diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2009-04-20 18:31:22 -0700 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2009-04-20 18:31:40 -0700 |
commit | 685a53a360d0d8fc4a9f3b49f900621c940a71f2 (patch) | |
tree | fa6b38f75a873a21c3e380f1acbab3d019293363 /actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | |
parent | db05c73fb6e2294c576ef9889c70940891682c32 (diff) | |
parent | 164a94d0bc8c9124ab820506e5ad79496395c026 (diff) | |
download | rails-685a53a360d0d8fc4a9f3b49f900621c940a71f2.tar.gz rails-685a53a360d0d8fc4a9f3b49f900621c940a71f2.tar.bz2 rails-685a53a360d0d8fc4a9f3b49f900621c940a71f2.zip |
Merge branch 'master' into cherry
Conflicts:
activesupport/CHANGELOG
activesupport/lib/active_support/core_ext/class/delegating_attributes.rb
activesupport/lib/active_support/core_ext/hash/conversions.rb
activesupport/lib/active_support/core_ext/module/attribute_accessors.rb
activesupport/lib/active_support/core_ext/string/multibyte.rb
activesupport/lib/active_support/core_ext/time/calculations.rb
activesupport/lib/active_support/deprecation.rb
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware/session/abstract_store.rb')
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/session/abstract_store.rb | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb new file mode 100644 index 0000000000..6c039cf62d --- /dev/null +++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb @@ -0,0 +1,181 @@ +require 'rack/utils' + +module ActionDispatch + module Session + class AbstractStore + ENV_SESSION_KEY = 'rack.session'.freeze + ENV_SESSION_OPTIONS_KEY = 'rack.session.options'.freeze + + HTTP_COOKIE = 'HTTP_COOKIE'.freeze + SET_COOKIE = 'Set-Cookie'.freeze + + class SessionHash < Hash + def initialize(by, env) + super() + @by = by + @env = env + @loaded = false + end + + def session_id + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#session_id " + + "has been deprecated. Please use request.session_options[:id] instead.", caller) + @env[ENV_SESSION_OPTIONS_KEY][:id] + end + + def [](key) + load! unless @loaded + super + end + + def []=(key, value) + load! unless @loaded + super + end + + def to_hash + h = {}.replace(self) + h.delete_if { |k,v| v.nil? } + h + end + + def data + ActiveSupport::Deprecation.warn( + "ActionController::Session::AbstractStore::SessionHash#data " + + "has been deprecated. Please use #to_hash instead.", caller) + to_hash + end + + def inspect + load! unless @loaded + super + end + + private + def loaded? + @loaded + end + + def load! + stale_session_check! do + id, session = @by.send(:load_session, @env) + (@env[ENV_SESSION_OPTIONS_KEY] ||= {})[:id] = id + replace(session) + @loaded = true + end + end + + def stale_session_check! + yield + rescue ArgumentError => argument_error + if argument_error.message =~ %r{undefined class/module ([\w:]*\w)} + begin + # Note that the regexp does not allow $1 to end with a ':' + $1.constantize + rescue LoadError, NameError => const_error + raise ActionController::SessionRestoreError, "Session contains objects whose class definition isn\\'t available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: \#{const_error.message} [\#{const_error.class}])\n" + end + + retry + else + raise + end + end + end + + DEFAULT_OPTIONS = { + :key => '_session_id', + :path => '/', + :domain => nil, + :expire_after => nil, + :secure => false, + :httponly => true, + :cookie_only => true + } + + def initialize(app, options = {}) + # Process legacy CGI options + options = options.symbolize_keys + if options.has_key?(:session_path) + options[:path] = options.delete(:session_path) + end + if options.has_key?(:session_key) + options[:key] = options.delete(:session_key) + end + if options.has_key?(:session_http_only) + options[:httponly] = options.delete(:session_http_only) + end + + @app = app + @default_options = DEFAULT_OPTIONS.merge(options) + @key = @default_options[:key] + @cookie_only = @default_options[:cookie_only] + end + + def call(env) + session = SessionHash.new(self, env) + + env[ENV_SESSION_KEY] = session + env[ENV_SESSION_OPTIONS_KEY] = @default_options.dup + + response = @app.call(env) + + session_data = env[ENV_SESSION_KEY] + options = env[ENV_SESSION_OPTIONS_KEY] + + if !session_data.is_a?(AbstractStore::SessionHash) || session_data.send(:loaded?) || options[:expire_after] + session_data.send(:load!) if session_data.is_a?(AbstractStore::SessionHash) && !session_data.send(:loaded?) + + sid = options[:id] || generate_sid + + unless set_session(env, sid, session_data.to_hash) + return response + end + + cookie = Rack::Utils.escape(@key) + '=' + Rack::Utils.escape(sid) + cookie << "; domain=#{options[:domain]}" if options[:domain] + cookie << "; path=#{options[:path]}" if options[:path] + if options[:expire_after] + expiry = Time.now + options[:expire_after] + cookie << "; expires=#{expiry.httpdate}" + end + cookie << "; Secure" if options[:secure] + cookie << "; HttpOnly" if options[:httponly] + + headers = response[1] + unless headers[SET_COOKIE].blank? + headers[SET_COOKIE] << "\n#{cookie}" + else + headers[SET_COOKIE] = cookie + end + end + + response + end + + private + def generate_sid + ActiveSupport::SecureRandom.hex(16) + end + + def load_session(env) + request = Rack::Request.new(env) + sid = request.cookies[@key] + unless @cookie_only + sid ||= request.params[@key] + end + sid, session = get_session(env, sid) + [sid, session] + end + + def get_session(env, sid) + raise '#get_session needs to be implemented.' + end + + def set_session(env, sid, session_data) + raise '#set_session needs to be implemented.' + end + end + end +end |