rack 1.4.0 → 1.4.5

data/test/spec_request.rb

@@ -137,6 +137,19 @@ describe Rack::Request do
     end
   end
 
+  should "limit the key size per nested params hash" do
+    nested_query = Rack::MockRequest.env_for("/?foo[bar][baz][qux]=1")
+    plain_query  = Rack::MockRequest.env_for("/?foo_bar__baz__qux_=1")
+
+    old, Rack::Utils.key_space_limit = Rack::Utils.key_space_limit, 3
+    begin
+      lambda { Rack::Request.new(nested_query).GET }.should.not.raise(RangeError)
+      lambda { Rack::Request.new(plain_query).GET  }.should.raise(RangeError)
+    ensure
+      Rack::Utils.key_space_limit = old
+    end
+  end
+
   should "not unify GET and POST when calling params" do
     mr = Rack::MockRequest.env_for("/?foo=quux",
       "REQUEST_METHOD" => 'POST',
@@ -398,9 +411,9 @@ describe Rack::Request do
     req.cookies.should.equal 'foo' => 'bar'
   end
 
-  should "raise any errors on every request" do
+  should "pass through non-uri escaped cookies as-is" do
     req = Rack::Request.new Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=%")
-    2.times { proc { req.cookies }.should.raise(ArgumentError) }
+    req.cookies["foo"].should == "%"
   end
 
   should "parse cookies according to RFC 2109" do

data/test/spec_response.rb

@@ -1,4 +1,3 @@
-require 'set'
 require 'rack/response'
 require 'stringio'
 
@@ -125,7 +124,6 @@ describe Rack::Response do
     response = Rack::Response.new
     response.redirect "/foo"
     status, header, body = response.finish
-
     status.should.equal 302
     header["Location"].should.equal "/foo"
 
@@ -147,7 +145,12 @@ describe Rack::Response do
     str = ""; body.each { |part| str << part }
     str.should.equal "foobar"
 
-    r = Rack::Response.new(["foo", "bar"].to_set)
+    object_with_each = Object.new
+    def object_with_each.each
+      yield "foo"
+      yield "bar"
+    end
+    r = Rack::Response.new(object_with_each)
     r.write "foo"
     status, header, body = r.finish
     str = ""; body.each { |part| str << part }
@@ -218,6 +221,11 @@ describe Rack::Response do
     res.should.be.client_error
     res.should.be.not_found
 
+    res.status = 405
+    res.should.not.be.successful
+    res.should.be.client_error
+    res.should.be.method_not_allowed
+
     res.status = 422
     res.should.not.be.successful
     res.should.be.client_error
@@ -272,4 +280,34 @@ describe Rack::Response do
     res.close
     res.body.should.be.closed
   end
+
+  it "calls close on #body when 204, 205, or 304" do
+    res = Rack::Response.new
+    res.body = StringIO.new
+    res.finish
+    res.body.should.not.be.closed
+
+    res.status = 204
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+
+    res.body = StringIO.new
+    res.status = 205
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+
+    res.body = StringIO.new
+    res.status = 304
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+  end
+
+  it "wraps the body from #to_ary to prevent infinite loops" do
+    res = Rack::Response.new
+    res.finish.last.should.not.respond_to?(:to_ary)
+    lambda { res.finish.last.to_ary }.should.raise(NoMethodError)
+  end
 end

data/test/spec_runtime.rb

@@ -1,27 +1,37 @@
+require 'rack/lint'
+require 'rack/mock'
 require 'rack/runtime'
 
 describe Rack::Runtime do
+  def runtime_app(app, *args)
+    Rack::Lint.new Rack::Runtime.new(app, *args)
+  end
+  
+  def request
+    Rack::MockRequest.env_for
+  end
+  
   it "sets X-Runtime is none is set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    response = Rack::Runtime.new(app).call({})
+    response = runtime_app(app).call(request)
     response[1]['X-Runtime'].should =~ /[\d\.]+/
   end
 
   it "doesn't set the X-Runtime if it is already set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain', "X-Runtime" => "foobar"}, "Hello, World!"] }
-    response = Rack::Runtime.new(app).call({})
+    response = runtime_app(app).call(request)
     response[1]['X-Runtime'].should == "foobar"
   end
 
   should "allow a suffix to be set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    response = Rack::Runtime.new(app, "Test").call({})
+    response = runtime_app(app, "Test").call(request)
     response[1]['X-Runtime-Test'].should =~ /[\d\.]+/
   end
 
   should "allow multiple timers to be set" do
     app = lambda { |env| sleep 0.1; [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    runtime = Rack::Runtime.new(app, "App")
+    runtime = runtime_app(app, "App")
 
     # wrap many times to guarantee a measurable difference
     100.times do |i|
@@ -29,7 +39,7 @@ describe Rack::Runtime do
     end
     runtime = Rack::Runtime.new(runtime, "All")
 
-    response = runtime.call({})
+    response = runtime.call(request)
 
     response[1]['X-Runtime-App'].should =~ /[\d\.]+/
     response[1]['X-Runtime-All'].should =~ /[\d\.]+/

data/test/spec_sendfile.rb

@@ -1,5 +1,8 @@
+require 'fileutils'
+require 'rack/lint'
 require 'rack/sendfile'
 require 'rack/mock'
+require 'tmpdir'
 
 describe Rack::File do
   should "respond to #to_path" do
@@ -9,8 +12,9 @@ end
 
 describe Rack::Sendfile do
   def sendfile_body
+    FileUtils.touch File.join(Dir.tmpdir,  "rack_sendfile")
     res = ['Hello World']
-    def res.to_path ; "/tmp/hello.txt" ; end
+    def res.to_path ; File.join(Dir.tmpdir,  "rack_sendfile") ; end
     res
   end
 
@@ -19,7 +23,7 @@ describe Rack::Sendfile do
   end
 
   def sendfile_app(body=sendfile_body)
-    Rack::Sendfile.new(simple_app(body))
+    Rack::Lint.new Rack::Sendfile.new(simple_app(body))
   end
 
   @request = Rack::MockRequest.new(sendfile_app)
@@ -40,8 +44,8 @@ describe Rack::Sendfile do
     request 'HTTP_X_SENDFILE_TYPE' => 'X-Sendfile' do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Sendfile'].should.equal '/tmp/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Sendfile'].should.equal File.join(Dir.tmpdir,  "rack_sendfile")
     end
   end
 
@@ -49,21 +53,21 @@ describe Rack::Sendfile do
     request 'HTTP_X_SENDFILE_TYPE' => 'X-Lighttpd-Send-File' do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Lighttpd-Send-File'].should.equal '/tmp/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Lighttpd-Send-File'].should.equal File.join(Dir.tmpdir,  "rack_sendfile")
     end
   end
 
   it "sets X-Accel-Redirect response header and discards body" do
     headers = {
       'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect',
-      'HTTP_X_ACCEL_MAPPING' => '/tmp/=/foo/bar/'
+      'HTTP_X_ACCEL_MAPPING' => "#{Dir.tmpdir}/=/foo/bar/"
     }
     request headers do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Accel-Redirect'].should.equal '/foo/bar/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Accel-Redirect'].should.equal '/foo/bar/rack_sendfile'
     end
   end
 

data/test/spec_server.rb

@@ -10,6 +10,13 @@ describe Rack::Server do
     lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['success']] }
   end
 
+  def with_stderr
+    old, $stderr = $stderr, StringIO.new
+    yield $stderr
+  ensure
+    $stderr = old
+  end
+
   it "overrides :config if :app is passed in" do
     server = Rack::Server.new(:app => "FOO")
     server.app.should == "FOO"
@@ -71,4 +78,44 @@ describe Rack::Server do
     open(pidfile) { |f| f.read.should.eql $$.to_s }
   end
 
+  should "check pid file presence and running process" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write($$); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :running
+  end
+
+  should "check pid file presence and dead process" do
+    dead_pid = `echo $$`.to_i
+    pidfile = Tempfile.open('pidfile') { |f| f.write(dead_pid); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :dead
+  end
+
+  should "check pid file presence and exited process" do
+    pidfile = Tempfile.open('pidfile') { |f| break f }.path
+    ::File.delete(pidfile)
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :exited
+  end
+
+  should "check pid file presence and not owned process" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :not_owned
+  end
+
+  should "inform the user about existing pidfiles with running processes" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    with_stderr do |err|
+      should.raise(SystemExit) do
+        server.start
+      end
+      err.rewind
+      output = err.read
+      output.should.match(/already running/)
+      output.should.include? pidfile
+    end
+  end
+
 end

data/test/spec_session_cookie.rb

@@ -1,4 +1,5 @@
 require 'rack/session/cookie'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::Session::Cookie do
@@ -9,7 +10,7 @@ describe Rack::Session::Cookie do
     hash.delete("session_id")
     Rack::Response.new(hash.inspect).to_a
   end
-
+  
   session_id = lambda do |env|
     Rack::Response.new(env["rack.session"].to_hash.inspect).to_a
   end
@@ -24,6 +25,50 @@ describe Rack::Session::Cookie do
     Rack::Response.new("Nothing").to_a
   end
 
+  renewer = lambda do |env|
+    env["rack.session.options"][:renew] = true
+    Rack::Response.new("Nothing").to_a
+  end
+
+  only_session_id = lambda do |env|
+    Rack::Response.new(env["rack.session"]["session_id"].to_s).to_a
+  end
+
+  bigcookie = lambda do |env|
+    env["rack.session"]["cookie"] = "big" * 3000
+    Rack::Response.new(env["rack.session"].inspect).to_a
+  end
+
+  destroy_session = lambda do |env|
+    env["rack.session"].destroy
+    Rack::Response.new("Nothing").to_a
+  end
+
+  def response_for(options={})
+    request_options = options.fetch(:request, {})
+    cookie = if options[:cookie].is_a?(Rack::Response)
+      options[:cookie]["Set-Cookie"]
+    else
+      options[:cookie]
+    end
+    request_options["HTTP_COOKIE"] = cookie || ""
+
+    app_with_cookie = Rack::Session::Cookie.new(*options[:app])
+    app_with_cookie = Rack::Lint.new(app_with_cookie)
+    Rack::MockRequest.new(app_with_cookie).get("/", request_options)
+  end
+
+  before do
+    @warnings = warnings = []
+    Rack::Session::Cookie.class_eval do
+      define_method(:warn) { |m| warnings << m }
+    end
+  end
+
+  after do
+    Rack::Session::Cookie.class_eval { remove_method :warn }
+  end
+
   describe 'Base64' do
     it 'uses base64 to encode' do
       coder = Rack::Session::Cookie::Base64.new
@@ -57,6 +102,14 @@ describe Rack::Session::Cookie do
     end
   end
 
+  it "warns if no secret is given" do
+    cookie = Rack::Session::Cookie.new(incrementor)
+    @warnings.first.should =~ /no secret/i
+    @warnings.clear
+    cookie = Rack::Session::Cookie.new(incrementor, :secret => 'abc')
+    @warnings.should.be.empty?
+  end
+
   it 'uses a coder' do
     identity = Class.new {
       attr_reader :calls
@@ -123,6 +176,10 @@ describe Rack::Session::Cookie do
     res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
       get("/", "HTTP_COOKIE" => "rack.session=blarghfasel")
     res.body.should.equal '{"counter"=>1}'
+
+    app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
+    res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => "rack.session=")
+    res.body.should.equal '{"counter"=>1}'
   end
 
   bigcookie = lambda do |env|
@@ -137,7 +194,7 @@ describe Rack::Session::Cookie do
     }.should.raise(Rack::MockRequest::FatalWarning)
   end
 
-  it "loads from a cookie wih integrity hash" do
+  it "loads from a cookie with integrity hash" do
     res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).get("/")
     cookie = res["Set-Cookie"]
     res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
@@ -147,6 +204,9 @@ describe Rack::Session::Cookie do
     res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
       get("/", "HTTP_COOKIE" => cookie)
     res.body.should.equal '{"counter"=>3}'
+    res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'other')).
+      get("/", "HTTP_COOKIE" => cookie)
+    res.body.should.equal '{"counter"=>1}'
   end
 
   it "loads from a cookie wih accept-only integrity hash for graceful key rotation" do
@@ -165,16 +225,31 @@ describe Rack::Session::Cookie do
     app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
     response1 = Rack::MockRequest.new(app).get("/")
     response1.body.should.equal '{"counter"=>1}'
+    response1 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => response1["Set-Cookie"])
+    response1.body.should.equal '{"counter"=>2}'
 
     _, digest = response1["Set-Cookie"].split("--")
     tampered_with_cookie = "hackerman-was-here" + "--" + digest
     response2 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" =>
                                                tampered_with_cookie)
 
-    # Tampared cookie was ignored. Counter is back to 1.
+    # Tampered cookie was ignored. Counter is back to 1.
     response2.body.should.equal '{"counter"=>1}'
   end
 
+  it "supports either of secret or old_secret" do
+    app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
+    res = Rack::MockRequest.new(app).get("/")
+    res.body.should.equal '{"counter"=>1}'
+    res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+    res.body.should.equal '{"counter"=>2}'
+    app = Rack::Session::Cookie.new(incrementor, :old_secret => 'test')
+    res = Rack::MockRequest.new(app).get("/")
+    res.body.should.equal '{"counter"=>1}'
+    res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+    res.body.should.equal '{"counter"=>2}'
+  end
+
   describe "1.9 bugs relating to inspecting yet-to-be-loaded from cookie data: Rack::Session::Abstract::SessionHash" do
 
     it "can handle Rack::Lint middleware" do
@@ -225,6 +300,7 @@ describe Rack::Session::Cookie do
 
     res = Rack::MockRequest.new(app).get("/", "HTTPS" => "on")
     res["Set-Cookie"].should.not.be.nil
+    res["Set-Cookie"].should.match(/secure/)
   end
 
   it "does not return a cookie if cookie was not read/written" do
@@ -268,4 +344,18 @@ describe Rack::Session::Cookie do
     res = Rack::MockRequest.new(app).get("/", 'rack.session' => {:foo => 'bar'})
     res.body.should.match(/foo/)
   end
+
+  it "allows modifying session data with session data from middleware in front" do
+    request = { 'rack.session' => { :foo => 'bar' }}
+    response = response_for(:app => incrementor, :request => request)
+    response.body.should.match(/counter/)
+    response.body.should.match(/foo/)
+  end
+
+  it "allows modifying session data with session data from middleware in front" do
+    request = { 'rack.session' => { :foo => 'bar' }}
+    response = response_for(:app => incrementor, :request => request)
+    response.body.should.match(/counter/)
+    response.body.should.match(/foo/)
+  end
 end

data/test/spec_session_memcache.rb

@@ -1,5 +1,6 @@
 begin
   require 'rack/session/memcache'
+  require 'rack/lint'
   require 'rack/mock'
   require 'thread'
 
@@ -11,22 +12,23 @@ begin
       env["rack.session"]["counter"] += 1
       Rack::Response.new(env["rack.session"].inspect).to_a
     end
-    drop_session = proc do |env|
+    drop_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:drop] = true
       incrementor.call(env)
-    end
-    renew_session = proc do |env|
+    end)
+    renew_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:renew] = true
       incrementor.call(env)
-    end
-    defer_session = proc do |env|
+    end)
+    defer_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:defer] = true
       incrementor.call(env)
-    end
-    skip_session = proc do |env|
+    end)
+    skip_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:skip] = true
       incrementor.call(env)
-    end
+    end)
+    incrementor = Rack::Lint.new(incrementor)
 
     # test memcache connection
     Rack::Session::Memcache.new(incrementor)

data/test/spec_session_pool.rb

@@ -1,4 +1,5 @@
 require 'thread'
+require 'rack/lint'
 require 'rack/mock'
 require 'rack/session/pool'
 
@@ -12,28 +13,30 @@ describe Rack::Session::Pool do
     Rack::Response.new(env["rack.session"].inspect).to_a
   end
 
-  session_id = lambda do |env|
+  session_id = Rack::Lint.new(lambda do |env|
     Rack::Response.new(env["rack.session"].inspect).to_a
-  end
+  end)
 
-  nothing = lambda do |env|
+  nothing = Rack::Lint.new(lambda do |env|
     Rack::Response.new("Nothing").to_a
-  end
+  end)
 
-  drop_session = lambda do |env|
+  drop_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:drop] = true
     incrementor.call(env)
-  end
+  end)
 
-  renew_session = lambda do |env|
+  renew_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:renew] = true
     incrementor.call(env)
-  end
+  end)
 
-  defer_session = lambda do |env|
+  defer_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:defer] = true
     incrementor.call(env)
-  end
+  end)
+  
+  incrementor = Rack::Lint.new(incrementor)
 
   it "creates a new cookie" do
     pool = Rack::Session::Pool.new(incrementor)

data/test/spec_showexceptions.rb

@@ -1,12 +1,17 @@
 require 'rack/showexceptions'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::ShowExceptions do
+  def show_exceptions(app)
+    Rack::Lint.new Rack::ShowExceptions.new(app)
+  end
+  
   it "catches exceptions" do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError }
     ))
 
@@ -25,7 +30,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "It was never supposed to work" }
     ))
 
@@ -46,7 +51,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "It was never supposed to work" }
     ))
 
@@ -68,7 +73,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "", [] }
       )
     )

data/test/spec_showstatus.rb

@@ -1,10 +1,15 @@
 require 'rack/showstatus'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::ShowStatus do
+  def show_status(app)
+    Rack::Lint.new Rack::ShowStatus.new(app)
+  end
+  
   should "provide a default status message" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(lambda{|env|
+      show_status(lambda{|env|
         [404, {"Content-Type" => "text/plain", "Content-Length" => "0"}, []]
     }))
 
@@ -19,7 +24,7 @@ describe Rack::ShowStatus do
 
   should "let the app provide additional information" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           env["rack.showstatus.detail"] = "gone too meta."
           [404, {"Content-Type" => "text/plain", "Content-Length" => "0"}, []]
@@ -37,7 +42,7 @@ describe Rack::ShowStatus do
 
   should "not replace existing messages" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           [404, {"Content-Type" => "text/plain", "Content-Length" => "4"}, ["foo!"]]
     }))
@@ -52,7 +57,7 @@ describe Rack::ShowStatus do
     headers = {"WWW-Authenticate" => "Basic blah"}
 
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(lambda{|env| [401, headers, []] }))
+      show_status(lambda{|env| [401, headers, []] }))
     res = req.get("/", :lint => true)
 
     res["WWW-Authenticate"].should.equal("Basic blah")
@@ -60,7 +65,7 @@ describe Rack::ShowStatus do
 
   should "replace existing messages if there is detail" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           env["rack.showstatus.detail"] = "gone too meta."
           [404, {"Content-Type" => "text/plain", "Content-Length" => "4"}, ["foo!"]]