diff options
Diffstat (limited to 'actionpack/test/controller')
| -rw-r--r-- | actionpack/test/controller/cookie_test.rb | 55 | ||||
| -rw-r--r-- | actionpack/test/controller/flash_test.rb | 11 |
2 files changed, 64 insertions, 2 deletions
diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 4971866e7c..f65eda5c69 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -58,6 +58,17 @@ class CookieTest < ActionController::TestCase head :ok end + def raise_data_overflow + cookies.signed[:foo] = 'bye!' * 1024 + head :ok + end + + def tampered_cookies + cookies[:tampered] = "BAh7BjoIZm9vIghiYXI%3D--123456780" + cookies.signed[:tampered] + head :ok + end + def set_permanent_signed_cookie cookies.permanent.signed[:remember_me] = 100 head :ok @@ -74,7 +85,7 @@ class CookieTest < ActionController::TestCase def setup super - @request.env["action_dispatch.secret_token"] = "thisISverySECRET123" + @request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33" @request.host = "www.nextangle.com" end @@ -163,6 +174,48 @@ class CookieTest < ActionController::TestCase assert_equal({"user_name" => "david"}, @response.cookies) end + def test_raise_data_overflow + assert_raise(ActionDispatch::Cookies::CookieOverflow) do + get :raise_data_overflow + end + end + + def test_tampered_cookies + assert_nothing_raised do + get :tampered_cookies + assert_response :success + end + end + + def test_raises_argument_error_if_missing_secret + assert_raise(ArgumentError, nil.inspect) { + @request.env["action_dispatch.secret_token"] = nil + get :set_signed_cookie + } + + assert_raise(ArgumentError, ''.inspect) { + @request.env["action_dispatch.secret_token"] = "" + get :set_signed_cookie + } + end + + def test_raises_argument_error_if_secret_is_probably_insecure + assert_raise(ArgumentError, "password".inspect) { + @request.env["action_dispatch.secret_token"] = "password" + get :set_signed_cookie + } + + assert_raise(ArgumentError, "secret".inspect) { + @request.env["action_dispatch.secret_token"] = "secret" + get :set_signed_cookie + } + + assert_raise(ArgumentError, "12345678901234567890123456789".inspect) { + @request.env["action_dispatch.secret_token"] = "12345678901234567890123456789" + get :set_signed_cookie + } + end + private def assert_cookie_header(expected) header = @response.headers["Set-Cookie"] diff --git a/actionpack/test/controller/flash_test.rb b/actionpack/test/controller/flash_test.rb index c662ce264b..01c8fd90a5 100644 --- a/actionpack/test/controller/flash_test.rb +++ b/actionpack/test/controller/flash_test.rb @@ -237,10 +237,19 @@ class FlashIntegrationTest < ActionController::IntegrationTest end private + + # Overwrite get to send SessionSecret in env hash + def get(path, parameters = nil, env = {}) + env["action_dispatch.secret_token"] ||= SessionSecret + super + end + def with_test_route_set with_routing do |set| set.draw do |map| - match ':action', :to => ActionDispatch::Session::CookieStore.new(FlashIntegrationTest::TestController, :key => FlashIntegrationTest::SessionKey, :secret => FlashIntegrationTest::SessionSecret) + match ':action', :to => ActionDispatch::Session::CookieStore.new( + FlashIntegrationTest::TestController, :key => SessionKey, :secret => SessionSecret + ) end yield end |