aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/activerecord/active_record_store_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/activerecord/active_record_store_test.rb')
-rw-r--r--actionpack/test/activerecord/active_record_store_test.rb288
1 files changed, 0 insertions, 288 deletions
diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb
deleted file mode 100644
index 275f25f597..0000000000
--- a/actionpack/test/activerecord/active_record_store_test.rb
+++ /dev/null
@@ -1,288 +0,0 @@
-require 'active_record_unit'
-
-class ActiveRecordStoreTest < ActionDispatch::IntegrationTest
- class TestController < ActionController::Base
- def no_session_access
- head :ok
- end
-
- def set_session_value
- raise "missing session!" unless session
- session[:foo] = params[:foo] || "bar"
- head :ok
- end
-
- def get_session_value
- render :text => "foo: #{session[:foo].inspect}"
- end
-
- def get_session_id
- render :text => "#{request.session_options[:id]}"
- end
-
- def call_reset_session
- session[:foo]
- reset_session
- reset_session if params[:twice]
- session[:foo] = "baz"
- head :ok
- end
-
- def renew
- env["rack.session.options"][:renew] = true
- session[:foo] = "baz"
- head :ok
- end
- end
-
- def setup
- ActiveRecord::SessionStore.session_class.create_table!
- end
-
- def teardown
- ActiveRecord::SessionStore.session_class.drop_table!
- end
-
- %w{ session sql_bypass }.each do |class_name|
- define_method("test_setting_and_getting_session_value_with_#{class_name}_store") do
- with_store class_name do
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
-
- get '/set_session_value', :foo => "baz"
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
- end
- end
- end
-
- define_method("test_renewing_with_#{class_name}_store") do
- with_store class_name do
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/renew'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
- end
- end
- end
- end
-
- def test_getting_nil_session_value
- with_test_route_set do
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body
- end
- end
-
- def test_calling_reset_session_twice_does_not_raise_errors
- with_test_route_set do
- get '/call_reset_session', :twice => "true"
- assert_response :success
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
- end
- end
-
- def test_setting_session_value_after_session_reset
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_id = cookies['_session_id']
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "baz"', response.body
-
- get '/get_session_id'
- assert_response :success
- assert_not_equal session_id, response.body
- end
- end
-
- def test_getting_session_value_after_session_reset
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_cookie = cookies.send(:hash_for)['_session_id']
-
- get '/call_reset_session'
- assert_response :success
- assert_not_equal [], headers['Set-Cookie']
-
- cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from the database"
- end
- end
-
- def test_getting_from_nonexistent_session
- with_test_route_set do
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: nil', response.body
- assert_nil cookies['_session_id'], "should only create session on write, not read"
- end
- end
-
- def test_getting_session_id
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
- session_id = cookies['_session_id']
-
- get '/get_session_id'
- assert_response :success
- assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
- end
- end
-
- def test_doesnt_write_session_cookie_if_session_id_is_already_exists
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
- end
- end
-
- def test_prevents_session_fixation
- with_test_route_set do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
- session_id = cookies['_session_id']
- assert session_id
-
- reset!
-
- get '/get_session_value', :_session_id => session_id
- assert_response :success
- assert_equal 'foo: nil', response.body
- assert_not_equal session_id, cookies['_session_id']
- end
- end
-
- def test_allows_session_fixation
- with_test_route_set(:cookie_only => false) do
- get '/set_session_value'
- assert_response :success
- assert cookies['_session_id']
-
- get '/get_session_value'
- assert_response :success
- assert_equal 'foo: "bar"', response.body
- session_id = cookies['_session_id']
- assert session_id
-
- reset!
-
- get '/set_session_value', :_session_id => session_id, :foo => "baz"
- assert_response :success
- assert_equal session_id, cookies['_session_id']
-
- get '/get_session_value', :_session_id => session_id
- assert_response :success
- assert_equal 'foo: "baz"', response.body
- assert_equal session_id, cookies['_session_id']
- end
- end
-
- def test_incoming_invalid_session_id_via_cookie_should_be_ignored
- with_test_route_set do
- open_session do |sess|
- sess.cookies['_session_id'] = 'INVALID'
-
- sess.get '/set_session_value'
- new_session_id = sess.cookies['_session_id']
- assert_not_equal 'INVALID', new_session_id
-
- sess.get '/get_session_value'
- new_session_id_2 = sess.cookies['_session_id']
- assert_equal new_session_id, new_session_id_2
- end
- end
- end
-
- def test_incoming_invalid_session_id_via_parameter_should_be_ignored
- with_test_route_set(:cookie_only => false) do
- open_session do |sess|
- sess.get '/set_session_value', :_session_id => 'INVALID'
- new_session_id = sess.cookies['_session_id']
- assert_not_equal 'INVALID', new_session_id
-
- sess.get '/get_session_value'
- new_session_id_2 = sess.cookies['_session_id']
- assert_equal new_session_id, new_session_id_2
- end
- end
- end
-
- def test_session_store_with_all_domains
- with_test_route_set(:domain => :all) do
- get '/set_session_value'
- assert_response :success
- end
- end
-
- private
-
- def with_test_route_set(options = {})
- with_routing do |set|
- set.draw do
- get ':action', :to => 'active_record_store_test/test'
- end
-
- @app = self.class.build_app(set) do |middleware|
- middleware.use ActiveRecord::SessionStore, options.reverse_merge(:key => '_session_id')
- middleware.delete "ActionDispatch::ShowExceptions"
- end
-
- yield
- end
- end
-
- def with_store(class_name)
- session_class, ActiveRecord::SessionStore.session_class =
- ActiveRecord::SessionStore.session_class, "ActiveRecord::SessionStore::#{class_name.camelize}".constantize
- yield
- ensure
- ActiveRecord::SessionStore.session_class = session_class
- end
-end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 04:36:44 +0000