aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/cookies.rb
Commit message (Collapse)AuthorAgeFilesLines
* Don't set a nil Set-Cookie header when there aren't any cookies. Omit the ↵Jeremy Daer2015-10-011-1/+3
| | | | header.
* build the Set-Cookie header functionallyAaron Patterson2015-09-241-5/+18
| | | | | Use the Rack utility methods for functional header manipulation. This helps to eliminate coupling on the header hash
* Push key_generator into SerializedCookieJarsKasper Timm Hansen2015-09-081-4/+4
| | | | It's only used there.
* Move the request method in to the AbstractCookieJarKasper Timm Hansen2015-09-081-4/+3
| | | | | `CookieJar` is only at the start of the chain and has its own request method, so we don't need it in the module.
* Pull up parse to the legacy upgrading moduleKasper Timm Hansen2015-09-081-10/+5
| | | | It was the same in both legacy versions of the signed and encrypted cookie jars.
* Call super to remove the decrypt_and_verify methodKasper Timm Hansen2015-09-081-8/+4
| | | | The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
* Call super to remove the verify methodKasper Timm Hansen2015-09-081-8/+2
| | | | | `SignedCookieJar`'s parse method already attempts to verify the message, so we can just call super and try the old verifier if it fails.
* Add parse method to share deserialization logic.Kasper Timm Hansen2015-09-081-19/+12
| | | | Cuts down on the duplicated reading parts.
* Add commit in the EncryptedCookieJarKasper Timm Hansen2015-09-081-17/+7
| | | | Gets rid of the option parsing and makes what the encryptor does stand out.
* Use commit in the SignedCookieJarKasper Timm Hansen2015-09-081-15/+6
| | | | Lets us avoid worrying about parsing the options and doing just what we need.
* Add commit method to share option normalizationKasper Timm Hansen2015-09-081-4/+12
| | | | Remove the clutter to make PermanentCookieJar's one change stand out.
* Add AbstractCookieJar class.Kasper Timm Hansen2015-09-081-1/+3
| | | | Eventually this will be the superclass of all the chained jars.
* stop inheriting from Rack::RequestAaron Patterson2015-09-041-2/+2
| | | | | | Just include the modules necessary in the Request object to implement the things we need. This should make it easier to build delegate request objects because the API is smaller
* Fix bug where cookies mutated by request were not persistedeileencodes2015-09-011-0/+7
| | | | | | | | | | | | | | | With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
* Remove unused requiresMarcin Olichwirowicz2015-08-251-2/+0
| | | | They are already required in `actionpack/lib/action_dispatch.rb` (L25-L26)
* Remove unused block argumentsamitkumarsuroliya2015-08-251-1/+1
|
* convert more `@env` access to get / set headerAaron Patterson2015-08-231-11/+13
|
* remove dead codeAaron Patterson2015-08-061-5/+0
| | | | | we don't recycle requests anymore, so we shouldn't need to recycle cookie jars
* ask the request for the cookie jarAaron Patterson2015-08-061-1/+8
| | | | this prevents the middleware from knowing the specific key for the jar
* add a setter for the cookie jarAaron Patterson2015-08-061-1/+7
|
* remove request reference from chained jarsAaron Patterson2015-08-061-22/+25
| | | | | This changes the chained jars to ask the parent jar for the request object which should eventually call back up to the original jar
* remove `@host` ivarAaron Patterson2015-08-051-6/+4
|
* remove @secure ivarAaron Patterson2015-08-051-5/+3
|
* CookieJar does not need the key_generator parameter anymoreAaron Patterson2015-08-051-3/+2
|
* eliminate key_generator ivarAaron Patterson2015-08-051-11/+14
|
* sop passing host and secure to the build methodAaron Patterson2015-08-051-2/+4
| | | | | eventually we will make the cookie jar derive these values from the request object rather than save a reference to the values
* stop using an options hash with the cookie jarAaron Patterson2015-08-051-38/+30
| | | | | | | | The cookie jar can just ask the request object for the information it needs. This allows us to stop allocating hashes for options, and also allows us to delay calculating values in advance. Generating the options hash forced us to calculate values that we may never have needed at runtime
* move env access to the request object.Aaron Patterson2015-08-051-13/+45
| | | | | | Accessing a request object has nice advantages over accessing a hash. If you use a missing method name, you'll get an exception rather than a `nil` (is one nice feature)
* Send cookies with requesteileencodes2015-07-071-0/+4
|
* Refactor cookie_jar to decouple it from request objecteileencodes2015-07-051-7/+3
| | | | | | This change decouples `cookie_jar` allocation from the request object. We need this for moving controller tests to integration tests so we can access the `cookie_jar` object separately.
* Document :tld_length option for cookies.Ryan Wallace2015-04-291-0/+3
|
* No need to capitalize verbs. [CI SKIP]Guo Xiang Tan2015-04-261-2/+2
|
* Add nodoc to some private constants [ci skip]Rafael Mendonça França2015-04-231-3/+3
|
* Merge pull request #19823 from sbhatore/doc_fix_1Rafael Mendonça França2015-04-231-0/+8
|\ | | | | [ci skip] Description inside Signed and Encrypted CookieJars added
| * Squashed commit of the following:Siddharth Bhatore2015-04-231-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | commit a88875ac6abaa4d8116b42af8cd71189ce3d44d3 Author: Siddharth Bhatore <sbhatore95@gmail.com> Date: Thu Apr 23 12:26:08 2015 +0530 [ci skip] Update doc fix cookies commit f175eaa7a21db898fc6c66334f770831028f9d00 Author: Siddharth Bhatore <sbhatore95@gmail.com> Date: Mon Apr 20 12:58:04 2015 +0530 Description inside Signed and Encrypted CookieJars added
* | [ci skip] UpgradeLegacySignedCookieJar Doc fixSiddharth Bhatore2015-04-221-2/+2
|/
* Changing sets -> set Lindsey Bieda2015-01-061-1/+1
| | | Updating some minor grammar issue.
* - Removed unused parameter to cookie serialize method and fixed usage of the ↵Vipul A M2014-12-241-4/+4
| | | | same elsewhere
* We don't need to call to_sym. Just compare the stringRafael Mendonça França2014-12-041-1/+1
|
* Merge pull request #17792 from rockrep/masterRafael Mendonça França2014-12-041-1/+1
|\ | | | | | | allow 'all' for :domain option in addition to :all
| * allow 'all' for :domain option in addition to :allrockrep2014-11-261-1/+1
| |
* | Merge pull request #17803 from sadfuzzy/patch-2Abdelkader Boudih2014-11-271-1/+3
| | | | | | | | | | | | Update cookies.rb Conflicts: actionpack/lib/action_dispatch/middleware/cookies.rb
* | `secret_token` is now saved in `Rails.application.secrets.secret_token`Benjamin Fleischer2014-11-021-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - `secrets.secret_token` is now used in all places `config.secret_token` was - `secrets.secret_token`, when not present in `config/secrets.yml`, now falls back to the value of `config.secret_token` - when `secrets.secret_token` is set, it over-writes `config.secret_token` so they are the same (for backwards-compatibility) - Update docs to reference app.secrets in all places - Remove references to `config.secret_token`, `config.secret_key_base` - Warn that missing secret_key_base is deprecated - Add tests for secret_token, key_generator, and message_verifier - the legacy key generator is used with the message verifier when secrets.secret_key_base is blank and secret_token is set - app.key_generator raises when neither secrets.secret_key_base nor secret_token are set - app.env_config raises when neither secrets.secret_key_base nor secret_token are set - Add changelog Run focused tests via ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
* | Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-2/+3
| | | | | | | | | | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
* | Merge pull request #16467 from strzalek/cookies-digest-config-option2Godfrey Chan2014-08-171-3/+9
|\ \ | | | | | | | | | | | | | | | | | | | | | Cookies digest config option (pt. 2) Conflicts: actionpack/CHANGELOG.md actionpack/lib/action_dispatch/middleware/cookies.rb
| * | Add config option for cookies digestŁukasz Strzałkowski2014-08-121-3/+9
| | | | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
* | | Remove redundant NullSerializerŁukasz Strzałkowski2014-08-131-16/+7
|/ / | | | | | | Use one from ActiveSupport::MessageEncryptor module.
* | Use `#bytesize` instead of `#size` when checking for cookie overflowAgis-2014-07-111-2/+2
| | | | | | | | | | | | | | | | | | | | Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
* | Fix weird comment. [CI SKIP]Guo Xiang Tan2014-07-091-2/+2
| |
* | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*