rack 1.4.1 → 1.4.5

data/test/spec_multipart.rb

@@ -48,6 +48,59 @@ describe Rack::Multipart do
     params['profile']['bio'].should.include 'hello'
   end
 
+  should "reject insanely long boundaries" do
+    # using a pipe since a tempfile can use up too much space
+    rd, wr = IO.pipe
+
+    # we only call rewind once at start, so make sure it succeeds
+    # and doesn't hit ESPIPE
+    def rd.rewind; end
+    wr.sync = true
+
+    # mock out length to make this pipe look like a Tempfile
+    def rd.length
+      1024 * 1024 * 8
+    end
+
+    # write to a pipe in a background thread, this will write a lot
+    # unless Rack (properly) shuts down the read end
+    thr = Thread.new do
+      begin
+        wr.write("--AaB03x")
+
+        # make the initial boundary a few gigs long
+        longer = "0123456789" * 1024 * 1024
+        (1024 * 1024).times { wr.write(longer) }
+
+        wr.write("\r\n")
+        wr.write('Content-Disposition: form-data; name="a"; filename="a.txt"')
+        wr.write("\r\n")
+        wr.write("Content-Type: text/plain\r\n")
+        wr.write("\r\na")
+        wr.write("--AaB03x--\r\n")
+        wr.close
+      rescue => err # this is EPIPE if Rack shuts us down
+        err
+      end
+    end
+
+    fixture = {
+      "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+      "CONTENT_LENGTH" => rd.length.to_s,
+      :input => rd,
+    }
+
+    env = Rack::MockRequest.env_for '/', fixture
+    lambda {
+      Rack::Multipart.parse_multipart(env)
+    }.should.raise(EOFError)
+    rd.close
+
+    err = thr.value
+    err.should.be.instance_of Errno::EPIPE
+    wr.close
+  end
+
   should "parse multipart upload with text file" do
     env = Rack::MockRequest.env_for("/", multipart_fixture(:text))
     params = Rack::Multipart.parse_multipart(env)
@@ -360,4 +413,33 @@ EOF
     params.should.equal({"description"=>"Very very blue"})
   end
 
+  should "parse multipart upload with no content-length header" do
+    env = Rack::MockRequest.env_for '/', multipart_fixture(:webkit)
+    env['CONTENT_TYPE'] = "multipart/form-data; boundary=----WebKitFormBoundaryWLHCs9qmcJJoyjKR"
+    env.delete 'CONTENT_LENGTH'
+    params = Rack::Multipart.parse_multipart(env)
+    params['profile']['bio'].should.include 'hello'
+  end
+
+  should "parse very long unquoted multipart file names" do
+    data = <<-EOF
+--AaB03x\r
+Content-Type: text/plain\r
+Content-Disposition: attachment; name=file; filename=#{'long' * 100}\r
+\r
+contents\r
+--AaB03x--\r
+    EOF
+
+    options = {
+      "CONTENT_TYPE" => "multipart/form-data; boundary=AaB03x",
+      "CONTENT_LENGTH" => data.length.to_s,
+      :input => StringIO.new(data)
+    }
+    env = Rack::MockRequest.env_for("/", options)
+    params = Rack::Utils::Multipart.parse_multipart(env)
+
+    params["file"][:filename].should.equal('long' * 100)
+  end
+
 end

data/test/spec_nulllogger.rb

@@ -1,12 +1,23 @@
+require 'enumerator'
+require 'rack/lint'
+require 'rack/mock'
 require 'rack/nulllogger'
 
 describe Rack::NullLogger do
+  ::Enumerator = ::Enumerable::Enumerator unless Object.const_defined?(:Enumerator)
+  
   should "act as a noop logger" do
     app = lambda { |env|
       env['rack.logger'].warn "b00m"
       [200, {'Content-Type' => 'text/plain'}, ["Hello, World!"]]
     }
-    logger = Rack::NullLogger.new(app)
-    lambda{ logger.call({}) }.should.not.raise
+    
+    logger = Rack::Lint.new(Rack::NullLogger.new(app))
+    
+    res = logger.call(Rack::MockRequest.env_for)
+    res[0..1].should.equal [
+      200, {'Content-Type' => 'text/plain'}
+    ]
+    Enumerator.new(res[2]).to_a.should.equal ["Hello, World!"]
   end
 end

data/test/spec_recursive.rb

@@ -1,3 +1,4 @@
+require 'rack/lint'
 require 'rack/recursive'
 require 'rack/mock'
 
@@ -28,11 +29,14 @@ describe Rack::Recursive do
   @app4 = lambda { |env|
     raise Rack::ForwardRequest.new("http://example.org/app1/quux?meh")
   }
+  
+  def recursive(map)
+    Rack::Lint.new Rack::Recursive.new(Rack::URLMap.new(map))
+  end
 
   should "allow for subrequests" do
-    res = Rack::MockRequest.new(Rack::Recursive.new(
-                                  Rack::URLMap.new("/app1" => @app1,
-                                                   "/app2" => @app2))).
+    res = Rack::MockRequest.new(recursive("/app1" => @app1,
+                                          "/app2" => @app2)).
       get("/app2")
 
     res.should.be.ok
@@ -41,9 +45,8 @@ describe Rack::Recursive do
 
   should "raise error on requests not below the app" do
     app = Rack::URLMap.new("/app1" => @app1,
-                           "/app" => Rack::Recursive.new(
-                              Rack::URLMap.new("/1" => @app1,
-                                               "/2" => @app2)))
+                           "/app" => recursive("/1" => @app1,
+                                               "/2" => @app2))
 
     lambda {
       Rack::MockRequest.new(app).get("/app/2")
@@ -52,9 +55,9 @@ describe Rack::Recursive do
   end
 
   should "support forwarding" do
-    app = Rack::Recursive.new(Rack::URLMap.new("/app1" => @app1,
-                                               "/app3" => @app3,
-                                               "/app4" => @app4))
+    app = recursive("/app1" => @app1,
+                    "/app3" => @app3,
+                    "/app4" => @app4)
 
     res = Rack::MockRequest.new(app).get("/app3")
     res.should.be.ok

data/test/spec_request.rb

@@ -411,9 +411,9 @@ describe Rack::Request do
     req.cookies.should.equal 'foo' => 'bar'
   end
 
-  should "raise any errors on every request" do
+  should "pass through non-uri escaped cookies as-is" do
     req = Rack::Request.new Rack::MockRequest.env_for("", "HTTP_COOKIE" => "foo=%")
-    2.times { proc { req.cookies }.should.raise(ArgumentError) }
+    req.cookies["foo"].should == "%"
   end
 
   should "parse cookies according to RFC 2109" do

data/test/spec_response.rb

@@ -280,4 +280,34 @@ describe Rack::Response do
     res.close
     res.body.should.be.closed
   end
+
+  it "calls close on #body when 204, 205, or 304" do
+    res = Rack::Response.new
+    res.body = StringIO.new
+    res.finish
+    res.body.should.not.be.closed
+
+    res.status = 204
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+
+    res.body = StringIO.new
+    res.status = 205
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+
+    res.body = StringIO.new
+    res.status = 304
+    _, _, b = res.finish
+    res.body.should.be.closed
+    b.should.not == res.body
+  end
+
+  it "wraps the body from #to_ary to prevent infinite loops" do
+    res = Rack::Response.new
+    res.finish.last.should.not.respond_to?(:to_ary)
+    lambda { res.finish.last.to_ary }.should.raise(NoMethodError)
+  end
 end

data/test/spec_runtime.rb

@@ -1,27 +1,37 @@
+require 'rack/lint'
+require 'rack/mock'
 require 'rack/runtime'
 
 describe Rack::Runtime do
+  def runtime_app(app, *args)
+    Rack::Lint.new Rack::Runtime.new(app, *args)
+  end
+  
+  def request
+    Rack::MockRequest.env_for
+  end
+  
   it "sets X-Runtime is none is set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    response = Rack::Runtime.new(app).call({})
+    response = runtime_app(app).call(request)
     response[1]['X-Runtime'].should =~ /[\d\.]+/
   end
 
   it "doesn't set the X-Runtime if it is already set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain', "X-Runtime" => "foobar"}, "Hello, World!"] }
-    response = Rack::Runtime.new(app).call({})
+    response = runtime_app(app).call(request)
     response[1]['X-Runtime'].should == "foobar"
   end
 
   should "allow a suffix to be set" do
     app = lambda { |env| [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    response = Rack::Runtime.new(app, "Test").call({})
+    response = runtime_app(app, "Test").call(request)
     response[1]['X-Runtime-Test'].should =~ /[\d\.]+/
   end
 
   should "allow multiple timers to be set" do
     app = lambda { |env| sleep 0.1; [200, {'Content-Type' => 'text/plain'}, "Hello, World!"] }
-    runtime = Rack::Runtime.new(app, "App")
+    runtime = runtime_app(app, "App")
 
     # wrap many times to guarantee a measurable difference
     100.times do |i|
@@ -29,7 +39,7 @@ describe Rack::Runtime do
     end
     runtime = Rack::Runtime.new(runtime, "All")
 
-    response = runtime.call({})
+    response = runtime.call(request)
 
     response[1]['X-Runtime-App'].should =~ /[\d\.]+/
     response[1]['X-Runtime-All'].should =~ /[\d\.]+/

data/test/spec_sendfile.rb

@@ -1,5 +1,8 @@
+require 'fileutils'
+require 'rack/lint'
 require 'rack/sendfile'
 require 'rack/mock'
+require 'tmpdir'
 
 describe Rack::File do
   should "respond to #to_path" do
@@ -9,8 +12,9 @@ end
 
 describe Rack::Sendfile do
   def sendfile_body
+    FileUtils.touch File.join(Dir.tmpdir,  "rack_sendfile")
     res = ['Hello World']
-    def res.to_path ; "/tmp/hello.txt" ; end
+    def res.to_path ; File.join(Dir.tmpdir,  "rack_sendfile") ; end
     res
   end
 
@@ -19,7 +23,7 @@ describe Rack::Sendfile do
   end
 
   def sendfile_app(body=sendfile_body)
-    Rack::Sendfile.new(simple_app(body))
+    Rack::Lint.new Rack::Sendfile.new(simple_app(body))
   end
 
   @request = Rack::MockRequest.new(sendfile_app)
@@ -40,8 +44,8 @@ describe Rack::Sendfile do
     request 'HTTP_X_SENDFILE_TYPE' => 'X-Sendfile' do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Sendfile'].should.equal '/tmp/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Sendfile'].should.equal File.join(Dir.tmpdir,  "rack_sendfile")
     end
   end
 
@@ -49,21 +53,21 @@ describe Rack::Sendfile do
     request 'HTTP_X_SENDFILE_TYPE' => 'X-Lighttpd-Send-File' do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Lighttpd-Send-File'].should.equal '/tmp/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Lighttpd-Send-File'].should.equal File.join(Dir.tmpdir,  "rack_sendfile")
     end
   end
 
   it "sets X-Accel-Redirect response header and discards body" do
     headers = {
       'HTTP_X_SENDFILE_TYPE' => 'X-Accel-Redirect',
-      'HTTP_X_ACCEL_MAPPING' => '/tmp/=/foo/bar/'
+      'HTTP_X_ACCEL_MAPPING' => "#{Dir.tmpdir}/=/foo/bar/"
     }
     request headers do |response|
       response.should.be.ok
       response.body.should.be.empty
-      response.headers['Content-Length'].should == '0'
-      response.headers['X-Accel-Redirect'].should.equal '/foo/bar/hello.txt'
+      response.headers['Content-Length'].should.equal '0'
+      response.headers['X-Accel-Redirect'].should.equal '/foo/bar/rack_sendfile'
     end
   end
 

data/test/spec_server.rb

@@ -10,6 +10,13 @@ describe Rack::Server do
     lambda { |env| [200, {'Content-Type' => 'text/plain'}, ['success']] }
   end
 
+  def with_stderr
+    old, $stderr = $stderr, StringIO.new
+    yield $stderr
+  ensure
+    $stderr = old
+  end
+
   it "overrides :config if :app is passed in" do
     server = Rack::Server.new(:app => "FOO")
     server.app.should == "FOO"
@@ -71,4 +78,44 @@ describe Rack::Server do
     open(pidfile) { |f| f.read.should.eql $$.to_s }
   end
 
+  should "check pid file presence and running process" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write($$); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :running
+  end
+
+  should "check pid file presence and dead process" do
+    dead_pid = `echo $$`.to_i
+    pidfile = Tempfile.open('pidfile') { |f| f.write(dead_pid); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :dead
+  end
+
+  should "check pid file presence and exited process" do
+    pidfile = Tempfile.open('pidfile') { |f| break f }.path
+    ::File.delete(pidfile)
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :exited
+  end
+
+  should "check pid file presence and not owned process" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    server.send(:pidfile_process_status).should.eql :not_owned
+  end
+
+  should "inform the user about existing pidfiles with running processes" do
+    pidfile = Tempfile.open('pidfile') { |f| f.write(1); break f }.path
+    server = Rack::Server.new(:pid => pidfile)
+    with_stderr do |err|
+      should.raise(SystemExit) do
+        server.start
+      end
+      err.rewind
+      output = err.read
+      output.should.match(/already running/)
+      output.should.include? pidfile
+    end
+  end
+
 end

data/test/spec_session_cookie.rb

@@ -1,4 +1,5 @@
 require 'rack/session/cookie'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::Session::Cookie do
@@ -9,7 +10,7 @@ describe Rack::Session::Cookie do
     hash.delete("session_id")
     Rack::Response.new(hash.inspect).to_a
   end
-
+  
   session_id = lambda do |env|
     Rack::Response.new(env["rack.session"].to_hash.inspect).to_a
   end
@@ -24,6 +25,50 @@ describe Rack::Session::Cookie do
     Rack::Response.new("Nothing").to_a
   end
 
+  renewer = lambda do |env|
+    env["rack.session.options"][:renew] = true
+    Rack::Response.new("Nothing").to_a
+  end
+
+  only_session_id = lambda do |env|
+    Rack::Response.new(env["rack.session"]["session_id"].to_s).to_a
+  end
+
+  bigcookie = lambda do |env|
+    env["rack.session"]["cookie"] = "big" * 3000
+    Rack::Response.new(env["rack.session"].inspect).to_a
+  end
+
+  destroy_session = lambda do |env|
+    env["rack.session"].destroy
+    Rack::Response.new("Nothing").to_a
+  end
+
+  def response_for(options={})
+    request_options = options.fetch(:request, {})
+    cookie = if options[:cookie].is_a?(Rack::Response)
+      options[:cookie]["Set-Cookie"]
+    else
+      options[:cookie]
+    end
+    request_options["HTTP_COOKIE"] = cookie || ""
+
+    app_with_cookie = Rack::Session::Cookie.new(*options[:app])
+    app_with_cookie = Rack::Lint.new(app_with_cookie)
+    Rack::MockRequest.new(app_with_cookie).get("/", request_options)
+  end
+
+  before do
+    @warnings = warnings = []
+    Rack::Session::Cookie.class_eval do
+      define_method(:warn) { |m| warnings << m }
+    end
+  end
+
+  after do
+    Rack::Session::Cookie.class_eval { remove_method :warn }
+  end
+
   describe 'Base64' do
     it 'uses base64 to encode' do
       coder = Rack::Session::Cookie::Base64.new
@@ -57,6 +102,14 @@ describe Rack::Session::Cookie do
     end
   end
 
+  it "warns if no secret is given" do
+    cookie = Rack::Session::Cookie.new(incrementor)
+    @warnings.first.should =~ /no secret/i
+    @warnings.clear
+    cookie = Rack::Session::Cookie.new(incrementor, :secret => 'abc')
+    @warnings.should.be.empty?
+  end
+
   it 'uses a coder' do
     identity = Class.new {
       attr_reader :calls
@@ -291,4 +344,18 @@ describe Rack::Session::Cookie do
     res = Rack::MockRequest.new(app).get("/", 'rack.session' => {:foo => 'bar'})
     res.body.should.match(/foo/)
   end
+
+  it "allows modifying session data with session data from middleware in front" do
+    request = { 'rack.session' => { :foo => 'bar' }}
+    response = response_for(:app => incrementor, :request => request)
+    response.body.should.match(/counter/)
+    response.body.should.match(/foo/)
+  end
+
+  it "allows modifying session data with session data from middleware in front" do
+    request = { 'rack.session' => { :foo => 'bar' }}
+    response = response_for(:app => incrementor, :request => request)
+    response.body.should.match(/counter/)
+    response.body.should.match(/foo/)
+  end
 end

data/test/spec_session_memcache.rb

@@ -1,5 +1,6 @@
 begin
   require 'rack/session/memcache'
+  require 'rack/lint'
   require 'rack/mock'
   require 'thread'
 
@@ -11,22 +12,23 @@ begin
       env["rack.session"]["counter"] += 1
       Rack::Response.new(env["rack.session"].inspect).to_a
     end
-    drop_session = proc do |env|
+    drop_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:drop] = true
       incrementor.call(env)
-    end
-    renew_session = proc do |env|
+    end)
+    renew_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:renew] = true
       incrementor.call(env)
-    end
-    defer_session = proc do |env|
+    end)
+    defer_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:defer] = true
       incrementor.call(env)
-    end
-    skip_session = proc do |env|
+    end)
+    skip_session = Rack::Lint.new(proc do |env|
       env['rack.session.options'][:skip] = true
       incrementor.call(env)
-    end
+    end)
+    incrementor = Rack::Lint.new(incrementor)
 
     # test memcache connection
     Rack::Session::Memcache.new(incrementor)

data/test/spec_session_pool.rb

@@ -1,4 +1,5 @@
 require 'thread'
+require 'rack/lint'
 require 'rack/mock'
 require 'rack/session/pool'
 
@@ -12,28 +13,30 @@ describe Rack::Session::Pool do
     Rack::Response.new(env["rack.session"].inspect).to_a
   end
 
-  session_id = lambda do |env|
+  session_id = Rack::Lint.new(lambda do |env|
     Rack::Response.new(env["rack.session"].inspect).to_a
-  end
+  end)
 
-  nothing = lambda do |env|
+  nothing = Rack::Lint.new(lambda do |env|
     Rack::Response.new("Nothing").to_a
-  end
+  end)
 
-  drop_session = lambda do |env|
+  drop_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:drop] = true
     incrementor.call(env)
-  end
+  end)
 
-  renew_session = lambda do |env|
+  renew_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:renew] = true
     incrementor.call(env)
-  end
+  end)
 
-  defer_session = lambda do |env|
+  defer_session = Rack::Lint.new(lambda do |env|
     env['rack.session.options'][:defer] = true
     incrementor.call(env)
-  end
+  end)
+  
+  incrementor = Rack::Lint.new(incrementor)
 
   it "creates a new cookie" do
     pool = Rack::Session::Pool.new(incrementor)

data/test/spec_showexceptions.rb

@@ -1,12 +1,17 @@
 require 'rack/showexceptions'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::ShowExceptions do
+  def show_exceptions(app)
+    Rack::Lint.new Rack::ShowExceptions.new(app)
+  end
+  
   it "catches exceptions" do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError }
     ))
 
@@ -25,7 +30,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "It was never supposed to work" }
     ))
 
@@ -46,7 +51,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "It was never supposed to work" }
     ))
 
@@ -68,7 +73,7 @@ describe Rack::ShowExceptions do
     res = nil
 
     req = Rack::MockRequest.new(
-      Rack::ShowExceptions.new(
+      show_exceptions(
         lambda{|env| raise RuntimeError, "", [] }
       )
     )

data/test/spec_showstatus.rb

@@ -1,10 +1,15 @@
 require 'rack/showstatus'
+require 'rack/lint'
 require 'rack/mock'
 
 describe Rack::ShowStatus do
+  def show_status(app)
+    Rack::Lint.new Rack::ShowStatus.new(app)
+  end
+  
   should "provide a default status message" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(lambda{|env|
+      show_status(lambda{|env|
         [404, {"Content-Type" => "text/plain", "Content-Length" => "0"}, []]
     }))
 
@@ -19,7 +24,7 @@ describe Rack::ShowStatus do
 
   should "let the app provide additional information" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           env["rack.showstatus.detail"] = "gone too meta."
           [404, {"Content-Type" => "text/plain", "Content-Length" => "0"}, []]
@@ -37,7 +42,7 @@ describe Rack::ShowStatus do
 
   should "not replace existing messages" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           [404, {"Content-Type" => "text/plain", "Content-Length" => "4"}, ["foo!"]]
     }))
@@ -52,7 +57,7 @@ describe Rack::ShowStatus do
     headers = {"WWW-Authenticate" => "Basic blah"}
 
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(lambda{|env| [401, headers, []] }))
+      show_status(lambda{|env| [401, headers, []] }))
     res = req.get("/", :lint => true)
 
     res["WWW-Authenticate"].should.equal("Basic blah")
@@ -60,7 +65,7 @@ describe Rack::ShowStatus do
 
   should "replace existing messages if there is detail" do
     req = Rack::MockRequest.new(
-      Rack::ShowStatus.new(
+      show_status(
         lambda{|env|
           env["rack.showstatus.detail"] = "gone too meta."
           [404, {"Content-Type" => "text/plain", "Content-Length" => "4"}, ["foo!"]]