ghazel-erubis_rails_helper 0.9.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (104) hide show
  1. data/README.rdoc +66 -0
  2. data/lib/erubis_rails_helper/erubis/generator.rb +100 -0
  3. data/lib/erubis_rails_helper/template_handlers/erubis.rb +260 -0
  4. data/lib/erubis_rails_helper.rb +20 -0
  5. data/test/abstract_unit.rb +51 -0
  6. data/test/controller/action_pack_assertions_test.rb +516 -0
  7. data/test/controller/addresses_render_test.rb +37 -0
  8. data/test/controller/assert_select_test.rb +734 -0
  9. data/test/controller/base_test.rb +217 -0
  10. data/test/controller/benchmark_test.rb +32 -0
  11. data/test/controller/caching_test.rb +690 -0
  12. data/test/controller/capture_test.rb +66 -0
  13. data/test/controller/content_type_test.rb +168 -0
  14. data/test/controller/controller_fixtures/app/controllers/admin/user_controller.rb +0 -0
  15. data/test/controller/controller_fixtures/app/controllers/user_controller.rb +0 -0
  16. data/test/controller/controller_fixtures/vendor/plugins/bad_plugin/lib/plugin_controller.rb +0 -0
  17. data/test/controller/cookie_test.rb +111 -0
  18. data/test/controller/deprecation/deprecated_base_methods_test.rb +32 -0
  19. data/test/controller/dispatcher_test.rb +103 -0
  20. data/test/controller/fake_controllers.rb +33 -0
  21. data/test/controller/fake_models.rb +19 -0
  22. data/test/controller/filter_params_test.rb +49 -0
  23. data/test/controller/filters_test.rb +885 -0
  24. data/test/controller/flash_test.rb +142 -0
  25. data/test/controller/header_test.rb +14 -0
  26. data/test/controller/helper_test.rb +224 -0
  27. data/test/controller/html-scanner/cdata_node_test.rb +15 -0
  28. data/test/controller/html-scanner/document_test.rb +148 -0
  29. data/test/controller/html-scanner/node_test.rb +89 -0
  30. data/test/controller/html-scanner/sanitizer_test.rb +273 -0
  31. data/test/controller/html-scanner/tag_node_test.rb +238 -0
  32. data/test/controller/html-scanner/text_node_test.rb +50 -0
  33. data/test/controller/html-scanner/tokenizer_test.rb +131 -0
  34. data/test/controller/http_basic_authentication_test.rb +88 -0
  35. data/test/controller/http_digest_authentication_test.rb +178 -0
  36. data/test/controller/integration_test.rb +417 -0
  37. data/test/controller/layout_test.rb +204 -0
  38. data/test/controller/logging_test.rb +46 -0
  39. data/test/controller/middleware_stack_test.rb +90 -0
  40. data/test/controller/mime_responds_test.rb +536 -0
  41. data/test/controller/mime_type_test.rb +93 -0
  42. data/test/controller/polymorphic_routes_test.rb +293 -0
  43. data/test/controller/rack_test.rb +294 -0
  44. data/test/controller/record_identifier_test.rb +139 -0
  45. data/test/controller/redirect_test.rb +282 -0
  46. data/test/controller/render_test.rb +1752 -0
  47. data/test/controller/request/json_params_parsing_test.rb +45 -0
  48. data/test/controller/request/multipart_params_parsing_test.rb +223 -0
  49. data/test/controller/request/query_string_parsing_test.rb +120 -0
  50. data/test/controller/request/url_encoded_params_parsing_test.rb +184 -0
  51. data/test/controller/request/xml_params_parsing_test.rb +88 -0
  52. data/test/controller/request_forgery_protection_test.rb +246 -0
  53. data/test/controller/request_test.rb +407 -0
  54. data/test/controller/rescue_test.rb +536 -0
  55. data/test/controller/resources_test.rb +1341 -0
  56. data/test/controller/routing_test.rb +2557 -0
  57. data/test/controller/selector_test.rb +628 -0
  58. data/test/controller/send_file_test.rb +161 -0
  59. data/test/controller/session/cookie_store_test.rb +239 -0
  60. data/test/controller/session/mem_cache_store_test.rb +127 -0
  61. data/test/controller/session/test_session_test.rb +58 -0
  62. data/test/controller/test_test.rb +692 -0
  63. data/test/controller/translation_test.rb +26 -0
  64. data/test/controller/url_rewriter_test.rb +359 -0
  65. data/test/controller/verification_test.rb +270 -0
  66. data/test/controller/view_paths_test.rb +141 -0
  67. data/test/controller/webservice_test.rb +260 -0
  68. data/test/fixtures/alternate_helpers/foo_helper.rb +3 -0
  69. data/test/fixtures/company.rb +10 -0
  70. data/test/fixtures/developer.rb +9 -0
  71. data/test/fixtures/helpers/abc_helper.rb +5 -0
  72. data/test/fixtures/helpers/fun/games_helper.rb +3 -0
  73. data/test/fixtures/helpers/fun/pdf_helper.rb +3 -0
  74. data/test/fixtures/mascot.rb +3 -0
  75. data/test/fixtures/project.rb +3 -0
  76. data/test/fixtures/reply.rb +7 -0
  77. data/test/fixtures/topic.rb +3 -0
  78. data/test/template/asset_tag_helper_test.rb +713 -0
  79. data/test/template/atom_feed_helper_test.rb +286 -0
  80. data/test/template/benchmark_helper_test.rb +86 -0
  81. data/test/template/compiled_templates_test.rb +203 -0
  82. data/test/template/date_helper_i18n_test.rb +120 -0
  83. data/test/template/date_helper_test.rb +2469 -0
  84. data/test/template/erb_util_test.rb +24 -0
  85. data/test/template/form_helper_test.rb +1176 -0
  86. data/test/template/form_options_helper_test.rb +751 -0
  87. data/test/template/form_tag_helper_test.rb +327 -0
  88. data/test/template/javascript_helper_test.rb +106 -0
  89. data/test/template/number_helper_i18n_test.rb +69 -0
  90. data/test/template/number_helper_test.rb +128 -0
  91. data/test/template/prototype_helper_test.rb +639 -0
  92. data/test/template/record_tag_helper_test.rb +58 -0
  93. data/test/template/render_test.rb +291 -0
  94. data/test/template/sanitize_helper_test.rb +48 -0
  95. data/test/template/scriptaculous_helper_test.rb +90 -0
  96. data/test/template/tag_helper_test.rb +97 -0
  97. data/test/template/test_test.rb +54 -0
  98. data/test/template/text_helper_test.rb +520 -0
  99. data/test/template/translation_helper_test.rb +32 -0
  100. data/test/template/url_helper_test.rb +614 -0
  101. data/test/test_erubis_rails_helper.rb +4 -0
  102. data/test/testing_sandbox.rb +15 -0
  103. data/test/view/test_case_test.rb +8 -0
  104. metadata +174 -0
data/test/controller/request_forgery_protection_test.rb ADDED
@@ -0,0 +1,246 @@
1
+ require 'abstract_unit'
2
+ require 'digest/sha1'
3
+
4
+ ActionController::Routing::Routes.draw do |map|
5
+ map.connect ':controller/:action/:id'
6
+ end
7
+
8
+ # common controller actions
9
+ module RequestForgeryProtectionActions
10
+ def index
11
+ render :inline => "<%= form_tag('/') {} %>"
12
+ end
13
+
14
+ def show_button
15
+ render :inline => "<%= button_to('New', '/') {} %>"
16
+ end
17
+
18
+ def remote_form
19
+ render :inline => "<% form_remote_tag(:url => '/') {} %>"
20
+ end
21
+
22
+ def unsafe
23
+ render :text => 'pwn'
24
+ end
25
+
26
+ def rescue_action(e) raise e end
27
+ end
28
+
29
+ # sample controllers
30
+ class RequestForgeryProtectionController < ActionController::Base
31
+ include RequestForgeryProtectionActions
32
+ protect_from_forgery :only => :index
33
+ end
34
+
35
+ class FreeCookieController < RequestForgeryProtectionController
36
+ self.allow_forgery_protection = false
37
+
38
+ def index
39
+ render :inline => "<%= form_tag('/') {} %>"
40
+ end
41
+
42
+ def show_button
43
+ render :inline => "<%= button_to('New', '/') {} %>"
44
+ end
45
+ end
46
+
47
+ # common test methods
48
+
49
+ module RequestForgeryProtectionTests
50
+ def teardown
51
+ ActionController::Base.request_forgery_protection_token = nil
52
+ end
53
+
54
+
55
+ def test_should_render_form_with_token_tag
56
+ get :index
57
+ assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
58
+ end
59
+
60
+ def test_should_render_button_to_with_token_tag
61
+ get :show_button
62
+ assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
63
+ end
64
+
65
+ def test_should_render_remote_form_with_only_one_token_parameter
66
+ get :remote_form
67
+ assert_equal 1, @response.body.scan(@token).size
68
+ end
69
+
70
+ def test_should_allow_get
71
+ get :index
72
+ assert_response :success
73
+ end
74
+
75
+ def test_should_allow_post_without_token_on_unsafe_action
76
+ post :unsafe
77
+ assert_response :success
78
+ end
79
+
80
+ def test_should_not_allow_html_post_without_token
81
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
82
+ assert_raise(ActionController::InvalidAuthenticityToken) { post :index, :format => :html }
83
+ end
84
+
85
+ def test_should_not_allow_html_put_without_token
86
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
87
+ assert_raise(ActionController::InvalidAuthenticityToken) { put :index, :format => :html }
88
+ end
89
+
90
+ def test_should_not_allow_html_delete_without_token
91
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
92
+ assert_raise(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html }
93
+ end
94
+
95
+ def test_should_allow_api_formatted_post_without_token
96
+ assert_nothing_raised do
97
+ post :index, :format => 'xml'
98
+ end
99
+ end
100
+
101
+ def test_should_not_allow_api_formatted_put_without_token
102
+ assert_nothing_raised do
103
+ put :index, :format => 'xml'
104
+ end
105
+ end
106
+
107
+ def test_should_allow_api_formatted_delete_without_token
108
+ assert_nothing_raised do
109
+ delete :index, :format => 'xml'
110
+ end
111
+ end
112
+
113
+ def test_should_not_allow_api_formatted_post_sent_as_url_encoded_form_without_token
114
+ assert_raise(ActionController::InvalidAuthenticityToken) do
115
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
116
+ post :index, :format => 'xml'
117
+ end
118
+ end
119
+
120
+ def test_should_not_allow_api_formatted_put_sent_as_url_encoded_form_without_token
121
+ assert_raise(ActionController::InvalidAuthenticityToken) do
122
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
123
+ put :index, :format => 'xml'
124
+ end
125
+ end
126
+
127
+ def test_should_not_allow_api_formatted_delete_sent_as_url_encoded_form_without_token
128
+ assert_raise(ActionController::InvalidAuthenticityToken) do
129
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
130
+ delete :index, :format => 'xml'
131
+ end
132
+ end
133
+
134
+ def test_should_not_allow_api_formatted_post_sent_as_multipart_form_without_token
135
+ assert_raise(ActionController::InvalidAuthenticityToken) do
136
+ @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
137
+ post :index, :format => 'xml'
138
+ end
139
+ end
140
+
141
+ def test_should_not_allow_api_formatted_put_sent_as_multipart_form_without_token
142
+ assert_raise(ActionController::InvalidAuthenticityToken) do
143
+ @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
144
+ put :index, :format => 'xml'
145
+ end
146
+ end
147
+
148
+ def test_should_not_allow_api_formatted_delete_sent_as_multipart_form_without_token
149
+ assert_raise(ActionController::InvalidAuthenticityToken) do
150
+ @request.env['CONTENT_TYPE'] = Mime::MULTIPART_FORM.to_s
151
+ delete :index, :format => 'xml'
152
+ end
153
+ end
154
+
155
+ def test_should_allow_xhr_post_without_token
156
+ assert_nothing_raised { xhr :post, :index }
157
+ end
158
+ def test_should_not_allow_xhr_post_with_html_without_token
159
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
160
+ assert_raise(ActionController::InvalidAuthenticityToken) { xhr :post, :index }
161
+ end
162
+
163
+ def test_should_allow_xhr_put_without_token
164
+ assert_nothing_raised { xhr :put, :index }
165
+ end
166
+
167
+ def test_should_allow_xhr_delete_without_token
168
+ assert_nothing_raised { xhr :delete, :index }
169
+ end
170
+
171
+ def test_should_allow_post_with_token
172
+ post :index, :authenticity_token => @token
173
+ assert_response :success
174
+ end
175
+
176
+ def test_should_allow_put_with_token
177
+ put :index, :authenticity_token => @token
178
+ assert_response :success
179
+ end
180
+
181
+ def test_should_allow_delete_with_token
182
+ delete :index, :authenticity_token => @token
183
+ assert_response :success
184
+ end
185
+
186
+ def test_should_allow_post_with_xml
187
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
188
+ post :index, :format => 'xml'
189
+ assert_response :success
190
+ end
191
+
192
+ def test_should_allow_put_with_xml
193
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
194
+ put :index, :format => 'xml'
195
+ assert_response :success
196
+ end
197
+
198
+ def test_should_allow_delete_with_xml
199
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
200
+ delete :index, :format => 'xml'
201
+ assert_response :success
202
+ end
203
+ end
204
+
205
+ # OK let's get our test on
206
+
207
+ class RequestForgeryProtectionControllerTest < ActionController::TestCase
208
+ include RequestForgeryProtectionTests
209
+ def setup
210
+ @controller = RequestForgeryProtectionController.new
211
+ @request = ActionController::TestRequest.new
212
+ @request.format = :html
213
+ @response = ActionController::TestResponse.new
214
+ @token = "cf50faa3fe97702ca1ae"
215
+
216
+ ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
217
+ ActionController::Base.request_forgery_protection_token = :authenticity_token
218
+ end
219
+ end
220
+
221
+ class FreeCookieControllerTest < ActionController::TestCase
222
+ def setup
223
+ @controller = FreeCookieController.new
224
+ @request = ActionController::TestRequest.new
225
+ @response = ActionController::TestResponse.new
226
+ @token = "cf50faa3fe97702ca1ae"
227
+
228
+ ActiveSupport::SecureRandom.stubs(:base64).returns(@token)
229
+ end
230
+
231
+ def test_should_not_render_form_with_token_tag
232
+ get :index
233
+ assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false
234
+ end
235
+
236
+ def test_should_not_render_button_to_with_token_tag
237
+ get :show_button
238
+ assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false
239
+ end
240
+
241
+ def test_should_allow_all_methods_without_token
242
+ [:post, :put, :delete].each do |method|
243
+ assert_nothing_raised { send(method, :index)}
244
+ end
245
+ end
246
+ end
data/test/controller/request_test.rb ADDED
@@ -0,0 +1,407 @@
1
+ require 'abstract_unit'
2
+
3
+ class RequestTest < ActiveSupport::TestCase
4
+ def setup
5
+ ActionController::Base.relative_url_root = nil
6
+ @request = ActionController::TestRequest.new
7
+ end
8
+
9
+ def teardown
10
+ ActionController::Base.relative_url_root = nil
11
+ end
12
+
13
+ def test_remote_ip
14
+ assert_equal '0.0.0.0', @request.remote_ip
15
+
16
+ @request.remote_addr = '1.2.3.4'
17
+ assert_equal '1.2.3.4', @request.remote_ip
18
+
19
+ @request.remote_addr = '1.2.3.4,3.4.5.6'
20
+ assert_equal '1.2.3.4', @request.remote_ip
21
+
22
+ @request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
23
+ assert_equal '1.2.3.4', @request.remote_ip
24
+
25
+ @request.remote_addr = '192.168.0.1'
26
+ assert_equal '2.3.4.5', @request.remote_ip
27
+ @request.env.delete 'HTTP_CLIENT_IP'
28
+
29
+ @request.remote_addr = '1.2.3.4'
30
+ @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
31
+ assert_equal '1.2.3.4', @request.remote_ip
32
+
33
+ @request.remote_addr = '127.0.0.1'
34
+ @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
35
+ assert_equal '3.4.5.6', @request.remote_ip
36
+
37
+ @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,3.4.5.6'
38
+ assert_equal '3.4.5.6', @request.remote_ip
39
+
40
+ @request.env['HTTP_X_FORWARDED_FOR'] = '172.16.0.1,3.4.5.6'
41
+ assert_equal '3.4.5.6', @request.remote_ip
42
+
43
+ @request.env['HTTP_X_FORWARDED_FOR'] = '192.168.0.1,3.4.5.6'
44
+ assert_equal '3.4.5.6', @request.remote_ip
45
+
46
+ @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,3.4.5.6'
47
+ assert_equal '3.4.5.6', @request.remote_ip
48
+
49
+ @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1, 10.0.0.1, 3.4.5.6'
50
+ assert_equal '3.4.5.6', @request.remote_ip
51
+
52
+ @request.env['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,3.4.5.6'
53
+ assert_equal '3.4.5.6', @request.remote_ip
54
+
55
+ @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,192.168.0.1'
56
+ assert_equal 'unknown', @request.remote_ip
57
+
58
+ @request.env['HTTP_X_FORWARDED_FOR'] = '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
59
+ assert_equal '3.4.5.6', @request.remote_ip
60
+
61
+ @request.env['HTTP_CLIENT_IP'] = '8.8.8.8'
62
+ e = assert_raise(ActionController::ActionControllerError) {
63
+ @request.remote_ip
64
+ }
65
+ assert_match /IP spoofing attack/, e.message
66
+ assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message
67
+ assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message
68
+
69
+ # turn IP Spoofing detection off.
70
+ # This is useful for sites that are aimed at non-IP clients. The typical
71
+ # example is WAP. Since the cellular network is not IP based, it's a
72
+ # leap of faith to assume that their proxies are ever going to set the
73
+ # HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
74
+ ActionController::Base.ip_spoofing_check = false
75
+ assert_equal('8.8.8.8', @request.remote_ip)
76
+ ActionController::Base.ip_spoofing_check = true
77
+
78
+ @request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
79
+ assert_equal '8.8.8.8', @request.remote_ip
80
+
81
+ @request.env.delete 'HTTP_CLIENT_IP'
82
+ @request.env.delete 'HTTP_X_FORWARDED_FOR'
83
+ end
84
+
85
+ def test_domains
86
+ @request.host = "www.rubyonrails.org"
87
+ assert_equal "rubyonrails.org", @request.domain
88
+
89
+ @request.host = "www.rubyonrails.co.uk"
90
+ assert_equal "rubyonrails.co.uk", @request.domain(2)
91
+
92
+ @request.host = "192.168.1.200"
93
+ assert_nil @request.domain
94
+
95
+ @request.host = "foo.192.168.1.200"
96
+ assert_nil @request.domain
97
+
98
+ @request.host = "192.168.1.200.com"
99
+ assert_equal "200.com", @request.domain
100
+
101
+ @request.host = nil
102
+ assert_nil @request.domain
103
+ end
104
+
105
+ def test_subdomains
106
+ @request.host = "www.rubyonrails.org"
107
+ assert_equal %w( www ), @request.subdomains
108
+
109
+ @request.host = "www.rubyonrails.co.uk"
110
+ assert_equal %w( www ), @request.subdomains(2)
111
+
112
+ @request.host = "dev.www.rubyonrails.co.uk"
113
+ assert_equal %w( dev www ), @request.subdomains(2)
114
+
115
+ @request.host = "foobar.foobar.com"
116
+ assert_equal %w( foobar ), @request.subdomains
117
+
118
+ @request.host = "192.168.1.200"
119
+ assert_equal [], @request.subdomains
120
+
121
+ @request.host = "foo.192.168.1.200"
122
+ assert_equal [], @request.subdomains
123
+
124
+ @request.host = "192.168.1.200.com"
125
+ assert_equal %w( 192 168 1 ), @request.subdomains
126
+
127
+ @request.host = nil
128
+ assert_equal [], @request.subdomains
129
+ end
130
+
131
+ def test_port_string
132
+ @request.port = 80
133
+ assert_equal "", @request.port_string
134
+
135
+ @request.port = 8080
136
+ assert_equal ":8080", @request.port_string
137
+ end
138
+
139
+ def test_request_uri
140
+ @request.env['SERVER_SOFTWARE'] = 'Apache 42.342.3432'
141
+
142
+ @request.set_REQUEST_URI "http://www.rubyonrails.org/path/of/some/uri?mapped=1"
143
+ assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
144
+ assert_equal "/path/of/some/uri", @request.path
145
+
146
+ @request.set_REQUEST_URI "http://www.rubyonrails.org/path/of/some/uri"
147
+ assert_equal "/path/of/some/uri", @request.request_uri
148
+ assert_equal "/path/of/some/uri", @request.path
149
+
150
+ @request.set_REQUEST_URI "/path/of/some/uri"
151
+ assert_equal "/path/of/some/uri", @request.request_uri
152
+ assert_equal "/path/of/some/uri", @request.path
153
+
154
+ @request.set_REQUEST_URI "/"
155
+ assert_equal "/", @request.request_uri
156
+ assert_equal "/", @request.path
157
+
158
+ @request.set_REQUEST_URI "/?m=b"
159
+ assert_equal "/?m=b", @request.request_uri
160
+ assert_equal "/", @request.path
161
+
162
+ @request.set_REQUEST_URI "/"
163
+ @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
164
+ assert_equal "/", @request.request_uri
165
+ assert_equal "/", @request.path
166
+
167
+ ActionController::Base.relative_url_root = "/hieraki"
168
+ @request.set_REQUEST_URI "/hieraki/"
169
+ @request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
170
+ assert_equal "/hieraki/", @request.request_uri
171
+ assert_equal "/", @request.path
172
+ ActionController::Base.relative_url_root = nil
173
+
174
+ ActionController::Base.relative_url_root = "/collaboration/hieraki"
175
+ @request.set_REQUEST_URI "/collaboration/hieraki/books/edit/2"
176
+ @request.env['SCRIPT_NAME'] = "/collaboration/hieraki/dispatch.cgi"
177
+ assert_equal "/collaboration/hieraki/books/edit/2", @request.request_uri
178
+ assert_equal "/books/edit/2", @request.path
179
+ ActionController::Base.relative_url_root = nil
180
+
181
+ # The following tests are for when REQUEST_URI is not supplied (as in IIS)
182
+ @request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
183
+ @request.env['SCRIPT_NAME'] = nil #"/path/dispatch.rb"
184
+ @request.set_REQUEST_URI nil
185
+ assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
186
+ assert_equal "/path/of/some/uri", @request.path
187
+
188
+ ActionController::Base.relative_url_root = '/path'
189
+ @request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
190
+ @request.env['SCRIPT_NAME'] = "/path/dispatch.rb"
191
+ @request.set_REQUEST_URI nil
192
+ assert_equal "/path/of/some/uri?mapped=1", @request.request_uri
193
+ assert_equal "/of/some/uri", @request.path
194
+ ActionController::Base.relative_url_root = nil
195
+
196
+ @request.env['PATH_INFO'] = "/path/of/some/uri"
197
+ @request.env['SCRIPT_NAME'] = nil
198
+ @request.set_REQUEST_URI nil
199
+ assert_equal "/path/of/some/uri", @request.request_uri
200
+ assert_equal "/path/of/some/uri", @request.path
201
+
202
+ @request.env['PATH_INFO'] = "/"
203
+ @request.set_REQUEST_URI nil
204
+ assert_equal "/", @request.request_uri
205
+ assert_equal "/", @request.path
206
+
207
+ @request.env['PATH_INFO'] = "/?m=b"
208
+ @request.set_REQUEST_URI nil
209
+ assert_equal "/?m=b", @request.request_uri
210
+ assert_equal "/", @request.path
211
+
212
+ @request.env['PATH_INFO'] = "/"
213
+ @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
214
+ @request.set_REQUEST_URI nil
215
+ assert_equal "/", @request.request_uri
216
+ assert_equal "/", @request.path
217
+
218
+ ActionController::Base.relative_url_root = '/hieraki'
219
+ @request.env['PATH_INFO'] = "/hieraki/"
220
+ @request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
221
+ @request.set_REQUEST_URI nil
222
+ assert_equal "/hieraki/", @request.request_uri
223
+ assert_equal "/", @request.path
224
+ ActionController::Base.relative_url_root = nil
225
+
226
+ @request.set_REQUEST_URI '/hieraki/dispatch.cgi'
227
+ ActionController::Base.relative_url_root = '/hieraki'
228
+ assert_equal "/dispatch.cgi", @request.path
229
+ ActionController::Base.relative_url_root = nil
230
+
231
+ @request.set_REQUEST_URI '/hieraki/dispatch.cgi'
232
+ ActionController::Base.relative_url_root = '/foo'
233
+ assert_equal "/hieraki/dispatch.cgi", @request.path
234
+ ActionController::Base.relative_url_root = nil
235
+
236
+ # This test ensures that Rails uses REQUEST_URI over PATH_INFO
237
+ ActionController::Base.relative_url_root = nil
238
+ @request.env['REQUEST_URI'] = "/some/path"
239
+ @request.env['PATH_INFO'] = "/another/path"
240
+ @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
241
+ assert_equal "/some/path", @request.request_uri
242
+ assert_equal "/some/path", @request.path
243
+ end
244
+
245
+ def test_host_with_default_port
246
+ @request.host = "rubyonrails.org"
247
+ @request.port = 80
248
+ assert_equal "rubyonrails.org", @request.host_with_port
249
+ end
250
+
251
+ def test_host_with_non_default_port
252
+ @request.host = "rubyonrails.org"
253
+ @request.port = 81
254
+ assert_equal "rubyonrails.org:81", @request.host_with_port
255
+ end
256
+
257
+ def test_server_software
258
+ assert_equal nil, @request.server_software
259
+
260
+ @request.env['SERVER_SOFTWARE'] = 'Apache3.422'
261
+ assert_equal 'apache', @request.server_software
262
+
263
+ @request.env['SERVER_SOFTWARE'] = 'lighttpd(1.1.4)'
264
+ assert_equal 'lighttpd', @request.server_software
265
+ end
266
+
267
+ def test_xml_http_request
268
+ assert !@request.xml_http_request?
269
+ assert !@request.xhr?
270
+
271
+ @request.env['HTTP_X_REQUESTED_WITH'] = "DefinitelyNotAjax1.0"
272
+ assert !@request.xml_http_request?
273
+ assert !@request.xhr?
274
+
275
+ @request.env['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
276
+ assert @request.xml_http_request?
277
+ assert @request.xhr?
278
+ end
279
+
280
+ def test_reports_ssl
281
+ assert !@request.ssl?
282
+ @request.env['HTTPS'] = 'on'
283
+ assert @request.ssl?
284
+ end
285
+
286
+ def test_reports_ssl_when_proxied_via_lighttpd
287
+ assert !@request.ssl?
288
+ @request.env['HTTP_X_FORWARDED_PROTO'] = 'https'
289
+ assert @request.ssl?
290
+ end
291
+
292
+ def test_symbolized_request_methods
293
+ [:get, :post, :put, :delete].each do |method|
294
+ self.request_method = method
295
+ assert_equal method, @request.method
296
+ end
297
+ end
298
+
299
+ def test_invalid_http_method_raises_exception
300
+ assert_raise(ActionController::UnknownHttpMethod) do
301
+ self.request_method = :random_method
302
+ @request.request_method
303
+ end
304
+ end
305
+
306
+ def test_allow_method_hacking_on_post
307
+ [:get, :head, :options, :put, :post, :delete].each do |method|
308
+ self.request_method = method
309
+ assert_equal(method == :head ? :get : method, @request.method)
310
+ end
311
+ end
312
+
313
+ def test_invalid_method_hacking_on_post_raises_exception
314
+ assert_raise(ActionController::UnknownHttpMethod) do
315
+ self.request_method = :_random_method
316
+ @request.request_method
317
+ end
318
+ end
319
+
320
+ def test_restrict_method_hacking
321
+ @request.instance_eval { @parameters = { :_method => 'put' } }
322
+ [:get, :put, :delete].each do |method|
323
+ self.request_method = method
324
+ assert_equal method, @request.method
325
+ end
326
+ end
327
+
328
+ def test_head_masquerading_as_get
329
+ self.request_method = :head
330
+ assert_equal :get, @request.method
331
+ assert @request.get?
332
+ assert @request.head?
333
+ end
334
+
335
+ def test_xml_format
336
+ @request.instance_eval { @parameters = { :format => 'xml' } }
337
+ assert_equal Mime::XML, @request.format
338
+ end
339
+
340
+ def test_xhtml_format
341
+ @request.instance_eval { @parameters = { :format => 'xhtml' } }
342
+ assert_equal Mime::HTML, @request.format
343
+ end
344
+
345
+ def test_txt_format
346
+ @request.instance_eval { @parameters = { :format => 'txt' } }
347
+ assert_equal Mime::TEXT, @request.format
348
+ end
349
+
350
+ def test_nil_format
351
+ ActionController::Base.use_accept_header, old =
352
+ false, ActionController::Base.use_accept_header
353
+
354
+ @request.instance_eval { @parameters = {} }
355
+ @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
356
+ assert @request.xhr?
357
+ assert_equal Mime::JS, @request.format
358
+
359
+ ensure
360
+ ActionController::Base.use_accept_header = old
361
+ end
362
+
363
+ def test_content_type
364
+ @request.env["CONTENT_TYPE"] = "text/html"
365
+ assert_equal Mime::HTML, @request.content_type
366
+ end
367
+
368
+ def test_format_assignment_should_set_format
369
+ @request.instance_eval { self.format = :txt }
370
+ assert !@request.format.xml?
371
+ @request.instance_eval { self.format = :xml }
372
+ assert @request.format.xml?
373
+ end
374
+
375
+ def test_content_no_type
376
+ assert_equal nil, @request.content_type
377
+ end
378
+
379
+ def test_content_type_xml
380
+ @request.env["CONTENT_TYPE"] = "application/xml"
381
+ assert_equal Mime::XML, @request.content_type
382
+ end
383
+
384
+ def test_content_type_with_charset
385
+ @request.env["CONTENT_TYPE"] = "application/xml; charset=UTF-8"
386
+ assert_equal Mime::XML, @request.content_type
387
+ end
388
+
389
+ def test_user_agent
390
+ assert_not_nil @request.user_agent
391
+ end
392
+
393
+ def test_parameters
394
+ @request.stubs(:request_parameters).returns({ "foo" => 1 })
395
+ @request.stubs(:query_parameters).returns({ "bar" => 2 })
396
+
397
+ assert_equal({"foo" => 1, "bar" => 2}, @request.parameters)
398
+ assert_equal({"foo" => 1}, @request.request_parameters)
399
+ assert_equal({"bar" => 2}, @request.query_parameters)
400
+ end
401
+
402
+ protected
403
+ def request_method=(method)
404
+ @request.env['REQUEST_METHOD'] = method.to_s.upcase
405
+ @request.request_method = nil # Reset the ivar cache
406
+ end
407
+ end