispatcher = Dispatcher.new(@output)
   end
 
   def teardown
@@ -27,12 +25,12 @@ class DispatcherTest < Test::Unit::TestCase
 
   def test_clears_dependencies_after_dispatch_if_in_loading_mode
     ActiveSupport::Dependencies.expects(:clear).once
-    dispatch(@output, false)
+    dispatch(false)
   end
 
   def test_reloads_routes_before_dispatch_if_in_loading_mode
     ActionController::Routing::Routes.expects(:reload).once
-    dispatch(@output, false)
+    dispatch(false)
   end
 
   def test_leaves_dependencies_after_dispatch_if_not_in_loading_mode
@@ -48,12 +46,16 @@ class DispatcherTest < Test::Unit::TestCase
   end
 
   def test_failsafe_response
-    CGI.expects(:new).raises('some multipart parsing failure')
-    Dispatcher.expects(:log_failsafe_exception)
-
-    assert_nothing_raised { dispatch }
-
-    assert_equal "Status: 400 Bad Request\r\nContent-Type: text/html\r\n\r\n<html><body><h1>400 Bad Request</h1></body></html>", @output.string
+    Dispatcher.any_instance.expects(:dispatch).raises('b00m')
+    ActionController::Failsafe.any_instance.expects(:log_failsafe_exception)
+
+    assert_nothing_raised do
+      assert_equal [
+        500,
+        {"Content-Type" => "text/html"},
+        "<html><body><h1>500 Internal Server Error</h1></body></html>"
+      ], dispatch
+    end
   end
 
   def test_prepare_callbacks
@@ -66,7 +68,7 @@ class DispatcherTest < Test::Unit::TestCase
     assert_nil a || b || c
 
     # Run callbacks
-    @dispatcher.send :run_callbacks, :prepare_dispatch
+    Dispatcher.run_prepare_callbacks
 
     assert_equal 1, a
     assert_equal 2, b
@@ -74,7 +76,7 @@ class DispatcherTest < Test::Unit::TestCase
 
     # Make sure they are only run once
     a = b = c = nil
-    @dispatcher.send :dispatch
+    dispatch
     assert_nil a || b || c
   end
 
@@ -83,26 +85,19 @@ class DispatcherTest < Test::Unit::TestCase
     Dispatcher.to_prepare(:unique_id) { |*args| a = b = 1 }
     Dispatcher.to_prepare(:unique_id) { |*args| a = 2 }
 
-    @dispatcher.send :run_callbacks, :prepare_dispatch
+    Dispatcher.run_prepare_callbacks
     assert_equal 2, a
     assert_equal nil, b
   end
 
   private
-    def dispatch(output = @output, cache_classes = true)
-      controller = mock
-      controller.stubs(:process).returns(controller)
-      controller.stubs(:out).with(output).returns('response')
-
-      ActionController::Routing::Routes.stubs(:recognize).returns(controller)
-
+    def dispatch(cache_classes = true)
+      ActionController::Routing::RouteSet.any_instance.stubs(:call).returns([200, {}, 'response'])
       Dispatcher.define_dispatcher_callbacks(cache_classes)
-      Dispatcher.dispatch(nil, {}, output)
+      Dispatcher.new.call({})
     end
 
     def assert_subclasses(howmany, klass, message = klass.subclasses.inspect)
       assert_equal howmany, klass.subclasses.size, message
     end
 end
-
-end

data/test/controller/fake_models.rb

@@ -9,3 +9,11 @@ end
 
 class GoodCustomer < Customer
 end
+
+module Quiz
+  class Question < Struct.new(:name, :id)
+    def to_param
+      id.to_s
+    end
+  end
+end

data/test/controller/filters_test.rb

@@ -634,9 +634,11 @@ class FilterTest < Test::Unit::TestCase
 
   private
     def test_process(controller, action = "show")
+      ActionController::Base.class_eval { include ActionController::ProcessWithTest } unless ActionController::Base < ActionController::ProcessWithTest
       request = ActionController::TestRequest.new
       request.action = action
-      controller.process(request, ActionController::TestResponse.new)
+      controller = controller.new if controller.is_a?(Class)
+      controller.process_with_test(request, ActionController::TestResponse.new)
     end
 end
 
@@ -874,8 +876,10 @@ class YieldingAroundFiltersTest < Test::Unit::TestCase
 
   protected
     def test_process(controller, action = "show")
+      ActionController::Base.class_eval { include ActionController::ProcessWithTest } unless ActionController::Base < ActionController::ProcessWithTest
       request = ActionController::TestRequest.new
       request.action = action
-      controller.process(request, ActionController::TestResponse.new)
+      controller = controller.new if controller.is_a?(Class)
+      controller.process_with_test(request, ActionController::TestResponse.new)
     end
 end

data/test/controller/flash_test.rb

@@ -1,6 +1,6 @@
 require 'abstract_unit'
 
-class FlashTest < Test::Unit::TestCase
+class FlashTest < ActionController::TestCase
   class TestController < ActionController::Base
     def set_flash
       flash["that"] = "hello"
@@ -73,11 +73,7 @@ class FlashTest < Test::Unit::TestCase
     end
   end
 
-  def setup
-    @request    = ActionController::TestRequest.new
-    @response   = ActionController::TestResponse.new
-    @controller = TestController.new
-  end
+  tests TestController
 
   def test_flash
     get :set_flash

data/test/controller/helper_test.rb

@@ -1,6 +1,6 @@
 require 'abstract_unit'
 
-ActionController::Helpers::HELPERS_DIR.replace File.dirname(__FILE__) + '/../fixtures/helpers'
+ActionController::Base.helpers_dir = File.dirname(__FILE__) + '/../fixtures/helpers'
 
 class TestController < ActionController::Base
   attr_accessor :delegate_attr
@@ -130,6 +130,20 @@ class HelperTest < Test::Unit::TestCase
     assert methods.include?('foobar')
   end
 
+  def test_all_helpers_with_alternate_helper_dir
+    @controller_class.helpers_dir = File.dirname(__FILE__) + '/../fixtures/alternate_helpers'
+
+    # Reload helpers
+    @controller_class.master_helper_module = Module.new
+    @controller_class.helper :all
+
+    # helpers/abc_helper.rb should not be included
+    assert !master_helper_methods.include?('bare_a')
+
+    # alternate_helpers/foo_helper.rb
+    assert master_helper_methods.include?('baz')
+  end
+
   def test_helper_proxy
     methods = ApplicationController.helpers.methods.map(&:to_s)
 

data/test/controller/html-scanner/document_test.rb

@@ -134,7 +134,7 @@ HTML
   end
 
   def test_invalid_document_raises_exception_when_strict
-    assert_raises RuntimeError do
+    assert_raise RuntimeError do
       doc = HTML::Document.new("<html>
         <table>
           <tr>

data/test/controller/html-scanner/sanitizer_test.rb

@@ -1,6 +1,6 @@
 require 'abstract_unit'
 
-class SanitizerTest < Test::Unit::TestCase
+class SanitizerTest < ActionController::TestCase
   def setup
     @sanitizer = nil # used by assert_sanitizer
   end

data/test/controller/http_basic_authentication_test.rb

@@ -0,0 +1,88 @@
+require 'abstract_unit'
+
+class HttpBasicAuthenticationTest < ActionController::TestCase
+  class DummyController < ActionController::Base
+    before_filter :authenticate, :only => :index
+    before_filter :authenticate_with_request, :only => :display
+
+    def index
+      render :text => "Hello Secret"
+    end
+
+    def display
+      render :text => 'Definitely Maybe'
+    end
+
+    private
+
+    def authenticate
+      authenticate_or_request_with_http_basic do |username, password|
+        username == 'lifo' && password == 'world'
+      end
+    end
+
+    def authenticate_with_request
+      if authenticate_with_http_basic { |username, password| username == 'pretty' && password == 'please' }
+        @logged_in = true
+      else
+        request_http_basic_authentication("SuperSecret")
+      end
+    end
+  end
+
+  AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
+
+  tests DummyController
+
+  AUTH_HEADERS.each do |header|
+    test "successful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials('lifo', 'world')
+      get :index
+
+      assert_response :success
+      assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}"
+    end
+  end
+
+  AUTH_HEADERS.each do |header|
+    test "unsuccessful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials('h4x0r', 'world')
+      get :index
+
+      assert_response :unauthorized
+      assert_equal "HTTP Basic: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}"
+    end
+  end
+
+  test "authentication request without credential" do
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "HTTP Basic: Access denied.\n", @response.body
+    assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate']
+  end
+
+  test "authentication request with invalid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'foo')
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "HTTP Basic: Access denied.\n", @response.body
+    assert_equal 'Basic realm="SuperSecret"', @response.headers['WWW-Authenticate']
+  end
+
+  test "authentication request with valid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials('pretty', 'please')
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  private
+
+  def encode_credentials(username, password)
+    "Basic #{ActiveSupport::Base64.encode64("#{username}:#{password}")}"
+  end
+end

data/test/controller/http_digest_authentication_test.rb

@@ -0,0 +1,178 @@
+require 'abstract_unit'
+
+class HttpDigestAuthenticationTest < ActionController::TestCase
+  class DummyDigestController < ActionController::Base
+    before_filter :authenticate, :only => :index
+    before_filter :authenticate_with_request, :only => :display
+
+    USERS = { 'lifo' => 'world', 'pretty' => 'please',
+              'dhh' => ::Digest::MD5::hexdigest(["dhh","SuperSecret","secret"].join(":"))}
+
+    def index
+      render :text => "Hello Secret"
+    end
+
+    def display
+      render :text => 'Definitely Maybe'
+    end
+
+    private
+
+    def authenticate
+      authenticate_or_request_with_http_digest("SuperSecret") do |username|
+        # Return the password
+        USERS[username]
+      end
+    end
+
+    def authenticate_with_request
+      if authenticate_with_http_digest("SuperSecret")  { |username| USERS[username] }
+        @logged_in = true
+      else
+        request_http_digest_authentication("SuperSecret", "Authentication Failed")
+      end
+    end
+  end
+
+  AUTH_HEADERS = ['HTTP_AUTHORIZATION', 'X-HTTP_AUTHORIZATION', 'X_HTTP_AUTHORIZATION', 'REDIRECT_X_HTTP_AUTHORIZATION']
+
+  tests DummyDigestController
+
+  AUTH_HEADERS.each do |header|
+    test "successful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials(:username => 'lifo', :password => 'world')
+      get :index
+
+      assert_response :success
+      assert_equal 'Hello Secret', @response.body, "Authentication failed for request header #{header}"
+    end
+  end
+
+  AUTH_HEADERS.each do |header|
+    test "unsuccessful authentication with #{header.downcase}" do
+      @request.env[header] = encode_credentials(:username => 'h4x0r', :password => 'world')
+      get :index
+
+      assert_response :unauthorized
+      assert_equal "HTTP Digest: Access denied.\n", @response.body, "Authentication didn't fail for request header #{header}"
+    end
+  end
+
+  test "authentication request without credential" do
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+    credentials = decode_credentials(@response.headers['WWW-Authenticate'])
+    assert_equal 'SuperSecret', credentials[:realm]
+  end
+
+  test "authentication request with invalid password" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo')
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid nonce" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please', :nonce => "xxyyzz")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid opaque" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :opaque => "xxyyzz")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with invalid realm" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'foo', :realm => "NotSecret")
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+  test "authentication request with valid credential" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  test "authentication request with valid credential and nil session" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+
+    # session_id = "" in functional test, but is +nil+ in real life
+    @request.session.session_id = nil
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+   test "authentication request with request-uri that doesn't match credentials digest-uri" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'pretty', :password => 'please')
+    @request.env['REQUEST_URI'] = "/http_digest_authentication_test/dummy_digest/altered/uri"
+    get :display
+
+    assert_response :unauthorized
+    assert_equal "Authentication Failed", @response.body
+  end
+
+   test "authentication request with absolute uri" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:uri => "http://test.host/http_digest_authentication_test/dummy_digest/display",
+                                                            :username => 'pretty', :password => 'please')
+    @request.env['REQUEST_URI'] = "http://test.host/http_digest_authentication_test/dummy_digest/display"
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  test "authentication request with password stored as ha1 digest hash" do
+    @request.env['HTTP_AUTHORIZATION'] = encode_credentials(:username => 'dhh',
+                                           :password => ::Digest::MD5::hexdigest(["dhh","SuperSecret","secret"].join(":")),
+                                           :password_is_ha1 => true)
+    get :display
+
+    assert_response :success
+    assert assigns(:logged_in)
+    assert_equal 'Definitely Maybe', @response.body
+  end
+
+  private
+
+  def encode_credentials(options)
+    options.reverse_merge!(:nc => "00000001", :cnonce => "0a4f113b", :password_is_ha1 => false)
+    password = options.delete(:password)
+
+    # Set in /initializers/session_store.rb. Used as secret in generating nonce
+    # to prevent tampering of timestamp
+    ActionController::Base.session_options[:secret] = "session_options_secret"
+
+    # Perform unauthenticated GET to retrieve digest parameters to use on subsequent request
+    get :index
+
+    assert_response :unauthorized
+
+    credentials = decode_credentials(@response.headers['WWW-Authenticate'])
+    credentials.merge!(options)
+    credentials.reverse_merge!(:uri => "#{@request.env['REQUEST_URI']}")
+    ActionController::HttpAuthentication::Digest.encode_credentials("GET", credentials, password, options[:password_is_ha1])
+  end
+
+  def decode_credentials(header)
+    ActionController::HttpAuthentication::Digest.decode_credentials(@response.headers['WWW-Authenticate'])
+  end
+end