Permalink
Browse files

Fixed that verification violations with no specified action didn't ha…

…lt the chain (now they do with a 400 Bad Request) [DHH]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8245 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
dhh committed Nov 30, 2007
1 parent b6d2555 commit e03f13c5538e38b501014fd5702309bcd7e16cbb
View
@@ -1,3 +1,8 @@
+*SVN*
+
+* Fixed that verification violations with no specified action didn't halt the chain (now they do with a 400 Bad Request) [DHH]
+
+
*2.0.0 [RC2]* (November 28th, 2007)
* Raise UnknownHttpMethod exception for unknown HTTP methods. Closes #10303 [tarmo]
@@ -12,7 +12,8 @@ def self.included(base) #:nodoc:
# parameters being set, or without certain session values existing.
#
# When a verification is violated, values may be inserted into the flash, and
- # a specified redirection is triggered.
+ # a specified redirection is triggered. If no specific action is configured,
+ # verification failures will by default result in a 400 Bad Request response.
#
# Usage:
#
@@ -81,7 +82,7 @@ def verify_action(options) #:nodoc:
prereqs_invalid =
[*options[:params] ].find { |v| params[v].nil? } ||
[*options[:session]].find { |v| session[v].nil? } ||
- [*options[:flash] ].find { |v| flash[v].nil? }
+ [*options[:flash] ].find { |v| flash[v].nil? }
if !prereqs_invalid && options[:method]
prereqs_invalid ||=
@@ -93,13 +94,21 @@ def verify_action(options) #:nodoc:
if prereqs_invalid
flash.update(options[:add_flash]) if options[:add_flash]
response.headers.update(options[:add_headers]) if options[:add_headers]
+
unless performed?
- render(options[:render]) if options[:render]
- options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a? Symbol
- redirect_to(options[:redirect_to]) if options[:redirect_to]
+ case
+ when options[:render]
+ render(options[:render])
+ when options[:redirect_to]
+ options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
+ redirect_to(options[:redirect_to])
+ else
+ head(:bad_request)
+ end
end
end
end
+
private :verify_action
end
-end
+end
@@ -37,6 +37,8 @@ class TestController < ActionController::Base
verify :only => :guarded_one_for_named_route_test, :params => "one",
:redirect_to => :foo_url
+ verify :only => :no_default_action, :params => "santa"
+
def guarded_one
render :text => "#{params[:one]}"
end
@@ -89,6 +91,10 @@ def must_be_post
render :text => "Was a post!"
end
+ def no_default_action
+ # Will never run
+ end
+
protected
def rescue_action(e) raise end
@@ -229,6 +235,11 @@ def test_guarded_post_and_calls_render_succeeds
assert_equal "Was a post!", @response.body
end
+ def test_default_failure_should_be_a_bad_request
+ post :no_default_action
+ assert_response :bad_request
+ end
+
def test_guarded_post_and_calls_render_fails_and_sets_allow_header
get :must_be_post
assert_response 405

0 comments on commit e03f13c

Please sign in to comment.