hanami 2.0.0.beta2 → 2.0.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -1
- data/lib/hanami/configuration/null_configuration.rb +2 -2
- data/lib/hanami/configuration.rb +17 -17
- data/lib/hanami/routes.rb +48 -21
- data/lib/hanami/version.rb +1 -1
- data/spec/{new_integration → integration}/action/cookies_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/csrf_protection_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/routes_spec.rb +3 -5
- data/spec/{new_integration → integration}/action/sessions_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/slice_configuration_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/view_integration_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/view_rendering/automatic_rendering_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/view_rendering/paired_view_inference_spec.rb +0 -0
- data/spec/{new_integration → integration}/action/view_rendering_spec.rb +0 -0
- data/spec/{new_integration → integration}/code_loading/loading_from_app_spec.rb +0 -0
- data/spec/{new_integration → integration}/code_loading/loading_from_lib_spec.rb +0 -0
- data/spec/{new_integration → integration}/code_loading/loading_from_slice_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/application_routes_helper_spec.rb +1 -3
- data/spec/{new_integration → integration}/container/auto_injection_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/auto_registration_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/autoloader_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/imports_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/prepare_container_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/shutdown_spec.rb +0 -0
- data/spec/{new_integration → integration}/container/standard_bootable_components_spec.rb +0 -0
- data/spec/{new_integration → integration}/dotenv_loading_spec.rb +0 -0
- data/spec/{new_integration → integration}/rack_app/middleware_spec.rb +9 -15
- data/spec/{new_integration → integration}/rack_app/non_booted_rack_app_spec.rb +3 -5
- data/spec/{new_integration → integration}/rack_app/rack_app_spec.rb +28 -48
- data/spec/{new_integration → integration}/settings/access_to_constants_spec.rb +0 -0
- data/spec/{new_integration → integration}/settings/loading_from_env_spec.rb +0 -0
- data/spec/{new_integration → integration}/settings/settings_component_loading_spec.rb +0 -0
- data/spec/{new_integration → integration}/settings/using_types_spec.rb +0 -0
- data/spec/{new_integration → integration}/setup_spec.rb +20 -0
- data/spec/{new_integration → integration}/slices/external_slice_spec.rb +2 -4
- data/spec/{new_integration → integration}/slices/slice_configuration_spec.rb +0 -0
- data/spec/{new_integration → integration}/slices/slice_loading_spec.rb +0 -0
- data/spec/{new_integration → integration}/slices/slice_routing_spec.rb +5 -13
- data/spec/{new_integration → integration}/slices/slice_settings_spec.rb +0 -0
- data/spec/{new_integration → integration}/slices_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/context/assets_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/context/inflector_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/context/request_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/context/routes_spec.rb +1 -3
- data/spec/{new_integration → integration}/view/context/settings_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/inflector_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/part_namespace_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/path_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/slice_configuration_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/template_spec.rb +0 -0
- data/spec/{new_integration → integration}/view/views_spec.rb +0 -0
- data/spec/unit/hanami/configuration/actions_spec.rb +4 -15
- data/spec/unit/hanami/configuration/router_spec.rb +45 -0
- data/spec/unit/hanami/configuration/views_spec.rb +4 -15
- data/spec/unit/hanami/version_spec.rb +1 -1
- metadata +97 -244
- data/lib/hanami/server.rb +0 -29
- data/spec/integration/application_middleware_stack_spec.rb +0 -84
- data/spec/integration/assets/cdn_spec.rb +0 -48
- data/spec/integration/assets/fingerprint_spec.rb +0 -42
- data/spec/integration/assets/helpers_spec.rb +0 -50
- data/spec/integration/assets/serve_spec.rb +0 -70
- data/spec/integration/assets/subresource_integrity_spec.rb +0 -54
- data/spec/integration/body_parsers_spec.rb +0 -50
- data/spec/integration/cli/assets/precompile_spec.rb +0 -147
- data/spec/integration/cli/assets_spec.rb +0 -14
- data/spec/integration/cli/console_spec.rb +0 -105
- data/spec/integration/cli/db/apply_spec.rb +0 -74
- data/spec/integration/cli/db/console_spec.rb +0 -40
- data/spec/integration/cli/db/create_spec.rb +0 -50
- data/spec/integration/cli/db/drop_spec.rb +0 -54
- data/spec/integration/cli/db/migrate_spec.rb +0 -108
- data/spec/integration/cli/db/prepare_spec.rb +0 -36
- data/spec/integration/cli/db/rollback_spec.rb +0 -96
- data/spec/integration/cli/db/version_spec.rb +0 -38
- data/spec/integration/cli/db_spec.rb +0 -21
- data/spec/integration/cli/destroy/action_spec.rb +0 -143
- data/spec/integration/cli/destroy/app_spec.rb +0 -118
- data/spec/integration/cli/destroy/mailer_spec.rb +0 -74
- data/spec/integration/cli/destroy/migration_spec.rb +0 -70
- data/spec/integration/cli/destroy/model_spec.rb +0 -113
- data/spec/integration/cli/destroy_spec.rb +0 -18
- data/spec/integration/cli/generate/action_spec.rb +0 -469
- data/spec/integration/cli/generate/app_spec.rb +0 -215
- data/spec/integration/cli/generate/mailer_spec.rb +0 -189
- data/spec/integration/cli/generate/migration_spec.rb +0 -72
- data/spec/integration/cli/generate/model_spec.rb +0 -290
- data/spec/integration/cli/generate/secret_spec.rb +0 -56
- data/spec/integration/cli/generate_spec.rb +0 -19
- data/spec/integration/cli/new/database_spec.rb +0 -235
- data/spec/integration/cli/new/hanami_head_spec.rb +0 -27
- data/spec/integration/cli/new/template_spec.rb +0 -118
- data/spec/integration/cli/new/test_spec.rb +0 -274
- data/spec/integration/cli/new_spec.rb +0 -970
- data/spec/integration/cli/plugins_spec.rb +0 -39
- data/spec/integration/cli/routes_spec.rb +0 -49
- data/spec/integration/cli/server_spec.rb +0 -626
- data/spec/integration/cli/version_spec.rb +0 -85
- data/spec/integration/early_hints_spec.rb +0 -35
- data/spec/integration/handle_exceptions_spec.rb +0 -244
- data/spec/integration/head_spec.rb +0 -89
- data/spec/integration/http_headers_spec.rb +0 -29
- data/spec/integration/mailer_spec.rb +0 -32
- data/spec/integration/middleware_spec.rb +0 -81
- data/spec/integration/mount_applications_spec.rb +0 -88
- data/spec/integration/project_initializers_spec.rb +0 -40
- data/spec/integration/rackup_spec.rb +0 -35
- data/spec/integration/rake/with_minitest_spec.rb +0 -67
- data/spec/integration/rake/with_rspec_spec.rb +0 -69
- data/spec/integration/routing_helpers_spec.rb +0 -61
- data/spec/integration/security/content_security_policy_spec.rb +0 -46
- data/spec/integration/security/csrf_protection_spec.rb +0 -42
- data/spec/integration/security/force_ssl_spec.rb +0 -29
- data/spec/integration/security/x_content_type_options_spec.rb +0 -46
- data/spec/integration/security/x_frame_options_spec.rb +0 -46
- data/spec/integration/security/x_xss_protection_spec.rb +0 -46
- data/spec/integration/send_file_spec.rb +0 -51
- data/spec/integration/sessions_spec.rb +0 -247
- data/spec/integration/static_middleware_spec.rb +0 -21
- data/spec/integration/streaming_spec.rb +0 -41
- data/spec/integration/unsafe_send_file_spec.rb +0 -52
- data/spec/support/fixtures/hanami-plugin/Gemfile +0 -8
- data/spec/support/fixtures/hanami-plugin/README.md +0 -35
- data/spec/support/fixtures/hanami-plugin/Rakefile +0 -4
- data/spec/support/fixtures/hanami-plugin/bin/console +0 -15
- data/spec/support/fixtures/hanami-plugin/bin/setup +0 -8
- data/spec/support/fixtures/hanami-plugin/hanami-plugin.gemspec +0 -28
- data/spec/support/fixtures/hanami-plugin/lib/hanami/plugin/cli.rb +0 -19
- data/spec/support/fixtures/hanami-plugin/lib/hanami/plugin/version.rb +0 -7
- data/spec/support/fixtures/hanami-plugin/lib/hanami/plugin.rb +0 -8
- data/spec/unit/hanami/routes_spec.rb +0 -25
@@ -1,40 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Project initializers", type: :integration do
|
4
|
-
it "mounts Rack middleware" do
|
5
|
-
with_project("project_initializers", gems: ["i18n"]) do
|
6
|
-
write "config/locales/en.yml", <<~EOF
|
7
|
-
en:
|
8
|
-
greeting: "Welcome stranger"
|
9
|
-
EOF
|
10
|
-
|
11
|
-
write "config/initializers/i18n.rb", <<~EOF
|
12
|
-
require 'i18n'
|
13
|
-
I18n.load_path = Dir['config/locales/*.yml']
|
14
|
-
I18n.backend.load_translations
|
15
|
-
EOF
|
16
|
-
|
17
|
-
generate "action web home#index --url=/"
|
18
|
-
rewrite "apps/web/views/home/index.rb", <<~EOF
|
19
|
-
module Web::Views::Home
|
20
|
-
class Index
|
21
|
-
include Web::View
|
22
|
-
|
23
|
-
def greeting
|
24
|
-
I18n.t(:greeting)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
EOF
|
29
|
-
|
30
|
-
rewrite "apps/web/templates/home/index.html.erb", <<~EOF
|
31
|
-
<h1><%= greeting%></h1>
|
32
|
-
EOF
|
33
|
-
server do
|
34
|
-
get "/"
|
35
|
-
|
36
|
-
expect(last_response.body).to include("Welcome stranger")
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "rackup", type: :integration do
|
4
|
-
it "serves contents from database" do
|
5
|
-
with_project do
|
6
|
-
setup_model
|
7
|
-
console do |input, _, _|
|
8
|
-
input.puts("BookRepository.new.create(title: 'Learn Hanami')")
|
9
|
-
input.puts("exit")
|
10
|
-
end
|
11
|
-
|
12
|
-
generate "action web books#show --url=/books/:id"
|
13
|
-
rewrite "apps/web/controllers/books/show.rb", <<~EOF
|
14
|
-
module Web::Controllers::Books
|
15
|
-
class Show
|
16
|
-
include Web::Action
|
17
|
-
expose :book
|
18
|
-
|
19
|
-
def call(params)
|
20
|
-
@book = BookRepository.new.find(params[:id]) or halt(404)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
EOF
|
25
|
-
rewrite "apps/web/templates/books/show.html.erb", <<~EOF
|
26
|
-
<h1><%= book.title %></h1>
|
27
|
-
EOF
|
28
|
-
|
29
|
-
rackup do
|
30
|
-
visit "/books/1"
|
31
|
-
expect(page).to have_content("Learn Hanami")
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
@@ -1,67 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Rake: default task", type: :integration do
|
4
|
-
context "with Minitest" do
|
5
|
-
xit "runs tests" do
|
6
|
-
with_project("bookshelf", test: "minitest") do
|
7
|
-
setup_model
|
8
|
-
|
9
|
-
prepare_development_database
|
10
|
-
generate_development_data
|
11
|
-
|
12
|
-
prepare_test_database
|
13
|
-
|
14
|
-
write "spec/bookshelf/repositories/book_repository_spec.rb", <<~EOF
|
15
|
-
require 'spec_helper'
|
16
|
-
|
17
|
-
describe BookRepository do
|
18
|
-
before do
|
19
|
-
BookRepository.new.clear
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'finds all the records' do
|
23
|
-
BookRepository.new.all.to_a.must_equal []
|
24
|
-
end
|
25
|
-
end
|
26
|
-
EOF
|
27
|
-
|
28
|
-
bundle_exec "rake"
|
29
|
-
expect(out).to include("2 runs, 3 assertions, 0 failures, 0 errors, 0 skips")
|
30
|
-
|
31
|
-
assert_development_data
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
private
|
37
|
-
|
38
|
-
def prepare_development_database
|
39
|
-
prepare_database
|
40
|
-
end
|
41
|
-
|
42
|
-
def prepare_test_database
|
43
|
-
prepare_database env: "test"
|
44
|
-
end
|
45
|
-
|
46
|
-
def generate_development_data
|
47
|
-
migrate
|
48
|
-
|
49
|
-
console do |input, _, _|
|
50
|
-
input.puts("BookRepository.new.create(title: 'Learn Hanami')")
|
51
|
-
input.puts("exit")
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def assert_development_data
|
56
|
-
console do |input, _, _|
|
57
|
-
input.puts("BookRepository.new.all.to_a.count")
|
58
|
-
input.puts("exit")
|
59
|
-
end
|
60
|
-
|
61
|
-
expect(out).to include("\n1")
|
62
|
-
end
|
63
|
-
|
64
|
-
def prepare_database(env: nil)
|
65
|
-
hanami "db prepare", env: env
|
66
|
-
end
|
67
|
-
end
|
@@ -1,69 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Rake: default task", type: :integration do
|
4
|
-
context "with RSpec" do
|
5
|
-
it "runs tests" do
|
6
|
-
with_project("bookshelf", test: "rspec") do
|
7
|
-
setup_model
|
8
|
-
|
9
|
-
prepare_development_database
|
10
|
-
generate_development_data
|
11
|
-
|
12
|
-
prepare_test_database
|
13
|
-
|
14
|
-
generate "mailer bookshelf"
|
15
|
-
|
16
|
-
write "spec/bookshelf/repositories/book_repository_spec.rb", <<~EOF
|
17
|
-
RSpec.describe BookRepository do
|
18
|
-
before do
|
19
|
-
described_class.new.clear
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'finds all the records' do
|
23
|
-
expect(described_class.new.all.to_a).to eq([])
|
24
|
-
end
|
25
|
-
end
|
26
|
-
EOF
|
27
|
-
|
28
|
-
bundle_exec "rake"
|
29
|
-
|
30
|
-
# The default mailer_spec fails on purpose so you set the correct delivery information.
|
31
|
-
expect(out).to include("3 examples, 1 failure")
|
32
|
-
|
33
|
-
assert_development_data
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
private
|
39
|
-
|
40
|
-
def prepare_development_database
|
41
|
-
prepare_database
|
42
|
-
end
|
43
|
-
|
44
|
-
def prepare_test_database
|
45
|
-
prepare_database env: "test"
|
46
|
-
end
|
47
|
-
|
48
|
-
def generate_development_data
|
49
|
-
migrate
|
50
|
-
|
51
|
-
console do |input, _, _|
|
52
|
-
input.puts("BookRepository.new.create(title: 'Learn Hanami')")
|
53
|
-
input.puts("exit")
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
def assert_development_data
|
58
|
-
console do |input, _, _|
|
59
|
-
input.puts("BookRepository.new.all.to_a.count")
|
60
|
-
input.puts("exit")
|
61
|
-
end
|
62
|
-
|
63
|
-
expect(out).to include("\n1")
|
64
|
-
end
|
65
|
-
|
66
|
-
def prepare_database(env: nil)
|
67
|
-
hanami "db prepare", env: env
|
68
|
-
end
|
69
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Routing helpers", type: :integration do
|
4
|
-
it "uses routing helpers within action" do
|
5
|
-
with_project do
|
6
|
-
generate "action web home#index --url=/"
|
7
|
-
generate "action web books#index --url=/books"
|
8
|
-
|
9
|
-
# Add `as:` option, so it can be used by the routing helper
|
10
|
-
replace "apps/web/config/routes.rb", "/books", "get '/books', to: 'books#index', as: :books"
|
11
|
-
rewrite "apps/web/controllers/home/index.rb", <<~EOF
|
12
|
-
module Web::Controllers::Home
|
13
|
-
class Index
|
14
|
-
include Web::Action
|
15
|
-
|
16
|
-
def call(params)
|
17
|
-
redirect_to routes.books_url
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
EOF
|
22
|
-
|
23
|
-
server do
|
24
|
-
visit "/"
|
25
|
-
|
26
|
-
expect(current_path).to eq("/books")
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
it "uses routing helpers within view" do
|
32
|
-
with_project do
|
33
|
-
generate "action web books#index --url=/books"
|
34
|
-
generate "action web books#show --url=/books/:id"
|
35
|
-
|
36
|
-
# Add `as:` option, so it can be used by the routing helper
|
37
|
-
replace "apps/web/config/routes.rb", "/books/:id", "get '/books/:id', to: 'books#show', as: :book"
|
38
|
-
rewrite "apps/web/views/books/index.rb", <<~EOF
|
39
|
-
module Web::Views::Books
|
40
|
-
class Index
|
41
|
-
include Web::View
|
42
|
-
|
43
|
-
def featured_book_path
|
44
|
-
routes.path(:book, id: 23)
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
48
|
-
EOF
|
49
|
-
rewrite "apps/web/templates/books/index.html.erb", <<~EOF
|
50
|
-
<h1>Books</h1>
|
51
|
-
<h2><a href="<%= featured_book_path %>">Featured Book</a></h2>
|
52
|
-
EOF
|
53
|
-
|
54
|
-
server do
|
55
|
-
visit "/books"
|
56
|
-
|
57
|
-
expect(page.body).to include(%(<a href="/books/23">Featured Book</a>))
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Content-Security-Policy header", type: :integration do
|
4
|
-
it "returns default value" do
|
5
|
-
with_project do
|
6
|
-
generate "action web home#index --url=/"
|
7
|
-
|
8
|
-
server do
|
9
|
-
get "/"
|
10
|
-
|
11
|
-
expect(last_response.status).to eq(200)
|
12
|
-
expect(last_response.headers["Content-Security-Policy"]).to eq("form-action 'self'; frame-ancestors 'self'; base-uri 'self'; default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self'; object-src 'none'; plugin-types app/pdf; child-src 'self'; frame-src 'self'; media-src 'self'")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it "returns custom value" do
|
18
|
-
with_project do
|
19
|
-
generate "action web home#index --url=/"
|
20
|
-
|
21
|
-
replace "apps/web/app.rb", "script-src 'self';", "script-src 'self' https://code.jquery.com;"
|
22
|
-
|
23
|
-
server do
|
24
|
-
get "/"
|
25
|
-
|
26
|
-
expect(last_response.status).to eq(200)
|
27
|
-
expect(last_response.headers["Content-Security-Policy"]).to eq("form-action 'self'; frame-ancestors 'self'; base-uri 'self'; default-src 'none'; script-src 'self' https://code.jquery.com; connect-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self'; object-src 'none'; plugin-types app/pdf; child-src 'self'; frame-src 'self'; media-src 'self'")
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
it "doesn't send header if setting is removed" do
|
33
|
-
with_project do
|
34
|
-
generate "action web home#index --url=/"
|
35
|
-
|
36
|
-
replace "apps/web/app.rb", "security.content_security_policy %{", "%{"
|
37
|
-
|
38
|
-
server do
|
39
|
-
get "/"
|
40
|
-
|
41
|
-
expect(last_response.status).to eq(200)
|
42
|
-
expect(last_response.headers).to_not have_key("Content-Security-Policy")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,42 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "CSRF protection", type: :integration do
|
4
|
-
it "protects POST endpoints from invalid token" do
|
5
|
-
with_project do
|
6
|
-
generate "action web books#create --url=/books --method=POST"
|
7
|
-
replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"
|
8
|
-
|
9
|
-
server do
|
10
|
-
post "/books", title: "TDD", _csrf_token: "invalid"
|
11
|
-
|
12
|
-
expect(last_response.status).to eq(500)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it "protects PATCH endpoints from invalid token" do
|
18
|
-
with_project do
|
19
|
-
generate "action web books#update --url=/books/:id --method=PATCH"
|
20
|
-
replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"
|
21
|
-
|
22
|
-
server do
|
23
|
-
patch "/books/1", title: "Foo", _csrf_token: "invalid"
|
24
|
-
|
25
|
-
expect(last_response.status).to eq(500)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
it "protects DELETE endpoints from invalid token" do
|
31
|
-
with_project do
|
32
|
-
generate "action web books#destroy --url=/books/:id --method=DELETE"
|
33
|
-
replace "apps/web/app.rb", "# sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']", "sessions :cookie, secret: ENV['WEB_SESSIONS_SECRET']"
|
34
|
-
|
35
|
-
server do
|
36
|
-
delete "/books/1", _csrf_token: "invalid"
|
37
|
-
|
38
|
-
expect(last_response.status).to eq(500)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
@@ -1,29 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "force SSL", type: :integration do
|
4
|
-
it "forces SSL" do
|
5
|
-
project = "bookshelf_force_ssl"
|
6
|
-
|
7
|
-
with_project(project, server: :puma) do
|
8
|
-
generate "action web home#index --url=/"
|
9
|
-
|
10
|
-
inject_line_after "apps/web/app.rb", "configure do", "force_ssl true"
|
11
|
-
|
12
|
-
RSpec::Support::Env["HANAMI_ENV"] = "production"
|
13
|
-
RSpec::Support::Env["DATABASE_URL"] = "sqlite://#{Pathname.new('db').join('bookshelf.sqlite')}"
|
14
|
-
RSpec::Support::Env["SMTP_HOST"] = "localhost"
|
15
|
-
RSpec::Support::Env["SMTP_PORT"] = "25"
|
16
|
-
|
17
|
-
# key = Pathname.new(__dir__).join("..", "fixtures", "openssl", "server.key").realpath
|
18
|
-
# cert = Pathname.new(__dir__).join("..", "fixtures", "openssl", "server.crt").realpath
|
19
|
-
|
20
|
-
# bundle_exec "puma -b 'ssl://127.0.0.1:2300?key=#{key}&cert=#{cert}'" do
|
21
|
-
server do
|
22
|
-
# FIXME: I know, it's lame how I solved this problem, but I can't get Excon to do SSL handshake
|
23
|
-
expect do
|
24
|
-
get "/"
|
25
|
-
end.to raise_error(Excon::Error::Socket)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "X-Content-Type-Options header", type: :integration do
|
4
|
-
it "returns default value" do
|
5
|
-
with_project do
|
6
|
-
generate "action web home#index --url=/"
|
7
|
-
|
8
|
-
server do
|
9
|
-
get "/"
|
10
|
-
|
11
|
-
expect(last_response.status).to eq(200)
|
12
|
-
expect(last_response.headers["X-Content-Type-Options"]).to eq("nosniff")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it "returns custom value" do
|
18
|
-
with_project do
|
19
|
-
generate "action web home#index --url=/"
|
20
|
-
|
21
|
-
replace "apps/web/app.rb", "security.x_content_type_options 'nosniff'", "security.x_content_type_options 'foo'"
|
22
|
-
|
23
|
-
server do
|
24
|
-
get "/"
|
25
|
-
|
26
|
-
expect(last_response.status).to eq(200)
|
27
|
-
expect(last_response.headers["X-Content-Type-Options"]).to eq("foo")
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
it "doesn't send header if setting is removed" do
|
33
|
-
with_project do
|
34
|
-
generate "action web home#index --url=/"
|
35
|
-
|
36
|
-
replace "apps/web/app.rb", "security.x_content_type_options 'nosniff'", ""
|
37
|
-
|
38
|
-
server do
|
39
|
-
get "/"
|
40
|
-
|
41
|
-
expect(last_response.status).to eq(200)
|
42
|
-
expect(last_response.headers).to_not have_key("X-Content-Type-Options")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "X-Frame-Options header", type: :integration do
|
4
|
-
it "returns default value" do
|
5
|
-
with_project do
|
6
|
-
generate "action web home#index --url=/"
|
7
|
-
|
8
|
-
server do
|
9
|
-
get "/"
|
10
|
-
|
11
|
-
expect(last_response.status).to eq(200)
|
12
|
-
expect(last_response.headers["X-Frame-Options"]).to eq("DENY")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it "returns custom value" do
|
18
|
-
with_project do
|
19
|
-
generate "action web home#index --url=/"
|
20
|
-
|
21
|
-
replace "apps/web/app.rb", "security.x_frame_options 'DENY'", "security.x_frame_options 'ALLOW-FROM https://example.test/'"
|
22
|
-
|
23
|
-
server do
|
24
|
-
get "/"
|
25
|
-
|
26
|
-
expect(last_response.status).to eq(200)
|
27
|
-
expect(last_response.headers["X-Frame-Options"]).to eq("ALLOW-FROM https://example.test/")
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
it "doesn't send header if setting is removed" do
|
33
|
-
with_project do
|
34
|
-
generate "action web home#index --url=/"
|
35
|
-
|
36
|
-
replace "apps/web/app.rb", "security.x_frame_options 'DENY'", ""
|
37
|
-
|
38
|
-
server do
|
39
|
-
get "/"
|
40
|
-
|
41
|
-
expect(last_response.status).to eq(200)
|
42
|
-
expect(last_response.headers).to_not have_key("X-Frame-Options")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "X-XSS-Protection header", type: :integration do
|
4
|
-
it "returns default value" do
|
5
|
-
with_project do
|
6
|
-
generate "action web home#index --url=/"
|
7
|
-
|
8
|
-
server do
|
9
|
-
get "/"
|
10
|
-
|
11
|
-
expect(last_response.status).to eq(200)
|
12
|
-
expect(last_response.headers["X-XSS-Protection"]).to eq("1; mode=block")
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it "returns custom value" do
|
18
|
-
with_project do
|
19
|
-
generate "action web home#index --url=/"
|
20
|
-
|
21
|
-
replace "apps/web/app.rb", "security.x_xss_protection '1; mode=block'", "security.x_xss_protection '0'"
|
22
|
-
|
23
|
-
server do
|
24
|
-
get "/"
|
25
|
-
|
26
|
-
expect(last_response.status).to eq(200)
|
27
|
-
expect(last_response.headers["X-XSS-Protection"]).to eq("0")
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
it "doesn't send header if setting is removed" do
|
33
|
-
with_project do
|
34
|
-
generate "action web home#index --url=/"
|
35
|
-
|
36
|
-
replace "apps/web/app.rb", "security.x_xss_protection '1; mode=block'", ""
|
37
|
-
|
38
|
-
server do
|
39
|
-
get "/"
|
40
|
-
|
41
|
-
expect(last_response.status).to eq(200)
|
42
|
-
expect(last_response.headers).to_not have_key("X-XSS-Protection")
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
RSpec.describe "Send file", type: :integration do
|
4
|
-
it "sends file from the public directory" do
|
5
|
-
with_project do
|
6
|
-
write "public/static.txt", "Static file"
|
7
|
-
generate "action web home#index --url=/"
|
8
|
-
rewrite "apps/web/controllers/home/index.rb", <<~EOF
|
9
|
-
module Web::Controllers::Home
|
10
|
-
class Index
|
11
|
-
include Web::Action
|
12
|
-
|
13
|
-
def call(params)
|
14
|
-
send_file "static.txt"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
EOF
|
19
|
-
|
20
|
-
server do
|
21
|
-
get "/"
|
22
|
-
|
23
|
-
expect(last_response.status).to eq(200)
|
24
|
-
expect(last_response.body).to include("Static file")
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
it "doesn't send file outside of public directory" do
|
30
|
-
with_project do
|
31
|
-
generate "action web home#index --url=/"
|
32
|
-
rewrite "apps/web/controllers/home/index.rb", <<~EOF
|
33
|
-
module Web::Controllers::Home
|
34
|
-
class Index
|
35
|
-
include Web::Action
|
36
|
-
|
37
|
-
def call(params)
|
38
|
-
send_file __FILE__
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
EOF
|
43
|
-
|
44
|
-
server do
|
45
|
-
get "/"
|
46
|
-
|
47
|
-
expect(last_response.status).to eq(404)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|