rack 1.3.10 → 1.4.0

data/test/spec_head.rb

@@ -2,41 +2,29 @@ require 'rack/head'
 require 'rack/mock'
 
 describe Rack::Head do
-
   def test_response(headers = {})
-    body = StringIO.new "foo"
-    app = lambda do |env|
-      [200, {"Content-type" => "test/plain", "Content-length" => "3"}, body]
-    end
+    app = lambda { |env| [200, {"Content-type" => "test/plain", "Content-length" => "3"}, ["foo"]] }
     request = Rack::MockRequest.env_for("/", headers)
     response = Rack::Head.new(app).call(request)
 
-    return response, body
+    return response
   end
 
   should "pass GET, POST, PUT, DELETE, OPTIONS, TRACE requests" do
     %w[GET POST PUT DELETE OPTIONS TRACE].each do |type|
-      resp, _ = test_response("REQUEST_METHOD" => type)
+      resp = test_response("REQUEST_METHOD" => type)
 
       resp[0].should.equal(200)
       resp[1].should.equal({"Content-type" => "test/plain", "Content-length" => "3"})
-      resp[2].each { |b| b.should.equal("foo") }
+      resp[2].should.equal(["foo"])
     end
   end
 
   should "remove body from HEAD requests" do
-    resp, _ = test_response("REQUEST_METHOD" => "HEAD")
-
-    resp[0].should.equal(200)
-    resp[1].should.equal({"Content-type" => "test/plain", "Content-length" => "3"})
-    resp[2].each { |b| flunk "body should be empty" }
-  end
+    resp = test_response("REQUEST_METHOD" => "HEAD")
 
-  should "close the body when it is removed" do
-    resp, body = test_response("REQUEST_METHOD" => "HEAD")
     resp[0].should.equal(200)
     resp[1].should.equal({"Content-type" => "test/plain", "Content-length" => "3"})
-    resp[2].each { |b| flunk "body should be empty" }
-    body.should.be.closed
+    resp[2].should.equal([])
   end
 end

data/test/spec_lint.rb

@@ -241,7 +241,7 @@ describe Rack::Lint do
     }.should.raise(Rack::Lint::LintError).
       message.should.match(/No Content-Type/)
 
-    [100, 101, 204, 304].each do |status|
+    [100, 101, 204, 205, 304].each do |status|
       lambda {
         Rack::Lint.new(lambda { |env|
                          [status, {"Content-type" => "text/plain", "Content-length" => "0"}, []]
@@ -252,7 +252,7 @@ describe Rack::Lint do
   end
 
   should "notice content-length errors" do
-    [100, 101, 204, 304].each do |status|
+    [100, 101, 204, 205, 304].each do |status|
       lambda {
         Rack::Lint.new(lambda { |env|
                          [status, {"Content-length" => "0"}, []]

data/test/spec_methodoverride.rb

@@ -55,4 +55,19 @@ describe Rack::MethodOverride do
 
     req.env["rack.methodoverride.original_method"].should.equal "POST"
   end
+
+  should "not modify REQUEST_METHOD when given invalid multipart form data" do
+    input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="huge"; filename="huge"\r
+EOF
+    env = Rack::MockRequest.env_for("/",
+                      "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                      "CONTENT_LENGTH" => input.size,
+                      :method => "POST", :input => input)
+    app = Rack::MethodOverride.new(lambda{|envx| Rack::Request.new(envx) })
+    req = app.call(env)
+
+    req.env["REQUEST_METHOD"].should.equal "POST"
+  end
 end

data/test/spec_mock.rb

@@ -42,7 +42,7 @@ describe Rack::MockRequest do
     env["mock.postdata"].should.be.empty
   end
 
-  should "allow GET/POST/PUT/DELETE" do
+  should "allow GET/POST/PUT/DELETE/HEAD" do
     res = Rack::MockRequest.new(app).get("", :input => "foo")
     env = YAML.load(res.body)
     env["REQUEST_METHOD"].should.equal "GET"
@@ -59,6 +59,10 @@ describe Rack::MockRequest do
     env = YAML.load(res.body)
     env["REQUEST_METHOD"].should.equal "DELETE"
 
+    res = Rack::MockRequest.new(app).head("", :input => "foo")
+    env = YAML.load(res.body)
+    env["REQUEST_METHOD"].should.equal "HEAD"
+
     Rack::MockRequest.env_for("/", :method => "OPTIONS")["REQUEST_METHOD"].
       should.equal "OPTIONS"
   end
@@ -189,7 +193,7 @@ describe Rack::MockRequest do
   should "call close on the original body object" do
     called = false
     body   = Rack::BodyProxy.new(['hi']) { called = true }
-    capp   = proc { |e| [200, {'Content-Type' => 'text/plain '}, body] }
+    capp   = proc { |e| [200, {'Content-Type' => 'text/plain'}, body] }
     called.should.equal false
     Rack::MockRequest.new(capp).get('/', :lint => true)
     called.should.equal true

data/test/spec_mongrel.rb

@@ -11,7 +11,7 @@ $tcp_cork_opts = nil
 describe Rack::Handler::Mongrel do
   extend TestRequest::Helpers
 
-  @server = Mongrel::HttpServer.new(@host='0.0.0.0', @port=9201)
+  @server = Mongrel::HttpServer.new(@host='127.0.0.1', @port=9201)
   @server.register('/test',
                   Rack::Handler::Mongrel.new(Rack::Lint.new(TestRequest.new)))
   @server.register('/stream',
@@ -31,7 +31,7 @@ describe Rack::Handler::Mongrel do
     response["HTTP_VERSION"].should.equal "HTTP/1.1"
     response["SERVER_PROTOCOL"].should.equal "HTTP/1.1"
     response["SERVER_PORT"].should.equal "9201"
-    response["SERVER_NAME"].should.equal "0.0.0.0"
+    response["SERVER_NAME"].should.equal "127.0.0.1"
   end
 
   should "have rack headers" do
@@ -84,7 +84,7 @@ describe Rack::Handler::Mongrel do
   should "provide a .run" do
     block_ran = false
     Thread.new {
-      Rack::Handler::Mongrel.run(lambda {}, {:Port => 9211}) { |server|
+      Rack::Handler::Mongrel.run(lambda {}, {:Host => '127.0.0.1', :Port => 9211}) { |server|
         server.should.be.kind_of Mongrel::HttpServer
         block_ran = true
       }
@@ -97,7 +97,7 @@ describe Rack::Handler::Mongrel do
     block_ran = false
     Thread.new {
       map = {'/'=>lambda{},'/foo'=>lambda{}}
-      Rack::Handler::Mongrel.run(map, :map => true, :Port => 9221) { |server|
+      Rack::Handler::Mongrel.run(map, :map => true, :Host => '127.0.0.1', :Port => 9221) { |server|
         server.should.be.kind_of Mongrel::HttpServer
         server.classifier.uris.size.should.equal 2
         server.classifier.uris.should.not.include '/arf'
@@ -114,7 +114,7 @@ describe Rack::Handler::Mongrel do
     block_ran = false
     Thread.new {
       map = Rack::URLMap.new({'/'=>lambda{},'/bar'=>lambda{}})
-      Rack::Handler::Mongrel.run(map, {:map => true, :Port => 9231}) { |server|
+      Rack::Handler::Mongrel.run(map, {:map => true, :Host => '127.0.0.1', :Port => 9231}) { |server|
         server.should.be.kind_of Mongrel::HttpServer
         server.classifier.uris.size.should.equal 2
         server.classifier.uris.should.not.include '/arf'
@@ -134,12 +134,12 @@ describe Rack::Handler::Mongrel do
         '/' => lambda{},
         '/foo' => lambda{},
         '/bar' => lambda{},
-        'http://localhost/' => lambda{},
-        'http://localhost/bar' => lambda{},
+        'http://127.0.0.1/' => lambda{},
+        'http://127.0.0.1/bar' => lambda{},
         'http://falsehost/arf' => lambda{},
         'http://falsehost/qux' => lambda{}
       })
-      opt = {:map => true, :Port => 9241, :Host => 'localhost'}
+      opt = {:map => true, :Port => 9241, :Host => '127.0.0.1'}
       Rack::Handler::Mongrel.run(map, opt) { |server|
         server.should.be.kind_of Mongrel::HttpServer
         server.classifier.uris.should.include '/'

data/test/spec_multipart.rb

@@ -48,59 +48,6 @@ describe Rack::Multipart do
     params['profile']['bio'].should.include 'hello'
   end
 
-  should "reject insanely long boundaries" do
-    # using a pipe since a tempfile can use up too much space
-    rd, wr = IO.pipe
-
-    # we only call rewind once at start, so make sure it succeeds
-    # and doesn't hit ESPIPE
-    def rd.rewind; end
-    wr.sync = true
-
-    # mock out length to make this pipe look like a Tempfile
-    def rd.length
-      1024 * 1024 * 8
-    end
-
-    # write to a pipe in a background thread, this will write a lot
-    # unless Rack (properly) shuts down the read end
-    thr = Thread.new do
-      begin
-        wr.write("--AaB03x")
-
-        # make the initial boundary a few gigs long
-        longer = "0123456789" * 1024 * 1024
-        (1024 * 1024).times { wr.write(longer) }
-
-        wr.write("\r\n")
-        wr.write('Content-Disposition: form-data; name="a"; filename="a.txt"')
-        wr.write("\r\n")
-        wr.write("Content-Type: text/plain\r\n")
-        wr.write("\r\na")
-        wr.write("--AaB03x--\r\n")
-        wr.close
-      rescue => err # this is EPIPE if Rack shuts us down
-        err
-      end
-    end
-
-    fixture = {
-      "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
-      "CONTENT_LENGTH" => rd.length.to_s,
-      :input => rd,
-    }
-
-    env = Rack::MockRequest.env_for '/', fixture
-    lambda {
-      Rack::Multipart.parse_multipart(env)
-    }.should.raise(EOFError)
-    rd.close
-
-    err = thr.value
-    err.should.be.instance_of Errno::EPIPE
-    wr.close
-  end
-
   should "parse multipart upload with text file" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
     params = Rack::Multipart.parse_multipart(env)
@@ -348,24 +295,24 @@ describe Rack::Multipart do
       message.should.equal "value must be a Hash"
   end
 
-  should "parse very long unquoted multipart file names" do
+  it "can parse fields with a content type" do
     data = <<-EOF
---AaB03x\r
-Content-Type: text/plain\r
-Content-Disposition: attachment; name=file; filename=#{'long' * 100}\r
+--1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon\r
+Content-Disposition: form-data; name="description"\r
+Content-Type: text/plain"\r
 \r
-contents\r
---AaB03x--\r
-    EOF
-
+Very very blue\r
+--1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon--\r
+EOF
     options = {
-      "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+      "CONTENT_TYPE" => "multipart/form-data; boundary=1yy3laWhgX31qpiHinh67wJXqKalukEUTvqTzmon",
       "CONTENT_LENGTH" => data.length.to_s,
       :input => StringIO.new(data)
     }
     env = Rack::MockRequest.env_for("/", options)
     params = Rack::Utils::Multipart.parse_multipart(env)
 
-    params["file"][:filename].should.equal('long' * 100)
+    params.should.equal({"description"=>"Very very blue"})
   end
+
 end

data/test/spec_request.rb

@@ -359,13 +359,17 @@ describe Rack::Request do
     request.scheme.should.equal "https"
     request.should.be.ssl?
 
+    request = Rack::Request.new(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_SCHEME' => 'https'))
+    request.scheme.should.equal "https"
+    request.should.be.ssl?
+
     request = Rack::Request.new(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_PROTO' => 'https'))
     request.scheme.should.equal "https"
     request.should.be.ssl?
 
     request = Rack::Request.new(Rack::MockRequest.env_for("/", 'HTTP_X_FORWARDED_PROTO' => 'https, http, http'))
     request.scheme.should.equal "https"
-    request.should.be.ssl
+    request.should.be.ssl?
   end
 
   should "parse cookies" do
@@ -383,6 +387,15 @@ describe Rack::Request do
     hash = req.cookies
     req.env.delete("HTTP_COOKIE")
     req.cookies.should.equal(hash)
+    req.env["HTTP_COOKIE"] = "zoo=m"
+    req.cookies.should.equal(hash)
+  end
+
+  should "modify the cookies hash in place" do
+    req = Rack::Request.new(Rack::MockRequest.env_for(""))
+    req.cookies.should.equal({})
+    req.cookies['foo'] = 'bar'
+    req.cookies.should.equal 'foo' => 'bar'
   end
 
   should "raise any errors on every request" do
@@ -774,38 +787,98 @@ EOF
     parser.call("compress;q=0.5, gzip;q=1.0").should.equal([["compress", 0.5], ["gzip", 1.0]])
     parser.call("gzip;q=1.0, identity; q=0.5, *;q=0").should.equal([["gzip", 1.0], ["identity", 0.5], ["*", 0] ])
 
-    lambda { parser.call("gzip ; q=1.0") }.should.raise(RuntimeError)
+    parser.call("gzip ; q=0.9").should.equal([["gzip", 0.9]])
+    parser.call("gzip ; deflate").should.equal([["gzip", 1.0]])
   end
 
+  ip_app = lambda { |env|
+    request = Rack::Request.new(env)
+    response = Rack::Response.new
+    response.write request.ip
+    response.finish
+  }
+
   should 'provide ip information' do
-    app = lambda { |env|
-      request = Rack::Request.new(env)
-      response = Rack::Response.new
-      response.write request.ip
-      response.finish
-    }
+    mock = Rack::MockRequest.new(Rack::Lint.new(ip_app))
 
-    mock = Rack::MockRequest.new(Rack::Lint.new(app))
-    res = mock.get '/', 'REMOTE_ADDR' => '123.123.123.123'
-    res.body.should.equal '123.123.123.123'
+    res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4'
+    res.body.should.equal '1.2.3.4'
 
-    res = mock.get '/',
-      'REMOTE_ADDR' => '123.123.123.123',
-      'HTTP_X_FORWARDED_FOR' => '234.234.234.234'
+    res = mock.get '/', 'REMOTE_ADDR' => 'fe80::202:b3ff:fe1e:8329'
+    res.body.should.equal 'fe80::202:b3ff:fe1e:8329'
+
+    res = mock.get '/', 'REMOTE_ADDR' => '1.2.3.4,3.4.5.6'
+    res.body.should.equal '1.2.3.4'
+  end
 
-    res.body.should.equal '234.234.234.234'
+  should 'deals with proxies' do
+    mock = Rack::MockRequest.new(Rack::Lint.new(ip_app))
 
     res = mock.get '/',
-      'REMOTE_ADDR' => '123.123.123.123',
-      'HTTP_X_FORWARDED_FOR' => '234.234.234.234,212.212.212.212'
+      'REMOTE_ADDR' => '1.2.3.4',
+      'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    res.body.should.equal '1.2.3.4'
 
-    res.body.should.equal '234.234.234.234'
+    res = mock.get '/',
+      'REMOTE_ADDR' => '127.0.0.1',
+      'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '192.168.0.1,3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '10.0.0.1,3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '10.0.0.1, 10.0.0.1, 3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '127.0.0.1, 3.4.5.6'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,192.168.0.1'
+    res.body.should.equal 'unknown'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'other,unknown,192.168.0.1'
+    res.body.should.equal 'unknown'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'unknown,localhost,192.168.0.1'
+    res.body.should.equal 'unknown'
 
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
+    res.body.should.equal '3.4.5.6'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '::1,2620:0:1c00:0:812c:9583:754b:ca11'
+    res.body.should.equal '2620:0:1c00:0:812c:9583:754b:ca11'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '2620:0:1c00:0:812c:9583:754b:ca11,::1'
+    res.body.should.equal '2620:0:1c00:0:812c:9583:754b:ca11'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => 'fd5b:982e:9130:247f:0000:0000:0000:0000,2620:0:1c00:0:812c:9583:754b:ca11'
+    res.body.should.equal '2620:0:1c00:0:812c:9583:754b:ca11'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '2620:0:1c00:0:812c:9583:754b:ca11,fd5b:982e:9130:247f:0000:0000:0000:0000'
+    res.body.should.equal '2620:0:1c00:0:812c:9583:754b:ca11'
+
+    res = mock.get '/',
+      'HTTP_X_FORWARDED_FOR' => '1.1.1.1, 127.0.0.1',
+      'HTTP_CLIENT_IP' => '1.1.1.1'
+    res.body.should.equal '1.1.1.1'
+
+    # Spoofing attempt
     res = mock.get '/',
-      'REMOTE_ADDR' => '123.123.123.123',
-      'HTTP_X_FORWARDED_FOR' => 'unknown,234.234.234.234,212.212.212.212'
+      'HTTP_X_FORWARDED_FOR' => '1.1.1.1',
+      'HTTP_CLIENT_IP' => '2.2.2.2'
+    res.body.should.equal '1.1.1.1'
+
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, 9.9.9.9'
+    res.body.should.equal '9.9.9.9'
 
-    res.body.should.equal '234.234.234.234'
+    res = mock.get '/', 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, fe80::202:b3ff:fe1e:8329'
+    res.body.should.equal 'fe80::202:b3ff:fe1e:8329'
   end
 
   class MyRequest < Rack::Request

data/test/spec_response.rb

@@ -109,6 +109,18 @@ describe Rack::Response do
                                          "foo=; domain=sample.example.com; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
   end
 
+  it "can delete cookies with the same name with different paths" do
+    response = Rack::Response.new
+    response.set_cookie "foo", {:value => "bar", :path => "/"}
+    response.set_cookie "foo", {:value => "bar", :path => "/path"}
+    response["Set-Cookie"].should.equal ["foo=bar; path=/",
+                                         "foo=bar; path=/path"].join("\n")
+
+    response.delete_cookie "foo", :path => "/path"
+    response["Set-Cookie"].should.equal ["foo=bar; path=/",
+                                         "foo=; path=/path; expires=Thu, 01-Jan-1970 00:00:00 GMT"].join("\n")
+  end
+
   it "can do redirects" do
     response = Rack::Response.new
     response.redirect "/foo"
@@ -196,11 +208,21 @@ describe Rack::Response do
     res.should.be.successful
     res.should.be.ok
 
+    res.status = 400
+    res.should.not.be.successful
+    res.should.be.client_error
+    res.should.be.bad_request
+
     res.status = 404
     res.should.not.be.successful
     res.should.be.client_error
     res.should.be.not_found
 
+    res.status = 422
+    res.should.not.be.successful
+    res.should.be.client_error
+    res.should.be.unprocessable
+
     res.status = 501
     res.should.not.be.successful
     res.should.be.server_error
@@ -250,28 +272,4 @@ describe Rack::Response do
     res.close
     res.body.should.be.closed
   end
-
-  it "calls close on #body when 204, 205, or 304" do
-    res = Rack::Response.new
-    res.body = StringIO.new
-    res.finish
-    res.body.should.not.be.closed
-
-    res.status = 204
-    _, _, b = res.finish
-    res.body.should.be.closed
-    b.should.not == res.body
-
-    res.body = StringIO.new
-    res.status = 304
-    _, _, b = res.finish
-    res.body.should.be.closed
-    b.should.not == res.body
-  end
-
-  it "wraps the body from #to_ary to prevent infinite loops" do
-    res = Rack::Response.new
-    res.finish.last.should.not.respond_to?(:to_ary)
-    lambda { res.finish.last.to_ary }.should.raise(NoMethodError)
-  end
 end