diff options
Diffstat (limited to 'railties')
9 files changed, 47 insertions, 17 deletions
diff --git a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt index 451dbe1d1c..be627fbbcc 100644 --- a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt +++ b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt @@ -4,4 +4,4 @@ # If you change this key, all old signed cookies will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. -ActionController::Base.cookie_verifier_secret = '<%= app_secret %>' +Rails.application.config.cookie_secret = '<%= app_secret %>' diff --git a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt index 2f04ed8fb0..edd2273fb0 100644 --- a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt +++ b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt @@ -1,12 +1,7 @@ # Be sure to restart your server when you modify this file. -# Your secret key for verifying cookie session data integrity. -# If you change this key, all old sessions will become invalid! -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -Rails.application.config.action_dispatch.session = { - :key => '_<%= app_name %>_session', - :secret => '<%= app_secret %>' +Rails.application.config.session_store :cookie_store, { + :key => '_<%= app_name %>_session', } # Use the database for sessions instead of the cookie-based default, diff --git a/railties/lib/rails/engine/configuration.rb b/railties/lib/rails/engine/configuration.rb index 5d3e768cfd..cdaf35542f 100644 --- a/railties/lib/rails/engine/configuration.rb +++ b/railties/lib/rails/engine/configuration.rb @@ -7,6 +7,7 @@ module Rails attr_writer :eager_load_paths, :load_once_paths, :load_paths def initialize(root=nil) + super() @root = root end diff --git a/railties/lib/rails/railtie/configuration.rb b/railties/lib/rails/railtie/configuration.rb index 28d7b2f9ae..6a8c4ca09f 100644 --- a/railties/lib/rails/railtie/configuration.rb +++ b/railties/lib/rails/railtie/configuration.rb @@ -3,6 +3,13 @@ require 'rails/configuration' module Rails class Railtie class Configuration + attr_accessor :cookie_secret + + def initialize + @session_store = :cookie_store + @session_options = {} + end + def middleware @@default_middleware_stack ||= default_middleware end @@ -52,6 +59,24 @@ module Rails @metal_loader ||= Rails::Application::MetalLoader.new end + def session_store(*args) + if args.empty? + case @session_store + when :disabled + nil + when :active_record_store + ActiveRecord::SessionStore + when Symbol + ActionDispatch::Session.const_get(@session_store.to_s.camelize) + else + @session_store + end + else + @session_store = args.shift + @session_options = args.shift || {} + end + end + private def method_missing(name, *args, &blk) @@ -61,6 +86,11 @@ module Rails super end + def session_options + return @session_options unless @session_store == :cookie_store + @session_options.merge(:secret => @cookie_secret) + end + def config_key_regexp bits = config_keys.map { |n| Regexp.escape(n.to_s) }.join('|') /^(#{bits})(?:=)?$/ @@ -86,8 +116,8 @@ module Rails middleware.use('::Rack::Sendfile', lambda { action_dispatch.x_sendfile_header }) middleware.use('::ActionDispatch::Callbacks', lambda { !cache_classes }) middleware.use('::ActionDispatch::Cookies') - middleware.use(lambda { ActionController::SessionManagement.session_store_for(action_dispatch.session_store) }, lambda { action_dispatch.session }) - middleware.use('::ActionDispatch::Flash', :if => lambda { action_dispatch.session_store }) + middleware.use(lambda { session_store }, lambda { session_options }) + middleware.use('::ActionDispatch::Flash', :if => lambda { session_store }) middleware.use(lambda { metal_loader.build_middleware(metals) }, :if => lambda { metal_loader.metals.any? }) middleware.use('ActionDispatch::ParamsParser') middleware.use('::Rack::MethodOverride') diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 25389c86f7..54cd751f4e 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -177,7 +177,8 @@ module ApplicationTests require "action_controller/railtie" class MyApp < Rails::Application - config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" } + config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4" + config.session_store :cookie_store, :key => "_myapp_session" end MyApp.initialize! @@ -204,7 +205,8 @@ module ApplicationTests require "action_controller/railtie" class MyApp < Rails::Application - config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" } + config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4" + config.session_store :cookie_store, :key => "_myapp_session" config.action_dispatch.x_sendfile_header = 'X-Lighttpd-Send-File' end diff --git a/railties/test/application/initializers/frameworks_test.rb b/railties/test/application/initializers/frameworks_test.rb index d74de3d666..8e57022e5b 100644 --- a/railties/test/application/initializers/frameworks_test.rb +++ b/railties/test/application/initializers/frameworks_test.rb @@ -65,7 +65,7 @@ module ApplicationTests test "database middleware doesn't initialize when session store is not active_record" do add_to_config <<-RUBY config.root = "#{app_path}" - config.action_dispatch.session_store = :cookie_store + config.session_store :cookie_store, { :key => "blahblahblah" } RUBY require "#{app_path}/config/environment" @@ -73,7 +73,7 @@ module ApplicationTests end test "database middleware initializes when session store is active record" do - add_to_config "config.action_dispatch.session_store = :active_record_store" + add_to_config "config.session_store :active_record_store" require "#{app_path}/config/environment" diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb index 9086ddcfe7..284f7e2e5b 100644 --- a/railties/test/application/middleware_stack_defaults_test.rb +++ b/railties/test/application/middleware_stack_defaults_test.rb @@ -10,7 +10,8 @@ class MiddlewareStackDefaultsTest < Test::Unit::TestCase Object.const_set(:MyApplication, Class.new(Rails::Application)) MyApplication.class_eval do - config.action_dispatch.session = { :key => "_myapp_session", :secret => "OMG A SEKRET" * 10 } + config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4" + config.session_store :cookie_store, :key => "_myapp_session" end end diff --git a/railties/test/application/url_generation_test.rb b/railties/test/application/url_generation_test.rb index f8e9a39969..04f5454e09 100644 --- a/railties/test/application/url_generation_test.rb +++ b/railties/test/application/url_generation_test.rb @@ -14,7 +14,8 @@ module ApplicationTests require "action_controller/railtie" class MyApp < Rails::Application - config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" } + config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4" + config.session_store :cookie_store, :key => "_myapp_session" end MyApp.initialize! diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index 2b0d5a8ba0..8f2f15b49e 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -100,7 +100,7 @@ module TestHelpers end end - add_to_config 'config.action_dispatch.session = { :key => "_myapp_session", :secret => "bac838a849c1d5c4de2e6a50af826079" }' + add_to_config 'config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"; config.session_store :cookie_store, :key => "_myapp_session"' end class Bukkit |