diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-15 12:17:25 -0800 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-11-15 12:17:25 -0800 |
| commit | ef8b845de7e06077131297a398cb7f4e81d6bb08 (patch) | |
| tree | b1e54d87132a561f1a5ad4b61a2eea28de4b26dc /railties/test | |
| parent | cf3eb6dab0e89ea6b64b9bdb24d4df3e8006da7b (diff) | |
| parent | d63783983f8c03d5c624938081615579dcc753f7 (diff) | |
| download | rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.tar.gz rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.tar.bz2 rails-ef8b845de7e06077131297a398cb7f4e81d6bb08.zip | |
Merge pull request #8112 from rails/encrypted_cookies
Encrypted cookies
Diffstat (limited to 'railties/test')
| -rw-r--r-- | railties/test/abstract_unit.rb | 1 | ||||
| -rw-r--r-- | railties/test/application/configuration_test.rb | 12 | ||||
| -rw-r--r-- | railties/test/application/middleware/remote_ip_test.rb | 4 | ||||
| -rw-r--r-- | railties/test/application/middleware/session_test.rb | 51 | ||||
| -rw-r--r-- | railties/test/application/url_generation_test.rb | 2 | ||||
| -rw-r--r-- | railties/test/generators/app_generator_test.rb | 2 | ||||
| -rw-r--r-- | railties/test/isolation/abstract_unit.rb | 4 |
7 files changed, 66 insertions, 10 deletions
diff --git a/railties/test/abstract_unit.rb b/railties/test/abstract_unit.rb index dfcf5aa27d..2ea1d2aff4 100644 --- a/railties/test/abstract_unit.rb +++ b/railties/test/abstract_unit.rb @@ -14,5 +14,6 @@ require 'rails/all' module TestApp class Application < Rails::Application config.root = File.dirname(__FILE__) + config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' end end diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index c4c1100f19..b9d18f4582 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -225,21 +225,24 @@ module ApplicationTests assert_equal Pathname.new(app_path).join("somewhere"), Rails.public_path end - test "config.secret_token is sent in env" do + test "Use key_generator when secret_key_base is set" do make_basic_app do |app| - app.config.secret_token = 'b3c631c314c0bbca50c1b2843150fe33' + app.config.secret_key_base = 'b3c631c314c0bbca50c1b2843150fe33' app.config.session_store :disabled end class ::OmgController < ActionController::Base def index cookies.signed[:some_key] = "some_value" - render text: env["action_dispatch.secret_token"] + render text: cookies[:some_key] end end get "/" - assert_equal 'b3c631c314c0bbca50c1b2843150fe33', last_response.body + + secret = app.key_generator.generate_key('signed cookie') + verifier = ActiveSupport::MessageVerifier.new(secret) + assert_equal 'some_value', verifier.verify(last_response.body) end test "protect from forgery is the default in a new app" do @@ -568,7 +571,6 @@ module ApplicationTests assert_respond_to app, :env_config assert_equal app.env_config['action_dispatch.parameter_filter'], app.config.filter_parameters - assert_equal app.env_config['action_dispatch.secret_token'], app.config.secret_token assert_equal app.env_config['action_dispatch.show_exceptions'], app.config.action_dispatch.show_exceptions assert_equal app.env_config['action_dispatch.logger'], Rails.logger assert_equal app.env_config['action_dispatch.backtrace_cleaner'], Rails.backtrace_cleaner diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb index 9d97bae9ae..fde13eeb94 100644 --- a/railties/test/application/middleware/remote_ip_test.rb +++ b/railties/test/application/middleware/remote_ip_test.rb @@ -1,4 +1,6 @@ require 'isolation/abstract_unit' +# FIXME remove DummyKeyGenerator and this require in 4.1 +require 'active_support/key_generator' module ApplicationTests class RemoteIpTest < ActiveSupport::TestCase @@ -8,7 +10,7 @@ module ApplicationTests remote_ip = nil env = Rack::MockRequest.env_for("/").merge(env).merge!( 'action_dispatch.show_exceptions' => false, - 'action_dispatch.secret_token' => 'b3c631c314c0bbca50c1b2843150fe33' + 'action_dispatch.key_generator' => ActiveSupport::DummyKeyGenerator.new('b3c631c314c0bbca50c1b2843150fe33') ) endpoint = Proc.new do |e| diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb index 5ce41caf61..b1a19d590c 100644 --- a/railties/test/application/middleware/session_test.rb +++ b/railties/test/application/middleware/session_test.rb @@ -128,5 +128,56 @@ module ApplicationTests get '/foo/read_cookie' # Cookie shouldn't be changed assert_equal '"1"', last_response.body end + + test "session using encrypted cookie store" do + app_file 'config/routes.rb', <<-RUBY + AppTemplate::Application.routes.draw do + get ':controller(/:action)' + end + RUBY + + controller :foo, <<-RUBY + class FooController < ActionController::Base + def write_session + session[:foo] = 1 + render nothing: true + end + + def read_session + render text: session[:foo] + end + + def read_encrypted_cookie + render text: cookies.encrypted[:_myapp_session]['foo'] + end + + def read_raw_cookie + render text: cookies[:_myapp_session] + end + end + RUBY + + add_to_config <<-RUBY + config.session_store :encrypted_cookie_store, key: '_myapp_session' + config.action_dispatch.derive_signed_cookie_key = true + RUBY + + require "#{app_path}/config/environment" + + get '/foo/write_session' + get '/foo/write_session' + get '/foo/read_session' + assert_equal '1', last_response.body + + get '/foo/read_encrypted_cookie' + assert_equal '1', last_response.body + + secret = app.key_generator.generate_key('encrypted cookie') + sign_secret = app.key_generator.generate_key('signed encrypted cookie') + encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret) + + get '/foo/read_raw_cookie' + assert_equal 1, encryptor.decrypt_and_verify(last_response.body)['foo'] + end end end diff --git a/railties/test/application/url_generation_test.rb b/railties/test/application/url_generation_test.rb index 2a48adae5c..0905757442 100644 --- a/railties/test/application/url_generation_test.rb +++ b/railties/test/application/url_generation_test.rb @@ -14,7 +14,7 @@ module ApplicationTests require "action_controller/railtie" class MyApp < Rails::Application - config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4" config.session_store :cookie_store, key: "_myapp_session" config.active_support.deprecation = :log config.eager_load = false diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 62e1f3531e..5ea31f2e0f 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -341,7 +341,7 @@ class AppGeneratorTest < Rails::Generators::TestCase def test_new_hash_style run_generator [destination_root] assert_file "config/initializers/session_store.rb" do |file| - assert_match(/config.session_store :cookie_store, key: '_.+_session'/, file) + assert_match(/config.session_store :encrypted_cookie_store, key: '_.+_session'/, file) end end diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index e59488f97d..0cb65f8e0d 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -119,7 +119,7 @@ module TestHelpers add_to_config <<-RUBY config.eager_load = false - config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4" config.session_store :cookie_store, key: "_myapp_session" config.active_support.deprecation = :log config.action_controller.allow_forgery_protection = false @@ -138,7 +138,7 @@ module TestHelpers app = Class.new(Rails::Application) app.config.eager_load = false - app.config.secret_token = "3b7cd727ee24e8444053437c36cc66c4" + app.config.secret_key_base = "3b7cd727ee24e8444053437c36cc66c4" app.config.session_store :cookie_store, key: "_myapp_session" app.config.active_support.deprecation = :log |