aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/cookies_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Merge pull request #27586 from maclover7/jm-fix-27584"Rafael Mendonça França2017-01-111-9/+0
| | | | | | | This reverts commit 5eff7a9ca7bb2ee7f16db1ab4d11cebe28757ba5, reversing changes made to 5f03172f54a58a57a48a3121562beb2cef866cbe. Reason: It caused a regression. The test case is on the PR.
* Update `cookies` helper on all HTTP requestsJon Moss2017-01-051-0/+9
| | | | | | | | | Regression introduced by ae29142142324545a328948e059e8b8118fd7a33 / 8363b879fe759f0645179f4521cc64795efbee6e. Previously, cookies were only updated on `GET` requests. Now we will update the helper for all requests, as part of `process`. Added regression tests for all available HTTP method helpers in `ActionController::TestCase`.
* "Use assert_nil if expecting nil. This will fail in minitest 6."Akira Matsuda2016-12-251-4/+4
|
* Do not clear HTTP_COOKIES header after requestJon Moss2016-12-111-0/+10
|
* Add more rubocop rules about whitespacesRafael Mendonça França2016-10-291-6/+6
|
* improve error message when include assertions failMichael Grosser2016-09-161-3/+3
| | | | | | assert [1, 3].includes?(2) fails with unhelpful "Asserting failed" message assert_includes [1, 3], 2 fails with "Expected [1, 3] to include 2" which makes it easier to debug and more obvious what went wrong
* Start passing cipher from EncryptedCookieJar since we use it to determine ↵Vipul A M2016-09-011-13/+12
| | | | key length
* Follow up of #25602Vipul A M2016-09-011-11/+25
| | | | | | | | | Since keys are truncated, ruby 2.4 doesn't accept keys greater than their lenghts. keys of same value but different lenght and greater than key size of cipher, produce the same results as reproduced at https://gist.github.com/rhenium/b81355fe816dcfae459cc5eadfc4f6f9 Since our default cipher is 'aes-256-cbc', key length for which is 32 bytes, limit the length of key being passed to Encryptor to 32 bytes. This continues to support backwards compat with any existing signed data, already encrupted and signed with 32+ byte keys. Also fixes the passing of this value in multiple tests.
* Add three new rubocop rulesRafael Mendonça França2016-08-161-16/+16
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* modernizes hash syntax in actionpackXavier Noria2016-08-061-15/+15
|
* applies new string literal convention in actionpack/testXavier Noria2016-08-061-106/+106
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* existant => existentAbhishek Jain2016-06-091-2/+2
|
* Push `before_sending` to super classeileencodes2015-12-061-1/+1
| | | | | | | | | | | | We want to get rid of the `Live::Response` so we are consolidating methods from `Live::Response` and `Response` by merging them together. This adds an `#empty` method to the request so we don't need to hard-code the empty array each time we call an empty `ActionDispatch::Request`. The work here is a continuation on combining controller and integration test code bases into one.
* Don't set a nil Set-Cookie header when there aren't any cookies. Omit the ↵Jeremy Daer2015-10-011-74/+93
| | | | header.
* Fix bug where cookies mutated by request were not persistedeileencodes2015-09-011-0/+9
| | | | | | | | | | | | | | | With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
* Get rid of mocha tests - part 1Marcin Olichwirowicz2015-08-241-1/+3
|
* Improve error messages in cookies_testeileencodes2015-06-271-3/+3
| | | | | | | | | | | | | | | Using `assert_predicate` and `assert_match` instead of just `assert` is preferrable because better error messages are output. In the case of `assert response.cookies.empty?` the error message was `Failed assertion, no message given.` but now with `assert_predicate` it will be `Expected {"user_name"=>"david"} to be empty?.` For `assert_match(/user_name=david/, response.headers["Set-Cookie"])` as well, the message returned was unhelpful - `Failed assertion, no message given.` but now will tell what was expected and what was returned with `Expected /user_name=david/ to match "user_name=nope; path=/".`
* Merge pull request #10380 from JonRowe/test_all_domain_2_letter_tldRafael Mendonça França2015-01-021-0/+7
|\ | | | | | | Assert that 2 letter tlds with 3 letter domain names work when option specified.
| * add test asserting that 2 letter tlds with 3 letter domain names work when ↵Jon Rowe2013-04-301-0/+7
| | | | | | | | option specified
* | Merge pull request #17792 from rockrep/masterRafael Mendonça França2014-12-041-0/+10
|\ \ | | | | | | | | | allow 'all' for :domain option in addition to :all
| * | allow 'all' for :domain option in addition to :allrockrep2014-11-261-0/+10
| | |
* | | Remove "rescue" clause around "require 'openssl'"claudiob2014-12-031-10/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some `require 'openssl'` statements were surrounded by `rescue` blocks to deal with Ruby versions that did not support `OpenSSL::Digest::SHA1` or `OpenSSL::PKCS5`. [As @jeremy explains](https://github.com/rails/rails/commit/a6a0904fcb12b876469c48b1c885aadafe9188cf#commitcomment-8826666) in the original commit: > If jruby didn't have jruby-openssl gem, the require wouldn't work. Not sure whether either of these are still relevant today. According to the [release notes for JRuby 1.7.13](http://www.jruby.org/2014/06/24/jruby-1-7-13.html): > jruby-openssl 0.9.5 bundled which means the above `rescue` block is not needed anymore. All the Ruby versions supported by the current version of Rails provide those OpenSSL libraries, so Travis CI should also be happy by removing the `rescue` blocks. --- Just to confirm, with JRuby: $ ruby --version #=> jruby 1.7.16.1 (1.9.3p392) 2014-10-28 4e93f31 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 # => OpenSSL::PKCS5 And with Ruby 2.1: $ ruby --version #=> ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-darwin13.0] $ irb irb(main):001:0> require 'openssl' #=> true irb(main):002:0> OpenSSL::Digest::SHA1 #=> OpenSSL::Digest::SHA1 irb(main):003:0> OpenSSL::PKCS5 #=> OpenSSL::PKCS5
* | | Fix "nonexistent" typo in testsMelissa Xie2014-12-021-2/+2
| | |
* | | Use less iterations for KeyGenerator in testsPeter Suschlik2014-08-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit improves performance of cookie tests: Ruby | After | Before ----- | --------:| --------: MRI | 5.03s | 9.28s JRuby | 25.45s | 1648.23s Please note the improvement for JRuby.
* | | Expectations firstAkira Matsuda2014-08-181-1/+1
| | |
* | | Use AS::JSON for (de)serializing cookiesGodfrey Chan2014-08-171-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | Use the Active Support JSON encoder for cookie jars using the `:json` or `:hybrid` serializer. This allows you to serialize custom Ruby objects into cookies by defining the `#as_json` hook on such objects. Fixes #16520.
* | | Fixed broken reference caused by 14965baGodfrey Chan2014-08-171-2/+2
| | |
* | | Add config option for cookies digestŁukasz Strzałkowski2014-08-121-0/+50
| | | | | | | | | | | | | | | | | | You can now configure custom digest for cookies in the same way as `serializer`: config.action_dispatch.cookies_digest = 'SHA256'
* | | Fixed an issue with migrating legacy json cookies.Godfrey Chan2014-04-231-0/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan*
* | | Re-write legacy (marshal) cookies on readGodfrey Chan2014-02-111-15/+17
| | |
* | | Changed the tests to ensure HybridSerializer actually migrates the cookies ↵Godfrey Chan2014-02-111-10/+18
| | | | | | | | | | | | (currently failing)
* | | Fixed minor typo in test codeGodfrey Chan2014-02-111-1/+1
| | |
* | | Tests for the HybridSerializerRafael Mendonça França2014-02-111-0/+68
| | |
* | | Removed an old testGodfrey Chan2014-02-111-5/+0
| | |
* | | Just very so slightly better test coverageGodfrey Chan2014-02-111-15/+57
| | |
* | | Renamed session_serializer option to cookies_serializerGodfrey Chan2014-02-111-6/+6
| | |
* | | Modify the session serializer implementationGuillermo Iguaran2014-01-301-9/+3
| | | | | | | | | | | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes.
* | | Allow session serializer key in config.session_storeLukasz Sarnacki2014-01-291-0/+33
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt.
* | Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
| |
* | Merge pull request #10061 from trevorturk/dummy-key-generator-renameSantiago Pastorino2013-04-021-6/+6
|\ \ | | | | | | Rename DummyKeyGenerator -> LegacyKeyGenerator
| * | Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-6/+6
| | |
* | | Fix permanent cookie jar accessor typoTrevor Turk2013-04-021-1/+6
|/ /
* | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵Trevor Turk2013-03-281-2/+73
| | | | | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config
* | Skipping test for OpenSSL::PKCS5 JRubyArun Agrawal2013-03-251-0/+10
| |
* | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵Trevor Turk2013-03-241-0/+55
| | | | | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4
* | InvalidMessage is in ActiveSupport::MessageEncryptor namespaceSantiago Pastorino2013-02-191-3/+18
| | | | | | | | Closes #9302
* | add fetch to CookieJarAaron Patterson2013-01-271-0/+30
| |
* | Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-10/+10
|/ | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* Allow users to change the default salt if they want, shouldn't be necessarySantiago Pastorino2012-11-031-1/+4
|
* Add cookie.encrypted which returns an EncryptedCookieJarSantiago Pastorino2012-11-031-0/+15
| | | | | | | | | How to use it? cookies.encrypted[:discount] = 45 => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/ cookies.encrypted[:discount] => 45