diff options
Diffstat (limited to 'actionpack/test/dispatch/session/cookie_store_test.rb')
-rw-r--r-- | actionpack/test/dispatch/session/cookie_store_test.rb | 187 |
1 files changed, 96 insertions, 91 deletions
diff --git a/actionpack/test/dispatch/session/cookie_store_test.rb b/actionpack/test/dispatch/session/cookie_store_test.rb index e7f4235de8..2a1053be16 100644 --- a/actionpack/test/dispatch/session/cookie_store_test.rb +++ b/actionpack/test/dispatch/session/cookie_store_test.rb @@ -1,14 +1,14 @@ -require 'abstract_unit' -require 'stringio' -require 'active_support/key_generator' +require "abstract_unit" +require "stringio" +require "active_support/key_generator" class CookieStoreTest < ActionDispatch::IntegrationTest - SessionKey = '_myapp_session' - SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' + SessionKey = "_myapp_session" + SessionSecret = "b3c631c314c0bbca50c1b2843150fe33" Generator = ActiveSupport::LegacyKeyGenerator.new(SessionSecret) - Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, :digest => 'SHA1') - SignedBar = Verifier.generate(:foo => "bar", :session_id => SecureRandom.hex(16)) + Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, digest: "SHA1") + SignedBar = Verifier.generate(foo: "bar", session_id: SecureRandom.hex(16)) class TestController < ActionController::Base def no_session_access @@ -16,25 +16,25 @@ class CookieStoreTest < ActionDispatch::IntegrationTest end def persistent_session_id - render :text => session[:session_id] + render plain: session[:session_id] end def set_session_value session[:foo] = "bar" - render :text => Rack::Utils.escape(Verifier.generate(session.to_hash)) + render plain: Rack::Utils.escape(Verifier.generate(session.to_hash)) end def get_session_value - render :text => "foo: #{session[:foo].inspect}" + render plain: "foo: #{session[:foo].inspect}" end def get_session_id - render :text => "id: #{request.session.id}" + render plain: "id: #{request.session.id}" end def get_class_after_reset_session reset_session - render :text => "class: #{session.class}" + render plain: "class: #{session.class}" end def call_session_clear @@ -48,7 +48,7 @@ class CookieStoreTest < ActionDispatch::IntegrationTest end def raise_data_overflow - session[:foo] = 'bye!' * 1024 + session[:foo] = "bye!" * 1024 head :ok end @@ -65,17 +65,17 @@ class CookieStoreTest < ActionDispatch::IntegrationTest def test_setting_session_value with_test_route_set do - get '/set_session_value' + get "/set_session_value" assert_response :success assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] + headers["Set-Cookie"] end end def test_getting_session_value with_test_route_set do cookies[SessionKey] = SignedBar - get '/get_session_value' + get "/get_session_value" assert_response :success assert_equal 'foo: "bar"', response.body end @@ -84,12 +84,12 @@ class CookieStoreTest < ActionDispatch::IntegrationTest def test_getting_session_id with_test_route_set do cookies[SessionKey] = SignedBar - get '/persistent_session_id' + get "/persistent_session_id" assert_response :success assert_equal 32, response.body.size session_id = response.body - get '/get_session_id' + get "/get_session_id" assert_response :success assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash" end @@ -98,37 +98,37 @@ class CookieStoreTest < ActionDispatch::IntegrationTest def test_disregards_tampered_sessions with_test_route_set do cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780" - get '/get_session_value' + get "/get_session_value" assert_response :success - assert_equal 'foo: nil', response.body + assert_equal "foo: nil", response.body end end def test_does_not_set_secure_cookies_over_http - with_test_route_set(:secure => true) do - get '/set_session_value' + with_test_route_set(secure: true) do + get "/set_session_value" assert_response :success - assert_equal nil, headers['Set-Cookie'] + assert_nil headers["Set-Cookie"] end end def test_properly_renew_cookies with_test_route_set do - get '/set_session_value' - get '/persistent_session_id' + get "/set_session_value" + get "/persistent_session_id" session_id = response.body - get '/renew_session_id' - get '/persistent_session_id' + get "/renew_session_id" + get "/persistent_session_id" assert_not_equal response.body, session_id end end def test_does_set_secure_cookies_over_https - with_test_route_set(:secure => true) do - get '/set_session_value', headers: { 'HTTPS' => 'on' } + with_test_route_set(secure: true) do + get "/set_session_value", headers: { "HTTPS" => "on" } assert_response :success assert_equal "_myapp_session=#{response.body}; path=/; secure; HttpOnly", - headers['Set-Cookie'] + headers["Set-Cookie"] end end @@ -139,9 +139,9 @@ class CookieStoreTest < ActionDispatch::IntegrationTest with_test_route_set do with_autoload_path "session_autoload_test" do cookies[SessionKey] = SignedSerializedCookie - get '/get_session_id' + get "/get_session_id" assert_response :success - assert_equal 'id: ce8b0752a6ab7c7af3cdb8a80e6b9e46', response.body, "should auto-load unloaded class" + assert_equal "id: ce8b0752a6ab7c7af3cdb8a80e6b9e46", response.body, "should auto-load unloaded class" end end end @@ -150,7 +150,7 @@ class CookieStoreTest < ActionDispatch::IntegrationTest with_test_route_set do with_autoload_path "session_autoload_test" do cookies[SessionKey] = SignedSerializedCookie - get '/get_session_value' + get "/get_session_value" assert_response :success assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class" end @@ -160,16 +160,16 @@ class CookieStoreTest < ActionDispatch::IntegrationTest def test_close_raises_when_data_overflows with_test_route_set do assert_raise(ActionDispatch::Cookies::CookieOverflow) { - get '/raise_data_overflow' + get "/raise_data_overflow" } end end def test_doesnt_write_session_cookie_if_session_is_not_accessed with_test_route_set do - get '/no_session_access' + get "/no_session_access" assert_response :success - assert_equal nil, headers['Set-Cookie'] + assert_nil headers["Set-Cookie"] end end @@ -177,82 +177,82 @@ class CookieStoreTest < ActionDispatch::IntegrationTest with_test_route_set do cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--" + "fef868465920f415f2c0652d6910d3af288a0367" - get '/no_session_access' + get "/no_session_access" assert_response :success - assert_equal nil, headers['Set-Cookie'] + assert_nil headers["Set-Cookie"] end end def test_setting_session_value_after_session_reset with_test_route_set do - get '/set_session_value' + get "/set_session_value" assert_response :success session_payload = response.body assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] + headers["Set-Cookie"] - get '/call_reset_session' + get "/call_reset_session" assert_response :success - assert_not_equal [], headers['Set-Cookie'] + assert_not_equal [], headers["Set-Cookie"] assert_not_nil session_payload assert_not_equal session_payload, cookies[SessionKey] - get '/get_session_value' + get "/get_session_value" assert_response :success - assert_equal 'foo: nil', response.body + assert_equal "foo: nil", response.body end end def test_class_type_after_session_reset with_test_route_set do - get '/set_session_value' + get "/set_session_value" assert_response :success assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] + headers["Set-Cookie"] - get '/get_class_after_reset_session' + get "/get_class_after_reset_session" assert_response :success - assert_not_equal [], headers['Set-Cookie'] - assert_equal 'class: ActionDispatch::Request::Session', response.body + assert_not_equal [], headers["Set-Cookie"] + assert_equal "class: ActionDispatch::Request::Session", response.body end end def test_getting_from_nonexistent_session with_test_route_set do - get '/get_session_value' + get "/get_session_value" assert_response :success - assert_equal 'foo: nil', response.body - assert_nil headers['Set-Cookie'], "should only create session on write, not read" + assert_equal "foo: nil", response.body + assert_nil headers["Set-Cookie"], "should only create session on write, not read" end end def test_setting_session_value_after_session_clear with_test_route_set do - get '/set_session_value' + get "/set_session_value" assert_response :success assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] + headers["Set-Cookie"] - get '/call_session_clear' + get "/call_session_clear" assert_response :success - get '/get_session_value' + get "/get_session_value" assert_response :success - assert_equal 'foo: nil', response.body + assert_equal "foo: nil", response.body end end def test_persistent_session_id with_test_route_set do cookies[SessionKey] = SignedBar - get '/persistent_session_id' + get "/persistent_session_id" assert_response :success assert_equal 32, response.body.size session_id = response.body - get '/persistent_session_id' + get "/persistent_session_id" assert_equal session_id, response.body reset! - get '/persistent_session_id' + get "/persistent_session_id" assert_not_equal session_id, response.body end end @@ -271,60 +271,64 @@ class CookieStoreTest < ActionDispatch::IntegrationTest end def test_session_store_with_expire_after - with_test_route_set(:expire_after => 5.hours) do + with_test_route_set(expire_after: 5.hours) do # First request accesses the session time = Time.local(2008, 4, 24) - Time.stubs(:now).returns(time) - expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000") + cookie_body = nil - cookies[SessionKey] = SignedBar + Time.stub :now, time do + expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000") - get '/set_session_value' - assert_response :success + cookies[SessionKey] = SignedBar + + get "/set_session_value" + assert_response :success - cookie_body = response.body - assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", - headers['Set-Cookie'] + cookie_body = response.body + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", + headers["Set-Cookie"] + end # Second request does not access the session time = Time.local(2008, 4, 25) - Time.stubs(:now).returns(time) - expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000") + Time.stub :now, time do + expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000") - get '/no_session_access' - assert_response :success + get "/no_session_access" + assert_response :success - assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", - headers['Set-Cookie'] + assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", + headers["Set-Cookie"] + end end end def test_session_store_with_explicit_domain - with_test_route_set(:domain => "example.es") do - get '/set_session_value' - assert_match(/domain=example\.es/, headers['Set-Cookie']) - headers['Set-Cookie'] + with_test_route_set(domain: "example.es") do + get "/set_session_value" + assert_match(/domain=example\.es/, headers["Set-Cookie"]) + headers["Set-Cookie"] end end def test_session_store_without_domain with_test_route_set do - get '/set_session_value' - assert_no_match(/domain\=/, headers['Set-Cookie']) + get "/set_session_value" + assert_no_match(/domain\=/, headers["Set-Cookie"]) end end def test_session_store_with_nil_domain - with_test_route_set(:domain => nil) do - get '/set_session_value' - assert_no_match(/domain\=/, headers['Set-Cookie']) + with_test_route_set(domain: nil) do + get "/set_session_value" + assert_no_match(/domain\=/, headers["Set-Cookie"]) end end def test_session_store_with_all_domains - with_test_route_set(:domain => :all) do - get '/set_session_value' - assert_match(/domain=\.example\.com/, headers['Set-Cookie']) + with_test_route_set(domain: :all) do + get "/set_session_value" + assert_match(/domain=\.example\.com/, headers["Set-Cookie"]) end end @@ -341,18 +345,19 @@ class CookieStoreTest < ActionDispatch::IntegrationTest def with_test_route_set(options = {}) with_routing do |set| set.draw do - get ':action', :to => ::CookieStoreTest::TestController + ActiveSupport::Deprecation.silence do + get ":action", to: ::CookieStoreTest::TestController + end end - options = { :key => SessionKey }.merge!(options) + options = { key: SessionKey }.merge!(options) @app = self.class.build_app(set) do |middleware| middleware.use ActionDispatch::Session::CookieStore, options - middleware.delete "ActionDispatch::ShowExceptions" + middleware.delete ActionDispatch::ShowExceptions end yield end end - end |