diff options
author | Kasper Timm Hansen <kaspth@gmail.com> | 2019-08-05 03:57:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-05 03:57:08 +0200 |
commit | 4f235e9a86d4589f2081f971e5e66d42586333bb (patch) | |
tree | b555b83df541e5fb6b050691f616a9d0c3e6c145 /actionpack/test/dispatch | |
parent | 3d1f6feda2f04f0a3e7a9592142ebe559ea1120a (diff) | |
parent | 27db230bd105e77e27375033ddcb487ef481686b (diff) | |
download | rails-4f235e9a86d4589f2081f971e5e66d42586333bb.tar.gz rails-4f235e9a86d4589f2081f971e5e66d42586333bb.tar.bz2 rails-4f235e9a86d4589f2081f971e5e66d42586333bb.zip |
Merge pull request #36537 from quadule/fix-cookie-rotation-hash-pollution
Fix cookie modification during rotation
Diffstat (limited to 'actionpack/test/dispatch')
-rw-r--r-- | actionpack/test/dispatch/cookies_test.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index d129fa717d..e4d4792de6 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -893,6 +893,19 @@ class CookiesTest < ActionController::TestCase assert_equal 45, encryptor.decrypt_and_verify(@response.cookies["foo"]) end + def test_cookie_with_hash_value_not_modified_by_rotation + @request.env["action_dispatch.signed_cookie_digest"] = "SHA256" + @request.env["action_dispatch.cookies_rotations"].rotate :signed, digest: "SHA1" + + key_generator = @request.env["action_dispatch.key_generator"] + old_secret = key_generator.generate_key(@request.env["action_dispatch.signed_cookie_salt"]) + old_value = ActiveSupport::MessageVerifier.new(old_secret).generate(bar: "baz") + + @request.headers["Cookie"] = "foo=#{old_value}" + get :get_signed_cookie + assert_equal({ bar: "baz" }, @controller.send(:cookies).signed[:foo]) + end + def test_cookie_with_all_domain_option get :set_cookie_with_domain assert_response :success |