| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
header.
|
|
|
|
|
| |
Use the Rack utility methods for functional header manipulation. This
helps to eliminate coupling on the header hash
|
|
|
|
| |
It's only used there.
|
|
|
|
|
| |
`CookieJar` is only at the start of the chain and has its own
request method, so we don't need it in the module.
|
|
|
|
| |
It was the same in both legacy versions of the signed and encrypted cookie jars.
|
|
|
|
| |
The `EncryptedCookieJar` already calls it for us, so just delegate to its `parse` implementation.
|
|
|
|
|
| |
`SignedCookieJar`'s parse method already attempts to verify the message,
so we can just call super and try the old verifier if it fails.
|
|
|
|
| |
Cuts down on the duplicated reading parts.
|
|
|
|
| |
Gets rid of the option parsing and makes what the encryptor does stand out.
|
|
|
|
| |
Lets us avoid worrying about parsing the options and doing just what we need.
|
|
|
|
| |
Remove the clutter to make PermanentCookieJar's one change stand out.
|
|
|
|
| |
Eventually this will be the superclass of all the chained jars.
|
|
|
|
|
|
| |
Just include the modules necessary in the Request object to implement
the things we need. This should make it easier to build delegate
request objects because the API is smaller
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With changes made in 8363b8 and ae29142 cookies that are mutated on the
request like `cookies.signed = x` were not retained in subsequent tests,
breaking cookie authentiation in controller tests.
The test added demonstrates the issue.
The reason we need to select from non-deleted cookies is because without
checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the
wrong cookies to be updated. The code must check for `@deleted_cookies`
before sending an `#update` with the requests cookie_jar cookies.
This follows how the cookie_jar cookies from the request were updated
before these changes.
|
|
|
|
| |
They are already required in `actionpack/lib/action_dispatch.rb` (L25-L26)
|
| |
|
| |
|
|
|
|
|
| |
we don't recycle requests anymore, so we shouldn't need to recycle
cookie jars
|
|
|
|
| |
this prevents the middleware from knowing the specific key for the jar
|
| |
|
|
|
|
|
| |
This changes the chained jars to ask the parent jar for the request
object which should eventually call back up to the original jar
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
eventually we will make the cookie jar derive these values from the
request object rather than save a reference to the values
|
|
|
|
|
|
|
|
| |
The cookie jar can just ask the request object for the information it
needs. This allows us to stop allocating hashes for options, and also
allows us to delay calculating values in advance. Generating the
options hash forced us to calculate values that we may never have needed
at runtime
|
|
|
|
|
|
| |
Accessing a request object has nice advantages over accessing a hash.
If you use a missing method name, you'll get an exception rather than a
`nil` (is one nice feature)
|
| |
|
|
|
|
|
|
| |
This change decouples `cookie_jar` allocation from the request object.
We need this for moving controller tests to integration tests so we can
access the `cookie_jar` object separately.
|
| |
|
| |
|
| |
|
|\
| |
| | |
[ci skip] Description inside Signed and Encrypted CookieJars added
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit a88875ac6abaa4d8116b42af8cd71189ce3d44d3
Author: Siddharth Bhatore <sbhatore95@gmail.com>
Date: Thu Apr 23 12:26:08 2015 +0530
[ci skip] Update doc fix cookies
commit f175eaa7a21db898fc6c66334f770831028f9d00
Author: Siddharth Bhatore <sbhatore95@gmail.com>
Date: Mon Apr 20 12:58:04 2015 +0530
Description inside Signed and Encrypted CookieJars added
|
|/ |
|
|
|
| |
Updating some minor grammar issue.
|
|
|
|
| |
same elsewhere
|
| |
|
|\
| |
| |
| | |
allow 'all' for :domain option in addition to :all
|
| | |
|
| |
| |
| |
| |
| |
| | |
Update cookies.rb
Conflicts:
actionpack/lib/action_dispatch/middleware/cookies.rb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- `secrets.secret_token` is now used in all places `config.secret_token` was
- `secrets.secret_token`, when not present in `config/secrets.yml`,
now falls back to the value of `config.secret_token`
- when `secrets.secret_token` is set, it over-writes
`config.secret_token` so they are the same (for backwards-compatibility)
- Update docs to reference app.secrets in all places
- Remove references to `config.secret_token`, `config.secret_key_base`
- Warn that missing secret_key_base is deprecated
- Add tests for secret_token, key_generator, and message_verifier
- the legacy key generator is used with the message verifier when
secrets.secret_key_base is blank and secret_token is set
- app.key_generator raises when neither secrets.secret_key_base nor
secret_token are set
- app.env_config raises when neither secrets.secret_key_base nor
secret_token are set
- Add changelog
Run focused tests via
ruby -w -Itest test/application/configuration_test.rb -n '/secret_|key_/'
|
| |
| |
| |
| |
| |
| |
| |
| | |
Use the Active Support JSON encoder for cookie jars using the `:json` or
`:hybrid` serializer. This allows you to serialize custom Ruby objects into
cookies by defining the `#as_json` hook on such objects.
Fixes #16520.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Cookies digest config option (pt. 2)
Conflicts:
actionpack/CHANGELOG.md
actionpack/lib/action_dispatch/middleware/cookies.rb
|
| | |
| | |
| | |
| | |
| | |
| | | |
You can now configure custom digest for cookies in the same way as `serializer`:
config.action_dispatch.cookies_digest = 'SHA256'
|
|/ /
| |
| |
| | |
Use one from ActiveSupport::MessageEncryptor module.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Although the cookie values happens to be ASCII strings because they are
Base64 encoded, it is semantically incorrect to check for the number of the
characters in the cookie, when we actually want to check for the number of the
bytes it consists of.
Furthermore it is unecessary coupling with the current implementation that
uses Base64 for encoding the values.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming
cookies are marshal-encoded. This is not the case when `secret_token` is
used in conjunction with the `:json` or `:hybrid` serializer.
In those case, when upgrading to use `secret_key_base`, this would cause a
`TypeError: incompatible marshal file format` and a 500 error for the user.
Fixes #14774.
*Godfrey Chan*
|