aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/cookies_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-0/+117
| | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* Re-write legacy (marshal) cookies on readGodfrey Chan2014-02-111-15/+17
|
* Changed the tests to ensure HybridSerializer actually migrates the cookies ↵Godfrey Chan2014-02-111-10/+18
| | | | (currently failing)
* Fixed minor typo in test codeGodfrey Chan2014-02-111-1/+1
|
* Tests for the HybridSerializerRafael Mendonça França2014-02-111-0/+68
|
* Removed an old testGodfrey Chan2014-02-111-5/+0
|
* Just very so slightly better test coverageGodfrey Chan2014-02-111-15/+57
|
* Renamed session_serializer option to cookies_serializerGodfrey Chan2014-02-111-6/+6
|
* Modify the session serializer implementationGuillermo Iguaran2014-01-301-9/+3
| | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-291-0/+33
| | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Merge pull request #10061 from trevorturk/dummy-key-generator-renameSantiago Pastorino2013-04-021-6/+6
|\ | | | | Rename DummyKeyGenerator -> LegacyKeyGenerator
| * Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-6/+6
| |
* | Fix permanent cookie jar accessor typoTrevor Turk2013-04-021-1/+6
|/
* Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵Trevor Turk2013-03-281-2/+73
| | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config
* Skipping test for OpenSSL::PKCS5 JRubyArun Agrawal2013-03-251-0/+10
|
* Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵Trevor Turk2013-03-241-0/+55
| | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4
* InvalidMessage is in ActiveSupport::MessageEncryptor namespaceSantiago Pastorino2013-02-191-3/+18
| | | | Closes #9302
* add fetch to CookieJarAaron Patterson2013-01-271-0/+30
|
* Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-10/+10
| | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-1/+4
|
* Add cookie.encrypted which returns an EncryptedCookieJarSantiago Pastorino2012-11-031-0/+15
| | | | | | | | | How to use it? cookies.encrypted[:discount] = 45 => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/ cookies.encrypted[:discount] => 45
* Sign cookies using key deriverSantiago Pastorino2012-11-031-6/+8
|
* Test actual content of permanent cookiebrainopia2012-08-101-1/+1
|
* Dont stream back cookie value if it was set to the same valuebrainopia2012-04-301-0/+12
|
* Dont set cookie header for deletion of unexisting databrainopia2012-04-301-8/+24
|
* ActionDispatch::Cookies::CookieJar#deleted? predicate method.Paul Annesley2012-01-241-0/+11
| | | | | Necessary in controller tests to determine if the CookieJar will delete the given cookie.
* Get rid of the close checks since we cannot reliably close the session anyway.José Valim2011-12-161-97/+1
|
* configuration option to always write cookielest2011-11-231-2/+2
|
* CookieJar is enumerable. fixes #2795Aaron Patterson2011-09-011-0/+16
|
* Add has_key? and key? methods to CookieJar removed in 0ca69ca65f83b4bb34f8José Valim2011-06-301-0/+9
|
* Add backward compatibility for testing cookiesAndrew White2011-06-051-2/+49
| | | | | | | | | | | | | | | | | | | This commit restores the ability to assign cookies for testing via @request.env['HTTP_COOKIE'] and @request.cookies, e.g: @request.env['HTTP_COOKIE'] = 'user_name=david' get :index assert_equal 'david', cookies[:user_name] and @request.cookies[:user_name] = 'david' get :index assert_equal 'david', cookies[:user_name] Assigning via cookies[] is the preferred method and will take precedence over the other two methods. This is so that cookies set in controller actions have precedence and are carried over between calls to get, post, etc.
* Refactor ActionController::TestCase cookiesAndrew White2011-06-041-18/+12
| | | | | | | | | | | | | | | | | | Assigning cookies for test cases should now use cookies[], e.g: cookies[:email] = 'user@example.com' get :index assert_equal 'user@example.com', cookies[:email] To clear the cookies, use clear, e.g: cookies.clear get :index assert_nil cookies[:email] We now no longer write out HTTP_COOKIE and the cookie jar is persistent between requests so if you need to manipulate the environment for your test you need to do it before the cookie jar is created.
* adding teststeve2011-05-191-4/+8
|
* Revert "Use freeze instead of close!"Santiago Pastorino2011-04-071-6/+0
| | | | This reverts commit 29592a7f09dda2e7e1e0a915d9230fe6a9b5c0af.
* cookies hereSantiago Pastorino2011-04-071-3/+3
|
* Use freeze instead of close!Santiago Pastorino2011-04-061-0/+6
|
* Delete useless argumentsSantiago Pastorino2011-04-061-6/+6
|
* Delete useless env variableSantiago Pastorino2011-04-061-9/+3
|
* Add tests to verify that signed and permanent cookies raises if someone triesSantiago Pastorino2011-04-061-0/+51
| | | | | to modify the cookies when it was already streamed back to the client or converted to HTTP headers
* raise if someone tries to modify the cookies when it was already streamed ↵Santiago Pastorino2011-04-061-0/+51
| | | | back to the client or converted to HTTP headers
* Improve testing of cookies in functional tests:Andrew White2011-03-061-0/+65
| | | | | | | | | - cookies can be set using string or symbol keys - cookies are preserved across calls to get, post, etc. - cookie names and values are escaped - cookies can be cleared using @request.cookies.clear [#6272 state:resolved]
* Add tld_length option when using domain :all in cookiesbrainopia2011-01-211-0/+36
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Support list of possible domains for cookiesbrainopia2011-01-211-0/+45
| | | | Signed-off-by: José Valim <jose.valim@gmail.com>
* Fix edge cases for domain :all option on cookie storebrainopia2010-12-161-0/+21
| | | | | | | | Dont set explicit domain for cookies if host is not a domain name [#6002 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Make cookies hash in ActionDispatch::TestProcess indifferent access [#5761 ↵David Trasbo2010-11-071-0/+18
| | | | | | state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
* Don't write out secure cookies unless the request is secureAndrew White2010-10-251-0/+23
|
* Use parentheses when using assert_match followed by a regexp to avoid warnings.Emilio Tagua2010-09-271-5/+5
|
* Only send secure cookies over SSL.W. Andrew Loe III2010-09-131-0/+11
|
* Allow for any possible TLD when using the :all option with the cookie ↵Bryce Thornton2010-08-151-1/+29
| | | | | | session store. This works for subdomain.mysite.local, google.co.uk, google.com.au, etc. [#5147 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com>