diff options
| author | Michael Coyne <mikeycgto@gmail.com> | 2017-09-23 17:18:01 -0400 |
|---|---|---|
| committer | Michael Coyne <mikeycgto@gmail.com> | 2017-09-24 12:23:38 -0400 |
| commit | 8b0af54bbe5ab8b598e980013dd53a50d819b636 (patch) | |
| tree | 05c883f46d687c0483db2313185420804e13c4c7 /actionpack/test/controller | |
| parent | 39f8ca64cec8667b66628e970211b4d18abbc373 (diff) | |
| download | rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.tar.gz rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.tar.bz2 rails-8b0af54bbe5ab8b598e980013dd53a50d819b636.zip | |
Add key rotation cookies middleware
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
Diffstat (limited to 'actionpack/test/controller')
| -rw-r--r-- | actionpack/test/controller/flash_test.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/actionpack/test/controller/flash_test.rb b/actionpack/test/controller/flash_test.rb index d92ae0b817..34bc2c0caa 100644 --- a/actionpack/test/controller/flash_test.rb +++ b/actionpack/test/controller/flash_test.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true require "abstract_unit" -require "active_support/key_generator" +require "active_support/messages/rotation_configuration" class FlashTest < ActionController::TestCase class TestController < ActionController::Base @@ -243,6 +243,7 @@ end class FlashIntegrationTest < ActionDispatch::IntegrationTest SessionKey = "_myapp_session" Generator = ActiveSupport::LegacyKeyGenerator.new("b3c631c314c0bbca50c1b2843150fe33") + Rotations = ActiveSupport::Messages::RotationConfiguration.new class TestController < ActionController::Base add_flash_types :bar @@ -348,6 +349,7 @@ class FlashIntegrationTest < ActionDispatch::IntegrationTest args[0] ||= {} args[0][:env] ||= {} args[0][:env]["action_dispatch.key_generator"] ||= Generator + args[0][:env]["action_dispatch.cookies_rotations"] = Rotations super(path, *args) end diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 12ae95d602..eb3d2f34a8 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -2,6 +2,7 @@ require "abstract_unit" require "active_support/log_subscriber/test_helper" +require "active_support/messages/rotation_configuration" # common controller actions module RequestForgeryProtectionActions @@ -630,13 +631,14 @@ end class RequestForgeryProtectionControllerUsingNullSessionTest < ActionController::TestCase class NullSessionDummyKeyGenerator - def generate_key(secret) + def generate_key(secret, length = nil) "03312270731a2ed0d11ed091c2338a06" end end def setup @request.env[ActionDispatch::Cookies::GENERATOR_KEY] = NullSessionDummyKeyGenerator.new + @request.env[ActionDispatch::Cookies::COOKIES_ROTATIONS] = ActiveSupport::Messages::RotationConfiguration.new end test "should allow to set signed cookies" do |