diff options
-rw-r--r-- | actionpack/lib/action_dispatch/middleware/cookies.rb | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 41c4523ecb..e6b799cb2f 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -150,7 +150,7 @@ module ActionDispatch # cookies.permanent.signed[:remember_me] = current_user.id # # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT def permanent - @permanent ||= PermanentCookieJar.new(self, @request) + @permanent ||= PermanentCookieJar.new(self) end # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from @@ -171,9 +171,9 @@ module ActionDispatch def signed @signed ||= if upgrade_legacy_signed_cookies? - UpgradeLegacySignedCookieJar.new(self, @request) + UpgradeLegacySignedCookieJar.new(self) else - SignedCookieJar.new(self, @request) + SignedCookieJar.new(self) end end @@ -194,9 +194,9 @@ module ActionDispatch def encrypted @encrypted ||= if upgrade_legacy_signed_cookies? - UpgradeLegacyEncryptedCookieJar.new(self, @request) + UpgradeLegacyEncryptedCookieJar.new(self) else - EncryptedCookieJar.new(self, @request) + EncryptedCookieJar.new(self) end end @@ -204,21 +204,25 @@ module ActionDispatch # Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores. def signed_or_encrypted @signed_or_encrypted ||= - if @request.secret_key_base.present? + if request.secret_key_base.present? encrypted else signed end end + protected + + def request; @parent_jar.request; end + private def upgrade_legacy_signed_cookies? - @request.secret_token.present? && @request.secret_key_base.present? + request.secret_token.present? && request.secret_key_base.present? end def key_generator - @request.key_generator + request.key_generator end end @@ -229,7 +233,7 @@ module ActionDispatch module VerifyAndUpgradeLegacySignedMessage # :nodoc: def initialize(*args) super - @legacy_verifier = ActiveSupport::MessageVerifier.new(@request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer) + @legacy_verifier = ActiveSupport::MessageVerifier.new(request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer) end def verify_and_upgrade_legacy_signed_message(name, signed_message) @@ -264,6 +268,8 @@ module ActionDispatch end end + attr_reader :request + def initialize(request) @set_cookies = {} @delete_cookies = {} @@ -316,12 +322,12 @@ module ActionDispatch # if host is not ip and matches domain regexp # (ip confirms to domain regexp so we explicitly check for ip) - options[:domain] = if (@request.host !~ /^[\d.]+$/) && (@request.host =~ domain_regexp) + options[:domain] = if (request.host !~ /^[\d.]+$/) && (request.host =~ domain_regexp) ".#{$&}" end elsif options[:domain].is_a? Array # if host matches one of the supplied domains without a dot in front of it - options[:domain] = options[:domain].find {|domain| @request.host.include? domain.sub(/^\./, '') } + options[:domain] = options[:domain].find {|domain| request.host.include? domain.sub(/^\./, '') } end end @@ -390,16 +396,15 @@ module ActionDispatch private def write_cookie?(cookie) - @request.ssl? || !cookie[:secure] || always_write_cookie + request.ssl? || !cookie[:secure] || always_write_cookie end end class PermanentCookieJar #:nodoc: include ChainedCookieJars - def initialize(parent_jar, request) + def initialize(parent_jar) @parent_jar = parent_jar - @request = request end def [](name) @@ -433,7 +438,7 @@ module ActionDispatch protected def needs_migration?(value) - @request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE) + request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE) end def serialize(value) @@ -453,7 +458,7 @@ module ActionDispatch end def serializer - serializer = @request.cookies_serializer || :marshal + serializer = request.cookies_serializer || :marshal case serializer when :marshal Marshal @@ -465,7 +470,7 @@ module ActionDispatch end def digest - @request.cookies_digest || 'SHA1' + request.cookies_digest || 'SHA1' end end @@ -473,9 +478,8 @@ module ActionDispatch include ChainedCookieJars include SerializedCookieJars - def initialize(parent_jar, request) + def initialize(parent_jar) @parent_jar = parent_jar - @request = request secret = key_generator.generate_key(request.signed_cookie_salt) @verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer) end @@ -528,15 +532,14 @@ module ActionDispatch include ChainedCookieJars include SerializedCookieJars - def initialize(parent_jar, request) - @request = request + def initialize(parent_jar) + @parent_jar = parent_jar if ActiveSupport::LegacyKeyGenerator === key_generator raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " + "Read the upgrade documentation to learn more about this new config option." end - @parent_jar = parent_jar secret = key_generator.generate_key(request.encrypted_cookie_salt || '') sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '') @encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer) |