aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
Diffstat (limited to 'railties')
-rw-r--r--railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt2
-rw-r--r--railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt9
-rw-r--r--railties/lib/rails/engine/configuration.rb1
-rw-r--r--railties/lib/rails/railtie/configuration.rb34
-rw-r--r--railties/test/application/configuration_test.rb6
-rw-r--r--railties/test/application/initializers/frameworks_test.rb4
-rw-r--r--railties/test/application/middleware_stack_defaults_test.rb3
-rw-r--r--railties/test/application/url_generation_test.rb3
-rw-r--r--railties/test/isolation/abstract_unit.rb2
9 files changed, 47 insertions, 17 deletions
diff --git a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
index 451dbe1d1c..be627fbbcc 100644
--- a/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
+++ b/railties/lib/generators/rails/app/templates/config/initializers/cookie_verification_secret.rb.tt
@@ -4,4 +4,4 @@
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
-ActionController::Base.cookie_verifier_secret = '<%= app_secret %>'
+Rails.application.config.cookie_secret = '<%= app_secret %>'
diff --git a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
index 2f04ed8fb0..edd2273fb0 100644
--- a/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
+++ b/railties/lib/generators/rails/app/templates/config/initializers/session_store.rb.tt
@@ -1,12 +1,7 @@
# Be sure to restart your server when you modify this file.
-# Your secret key for verifying cookie session data integrity.
-# If you change this key, all old sessions will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-Rails.application.config.action_dispatch.session = {
- :key => '_<%= app_name %>_session',
- :secret => '<%= app_secret %>'
+Rails.application.config.session_store :cookie_store, {
+ :key => '_<%= app_name %>_session',
}
# Use the database for sessions instead of the cookie-based default,
diff --git a/railties/lib/rails/engine/configuration.rb b/railties/lib/rails/engine/configuration.rb
index 5d3e768cfd..cdaf35542f 100644
--- a/railties/lib/rails/engine/configuration.rb
+++ b/railties/lib/rails/engine/configuration.rb
@@ -7,6 +7,7 @@ module Rails
attr_writer :eager_load_paths, :load_once_paths, :load_paths
def initialize(root=nil)
+ super()
@root = root
end
diff --git a/railties/lib/rails/railtie/configuration.rb b/railties/lib/rails/railtie/configuration.rb
index 28d7b2f9ae..6a8c4ca09f 100644
--- a/railties/lib/rails/railtie/configuration.rb
+++ b/railties/lib/rails/railtie/configuration.rb
@@ -3,6 +3,13 @@ require 'rails/configuration'
module Rails
class Railtie
class Configuration
+ attr_accessor :cookie_secret
+
+ def initialize
+ @session_store = :cookie_store
+ @session_options = {}
+ end
+
def middleware
@@default_middleware_stack ||= default_middleware
end
@@ -52,6 +59,24 @@ module Rails
@metal_loader ||= Rails::Application::MetalLoader.new
end
+ def session_store(*args)
+ if args.empty?
+ case @session_store
+ when :disabled
+ nil
+ when :active_record_store
+ ActiveRecord::SessionStore
+ when Symbol
+ ActionDispatch::Session.const_get(@session_store.to_s.camelize)
+ else
+ @session_store
+ end
+ else
+ @session_store = args.shift
+ @session_options = args.shift || {}
+ end
+ end
+
private
def method_missing(name, *args, &blk)
@@ -61,6 +86,11 @@ module Rails
super
end
+ def session_options
+ return @session_options unless @session_store == :cookie_store
+ @session_options.merge(:secret => @cookie_secret)
+ end
+
def config_key_regexp
bits = config_keys.map { |n| Regexp.escape(n.to_s) }.join('|')
/^(#{bits})(?:=)?$/
@@ -86,8 +116,8 @@ module Rails
middleware.use('::Rack::Sendfile', lambda { action_dispatch.x_sendfile_header })
middleware.use('::ActionDispatch::Callbacks', lambda { !cache_classes })
middleware.use('::ActionDispatch::Cookies')
- middleware.use(lambda { ActionController::SessionManagement.session_store_for(action_dispatch.session_store) }, lambda { action_dispatch.session })
- middleware.use('::ActionDispatch::Flash', :if => lambda { action_dispatch.session_store })
+ middleware.use(lambda { session_store }, lambda { session_options })
+ middleware.use('::ActionDispatch::Flash', :if => lambda { session_store })
middleware.use(lambda { metal_loader.build_middleware(metals) }, :if => lambda { metal_loader.metals.any? })
middleware.use('ActionDispatch::ParamsParser')
middleware.use('::Rack::MethodOverride')
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 25389c86f7..54cd751f4e 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -177,7 +177,8 @@ module ApplicationTests
require "action_controller/railtie"
class MyApp < Rails::Application
- config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" }
+ config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+ config.session_store :cookie_store, :key => "_myapp_session"
end
MyApp.initialize!
@@ -204,7 +205,8 @@ module ApplicationTests
require "action_controller/railtie"
class MyApp < Rails::Application
- config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" }
+ config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+ config.session_store :cookie_store, :key => "_myapp_session"
config.action_dispatch.x_sendfile_header = 'X-Lighttpd-Send-File'
end
diff --git a/railties/test/application/initializers/frameworks_test.rb b/railties/test/application/initializers/frameworks_test.rb
index d74de3d666..8e57022e5b 100644
--- a/railties/test/application/initializers/frameworks_test.rb
+++ b/railties/test/application/initializers/frameworks_test.rb
@@ -65,7 +65,7 @@ module ApplicationTests
test "database middleware doesn't initialize when session store is not active_record" do
add_to_config <<-RUBY
config.root = "#{app_path}"
- config.action_dispatch.session_store = :cookie_store
+ config.session_store :cookie_store, { :key => "blahblahblah" }
RUBY
require "#{app_path}/config/environment"
@@ -73,7 +73,7 @@ module ApplicationTests
end
test "database middleware initializes when session store is active record" do
- add_to_config "config.action_dispatch.session_store = :active_record_store"
+ add_to_config "config.session_store :active_record_store"
require "#{app_path}/config/environment"
diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb
index 9086ddcfe7..284f7e2e5b 100644
--- a/railties/test/application/middleware_stack_defaults_test.rb
+++ b/railties/test/application/middleware_stack_defaults_test.rb
@@ -10,7 +10,8 @@ class MiddlewareStackDefaultsTest < Test::Unit::TestCase
Object.const_set(:MyApplication, Class.new(Rails::Application))
MyApplication.class_eval do
- config.action_dispatch.session = { :key => "_myapp_session", :secret => "OMG A SEKRET" * 10 }
+ config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+ config.session_store :cookie_store, :key => "_myapp_session"
end
end
diff --git a/railties/test/application/url_generation_test.rb b/railties/test/application/url_generation_test.rb
index f8e9a39969..04f5454e09 100644
--- a/railties/test/application/url_generation_test.rb
+++ b/railties/test/application/url_generation_test.rb
@@ -14,7 +14,8 @@ module ApplicationTests
require "action_controller/railtie"
class MyApp < Rails::Application
- config.action_dispatch.session = { :key => "_myapp_session", :secret => "3b7cd727ee24e8444053437c36cc66c4" }
+ config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
+ config.session_store :cookie_store, :key => "_myapp_session"
end
MyApp.initialize!
diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb
index 2b0d5a8ba0..8f2f15b49e 100644
--- a/railties/test/isolation/abstract_unit.rb
+++ b/railties/test/isolation/abstract_unit.rb
@@ -100,7 +100,7 @@ module TestHelpers
end
end
- add_to_config 'config.action_dispatch.session = { :key => "_myapp_session", :secret => "bac838a849c1d5c4de2e6a50af826079" }'
+ add_to_config 'config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"; config.session_store :cookie_store, :key => "_myapp_session"'
end
class Bukkit
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 20:50:22 +0000