1
require 'abstract_unit'
3
class RequestTest < ActiveSupport::TestCase
5
ActionController::Base.relative_url_root = nil
9
ActionController::Base.relative_url_root = nil
13
request = stub_request 'REMOTE_ADDR' => '1.2.3.4'
14
assert_equal '1.2.3.4', request.remote_ip
16
request = stub_request 'REMOTE_ADDR' => '1.2.3.4,3.4.5.6'
17
assert_equal '1.2.3.4', request.remote_ip
19
request = stub_request 'REMOTE_ADDR' => '1.2.3.4',
20
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
21
assert_equal '1.2.3.4', request.remote_ip
23
request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
24
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
25
assert_equal '3.4.5.6', request.remote_ip
27
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,3.4.5.6'
28
assert_equal '3.4.5.6', request.remote_ip
30
request = stub_request 'HTTP_X_FORWARDED_FOR' => '172.16.0.1,3.4.5.6'
31
assert_equal '3.4.5.6', request.remote_ip
33
request = stub_request 'HTTP_X_FORWARDED_FOR' => '192.168.0.1,3.4.5.6'
34
assert_equal '3.4.5.6', request.remote_ip
36
request = stub_request 'HTTP_X_FORWARDED_FOR' => '10.0.0.1,3.4.5.6'
37
assert_equal '3.4.5.6', request.remote_ip
39
request = stub_request 'HTTP_X_FORWARDED_FOR' => '10.0.0.1, 10.0.0.1, 3.4.5.6'
40
assert_equal '3.4.5.6', request.remote_ip
42
request = stub_request 'HTTP_X_FORWARDED_FOR' => '127.0.0.1,3.4.5.6'
43
assert_equal '3.4.5.6', request.remote_ip
45
request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,192.168.0.1'
46
assert_equal 'unknown', request.remote_ip
48
request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
49
assert_equal '3.4.5.6', request.remote_ip
51
request = stub_request 'HTTP_X_FORWARDED_FOR' => '1.1.1.1',
52
'HTTP_CLIENT_IP' => '2.2.2.2'
53
e = assert_raise(ActionController::ActionControllerError) {
56
assert_match /IP spoofing attack/, e.message
57
assert_match /HTTP_X_FORWARDED_FOR="1.1.1.1"/, e.message
58
assert_match /HTTP_CLIENT_IP="2.2.2.2"/, e.message
60
# turn IP Spoofing detection off.
61
# This is useful for sites that are aimed at non-IP clients. The typical
62
# example is WAP. Since the cellular network is not IP based, it's a
63
# leap of faith to assume that their proxies are ever going to set the
64
# HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
65
ActionController::Base.ip_spoofing_check = false
66
request = stub_request 'HTTP_X_FORWARDED_FOR' => '1.1.1.1',
67
'HTTP_CLIENT_IP' => '2.2.2.2'
68
assert_equal '2.2.2.2', request.remote_ip
69
ActionController::Base.ip_spoofing_check = true
71
request = stub_request 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, 9.9.9.9'
72
assert_equal '9.9.9.9', request.remote_ip
76
request = stub_request 'HTTP_HOST' => 'www.rubyonrails.org'
77
assert_equal "rubyonrails.org", request.domain
79
request = stub_request 'HTTP_HOST' => "www.rubyonrails.co.uk"
80
assert_equal "rubyonrails.co.uk", request.domain(2)
82
request = stub_request 'HTTP_HOST' => "192.168.1.200"
83
assert_nil request.domain
85
request = stub_request 'HTTP_HOST' => "foo.192.168.1.200"
86
assert_nil request.domain
88
request = stub_request 'HTTP_HOST' => "192.168.1.200.com"
89
assert_equal "200.com", request.domain
93
request = stub_request 'HTTP_HOST' => "www.rubyonrails.org"
94
assert_equal %w( www ), request.subdomains
96
request = stub_request 'HTTP_HOST' => "www.rubyonrails.co.uk"
97
assert_equal %w( www ), request.subdomains(2)
99
request = stub_request 'HTTP_HOST' => "dev.www.rubyonrails.co.uk"
100
assert_equal %w( dev www ), request.subdomains(2)
102
request = stub_request 'HTTP_HOST' => "foobar.foobar.com"
103
assert_equal %w( foobar ), request.subdomains
105
request = stub_request 'HTTP_HOST' => "192.168.1.200"
106
assert_equal [], request.subdomains
108
request = stub_request 'HTTP_HOST' => "foo.192.168.1.200"
109
assert_equal [], request.subdomains
111
request = stub_request 'HTTP_HOST' => "192.168.1.200.com"
112
assert_equal %w( 192 168 1 ), request.subdomains
114
request = stub_request 'HTTP_HOST' => nil
115
assert_equal [], request.subdomains
119
request = stub_request 'HTTP_HOST' => 'www.example.org:80'
120
assert_equal "", request.port_string
122
request = stub_request 'HTTP_HOST' => 'www.example.org:8080'
123
assert_equal ":8080", request.port_string
127
request = stub_request 'REQUEST_URI' => "http://www.rubyonrails.org/path/of/some/uri?mapped=1"
128
assert_equal "/path/of/some/uri?mapped=1", request.request_uri
129
assert_equal "/path/of/some/uri", request.path
131
request = stub_request 'REQUEST_URI' => "http://www.rubyonrails.org/path/of/some/uri"
132
assert_equal "/path/of/some/uri", request.request_uri
133
assert_equal "/path/of/some/uri", request.path
135
request = stub_request 'REQUEST_URI' => "/path/of/some/uri"
136
assert_equal "/path/of/some/uri", request.request_uri
137
assert_equal "/path/of/some/uri", request.path
139
request = stub_request 'REQUEST_URI' => "/"
140
assert_equal "/", request.request_uri
141
assert_equal "/", request.path
143
request = stub_request 'REQUEST_URI' => "/?m=b"
144
assert_equal "/?m=b", request.request_uri
145
assert_equal "/", request.path
147
request = stub_request 'REQUEST_URI' => "/", 'SCRIPT_NAME' => '/dispatch.cgi'
148
assert_equal "/", request.request_uri
149
assert_equal "/", request.path
151
ActionController::Base.relative_url_root = "/hieraki"
152
request = stub_request 'REQUEST_URI' => "/hieraki/", 'SCRIPT_NAME' => "/hieraki/dispatch.cgi"
153
assert_equal "/hieraki/", request.request_uri
154
assert_equal "/", request.path
155
ActionController::Base.relative_url_root = nil
157
ActionController::Base.relative_url_root = "/collaboration/hieraki"
158
request = stub_request 'REQUEST_URI' => "/collaboration/hieraki/books/edit/2",
159
'SCRIPT_NAME' => "/collaboration/hieraki/dispatch.cgi"
160
assert_equal "/collaboration/hieraki/books/edit/2", request.request_uri
161
assert_equal "/books/edit/2", request.path
162
ActionController::Base.relative_url_root = nil
164
# The following tests are for when REQUEST_URI is not supplied (as in IIS)
165
request = stub_request 'PATH_INFO' => "/path/of/some/uri?mapped=1",
166
'SCRIPT_NAME' => nil,
168
assert_equal "/path/of/some/uri?mapped=1", request.request_uri
169
assert_equal "/path/of/some/uri", request.path
171
ActionController::Base.relative_url_root = '/path'
172
request = stub_request 'PATH_INFO' => "/path/of/some/uri?mapped=1",
173
'SCRIPT_NAME' => "/path/dispatch.rb",
175
assert_equal "/path/of/some/uri?mapped=1", request.request_uri
176
assert_equal "/of/some/uri", request.path
177
ActionController::Base.relative_url_root = nil
179
request = stub_request 'PATH_INFO' => "/path/of/some/uri",
180
'SCRIPT_NAME' => nil,
182
assert_equal "/path/of/some/uri", request.request_uri
183
assert_equal "/path/of/some/uri", request.path
185
request = stub_request 'PATH_INFO' => '/', 'REQUEST_URI' => nil
186
assert_equal "/", request.request_uri
187
assert_equal "/", request.path
189
request = stub_request 'PATH_INFO' => '/?m=b', 'REQUEST_URI' => nil
190
assert_equal "/?m=b", request.request_uri
191
assert_equal "/", request.path
193
request = stub_request 'PATH_INFO' => "/",
194
'SCRIPT_NAME' => "/dispatch.cgi",
196
assert_equal "/", request.request_uri
197
assert_equal "/", request.path
199
ActionController::Base.relative_url_root = '/hieraki'
200
request = stub_request 'PATH_INFO' => "/hieraki/",
201
'SCRIPT_NAME' => "/hieraki/dispatch.cgi",
203
assert_equal "/hieraki/", request.request_uri
204
assert_equal "/", request.path
205
ActionController::Base.relative_url_root = nil
207
request = stub_request 'REQUEST_URI' => '/hieraki/dispatch.cgi'
208
ActionController::Base.relative_url_root = '/hieraki'
209
assert_equal "/dispatch.cgi", request.path
210
ActionController::Base.relative_url_root = nil
212
request = stub_request 'REQUEST_URI' => '/hieraki/dispatch.cgi'
213
ActionController::Base.relative_url_root = '/foo'
214
assert_equal "/hieraki/dispatch.cgi", request.path
215
ActionController::Base.relative_url_root = nil
217
# This test ensures that Rails uses REQUEST_URI over PATH_INFO
218
ActionController::Base.relative_url_root = nil
219
request = stub_request 'REQUEST_URI' => "/some/path",
220
'PATH_INFO' => "/another/path",
221
'SCRIPT_NAME' => "/dispatch.cgi"
222
assert_equal "/some/path", request.request_uri
223
assert_equal "/some/path", request.path
226
def test_host_with_default_port
227
request = stub_request 'HTTP_HOST' => 'rubyonrails.org:80'
228
assert_equal "rubyonrails.org", request.host_with_port
231
def test_host_with_non_default_port
232
request = stub_request 'HTTP_HOST' => 'rubyonrails.org:81'
233
assert_equal "rubyonrails.org:81", request.host_with_port
236
def test_server_software
237
request = stub_request
238
assert_equal nil, request.server_software
240
request = stub_request 'SERVER_SOFTWARE' => 'Apache3.422'
241
assert_equal 'apache', request.server_software
243
request = stub_request 'SERVER_SOFTWARE' => 'lighttpd(1.1.4)'
244
assert_equal 'lighttpd', request.server_software
247
def test_xml_http_request
248
request = stub_request
250
assert !request.xml_http_request?
253
request = stub_request 'HTTP_X_REQUESTED_WITH' => 'DefinitelyNotAjax1.0'
254
assert !request.xml_http_request?
257
request = stub_request 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
258
assert request.xml_http_request?
263
request = stub_request
266
request = stub_request 'HTTPS' => 'on'
270
def test_reports_ssl_when_proxied_via_lighttpd
271
request = stub_request
274
request = stub_request 'HTTP_X_FORWARDED_PROTO' => 'https'
278
def test_symbolized_request_methods
279
[:get, :post, :put, :delete].each do |method|
280
request = stub_request 'REQUEST_METHOD' => method.to_s.upcase
281
assert_equal method, request.method
285
def test_invalid_http_method_raises_exception
286
assert_raise(ActionController::UnknownHttpMethod) do
287
request = stub_request 'REQUEST_METHOD' => 'RANDOM_METHOD'
288
request.request_method
292
def test_allow_method_hacking_on_post
293
[:get, :head, :options, :put, :post, :delete].each do |method|
294
request = stub_request 'REQUEST_METHOD' => method.to_s.upcase
295
assert_equal(method == :head ? :get : method, request.method)
299
def test_restrict_method_hacking
300
[:get, :put, :delete].each do |method|
301
request = stub_request 'REQUEST_METHOD' => method.to_s.upcase,
302
'action_controller.request.request_parameters' => { :_method => 'put' }
303
assert_equal method, request.method
307
def test_head_masquerading_as_get
308
request = stub_request 'REQUEST_METHOD' => 'HEAD'
309
assert_equal :get, request.method
315
request = stub_request
316
request.expects(:parameters).at_least_once.returns({ :format => 'xml' })
317
assert_equal Mime::XML, request.format
320
def test_xhtml_format
321
request = stub_request
322
request.expects(:parameters).at_least_once.returns({ :format => 'xhtml' })
323
assert_equal Mime::HTML, request.format
327
request = stub_request
328
request.expects(:parameters).at_least_once.returns({ :format => 'txt' })
329
assert_equal Mime::TEXT, request.format
332
def test_xml_http_request
333
ActionController::Base.use_accept_header, old =
334
false, ActionController::Base.use_accept_header
336
request = stub_request 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'
337
request.expects(:parameters).at_least_once.returns({})
339
assert_equal Mime::JS, request.format
341
ActionController::Base.use_accept_header = old
344
def test_content_type
345
request = stub_request 'CONTENT_TYPE' => 'text/html'
346
assert_equal Mime::HTML, request.content_type
349
def test_can_override_format_with_parameter
350
request = stub_request
351
request.expects(:parameters).at_least_once.returns({ :format => :txt })
352
assert !request.format.xml?
354
request = stub_request
355
request.expects(:parameters).at_least_once.returns({ :format => :xml })
356
assert request.format.xml?
359
def test_content_no_type
360
request = stub_request
361
assert_equal nil, request.content_type
364
def test_content_type_xml
365
request = stub_request 'CONTENT_TYPE' => 'application/xml'
366
assert_equal Mime::XML, request.content_type
369
def test_content_type_with_charset
370
request = stub_request 'CONTENT_TYPE' => 'application/xml; charset=UTF-8'
371
assert_equal Mime::XML, request.content_type
375
request = stub_request 'HTTP_USER_AGENT' => 'TestAgent'
376
assert_equal 'TestAgent', request.user_agent
380
request = stub_request
381
request.stubs(:request_parameters).returns({ "foo" => 1 })
382
request.stubs(:query_parameters).returns({ "bar" => 2 })
384
assert_equal({"foo" => 1, "bar" => 2}, request.parameters)
385
assert_equal({"foo" => 1}, request.request_parameters)
386
assert_equal({"bar" => 2}, request.query_parameters)
391
def stub_request(env={})
392
ActionController::Request.new(env)