Add encrypted cookie store

author: Santiago Pastorino <santiago@wyeworks.com> 2012-10-30 18:12:23 -0200
committer: Santiago Pastorino <santiago@wyeworks.com> 2012-11-03 14:57:54 -0200
commit: fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1 (patch)
tree: 5b106a4db62c0e13f0ace00c8785e48b78b0d070 /railties/test/application
parent: 38c40dbbc1de5837a05d762be95e69105acc929c (diff)
download: rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.tar.gz
rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.tar.bz2
rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.zip
1 files changed, 51 insertions, 0 deletions
diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index 5ce41caf61..b1a19d590c 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -128,5 +128,56 @@ module ApplicationTests
       get '/foo/read_cookie'   # Cookie shouldn't be changed
       assert_equal '"1"', last_response.body
     end
+
+    test "session using encrypted cookie store" do
+      app_file 'config/routes.rb', <<-RUBY
+        AppTemplate::Application.routes.draw do
+          get ':controller(/:action)'
+        end
+      RUBY
+
+      controller :foo, <<-RUBY
+        class FooController < ActionController::Base
+          def write_session
+            session[:foo] = 1
+            render nothing: true
+          end
+
+          def read_session
+            render text: session[:foo]
+          end
+
+          def read_encrypted_cookie
+            render text: cookies.encrypted[:_myapp_session]['foo']
+          end
+
+          def read_raw_cookie
+            render text: cookies[:_myapp_session]
+          end
+        end
+      RUBY
+
+      add_to_config <<-RUBY
+        config.session_store :encrypted_cookie_store, key: '_myapp_session'
+        config.action_dispatch.derive_signed_cookie_key = true
+      RUBY
+
+      require "#{app_path}/config/environment"
+
+      get '/foo/write_session'
+      get '/foo/write_session'
+      get '/foo/read_session'
+      assert_equal '1', last_response.body
+
+      get '/foo/read_encrypted_cookie'
+      assert_equal '1', last_response.body
+
+      secret = app.key_generator.generate_key('encrypted cookie')
+      sign_secret = app.key_generator.generate_key('signed encrypted cookie')
+      encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
+
+      get '/foo/read_raw_cookie'
+      assert_equal 1, encryptor.decrypt_and_verify(last_response.body)['foo']
+    end
   end
 end
author	Santiago Pastorino <santiago@wyeworks.com>	2012-10-30 18:12:23 -0200
committer	Santiago Pastorino <santiago@wyeworks.com>	2012-11-03 14:57:54 -0200
commit	fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1 (patch)
tree	5b106a4db62c0e13f0ace00c8785e48b78b0d070 /railties/test/application
parent	38c40dbbc1de5837a05d762be95e69105acc929c (diff)
download	rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.tar.gz rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.tar.bz2 rails-fb0cea2b8cf61cde1aa4c640b56e896fbe308aa1.zip