Remove, and fix tests.

build.savant

@@ -29,7 +29,7 @@ logbackVersion = "1.4.14"
 slf4jVersion = "2.0.13"
 testngVersion = "7.8.0"
 
-project(group: "org.primeframework", name: "prime-mvc", version: "4.26.1", licenses: ["ApacheV2_0"]) {
+project(group: "org.primeframework", name: "prime-mvc", version: "5.0.0", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       // Dependency resolution order:

prime-mvc.ipr

@@ -105,6 +105,7 @@
       <inspection_tool class="SizeReplaceableByIsEmpty" enabled="true" level="WARNING" enabled_by_default="true">
         <option name="ignoredTypes">
           <set>
+            <option value="java.lang.String" />
             <option value="java.util.List" />
           </set>
         </option>
@@ -544,7 +545,7 @@
           <fileSet type="namedScope" name="control-templates" pattern="file[prime-mvc]:src/main/ftl/WEB-INF/control-templates/*" />
         </list>
       </option>
-      <DB2CodeStyleSettings version="6">
+      <DB2CodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -584,7 +585,7 @@
         <option name="EXPR_CASE_THEN_WRAP" value="true" />
         <option name="PRIMARY_KEY_NAME_TEMPLATE" value="{table}_{columns}_pk" />
       </DB2CodeStyleSettings>
-      <DerbyCodeStyleSettings version="6">
+      <DerbyCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -628,7 +629,7 @@
         <option name="CLASS_COUNT_TO_USE_IMPORT_ON_DEMAND" value="9999" />
         <option name="NAMES_COUNT_TO_USE_IMPORT_ON_DEMAND" value="9999" />
       </GroovyCodeStyleSettings>
-      <H2CodeStyleSettings version="6">
+      <H2CodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -668,7 +669,7 @@
         <option name="EXPR_CASE_THEN_WRAP" value="true" />
         <option name="PRIMARY_KEY_NAME_TEMPLATE" value="{table}_{columns}_pk" />
       </H2CodeStyleSettings>
-      <HSQLCodeStyleSettings version="6">
+      <HSQLCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -732,7 +733,7 @@
         <option name="JD_PRESERVE_LINE_FEEDS" value="true" />
         <option name="JD_INDENT_ON_CONTINUATION" value="true" />
       </JavaCodeStyleSettings>
-      <MSSQLCodeStyleSettings version="6">
+      <MSSQLCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -775,7 +776,7 @@
       <MarkdownNavigatorCodeStyleSettings>
         <option name="WRAP_ON_TYPING" value="0" />
       </MarkdownNavigatorCodeStyleSettings>
-      <MySQLCodeStyleSettings version="6">
+      <MySQLCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -815,7 +816,7 @@
         <option name="EXPR_CASE_THEN_WRAP" value="true" />
         <option name="PRIMARY_KEY_NAME_TEMPLATE" value="{table}_{columns}_pk" />
       </MySQLCodeStyleSettings>
-      <OracleCodeStyleSettings version="6">
+      <OracleCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -861,7 +862,7 @@
         <option name="PHPDOC_BLANK_LINES_AROUND_PARAMETERS" value="true" />
         <option name="PHPDOC_WRAP_LONG_LINES" value="true" />
       </PHPCodeStyleSettings>
-      <PostgresCodeStyleSettings version="6">
+      <PostgresCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -904,7 +905,7 @@
       <Properties>
         <option name="KEEP_BLANK_LINES" value="true" />
       </Properties>
-      <SQLiteCodeStyleSettings version="6">
+      <SQLiteCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -947,7 +948,7 @@
       <ScalaCodeStyleSettings>
         <option name="MULTILINE_STRING_CLOSING_QUOTES_ON_NEW_LINE" value="true" />
       </ScalaCodeStyleSettings>
-      <SqlCodeStyleSettings version="6">
+      <SqlCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />
@@ -1012,7 +1013,7 @@
         <option name="WRAP_PARENTHESIZED_EXPRESSION_INSIDE_VALUES" value="0" />
         <option name="NEW_LINE_AFTER_SELECT_ITEM" value="false" />
       </SqlCodeStyleSettings>
-      <SybaseCodeStyleSettings version="6">
+      <SybaseCodeStyleSettings version="7">
         <option name="KEYWORD_CASE" value="2" />
         <option name="TYPE_CASE" value="2" />
         <option name="CUSTOM_TYPE_CASE" value="2" />

src/main/ftl/control-templates/button.ftl

@@ -1,9 +1,6 @@
 [#ftl/]
 [#import "_macros.ftl" as macros/]
 [@macros.dynamic_attributes attrs=dynamicAttributes name=attributes['name']/]
-[#if actionURI??]
-<input type="hidden" name="__a_${attributes['name']}" value="${actionURI}"/>
-[/#if]
 <div class="[@macros.class attrs=attributes name="button-button" input=false/]">
 <div class="label-container"> </div>
 <div class="control-container"><input type="button"[@macros.append_attributes attributes=attributes excludes=[]/]/></div>

src/main/ftl/control-templates/image.ftl

@@ -1,9 +1,6 @@
 [#ftl/]
 [#import "_macros.ftl" as macros/]
 [@macros.dynamic_attributes attrs=dynamicAttributes name=attributes['name']/]
-[#if actionURI??]
-<input type="hidden" name="__a_${attributes['name']}" value="${actionURI}"/>
-[/#if]
 <div class="[@macros.class attrs=attributes name="image-button" input=false/]">
 <div class="label-container"> </div>
 <div class="control-container"><input type="image"[@macros.append_attributes attributes=attributes excludes=[]/]/></div>

src/main/ftl/control-templates/submit.ftl

@@ -1,7 +1,6 @@
 [#ftl/]
 [#import "_macros.ftl" as macros/]
 [@macros.dynamic_attributes attrs=dynamicAttributes name=attributes['name']/]
-<input type="hidden" name="__a_${attributes['name']}" value="${(actionURI!'')}"/>
 <div class="[@macros.class attrs=attributes name="submit-button" input=false/]">
 <div class="label-container"> </div>
 <div class="control-container"><input type="submit"[@macros.append_attributes attributes=attributes excludes=[]/]/></div>

src/main/java/org/primeframework/mvc/action/DefaultActionMappingWorkflow.java

@@ -16,7 +16,6 @@
 package org.primeframework.mvc.action;
 
 import java.io.IOException;
-import java.util.Set;
 
 import com.codahale.metrics.Meter;
 import com.codahale.metrics.MetricRegistry;
@@ -26,10 +25,8 @@
 import io.fusionauth.http.server.HTTPRequest;
 import io.fusionauth.http.server.HTTPResponse;
 import org.primeframework.mvc.NotAllowedException;
-import org.primeframework.mvc.config.MVCConfiguration;
 import org.primeframework.mvc.http.HTTPTools;
 import org.primeframework.mvc.http.Status;
-import org.primeframework.mvc.parameter.DefaultParameterParser;
 import org.primeframework.mvc.parameter.InternalParameters;
 import org.primeframework.mvc.workflow.WorkflowChain;
 import org.slf4j.Logger;
@@ -48,8 +45,6 @@ public class DefaultActionMappingWorkflow implements ActionMappingWorkflow {
 
   private final ActionMapper actionMapper;
 
-  private final MVCConfiguration configuration;
-
   private final HTTPRequest request;
 
   private final HTTPResponse response;
@@ -58,12 +53,11 @@ public class DefaultActionMappingWorkflow implements ActionMappingWorkflow {
 
   @Inject
   public DefaultActionMappingWorkflow(HTTPRequest request, HTTPResponse response, ActionInvocationStore actionInvocationStore,
-                                      ActionMapper actionMapper, MVCConfiguration configuration) {
+                                      ActionMapper actionMapper) {
     this.request = request;
     this.response = response;
     this.actionInvocationStore = actionInvocationStore;
     this.actionMapper = actionMapper;
-    this.configuration = configuration;
   }
 
   /**
@@ -146,35 +140,11 @@ public void perform(WorkflowChain chain) throws IOException {
   }
 
   private String determineURI() {
-    String uri = null;
-    Set<String> keys = request.getParameters().keySet();
-    for (String key : keys) {
-      if (key.startsWith(DefaultParameterParser.ACTION_PREFIX)) {
-        if (configuration.allowAlternateFormAction()) {
-          String actionParameterName = key.substring(4);
-          String actionParameterValue = request.getParameter(key);
-          if (request.getParameter(actionParameterName) != null && actionParameterValue.trim().length() > 0) {
-            uri = actionParameterValue;
-
-            // Handle relative URIs
-            if (!uri.startsWith("/")) {
-              String requestURI = HTTPTools.getRequestURI(request);
-              int index = requestURI.lastIndexOf('/');
-              if (index >= 0) {
-                uri = requestURI.substring(0, index) + "/" + uri;
-              }
-            }
-          }
-        }
-      }
+    String uri = HTTPTools.getRequestURI(request);
+    if (!uri.startsWith("/")) {
+      uri = "/" + uri;
     }
 
-    if (uri == null) {
-      uri = HTTPTools.getRequestURI(request);
-      if (!uri.startsWith("/")) {
-        uri = "/" + uri;
-      }
-    }
     return uri;
   }
 }

src/main/java/org/primeframework/mvc/config/AbstractMVCConfiguration.java

@@ -40,8 +40,6 @@ public abstract class AbstractMVCConfiguration implements MVCConfiguration {
 
   public static final long MAX_SIZE = 1024000;
 
-  public boolean allowAlternateFormAction;
-
   public boolean autoHTMLEscapingEnabled = true;
 
   public String controlTemplateDirectory = "control-templates";
@@ -78,11 +76,6 @@ public abstract class AbstractMVCConfiguration implements MVCConfiguration {
 
   public List<Class<? extends Annotation>> unwrapAnnotations = Collections.singletonList(FieldUnwrapped.class);
 
-  @Override
-  public boolean allowAlternateFormAction() {
-    return allowAlternateFormAction;
-  }
-
   @Override
   public boolean autoHTMLEscapingEnabled() {
     return autoHTMLEscapingEnabled;

src/main/java/org/primeframework/mvc/config/MVCConfiguration.java

@@ -22,7 +22,6 @@
 import java.util.Set;
 
 import io.fusionauth.http.Cookie.SameSite;
-import org.primeframework.mvc.parameter.DefaultParameterParser;
 import org.primeframework.mvc.parameter.el.ExpressionEvaluator;
 
 /**
@@ -32,13 +31,6 @@
  * @author Brian Pontarelli
  */
 public interface MVCConfiguration {
-  /**
-   * In most cases you should leave this disabled. While it may be useful, modifying the URI may have un-intended security consequences.
-   *
-   * @return true if alternate form actions can be specified by using the {@link DefaultParameterParser#ACTION_PREFIX} prefix.
-   */
-  boolean allowAlternateFormAction();
-
   /**
    * @return true if unknown parameters should be allowed, false if they are not allowed.
    */

src/main/java/org/primeframework/mvc/parameter/DefaultParameterParser.java

@@ -46,8 +46,6 @@
  * @author Brian Pontarelli
  */
 public class DefaultParameterParser implements ParameterParser {
-  public static final String ACTION_PREFIX = "__a_";
-
   public static final String CHECKBOX_PREFIX = "__cb_";
 
   public static final String RADIOBUTTON_PREFIX = "__rb_";
@@ -165,8 +163,6 @@ private void separateParameters(Map<String, List<String>> parameters, Parameters
         checkBoxes.put(key.substring(CHECKBOX_PREFIX.length()), parameters.get(key));
       } else if (key.startsWith(RADIOBUTTON_PREFIX)) {
         radioButtons.put(key.substring(RADIOBUTTON_PREFIX.length()), parameters.get(key));
-      } else if (key.startsWith(ACTION_PREFIX)) {
-        actions.add(key.substring(ACTION_PREFIX.length()));
       } else {
         int index = key.indexOf('@');
         String parameter = (index > 0) ? key.substring(0, index) : key;

src/test/java/org/primeframework/mvc/GlobalTest.java

@@ -77,7 +77,6 @@
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertSame;
 import static org.testng.Assert.assertTrue;
-import static org.testng.AssertJUnit.assertFalse;
 import static org.testng.FileAssert.fail;
 
 /**
@@ -617,7 +616,7 @@ public Object[][] get_freemarker_escape_parameters() {
   public void get_fullFormWithAllAttributes() throws Exception {
     simulator.test("/user/full-form")
              .get()
-             .assertBodyFile(Path.of("src/test/resources/html/full-form.html"));
+             .assertBody(Files.readString(Path.of("src/test/resources/html/full-form.html")).trim());
   }
 
   @Test
@@ -793,7 +792,7 @@ public void get_message_callback() throws Exception {
   public void get_metrics() throws Exception {
     simulator.test("/user/full-form")
              .get()
-             .assertBodyFile(Path.of("src/test/resources/html/full-form.html"));
+             .assertBody(Files.readString(Path.of("src/test/resources/html/full-form.html")).trim());
 
     Map<String, Timer> timers = metricRegistry.getTimers();
     assertEquals(timers.get("prime-mvc.[/user/full-form].requests").getCount(), 1);
@@ -1177,27 +1176,6 @@ public void get_unknownParameters() throws Exception {
                                  ));
   }
 
-  @Test
-  public void get_url_rewrite() {
-    // Disabled by default
-    simulator.test("/doesNotExist?__a_foo=/user/edit&foo=true")
-             .get()
-             .assertStatusCode(404)
-             .assertContainsNoFieldMessages()
-             .assertBodyContains("The page is missing!");
-    assertFalse(EditAction.getCalled);
-
-    configuration.allowAlternateFormAction = true;
-    simulator.test("/doesNotExist?__a_foo=/user/edit&foo=true")
-             .get()
-             .assertStatusCode(200)
-             .assertContainsNoFieldMessages()
-             .assertBodyContains("""
-                                     <head><title>Edit a user</title></head>
-                                     """);
-    assertTrue(EditAction.getCalled);
-  }
-
   @Test
   public void get_wellKnownDotPrefixed() throws Exception {
     test.simulate(() -> simulator.test("/.well-known/openid-configuration")

src/test/java/org/primeframework/mvc/PrimeBaseTest.java

@@ -202,9 +202,6 @@ public void beforeMethod() {
     // Reset allowUnknownParameters
     configuration.allowUnknownParameters = false;
 
-    // Reset allow alternate form action
-    configuration.allowAlternateFormAction = false;
-
     // Reset the call count on the invocation finalizer
     MockMVCWorkflowFinalizer.Called.set(0);
 

src/test/java/org/primeframework/mvc/StaticResourceTest.java

@@ -39,7 +39,7 @@ public void get_classpath_resolution() {
              .assertStatusCode(200)
              .assertContentType("content/unknown")
              .assertBodyContains("[#ftl/]")
-             .assertContentLength(470);
+             .assertContentLength(368);
 
     // We used to ignore .class URIs by default. We still do, but no longer explicitly. The class path resolution rejects everything by default.
     // - Ensure we can't look this up w/out modifying the filter.