forme 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -23,7 +23,7 @@ begin
23
23
 
24
24
  class FormeRails < Rails::Application
25
25
  routes.append do
26
- %w'index inputs_block inputs_block_wrapper nest nest_sep nest_inputs nest_seq hash legend combined noblock noblock_post safe_buffer'.each do |action|
26
+ %w'index inputs_block inputs_block_wrapper nest nest_sep nest_inputs nest_seq hash legend combined noblock noblock_post safe_buffer no_forgery_protection'.each do |action|
27
27
  get action, :controller=>'forme', :action=>action
28
28
  end
29
29
  end
@@ -57,6 +57,14 @@ class FormeController < ActionController::Base
57
57
  END
58
58
  end
59
59
 
60
+ def no_forgery_protection
61
+ def self.protect_against_forgery?; false end
62
+ render :inline => <<END
63
+ <%= forme(:method=>'POST') do |f| %>
64
+ <% end %>
65
+ END
66
+ end
67
+
60
68
  def inputs_block
61
69
  render :inline => <<END
62
70
  <%= forme([:foo, :bar], :action=>'/baz') do |f| %>
@@ -270,5 +278,9 @@ describe "Forme Rails integration" do
270
278
  it "#form should handle Rails SafeBuffers" do
271
279
  sin_get('/safe_buffer').must_equal '<form action="/baz"><fieldset class="inputs"><legend><b>foo</b></legend><input id="first" name="first" type="text" value="foo"/></fieldset><input type="submit" value="xyz"/></form>'
272
280
  end
281
+
282
+ it "#form should handle case where forgery protection is disabled" do
283
+ sin_get('/no_forgery_protection').must_equal '<form method="POST"> </form>'
284
+ end
273
285
  end
274
286
  end
@@ -172,8 +172,9 @@ end if defined?(ERUBI_CAPTURE_BLOCK)
172
172
  def _forme_set(meth, obj, orig_hash, *form_args, &block)
173
173
  hash = {}
174
174
  forme_set_block = orig_hash.delete(:forme_set_block)
175
+ handle_params = hash.delete(:handle_params)
175
176
  orig_hash.each{|k,v| hash[k.to_s] = v}
176
- album = @ab
177
+ album = obj
177
178
  ret, _, data, hmac = nil
178
179
 
179
180
  @app.route do |r|
@@ -196,8 +197,9 @@ end if defined?(ERUBI_CAPTURE_BLOCK)
196
197
  data = $2
197
198
  hmac = $3
198
199
  data.gsub!("&quot;", '"') if data
199
- h = {"album"=>hash, "_forme_set_data"=>data, "_forme_set_data_hmac"=>hmac, "_csrf"=>csrf}
200
+ h = {"album"=>hash, "_forme_set_data"=>data, "_forme_set_data_hmac"=>hmac, "_csrf"=>csrf, "body"=>body}
200
201
  if data && hmac
202
+ h = handle_params.call(h) if handle_params
201
203
  forme_call(h)
202
204
  end
203
205
  meth == :forme_parse ? ret : h
@@ -244,6 +246,18 @@ END
244
246
  @ab.copies_sold.must_be_nil
245
247
  end
246
248
 
249
+ it "#forme_set handle missing csrf" do
250
+ h = forme_set(@ab, :name=>'Foo'){|f| f.input(:name)}
251
+ @ab.name = nil
252
+ data = JSON.parse(h["_forme_set_data"])
253
+ data.delete('csrf')
254
+ data = data.to_json
255
+ hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA512.new, '1'*64, data)
256
+ forme_call(h.merge("_forme_set_data_hmac"=>hmac, "_forme_set_data"=>data))
257
+ @ab.name.must_equal 'Foo'
258
+ @ab.copies_sold.must_be_nil
259
+ end
260
+
247
261
  it "#forme_set should handle custom form namespaces" do
248
262
  forme_set(@ab, {"album"=>{"name"=>'Foo', 'copies_sold'=>'100'}}, {}, :namespace=>'album'){|f| f.input(:name); f.input(:copies_sold)}
249
263
  @ab.name.must_equal 'Foo'
@@ -517,6 +531,10 @@ END
517
531
  @ab.forme_validations.merge!(hash[:validations])
518
532
  @ab.valid?.must_equal true
519
533
  end
534
+
535
+ it "should handle forms with objects that don't support forme_inputs" do
536
+ forme_set(String, {:name=>'Foo'}, {}, :inputs=>[:name])['body'].must_equal '<form><fieldset class="inputs"><input id="name" name="name" type="text" value="String"/></fieldset></form>'
537
+ end
520
538
  end
521
539
  end
522
540
  end
@@ -1,6 +1,6 @@
1
1
  require 'sequel'
2
2
 
3
- db_url = defined?(RUBY_ENGINE) && RUBY_ENGINE == 'jruby' ? 'jdbc:sqlite::memory:' : 'sqlite:/'
3
+ db_url = RUBY_ENGINE == 'jruby' ? 'jdbc:sqlite::memory:' : 'sqlite:/'
4
4
  DB = Sequel.connect(db_url, :identifier_mangling=>false)
5
5
  DB.extension(:freeze_datasets)
6
6
  Sequel.default_timezone = :utc
@@ -17,6 +17,8 @@ DB.create_table(:albums) do
17
17
  Date :release_date
18
18
  DateTime :created_at
19
19
  Integer :copies_sold
20
+ Float :fl
21
+ BigDecimal :bd
20
22
  end
21
23
  DB.create_table(:album_infos) do
22
24
  primary_key :id
@@ -13,19 +13,19 @@ describe "Forme Sequel::Model forms" do
13
13
  end
14
14
 
15
15
  it "should not change the usual label input if translation is not present" do
16
- @b.input(:name).to_s.must_equal '<label>Name: <input id="invoice_name" maxlength="255" name="invoice[name]" type="text" value="b"/></label>'
16
+ @b.input(:name).must_equal '<label>Name: <input id="invoice_name" maxlength="255" name="invoice[name]" type="text" value="b"/></label>'
17
17
  end
18
18
 
19
19
  it "should use the translation for the label if present" do
20
- @b.input(:summary).to_s.must_equal '<label>Brief Description: <input id="invoice_summary" maxlength="255" name="invoice[summary]" type="text" value="a brief summary"/></label>'
20
+ @b.input(:summary).must_equal '<label>Brief Description: <input id="invoice_summary" maxlength="255" name="invoice[summary]" type="text" value="a brief summary"/></label>'
21
21
  end
22
22
 
23
23
  it "should not change the usual legend for the subform if the translation is not present" do
24
- Forme.form(Firm[1]){|f| f.subform(:invoices){ f.input(:name) }}.to_s.must_equal '<form class="forme firm" method="post"><input id="firm_invoices_attributes_0_id" name="firm[invoices_attributes][0][id]" type="hidden" value="1"/><fieldset class="inputs"><legend>Invoice #1</legend><label>Name: <input id="firm_invoices_attributes_0_name" maxlength="255" name="firm[invoices_attributes][0][name]" type="text" value="b"/></label></fieldset></form>'
24
+ Forme.form(Firm[1]){|f| f.subform(:invoices){ f.input(:name) }}.must_equal '<form class="forme firm" method="post"><input id="firm_invoices_attributes_0_id" name="firm[invoices_attributes][0][id]" type="hidden" value="1"/><fieldset class="inputs"><legend>Invoice #1</legend><label>Name: <input id="firm_invoices_attributes_0_name" maxlength="255" name="firm[invoices_attributes][0][name]" type="text" value="b"/></label></fieldset></form>'
25
25
  end
26
26
 
27
27
  it "should use the translation for the legend on the subform if present" do
28
- Forme.form(Firm[1]){|f| f.subform(:clients){ f.input(:name) }}.to_s.must_equal '<form class="forme firm" method="post"><input id="firm_clients_attributes_0_id" name="firm[clients_attributes][0][id]" type="hidden" value="1"/><fieldset class="inputs"><legend>Clientes</legend><label>Name: <input id="firm_clients_attributes_0_name" maxlength="255" name="firm[clients_attributes][0][name]" type="text" value="a great client"/></label></fieldset></form>'
28
+ Forme.form(Firm[1]){|f| f.subform(:clients){ f.input(:name) }}.must_equal '<form class="forme firm" method="post"><input id="firm_clients_attributes_0_id" name="firm[clients_attributes][0][id]" type="hidden" value="1"/><fieldset class="inputs"><legend>Clientes</legend><label>Name: <input id="firm_clients_attributes_0_name" maxlength="255" name="firm[clients_attributes][0][name]" type="text" value="a great client"/></label></fieldset></form>'
29
29
  end
30
30
  end
31
31
  end