aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/middleware/session_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'railties/test/application/middleware/session_test.rb')
-rw-r--r--railties/test/application/middleware/session_test.rb128
1 files changed, 0 insertions, 128 deletions
diff --git a/railties/test/application/middleware/session_test.rb b/railties/test/application/middleware/session_test.rb
index b25e56b625..479615c133 100644
--- a/railties/test/application/middleware/session_test.rb
+++ b/railties/test/application/middleware/session_test.rb
@@ -215,8 +215,6 @@ module ApplicationTests
RUBY
add_to_config <<-RUBY
- secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
-
# Enable AEAD cookies
config.action_dispatch.use_authenticated_cookie_encryption = true
RUBY
@@ -238,68 +236,6 @@ module ApplicationTests
assert_equal 1, encryptor.decrypt_and_verify(last_response.body, purpose: "cookie._myapp_session")["foo"]
end
- test "session upgrading signature to encryption cookie store upgrades session to encrypted mode" do
- app_file "config/routes.rb", <<-RUBY
- Rails.application.routes.draw do
- get ':controller(/:action)'
- end
- RUBY
-
- controller :foo, <<-RUBY
- class FooController < ActionController::Base
- def write_raw_session
- # {"session_id"=>"1965d95720fffc123941bdfb7d2e6870", "foo"=>1}
- cookies[:_myapp_session] = "BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTE5NjVkOTU3MjBmZmZjMTIzOTQxYmRmYjdkMmU2ODcwBjsAVEkiCGZvbwY7AEZpBg==--315fb9931921a87ae7421aec96382f0294119749"
- head :ok
- end
-
- def write_session
- session[:foo] = session[:foo] + 1
- head :ok
- end
-
- def read_session
- render plain: session[:foo]
- end
-
- def read_encrypted_cookie
- render plain: cookies.encrypted[:_myapp_session]['foo']
- end
-
- def read_raw_cookie
- render plain: cookies[:_myapp_session]
- end
- end
- RUBY
-
- add_to_config <<-RUBY
- secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
-
- # Enable AEAD cookies
- config.action_dispatch.use_authenticated_cookie_encryption = true
- RUBY
-
- require "#{app_path}/config/environment"
-
- get "/foo/write_raw_session"
- get "/foo/read_session"
- assert_equal "1", last_response.body
-
- get "/foo/write_session"
- get "/foo/read_session"
- assert_equal "2", last_response.body
-
- get "/foo/read_encrypted_cookie"
- assert_equal "2", last_response.body
-
- cipher = "aes-256-gcm"
- secret = app.key_generator.generate_key("authenticated encrypted cookie")
- encryptor = ActiveSupport::MessageEncryptor.new(secret[0, ActiveSupport::MessageEncryptor.key_len(cipher)], cipher: cipher)
-
- get "/foo/read_raw_cookie"
- assert_equal 2, encryptor.decrypt_and_verify(last_response.body, purpose: "cookie._myapp_session")["foo"]
- end
-
test "session upgrading from AES-CBC-HMAC encryption to AES-GCM encryption" do
app_file "config/routes.rb", <<-RUBY
Rails.application.routes.draw do
@@ -370,70 +306,6 @@ module ApplicationTests
end
end
- test "session upgrading legacy signed cookies to new signed cookies" do
- app_file "config/routes.rb", <<-RUBY
- Rails.application.routes.draw do
- get ':controller(/:action)'
- end
- RUBY
-
- controller :foo, <<-RUBY
- class FooController < ActionController::Base
- def write_raw_session
- # {"session_id"=>"1965d95720fffc123941bdfb7d2e6870", "foo"=>1}
- cookies[:_myapp_session] = "BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJTE5NjVkOTU3MjBmZmZjMTIzOTQxYmRmYjdkMmU2ODcwBjsAVEkiCGZvbwY7AEZpBg==--315fb9931921a87ae7421aec96382f0294119749"
- head :ok
- end
-
- def write_session
- session[:foo] = session[:foo] + 1
- head :ok
- end
-
- def read_session
- render plain: session[:foo]
- end
-
- def read_signed_cookie
- render plain: cookies.signed[:_myapp_session]['foo']
- end
-
- def read_raw_cookie
- render plain: cookies[:_myapp_session]
- end
- end
- RUBY
-
- add_to_config <<-RUBY
- secrets.secret_token = "3b7cd727ee24e8444053437c36cc66c4"
- Rails.application.credentials.secret_key_base = nil
- RUBY
-
- begin
- old_rails_env, ENV["RAILS_ENV"] = ENV["RAILS_ENV"], "production"
-
- require "#{app_path}/config/environment"
-
- get "/foo/write_raw_session"
- get "/foo/read_session"
- assert_equal "1", last_response.body
-
- get "/foo/write_session"
- get "/foo/read_session"
- assert_equal "2", last_response.body
-
- get "/foo/read_signed_cookie"
- assert_equal "2", last_response.body
-
- verifier = ActiveSupport::MessageVerifier.new(app.secrets.secret_token)
-
- get "/foo/read_raw_cookie"
- assert_equal 2, verifier.verify(last_response.body, purpose: "cookie._myapp_session")["foo"]
- ensure
- ENV["RAILS_ENV"] = old_rails_env
- end
- end
-
test "calling reset_session on request does not trigger an error for API apps" do
add_to_config "config.api_only = true"
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 09:51:42 +0000