mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8245 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
b6d255559e
commit
e03f13c553
3 changed files with 31 additions and 6 deletions
|
@ -1,3 +1,8 @@
|
|||
*SVN*
|
||||
|
||||
* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]
|
||||
|
||||
|
||||
*2.0.0 [RC2]* (November 28th, 2007)
|
||||
|
||||
* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo]
|
||||
|
|
|
@ -12,7 +12,8 @@ module ActionController #:nodoc:
|
|||
# parameters being set, or without certain session values existing.
|
||||
#
|
||||
# When a verification is violated, values may be inserted into the flash, and
|
||||
# a specified redirection is triggered.
|
||||
# a specified redirection is triggered. If no specific action is configured,
|
||||
# verification failures will by default result in a 400 Bad Request response.
|
||||
#
|
||||
# Usage:
|
||||
#
|
||||
|
@ -81,7 +82,7 @@ module ActionController #:nodoc:
|
|||
prereqs_invalid =
|
||||
[*options[:params] ].find { |v| params[v].nil? } ||
|
||||
[*options[:session]].find { |v| session[v].nil? } ||
|
||||
[*options[:flash] ].find { |v| flash[v].nil? }
|
||||
[*options[:flash] ].find { |v| flash[v].nil? }
|
||||
|
||||
if !prereqs_invalid && options[:method]
|
||||
prereqs_invalid ||=
|
||||
|
@ -93,13 +94,21 @@ module ActionController #:nodoc:
|
|||
if prereqs_invalid
|
||||
flash.update(options[:add_flash]) if options[:add_flash]
|
||||
response.headers.update(options[:add_headers]) if options[:add_headers]
|
||||
|
||||
unless performed?
|
||||
render(options[:render]) if options[:render]
|
||||
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a? Symbol
|
||||
redirect_to(options[:redirect_to]) if options[:redirect_to]
|
||||
case
|
||||
when options[:render]
|
||||
render(options[:render])
|
||||
when options[:redirect_to]
|
||||
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
|
||||
redirect_to(options[:redirect_to])
|
||||
else
|
||||
head(:bad_request)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private :verify_action
|
||||
end
|
||||
end
|
|
@ -37,6 +37,8 @@ class VerificationTest < Test::Unit::TestCase
|
|||
verify :only => :guarded_one_for_named_route_test, :params => "one",
|
||||
:redirect_to => :foo_url
|
||||
|
||||
verify :only => :no_default_action, :params => "santa"
|
||||
|
||||
def guarded_one
|
||||
render :text => "#{params[:one]}"
|
||||
end
|
||||
|
@ -89,6 +91,10 @@ class VerificationTest < Test::Unit::TestCase
|
|||
render :text => "Was a post!"
|
||||
end
|
||||
|
||||
def no_default_action
|
||||
# Will never run
|
||||
end
|
||||
|
||||
protected
|
||||
def rescue_action(e) raise end
|
||||
|
||||
|
@ -229,6 +235,11 @@ class VerificationTest < Test::Unit::TestCase
|
|||
assert_equal "Was a post!", @response.body
|
||||
end
|
||||
|
||||
def test_default_failure_should_be_a_bad_request
|
||||
post :no_default_action
|
||||
assert_response :bad_request
|
||||
end
|
||||
|
||||
def test_guarded_post_and_calls_render_fails_and_sets_allow_header
|
||||
get :must_be_post
|
||||
assert_response 405
|
||||
|
|
Loading…
Reference in a new issue