1 files changed, 104 insertions, 14 deletions

diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index 0f145666d1..19a98a4054 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -1,12 +1,5 @@
 require 'abstract_unit'
-
-begin
-  require 'openssl'
-  OpenSSL::PKCS5
-rescue LoadError, NameError
-  $stderr.puts "Skipping KeyGenerator test: broken OpenSSL install"
-else
-
+require 'openssl'
 require 'active_support/key_generator'
 require 'active_support/message_verifier'
 
@@ -21,6 +14,16 @@ class CookiesTest < ActionController::TestCase
     end
   end
 
+  class JSONWrapper
+    def initialize(obj)
+      @obj = obj
+    end
+
+    def as_json(options = nil)
+      "wrapped: #{@obj.as_json(options)}"
+    end
+  end
+
   class TestController < ActionController::Base
     def authenticate
       cookies["user_name"] = "david"
@@ -85,6 +88,11 @@ class CookiesTest < ActionController::TestCase
       head :ok
     end
 
+    def set_wrapped_signed_cookie
+      cookies.signed[:user_id] = JSONWrapper.new(45)
+      head :ok
+    end
+
     def get_signed_cookie
       cookies.signed[:user_id]
       head :ok
@@ -95,6 +103,11 @@ class CookiesTest < ActionController::TestCase
       head :ok
     end
 
+    def set_wrapped_encrypted_cookie
+      cookies.encrypted[:foo] = JSONWrapper.new('bar')
+      head :ok
+    end
+
     def get_encrypted_cookie
       cookies.encrypted[:foo]
       head :ok
@@ -132,11 +145,21 @@ class CookiesTest < ActionController::TestCase
       head :ok
     end
 
+    def set_cookie_with_domain_all_as_string
+      cookies[:user_name] = {:value => "rizwanreza", :domain => 'all'}
+      head :ok
+    end
+
     def delete_cookie_with_domain
       cookies.delete(:user_name, :domain => :all)
       head :ok
     end
 
+    def delete_cookie_with_domain_all_as_string
+      cookies.delete(:user_name, :domain => 'all')
+      head :ok
+    end
+
     def set_cookie_with_domain_and_tld
       cookies[:user_name] = {:value => "rizwanreza", :domain => :all, :tld_length => 2}
       head :ok
@@ -186,7 +209,7 @@ class CookiesTest < ActionController::TestCase
 
   def setup
     super
-    @request.env["action_dispatch.key_generator"] = ActiveSupport::KeyGenerator.new("b3c631c314c0bbca50c1b2843150fe33")
+    @request.env["action_dispatch.key_generator"] = ActiveSupport::KeyGenerator.new("b3c631c314c0bbca50c1b2843150fe33", iterations: 2)
     @request.env["action_dispatch.signed_cookie_salt"] = "b3c631c314c0bbca50c1b2843150fe33"
     @request.env["action_dispatch.encrypted_cookie_salt"] = "b3c631c314c0bbca50c1b2843150fe33"
     @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "b3c631c314c0bbca50c1b2843150fe33"
@@ -263,7 +286,7 @@ class CookiesTest < ActionController::TestCase
   def test_setting_the_same_value_to_permanent_cookie
     request.cookies[:user_name] = 'Jamie'
     get :set_permanent_cookie
-    assert_equal response.cookies, 'user_name' => 'Jamie'
+    assert_equal({'user_name' => 'Jamie'}, response.cookies)
   end
 
   def test_setting_with_escapable_characters
@@ -369,6 +392,35 @@ class CookiesTest < ActionController::TestCase
     assert_equal 'Jamie', @controller.send(:cookies).permanent[:user_name]
   end
 
+  def test_signed_cookie_using_default_digest
+    get :set_signed_cookie
+    cookies = @controller.send :cookies
+    assert_not_equal 45, cookies[:user_id]
+    assert_equal 45, cookies.signed[:user_id]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
+    secret = key_generator.generate_key(signed_cookie_salt)
+
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA1')
+    assert_equal verifier.generate(45), cookies[:user_id]
+  end
+
+  def test_signed_cookie_using_custom_digest
+    @request.env["action_dispatch.cookies_digest"] = 'SHA256'
+    get :set_signed_cookie
+    cookies = @controller.send :cookies
+    assert_not_equal 45, cookies[:user_id]
+    assert_equal 45, cookies.signed[:user_id]
+
+    key_generator = @request.env["action_dispatch.key_generator"]
+    signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
+    secret = key_generator.generate_key(signed_cookie_salt)
+
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA256')
+    assert_equal verifier.generate(45), cookies[:user_id]
+  end
+
   def test_signed_cookie_using_default_serializer
     get :set_signed_cookie
     cookies = @controller.send :cookies
@@ -392,6 +444,14 @@ class CookiesTest < ActionController::TestCase
     assert_equal 45, cookies.signed[:user_id]
   end
 
+  def test_wrapped_signed_cookie_using_json_serializer
+    @request.env["action_dispatch.cookies_serializer"] = :json
+    get :set_wrapped_signed_cookie
+    cookies = @controller.send :cookies
+    assert_not_equal 'wrapped: 45', cookies[:user_id]
+    assert_equal 'wrapped: 45', cookies.signed[:user_id]
+  end
+
   def test_signed_cookie_using_custom_serializer
     @request.env["action_dispatch.cookies_serializer"] = CustomSerializer
     get :set_signed_cookie
@@ -437,7 +497,7 @@ class CookiesTest < ActionController::TestCase
     assert_nil @response.cookies["user_id"]
   end
 
-  def test_accessing_nonexistant_signed_cookie_should_not_raise_an_invalid_signature
+  def test_accessing_nonexistent_signed_cookie_should_not_raise_an_invalid_signature
     get :set_signed_cookie
     assert_nil @controller.send(:cookies).signed[:non_existant_attribute]
   end
@@ -474,6 +534,17 @@ class CookiesTest < ActionController::TestCase
     assert_equal 'bar', cookies.encrypted[:foo]
   end
 
+  def test_wrapped_encrypted_cookie_using_json_serializer
+    @request.env["action_dispatch.cookies_serializer"] = :json
+    get :set_wrapped_encrypted_cookie
+    cookies = @controller.send :cookies
+    assert_not_equal 'wrapped: bar', cookies[:foo]
+    assert_raises ::JSON::ParserError do
+      cookies.signed[:foo]
+    end
+    assert_equal 'wrapped: bar', cookies.encrypted[:foo]
+  end
+
   def test_encrypted_cookie_using_custom_serializer
     @request.env["action_dispatch.cookies_serializer"] = CustomSerializer
     get :set_encrypted_cookie
@@ -481,6 +552,27 @@ class CookiesTest < ActionController::TestCase
     assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo]
   end
 
+  def test_encrypted_cookie_using_custom_digest
+    @request.env["action_dispatch.cookies_digest"] = 'SHA256'
+    get :set_encrypted_cookie
+    cookies = @controller.send :cookies
+    assert_not_equal 'bar', cookies[:foo]
+    assert_equal 'bar', cookies.encrypted[:foo]
+
+    sign_secret = @request.env["action_dispatch.key_generator"].generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
+
+    sha1_verifier   = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: 'SHA1')
+    sha256_verifier = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: 'SHA256')
+
+    assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
+      sha1_verifier.verify(cookies[:foo])
+    end
+
+    assert_nothing_raised do
+      sha256_verifier.verify(cookies[:foo])
+    end
+  end
+
   def test_encrypted_cookie_using_hybrid_serializer_can_migrate_marshal_dumped_value_to_json
     @request.env["action_dispatch.cookies_serializer"] = :hybrid
 
@@ -523,7 +615,7 @@ class CookiesTest < ActionController::TestCase
     assert_nil @response.cookies["foo"]
   end
 
-  def test_accessing_nonexistant_encrypted_cookie_should_not_raise_invalid_message
+  def test_accessing_nonexistent_encrypted_cookie_should_not_raise_invalid_message
     get :set_encrypted_cookie
     assert_nil @controller.send(:cookies).encrypted[:non_existant_attribute]
   end
@@ -1066,5 +1158,3 @@ class CookiesTest < ActionController::TestCase
       end
     end
 end
-
-end