aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorEdouard CHIN <edouard.chin@shopify.com>2019-02-01 16:00:33 -0500
committerEdouard CHIN <edouard.chin@shopify.com>2019-02-04 14:25:17 +0100
commit5c668309122e708f304aad959b6328bcaf586e31 (patch)
tree3d1c11e6b41ad0881c8fcf1ede0bba1ec5924346 /actionpack
parentcaf8dbc1591c64ae4fd9253a714903710f46f7ce (diff)
downloadrails-5c668309122e708f304aad959b6328bcaf586e31.tar.gz
rails-5c668309122e708f304aad959b6328bcaf586e31.tar.bz2
rails-5c668309122e708f304aad959b6328bcaf586e31.zip
Cookie doesn't expire anymore unless a flag is set:
- There is a regression in 6.0 introduced by #32937 where cookie doesn't expire anymore unless the new `use_cookies_with_metadata` configuration is set to `true`. This causes issue for app migration from 5.2 to 6.0 because the `use_cookies_with_metadata` flag can't be set to true until all servers are running on 6.0. Here is a small reproduction script that you can run in the console ```ruby ActionDispatch::Cookies request = ActionDispatch::Request.empty request.env["action_dispatch.key_generator"] = ActiveSupport::KeyGenerator.new('1234567890') request.env["action_dispatch.signed_cookie_salt"] = 'signed cookie' request.env["action_dispatch.cookies_rotations"] = ActiveSupport::Messages::RotationConfiguration.new request.env["action_dispatch.use_authenticated_cookie_encryption"] = true signed_cookie = request.cookie_jar.signed signed_cookie[:foobar] = { value: '123', expires: 1.day.ago } p signed_cookie[:foobar] ```
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb9
-rw-r--r--actionpack/test/dispatch/cookies_test.rb11
2 files changed, 4 insertions, 16 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index cb28baa229..1611a8b3dd 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -488,13 +488,8 @@ module ActionDispatch
end
def cookie_metadata(name, options)
- if request.use_cookies_with_metadata
- metadata = expiry_options(options)
- metadata[:purpose] = "cookie.#{name}"
-
- metadata
- else
- {}
+ expiry_options(options).tap do |metadata|
+ metadata[:purpose] = "cookie.#{name}" if request.use_cookies_with_metadata
end
end
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index 8f9dbaf4b3..4aaac1320e 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -1193,11 +1193,7 @@ class CookiesTest < ActionController::TestCase
get :encrypted_discount_and_user_id_cookie
travel 2.hours
- assert_equal 50, cookies.encrypted[:user_id]
-
- cookies[:discount_percentage] = cookies[:user_id]
- assert_not_equal 10, cookies.encrypted[:discount_percentage]
- assert_equal 50, cookies.encrypted[:discount_percentage]
+ assert_nil cookies.signed[:user_id]
end
def test_switch_off_metadata_for_signed_cookies_if_config_is_false
@@ -1206,11 +1202,8 @@ class CookiesTest < ActionController::TestCase
get :signed_discount_and_user_id_cookie
travel 2.hours
- assert_equal 50, cookies.signed[:user_id]
- cookies[:discount_percentage] = cookies[:user_id]
- assert_not_equal 10, cookies.signed[:discount_percentage]
- assert_equal 50, cookies.signed[:discount_percentage]
+ assert_nil cookies.signed[:user_id]
end
def test_read_rails_5_2_stable_encrypted_cookies_if_config_is_false