tennpipes-base 3.6.6

data/test/test_core.rb

@@ -0,0 +1,93 @@
+require File.expand_path(File.dirname(__FILE__) + '/helper')
+
+describe "Core" do
+  def setup
+    Tennpipes.clear!
+  end
+
+  describe 'for core functionality' do
+    it 'should check some global methods' do
+      assert_respond_to Tennpipes, :root
+      assert_respond_to Tennpipes, :env
+      assert_respond_to Tennpipes, :application
+      assert_respond_to Tennpipes, :set_encoding
+      assert_respond_to Tennpipes, :load!
+      assert_respond_to Tennpipes, :reload!
+      assert_respond_to Tennpipes, :version
+      assert_respond_to Tennpipes, :configure_apps
+    end
+
+    it 'should validate global helpers' do
+      assert_equal :test, Tennpipes.env
+      assert_match /\/test/, Tennpipes.root
+      refute_nil Tennpipes.version
+    end
+
+    it 'should set correct utf-8 encoding' do
+      Tennpipes.set_encoding
+      assert_equal Encoding.default_external, Encoding::UTF_8
+      assert_equal Encoding.default_internal, Encoding::UTF_8
+    end
+
+    it 'should raise application error if I instantiate a new tennpipes application without mounted apps' do
+      text = capture_io { Tennpipes.application }
+      assert_match /No apps are mounted/, text.to_s
+    end
+
+    it 'should check before/after tennpipes load hooks' do
+      Tennpipes.before_load { @_foo  = 1 }
+      Tennpipes.after_load  { @_foo += 1 }
+      Tennpipes.load!
+      assert_equal 1, Tennpipes.before_load.size
+      assert_equal 1, Tennpipes.after_load.size
+      assert_equal 2, @_foo
+    end
+
+    it 'should add middlewares in front if specified' do
+      test = Class.new {
+        def initialize(app)
+          @app = app
+        end
+
+        def call(env)
+          status, headers, body = @app.call(env)
+          headers["Middleware-Called"] = "yes"
+          return status, headers, body
+        end
+      }
+
+      class Foo < Tennpipes::Application; end
+
+      Tennpipes.use(test)
+      Tennpipes.mount(Foo).to("/")
+
+      res = Rack::MockRequest.new(Tennpipes.application).get("/")
+      assert_equal "yes", res["Middleware-Called"]
+    end
+
+    it 'should properly set default options' do
+      mock_app do
+        default :foo, :bar
+        default :zoo, :baz
+        set :foo, :bam
+        set :moo, :bam
+        default :moo, :ban
+      end
+      assert_equal @app.settings.foo, :bam
+      assert_equal @app.settings.zoo, :baz
+      assert_equal @app.settings.moo, :bam
+    end
+
+    it 'should return a friendly 500' do
+      mock_app do
+        enable :show_exceptions
+        get(:index){ raise StandardError }
+      end
+
+      get "/"
+      assert_equal 500, status
+      assert body.include?("StandardError")
+      assert body.include?("<code>show_exceptions</code> setting")
+    end
+  end
+end

data/test/test_csrf_protection.rb

@@ -0,0 +1,208 @@
+require File.expand_path(File.dirname(__FILE__) + '/helper')
+
+describe "Application" do
+  before { Tennpipes.clear! }
+
+  describe 'CSRF protection' do
+    describe "with CSRF protection on" do
+      before do
+        mock_app do
+          enable :sessions
+          enable :protect_from_csrf
+          post('/'){ 'HI' }
+        end
+      end
+
+      it 'should not allow requests without tokens' do
+        post "/"
+        assert_equal 403, status
+      end
+
+      it 'should allow requests with correct tokens' do
+        post "/", {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"}
+        assert_equal 200, status
+      end
+
+      it 'should not allow requests with incorrect tokens' do
+        post "/", {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"}
+        assert_equal 403, status
+      end
+
+      it 'should allow requests with correct X-CSRF-TOKEN' do
+        post "/", {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a"
+        assert_equal 200, status
+      end
+
+      it 'should not allow requests with incorrect X-CSRF-TOKEN' do
+        post "/", {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b"
+        assert_equal 403, status
+      end
+
+    end
+
+    describe "without CSRF protection on" do
+      before do
+        mock_app do
+          enable :sessions
+          disable :protect_from_csrf
+          post('/'){ 'HI' }
+        end
+      end
+
+      it 'should allows requests without tokens' do
+        post "/"
+        assert_equal 200, status
+      end
+
+      it 'should allow requests with correct tokens' do
+        post "/", {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"}
+        assert_equal 200, status
+      end
+
+      it 'should allow requests with incorrect tokens' do
+        post "/", {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"}
+        assert_equal 200, status
+      end
+
+      it 'should allow requests with correct X-CSRF-TOKEN' do
+        post "/", {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a"
+        assert_equal 200, status
+      end
+
+      it 'should allow requests with incorrect X-CSRF-TOKEN' do
+        post "/", {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b"
+        assert_equal 200, status
+      end
+    end
+
+    describe "with optional CSRF protection" do
+      before do
+        mock_app do
+          enable :sessions
+          enable :protect_from_csrf
+          enable :allow_disabled_csrf
+          post('/on') { 'HI' }
+          post('/off', :csrf_protection => false) { 'HI' }
+        end
+      end
+
+      it 'should allow access to routes with csrf_protection off' do
+        post "/off"
+        assert_equal 200, status
+      end
+
+      it 'should not allow access to routes with csrf_protection on' do
+        post "/on"
+        assert_equal 403, status
+        assert_equal 'Forbidden', body
+      end
+    end
+
+    describe "with :except option that is using Proc" do
+      before do
+        mock_app do
+          enable :sessions
+          set :protect_from_csrf, :except => proc{|env| ["/", "/foo"].any?{|path| path == env['PATH_INFO'] }}
+          post("/") { "Hello" }
+          post("/foo") { "Hello, foo" }
+          post("/bar") { "Hello, bar" }
+        end
+      end
+
+      it 'should allow ignoring CSRF protection on specific routes' do
+        post "/"
+        assert_equal 200, status
+        post "/foo"
+        assert_equal 200, status
+        post "/bar"
+        assert_equal 403, status
+      end
+    end
+
+    describe "with :except option that is using String and Regexp" do
+      before do
+        mock_app do
+          enable :sessions
+          set :protect_from_csrf, :except => ["/a", %r{^/a.c$}]
+          post("/a") { "a" }
+          post("/abc") { "abc" }
+          post("/foo") { "foo" }
+        end
+      end
+
+      it 'should allow ignoring CSRF protection on specific routes' do
+        post "/a"
+        assert_equal 200, status
+        post "/abc"
+        assert_equal 200, status
+        post "/foo"
+        assert_equal 403, status
+      end
+    end
+
+    describe "with custom protection options" do
+      before do
+        mock_app do
+          enable :sessions
+          set :protect_from_csrf, :authenticity_param => 'foobar', :message => 'sucker!'
+          post("/a") { "a" }
+        end
+      end
+
+      it 'should allow configuring protection options' do
+        post "/a", {"foobar" => "a"}, 'rack.session' => {:csrf => "a"}
+        assert_equal 200, status
+      end
+
+      it 'should allow configuring message' do
+        post "/a"
+        assert_equal 403, status
+        assert_equal 'sucker!', body
+      end
+    end
+
+    describe "with middleware" do
+      before do
+        class Middleware < Sinatra::Base
+          post("/middleware") { "Hello, middleware" }
+          post("/dummy") { "Hello, dummy" }
+        end
+        mock_app do
+          enable :sessions
+          set :protect_from_csrf, :except => proc{|env| ["/", "/middleware"].any?{|path| path == env['PATH_INFO'] }}
+          use Middleware
+          post("/") { "Hello" }
+        end
+      end
+
+      it 'should allow ignoring CSRF protection on specific routes of middleware' do
+        post "/"
+        assert_equal 200, status
+        post "/middleware"
+        assert_equal 200, status
+        post "/dummy"
+        assert_equal 403, status
+      end
+    end
+
+    describe "with standard report layout" do
+      before do
+        mock_app do
+          enable :sessions
+          set :protect_from_csrf, :message => 'sucker!'
+          enable :report_csrf_failure
+          post("/a") { "a" }
+          error 403 do
+            halt 406, 'please, do not hack'
+          end
+        end
+      end
+
+      it 'should allow configuring protection options' do
+        post "/a"
+        assert_equal 406, status
+        assert_equal 'please, do not hack', body
+      end
+    end
+  end
+end

data/test/test_dependencies.rb

@@ -0,0 +1,57 @@
+require File.expand_path(File.dirname(__FILE__) + '/helper')
+
+describe "Dependencies" do
+  describe 'when we require a dependency that have another dependency' do
+    before do
+      @log_level = Tennpipes::Logger::Config[:test]
+      @io = StringIO.new
+      Tennpipes::Logger::Config[:test] = { :log_level => :error, :stream => @io }
+      Tennpipes::Logger.setup!
+    end
+
+    after do
+      Tennpipes::Logger::Config[:test] = @log_level
+      Tennpipes::Logger.setup!
+    end
+
+    it 'should raise an error without reloading it twice' do
+      capture_io do
+        assert_raises(RuntimeError) do
+          Tennpipes.require_dependencies(
+            Tennpipes.root("fixtures/dependencies/a.rb"),
+            Tennpipes.root("fixtures/dependencies/b.rb"),
+            Tennpipes.root("fixtures/dependencies/c.rb"),
+            Tennpipes.root("fixtures/dependencies/d.rb")
+          )
+        end
+      end
+      assert_equal 1, D
+      assert_match /RuntimeError - SomeThing/, @io.string
+    end
+
+    it 'should resolve dependency problems' do
+      capture_io do
+        Tennpipes.require_dependencies(
+          Tennpipes.root("fixtures/dependencies/a.rb"),
+          Tennpipes.root("fixtures/dependencies/b.rb"),
+          Tennpipes.root("fixtures/dependencies/c.rb")
+        )
+      end
+      assert_equal ["B", "C"], A_result
+      assert_equal "C", B_result
+      assert_equal "", @io.string
+    end
+
+    it 'should remove partially loaded constants' do
+      capture_io do
+        Tennpipes.require_dependencies(
+          Tennpipes.root("fixtures/dependencies/circular/e.rb"),
+          Tennpipes.root("fixtures/dependencies/circular/f.rb"),
+          Tennpipes.root("fixtures/dependencies/circular/g.rb")
+        )
+      end
+      assert_equal ["name"], F.fields
+      assert_equal "", @io.string
+    end
+  end
+end

data/test/test_filters.rb

@@ -0,0 +1,389 @@
+require File.expand_path(File.dirname(__FILE__) + '/helper')
+
+describe "Filters" do
+  it 'should filters by accept header' do
+    mock_app do
+      get '/foo', :provides => [:xml, :js] do
+        request.env['HTTP_ACCEPT']
+      end
+    end
+
+    get '/foo', {}, { 'HTTP_ACCEPT' => 'application/xml' }
+    assert ok?
+    assert_equal 'application/xml', body
+    assert_equal 'application/xml;charset=utf-8', response.headers['Content-Type']
+
+    get '/foo.xml'
+    assert ok?
+    assert_equal 'application/xml;charset=utf-8', response.headers['Content-Type']
+
+    get '/foo', {}, { 'HTTP_ACCEPT' => 'application/javascript' }
+    assert ok?
+    assert_equal 'application/javascript', body
+    assert_equal 'application/javascript;charset=utf-8', response.headers['Content-Type']
+
+    get '/foo.js'
+    assert ok?
+    assert_equal 'application/javascript;charset=utf-8', response.headers['Content-Type']
+
+    get '/foo', {}, { "HTTP_ACCEPT" => 'text/html' }
+    assert_equal 406, status
+  end
+
+  it 'should allow passing & halting in before filters' do
+    mock_app do
+      controller do
+        before { env['QUERY_STRING'] == 'secret' or pass }
+        get :index do
+          "secret index"
+        end
+      end
+
+      controller do
+        before { env['QUERY_STRING'] == 'halt' and halt 401, 'go away!' }
+        get :index do
+          "index"
+        end
+      end
+    end
+
+    get "/?secret"
+    assert_equal "secret index", body
+
+    get "/?halt"
+    assert_equal "go away!", body
+    assert_equal 401, status
+
+    get "/"
+    assert_equal "index", body
+  end
+
+  it 'should scope filters in the given controller' do
+    mock_app do
+      before { @global = 'global' }
+      after { @global = nil }
+
+      controller :foo do
+        before { @foo = :foo }
+        after { @foo = nil }
+        get("/") { [@foo, @bar, @global].compact.join(" ") }
+      end
+
+      get("/") { [@foo, @bar, @global].compact.join(" ") }
+
+      controller :bar do
+        before { @bar = :bar }
+        after { @bar = nil }
+        get("/") { [@foo, @bar, @global].compact.join(" ") }
+      end
+    end
+
+    get "/bar"
+    assert_equal "bar global", body
+
+    get "/foo"
+    assert_equal "foo global", body
+
+    get "/"
+    assert_equal "global", body
+  end
+
+  it 'should be able to access params in a before filter' do
+    username_from_before_filter = nil
+
+    mock_app do
+      before do
+        username_from_before_filter = params[:username]
+      end
+
+      get :users, :with => :username do
+      end
+    end
+    get '/users/josh'
+    assert_equal 'josh', username_from_before_filter
+  end
+
+  it 'should be able to access params normally when a before filter is specified' do
+    mock_app do
+      before { }
+      get :index do
+        params.inspect
+      end
+    end
+    get '/?test=what'
+    assert_equal '{"test"=>"what"}', body
+  end
+
+  it 'should be able to filter based on a path' do
+    mock_app do
+      before('/') { @test = "#{@test}before"}
+      get :index do
+        @test
+      end
+      get :main do
+        @test
+      end
+    end
+    get '/'
+    assert_equal 'before', body
+    get '/main'
+    assert_equal '', body
+  end
+
+  it 'should be able to filter based on a symbol' do
+    mock_app do
+      before(:index) { @test = 'before'}
+      get :index do
+        @test
+      end
+      get :main do
+        @test
+      end
+    end
+    get '/'
+    assert_equal 'before', body
+    get '/main'
+    assert_equal '', body
+  end
+
+  it 'should be able to filter based on a symbol for a controller' do
+    mock_app do
+      controller :foo do
+        before(:test) { @test = 'foo'}
+        get :test do
+          @test.to_s + " response"
+        end
+      end
+      controller :bar do
+        before(:test) { @test = 'bar'}
+        get :test do
+          @test.to_s + " response"
+        end
+      end
+    end
+    get '/foo/test'
+    assert_equal 'foo response', body
+    get '/bar/test'
+    assert_equal 'bar response', body
+  end
+
+  it 'should be able to filter based on a symbol or path' do
+    mock_app do
+      before(:index, '/main') { @test = 'before'}
+      get :index do
+        @test
+      end
+      get :main do
+        @test
+      end
+    end
+    get '/'
+    assert_equal 'before', body
+    get '/main'
+    assert_equal 'before', body
+  end
+
+  it 'should be able to filter based on a symbol or regexp' do
+    mock_app do
+      before(:index, /main/) { @test = 'before'}
+      get :index do
+        @test
+      end
+      get :main do
+        @test
+      end
+      get :profile do
+        @test
+      end
+    end
+    get '/'
+    assert_equal 'before', body
+    get '/main'
+    assert_equal 'before', body
+    get '/profile'
+    assert_equal '', body
+  end
+
+  it 'should be able to filter excluding based on a symbol' do
+    mock_app do
+      before(:except => :index) { @test = 'before'}
+      get :index do
+        @test
+      end
+      get :main do
+        @test
+      end
+    end
+    get '/'
+    assert_equal '', body
+    get '/main'
+    assert_equal 'before', body
+  end
+
+  it 'should be able to filter excluding based on a symbol when specify the multiple routes and use nested controller' do
+    mock_app do
+      controller :test, :nested do
+        before(:except => [:test1, :test2]) { @long = 'long'}
+        before(:except => [:test1]) { @short = 'short'}
+        get :test1 do
+          "#{@long} #{@short} normal"
+        end
+        get :test2 do
+          "#{@long} #{@short} normal"
+        end
+        get :test3 do
+          "#{@long} #{@short} normal"
+        end
+      end
+    end
+    get '/test/nested/test1'
+    assert_equal '  normal', body
+    get '/test/nested/test2'
+    assert_equal ' short normal', body
+    get '/test/nested/test3'
+    assert_equal 'long short normal', body
+  end
+
+  it 'should be able to filter based on a request param' do
+    mock_app do
+      before(:agent => /IE/) { @test = 'before'}
+      get :index do
+        @test
+      end
+    end
+    get '/'
+    assert_equal '', body
+    get "/", {}, {'HTTP_USER_AGENT' => 'This is IE'}
+    assert_equal 'before', body
+  end
+
+  it 'should be able to filter based on a symbol or path in multiple controller' do
+    mock_app do
+      controllers :foo do
+        before(:index, '/foo/main') { @test = 'before' }
+        get :index do
+          @test
+        end
+        get :main do
+          @test
+        end
+      end
+      controllers :bar do
+        before(:index, '/bar/main') { @test = 'also before' }
+        get :index do
+          @test
+        end
+        get :main do
+          @test
+        end
+      end
+    end
+    get '/foo'
+    assert_equal 'before', body
+    get '/bar'
+    assert_equal 'also before', body
+    get '/foo/main'
+    assert_equal 'before', body
+    get '/bar/main'
+    assert_equal 'also before', body
+  end
+
+  it 'should call before filters even if there was no match' do
+    test = nil
+    mock_app do
+      before(:index, '/foo') { test = 'before' }
+      get :index do
+        ''
+      end
+    end
+    get '/foo'
+    assert_equal 'before', test
+  end
+
+  it 'should ensure the call of before_filter at the first time' do
+    once = ''
+    mock_app do
+      before do
+        once += 'before'
+      end
+      get :index do
+        raise Exception, 'Oops'
+      end
+      post :index do
+        raise Exception, 'Oops'
+      end
+    end
+
+    post '/'
+    assert_equal 'before', once
+  end
+
+  it 'should call before filters only once' do
+    once = ''
+    mock_app do
+      error 500 do
+        'error 500'
+      end
+      before do
+        once += 'before'
+      end
+      get :index do
+        raise Exception, 'Oops'
+      end
+    end
+
+    get '/'
+    assert_equal 'before', once
+  end
+
+  it 'should catch exceptions in before filters' do
+    doodle = nil
+    mock_app do
+      after do
+        doodle = 'Been after'
+      end
+      before do
+        raise StandardError, "before"
+      end
+      get :index do
+        doodle = 'Been now'
+      end
+      error 500 do
+        "We broke #{env['sinatra.error'].message}"
+      end
+    end
+
+    get '/'
+    assert_equal 'We broke before', body
+    assert_equal nil, doodle
+  end
+
+  it 'should catch exceptions in after filters if no exceptions caught before' do
+    doodle = ''
+    mock_app do
+      after do
+        doodle += ' and after'
+        raise StandardError, "after"
+      end
+      get :foo do
+        doodle = 'Been now'
+        raise StandardError, "now"
+      end
+      get :index do
+        doodle = 'Been now'
+      end
+      error 500 do
+        "We broke #{env['sinatra.error'].message}"
+      end
+    end
+
+    get '/foo'
+    assert_equal 'We broke now', body
+    assert_equal 'Been now', doodle
+
+    doodle = ''
+    get '/'
+    assert_equal 'We broke after', body
+    assert_equal 'Been now and after', doodle
+  end
+end