diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-03-03 13:54:54 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-03-03 13:54:54 +0000 |
commit | f254831e8309ce6ec74cc30a46a68bb5c2ffb6df (patch) | |
tree | 50655d01d9c96902597a8e0249e0174a5c47d96b /actionpack/test | |
parent | a0563bf7b07f218f23c7f46e2fdb4c5c0fd7d488 (diff) | |
download | rails-f254831e8309ce6ec74cc30a46a68bb5c2ffb6df.tar.gz rails-f254831e8309ce6ec74cc30a46a68bb5c2ffb6df.tar.bz2 rails-f254831e8309ce6ec74cc30a46a68bb5c2ffb6df.zip |
Cookie store: use OpenSSL::HMAC instead of basic hash. Introduce :secret block and :digest option.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6296 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/test')
-rwxr-xr-x | actionpack/test/controller/session/cookie_store_test.rb | 70 |
1 files changed, 49 insertions, 21 deletions
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 8c1cb7a986..6d98821cfd 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -18,19 +18,19 @@ class CGI end class CookieStoreTest < Test::Unit::TestCase - DefaultSessionOptions = { - 'database_manager' => CGI::Session::CookieStore, - 'session_key' => '_myapp_session', - 'secret' => 'Keep it secret; keep it safe.', - 'no_cookies' => true, - 'no_hidden' => true - } + def self.default_session_options + { 'database_manager' => CGI::Session::CookieStore, + 'session_key' => '_myapp_session', + 'secret' => 'Keep it secret; keep it safe.', + 'no_cookies' => true, + 'no_hidden' => true } + end - module Cookies - EMPTY = ['BAh7AA%3D%3D--fda6e506d1cc14a1d8e97fd3f5abf77e756ff2d987b069e5f9b0fbadb62ca6fb3cf523e8dfc61464dd98d7bd2d675e0713ce54226f428e521b4c5d21d2389eae', {}] - A_ONE = ['BAh7BiIGYWkG--8dfd099b297a60f6742933b1217b81e91c50237eedd8b25f3ce47b86394e14de3b17128225ba984e7d8660f7777e33979b8d98091dc87400be8c54ebbfdbe599', { 'a' => 1 }] - TYPICAL = ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--251fa4706464e87bcb90c76a27a1dee2410ff81a1ba9903f9760263ad44e739a42d0a5d5d7229087ddb4b3e1d6b956a6c4f6a2f8dcb5a5b281a342fed12d38c0', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}] - FLASHED = ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--a574ffd23d744c363f94a75b449d02dd619fd9409978ea0a2797c98dc638bff9fe0f9cacb2106b1610f0731b386416bcca6e11e031b7885719ba8c956dfd6f2c', { 'user_id' => 123, 'flash' => {} }] + def self.cookies + { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], + :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], + :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] } end def setup @@ -59,7 +59,7 @@ class CookieStoreTest < Test::Unit::TestCase end def test_restore_unmarshals_good_cookies - [Cookies::EMPTY, Cookies::A_ONE, Cookies::TYPICAL].each do |value, expected| + cookies(:empty, :a_one, :typical).each do |value, expected| set_cookie! value new_session do |session| assert_nil session['lazy loads the data hash'] @@ -85,7 +85,7 @@ class CookieStoreTest < Test::Unit::TestCase end def test_close_doesnt_write_cookie_if_data_is_unchanged - set_cookie! Cookies::TYPICAL.first + set_cookie! cookie_value(:typical) new_session do |session| assert_no_cookies session session['user_id'] = session['user_id'] @@ -95,7 +95,7 @@ class CookieStoreTest < Test::Unit::TestCase end def test_close_raises_when_data_overflows - set_cookie! Cookies::EMPTY.first + set_cookie! cookie_value(:empty) new_session do |session| session['overflow'] = 'bye!' * 1024 assert_raise(CGI::Session::CookieStore::CookieOverflow) { session.close } @@ -104,7 +104,7 @@ class CookieStoreTest < Test::Unit::TestCase end def test_close_marshals_and_writes_cookie - set_cookie! Cookies::TYPICAL.first + set_cookie! cookie_value(:typical) new_session do |session| assert_no_cookies session session['flash'] = {} @@ -112,14 +112,12 @@ class CookieStoreTest < Test::Unit::TestCase session.close assert_equal 1, session.cgi.output_cookies.size cookie = session.cgi.output_cookies.first - assert_equal ['_myapp_session', [Cookies::FLASHED.first]], - [cookie.name, cookie.value] - assert_cookie cookie, Cookies::FLASHED.first + assert_cookie cookie, cookie_value(:flashed) end end def test_delete_writes_expired_empty_cookie_and_sets_data_to_nil - set_cookie! Cookies::TYPICAL.first + set_cookie! cookie_value(:typical) new_session do |session| assert_no_cookies session session.delete @@ -148,6 +146,15 @@ class CookieStoreTest < Test::Unit::TestCase assert_equal expires, cookie.expires ? cookie.expires.to_date : cookie.expires, message end + + def cookies(*which) + self.class.cookies.values_at(*which) + end + + def cookie_value(which) + self.class.cookies[which].first + end + def set_cookie!(value) ENV['HTTP_COOKIE'] = "_myapp_session=#{value}" end @@ -157,7 +164,7 @@ class CookieStoreTest < Test::Unit::TestCase assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}" assert_nil cgi.output_cookies, "Output cookies should be empty: #{cgi.output_cookies.inspect}" - @options = DefaultSessionOptions.merge(options) + @options = self.class.default_session_options.merge(options) session = CGI::Session.new(cgi, @options) assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}" @@ -179,3 +186,24 @@ class CookieStoreTest < Test::Unit::TestCase $stdin = old_stdin end end + + +class CookieStoreWithBlockAsSecretTest < CookieStoreTest + def self.default_session_options + CookieStoreTest.default_session_options.merge 'secret' => Proc.new { 'Keep it secret; keep it safe.' } + end +end + + +class CookieStoreWithMD5DigestTest < CookieStoreTest + def self.default_session_options + CookieStoreTest.default_session_options.merge 'digest' => 'MD5' + end + + def self.cookies + { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], + :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], + :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }] } + end +end |