1 require 'abstract_unit'
3 class RequestTest
< ActiveSupport
::TestCase
5 ActionController
::Base.relative_url_root
= nil
6 @request = ActionController
::TestRequest.new
10 ActionController
::Base.relative_url_root
= nil
14 assert_equal
'0.0.0.0', @request.remote_ip
16 @request.remote_addr
= '1.2.3.4'
17 assert_equal
'1.2.3.4', @request.remote_ip
19 @request.remote_addr
= '1.2.3.4,3.4.5.6'
20 assert_equal
'1.2.3.4', @request.remote_ip
22 @request.env['HTTP_CLIENT_IP'] = '2.3.4.5'
23 assert_equal
'1.2.3.4', @request.remote_ip
25 @request.remote_addr
= '192.168.0.1'
26 assert_equal
'2.3.4.5', @request.remote_ip
27 @request.env.delete
'HTTP_CLIENT_IP'
29 @request.remote_addr
= '1.2.3.4'
30 @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
31 assert_equal
'1.2.3.4', @request.remote_ip
33 @request.remote_addr
= '127.0.0.1'
34 @request.env['HTTP_X_FORWARDED_FOR'] = '3.4.5.6'
35 assert_equal
'3.4.5.6', @request.remote_ip
37 @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,3.4.5.6'
38 assert_equal
'3.4.5.6', @request.remote_ip
40 @request.env['HTTP_X_FORWARDED_FOR'] = '172.16.0.1,3.4.5.6'
41 assert_equal
'3.4.5.6', @request.remote_ip
43 @request.env['HTTP_X_FORWARDED_FOR'] = '192.168.0.1,3.4.5.6'
44 assert_equal
'3.4.5.6', @request.remote_ip
46 @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,3.4.5.6'
47 assert_equal
'3.4.5.6', @request.remote_ip
49 @request.env['HTTP_X_FORWARDED_FOR'] = '10.0.0.1, 10.0.0.1, 3.4.5.6'
50 assert_equal
'3.4.5.6', @request.remote_ip
52 @request.env['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,3.4.5.6'
53 assert_equal
'3.4.5.6', @request.remote_ip
55 @request.env['HTTP_X_FORWARDED_FOR'] = 'unknown,192.168.0.1'
56 assert_equal
'unknown', @request.remote_ip
58 @request.env['HTTP_X_FORWARDED_FOR'] = '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
59 assert_equal
'3.4.5.6', @request.remote_ip
61 @request.env['HTTP_CLIENT_IP'] = '8.8.8.8'
62 e
= assert_raise(ActionController
::ActionControllerError) {
65 assert_match
/IP spoofing attack/, e
.message
66 assert_match
/HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e
.message
67 assert_match
/HTTP_CLIENT_IP="8.8.8.8"/, e
.message
69 # turn IP Spoofing detection off.
70 # This is useful for sites that are aimed at non-IP clients. The typical
71 # example is WAP. Since the cellular network is not IP based, it's a
72 # leap of faith to assume that their proxies are ever going to set the
73 # HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
74 ActionController
::Base.ip_spoofing_check
= false
75 assert_equal('8.8.8.8', @request.remote_ip
)
76 ActionController
::Base.ip_spoofing_check
= true
78 @request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
79 assert_equal
'8.8.8.8', @request.remote_ip
81 @request.env.delete
'HTTP_CLIENT_IP'
82 @request.env.delete
'HTTP_X_FORWARDED_FOR'
86 @request.host
= "www.rubyonrails.org"
87 assert_equal
"rubyonrails.org", @request.domain
89 @request.host
= "www.rubyonrails.co.uk"
90 assert_equal
"rubyonrails.co.uk", @request.domain(2)
92 @request.host
= "192.168.1.200"
93 assert_nil
@request.domain
95 @request.host
= "foo.192.168.1.200"
96 assert_nil
@request.domain
98 @request.host
= "192.168.1.200.com"
99 assert_equal
"200.com", @request.domain
102 assert_nil
@request.domain
106 @request.host
= "www.rubyonrails.org"
107 assert_equal
%w( www
), @request.subdomains
109 @request.host
= "www.rubyonrails.co.uk"
110 assert_equal
%w( www
), @request.subdomains(2)
112 @request.host
= "dev.www.rubyonrails.co.uk"
113 assert_equal
%w( dev www
), @request.subdomains(2)
115 @request.host
= "foobar.foobar.com"
116 assert_equal
%w( foobar
), @request.subdomains
118 @request.host
= "192.168.1.200"
119 assert_equal
[], @request.subdomains
121 @request.host
= "foo.192.168.1.200"
122 assert_equal
[], @request.subdomains
124 @request.host
= "192.168.1.200.com"
125 assert_equal
%w( 192 168 1 ), @request.subdomains
128 assert_equal
[], @request.subdomains
133 assert_equal
"", @request.port_string
136 assert_equal
":8080", @request.port_string
140 @request.env['SERVER_SOFTWARE'] = 'Apache 42.342.3432'
142 @request.set_REQUEST_URI
"http://www.rubyonrails.org/path/of/some/uri?mapped=1"
143 assert_equal
"/path/of/some/uri?mapped=1", @request.request_uri
144 assert_equal
"/path/of/some/uri", @request.path
146 @request.set_REQUEST_URI
"http://www.rubyonrails.org/path/of/some/uri"
147 assert_equal
"/path/of/some/uri", @request.request_uri
148 assert_equal
"/path/of/some/uri", @request.path
150 @request.set_REQUEST_URI
"/path/of/some/uri"
151 assert_equal
"/path/of/some/uri", @request.request_uri
152 assert_equal
"/path/of/some/uri", @request.path
154 @request.set_REQUEST_URI
"/"
155 assert_equal
"/", @request.request_uri
156 assert_equal
"/", @request.path
158 @request.set_REQUEST_URI
"/?m=b"
159 assert_equal
"/?m=b", @request.request_uri
160 assert_equal
"/", @request.path
162 @request.set_REQUEST_URI
"/"
163 @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
164 assert_equal
"/", @request.request_uri
165 assert_equal
"/", @request.path
167 ActionController
::Base.relative_url_root
= "/hieraki"
168 @request.set_REQUEST_URI
"/hieraki/"
169 @request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
170 assert_equal
"/hieraki/", @request.request_uri
171 assert_equal
"/", @request.path
172 ActionController
::Base.relative_url_root
= nil
174 ActionController
::Base.relative_url_root
= "/collaboration/hieraki"
175 @request.set_REQUEST_URI
"/collaboration/hieraki/books/edit/2"
176 @request.env['SCRIPT_NAME'] = "/collaboration/hieraki/dispatch.cgi"
177 assert_equal
"/collaboration/hieraki/books/edit/2", @request.request_uri
178 assert_equal
"/books/edit/2", @request.path
179 ActionController
::Base.relative_url_root
= nil
181 # The following tests are for when REQUEST_URI is not supplied (as in IIS)
182 @request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
183 @request.env['SCRIPT_NAME'] = nil #"/path/dispatch.rb"
184 @request.set_REQUEST_URI
nil
185 assert_equal
"/path/of/some/uri?mapped=1", @request.request_uri
186 assert_equal
"/path/of/some/uri", @request.path
188 ActionController
::Base.relative_url_root
= '/path'
189 @request.env['PATH_INFO'] = "/path/of/some/uri?mapped=1"
190 @request.env['SCRIPT_NAME'] = "/path/dispatch.rb"
191 @request.set_REQUEST_URI
nil
192 assert_equal
"/path/of/some/uri?mapped=1", @request.request_uri
193 assert_equal
"/of/some/uri", @request.path
194 ActionController
::Base.relative_url_root
= nil
196 @request.env['PATH_INFO'] = "/path/of/some/uri"
197 @request.env['SCRIPT_NAME'] = nil
198 @request.set_REQUEST_URI
nil
199 assert_equal
"/path/of/some/uri", @request.request_uri
200 assert_equal
"/path/of/some/uri", @request.path
202 @request.env['PATH_INFO'] = "/"
203 @request.set_REQUEST_URI
nil
204 assert_equal
"/", @request.request_uri
205 assert_equal
"/", @request.path
207 @request.env['PATH_INFO'] = "/?m=b"
208 @request.set_REQUEST_URI
nil
209 assert_equal
"/?m=b", @request.request_uri
210 assert_equal
"/", @request.path
212 @request.env['PATH_INFO'] = "/"
213 @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
214 @request.set_REQUEST_URI
nil
215 assert_equal
"/", @request.request_uri
216 assert_equal
"/", @request.path
218 ActionController
::Base.relative_url_root
= '/hieraki'
219 @request.env['PATH_INFO'] = "/hieraki/"
220 @request.env['SCRIPT_NAME'] = "/hieraki/dispatch.cgi"
221 @request.set_REQUEST_URI
nil
222 assert_equal
"/hieraki/", @request.request_uri
223 assert_equal
"/", @request.path
224 ActionController
::Base.relative_url_root
= nil
226 @request.set_REQUEST_URI
'/hieraki/dispatch.cgi'
227 ActionController
::Base.relative_url_root
= '/hieraki'
228 assert_equal
"/dispatch.cgi", @request.path
229 ActionController
::Base.relative_url_root
= nil
231 @request.set_REQUEST_URI
'/hieraki/dispatch.cgi'
232 ActionController
::Base.relative_url_root
= '/foo'
233 assert_equal
"/hieraki/dispatch.cgi", @request.path
234 ActionController
::Base.relative_url_root
= nil
236 # This test ensures that Rails uses REQUEST_URI over PATH_INFO
237 ActionController
::Base.relative_url_root
= nil
238 @request.env['REQUEST_URI'] = "/some/path"
239 @request.env['PATH_INFO'] = "/another/path"
240 @request.env['SCRIPT_NAME'] = "/dispatch.cgi"
241 assert_equal
"/some/path", @request.request_uri
242 assert_equal
"/some/path", @request.path
245 def test_host_with_default_port
246 @request.host
= "rubyonrails.org"
248 assert_equal
"rubyonrails.org", @request.host_with_port
251 def test_host_with_non_default_port
252 @request.host
= "rubyonrails.org"
254 assert_equal
"rubyonrails.org:81", @request.host_with_port
257 def test_server_software
258 assert_equal
nil, @request.server_software
260 @request.env['SERVER_SOFTWARE'] = 'Apache3.422'
261 assert_equal
'apache', @request.server_software
263 @request.env['SERVER_SOFTWARE'] = 'lighttpd(1.1.4)'
264 assert_equal
'lighttpd', @request.server_software
267 def test_xml_http_request
268 assert
!@request.xml_http_request
?
269 assert
!@request.xhr
?
271 @request.env['HTTP_X_REQUESTED_WITH'] = "DefinitelyNotAjax1.0"
272 assert
!@request.xml_http_request
?
273 assert
!@request.xhr
?
275 @request.env['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
276 assert
@request.xml_http_request
?
281 assert
!@request.ssl
?
282 @request.env['HTTPS'] = 'on'
286 def test_reports_ssl_when_proxied_via_lighttpd
287 assert
!@request.ssl
?
288 @request.env['HTTP_X_FORWARDED_PROTO'] = 'https'
292 def test_symbolized_request_methods
293 [:get, :post, :put, :delete].each
do |method
|
294 self.request_method
= method
295 assert_equal method
, @request.method
299 def test_invalid_http_method_raises_exception
300 assert_raise(ActionController
::UnknownHttpMethod) do
301 self.request_method
= :random_method
302 @request.request_method
306 def test_allow_method_hacking_on_post
307 [:get, :head, :options, :put, :post, :delete].each
do |method
|
308 self.request_method
= method
309 assert_equal(method
== :head ? :get : method
, @request.method
)
313 def test_invalid_method_hacking_on_post_raises_exception
314 assert_raise(ActionController
::UnknownHttpMethod) do
315 self.request_method
= :_random_method
316 @request.request_method
320 def test_restrict_method_hacking
321 @request.instance_eval
{ @parameters = { :_method => 'put' } }
322 [:get, :put, :delete].each
do |method
|
323 self.request_method
= method
324 assert_equal method
, @request.method
328 def test_head_masquerading_as_get
329 self.request_method
= :head
330 assert_equal
:get, @request.method
332 assert
@request.head
?
336 @request.instance_eval
{ @parameters = { :format => 'xml' } }
337 assert_equal Mime
::XML, @request.format
340 def test_xhtml_format
341 @request.instance_eval
{ @parameters = { :format => 'xhtml' } }
342 assert_equal Mime
::HTML, @request.format
346 @request.instance_eval
{ @parameters = { :format => 'txt' } }
347 assert_equal Mime
::TEXT, @request.format
351 ActionController
::Base.use_accept_header
, old
=
352 false, ActionController
::Base.use_accept_header
354 @request.instance_eval
{ @parameters = {} }
355 @request.env["HTTP_X_REQUESTED_WITH"] = "XMLHttpRequest"
357 assert_equal Mime
::JS, @request.format
360 ActionController
::Base.use_accept_header
= old
363 def test_content_type
364 @request.env["CONTENT_TYPE"] = "text/html"
365 assert_equal Mime
::HTML, @request.content_type
368 def test_format_assignment_should_set_format
369 @request.instance_eval
{ self.format
= :txt }
370 assert
!@request.format
.xml
?
371 @request.instance_eval
{ self.format
= :xml }
372 assert
@request.format
.xml
?
375 def test_content_no_type
376 assert_equal
nil, @request.content_type
379 def test_content_type_xml
380 @request.env["CONTENT_TYPE"] = "application/xml"
381 assert_equal Mime
::XML, @request.content_type
384 def test_content_type_with_charset
385 @request.env["CONTENT_TYPE"] = "application/xml; charset=UTF-8"
386 assert_equal Mime
::XML, @request.content_type
390 assert_not_nil
@request.user_agent
394 @request.stubs(:request_parameters).returns({ "foo" => 1 })
395 @request.stubs(:query_parameters).returns({ "bar" => 2 })
397 assert_equal({"foo" => 1, "bar" => 2}, @request.parameters
)
398 assert_equal({"foo" => 1}, @request.request_parameters
)
399 assert_equal({"bar" => 2}, @request.query_parameters
)
403 def request_method
=(method
)
404 @request.env['REQUEST_METHOD'] = method
.to_s
.upcase
405 @request.request_method
= nil # Reset the ivar cache