diff options
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/base.rb | 9 | ||||
| -rw-r--r-- | actionpack/test/activerecord/active_record_store_test.rb | 288 |
3 files changed, 4 insertions, 297 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 1445cf43f6..4aaa9bcd23 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,5 +1,9 @@ ## Rails 4.0.0 (unreleased) ## +* `ActiveRecord::SessionStore` is extracted out of Rails into a gem `activerecord-session_store`. + Setting `config.session_store` to `:active_record_store` will no longer work and will break + if the `activerecord-session_store` gem isn't available. *Prem Sichanugrist* + * Fix select_tag when option_tags is nil. Fixes #7404. diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 71425cd542..f829f5e8a2 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -88,15 +88,6 @@ module ActionController # # Do not put secret information in cookie-based sessions! # - # Other options for session storage: - # - # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and, - # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set - # - # MyApplication::Application.config.session_store :active_record_store - # - # in your <tt>config/initializers/session_store.rb</tt> and run <tt>script/rails g session_migration</tt>. - # # == Responses # # Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response diff --git a/actionpack/test/activerecord/active_record_store_test.rb b/actionpack/test/activerecord/active_record_store_test.rb deleted file mode 100644 index 275f25f597..0000000000 --- a/actionpack/test/activerecord/active_record_store_test.rb +++ /dev/null @@ -1,288 +0,0 @@ -require 'active_record_unit' - -class ActiveRecordStoreTest < ActionDispatch::IntegrationTest - class TestController < ActionController::Base - def no_session_access - head :ok - end - - def set_session_value - raise "missing session!" unless session - session[:foo] = params[:foo] || "bar" - head :ok - end - - def get_session_value - render :text => "foo: #{session[:foo].inspect}" - end - - def get_session_id - render :text => "#{request.session_options[:id]}" - end - - def call_reset_session - session[:foo] - reset_session - reset_session if params[:twice] - session[:foo] = "baz" - head :ok - end - - def renew - env["rack.session.options"][:renew] = true - session[:foo] = "baz" - head :ok - end - end - - def setup - ActiveRecord::SessionStore.session_class.create_table! - end - - def teardown - ActiveRecord::SessionStore.session_class.drop_table! - end - - %w{ session sql_bypass }.each do |class_name| - define_method("test_setting_and_getting_session_value_with_#{class_name}_store") do - with_store class_name do - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "bar"', response.body - - get '/set_session_value', :foo => "baz" - assert_response :success - assert cookies['_session_id'] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "baz"', response.body - - get '/call_reset_session' - assert_response :success - assert_not_equal [], headers['Set-Cookie'] - end - end - end - - define_method("test_renewing_with_#{class_name}_store") do - with_store class_name do - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - - get '/renew' - assert_response :success - assert_not_equal [], headers['Set-Cookie'] - end - end - end - end - - def test_getting_nil_session_value - with_test_route_set do - get '/get_session_value' - assert_response :success - assert_equal 'foo: nil', response.body - end - end - - def test_calling_reset_session_twice_does_not_raise_errors - with_test_route_set do - get '/call_reset_session', :twice => "true" - assert_response :success - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "baz"', response.body - end - end - - def test_setting_session_value_after_session_reset - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - session_id = cookies['_session_id'] - - get '/call_reset_session' - assert_response :success - assert_not_equal [], headers['Set-Cookie'] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "baz"', response.body - - get '/get_session_id' - assert_response :success - assert_not_equal session_id, response.body - end - end - - def test_getting_session_value_after_session_reset - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - session_cookie = cookies.send(:hash_for)['_session_id'] - - get '/call_reset_session' - assert_response :success - assert_not_equal [], headers['Set-Cookie'] - - cookies << session_cookie # replace our new session_id with our old, pre-reset session_id - - get '/get_session_value' - assert_response :success - assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from the database" - end - end - - def test_getting_from_nonexistent_session - with_test_route_set do - get '/get_session_value' - assert_response :success - assert_equal 'foo: nil', response.body - assert_nil cookies['_session_id'], "should only create session on write, not read" - end - end - - def test_getting_session_id - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - session_id = cookies['_session_id'] - - get '/get_session_id' - assert_response :success - assert_equal session_id, response.body, "should be able to read session id without accessing the session hash" - end - end - - def test_doesnt_write_session_cookie_if_session_id_is_already_exists - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - - get '/get_session_value' - assert_response :success - assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists" - end - end - - def test_prevents_session_fixation - with_test_route_set do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "bar"', response.body - session_id = cookies['_session_id'] - assert session_id - - reset! - - get '/get_session_value', :_session_id => session_id - assert_response :success - assert_equal 'foo: nil', response.body - assert_not_equal session_id, cookies['_session_id'] - end - end - - def test_allows_session_fixation - with_test_route_set(:cookie_only => false) do - get '/set_session_value' - assert_response :success - assert cookies['_session_id'] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: "bar"', response.body - session_id = cookies['_session_id'] - assert session_id - - reset! - - get '/set_session_value', :_session_id => session_id, :foo => "baz" - assert_response :success - assert_equal session_id, cookies['_session_id'] - - get '/get_session_value', :_session_id => session_id - assert_response :success - assert_equal 'foo: "baz"', response.body - assert_equal session_id, cookies['_session_id'] - end - end - - def test_incoming_invalid_session_id_via_cookie_should_be_ignored - with_test_route_set do - open_session do |sess| - sess.cookies['_session_id'] = 'INVALID' - - sess.get '/set_session_value' - new_session_id = sess.cookies['_session_id'] - assert_not_equal 'INVALID', new_session_id - - sess.get '/get_session_value' - new_session_id_2 = sess.cookies['_session_id'] - assert_equal new_session_id, new_session_id_2 - end - end - end - - def test_incoming_invalid_session_id_via_parameter_should_be_ignored - with_test_route_set(:cookie_only => false) do - open_session do |sess| - sess.get '/set_session_value', :_session_id => 'INVALID' - new_session_id = sess.cookies['_session_id'] - assert_not_equal 'INVALID', new_session_id - - sess.get '/get_session_value' - new_session_id_2 = sess.cookies['_session_id'] - assert_equal new_session_id, new_session_id_2 - end - end - end - - def test_session_store_with_all_domains - with_test_route_set(:domain => :all) do - get '/set_session_value' - assert_response :success - end - end - - private - - def with_test_route_set(options = {}) - with_routing do |set| - set.draw do - get ':action', :to => 'active_record_store_test/test' - end - - @app = self.class.build_app(set) do |middleware| - middleware.use ActiveRecord::SessionStore, options.reverse_merge(:key => '_session_id') - middleware.delete "ActionDispatch::ShowExceptions" - end - - yield - end - end - - def with_store(class_name) - session_class, ActiveRecord::SessionStore.session_class = - ActiveRecord::SessionStore.session_class, "ActiveRecord::SessionStore::#{class_name.camelize}".constantize - yield - ensure - ActiveRecord::SessionStore.session_class = session_class - end -end |