aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb47
1 files changed, 25 insertions, 22 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 41c4523ecb..e6b799cb2f 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -150,7 +150,7 @@ module ActionDispatch
# cookies.permanent.signed[:remember_me] = current_user.id
# # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
def permanent
- @permanent ||= PermanentCookieJar.new(self, @request)
+ @permanent ||= PermanentCookieJar.new(self)
end
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
@@ -171,9 +171,9 @@ module ActionDispatch
def signed
@signed ||=
if upgrade_legacy_signed_cookies?
- UpgradeLegacySignedCookieJar.new(self, @request)
+ UpgradeLegacySignedCookieJar.new(self)
else
- SignedCookieJar.new(self, @request)
+ SignedCookieJar.new(self)
end
end
@@ -194,9 +194,9 @@ module ActionDispatch
def encrypted
@encrypted ||=
if upgrade_legacy_signed_cookies?
- UpgradeLegacyEncryptedCookieJar.new(self, @request)
+ UpgradeLegacyEncryptedCookieJar.new(self)
else
- EncryptedCookieJar.new(self, @request)
+ EncryptedCookieJar.new(self)
end
end
@@ -204,21 +204,25 @@ module ActionDispatch
# Used by ActionDispatch::Session::CookieStore to avoid the need to introduce new cookie stores.
def signed_or_encrypted
@signed_or_encrypted ||=
- if @request.secret_key_base.present?
+ if request.secret_key_base.present?
encrypted
else
signed
end
end
+ protected
+
+ def request; @parent_jar.request; end
+
private
def upgrade_legacy_signed_cookies?
- @request.secret_token.present? && @request.secret_key_base.present?
+ request.secret_token.present? && request.secret_key_base.present?
end
def key_generator
- @request.key_generator
+ request.key_generator
end
end
@@ -229,7 +233,7 @@ module ActionDispatch
module VerifyAndUpgradeLegacySignedMessage # :nodoc:
def initialize(*args)
super
- @legacy_verifier = ActiveSupport::MessageVerifier.new(@request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
+ @legacy_verifier = ActiveSupport::MessageVerifier.new(request.secret_token, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
end
def verify_and_upgrade_legacy_signed_message(name, signed_message)
@@ -264,6 +268,8 @@ module ActionDispatch
end
end
+ attr_reader :request
+
def initialize(request)
@set_cookies = {}
@delete_cookies = {}
@@ -316,12 +322,12 @@ module ActionDispatch
# if host is not ip and matches domain regexp
# (ip confirms to domain regexp so we explicitly check for ip)
- options[:domain] = if (@request.host !~ /^[\d.]+$/) && (@request.host =~ domain_regexp)
+ options[:domain] = if (request.host !~ /^[\d.]+$/) && (request.host =~ domain_regexp)
".#{$&}"
end
elsif options[:domain].is_a? Array
# if host matches one of the supplied domains without a dot in front of it
- options[:domain] = options[:domain].find {|domain| @request.host.include? domain.sub(/^\./, '') }
+ options[:domain] = options[:domain].find {|domain| request.host.include? domain.sub(/^\./, '') }
end
end
@@ -390,16 +396,15 @@ module ActionDispatch
private
def write_cookie?(cookie)
- @request.ssl? || !cookie[:secure] || always_write_cookie
+ request.ssl? || !cookie[:secure] || always_write_cookie
end
end
class PermanentCookieJar #:nodoc:
include ChainedCookieJars
- def initialize(parent_jar, request)
+ def initialize(parent_jar)
@parent_jar = parent_jar
- @request = request
end
def [](name)
@@ -433,7 +438,7 @@ module ActionDispatch
protected
def needs_migration?(value)
- @request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
+ request.cookies_serializer == :hybrid && value.start_with?(MARSHAL_SIGNATURE)
end
def serialize(value)
@@ -453,7 +458,7 @@ module ActionDispatch
end
def serializer
- serializer = @request.cookies_serializer || :marshal
+ serializer = request.cookies_serializer || :marshal
case serializer
when :marshal
Marshal
@@ -465,7 +470,7 @@ module ActionDispatch
end
def digest
- @request.cookies_digest || 'SHA1'
+ request.cookies_digest || 'SHA1'
end
end
@@ -473,9 +478,8 @@ module ActionDispatch
include ChainedCookieJars
include SerializedCookieJars
- def initialize(parent_jar, request)
+ def initialize(parent_jar)
@parent_jar = parent_jar
- @request = request
secret = key_generator.generate_key(request.signed_cookie_salt)
@verifier = ActiveSupport::MessageVerifier.new(secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
end
@@ -528,15 +532,14 @@ module ActionDispatch
include ChainedCookieJars
include SerializedCookieJars
- def initialize(parent_jar, request)
- @request = request
+ def initialize(parent_jar)
+ @parent_jar = parent_jar
if ActiveSupport::LegacyKeyGenerator === key_generator
raise "You didn't set secrets.secret_key_base, which is required for this cookie jar. " +
"Read the upgrade documentation to learn more about this new config option."
end
- @parent_jar = parent_jar
secret = key_generator.generate_key(request.encrypted_cookie_salt || '')
sign_secret = key_generator.generate_key(request.encrypted_signed_cookie_salt || '')
@encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, digest: digest, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 04:56:14 +0000