RubyGems - rack - Versions diffs - 2.0.7 → 2.2.4 - Mend

rack 2.0.7 → 2.2.4

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (190) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +708 -0
data/CONTRIBUTING.md +136 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +152 -148
data/Rakefile +37 -23
data/{SPEC → SPEC.rdoc} +35 -10
data/bin/rackup +1 -0
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +3 -1
data/example/protectedlobster.ru +2 -0
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +1 -1
data/lib/rack/auth/basic.rb +7 -4
data/lib/rack/auth/digest/md5.rb +13 -11
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +4 -2
data/lib/rack/auth/digest/request.rb +5 -3
data/lib/rack/body_proxy.rb +15 -14
data/lib/rack/builder.rb +116 -23
data/lib/rack/cascade.rb +28 -12
data/lib/rack/chunked.rb +68 -20
data/lib/rack/common_logger.rb +36 -25
data/lib/rack/conditional_get.rb +20 -16
data/lib/rack/config.rb +2 -0
data/lib/rack/content_length.rb +8 -7
data/lib/rack/content_type.rb +5 -4
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +59 -34
data/lib/rack/directory.rb +84 -64
data/lib/rack/etag.rb +7 -4
data/lib/rack/events.rb +19 -20
data/lib/rack/file.rb +4 -173
data/lib/rack/files.rb +218 -0
data/lib/rack/handler/cgi.rb +2 -3
data/lib/rack/handler/fastcgi.rb +4 -4
data/lib/rack/handler/lsws.rb +3 -3
data/lib/rack/handler/scgi.rb +9 -8
data/lib/rack/handler/thin.rb +3 -3
data/lib/rack/handler/webrick.rb +15 -6
data/lib/rack/handler.rb +7 -2
data/lib/rack/head.rb +1 -1
data/lib/rack/lint.rb +72 -26
data/lib/rack/lobster.rb +10 -10
data/lib/rack/lock.rb +2 -1
data/lib/rack/logger.rb +2 -0
data/lib/rack/media_type.rb +10 -5
data/lib/rack/method_override.rb +4 -2
data/lib/rack/mime.rb +9 -1
data/lib/rack/mock.rb +97 -20
data/lib/rack/multipart/generator.rb +17 -13
data/lib/rack/multipart/parser.rb +56 -57
data/lib/rack/multipart/uploaded_file.rb +15 -7
data/lib/rack/multipart.rb +5 -4
data/lib/rack/null_logger.rb +2 -0
data/lib/rack/query_parser.rb +59 -30
data/lib/rack/recursive.rb +7 -5
data/lib/rack/reloader.rb +8 -4
data/lib/rack/request.rb +220 -61
data/lib/rack/response.rb +127 -44
data/lib/rack/rewindable_input.rb +4 -3
data/lib/rack/runtime.rb +6 -4
data/lib/rack/sendfile.rb +13 -9
data/lib/rack/server.rb +95 -24
data/lib/rack/session/abstract/id.rb +100 -22
data/lib/rack/session/cookie.rb +22 -14
data/lib/rack/session/memcache.rb +4 -87
data/lib/rack/session/pool.rb +18 -9
data/lib/rack/show_exceptions.rb +21 -17
data/lib/rack/show_status.rb +9 -9
data/lib/rack/static.rb +23 -11
data/lib/rack/tempfile_reaper.rb +1 -1
data/lib/rack/urlmap.rb +12 -6
data/lib/rack/utils.rb +107 -111
data/lib/rack/version.rb +29 -0
data/lib/rack.rb +67 -73
data/rack.gemspec +40 -28
metadata +36 -178
data/HISTORY.md +0 -505
data/test/builder/an_underscore_app.rb +0 -5
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -9
data/test/cgi/test.gz +0 -0
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/helper.rb +0 -34
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_encoded_words +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_single_quote +0 -7
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/quoted +0 -15
data/test/multipart/rack-logo.png +0 -0
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/unity3d_wwwform +0 -11
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -89
data/test/spec_auth_digest.rb +0 -260
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -233
data/test/spec_cascade.rb +0 -63
data/test/spec_cgi.rb +0 -84
data/test/spec_chunked.rb +0 -103
data/test/spec_common_logger.rb +0 -95
data/test/spec_conditional_get.rb +0 -103
data/test/spec_config.rb +0 -23
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -46
data/test/spec_deflater.rb +0 -375
data/test/spec_directory.rb +0 -148
data/test/spec_etag.rb +0 -108
data/test/spec_events.rb +0 -133
data/test/spec_fastcgi.rb +0 -85
data/test/spec_file.rb +0 -264
data/test/spec_handler.rb +0 -57
data/test/spec_head.rb +0 -46
data/test/spec_lint.rb +0 -515
data/test/spec_lobster.rb +0 -59
data/test/spec_lock.rb +0 -204
data/test/spec_logger.rb +0 -24
data/test/spec_media_type.rb +0 -42
data/test/spec_method_override.rb +0 -110
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -359
data/test/spec_multipart.rb +0 -722
data/test/spec_null_logger.rb +0 -21
data/test/spec_recursive.rb +0 -75
data/test/spec_request.rb +0 -1407
data/test/spec_response.rb +0 -510
data/test/spec_rewindable_input.rb +0 -128
data/test/spec_runtime.rb +0 -50
data/test/spec_sendfile.rb +0 -125
data/test/spec_server.rb +0 -193
data/test/spec_session_abstract_id.rb +0 -31
data/test/spec_session_abstract_session_hash.rb +0 -45
data/test/spec_session_cookie.rb +0 -442
data/test/spec_session_memcache.rb +0 -320
data/test/spec_session_pool.rb +0 -210
data/test/spec_show_exceptions.rb +0 -93
data/test/spec_show_status.rb +0 -104
data/test/spec_static.rb +0 -184
data/test/spec_tempfile_reaper.rb +0 -64
data/test/spec_thin.rb +0 -96
data/test/spec_urlmap.rb +0 -237
data/test/spec_utils.rb +0 -742
data/test/spec_version.rb +0 -11
data/test/spec_webrick.rb +0 -206
data/test/static/another/index.html +0 -1
data/test/static/foo.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/test/spec_session_cookie.rb DELETED Viewed

@@ -1,442 +0,0 @@
-require 'minitest/autorun'
-require 'rack/session/cookie'
-require 'rack/lint'
-require 'rack/mock'
-describe Rack::Session::Cookie do
-  incrementor = lambda do |env|
-    env["rack.session"]["counter"] ||= 0
-    env["rack.session"]["counter"] += 1
-    hash = env["rack.session"].dup
-    hash.delete("session_id")
-    Rack::Response.new(hash.inspect).to_a
-  end
-  session_id = lambda do |env|
-    Rack::Response.new(env["rack.session"].to_hash.inspect).to_a
-  end
-  session_option = lambda do |opt|
-    lambda do |env|
-      Rack::Response.new(env["rack.session.options"][opt].inspect).to_a
-    end
-  end
-  nothing = lambda do |env|
-    Rack::Response.new("Nothing").to_a
-  end
-  renewer = lambda do |env|
-    env["rack.session.options"][:renew] = true
-    Rack::Response.new("Nothing").to_a
-  end
-  only_session_id = lambda do |env|
-    Rack::Response.new(env["rack.session"]["session_id"].to_s).to_a
-  end
-  bigcookie = lambda do |env|
-    env["rack.session"]["cookie"] = "big" * 3000
-    Rack::Response.new(env["rack.session"].inspect).to_a
-  end
-  destroy_session = lambda do |env|
-    env["rack.session"].destroy
-    Rack::Response.new("Nothing").to_a
-  end
-  def response_for(options={})
-    request_options = options.fetch(:request, {})
-    cookie = if options[:cookie].is_a?(Rack::Response)
-      options[:cookie]["Set-Cookie"]
-    else
-      options[:cookie]
-    end
-    request_options["HTTP_COOKIE"] = cookie || ""
-    app_with_cookie = Rack::Session::Cookie.new(*options[:app])
-    app_with_cookie = Rack::Lint.new(app_with_cookie)
-    Rack::MockRequest.new(app_with_cookie).get("/", request_options)
-  end
-  before do
-    @warnings = warnings = []
-    Rack::Session::Cookie.class_eval do
-      define_method(:warn) { |m| warnings << m }
-    end
-  end
-  after do
-    Rack::Session::Cookie.class_eval { remove_method :warn }
-  end
-  describe 'Base64' do
-    it 'uses base64 to encode' do
-      coder = Rack::Session::Cookie::Base64.new
-      str   = 'fuuuuu'
-      coder.encode(str).must_equal [str].pack('m')
-    end
-    it 'uses base64 to decode' do
-      coder = Rack::Session::Cookie::Base64.new
-      str   = ['fuuuuu'].pack('m')
-      coder.decode(str).must_equal str.unpack('m').first
-    end
-    describe 'Marshal' do
-      it 'marshals and base64 encodes' do
-        coder = Rack::Session::Cookie::Base64::Marshal.new
-        str   = 'fuuuuu'
-        coder.encode(str).must_equal [::Marshal.dump(str)].pack('m')
-      end
-      it 'marshals and base64 decodes' do
-        coder = Rack::Session::Cookie::Base64::Marshal.new
-        str   = [::Marshal.dump('fuuuuu')].pack('m')
-        coder.decode(str).must_equal ::Marshal.load(str.unpack('m').first)
-      end
-      it 'rescues failures on decode' do
-        coder = Rack::Session::Cookie::Base64::Marshal.new
-        coder.decode('lulz').must_be_nil
-      end
-    end
-    describe 'JSON' do
-      it 'JSON and base64 encodes' do
-        coder = Rack::Session::Cookie::Base64::JSON.new
-        obj   = %w[fuuuuu]
-        coder.encode(obj).must_equal [::JSON.dump(obj)].pack('m')
-      end
-      it 'JSON and base64 decodes' do
-        coder = Rack::Session::Cookie::Base64::JSON.new
-        str   = [::JSON.dump(%w[fuuuuu])].pack('m')
-        coder.decode(str).must_equal ::JSON.parse(str.unpack('m').first)
-      end
-      it 'rescues failures on decode' do
-        coder = Rack::Session::Cookie::Base64::JSON.new
-        coder.decode('lulz').must_be_nil
-      end
-    end
-    describe 'ZipJSON' do
-      it 'jsons, deflates, and base64 encodes' do
-        coder = Rack::Session::Cookie::Base64::ZipJSON.new
-        obj   = %w[fuuuuu]
-        json = JSON.dump(obj)
-        coder.encode(obj).must_equal [Zlib::Deflate.deflate(json)].pack('m')
-      end
-      it 'base64 decodes, inflates, and decodes json' do
-        coder = Rack::Session::Cookie::Base64::ZipJSON.new
-        obj   = %w[fuuuuu]
-        json  = JSON.dump(obj)
-        b64   = [Zlib::Deflate.deflate(json)].pack('m')
-        coder.decode(b64).must_equal obj
-      end
-      it 'rescues failures on decode' do
-        coder = Rack::Session::Cookie::Base64::ZipJSON.new
-        coder.decode('lulz').must_be_nil
-      end
-    end
-  end
-  it "warns if no secret is given" do
-    Rack::Session::Cookie.new(incrementor)
-    @warnings.first.must_match(/no secret/i)
-    @warnings.clear
-    Rack::Session::Cookie.new(incrementor, :secret => 'abc')
-    @warnings.must_be :empty?
-  end
-  it "doesn't warn if coder is configured to handle encoding" do
-    Rack::Session::Cookie.new(
-      incrementor,
-      :coder => Object.new,
-      :let_coder_handle_secure_encoding => true)
-    @warnings.must_be :empty?
-  end
-  it "still warns if coder is not set" do
-    Rack::Session::Cookie.new(
-      incrementor,
-      :let_coder_handle_secure_encoding => true)
-    @warnings.first.must_match(/no secret/i)
-  end
-  it 'uses a coder' do
-    identity = Class.new {
-      attr_reader :calls
-      def initialize
-        @calls = []
-      end
-      def encode(str); @calls << :encode; str; end
-      def decode(str); @calls << :decode; str; end
-    }.new
-    response = response_for(:app => [incrementor, { :coder => identity }])
-    response["Set-Cookie"].must_include "rack.session="
-    response.body.must_equal '{"counter"=>1}'
-    identity.calls.must_equal [:decode, :encode]
-  end
-  it "creates a new cookie" do
-    response = response_for(:app => incrementor)
-    response["Set-Cookie"].must_include "rack.session="
-    response.body.must_equal '{"counter"=>1}'
-  end
-  it "loads from a cookie" do
-    response = response_for(:app => incrementor)
-    response = response_for(:app => incrementor, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    response = response_for(:app => incrementor, :cookie => response)
-    response.body.must_equal '{"counter"=>3}'
-  end
-  it "renew session id" do
-    response = response_for(:app => incrementor)
-    cookie   = response['Set-Cookie']
-    response = response_for(:app => only_session_id, :cookie => cookie)
-    cookie   = response['Set-Cookie'] if response['Set-Cookie']
-    response.body.wont_equal ""
-    old_session_id = response.body
-    response = response_for(:app => renewer, :cookie => cookie)
-    cookie   = response['Set-Cookie'] if response['Set-Cookie']
-    response = response_for(:app => only_session_id, :cookie => cookie)
-    response.body.wont_equal ""
-    response.body.wont_equal old_session_id
-  end
-  it "destroys session" do
-    response = response_for(:app => incrementor)
-    response = response_for(:app => only_session_id, :cookie => response)
-    response.body.wont_equal ""
-    old_session_id = response.body
-    response = response_for(:app => destroy_session, :cookie => response)
-    response = response_for(:app => only_session_id, :cookie => response)
-    response.body.wont_equal ""
-    response.body.wont_equal old_session_id
-  end
-  it "survives broken cookies" do
-    response = response_for(
-      :app => incrementor,
-      :cookie => "rack.session=blarghfasel"
-    )
-    response.body.must_equal '{"counter"=>1}'
-    response = response_for(
-      :app => [incrementor, { :secret => "test" }],
-      :cookie => "rack.session="
-    )
-    response.body.must_equal '{"counter"=>1}'
-  end
-  it "barks on too big cookies" do
-    lambda{
-      response_for(:app => bigcookie, :request => { :fatal => true })
-    }.must_raise Rack::MockRequest::FatalWarning
-  end
-  it "loads from a cookie with integrity hash" do
-    app = [incrementor, { :secret => "test" }]
-    response = response_for(:app => app)
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>3}'
-    app = [incrementor, { :secret => "other" }]
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>1}'
-  end
-  it "loads from a cookie with accept-only integrity hash for graceful key rotation" do
-    response = response_for(:app => [incrementor, { :secret => "test" }])
-    app = [incrementor, { :secret => "test2", :old_secret => "test" }]
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    app = [incrementor, { :secret => "test3", :old_secret => "test2" }]
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>3}'
-  end
-  it "ignores tampered with session cookies" do
-    app = [incrementor, { :secret => "test" }]
-    response = response_for(:app => app)
-    response.body.must_equal '{"counter"=>1}'
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    _, digest = response["Set-Cookie"].split("--")
-    tampered_with_cookie = "hackerman-was-here" + "--" + digest
-    response = response_for(:app => app, :cookie => tampered_with_cookie)
-    response.body.must_equal '{"counter"=>1}'
-  end
-  it "supports either of secret or old_secret" do
-    app = [incrementor, { :secret => "test" }]
-    response = response_for(:app => app)
-    response.body.must_equal '{"counter"=>1}'
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    app = [incrementor, { :old_secret => "test" }]
-    response = response_for(:app => app)
-    response.body.must_equal '{"counter"=>1}'
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-  end
-  it "supports custom digest class" do
-    app = [incrementor, { :secret => "test", hmac: OpenSSL::Digest::SHA256 }]
-    response = response_for(:app => app)
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>2}'
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>3}'
-    app = [incrementor, { :secret => "other" }]
-    response = response_for(:app => app, :cookie => response)
-    response.body.must_equal '{"counter"=>1}'
-  end
-  it "can handle Rack::Lint middleware" do
-    response = response_for(:app => incrementor)
-    lint = Rack::Lint.new(session_id)
-    response = response_for(:app => lint, :cookie => response)
-    response.body.wont_be :nil?
-  end
-  it "can handle middleware that inspects the env" do
-    class TestEnvInspector
-      def initialize(app)
-        @app = app
-      end
-      def call(env)
-        env.inspect
-        @app.call(env)
-      end
-    end
-    response = response_for(:app => incrementor)
-    inspector = TestEnvInspector.new(session_id)
-    response = response_for(:app => inspector, :cookie => response)
-    response.body.wont_be :nil?
-  end
-  it "returns the session id in the session hash" do
-    response = response_for(:app => incrementor)
-    response.body.must_equal '{"counter"=>1}'
-    response = response_for(:app => session_id, :cookie => response)
-    response.body.must_match(/"session_id"=>/)
-    response.body.must_match(/"counter"=>1/)
-  end
-  it "does not return a cookie if set to secure but not using ssl" do
-    app = [incrementor, { :secure => true }]
-    response = response_for(:app => app)
-    response["Set-Cookie"].must_be_nil
-    response = response_for(:app => app, :request => { "HTTPS" => "on" })
-    response["Set-Cookie"].wont_be :nil?
-    response["Set-Cookie"].must_match(/secure/)
-  end
-  it "does not return a cookie if cookie was not read/written" do
-    response = response_for(:app => nothing)
-    response["Set-Cookie"].must_be_nil
-  end
-  it "does not return a cookie if cookie was not written (only read)" do
-    response = response_for(:app => session_id)
-    response["Set-Cookie"].must_be_nil
-  end
-  it "returns even if not read/written if :expire_after is set" do
-    app = [nothing, { :expire_after => 3600 }]
-    request = { "rack.session" => { "not" => "empty" }}
-    response = response_for(:app => app, :request => request)
-    response["Set-Cookie"].wont_be :nil?
-  end
-  it "returns no cookie if no data was written and no session was created previously, even if :expire_after is set" do
-    app = [nothing, { :expire_after => 3600 }]
-    response = response_for(:app => app)
-    response["Set-Cookie"].must_be_nil
-  end
-  it "exposes :secret in env['rack.session.option']" do
-    response = response_for(:app => [session_option[:secret], { :secret => "foo" }])
-    response.body.must_equal '"foo"'
-  end
-  it "exposes :coder in env['rack.session.option']" do
-    response = response_for(:app => session_option[:coder])
-    response.body.must_match(/Base64::Marshal/)
-  end
-  it "allows passing in a hash with session data from middleware in front" do
-    request = { 'rack.session' => { :foo => 'bar' }}
-    response = response_for(:app => session_id, :request => request)
-    response.body.must_match(/foo/)
-  end
-  it "allows modifying session data with session data from middleware in front" do
-    request = { 'rack.session' => { :foo => 'bar' }}
-    response = response_for(:app => incrementor, :request => request)
-    response.body.must_match(/counter/)
-    response.body.must_match(/foo/)
-  end
-  it "allows more than one '--' in the cookie when calculating digests" do
-    @counter = 0
-    app = lambda do |env|
-      env["rack.session"]["message"] ||= ""
-      env["rack.session"]["message"] << "#{(@counter += 1).to_s}--"
-      hash = env["rack.session"].dup
-      hash.delete("session_id")
-      Rack::Response.new(hash["message"]).to_a
-    end
-    # another example of an unsafe coder is Base64.urlsafe_encode64
-    unsafe_coder = Class.new {
-      def encode(hash); hash.inspect end
-      def decode(str); eval(str) if str; end
-    }.new
-    _app = [ app, { :secret => "test", :coder => unsafe_coder } ]
-    response = response_for(:app => _app)
-    response.body.must_equal "1--"
-    response = response_for(:app => _app, :cookie => response)
-    response.body.must_equal "1--2--"
-  end
-end