diff options
Diffstat (limited to 'actionpack/test/controller/session/cookie_store_test.rb')
-rwxr-xr-x | actionpack/test/controller/session/cookie_store_test.rb | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index 0084f35dea..b2655c72d9 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -4,6 +4,19 @@ require 'action_controller/cgi_ext' require 'stringio' + +class CGI::Session::CookieStore + def ensure_secret_secure_with_test_hax(secret) + if secret == CookieStoreTest.default_session_options['secret'] + return true + else + ensure_secret_secure_without_test_hax(secret) + end + end + alias_method_chain :ensure_secret_secure, :test_hax +end + + # Expose for tests. class CGI attr_reader :output_cookies, :output_hidden @@ -49,6 +62,12 @@ class CookieStoreTest < Test::Unit::TestCase end end + def test_raises_argument_error_if_secret_is_probably_insecure + ["password", "secret", "12345678901234567890123456789"].each do |blank| + assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank } + end + end + def test_reconfigures_session_to_omit_id_cookie_and_hidden_field new_session do |session| assert_equal true, @options['no_hidden'] |