diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-10-31 01:06:46 -0200 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-03 14:57:53 -0200 |
| commit | 60609bb50d5b99d78a01a945a539cccd061cd7e7 (patch) | |
| tree | 22bffef099ab1f5ef1eb7b1ac4a97c7f2b6c49ee /railties/test | |
| parent | fa0aebf320995a598c5bffda729aed4429681f3a (diff) | |
| download | rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.gz rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.tar.bz2 rails-60609bb50d5b99d78a01a945a539cccd061cd7e7.zip | |
Sign cookies using key deriver
Diffstat (limited to 'railties/test')
| -rw-r--r-- | railties/test/application/configuration_test.rb | 24 | ||||
| -rw-r--r-- | railties/test/application/url_generation_test.rb | 2 | ||||
| -rw-r--r-- | railties/test/isolation/abstract_unit.rb | 4 |
3 files changed, 25 insertions, 5 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index c4c1100f19..daf9dd3505 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -225,9 +225,9 @@ module ApplicationTests assert_equal Pathname.new(app_path).join("somewhere"), Rails.public_path end - test "config.secret_token is sent in env" do + test "config.secret_token_key is sent in env" do make_basic_app do |app| - app.config.secret_token = 'b3c631c314c0bbca50c1b2843150fe33' + app.config.secret_token_key = 'b3c631c314c0bbca50c1b2843150fe33' app.config.session_store :disabled end @@ -242,6 +242,26 @@ module ApplicationTests assert_equal 'b3c631c314c0bbca50c1b2843150fe33', last_response.body end + test "Use key_generator when secret_token_key is set" do + make_basic_app do |app| + app.config.secret_token_key = 'b3c631c314c0bbca50c1b2843150fe33' + app.config.session_store :disabled + end + + class ::OmgController < ActionController::Base + def index + cookies.signed[:some_key] = "some_value" + render text: cookies[:some_key] + end + end + + get "/" + + secret = app.key_generator.generate_key('signed cookie') + verifier = ActiveSupport::MessageVerifier.new(secret) + assert_equal 'some_value', verifier.verify(last_response.body) + end + test "protect from forgery is the default in a new app" do make_basic_app diff --git a/railties/test/application/url_generation_test.rb b/railties/test/application/url_generation_test.rb index 2a48adae5c..fb83659b0c 100644 --- a/railties/test/application/url_generation_test.rb +++ b/railties/test/application/url_generation_test.rb @@ -14,7 +14,7 @@ module ApplicationTests require "action_controller/railtie" class MyApp < Rails::Application - config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + config.secret_token_key = "3b7cd727ee24e8444053437c36cc66c4" config.session_store :cookie_store, key: "_myapp_session" config.active_support.deprecation = :log config.eager_load = false diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index e59488f97d..2c92f2ded5 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -119,7 +119,7 @@ module TestHelpers add_to_config <<-RUBY config.eager_load = false - config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + config.secret_token_key = "3b7cd727ee24e8444053437c36cc66c4" config.session_store :cookie_store, key: "_myapp_session" config.active_support.deprecation = :log config.action_controller.allow_forgery_protection = false @@ -138,7 +138,7 @@ module TestHelpers app = Class.new(Rails::Application) app.config.eager_load = false - app.config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + app.config.secret_token_key = "3b7cd727ee24e8444053437c36cc66c4" app.config.session_store :cookie_store, key: "_myapp_session" app.config.active_support.deprecation = :log |