diff options
| author | Carlhuda <carlhuda@engineyard.com> | 2010-03-04 15:06:25 -0800 |
|---|---|---|
| committer | Carlhuda <carlhuda@engineyard.com> | 2010-03-04 16:05:52 -0800 |
| commit | e311622e7b20b3fdeab6a93418c8a45c6e7137b6 (patch) | |
| tree | a0b7ce433c1ce65da2bc5e9fdb9e8d70753537da /actionpack/lib/action_controller | |
| parent | 48bb3b3904806abaea7c62961559c03e689dd12f (diff) | |
| download | rails-e311622e7b20b3fdeab6a93418c8a45c6e7137b6.tar.gz rails-e311622e7b20b3fdeab6a93418c8a45c6e7137b6.tar.bz2 rails-e311622e7b20b3fdeab6a93418c8a45c6e7137b6.zip | |
Deprecated ActionController::Base.session_options= and ActionController::Base.session_store= in favor of a config.session_store method (which takes params) and a config.cookie_secret variable, which is used in various secret scenarios. The old AC::Base options will continue to work with deprecation warnings.
Diffstat (limited to 'actionpack/lib/action_controller')
4 files changed, 18 insertions, 37 deletions
diff --git a/actionpack/lib/action_controller/deprecated/base.rb b/actionpack/lib/action_controller/deprecated/base.rb index 7aa2a34d37..34f8f4a822 100644 --- a/actionpack/lib/action_controller/deprecated/base.rb +++ b/actionpack/lib/action_controller/deprecated/base.rb @@ -78,10 +78,23 @@ module ActionController Rails.application.config.action_dispatch.ip_spoofing_check = value end + def session(*args) + ActiveSupport::Deprecation.warn( + "Disabling sessions for a single controller has been deprecated. " + + "Sessions are now lazy loaded. So if you don't access them, " + + "consider them off. You can still modify the session cookie " + + "options with request.session_options.", caller) + end + def session=(value) ActiveSupport::Deprecation.warn "ActionController::Base.session= is deprecated. " << - "Please configure it on your application with config.action_dispatch.session=", caller - Rails.application.config.action_dispatch.session = value.delete(:disabled) ? nil : value + "Please configure it on your application with config.session_store :cookie_store, :key => '....'", caller + if value.delete(:disabled) + Rails.application.config.session_store :disabled + else + store = Rails.application.config.session_store + Rails.application.config.session_store store, value + end end # Controls the resource action separator diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb index afa7674e40..f1355a83a3 100644 --- a/actionpack/lib/action_controller/metal/http_authentication.rb +++ b/actionpack/lib/action_controller/metal/http_authentication.rb @@ -165,7 +165,7 @@ module ActionController # Authenticate with HTTP Digest, returns true or false def authenticate_with_http_digest(realm = "Application", &password_procedure) - HttpAuthentication::Digest.authenticate(config.session_options[:secret], request, realm, &password_procedure) + HttpAuthentication::Digest.authenticate(config.secret, request, realm, &password_procedure) end # Render output including the HTTP Digest authentication header @@ -238,7 +238,7 @@ module ActionController end def authentication_header(controller, realm) - secret_key = controller.config.session_options[:secret] + secret_key = controller.config.secret nonce = self.nonce(secret_key) opaque = opaque(secret_key) controller.headers["WWW-Authenticate"] = %(Digest realm="#{realm}", qop="auth", algorithm=MD5, nonce="#{nonce}", opaque="#{opaque}") diff --git a/actionpack/lib/action_controller/metal/session_management.rb b/actionpack/lib/action_controller/metal/session_management.rb index 1ea22b7b28..91d89ff9a4 100644 --- a/actionpack/lib/action_controller/metal/session_management.rb +++ b/actionpack/lib/action_controller/metal/session_management.rb @@ -2,38 +2,8 @@ module ActionController #:nodoc: module SessionManagement #:nodoc: extend ActiveSupport::Concern - included do - # This is still needed for the session secret for some reason. - self.config.session_options ||= {} - end - - def self.session_store_for(store) - case store - when :active_record_store - ActiveRecord::SessionStore - when Symbol - ActionDispatch::Session.const_get(store.to_s.camelize) - else - store - end - end - module ClassMethods - def session_options - config.session_options - end - - def session_store - SessionManagement.session_store_for(config.session_store) - end - def session(*args) - ActiveSupport::Deprecation.warn( - "Disabling sessions for a single controller has been deprecated. " + - "Sessions are now lazy loaded. So if you don't access them, " + - "consider them off. You can still modify the session cookie " + - "options with request.session_options.", caller) - end end end end diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 031df9423f..e9edf80451 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -49,11 +49,9 @@ module ActionController ac.assets_dir = paths.public.to_a.first ac.javascripts_dir = paths.public.javascripts.to_a.first ac.stylesheets_dir = paths.public.stylesheets.to_a.first + ac.secret = app.config.cookie_secret ActionController::Base.config.replace(ac) - # app.config.action_controller.each do |k,v| - # ActionController::Base.send "#{k}=", v - # end end initializer "action_controller.initialize_framework_caches" do |