diff options
| author | Pelle Braendgaard <pelleb@gmail.com> | 2008-09-16 09:22:11 -0700 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2008-09-17 13:20:16 +0200 |
| commit | 7ecb9689b03335ec28958c506b083390f4212d45 (patch) | |
| tree | e359e86f989b0c9a27f9bafba68c5ba6cd9f01bc /actionpack/test | |
| parent | c47525a58397851895b25f7c1bba06b30b0f6b5d (diff) | |
| download | rails-7ecb9689b03335ec28958c506b083390f4212d45.tar.gz rails-7ecb9689b03335ec28958c506b083390f4212d45.tar.bz2 rails-7ecb9689b03335ec28958c506b083390f4212d45.zip | |
Added support for http_only cookies in cookie_store Added unit tests for secure and http_only cookies in cookie_store
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1046 state:committed]
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/session/cookie_store_test.rb | 53 |
1 files changed, 52 insertions, 1 deletions
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 5adaeaf5c5..010c00fa14 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -36,7 +36,9 @@ class CookieStoreTest < Test::Unit::TestCase 'session_key' => '_myapp_session', 'secret' => 'Keep it secret; keep it safe.', 'no_cookies' => true, - 'no_hidden' => true } + 'no_hidden' => true, + 'session_http_only' => true + } end def self.cookies @@ -149,6 +151,48 @@ class CookieStoreTest < Test::Unit::TestCase assert_equal 1, session.cgi.output_cookies.size cookie = session.cgi.output_cookies.first assert_cookie cookie, cookie_value(:flashed) + assert_http_only_cookie cookie + assert_secure_cookie cookie, false + end + end + + def test_writes_non_secure_cookie_by_default + set_cookie! cookie_value(:typical) + new_session do |session| + session['flash'] = {} + session.close + cookie = session.cgi.output_cookies.first + assert_secure_cookie cookie,false + end + end + + def test_writes_secure_cookie + set_cookie! cookie_value(:typical) + new_session('session_secure'=>true) do |session| + session['flash'] = {} + session.close + cookie = session.cgi.output_cookies.first + assert_secure_cookie cookie + end + end + + def test_http_only_cookie_by_default + set_cookie! cookie_value(:typical) + new_session do |session| + session['flash'] = {} + session.close + cookie = session.cgi.output_cookies.first + assert_http_only_cookie cookie + end + end + + def test_overides_http_only_cookie + set_cookie! cookie_value(:typical) + new_session('session_http_only'=>false) do |session| + session['flash'] = {} + session.close + cookie = session.cgi.output_cookies.first + assert_http_only_cookie cookie, false end end @@ -195,6 +239,13 @@ class CookieStoreTest < Test::Unit::TestCase assert_equal expires, cookie.expires ? cookie.expires.to_date : cookie.expires, message end + def assert_secure_cookie(cookie,value=true) + assert cookie.secure==value + end + + def assert_http_only_cookie(cookie,value=true) + assert cookie.http_only==value + end def cookies(*which) self.class.cookies.values_at(*which) |