merb-core 0.9.5 → 0.9.6

data/spec/public/rack/conditinal_get_middleware_spec.rb

@@ -1,139 +1,127 @@
 require File.join(File.dirname(__FILE__), "..", "..", "spec_helper")
-require File.join(File.dirname(__FILE__), "shared_example_groups")
 
 require "sha1"
 
-NOW = Time.now
-
-class EtagController < Merb::Controller
-  def non_matching_etag
-    response = "Ruby world needs a Paste port. Or... CherryPy?"
+class ConditionalGetTestController < Merb::Controller
+  def with_etag
+    response = "original message-body"
     headers['ETag'] = Digest::SHA1.hexdigest(response)
 
     response
   end
 
-  def matching_etag
-    response = "Everybody loves Rack"
-    headers['ETag'] = Digest::SHA1.hexdigest(response)
-
-    response
-  end  
-
-  def no_etag
-    # sanity check
-    headers.delete('ETag')
-    
-    "Everyone loves Rack"
+  def with_last_modified
+    headers[Merb::Const::LAST_MODIFIED] = :documents_last_modified_time
+    "original message-body"
   end
-end
 
-class LastModifiedController < Merb::Controller
-  def non_matching_last_modified
-    response = "Who cares about efficiency? Just throw more hardware at the problem."
-    headers[Merb::Const::LAST_MODIFIED] = :non_matching
-
-    response
-  end
-
-  def matching_last_modified
-    response = "Who cares about efficiency? Just throw more hardware at the problem."
-    headers[Merb::Const::LAST_MODIFIED] = :matching
-
-    response
-  end
-
-  def no_last_modified
+  def without
     # sanity check
-    headers.delete('Last-Modified')
+    headers.delete('ETag')
+    headers.delete(Merb::Const::LAST_MODIFIED)
     
-    "Everyone loves Rack"
+    "original message-body"
   end
 end
 
 
 Merb::Router.prepare do |r|
-  r.match("/etag/match").to(:controller => "etag_controller", :action => "matching_etag")
-  r.match("/etag/nomatch").to(:controller => "etag_controller", :action => "non_matching_etag")
-  r.match("/etag/stomach").to(:controller => "etag_controller", :action => "no_etag")
-
-  r.match("/last_modified/match").to(:controller => "last_modified_controller", :action => "matching_last_modified")
-  r.match("/last_modified/nomatch").to(:controller => "last_modified_controller", :action => "non_matching_last_modified")
-  r.match("/last_modified/stomach").to(:controller => "last_modified_controller", :action => "no_last_modified")
+  r.match("/with_etag").to(
+    :controller => "conditional_get_test_controller", :action => "with_etag"
+  )
+  r.match("/with_last_modified").to(
+    :controller => "conditional_get_test_controller", :action => "with_last_modified"
+  )
+  r.match("/without").to(
+    :controller => "conditional_get_test_controller", :action => "without"
+  )
 end
 
+describe Merb::Rack::ConditionalGet do
 
+  describe(
+    "when the client already has an up-to-date document", 
+    :shared => true
+  ) do
+    it 'sets status to "304"' do
+      @status.should == 304
+    end
 
-describe Merb::Rack::ConditionalGet do
+    it 'returns no message-body' do
+      @body.should == ""
+    end
+  end
+
+  describe(
+    "when the client does NOT have an up-to-date document",
+    :shared => true
+  ) do
+    it 'does not modify status' do
+      @status.should == 200
+    end
 
+    it 'does not modify message-body' do
+      @body.should == "original message-body"
+    end
+  end
+  
   before(:each) do
     @app        = Merb::Rack::Application.new
     @middleware = Merb::Rack::ConditionalGet.new(@app)
   end
   
-  describe "when response has no ETag header" do
-    it 'does not modify status' do
-      env = Rack::MockRequest.env_for('/etag/stomach')
-      status, headers, body = @middleware.call(env)
-
-      status.should == 200
+  describe "when response has no ETag header and no Last-Modified header" do
+    before(:each) do
+      env = Rack::MockRequest.env_for('/without')
+      @status, @headers, @body = @middleware.call(env)        
     end
+    
+    it_should_behave_like "when the client does NOT have an up-to-date document"
   end
 
   describe "when response has ETag header" do
     describe "and it == to HTTP_IF_NONE_MATCH of the request" do
-      it 'sets status to "304"' do
-        env = Rack::MockRequest.env_for('/etag/match')
+      before(:each) do
+        env = Rack::MockRequest.env_for('/with_etag')
         env['HTTP_IF_NONE_MATCH'] =
-          Digest::SHA1.hexdigest("Everybody loves Rack")
-        
-        status, headers, body = @middleware.call(env)
-        status.should == 304
+          Digest::SHA1.hexdigest("original message-body")
+        @status, @headers, @body = @middleware.call(env)        
       end
+
+      it_should_behave_like "when the client already has an up-to-date document"
     end
 
     describe "and it IS NOT == to HTTP_IF_NONE_MATCH of the request" do
-      it 'does not modify status' do
-        env = Rack::MockRequest.env_for('/etag/nomatch')
+      before(:each) do
+        env = Rack::MockRequest.env_for('/with_etag')
         env['HTTP_IF_NONE_MATCH'] =
-          Digest::SHA1.hexdigest("Everybody loves Rack")
-        
-        status, headers, body = @middleware.call(env)
-        status.should == 200
+          Digest::SHA1.hexdigest("a different message-body")
+        @status, @headers, @body = @middleware.call(env)
       end
-    end
-  end
-
-  describe "when response has no Last-Modified header" do
-    it 'does not modify status' do
-      env = Rack::MockRequest.env_for('/last_modified/stomach')
-      status, headers, body = @middleware.call(env)
-
-      status.should == 200
+      
+      it_should_behave_like "when the client does NOT have an up-to-date document"
     end
   end
 
   describe "when response has Last-Modified header" do
-    describe "when response has Last-Modified header" do
-      describe "and it == to HTTP_IF_NOT_MODIFIED_SINCE of the request" do
-        it 'sets status to "304"' do
-          env = Rack::MockRequest.env_for('/last_modified/match')
-          env[Merb::Const::HTTP_IF_MODIFIED_SINCE] = :matching
-          
-          status, headers, body = @middleware.call(env)
-          status.should == 304
-        end
+    describe "and it == to HTTP_IF_NOT_MODIFIED_SINCE of the request" do
+      before(:each) do
+        env = Rack::MockRequest.env_for('/with_last_modified')
+        env[Merb::Const::HTTP_IF_MODIFIED_SINCE] = :documents_last_modified_time
+        @status, @headers, @body = @middleware.call(env)
       end
+      
+      it_should_behave_like "when the client already has an up-to-date document"
+    end
 
-      describe "and it IS NOT == to HTTP_IF_NOT_MODIFIED_SINCE of the request" do
-        it 'does not modify status' do
-          env = Rack::MockRequest.env_for('/last_modified/nomatch')
-          env[Merb::Const::HTTP_IF_MODIFIED_SINCE] = :matching
-          
-          status, headers, body = @middleware.call(env)
-          status.should == 200
-        end
+    describe "and it IS NOT == to HTTP_IF_NOT_MODIFIED_SINCE of the request" do
+      before(:each) do
+        env = Rack::MockRequest.env_for('/with_last_modified')
+        env[Merb::Const::HTTP_IF_MODIFIED_SINCE] = :some_other_time
+        @status, @headers, @body = @middleware.call(env)
       end
+
+      it_should_behave_like "when the client does NOT have an up-to-date document"
     end
   end
 end

data/spec/public/rack/csrf_middleware_spec.rb

@@ -0,0 +1,70 @@
+require File.join(File.dirname(__FILE__), "..", "..", "spec_helper")
+require File.join(File.dirname(__FILE__), "shared_example_groups")
+
+
+Merb::Router.prepare do |r|
+  r.resources :users
+end
+
+class Users < Merb::Controller
+  def new
+    body = "<div><form action='/users' method='POST'></form></div>"
+    body
+  end
+
+  def index
+    body = "<div>This is my index action</div>"
+    body
+  end
+
+  def edit
+    body = "<div><form action='/users' method='POST'></form><form action='/sessions' method='POST'></form></div>"
+  end
+
+  def create
+
+  end
+end
+
+
+describe Merb::Rack::Csrf do
+  before(:each) do
+    @app = Merb::Rack::Application.new
+    @middleware = Merb::Rack::Csrf.new(@app)
+    @env = Rack::MockRequest.env_for('/users/new')
+    
+    Merb::Config[:session_secret_key] = "ABC"
+  end
+
+  it "should be successful" do
+    env = Rack::MockRequest.env_for('/users', :method => 'POST', 'csrf_authentication_token' => "b072aa15485e028dc8973d48089efe0e")
+    status, header, body = @middleware.call(env)
+    status.should == 200
+  end
+
+  it "should return a Merb::ExceptionsController::Forbidden (403)" do
+    env = Rack::MockRequest.env_for('/users', :method => 'POST', 'csrf_authentication_token' => "INCORRECT_AUTH_TOKEN")
+    status, header, body = @middleware.call(env)
+    status.should == 403
+  end
+
+  it "should insert a hidden field in to any form with a POST method" do
+    env = Rack::MockRequest.env_for('/users/new')
+    status, header, body = @middleware.call(env)
+    body.should have_tag(:form, :action => '/users')
+      body.should have_tag(:input, :type => 'hidden', :id => 'csrf_authentication_token')
+  end
+
+  it "should not do anything if there is no form found in the response" do
+    env = Rack::MockRequest.env_for('/users')
+    status, header, body = @middleware.call(env)
+    body.should not_match_tag('form')
+  end
+
+  it "should insert hidden fields in to both forms" do
+    env = Rack::MockRequest.env_for('/users/1/edit')
+    status, header, body = @middleware.call(env)
+    body.should have_tag(:form, :action => '/users')
+    body.should have_tag(:form, :action => '/sessions')
+  end
+end

data/spec/public/reloading/directory/log/merb_test.log

@@ -288161,3 +288161,55 @@ Restarting Worker Thread
  ~ Not Using Sessions
  ~ Not Using Sessions
  ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Not Using Sessions
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000
+ ~ Starting Merb server listening at 0.0.0.0:4000

data/spec/public/request/request_spec.rb

@@ -56,6 +56,7 @@ describe Merb::Request, " query and body params" do
   before(:all) { Merb::BootLoader::Dependencies.enable_json_gem }
   
   {"foo=bar&baz=bat"        => {"foo" => "bar", "baz" => "bat"},
+   "foo=bar&foo=baz"        => {"foo" => "baz"},
    "foo[]=bar&foo[]=baz"    => {"foo" => ["bar", "baz"]},
    "foo[][bar]=1&foo[][bar]=2"  => {"foo" => [{"bar" => "1"},{"bar" => "2"}]},
    "foo[bar][][baz]=1&foo[bar][][baz]=2"  => {"foo" => {"bar" => [{"baz" => "1"},{"baz" => "2"}]}},
@@ -220,4 +221,21 @@ describe Merb::Request, " misc" do
     
   end
   
-end
+end
+
+
+
+describe Merb::Request, "#if_none_match" do
+  it 'returns value of If-None-Match request header' do
+    fake_request(Merb::Const::HTTP_IF_NONE_MATCH => "dc1562a133").if_none_match.should == "dc1562a133"
+  end
+end
+
+
+
+describe Merb::Request, "#if_modified_since" do
+  it 'returns value of If-Modified-Since request header' do
+    t = '05 Sep 2008 22:00:27 GMT'
+    fake_request(Merb::Const::HTTP_IF_MODIFIED_SINCE => t).if_modified_since.should == Time.rfc2822(t)
+  end
+end

data/spec/public/router/fixation_spec.rb

@@ -1,19 +1,41 @@
 require File.join(File.dirname(__FILE__), "spec_helper")
 
+module Merb::Test::Fixtures
+  module Controllers
+    class FixatableRoutes < Merb::Controller
+      
+      def fixoid
+      end
+      
+    end
+  end
+end
+
 describe "A route marked as fixatable" do
   predicate_matchers[:allow_fixation] = :allow_fixation?
 
-  it "allows fixation" do
+  before do
     Merb::Router.prepare do |r|
-      r.match("/hello/:action/:id").to(:controller => "foo", :action => "fixoid").fixatable
+      r.match("/hello/:action/:id").to(
+        :controller => "merb/test/fixtures/controllers/fixatable_routes", 
+        :action => "fixoid").fixatable
     end
+  end
 
+  it "allows fixation" do
     matched_route_for("/hello/goodbye/tagging").should allow_fixation
   end
+  
+  it "should store a cookie with the session_id" do
+    session_id = Merb::SessionMixin.rand_uuid
+    request = fake_request(:request_uri => "/hello/goodbye/tagging", 
+      :query_string => "_session_id=#{session_id}")
+    controller = ::Merb::Dispatcher.handle(request)
+    controller.params["_session_id"].should == session_id
+    controller.request.session_cookie_value.should == session_id
+  end
 end
 
-
-
 describe "A route NOT marked as fixatable" do
   predicate_matchers[:allow_fixation] = :allow_fixation?