rails-prg 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.cane +4 -0
- data/.gitignore +19 -0
- data/.rspec +3 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +44 -0
- data/Rakefile +38 -0
- data/lib/rails-prg.rb +5 -0
- data/lib/rails/prg.rb +8 -0
- data/lib/rails/prg/railtie.rb +13 -0
- data/lib/rails/prg/redirected_object_controller.rb +84 -0
- data/lib/rails/prg/version.rb +5 -0
- data/lib/tasks/quality.rake +15 -0
- data/rails-prg.gemspec +43 -0
- data/script/spec +22 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/images/.keep +0 -0
- data/spec/dummy/app/assets/javascripts/application.js +13 -0
- data/spec/dummy/app/assets/javascripts/error_duplicator.js +2 -0
- data/spec/dummy/app/assets/javascripts/error_duplicators.js +2 -0
- data/spec/dummy/app/assets/javascripts/example_prgs.js +2 -0
- data/spec/dummy/app/assets/javascripts/post_redirect_gets.js +2 -0
- data/spec/dummy/app/assets/javascripts/test_objects.js +2 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/assets/stylesheets/error_duplicator.css +4 -0
- data/spec/dummy/app/assets/stylesheets/error_duplicators.css +4 -0
- data/spec/dummy/app/assets/stylesheets/example_prgs.css +4 -0
- data/spec/dummy/app/assets/stylesheets/post_redirect_gets.css +4 -0
- data/spec/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/spec/dummy/app/assets/stylesheets/test_objects.css +4 -0
- data/spec/dummy/app/controllers/application_controller.rb +19 -0
- data/spec/dummy/app/controllers/concerns/.keep +0 -0
- data/spec/dummy/app/controllers/error_duplicators_controller.rb +64 -0
- data/spec/dummy/app/controllers/example_prgs_controller.rb +74 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/helpers/error_duplicators_helper.rb +2 -0
- data/spec/dummy/app/helpers/example_prgs_helper.rb +2 -0
- data/spec/dummy/app/mailers/.keep +0 -0
- data/spec/dummy/app/models/.keep +0 -0
- data/spec/dummy/app/models/concerns/.keep +0 -0
- data/spec/dummy/app/models/error_duplicator.rb +3 -0
- data/spec/dummy/app/models/example_prg.rb +3 -0
- data/spec/dummy/app/views/error_duplicators/_form.html.erb +29 -0
- data/spec/dummy/app/views/error_duplicators/edit.html.erb +6 -0
- data/spec/dummy/app/views/error_duplicators/index.html.erb +31 -0
- data/spec/dummy/app/views/error_duplicators/new.html.erb +5 -0
- data/spec/dummy/app/views/error_duplicators/show.html.erb +19 -0
- data/spec/dummy/app/views/example_prgs/_form.html.erb +29 -0
- data/spec/dummy/app/views/example_prgs/edit.html.erb +6 -0
- data/spec/dummy/app/views/example_prgs/index.html.erb +31 -0
- data/spec/dummy/app/views/example_prgs/new.html.erb +5 -0
- data/spec/dummy/app/views/example_prgs/show.html.erb +19 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +29 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +29 -0
- data/spec/dummy/config/environments/production.rb +80 -0
- data/spec/dummy/config/environments/test.rb +36 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +12 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +4 -0
- data/spec/dummy/db/migrate/20140225004609_create_error_duplicators.rb +12 -0
- data/spec/dummy/db/migrate/20140225070319_create_example_prgs.rb +12 -0
- data/spec/dummy/db/schema.rb +36 -0
- data/spec/dummy/db/structure.sql +9 -0
- data/spec/dummy/lib/assets/.keep +0 -0
- data/spec/dummy/public/404.html +58 -0
- data/spec/dummy/public/422.html +58 -0
- data/spec/dummy/public/500.html +57 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/rails/prg/features/error_duplication_spec.rb +100 -0
- data/spec/rails/prg/features/redirected_objects_spec.rb +92 -0
- data/spec/rails/prg/redirected_object_controller_spec.rb +282 -0
- data/spec/spec_helper.rb +36 -0
- data/spec/support/selenium_display.rb +78 -0
- data/spec/support/use_selenium_display.rb +13 -0
- data/spec/support/use_simplecov.rb +30 -0
- metadata +392 -0
@@ -0,0 +1,56 @@
|
|
1
|
+
body { background-color: #fff; color: #333; }
|
2
|
+
|
3
|
+
body, p, ol, ul, td {
|
4
|
+
font-family: verdana, arial, helvetica, sans-serif;
|
5
|
+
font-size: 13px;
|
6
|
+
line-height: 18px;
|
7
|
+
}
|
8
|
+
|
9
|
+
pre {
|
10
|
+
background-color: #eee;
|
11
|
+
padding: 10px;
|
12
|
+
font-size: 11px;
|
13
|
+
}
|
14
|
+
|
15
|
+
a { color: #000; }
|
16
|
+
a:visited { color: #666; }
|
17
|
+
a:hover { color: #fff; background-color:#000; }
|
18
|
+
|
19
|
+
div.field, div.actions {
|
20
|
+
margin-bottom: 10px;
|
21
|
+
}
|
22
|
+
|
23
|
+
#notice {
|
24
|
+
color: green;
|
25
|
+
}
|
26
|
+
|
27
|
+
.field_with_errors {
|
28
|
+
padding: 2px;
|
29
|
+
background-color: red;
|
30
|
+
display: table;
|
31
|
+
}
|
32
|
+
|
33
|
+
#error_explanation {
|
34
|
+
width: 450px;
|
35
|
+
border: 2px solid red;
|
36
|
+
padding: 7px;
|
37
|
+
padding-bottom: 0;
|
38
|
+
margin-bottom: 20px;
|
39
|
+
background-color: #f0f0f0;
|
40
|
+
}
|
41
|
+
|
42
|
+
#error_explanation h2 {
|
43
|
+
text-align: left;
|
44
|
+
font-weight: bold;
|
45
|
+
padding: 5px 5px 5px 15px;
|
46
|
+
font-size: 12px;
|
47
|
+
margin: -7px;
|
48
|
+
margin-bottom: 0px;
|
49
|
+
background-color: #c00;
|
50
|
+
color: #fff;
|
51
|
+
}
|
52
|
+
|
53
|
+
#error_explanation ul li {
|
54
|
+
font-size: 12px;
|
55
|
+
list-style: square;
|
56
|
+
}
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class ApplicationController < ActionController::Base
|
2
|
+
# Prevent CSRF attacks by raising an exception.
|
3
|
+
# For APIs, you may want to use :null_session instead.
|
4
|
+
protect_from_forgery with: :exception
|
5
|
+
|
6
|
+
# Ensure application doesn't allow browser to store page in
|
7
|
+
# internal browser cache (and history)
|
8
|
+
def set_secure_environment
|
9
|
+
# As suggested in :
|
10
|
+
# * https://www.owasp.org/index.php/OWASP_Application_Security_FAQ
|
11
|
+
# * http://www.mnot.net/cache_docs/#CACHE-CONTROL
|
12
|
+
# no-store is vital for chrome to prevent caching of page values
|
13
|
+
# However, you must then use full POST-REDIRECT-GET for both success/errors
|
14
|
+
# and skip rails usual POST -> render errors pattern.
|
15
|
+
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
|
16
|
+
response.headers["Pragma"] = "no-cache"
|
17
|
+
response.headers["Expires"] = "-1"
|
18
|
+
end
|
19
|
+
end
|
File without changes
|
@@ -0,0 +1,64 @@
|
|
1
|
+
# Without Post-Redirect-Get pattern on error
|
2
|
+
# - > Standard Rails scaffold, this duplicates the error by showing:
|
3
|
+
# Create -> Secure environment -> render error, success, back -> Displays error
|
4
|
+
# Update -> Non-Secure environment -> render error, success, back -> No error
|
5
|
+
class ErrorDuplicatorsController < ApplicationController
|
6
|
+
before_action :set_error_duplicator, only: [:show, :edit, :update, :destroy]
|
7
|
+
|
8
|
+
before_filter :set_secure_environment, except: [:edit, :update]
|
9
|
+
|
10
|
+
# GET /error_duplicators
|
11
|
+
def index
|
12
|
+
@error_duplicators = ErrorDuplicator.all
|
13
|
+
end
|
14
|
+
|
15
|
+
# GET /error_duplicators/1
|
16
|
+
def show
|
17
|
+
end
|
18
|
+
|
19
|
+
# GET /error_duplicators/new
|
20
|
+
def new
|
21
|
+
@error_duplicator = ErrorDuplicator.new
|
22
|
+
end
|
23
|
+
|
24
|
+
# GET /error_duplicators/1/edit
|
25
|
+
def edit
|
26
|
+
end
|
27
|
+
|
28
|
+
# POST /error_duplicators
|
29
|
+
def create
|
30
|
+
@error_duplicator = ErrorDuplicator.new(error_duplicator_params)
|
31
|
+
|
32
|
+
if @error_duplicator.save
|
33
|
+
redirect_to @error_duplicator, notice: 'Error duplicator was successfully created.'
|
34
|
+
else
|
35
|
+
render action: 'new'
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
# PATCH/PUT /error_duplicators/1
|
40
|
+
def update
|
41
|
+
if @error_duplicator.update(error_duplicator_params)
|
42
|
+
redirect_to @error_duplicator, notice: 'Error duplicator was successfully updated.'
|
43
|
+
else
|
44
|
+
render action: 'edit'
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
# DELETE /error_duplicators/1
|
49
|
+
def destroy
|
50
|
+
@error_duplicator.destroy
|
51
|
+
redirect_to error_duplicators_url, notice: 'Error duplicator was successfully destroyed.'
|
52
|
+
end
|
53
|
+
|
54
|
+
private
|
55
|
+
# Use callbacks to share common setup or constraints between actions.
|
56
|
+
def set_error_duplicator
|
57
|
+
@error_duplicator = ErrorDuplicator.find(params[:id])
|
58
|
+
end
|
59
|
+
|
60
|
+
# Only allow a trusted parameter "white list" through.
|
61
|
+
def error_duplicator_params
|
62
|
+
params.require(:error_duplicator).permit(:subject, :body, :published)
|
63
|
+
end
|
64
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# With Post-Redirect-Get pattern on error
|
2
|
+
# - > Standard Rails scaffold, with redirect back on error using RailsPrg helpers
|
3
|
+
# -> Create -> Post-Redirect-Get in secure environment,
|
4
|
+
# redirected object loaded via filter on :new
|
5
|
+
# -> Update -> Post-Redirect-Get in non-secure environment
|
6
|
+
# redirected object loaed via direct call on :edit
|
7
|
+
class ExamplePrgsController < ApplicationController
|
8
|
+
before_filter :set_secure_environment, except: [:edit, :update]
|
9
|
+
before_action :set_example_prg, only: [:show, :edit, :update, :destroy]
|
10
|
+
|
11
|
+
# Load any redirected objects with errors for display via filter
|
12
|
+
before_filter :load_redirected_objects!, only: [:edit]
|
13
|
+
|
14
|
+
# GET /example_prgs
|
15
|
+
def index
|
16
|
+
@example_prgs = ExamplePrg.all
|
17
|
+
end
|
18
|
+
|
19
|
+
# GET /example_prgs/1
|
20
|
+
def show
|
21
|
+
end
|
22
|
+
|
23
|
+
# GET /example_prgs/new
|
24
|
+
def new
|
25
|
+
@example_prg = ExamplePrg.new
|
26
|
+
# Load any redirected objects with errors for display via direct call
|
27
|
+
load_redirected_objects!
|
28
|
+
end
|
29
|
+
|
30
|
+
# GET /example_prgs/1/edit
|
31
|
+
def edit
|
32
|
+
end
|
33
|
+
|
34
|
+
# POST /example_prgs
|
35
|
+
def create
|
36
|
+
@example_prg = ExamplePrg.new(example_prg_params)
|
37
|
+
|
38
|
+
if @example_prg.save
|
39
|
+
redirect_to @example_prg, notice: 'Example prg was successfully created.'
|
40
|
+
else
|
41
|
+
# render action: 'new' # Removed standard rails way
|
42
|
+
set_redirected_object!('@example_prg', @example_prg, example_prg_params)
|
43
|
+
redirect_to new_example_prg_path
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# PATCH/PUT /example_prgs/1
|
48
|
+
def update
|
49
|
+
if @example_prg.update(example_prg_params)
|
50
|
+
redirect_to @example_prg, notice: 'Example prg was successfully updated.'
|
51
|
+
else
|
52
|
+
# render action: 'edit' # Removed original Rails render method
|
53
|
+
set_redirected_object!('@example_prg', @example_prg, example_prg_params)
|
54
|
+
redirect_to edit_example_prg_path(@example_prg)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
# DELETE /example_prgs/1
|
59
|
+
def destroy
|
60
|
+
@example_prg.destroy
|
61
|
+
redirect_to example_prgs_url, notice: 'Example prg was successfully destroyed.'
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
# Use callbacks to share common setup or constraints between actions.
|
66
|
+
def set_example_prg
|
67
|
+
@example_prg = ExamplePrg.find(params[:id])
|
68
|
+
end
|
69
|
+
|
70
|
+
# Only allow a trusted parameter "white list" through.
|
71
|
+
def example_prg_params
|
72
|
+
params.require(:example_prg).permit(:subject, :body, :published)
|
73
|
+
end
|
74
|
+
end
|
File without changes
|
File without changes
|
File without changes
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<%= form_for(@error_duplicator) do |f| %>
|
2
|
+
<% if @error_duplicator.errors.any? %>
|
3
|
+
<div id="error_explanation">
|
4
|
+
<h2><%= pluralize(@error_duplicator.errors.count, "error") %> prohibited this error_duplicator from being saved:</h2>
|
5
|
+
|
6
|
+
<ul>
|
7
|
+
<% @error_duplicator.errors.full_messages.each do |msg| %>
|
8
|
+
<li><%= msg %></li>
|
9
|
+
<% end %>
|
10
|
+
</ul>
|
11
|
+
</div>
|
12
|
+
<% end %>
|
13
|
+
|
14
|
+
<div class="field">
|
15
|
+
<%= f.label :subject %><br>
|
16
|
+
<%= f.text_area :subject %>
|
17
|
+
</div>
|
18
|
+
<div class="field">
|
19
|
+
<%= f.label :body %><br>
|
20
|
+
<%= f.text_area :body %>
|
21
|
+
</div>
|
22
|
+
<div class="field">
|
23
|
+
<%= f.label :published %><br>
|
24
|
+
<%= f.check_box :published %>
|
25
|
+
</div>
|
26
|
+
<div class="actions">
|
27
|
+
<%= f.submit %>
|
28
|
+
</div>
|
29
|
+
<% end %>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<h1>Listing error_duplicators</h1>
|
2
|
+
|
3
|
+
<table>
|
4
|
+
<thead>
|
5
|
+
<tr>
|
6
|
+
<th>Subject</th>
|
7
|
+
<th>Body</th>
|
8
|
+
<th>Published</th>
|
9
|
+
<th></th>
|
10
|
+
<th></th>
|
11
|
+
<th></th>
|
12
|
+
</tr>
|
13
|
+
</thead>
|
14
|
+
|
15
|
+
<tbody>
|
16
|
+
<% @error_duplicators.each do |error_duplicator| %>
|
17
|
+
<tr>
|
18
|
+
<td><%= error_duplicator.subject %></td>
|
19
|
+
<td><%= error_duplicator.body %></td>
|
20
|
+
<td><%= error_duplicator.published %></td>
|
21
|
+
<td><%= link_to 'Show', error_duplicator %></td>
|
22
|
+
<td><%= link_to 'Edit', edit_error_duplicator_path(error_duplicator) %></td>
|
23
|
+
<td><%= link_to 'Destroy', error_duplicator, method: :delete, data: { confirm: 'Are you sure?' } %></td>
|
24
|
+
</tr>
|
25
|
+
<% end %>
|
26
|
+
</tbody>
|
27
|
+
</table>
|
28
|
+
|
29
|
+
<br>
|
30
|
+
|
31
|
+
<%= link_to 'New Error duplicator', new_error_duplicator_path %>
|
@@ -0,0 +1,19 @@
|
|
1
|
+
<p id="notice"><%= notice %></p>
|
2
|
+
|
3
|
+
<p>
|
4
|
+
<strong>Subject:</strong>
|
5
|
+
<%= @error_duplicator.subject %>
|
6
|
+
</p>
|
7
|
+
|
8
|
+
<p>
|
9
|
+
<strong>Body:</strong>
|
10
|
+
<%= @error_duplicator.body %>
|
11
|
+
</p>
|
12
|
+
|
13
|
+
<p>
|
14
|
+
<strong>Published:</strong>
|
15
|
+
<%= @error_duplicator.published %>
|
16
|
+
</p>
|
17
|
+
|
18
|
+
<%= link_to 'Edit', edit_error_duplicator_path(@error_duplicator) %> |
|
19
|
+
<%= link_to 'Back', error_duplicators_path %>
|
@@ -0,0 +1,29 @@
|
|
1
|
+
<%= form_for(@example_prg) do |f| %>
|
2
|
+
<% if @example_prg.errors.any? %>
|
3
|
+
<div id="error_explanation">
|
4
|
+
<h2><%= pluralize(@example_prg.errors.count, "error") %> prohibited this example_prg from being saved:</h2>
|
5
|
+
|
6
|
+
<ul>
|
7
|
+
<% @example_prg.errors.full_messages.each do |msg| %>
|
8
|
+
<li><%= msg %></li>
|
9
|
+
<% end %>
|
10
|
+
</ul>
|
11
|
+
</div>
|
12
|
+
<% end %>
|
13
|
+
|
14
|
+
<div class="field">
|
15
|
+
<%= f.label :subject %><br>
|
16
|
+
<%= f.text_area :subject %>
|
17
|
+
</div>
|
18
|
+
<div class="field">
|
19
|
+
<%= f.label :body %><br>
|
20
|
+
<%= f.text_area :body %>
|
21
|
+
</div>
|
22
|
+
<div class="field">
|
23
|
+
<%= f.label :published %><br>
|
24
|
+
<%= f.check_box :published %>
|
25
|
+
</div>
|
26
|
+
<div class="actions">
|
27
|
+
<%= f.submit %>
|
28
|
+
</div>
|
29
|
+
<% end %>
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<h1>Listing example_prgs</h1>
|
2
|
+
|
3
|
+
<table>
|
4
|
+
<thead>
|
5
|
+
<tr>
|
6
|
+
<th>Subject</th>
|
7
|
+
<th>Body</th>
|
8
|
+
<th>Published</th>
|
9
|
+
<th></th>
|
10
|
+
<th></th>
|
11
|
+
<th></th>
|
12
|
+
</tr>
|
13
|
+
</thead>
|
14
|
+
|
15
|
+
<tbody>
|
16
|
+
<% @example_prgs.each do |example_prg| %>
|
17
|
+
<tr>
|
18
|
+
<td><%= example_prg.subject %></td>
|
19
|
+
<td><%= example_prg.body %></td>
|
20
|
+
<td><%= example_prg.published %></td>
|
21
|
+
<td><%= link_to 'Show', example_prg %></td>
|
22
|
+
<td><%= link_to 'Edit', edit_example_prg_path(example_prg) %></td>
|
23
|
+
<td><%= link_to 'Destroy', example_prg, method: :delete, data: { confirm: 'Are you sure?' } %></td>
|
24
|
+
</tr>
|
25
|
+
<% end %>
|
26
|
+
</tbody>
|
27
|
+
</table>
|
28
|
+
|
29
|
+
<br>
|
30
|
+
|
31
|
+
<%= link_to 'New Example prg', new_example_prg_path %>
|