1 files changed, 151 insertions, 138 deletions

diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
index c7194cde4a..6dcd62572a 100644
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@@ -1,7 +1,7 @@
-require 'abstract_unit'
-require 'openssl'
-require 'active_support/key_generator'
-require 'active_support/message_verifier'
+require "abstract_unit"
+require "openssl"
+require "active_support/key_generator"
+require "active_support/message_verifier"
 
 class CookieJarTest < ActiveSupport::TestCase
   attr_reader :request
@@ -12,26 +12,26 @@ class CookieJarTest < ActiveSupport::TestCase
 
   def test_fetch
     x = Object.new
-    assert_not request.cookie_jar.key?('zzzzzz')
-    assert_equal x, request.cookie_jar.fetch('zzzzzz', x)
-    assert_not request.cookie_jar.key?('zzzzzz')
+    assert_not request.cookie_jar.key?("zzzzzz")
+    assert_equal x, request.cookie_jar.fetch("zzzzzz", x)
+    assert_not request.cookie_jar.key?("zzzzzz")
   end
 
   def test_fetch_exists
     x = Object.new
-    request.cookie_jar['foo'] = 'bar'
-    assert_equal 'bar', request.cookie_jar.fetch('foo', x)
+    request.cookie_jar["foo"] = "bar"
+    assert_equal "bar", request.cookie_jar.fetch("foo", x)
   end
 
   def test_fetch_block
     x = Object.new
-    assert_not request.cookie_jar.key?('zzzzzz')
-    assert_equal x, request.cookie_jar.fetch('zzzzzz') { x }
+    assert_not request.cookie_jar.key?("zzzzzz")
+    assert_equal x, request.cookie_jar.fetch("zzzzzz") { x }
   end
 
   def test_key_is_to_s
-    request.cookie_jar['foo'] = 'bar'
-    assert_equal 'bar', request.cookie_jar.fetch(:foo)
+    request.cookie_jar["foo"] = "bar"
+    assert_equal "bar", request.cookie_jar.fetch(:foo)
   end
 
   def test_fetch_type_error
@@ -41,19 +41,19 @@ class CookieJarTest < ActiveSupport::TestCase
   end
 
   def test_each
-    request.cookie_jar['foo'] = :bar
+    request.cookie_jar["foo"] = :bar
     list = []
     request.cookie_jar.each do |k,v|
       list << [k, v]
     end
 
-    assert_equal [['foo', :bar]], list
+    assert_equal [["foo", :bar]], list
   end
 
   def test_enumerable
-    request.cookie_jar['foo'] = :bar
+    request.cookie_jar["foo"] = :bar
     actual = request.cookie_jar.map { |k,v| [k.to_s, v.to_s] }
-    assert_equal [['foo', 'bar']], actual
+    assert_equal [["foo", "bar"]], actual
   end
 
   def test_key_methods
@@ -68,7 +68,7 @@ class CookieJarTest < ActiveSupport::TestCase
   def test_write_doesnt_set_a_nil_header
     headers = {}
     request.cookie_jar.write(headers)
-    assert !headers.include?('Set-Cookie')
+    assert_not_includes headers, "Set-Cookie"
   end
 end
 
@@ -100,7 +100,7 @@ class CookiesTest < ActionController::TestCase
     end
 
     def authenticate_for_fourteen_days_with_symbols
-      cookies[:user_name] = { :value => "david", :expires => Time.utc(2005, 10, 10,5) }
+      cookies[:user_name] = { value: "david", expires: Time.utc(2005, 10, 10,5) }
       head :ok
     end
 
@@ -123,17 +123,17 @@ class CookiesTest < ActionController::TestCase
     alias delete_cookie logout
 
     def delete_cookie_with_path
-      cookies.delete("user_name", :path => '/beaten')
+      cookies.delete("user_name", path: "/beaten")
       head :ok
     end
 
     def authenticate_with_http_only
-      cookies["user_name"] = { :value => "david", :httponly => true }
+      cookies["user_name"] = { value: "david", httponly: true }
       head :ok
     end
 
     def authenticate_with_secure
-      cookies["user_name"] = { :value => "david", :secure => true }
+      cookies["user_name"] = { value: "david", secure: true }
       head :ok
     end
 
@@ -153,7 +153,7 @@ class CookiesTest < ActionController::TestCase
     end
 
     def set_encrypted_cookie
-      cookies.encrypted[:foo] = 'bar'
+      cookies.encrypted[:foo] = "bar"
       head :ok
     end
 
@@ -173,7 +173,7 @@ class CookiesTest < ActionController::TestCase
     end
 
     def set_wrapped_encrypted_cookie
-      cookies.encrypted[:foo] = JSONWrapper.new('bar')
+      cookies.encrypted[:foo] = JSONWrapper.new("bar")
       head :ok
     end
 
@@ -183,12 +183,12 @@ class CookiesTest < ActionController::TestCase
     end
 
     def set_invalid_encrypted_cookie
-      cookies[:invalid_cookie] = 'invalid--9170e00a57cfc27083363b5c75b835e477bd90cf'
+      cookies[:invalid_cookie] = "invalid--9170e00a57cfc27083363b5c75b835e477bd90cf"
       head :ok
     end
 
     def raise_data_overflow
-      cookies.signed[:foo] = 'bye!' * 1024
+      cookies.signed[:foo] = "bye!" * 1024
       head :ok
     end
 
@@ -205,47 +205,47 @@ class CookiesTest < ActionController::TestCase
 
     def delete_and_set_cookie
       cookies.delete :user_name
-      cookies[:user_name] = { :value => "david", :expires => Time.utc(2005, 10, 10,5) }
+      cookies[:user_name] = { value: "david", expires: Time.utc(2005, 10, 10,5) }
       head :ok
     end
 
     def set_cookie_with_domain
-      cookies[:user_name] = {:value => "rizwanreza", :domain => :all}
+      cookies[:user_name] = { value: "rizwanreza", domain: :all }
       head :ok
     end
 
     def set_cookie_with_domain_all_as_string
-      cookies[:user_name] = {:value => "rizwanreza", :domain => 'all'}
+      cookies[:user_name] = { value: "rizwanreza", domain: "all" }
       head :ok
     end
 
     def delete_cookie_with_domain
-      cookies.delete(:user_name, :domain => :all)
+      cookies.delete(:user_name, domain: :all)
       head :ok
     end
 
     def delete_cookie_with_domain_all_as_string
-      cookies.delete(:user_name, :domain => 'all')
+      cookies.delete(:user_name, domain: "all")
       head :ok
     end
 
     def set_cookie_with_domain_and_tld
-      cookies[:user_name] = {:value => "rizwanreza", :domain => :all, :tld_length => 2}
+      cookies[:user_name] = { value: "rizwanreza", domain: :all, tld_length: 2 }
       head :ok
     end
 
     def delete_cookie_with_domain_and_tld
-      cookies.delete(:user_name, :domain => :all, :tld_length => 2)
+      cookies.delete(:user_name, domain: :all, tld_length: 2)
       head :ok
     end
 
     def set_cookie_with_domains
-      cookies[:user_name] = {:value => "rizwanreza", :domain => %w(example1.com example2.com .example3.com)}
+      cookies[:user_name] = { value: "rizwanreza", domain: %w(example1.com example2.com .example3.com) }
       head :ok
     end
 
     def delete_cookie_with_domains
-      cookies.delete(:user_name, :domain => %w(example1.com example2.com .example3.com))
+      cookies.delete(:user_name, domain: %w(example1.com example2.com .example3.com))
       head :ok
     end
 
@@ -255,7 +255,7 @@ class CookiesTest < ActionController::TestCase
     end
 
     def string_key
-      cookies['user_name'] = "dhh"
+      cookies["user_name"] = "dhh"
       head :ok
     end
 
@@ -265,7 +265,7 @@ class CookiesTest < ActionController::TestCase
     end
 
     def string_key_mock
-      cookies['user_name'] = "david" if cookies['user_name'] == "andrew"
+      cookies["user_name"] = "david" if cookies["user_name"] == "andrew"
       head :ok
     end
 
@@ -276,7 +276,7 @@ class CookiesTest < ActionController::TestCase
 
   tests TestController
 
-  SALT = 'b3c631c314c0bbca50c1b2843150fe33'
+  SALT = "b3c631c314c0bbca50c1b2843150fe33"
 
   def setup
     super
@@ -293,57 +293,57 @@ class CookiesTest < ActionController::TestCase
   def test_setting_cookie
     get :authenticate
     assert_cookie_header "user_name=david; path=/"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_the_same_value_to_cookie
-    request.cookies[:user_name] = 'david'
+    request.cookies[:user_name] = "david"
     get :authenticate
     assert_predicate response.cookies, :empty?
   end
 
   def test_setting_the_same_value_to_permanent_cookie
-    request.cookies[:user_name] = 'Jamie'
+    request.cookies[:user_name] = "Jamie"
     get :set_permanent_cookie
-    assert_equal({'user_name' => 'Jamie'}, response.cookies)
+    assert_equal({ "user_name" => "Jamie" }, response.cookies)
   end
 
   def test_setting_with_escapable_characters
     get :set_with_with_escapable_characters
     assert_cookie_header "that+%26+guy=foo+%26+bar+%3D%3E+baz; path=/"
-    assert_equal({"that & guy" => "foo & bar => baz"}, @response.cookies)
+    assert_equal({ "that & guy" => "foo & bar => baz" }, @response.cookies)
   end
 
   def test_setting_cookie_for_fourteen_days
     get :authenticate_for_fourteen_days
     assert_cookie_header "user_name=david; path=/; expires=Mon, 10 Oct 2005 05:00:00 -0000"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_cookie_for_fourteen_days_with_symbols
     get :authenticate_for_fourteen_days_with_symbols
     assert_cookie_header "user_name=david; path=/; expires=Mon, 10 Oct 2005 05:00:00 -0000"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_cookie_with_http_only
     get :authenticate_with_http_only
     assert_cookie_header "user_name=david; path=/; HttpOnly"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_cookie_with_secure
     @request.env["HTTPS"] = "on"
     get :authenticate_with_secure
     assert_cookie_header "user_name=david; path=/; secure"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_cookie_with_secure_when_always_write_cookie_is_true
     old_cookie, @request.cookie_jar.always_write_cookie = @request.cookie_jar.always_write_cookie, true
     get :authenticate_with_secure
     assert_cookie_header "user_name=david; path=/; secure"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   ensure
     @request.cookie_jar.always_write_cookie = old_cookie
   end
@@ -351,14 +351,14 @@ class CookiesTest < ActionController::TestCase
   def test_not_setting_cookie_with_secure
     get :authenticate_with_secure
     assert_not_cookie_header "user_name=david; path=/; secure"
-    assert_not_equal({"user_name" => "david"}, @response.cookies)
+    assert_not_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_multiple_cookies
     get :set_multiple_cookies
     assert_equal 2, @response.cookies.size
     assert_cookie_header "user_name=david; path=/; expires=Mon, 10 Oct 2005 05:00:00 -0000\nlogin=XJ-122; path=/"
-    assert_equal({"login" => "XJ-122", "user_name" => "david"}, @response.cookies)
+    assert_equal({ "login" => "XJ-122", "user_name" => "david" }, @response.cookies)
   end
 
   def test_setting_test_cookie
@@ -366,14 +366,14 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_expiring_cookie
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :logout
     assert_cookie_header "user_name=; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
-    assert_equal({"user_name" => nil}, @response.cookies)
+    assert_equal({ "user_name" => nil }, @response.cookies)
   end
 
   def test_delete_cookie_with_path
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_cookie_with_path
     assert_cookie_header "user_name=; path=/beaten; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
   end
@@ -385,16 +385,16 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_deleted_cookie_predicate
-    cookies[:user_name] = 'Joe'
+    cookies[:user_name] = "Joe"
     cookies.delete("user_name")
     assert cookies.deleted?("user_name")
     assert_equal false, cookies.deleted?("another")
   end
 
   def test_deleted_cookie_predicate_with_mismatching_options
-    cookies[:user_name] = 'Joe'
-    cookies.delete("user_name", :path => "/path")
-    assert_equal false, cookies.deleted?("user_name", :path => "/different")
+    cookies[:user_name] = "Joe"
+    cookies.delete("user_name", path: "/path")
+    assert_equal false, cookies.deleted?("user_name", path: "/different")
   end
 
   def test_cookies_persist_throughout_request
@@ -410,7 +410,7 @@ class CookiesTest < ActionController::TestCase
 
   def test_read_permanent_cookie
     get :set_permanent_cookie
-    assert_equal 'Jamie', @controller.send(:cookies).permanent[:user_name]
+    assert_equal "Jamie", @controller.send(:cookies).permanent[:user_name]
   end
 
   def test_signed_cookie_using_default_digest
@@ -423,12 +423,12 @@ class CookiesTest < ActionController::TestCase
     signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
     secret = key_generator.generate_key(signed_cookie_salt)
 
-    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA1')
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: "SHA1")
     assert_equal verifier.generate(45), cookies[:user_id]
   end
 
   def test_signed_cookie_using_custom_digest
-    @request.env["action_dispatch.cookies_digest"] = 'SHA256'
+    @request.env["action_dispatch.cookies_digest"] = "SHA256"
     get :set_signed_cookie
     cookies = @controller.send :cookies
     assert_not_equal 45, cookies[:user_id]
@@ -438,7 +438,7 @@ class CookiesTest < ActionController::TestCase
     signed_cookie_salt = @request.env["action_dispatch.signed_cookie_salt"]
     secret = key_generator.generate_key(signed_cookie_salt)
 
-    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: 'SHA256')
+    verifier = ActiveSupport::MessageVerifier.new(secret, serializer: Marshal, digest: "SHA256")
     assert_equal verifier.generate(45), cookies[:user_id]
   end
 
@@ -469,15 +469,15 @@ class CookiesTest < ActionController::TestCase
     @request.env["action_dispatch.cookies_serializer"] = :json
     get :set_wrapped_signed_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'wrapped: 45', cookies[:user_id]
-    assert_equal 'wrapped: 45', cookies.signed[:user_id]
+    assert_not_equal "wrapped: 45", cookies[:user_id]
+    assert_equal "wrapped: 45", cookies.signed[:user_id]
   end
 
   def test_signed_cookie_using_custom_serializer
     @request.env["action_dispatch.cookies_serializer"] = CustomSerializer
     get :set_signed_cookie
     assert_not_equal 45, cookies[:user_id]
-    assert_equal '45 was dumped and loaded', cookies.signed[:user_id]
+    assert_equal "45 was dumped and loaded", cookies.signed[:user_id]
   end
 
   def test_signed_cookie_using_hybrid_serializer_can_migrate_marshal_dumped_value_to_json
@@ -497,7 +497,7 @@ class CookiesTest < ActionController::TestCase
     assert_equal 45, cookies.signed[:user_id]
 
     verifier = ActiveSupport::MessageVerifier.new(secret, serializer: JSON)
-    assert_equal 45, verifier.verify(@response.cookies['user_id'])
+    assert_equal 45, verifier.verify(@response.cookies["user_id"])
   end
 
   def test_signed_cookie_using_hybrid_serializer_can_read_from_json_dumped_value
@@ -526,64 +526,64 @@ class CookiesTest < ActionController::TestCase
   def test_encrypted_cookie_using_default_serializer
     get :set_encrypted_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'bar', cookies[:foo]
+    assert_not_equal "bar", cookies[:foo]
     assert_raise TypeError do
       cookies.signed[:foo]
     end
-    assert_equal 'bar', cookies.encrypted[:foo]
+    assert_equal "bar", cookies.encrypted[:foo]
   end
 
   def test_encrypted_cookie_using_marshal_serializer
     @request.env["action_dispatch.cookies_serializer"] = :marshal
     get :set_encrypted_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'bar', cookies[:foo]
+    assert_not_equal "bar", cookies[:foo]
     assert_raises TypeError do
       cookies.signed[:foo]
     end
-    assert_equal 'bar', cookies.encrypted[:foo]
+    assert_equal "bar", cookies.encrypted[:foo]
   end
 
   def test_encrypted_cookie_using_json_serializer
     @request.env["action_dispatch.cookies_serializer"] = :json
     get :set_encrypted_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'bar', cookies[:foo]
+    assert_not_equal "bar", cookies[:foo]
     assert_raises ::JSON::ParserError do
       cookies.signed[:foo]
     end
-    assert_equal 'bar', cookies.encrypted[:foo]
+    assert_equal "bar", cookies.encrypted[:foo]
   end
 
   def test_wrapped_encrypted_cookie_using_json_serializer
     @request.env["action_dispatch.cookies_serializer"] = :json
     get :set_wrapped_encrypted_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'wrapped: bar', cookies[:foo]
+    assert_not_equal "wrapped: bar", cookies[:foo]
     assert_raises ::JSON::ParserError do
       cookies.signed[:foo]
     end
-    assert_equal 'wrapped: bar', cookies.encrypted[:foo]
+    assert_equal "wrapped: bar", cookies.encrypted[:foo]
   end
 
   def test_encrypted_cookie_using_custom_serializer
     @request.env["action_dispatch.cookies_serializer"] = CustomSerializer
     get :set_encrypted_cookie
-    assert_not_equal 'bar', cookies.encrypted[:foo]
-    assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo]
+    assert_not_equal "bar", cookies.encrypted[:foo]
+    assert_equal "bar was dumped and loaded", cookies.encrypted[:foo]
   end
 
   def test_encrypted_cookie_using_custom_digest
-    @request.env["action_dispatch.cookies_digest"] = 'SHA256'
+    @request.env["action_dispatch.cookies_digest"] = "SHA256"
     get :set_encrypted_cookie
     cookies = @controller.send :cookies
-    assert_not_equal 'bar', cookies[:foo]
-    assert_equal 'bar', cookies.encrypted[:foo]
+    assert_not_equal "bar", cookies[:foo]
+    assert_equal "bar", cookies.encrypted[:foo]
 
     sign_secret = @request.env["action_dispatch.key_generator"].generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
 
-    sha1_verifier   = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: 'SHA1')
-    sha256_verifier = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: 'SHA256')
+    sha1_verifier   = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: "SHA1")
+    sha256_verifier = ActiveSupport::MessageVerifier.new(sign_secret, serializer: ActiveSupport::MessageEncryptor::NullSerializer, digest: "SHA256")
 
     assert_raises(ActiveSupport::MessageVerifier::InvalidSignature) do
       sha1_verifier.verify(cookies[:foo])
@@ -603,7 +603,7 @@ class CookiesTest < ActionController::TestCase
     secret = key_generator.generate_key(encrypted_cookie_salt)
     sign_secret = key_generator.generate_key(encrypted_signed_cookie_salt)
 
-    marshal_value = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: Marshal).encrypt_and_sign("bar")
+    marshal_value = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: Marshal).encrypt_and_sign("bar")
     @request.headers["Cookie"] = "foo=#{marshal_value}"
 
     get :get_encrypted_cookie
@@ -612,7 +612,7 @@ class CookiesTest < ActionController::TestCase
     assert_not_equal "bar", cookies[:foo]
     assert_equal "bar", cookies.encrypted[:foo]
 
-    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
+    encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: JSON)
     assert_equal "bar", encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
@@ -624,7 +624,7 @@ class CookiesTest < ActionController::TestCase
     encrypted_signed_cookie_salt = @request.env["action_dispatch.encrypted_signed_cookie_salt"]
     secret = key_generator.generate_key(encrypted_cookie_salt)
     sign_secret = key_generator.generate_key(encrypted_signed_cookie_salt)
-    json_value = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON).encrypt_and_sign("bar")
+    json_value = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: JSON).encrypt_and_sign("bar")
     @request.headers["Cookie"] = "foo=#{json_value}"
 
     get :get_encrypted_cookie
@@ -636,6 +636,19 @@ class CookiesTest < ActionController::TestCase
     assert_nil @response.cookies["foo"]
   end
 
+  def test_compat_encrypted_cookie_using_64_byte_key
+    # Cookie generated with 64 bytes secret
+    message = ["566d4e75536d686e633246564e6b493062557079626c566d51574d30515430394c53315665564a694e4563786555744f57537454576b396a5a31566a626e52525054303d2d2d34663234333330623130623261306163363562316266323335396164666364613564643134623131"].pack("H*")
+    @request.headers["Cookie"] = "foo=#{message}"
+
+    get :get_encrypted_cookie
+
+    cookies = @controller.send :cookies
+    assert_not_equal "bar", cookies[:foo]
+    assert_equal "bar", cookies.encrypted[:foo]
+    assert_nil @response.cookies["foo"]
+  end
+
   def test_accessing_nonexistent_encrypted_cookie_should_not_raise_invalid_message
     get :set_encrypted_cookie
     assert_nil @controller.send(:cookies).encrypted[:non_existent_attribute]
@@ -653,10 +666,10 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_delete_and_set_cookie
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_and_set_cookie
     assert_cookie_header "user_name=david; path=/; expires=Mon, 10 Oct 2005 05:00:00 -0000"
-    assert_equal({"user_name" => "david"}, @response.cookies)
+    assert_equal({ "user_name" => "david" }, @response.cookies)
   end
 
   def test_raise_data_overflow
@@ -687,7 +700,7 @@ class CookiesTest < ActionController::TestCase
       get :set_signed_cookie
     }
 
-    assert_raise(ArgumentError, ''.inspect) {
+    assert_raise(ArgumentError, "".inspect) {
       @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new("")
       get :set_signed_cookie
     }
@@ -789,18 +802,18 @@ class CookiesTest < ActionController::TestCase
     @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
     @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
 
-    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate('bar')
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate("bar")
 
     @request.headers["Cookie"] = "foo=#{legacy_value}"
     get :get_encrypted_cookie
 
-    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+    assert_equal "bar", @controller.send(:cookies).encrypted[:foo]
 
     key_generator = @request.env["action_dispatch.key_generator"]
     secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
     sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
-    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
-    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret)
+    assert_equal "bar", encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
   def test_legacy_json_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_cookie_jar_if_both_secret_token_and_secret_key_base_are_set
@@ -828,18 +841,18 @@ class CookiesTest < ActionController::TestCase
     @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
     @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
 
-    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate('bar')
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate("bar")
 
     @request.headers["Cookie"] = "foo=#{legacy_value}"
     get :get_encrypted_cookie
 
-    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+    assert_equal "bar", @controller.send(:cookies).encrypted[:foo]
 
     key_generator = @request.env["action_dispatch.key_generator"]
     secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
     sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
-    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
-    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: JSON)
+    assert_equal "bar", encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
   def test_legacy_json_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_hybrid_jar_if_both_secret_token_and_secret_key_base_are_set
@@ -867,18 +880,18 @@ class CookiesTest < ActionController::TestCase
     @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
     @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
 
-    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate('bar')
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33", serializer: JSON).generate("bar")
 
     @request.headers["Cookie"] = "foo=#{legacy_value}"
     get :get_encrypted_cookie
 
-    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+    assert_equal "bar", @controller.send(:cookies).encrypted[:foo]
 
     key_generator = @request.env["action_dispatch.key_generator"]
     secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
     sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
-    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
-    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: JSON)
+    assert_equal "bar", encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
   def test_legacy_marshal_signed_cookie_is_read_and_transparently_upgraded_by_signed_json_hybrid_jar_if_both_secret_token_and_secret_key_base_are_set
@@ -906,18 +919,18 @@ class CookiesTest < ActionController::TestCase
     @request.env["action_dispatch.encrypted_cookie_salt"] = "4433796b79d99a7735553e316522acee"
     @request.env["action_dispatch.encrypted_signed_cookie_salt"] = "00646eb40062e1b1deff205a27cd30f9"
 
-    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate('bar')
+    legacy_value = ActiveSupport::MessageVerifier.new("b3c631c314c0bbca50c1b2843150fe33").generate("bar")
 
     @request.headers["Cookie"] = "foo=#{legacy_value}"
     get :get_encrypted_cookie
 
-    assert_equal 'bar', @controller.send(:cookies).encrypted[:foo]
+    assert_equal "bar", @controller.send(:cookies).encrypted[:foo]
 
     key_generator = @request.env["action_dispatch.key_generator"]
     secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_cookie_salt"])
     sign_secret = key_generator.generate_key(@request.env["action_dispatch.encrypted_signed_cookie_salt"])
-    encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON)
-    assert_equal 'bar', encryptor.decrypt_and_verify(@response.cookies["foo"])
+    encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len], sign_secret, serializer: JSON)
+    assert_equal "bar", encryptor.decrypt_and_verify(@response.cookies["foo"])
   end
 
   def test_legacy_signed_cookie_is_treated_as_nil_by_signed_cookie_jar_if_tampered
@@ -998,7 +1011,7 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_deleting_cookie_with_all_domain_option
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_cookie_with_domain
     assert_response :success
     assert_cookie_header "user_name=; domain=.nextangle.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
@@ -1032,7 +1045,7 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_deleting_cookie_with_all_domain_option_and_tld_length
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_cookie_with_domain_and_tld
     assert_response :success
     assert_cookie_header "user_name=; domain=.nextangle.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
@@ -1061,7 +1074,7 @@ class CookiesTest < ActionController::TestCase
 
   def test_deletings_cookie_with_several_preset_domains_using_one_of_these_domains
     @request.host = "example2.com"
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_cookie_with_domains
     assert_response :success
     assert_cookie_header "user_name=; domain=example2.com; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
@@ -1069,7 +1082,7 @@ class CookiesTest < ActionController::TestCase
 
   def test_deletings_cookie_with_several_preset_domains_using_other_domain
     @request.host = "other-domain.com"
-    request.cookies[:user_name] = 'Joe'
+    request.cookies[:user_name] = "Joe"
     get :delete_cookie_with_domains
     assert_response :success
     assert_cookie_header "user_name=; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000"
@@ -1078,20 +1091,20 @@ class CookiesTest < ActionController::TestCase
   def test_cookies_hash_is_indifferent_access
     get :symbol_key
     assert_equal "david", cookies[:user_name]
-    assert_equal "david", cookies['user_name']
+    assert_equal "david", cookies["user_name"]
     get :string_key
     assert_equal "dhh", cookies[:user_name]
-    assert_equal "dhh", cookies['user_name']
+    assert_equal "dhh", cookies["user_name"]
   end
 
   def test_setting_request_cookies_is_indifferent_access
     cookies.clear
     cookies[:user_name] = "andrew"
     get :string_key_mock
-    assert_equal "david", cookies['user_name']
+    assert_equal "david", cookies["user_name"]
 
     cookies.clear
-    cookies['user_name'] = "andrew"
+    cookies["user_name"] = "andrew"
     get :symbol_key_mock
     assert_equal "david", cookies[:user_name]
   end
@@ -1102,11 +1115,11 @@ class CookiesTest < ActionController::TestCase
     assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert !@response.headers.include?("Set-Cookie")
+    assert_not_includes @response.headers, "Set-Cookie"
     assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert !@response.headers.include?("Set-Cookie")
+    assert_not_includes @response.headers, "Set-Cookie"
     assert_equal "david", cookies[:user_name]
   end
 
@@ -1123,57 +1136,57 @@ class CookiesTest < ActionController::TestCase
   end
 
   def test_can_set_http_cookie_header
-    @request.env['HTTP_COOKIE'] = 'user_name=david'
+    @request.env["HTTP_COOKIE"] = "user_name=david"
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
-    @request.env['HTTP_COOKIE'] = 'user_name=andrew'
+    @request.env["HTTP_COOKIE"] = "user_name=andrew"
     get :noop
-    assert_equal 'andrew', cookies['user_name']
-    assert_equal 'andrew', cookies[:user_name]
+    assert_equal "andrew", cookies["user_name"]
+    assert_equal "andrew", cookies[:user_name]
   end
 
   def test_can_set_request_cookies
-    @request.cookies['user_name'] = 'david'
+    @request.cookies["user_name"] = "david"
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
-    @request.cookies[:user_name] = 'andrew'
+    @request.cookies[:user_name] = "andrew"
     get :noop
-    assert_equal 'andrew', cookies['user_name']
-    assert_equal 'andrew', cookies[:user_name]
+    assert_equal "andrew", cookies["user_name"]
+    assert_equal "andrew", cookies[:user_name]
   end
 
   def test_cookies_precedence_over_http_cookie
-    @request.env['HTTP_COOKIE'] = 'user_name=andrew'
+    @request.env["HTTP_COOKIE"] = "user_name=andrew"
     get :authenticate
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
   end
 
   def test_cookies_precedence_over_request_cookies
-    @request.cookies['user_name'] = 'andrew'
+    @request.cookies["user_name"] = "andrew"
     get :authenticate
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
 
     get :noop
-    assert_equal 'david', cookies['user_name']
-    assert_equal 'david', cookies[:user_name]
+    assert_equal "david", cookies["user_name"]
+    assert_equal "david", cookies[:user_name]
   end
 
   private