aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller')
-rwxr-xr-xactionpack/test/controller/session/cookie_store_test.rb19
-rw-r--r--actionpack/test/controller/session_fixation_test.rb3
2 files changed, 21 insertions, 1 deletions
diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 0084f35dea..b2655c72d9 100755
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -4,6 +4,19 @@ require 'action_controller/cgi_ext'
require 'stringio'
+
+class CGI::Session::CookieStore
+ def ensure_secret_secure_with_test_hax(secret)
+ if secret == CookieStoreTest.default_session_options['secret']
+ return true
+ else
+ ensure_secret_secure_without_test_hax(secret)
+ end
+ end
+ alias_method_chain :ensure_secret_secure, :test_hax
+end
+
+
# Expose for tests.
class CGI
attr_reader :output_cookies, :output_hidden
@@ -49,6 +62,12 @@ class CookieStoreTest < Test::Unit::TestCase
end
end
+ def test_raises_argument_error_if_secret_is_probably_insecure
+ ["password", "secret", "12345678901234567890123456789"].each do |blank|
+ assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank }
+ end
+ end
+
def test_reconfigures_session_to_omit_id_cookie_and_hidden_field
new_session do |session|
assert_equal true, @options['no_hidden']
diff --git a/actionpack/test/controller/session_fixation_test.rb b/actionpack/test/controller/session_fixation_test.rb
index 0b0dce770e..34a7aa2d0d 100644
--- a/actionpack/test/controller/session_fixation_test.rb
+++ b/actionpack/test/controller/session_fixation_test.rb
@@ -1,5 +1,6 @@
require File.dirname(__FILE__) + '/../abstract_unit'
+
class SessionFixationTest < Test::Unit::TestCase
class MockCGI < CGI #:nodoc:
attr_accessor :stdoutput, :env_table
@@ -12,7 +13,7 @@ class SessionFixationTest < Test::Unit::TestCase
end
class TestController < ActionController::Base
- session :session_key => '_myapp_session_id', :secret => 'secret', :except => :default_session_key
+ session :session_key => '_myapp_session_id', :secret => CGI::Session.generate_unique_id, :except => :default_session_key
session :cookie_only => false, :only => :allow_session_fixation
def default_session_key
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 21:25:56 +0000