1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/actionpack/test/dispatch/request_id_test.rb
Jose and Yehuda 56cdc81c08 Remove default match without specified method
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964
2012-04-24 22:52:26 -05:00

65 lines
1.7 KiB
Ruby

require 'abstract_unit'
class RequestIdTest < ActiveSupport::TestCase
test "passing on the request id from the outside" do
assert_equal "external-uu-rid", stub_request('HTTP_X_REQUEST_ID' => 'external-uu-rid').uuid
end
test "ensure that only alphanumeric uurids are accepted" do
assert_equal "X-Hacked-HeaderStuff", stub_request('HTTP_X_REQUEST_ID' => '; X-Hacked-Header: Stuff').uuid
end
test "ensure that 255 char limit on the request id is being enforced" do
assert_equal "X" * 255, stub_request('HTTP_X_REQUEST_ID' => 'X' * 500).uuid
end
test "generating a request id when none is supplied" do
assert_match(/\w+-\w+-\w+-\w+-\w+/, stub_request.uuid)
end
private
def stub_request(env = {})
ActionDispatch::RequestId.new(lambda { |environment| [ 200, environment, [] ] }).call(env)
ActionDispatch::Request.new(env)
end
end
class RequestIdResponseTest < ActionDispatch::IntegrationTest
class TestController < ActionController::Base
def index
head :ok
end
end
test "request id is passed all the way to the response" do
with_test_route_set do
get '/'
assert_match(/\w+/, @response.headers["X-Request-Id"])
end
end
test "request id given on request is passed all the way to the response" do
with_test_route_set do
get '/', {}, 'HTTP_X_REQUEST_ID' => 'X' * 500
assert_equal "X" * 255, @response.headers["X-Request-Id"]
end
end
private
def with_test_route_set
with_routing do |set|
set.draw do
get '/', :to => ::RequestIdResponseTest::TestController.action(:index)
end
@app = self.class.build_app(set) do |middleware|
middleware.use ActionDispatch::RequestId
end
yield
end
end
end