diff options
Diffstat (limited to 'actionpack/test/controller/session/cookie_store_test.rb')
| -rw-r--r-- | actionpack/test/controller/session/cookie_store_test.rb | 43 |
1 files changed, 36 insertions, 7 deletions
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index b48a8c3830..9b3f9afb0d 100644 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -24,13 +24,17 @@ class CookieStoreTest < ActionController::IntegrationTest def set_session_value session[:foo] = "bar" - render :text => Verifier.generate(session.to_hash) + render :text => Rack::Utils.escape(Verifier.generate(session.to_hash)) end def get_session_value render :text => "foo: #{session[:foo].inspect}" end + def get_session_id + render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}" + end + def call_reset_session reset_session head :ok @@ -93,7 +97,7 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/set_session_value' assert_response :success - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], + assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", headers['Set-Cookie'] end end @@ -107,6 +111,20 @@ class CookieStoreTest < ActionController::IntegrationTest end end + def test_getting_session_id + with_test_route_set do + cookies[SessionKey] = SignedBar + get '/persistent_session_id' + assert_response :success + assert_equal response.body.size, 32 + session_id = response.body + + get '/get_session_id' + assert_response :success + assert_equal "foo: \"bar\"; id: #{session_id}", response.body + end + end + def test_disregards_tampered_sessions with_test_route_set do cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780" @@ -128,7 +146,7 @@ class CookieStoreTest < ActionController::IntegrationTest with_test_route_set do get '/no_session_access' assert_response :success - assert_equal [], headers['Set-Cookie'] + assert_equal "", headers['Set-Cookie'] end end @@ -138,7 +156,7 @@ class CookieStoreTest < ActionController::IntegrationTest "fef868465920f415f2c0652d6910d3af288a0367" get '/no_session_access' assert_response :success - assert_equal [], headers['Set-Cookie'] + assert_equal "", headers['Set-Cookie'] end end @@ -147,7 +165,7 @@ class CookieStoreTest < ActionController::IntegrationTest get '/set_session_value' assert_response :success session_payload = response.body - assert_equal ["_myapp_session=#{response.body}; path=/; httponly"], + assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", headers['Set-Cookie'] get '/call_reset_session' @@ -192,7 +210,8 @@ class CookieStoreTest < ActionController::IntegrationTest assert_response :success cookie_body = response.body - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", + headers['Set-Cookie'] # Second request does not access the session time = Time.local(2008, 4, 25) @@ -202,7 +221,8 @@ class CookieStoreTest < ActionController::IntegrationTest get '/no_session_access' assert_response :success - assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", + headers['Set-Cookie'] end end @@ -217,4 +237,13 @@ class CookieStoreTest < ActionController::IntegrationTest yield end end + + def unmarshal_session(cookie_string) + session = Rack::Utils.parse_query(cookie_string, ';,').inject({}) {|h,(k,v)| + h[k] = Array === v ? v.first : v + h + }[SessionKey] + verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1') + verifier.verify(session) + end end |