roda 3.28.0 → 3.29.0

data/spec/plugin/content_for_spec.rb

@@ -1,162 +0,0 @@
-require_relative "../spec_helper"
-
-begin
-  require 'tilt/erb'
-rescue LoadError
-  warn "tilt not installed, skipping content_for plugin test"
-else
-describe "content_for plugin with erb" do
-  before do
-    app(:bare) do
-      plugin :render, :views => './spec/views'
-      plugin :content_for
-
-      route do |r|
-        r.root do
-          view(:inline => "<% content_for :foo do %>foo<% end %>bar", :layout => { :inline => '<%= yield %> <%= content_for(:foo) %>' })
-        end
-        r.get 'a' do
-          view(:inline => "bar", :layout => { :inline => '<%= content_for(:foo) %> <%= yield %>' })
-        end
-        r.get 'b' do
-          view(:inline => '<% content_for(:foo, "foo") %>bar', :layout => { :inline => '<%= yield %> <%= content_for(:foo) %>' })
-        end
-        r.get 'e' do
-          view(:inline => 'a<% content_for :foo do %><% end %>b', :layout => { :inline => 'c<%= yield %>d<%= content_for(:foo) %>e' })
-        end
-        r.get 'f' do
-          view(:inline => 'a<% content_for :foo do "f" end %>b', :layout => { :inline => 'c<%= yield %>d<%= content_for(:foo) %>e' })
-        end
-        r.get 'g' do
-          view(:inline => 'a<% content_for :foo do "<" + "%= 1 %" + ">" end %>b', :layout => { :inline => 'c<%= yield %>d<%= content_for(:foo) %>e' })
-        end
-      end
-    end
-  end
-
-  it "should be able to set content in template and get that content in the layout" do
-    body.strip.must_equal "bar foo"
-  end
-
-  it "should work if content is not set by the template" do
-    body('/a').strip.must_equal "bar"
-  end
-
-  it "should work if a raw string is set" do
-    body('/b').strip.must_equal "bar foo"
-  end
-
-  it "should work for an empty content_for" do
-    body('/e').strip.must_equal "cabde"
-  end
-
-  it "should work when content_for uses a regular block" do
-    body('/f').strip.must_equal "cabdfe"
-  end
-
-  it "should use content_for output directly" do
-    body('/g').strip.must_equal "cabd<%= 1 %>e"
-  end
-end
-
-describe "content_for plugin with multiple calls to the same key" do
-  before do
-    app(:bare) do
-      plugin :render, :views => './spec/views'
-      plugin :content_for
-
-      route do |r|
-        r.root do
-          view(:inline => "<% content_for :foo do %>foo<% end %><% content_for :foo do %>baz<% end %>bar", :layout => { :inline => '<%= yield %> <%= content_for(:foo) %>' })
-        end
-      end
-    end
-  end
-
-  it "should replace with multiple calls to the same key if :append=>false plugin option is used" do
-    app.plugin :content_for, :append => false
-    body.strip.must_equal "bar baz"
-  end
-
-  it "should append with multiple calls to the same key if :append=>true plugin option is used" do
-    app.plugin :content_for
-    body.strip.must_equal "bar foobaz"
-  end
-end
-end
-
-begin
-  require 'tilt/erb'
-  require 'tilt/haml'
-rescue LoadError
-  warn "tilt or haml not installed, skipping content_for plugin haml tests"
-else
-describe "content_for plugin with haml" do
-  before do
-    app(:bare) do
-      plugin :render, :engine => 'haml'
-      plugin :content_for
-
-      route do |r|
-        r.root do
-          view(:inline => "- content_for :foo do\n  - capture_haml do\n    foo\nbar", :layout => { :inline => "= yield\n=content_for :foo" })
-        end
-        r.get 'a' do
-          view(:inline => "- content_for :foo, 'foo'\nbar", :layout => { :inline => "= yield\n=content_for :foo" })
-        end
-      end
-    end
-  end
-
-  it "should work with alternate rendering engines" do
-    body.strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
-    body('/a').strip.sub(/\n+/, "\n").must_equal "bar\nfoo"
-  end
-end
-
-describe "content_for plugin with mixed template engines" do
-  before do
-    app(:bare) do
-      plugin :render, :layout_opts=>{:engine => 'haml', :inline => "= yield\n=content_for :foo" }
-      plugin :content_for
-
-      route do |r|
-        r.root do
-          view(:inline => "<% content_for :foo do %>foo<% end %>bar")
-        end
-        r.get 'a' do
-          view(:inline => "<% content_for :foo, 'foo' %>bar")
-        end
-      end
-    end
-  end
-
-  it "should work with alternate rendering engines" do
-    body.strip.must_equal "bar\nfoo"
-    body('/a').strip.must_equal "bar\nfoo"
-  end
-end
-
-describe "content_for plugin when overriding :engine" do
-  before do
-    app(:bare) do
-      plugin :render, :engine => 'haml', :layout_opts=>{:inline => "= yield\n=content_for :foo" }
-      plugin :content_for
-
-      route do |r|
-        r.root do
-          view(:inline => "<% content_for :foo do %>foo<% end %>bar", :engine=>:erb)
-        end
-        r.get 'a' do
-          view(:inline => "<% content_for :foo, 'foo' %>bar", :engine=>:erb)
-        end
-      end
-    end
-  end
-
-  it "should work with alternate rendering engines" do
-    body.strip.must_equal "bar\nfoo"
-    body('/a').strip.must_equal "bar\nfoo"
-  end
-end
-end

data/spec/plugin/content_security_policy_spec.rb

@@ -1,175 +0,0 @@
-require_relative "../spec_helper"
-
-describe "content_security_policy plugin" do 
-  it "does not add header if no options are set" do
-    app(:content_security_policy){'a'}
-    header('Content-Security-Policy', "/a").must_be_nil
-  end
-
-  it "sets Content-Security-Policy header" do
-    app(:bare) do
-      plugin :content_security_policy do |csp|
-        csp.default_src :self
-        csp.img_src :self, 'example.com'
-        csp.style_src [:sha256, 'abc']
-      end
-
-      route do |r|
-        r.get 'ro' do
-          content_security_policy.report_only
-          ''
-        end
-
-        r.get 'nro' do
-          content_security_policy.report_only
-          content_security_policy.report_only(false)
-          content_security_policy.report_only?.inspect
-        end
-
-        r.get 'get' do
-          content_security_policy.get_default_src.inspect
-        end
-
-        r.get 'add' do
-          content_security_policy.add_default_src('foo.com', 'bar.com')
-          ''
-        end
-
-        r.get 'empty' do
-          content_security_policy.add_default_src
-          ''
-        end
-
-        r.get 'set' do
-          content_security_policy.default_src('foo.com', 'bar.com')
-          ''
-        end
-
-        r.get 'bool' do
-          content_security_policy.block_all_mixed_content
-          content_security_policy.upgrade_insecure_requests(false)
-          content_security_policy.block_all_mixed_content?.inspect
-        end
-
-        r.get 'block' do
-          content_security_policy do |csp|
-            csp.block_all_mixed_content
-            csp.add_default_src('foo.com', 'bar.com')
-            csp.img_src :none
-            csp.style_src
-            csp.report_only
-          end
-          ''
-        end
-
-        r.get 'clear' do
-          content_security_policy do |csp|
-            csp.clear
-            csp.add_default_src('foo.com', 'bar.com')
-          end
-          ''
-        end
-
-        'a'
-      end
-    end
-
-    v = "default-src 'self'; img-src 'self' example.com; style-src 'sha256-abc'; "
-
-    header('Content-Security-Policy', "/a").must_equal v
-
-    header('Content-Security-Policy', "/nro").must_equal v
-    header('Content-Security-Policy-Report-Only', "/nro").must_be_nil
-    body("/nro").must_equal 'false'
-
-    header('Content-Security-Policy-Report-Only', "/ro").must_equal v
-    header('Content-Security-Policy', "/ro").must_be_nil
-
-    body('/get').must_equal '[:self]'
-
-    header('Content-Security-Policy', "/add").must_equal "default-src 'self' foo.com bar.com; img-src 'self' example.com; style-src 'sha256-abc'; "
-
-    header('Content-Security-Policy', "/empty").must_equal "default-src 'self'; img-src 'self' example.com; style-src 'sha256-abc'; "
-
-    header('Content-Security-Policy', "/set").must_equal "default-src foo.com bar.com; img-src 'self' example.com; style-src 'sha256-abc'; "
-
-    body('/bool').must_equal 'true'
-    header('Content-Security-Policy', "/bool").must_equal "default-src 'self'; img-src 'self' example.com; style-src 'sha256-abc'; block-all-mixed-content; "
-
-    header('Content-Security-Policy-Report-Only', "/block").must_equal "default-src 'self' foo.com bar.com; img-src 'none'; block-all-mixed-content; "
-
-    header('Content-Security-Policy', "/clear").must_equal "default-src foo.com bar.com; "
-  end
-
-  it "raises error for unsupported CSP values" do
-    app{}
-    proc{app.plugin(:content_security_policy){|csp| csp.default_src Object.new}}.must_raise Roda::RodaError
-    proc{app.plugin(:content_security_policy){|csp| csp.default_src []}}.must_raise Roda::RodaError
-    proc{app.plugin(:content_security_policy){|csp| csp.default_src [:a]}}.must_raise Roda::RodaError
-    proc{app.plugin(:content_security_policy){|csp| csp.default_src [:a, :b, :c]}}.must_raise Roda::RodaError
-  end
-
-  it "supports all documented settings" do
-    app(:content_security_policy) do |r|
-      content_security_policy.send(r.path[1..-1], :self)
-    end
-
-    '
-    base_uri
-    child_src
-    connect_src
-    default_src
-    font_src
-    form_action
-    frame_ancestors
-    frame_src
-    img_src
-    manifest_src
-    media_src
-    object_src
-    plugin_types
-    report_uri
-    require_sri_for
-    sandbox
-    script_src
-    style_src
-    worker_src
-    '.split.each do |setting|
-      header('Content-Security-Policy', "/#{setting}").must_equal "#{setting.gsub('_', '-')} 'self'; "
-    end
-  end
-
-  it "does not override existing heading" do
-    app(:content_security_policy) do |r|
-      content_security_policy.default_src :self
-      response['Content-Security-Policy'] = "default_src 'none';"
-      ''
-    end
-    header('Content-Security-Policy').must_equal "default_src 'none';"
-  end
-
-  it "works with error_handler" do
-    app(:bare) do
-      plugin(:error_handler){|_| ''}
-      plugin :content_security_policy do |csp|
-        csp.default_src :self
-        csp.img_src :self, 'example.com'
-        csp.style_src [:sha256, 'abc']
-      end
-
-      route do |r|
-        r.get 'a' do
-          content_security_policy.default_src 'foo.com'
-          raise
-        end
-
-        raise
-      end
-    end
-
-    header('Content-Security-Policy').must_equal "default-src 'self'; img-src 'self' example.com; style-src 'sha256-abc'; "
-
-    # Don't include updates before the error
-    header('Content-Security-Policy', '/a').must_equal "default-src 'self'; img-src 'self' example.com; style-src 'sha256-abc'; "
-  end
-end

data/spec/plugin/cookies_spec.rb

@@ -1,51 +0,0 @@
-require_relative "../spec_helper"
-
-describe "cookies plugin" do 
-  it "should set cookies on response" do
-    app(:cookies) do |r|
-      response.set_cookie("foo", "bar")
-      response.set_cookie("bar", "baz")
-      "Hello"
-    end
-
-    header('Set-Cookie').must_equal "foo=bar\nbar=baz"
-    body.must_equal 'Hello'
-  end
-
-  it "should delete cookies on response" do
-    app(:cookies) do |r|
-      response.set_cookie("foo", "bar")
-      response.delete_cookie("foo")
-      "Hello"
-    end
-
-    header('Set-Cookie').must_match(/foo=; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
-    body.must_equal 'Hello'
-  end
-
-  it "should pass default cookie options when setting" do
-    app.plugin :cookies, :path => '/foo'
-    app.route { response.set_cookie("foo", "bar") }
-    header('Set-Cookie').must_equal "foo=bar; path=/foo"
-
-    app.route { response.set_cookie("foo", :value=>"bar", :path=>'/baz') }
-    header('Set-Cookie').must_equal "foo=bar; path=/baz"
-  end
-
-  it "should pass default cookie options when deleting" do
-    app.plugin :cookies, :domain => 'example.com'
-    app.route { response.delete_cookie("foo") }
-    header('Set-Cookie').must_match(/foo=; domain=example.com; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
-
-    app.route { response.delete_cookie("foo", :domain=>'bar.com') }
-    header('Set-Cookie').must_match(/foo=; domain=bar.com; (max-age=0; )?expires=Thu, 01[ -]Jan[ -]1970 00:00:00 (-0000|GMT)/)
-  end
-
-  it "should not override existing default cookie options" do
-    app.plugin :cookies, :path => '/foo'
-    app.plugin :cookies
-    app.route { response.set_cookie("foo", "bar") }
-
-    header('Set-Cookie').must_equal "foo=bar; path=/foo"
-  end
-end

data/spec/plugin/csrf_spec.rb

@@ -1,111 +0,0 @@
-require_relative "../spec_helper"
-
-begin
-  require 'rack/csrf'
-rescue LoadError
-  warn "rack_csrf not installed, skipping csrf plugin test"  
-else
-describe "csrf plugin" do 
-  include CookieJar
-
-  it "adds csrf protection and csrf helper methods" do
-    app(:bare) do
-      use(*DEFAULT_SESSION_MIDDLEWARE_ARGS)
-      plugin :csrf, :skip=>['POST:/foo']
-
-      route do |r|
-        r.get do
-          response['TAG'] = csrf_tag
-          response['METATAG'] = csrf_metatag
-          response['TOKEN'] = csrf_token
-          response['FIELD'] = csrf_field
-          response['HEADER'] = csrf_header
-          'g'
-        end
-        r.post 'foo' do
-          'bar'
-        end
-        r.post do
-          'p'
-        end
-      end
-    end
-
-    io = StringIO.new
-    status('REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
-    body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
-
-    s, h, b = req
-    s.must_equal 200
-    field = h['FIELD']
-    token = Regexp.escape(h['TOKEN'])
-    h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
-    h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
-    b.must_equal ['g']
-    s, _, b = req('REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN'])
-    s.must_equal 200
-    b.must_equal ['p']
-
-    app.plugin :csrf
-    body('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'bar'
-  end
-
-  it "can optionally skip setting up the middleware" do
-    sub_app = Class.new(Roda)
-    sub_app.class_eval do
-      plugin :csrf, :skip_middleware=>true
-
-      route do |r|
-        r.get do
-          response['TAG'] = csrf_tag
-          response['METATAG'] = csrf_metatag
-          response['TOKEN'] = csrf_token
-          response['FIELD'] = csrf_field
-          response['HEADER'] = csrf_header
-          'g'
-        end
-        r.post 'bar' do
-          'foobar'
-        end
-        r.post do
-          'p'
-        end
-      end
-    end
-
-    app(:bare) do
-      use(*DEFAULT_SESSION_MIDDLEWARE_ARGS)
-      plugin :csrf, :skip=>['POST:/foo/bar']
-
-      route do |r|
-        r.on 'foo' do
-          r.run sub_app
-        end
-      end
-    end
-
-    io = StringIO.new
-    status('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 403
-    body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
-
-    s, h, b = req('/foo')
-    s.must_equal 200
-    field = h['FIELD']
-    token = Regexp.escape(h['TOKEN'])
-    h['TAG'].must_match(/\A<input type="hidden" name="#{field}" value="#{token}" \/>\z/)
-    h['METATAG'].must_match(/\A<meta name="#{field}" content="#{token}" \/>\z/)
-    b.must_equal ['g']
-    s, _, b = req('/foo', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io, "HTTP_#{h['HEADER']}"=>h['TOKEN'])
-    s.must_equal 200
-    b.must_equal ['p']
-
-    sub_app.plugin :csrf, :skip_middleware=>true
-    body('/foo/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io).must_equal 'foobar'
-
-    @app = sub_app
-    s, _, b = req('/bar', 'REQUEST_METHOD'=>'POST', 'rack.input'=>io)
-    s.must_equal 200
-    b.must_equal ['foobar']
-  end
-end
-end