Hello community, here is the log from the commit of package rubygem-grape for openSUSE:Factory checked in at 2018-10-25 08:20:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-grape (Old) and /work/SRC/openSUSE:Factory/.rubygem-grape.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-grape" Thu Oct 25 08:20:31 2018 rev:4 rq:643119 version:1.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-grape/rubygem-grape.changes 2018-07-18 22:49:52.383770000 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-grape.new/rubygem-grape.changes 2018-10-25 08:20:56.683949026 +0200 @@ -1,0 +2,21 @@ +Wed Sep 5 10:19:43 UTC 2018 - [email protected] + +- updated to version 1.1.0 + see installed CHANGELOG.md + + ### 1.1.0 (8/4/2018) + + #### Features + + * [#1759](https://github.com/ruby-grape/grape/pull/1759): Instrument serialization as `'format_response.grape'` - [@zvkemp](https://github.com/zvkemp). + + #### Fixes + + + * [#1762](https://github.com/ruby-grape/grape/pull/1763): Fix unsafe HTML rendering on errors - [@ctennis](https://github.com/ctennis). + * [#1759](https://github.com/ruby-grape/grape/pull/1759): Update appraisal for rails_edge - [@zvkemp](https://github.com/zvkemp). + * [#1758](https://github.com/ruby-grape/grape/pull/1758): Fix expanding load_path in gemspec - [@2maz](https://github.com/2maz). + * [#1765](https://github.com/ruby-grape/grape/pull/1765): Use 415 when request body is of an unsupported media type - [@jdmurphy](https://github.com/jdmurphy). + * [#1771](https://github.com/ruby-grape/grape/pull/1771): Fix param aliases with 'given' blocks - [@jereynolds](https://github.com/jereynolds). + +------------------------------------------------------------------- Old: ---- grape-1.0.3.gem New: ---- grape-1.1.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-grape.spec ++++++ --- /var/tmp/diff_new_pack.jTk8Jh/_old 2018-10-25 08:20:57.255948770 +0200 +++ /var/tmp/diff_new_pack.jTk8Jh/_new 2018-10-25 08:20:57.255948770 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-grape -Version: 1.0.3 +Version: 1.1.0 Release: 0 %define mod_name grape %define mod_full_name %{mod_name}-%{version} ++++++ grape-1.0.3.gem -> grape-1.1.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Appraisals new/Appraisals --- old/Appraisals 2018-04-24 01:36:45.000000000 +0200 +++ new/Appraisals 2018-08-04 18:54:30.000000000 +0200 @@ -16,7 +16,7 @@ end appraise 'rails-edge' do - gem 'arel', github: 'rails/arel' + gem 'rails', github: 'rails/rails' end appraise 'rack-edge' do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2018-04-24 01:36:45.000000000 +0200 +++ new/CHANGELOG.md 2018-08-04 18:54:30.000000000 +0200 @@ -1,3 +1,18 @@ +### 1.1.0 (8/4/2018) + +#### Features + +* [#1759](https://github.com/ruby-grape/grape/pull/1759): Instrument serialization as `'format_response.grape'` - [@zvkemp](https://github.com/zvkemp). + +#### Fixes + + +* [#1762](https://github.com/ruby-grape/grape/pull/1763): Fix unsafe HTML rendering on errors - [@ctennis](https://github.com/ctennis). +* [#1759](https://github.com/ruby-grape/grape/pull/1759): Update appraisal for rails_edge - [@zvkemp](https://github.com/zvkemp). +* [#1758](https://github.com/ruby-grape/grape/pull/1758): Fix expanding load_path in gemspec - [@2maz](https://github.com/2maz). +* [#1765](https://github.com/ruby-grape/grape/pull/1765): Use 415 when request body is of an unsupported media type - [@jdmurphy](https://github.com/jdmurphy). +* [#1771](https://github.com/ruby-grape/grape/pull/1771): Fix param aliases with 'given' blocks - [@jereynolds](https://github.com/jereynolds). + ### 1.0.3 (4/23/2018) #### Fixes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile.lock new/Gemfile.lock --- old/Gemfile.lock 2018-04-24 01:36:45.000000000 +0200 +++ new/Gemfile.lock 2018-08-04 18:54:30.000000000 +0200 @@ -1,7 +1,7 @@ PATH remote: . specs: - grape (1.0.3) + grape (1.1.0) activesupport builder mustermann-grape (~> 1.0.0) @@ -12,9 +12,9 @@ GEM remote: https://rubygems.org/ specs: - activesupport (5.1.4) + activesupport (5.2.0) concurrent-ruby (~> 1.0, >= 1.0.2) - i18n (~> 0.7) + i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) addressable (2.5.2) @@ -44,9 +44,9 @@ cookiejar (0.3.3) cork (0.3.0) colored2 (~> 3.1) - coveralls (0.8.21) + coveralls (0.8.22) json (>= 1.8, < 3) - simplecov (~> 0.14.1) + simplecov (~> 0.16.1) term-ansicolor (~> 1.3) thor (~> 0.19.4) tins (~> 1.6) @@ -72,15 +72,15 @@ descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.3) - docile (1.1.5) + docile (1.3.1) equalizer (0.0.11) - faraday (0.14.0) + faraday (0.15.2) multipart-post (>= 1.2, < 3) faraday-http-cache (1.3.1) faraday (~> 0.8) - ffi (1.9.21) + ffi (1.9.25) formatador (0.2.5) - git (1.3.0) + git (1.4.0) grape-entity (0.7.1) activesupport (>= 4.0) multi_json (>= 1.3.2) @@ -102,16 +102,16 @@ guard (~> 2.0) rubocop (~> 0.20) hashie (3.5.7) - i18n (0.9.4) + i18n (1.0.1) concurrent-ruby (~> 1.0) ice_nine (0.11.2) json (2.1.0) - kramdown (1.16.2) + kramdown (1.17.0) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - lumberjack (1.0.12) + lumberjack (1.0.13) maruku (0.7.3) method_source (0.9.0) mime-types (3.1) @@ -120,7 +120,7 @@ minitest (5.11.3) multi_json (1.13.1) multipart-post (2.0.0) - mustermann (1.0.1) + mustermann (1.0.2) mustermann-grape (1.0.0) mustermann (~> 1.0.0) nap (1.1.0) @@ -128,18 +128,18 @@ notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) - octokit (4.8.0) + octokit (4.9.0) sawyer (~> 0.8.0, >= 0.5.3) open4 (1.3.4) parallel (1.12.1) - parser (2.4.0.2) - ast (~> 2.3) - powerpack (0.1.1) + parser (2.5.1.2) + ast (~> 2.4.0) + powerpack (0.1.2) pry (0.11.3) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.0.1) - rack (2.0.4) + public_suffix (3.0.2) + rack (2.0.5) rack-accept (0.4.5) rack (>= 0.4) rack-jsonp (1.3.1) @@ -148,8 +148,8 @@ rack (>= 1.0) rainbow (2.2.2) rake - rake (12.3.0) - rb-fsevent (0.10.2) + rake (12.3.1) + rb-fsevent (0.10.3) rb-inotify (0.9.10) ffi (>= 0.5.0, < 2) rspec (3.7.0) @@ -181,8 +181,8 @@ addressable (>= 2.3.5, < 2.6) faraday (~> 0.8, < 1.0) shellany (0.0.1) - simplecov (0.14.1) - docile (~> 1.1.0) + simplecov (0.16.1) + docile (~> 1.1) json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) @@ -195,7 +195,7 @@ tins (1.16.3) tzinfo (1.2.5) thread_safe (~> 0.1) - unicode-display_width (1.3.0) + unicode-display_width (1.4.0) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -228,4 +228,4 @@ ruby-grape-danger (~> 0.1.0) BUNDLED WITH - 1.15.3 + 1.16.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/README.md new/README.md --- old/README.md 2018-04-24 01:36:45.000000000 +0200 +++ new/README.md 2018-08-04 18:54:30.000000000 +0200 @@ -129,6 +129,7 @@ - [endpoint_render.grape](#endpoint_rendergrape) - [endpoint_run_filters.grape](#endpoint_run_filtersgrape) - [endpoint_run_validators.grape](#endpoint_run_validatorsgrape) + - [format_response.grape](#format_responsegrape) - [Monitoring Products](#monitoring-products) - [Contributing to Grape](#contributing-to-grape) - [License](#license) @@ -144,7 +145,7 @@ ## Stable Release -You're reading the documentation for the stable release of Grape, **1.0.3**. +You're reading the documentation for the stable release of Grape, **1.1.0**. Please read [UPGRADING](UPGRADING.md) when upgrading from a previous version. ## Project Resources @@ -1815,8 +1816,8 @@ extend Grape::API::Helpers params :order do |options| - optional :order_by, type:Symbol, values:options[:order_by], default:options[:default_order_by] - optional :order, type:Symbol, values:%i(asc desc), default:options[:default_order] + optional :order_by, type: Symbol, values: options[:order_by], default: options[:default_order_by] + optional :order, type: Symbol, values: %i(asc desc), default: options[:default_order] end end @@ -1825,7 +1826,7 @@ desc 'Get a sorted collection.' params do - use :order, order_by:%i(id created_at), default_order_by: :created_at, default_order: :asc + use :order, order_by: %i(id created_at), default_order_by: :created_at, default_order: :asc end get do @@ -2549,6 +2550,9 @@ * `:serializable_hash`: use object's `serializable_hash` when available, otherwise fallback to `:json` * `:binary`: data will be returned "as is" +If a body is present in a request to an API, with a Content-Type header value that is of an unsupported type a +"415 Unsupported Media Type" error code will be returned by Grape. + Response statuses that indicate no content as defined by [Rack](https://github.com/rack) [here](https://github.com/rack/rack/blob/master/lib/rack/utils.rb#L567) will bypass serialization and the body entity - though there should be none - @@ -3483,6 +3487,13 @@ * *validators* - The validators being executed * *request* - The request being validated +#### format_response.grape + +Serialization or template rendering. + +* *env* - The request environment +* *formatter* - The formatter object (e.g., `Grape::Formatter::Json`) + See the [ActiveSupport::Notifications documentation](http://api.rubyonrails.org/classes/ActiveSupport/Notifications.html) for information on how to subscribe to these events. ### Monitoring Products diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/UPGRADING.md new/UPGRADING.md --- old/UPGRADING.md 2018-04-24 01:36:45.000000000 +0200 +++ new/UPGRADING.md 2018-08-04 18:54:30.000000000 +0200 @@ -1,6 +1,12 @@ Upgrading Grape =============== +### Upgrading to >= 1.1.0 + +#### Changes in HTTP Response Code for Unsupported Content Type + +For PUT, POST, PATCH, and DELETE requests where a non-empty body and a "Content-Type" header is supplied that is not supported by the Grape API, Grape will no longer return a 406 "Not Acceptable" HTTP status code and will instead return a 415 "Unsupported Media Type" so that the usage of HTTP status code falls more in line with the specification of [RFC 2616](https://www.ietf.org/rfc/rfc2616.txt). + ### Upgrading to >= 1.0.0 #### Changes in XML and JSON Parsers Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/multi_json.gemfile new/gemfiles/multi_json.gemfile --- old/gemfiles/multi_json.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/multi_json.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/multi_xml.gemfile new/gemfiles/multi_xml.gemfile --- old/gemfiles/multi_xml.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/multi_xml.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rack_1.5.2.gemfile new/gemfiles/rack_1.5.2.gemfile --- old/gemfiles/rack_1.5.2.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rack_1.5.2.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rack_edge.gemfile new/gemfiles/rack_edge.gemfile --- old/gemfiles/rack_edge.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rack_edge.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rails_3.gemfile new/gemfiles/rails_3.gemfile --- old/gemfiles/rails_3.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rails_3.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -23,7 +23,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rails_4.gemfile new/gemfiles/rails_4.gemfile --- old/gemfiles/rails_4.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rails_4.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rails_5.gemfile new/gemfiles/rails_5.gemfile --- old/gemfiles/rails_5.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rails_5.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gemfiles/rails_edge.gemfile new/gemfiles/rails_edge.gemfile --- old/gemfiles/rails_edge.gemfile 2018-04-24 01:36:45.000000000 +0200 +++ new/gemfiles/rails_edge.gemfile 2018-08-04 18:54:30.000000000 +0200 @@ -2,7 +2,7 @@ source 'https://rubygems.org' -gem 'arel', github: 'rails/arel' +gem 'rails', github: 'rails/rails' group :development, :test do gem 'bundler' @@ -22,7 +22,7 @@ group :test do gem 'cookiejar' gem 'coveralls', '~> 0.8.17', require: false - gem 'danger-toc', '~> 0.1.0' + gem 'danger-toc', '~> 0.1.2' gem 'grape-entity', '~> 0.6' gem 'maruku' gem 'mime-types' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/grape.gemspec new/grape.gemspec --- old/grape.gemspec 2018-04-24 01:36:45.000000000 +0200 +++ new/grape.gemspec 2018-08-04 18:54:30.000000000 +0200 @@ -1,4 +1,4 @@ -$LOAD_PATH.push File.expand_path('../lib', __FILE__) +$LOAD_PATH.unshift File.expand_path('../lib', __FILE__) require 'grape/version' Gem::Specification.new do |s| diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/grape/middleware/error.rb new/lib/grape/middleware/error.rb --- old/lib/grape/middleware/error.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/lib/grape/middleware/error.rb 2018-08-04 18:54:30.000000000 +0200 @@ -1,4 +1,5 @@ require 'grape/middleware/base' +require 'active_support/core_ext/string/output_safety' module Grape module Middleware @@ -69,6 +70,9 @@ end def rack_response(message, status = options[:default_status], headers = { Grape::Http::Headers::CONTENT_TYPE => content_type }) + if headers[Grape::Http::Headers::CONTENT_TYPE] == TEXT_HTML + message = ERB::Util.html_escape(message) + end Rack::Response.new([message], status, headers).finish end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/grape/middleware/formatter.rb new/lib/grape/middleware/formatter.rb --- old/lib/grape/middleware/formatter.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/lib/grape/middleware/formatter.rb 2018-08-04 18:54:30.000000000 +0200 @@ -41,7 +41,9 @@ else # Allow content-type to be explicitly overwritten formatter = fetch_formatter(headers, options) - bodymap = bodies.collect { |body| formatter.call(body, env) } + bodymap = ActiveSupport::Notifications.instrument('format_response.grape', formatter: formatter, env: env) do + bodies.collect { |body| formatter.call(body, env) } + end Rack::Response.new(bodymap, status, headers) end rescue Grape::Exceptions::InvalidFormatter => e @@ -93,7 +95,7 @@ fmt = request.media_type ? mime_types[request.media_type] : options[:default_format] unless content_type_for(fmt) - throw :error, status: 406, message: "The requested content-type '#{request.media_type}' is not supported." + throw :error, status: 415, message: "The provided content-type '#{request.media_type}' is not supported." end parser = Grape::Parser.parser_for fmt, options if parser diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/grape/validations/params_scope.rb new/lib/grape/validations/params_scope.rb --- old/lib/grape/validations/params_scope.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/lib/grape/validations/params_scope.rb 2018-08-04 18:54:30.000000000 +0200 @@ -116,7 +116,7 @@ # @param attrs [Array] (see Grape::DSL::Parameters#requires) def push_declared_params(attrs, **opts) if lateral? - @parent.push_declared_params(attrs) + @parent.push_declared_params(attrs, opts) else if opts && opts[:as] @api.route_setting(:aliased_params, @api.route_setting(:aliased_params) || []) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/grape/version.rb new/lib/grape/version.rb --- old/lib/grape/version.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/lib/grape/version.rb 2018-08-04 18:54:30.000000000 +0200 @@ -1,4 +1,4 @@ module Grape # The current version of Grape. - VERSION = '1.0.3'.freeze + VERSION = '1.1.0'.freeze end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2018-04-24 01:36:45.000000000 +0200 +++ new/metadata 2018-08-04 18:54:30.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: grape version: !ruby/object:Gem::Version - version: 1.0.3 + version: 1.1.0 platform: ruby authors: - Michael Bleigh autorequire: bindir: bin cert_chain: [] -date: 2018-04-23 00:00:00.000000000 Z +date: 2018-08-04 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: activesupport @@ -250,7 +250,8 @@ - lib/grape/validations/validators/regexp.rb - lib/grape/validations/validators/values.rb - lib/grape/version.rb -- pkg/grape-1.0.0.gem +- pkg/grape-0.17.0.gem +- pkg/grape-0.19.0.gem - spec/grape/api/custom_validations_spec.rb - spec/grape/api/deeply_included_options_spec.rb - spec/grape/api/inherited_helpers_spec.rb @@ -368,7 +369,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.6.12 +rubygems_version: 2.7.6 signing_key: specification_version: 4 summary: A simple Ruby framework for building REST-like APIs. Binary files old/pkg/grape-0.17.0.gem and new/pkg/grape-0.17.0.gem differ Binary files old/pkg/grape-0.19.0.gem and new/pkg/grape-0.19.0.gem differ Binary files old/pkg/grape-1.0.0.gem and new/pkg/grape-1.0.0.gem differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/grape/api_spec.rb new/spec/grape/api_spec.rb --- old/spec/grape/api_spec.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/spec/grape/api_spec.rb 2018-08-04 18:54:31.000000000 +0200 @@ -2142,7 +2142,11 @@ end get '/excel.json' expect(last_response.status).to eq(406) - expect(last_response.body).to eq("The requested format 'txt' is not supported.") + if ActiveSupport::VERSION::MAJOR == 3 + expect(last_response.body).to eq('The requested format 'txt' is not supported.') + else + expect(last_response.body).to eq('The requested format 'txt' is not supported.') + end end end @@ -3524,7 +3528,27 @@ end get '/something' expect(last_response.status).to eq(406) - expect(last_response.body).to eq("{\"error\":\"The requested format 'txt' is not supported.\"}") + if ActiveSupport::VERSION::MAJOR == 3 + expect(last_response.body).to eq('{"error":"The requested format 'txt' is not supported."}') + else + expect(last_response.body).to eq('{"error":"The requested format 'txt' is not supported."}') + end + end + end + + context 'with unsafe HTML format specified' do + it 'escapes the HTML' do + subject.content_type :json, 'application/json' + subject.get '/something' do + 'foo' + end + get '/something?format=<script>blah</script>' + expect(last_response.status).to eq(406) + if ActiveSupport::VERSION::MAJOR == 3 + expect(last_response.body).to eq('The requested format '<script>blah</script>' is not supported.') + else + expect(last_response.body).to eq('The requested format '<script>blah</script>' is not supported.') + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/grape/endpoint_spec.rb new/spec/grape/endpoint_spec.rb --- old/spec/grape/endpoint_spec.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/spec/grape/endpoint_spec.rb 2018-08-04 18:54:31.000000000 +0200 @@ -941,15 +941,15 @@ end end - it 'responds with a 406 for an unsupported content-type' do + it 'responds with a 415 for an unsupported content-type' do subject.format :json # subject.content_type :json, "application/json" subject.put '/request_body' do params[:user] end put '/request_body', '<user>Bobby T.</user>', 'CONTENT_TYPE' => 'application/xml' - expect(last_response.status).to eq(406) - expect(last_response.body).to eq('{"error":"The requested content-type \'application/xml\' is not supported."}') + expect(last_response.status).to eq(415) + expect(last_response.body).to eq('{"error":"The provided content-type \'application/xml\' is not supported."}') end it 'does not accept text/plain in JSON format if application/json is specified as content type' do @@ -960,8 +960,8 @@ end put '/request_body', ::Grape::Json.dump(user: 'Bob'), 'CONTENT_TYPE' => 'text/plain' - expect(last_response.status).to eq(406) - expect(last_response.body).to eq('{"error":"The requested content-type \'text/plain\' is not supported."}') + expect(last_response.status).to eq(415) + expect(last_response.body).to eq('{"error":"The provided content-type \'text/plain\' is not supported."}') end context 'content type with params' do @@ -1493,7 +1493,9 @@ filters: [], type: :after }), have_attributes(name: 'endpoint_run.grape', payload: { endpoint: a_kind_of(Grape::Endpoint), - env: an_instance_of(Hash) }) + env: an_instance_of(Hash) }), + have_attributes(name: 'format_response.grape', payload: { env: an_instance_of(Hash), + formatter: a_kind_of(Module) }) ) # In order that events were initialized @@ -1515,7 +1517,9 @@ have_attributes(name: 'endpoint_render.grape', payload: { endpoint: a_kind_of(Grape::Endpoint) }), have_attributes(name: 'endpoint_run_filters.grape', payload: { endpoint: a_kind_of(Grape::Endpoint), filters: [], - type: :after }) + type: :after }), + have_attributes(name: 'format_response.grape', payload: { env: an_instance_of(Hash), + formatter: a_kind_of(Module) }) ) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/grape/middleware/exception_spec.rb new/spec/grape/middleware/exception_spec.rb --- old/spec/grape/middleware/exception_spec.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/spec/grape/middleware/exception_spec.rb 2018-08-04 18:54:31.000000000 +0200 @@ -192,7 +192,7 @@ end it 'is possible to return errors in jsonapi format' do get '/' - expect(last_response.body).to eq('{"error":"rain!"}') + expect(last_response.body).to eq('{"error":"rain!"}') end end @@ -207,8 +207,8 @@ it 'is possible to return hash errors in jsonapi format' do get '/' - expect(['{"error":"rain!","detail":"missing widget"}', - '{"detail":"missing widget","error":"rain!"}']).to include(last_response.body) + expect(['{"error":"rain!","detail":"missing widget"}', + '{"detail":"missing widget","error":"rain!"}']).to include(last_response.body) end end @@ -258,7 +258,7 @@ end it 'is possible to specify a custom formatter' do get '/' - expect(last_response.body).to eq('{:custom_formatter=>"rain!"}') + expect(last_response.body).to eq('{:custom_formatter=>"rain!"}') end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/grape/middleware/formatter_spec.rb new/spec/grape/middleware/formatter_spec.rb --- old/spec/grape/middleware/formatter_spec.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/spec/grape/middleware/formatter_spec.rb 2018-08-04 18:54:31.000000000 +0200 @@ -224,6 +224,80 @@ context 'input' do %w[POST PATCH PUT DELETE].each do |method| + context 'when body is not nil or empty' do + context 'when Content-Type is supported' do + let(:io) { StringIO.new('{"is_boolean":true,"string":"thing"}') } + let(:content_type) { 'application/json' } + + it "parses the body from #{method} and copies values into rack.request.form_hash" do + subject.call( + 'PATH_INFO' => '/info', + 'REQUEST_METHOD' => method, + 'CONTENT_TYPE' => content_type, + 'rack.input' => io, + 'CONTENT_LENGTH' => io.length + ) + expect(subject.env['rack.request.form_hash']['is_boolean']).to be true + expect(subject.env['rack.request.form_hash']['string']).to eq('thing') + end + end + + context 'when Content-Type is not supported' do + let(:io) { StringIO.new('{"is_boolean":true,"string":"thing"}') } + let(:content_type) { 'application/atom+xml' } + + it 'returns a 415 HTTP error status' do + error = catch(:error) { + subject.call( + 'PATH_INFO' => '/info', + 'REQUEST_METHOD' => method, + 'CONTENT_TYPE' => content_type, + 'rack.input' => io, + 'CONTENT_LENGTH' => io.length + ) + } + expect(error[:status]).to eq(415) + expect(error[:message]).to eq("The provided content-type 'application/atom+xml' is not supported.") + end + end + end + + context 'when body is nil' do + let(:io) { double } + before do + allow(io).to receive_message_chain(:rewind, :read).and_return(nil) + end + + it 'does not read and parse the body' do + expect(subject).not_to receive(:read_rack_input) + subject.call( + 'PATH_INFO' => '/info', + 'REQUEST_METHOD' => method, + 'CONTENT_TYPE' => 'application/json', + 'rack.input' => io, + 'CONTENT_LENGTH' => 0 + ) + end + end + + context 'when body is empty' do + let(:io) { double } + before do + allow(io).to receive_message_chain(:rewind, :read).and_return('') + end + + it 'does not read and parse the body' do + expect(subject).not_to receive(:read_rack_input) + subject.call( + 'PATH_INFO' => '/info', + 'REQUEST_METHOD' => method, + 'CONTENT_TYPE' => 'application/json', + 'rack.input' => io, + 'CONTENT_LENGTH' => 0 + ) + end + end + ['application/json', 'application/json; charset=utf-8'].each do |content_type| context content_type do it "parses the body from #{method} and copies values into rack.request.form_hash" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/spec/grape/validations/params_scope_spec.rb new/spec/grape/validations/params_scope_spec.rb --- old/spec/grape/validations/params_scope_spec.rb 2018-04-24 01:36:45.000000000 +0200 +++ new/spec/grape/validations/params_scope_spec.rb 2018-08-04 18:54:31.000000000 +0200 @@ -479,6 +479,24 @@ end.to_not raise_error end + it 'allows aliasing of dependent parameters' do + subject.params do + optional :a + given :a do + requires :b, as: :c + end + end + + subject.get('/multiple') { declared(params).to_json } + + get '/multiple', a: 'a', b: 'b' + + body = JSON.parse(last_response.body) + + expect(body.keys).to include('c') + expect(body.keys).to_not include('b') + end + it 'does not validate nested requires when given is false' do subject.params do requires :a, type: String, allow_blank: false, values: %w[x y z]
