Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed an issue with migrating legacy json cookies. | Godfrey Chan | 2014-04-23 | 1 | -0/+117 |
| | | | | | | | | | | | | | Previously, the `VerifyAndUpgradeLegacySignedMessage` assumes all incoming cookies are marshal-encoded. This is not the case when `secret_token` is used in conjunction with the `:json` or `:hybrid` serializer. In those case, when upgrading to use `secret_key_base`, this would cause a `TypeError: incompatible marshal file format` and a 500 error for the user. Fixes #14774. *Godfrey Chan* | ||||
* | Re-write legacy (marshal) cookies on read | Godfrey Chan | 2014-02-11 | 1 | -15/+17 |
| | |||||
* | Changed the tests to ensure HybridSerializer actually migrates the cookies ↵ | Godfrey Chan | 2014-02-11 | 1 | -10/+18 |
| | | | | (currently failing) | ||||
* | Fixed minor typo in test code | Godfrey Chan | 2014-02-11 | 1 | -1/+1 |
| | |||||
* | Tests for the HybridSerializer | Rafael Mendonça França | 2014-02-11 | 1 | -0/+68 |
| | |||||
* | Removed an old test | Godfrey Chan | 2014-02-11 | 1 | -5/+0 |
| | |||||
* | Just very so slightly better test coverage | Godfrey Chan | 2014-02-11 | 1 | -15/+57 |
| | |||||
* | Renamed session_serializer option to cookies_serializer | Godfrey Chan | 2014-02-11 | 1 | -6/+6 |
| | |||||
* | Modify the session serializer implementation | Guillermo Iguaran | 2014-01-30 | 1 | -9/+3 |
| | | | | | Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes. | ||||
* | Allow session serializer key in config.session_store | Lukasz Sarnacki | 2014-01-29 | 1 | -0/+33 |
| | | | | | | | | | | | | | MessageEncryptor has :serializer option, where any serializer object can be passed. This commit make it possible to set this serializer from configuration level. There are predefined serializers (:marshal_serializer, :json_serialzier) and custom serializer can be passed as String, Symbol (camelized and constantized in ActionDispatch::Session namepspace) or serializer object. Default :json_serializer was also added to generators to provide secure defalt. | ||||
* | Remove comments about removing LegacyKeyGenerator in 4.1 | Trevor Turk | 2013-04-03 | 1 | -1/+0 |
| | |||||
* | Merge pull request #10061 from trevorturk/dummy-key-generator-rename | Santiago Pastorino | 2013-04-02 | 1 | -6/+6 |
|\ | | | | | Rename DummyKeyGenerator -> LegacyKeyGenerator | ||||
| * | Rename DummyKeyGenerator -> LegacyKeyGenerator | Trevor Turk | 2013-04-02 | 1 | -6/+6 |
| | | |||||
* | | Fix permanent cookie jar accessor typo | Trevor Turk | 2013-04-02 | 1 | -1/+6 |
|/ | |||||
* | Allow transparent upgrading of legacy signed cookies to encrypted cookies; ↵ | Trevor Turk | 2013-03-28 | 1 | -2/+73 |
| | | | | Automatically configure cookie-based sessions to use the best cookie jar given the app's config | ||||
* | Skipping test for OpenSSL::PKCS5 JRuby | Arun Agrawal | 2013-03-25 | 1 | -0/+10 |
| | |||||
* | Introduce UpgradeLegacySignedCookieJar to transparently upgrade existing ↵ | Trevor Turk | 2013-03-24 | 1 | -0/+55 |
| | | | | signed cookies generated by Rails 3 to avoid invalidating them when upgrading to Rails 4 | ||||
* | InvalidMessage is in ActiveSupport::MessageEncryptor namespace | Santiago Pastorino | 2013-02-19 | 1 | -3/+18 |
| | | | | Closes #9302 | ||||
* | add fetch to CookieJar | Aaron Patterson | 2013-01-27 | 1 | -0/+30 |
| | |||||
* | Integrate Action Pack with Rack 1.5 | Carlos Antonio da Silva | 2013-01-25 | 1 | -10/+10 |
| | | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino] | ||||
* | Allow users to change the default salt if they want, shouldn't be necessary | Santiago Pastorino | 2012-11-03 | 1 | -1/+4 |
| | |||||
* | Add cookie.encrypted which returns an EncryptedCookieJar | Santiago Pastorino | 2012-11-03 | 1 | -0/+15 |
| | | | | | | | | | How to use it? cookies.encrypted[:discount] = 45 => Set-Cookie: discount=ZS9ZZ1R4cG1pcUJ1bm80anhQang3dz09LS1mbDZDSU5scGdOT3ltQ2dTdlhSdWpRPT0%3D--ab54663c9f4e3bc340c790d6d2b71e92f5b60315; path=/ cookies.encrypted[:discount] => 45 | ||||
* | Sign cookies using key deriver | Santiago Pastorino | 2012-11-03 | 1 | -6/+8 |
| | |||||
* | Test actual content of permanent cookie | brainopia | 2012-08-10 | 1 | -1/+1 |
| | |||||
* | Dont stream back cookie value if it was set to the same value | brainopia | 2012-04-30 | 1 | -0/+12 |
| | |||||
* | Dont set cookie header for deletion of unexisting data | brainopia | 2012-04-30 | 1 | -8/+24 |
| | |||||
* | ActionDispatch::Cookies::CookieJar#deleted? predicate method. | Paul Annesley | 2012-01-24 | 1 | -0/+11 |
| | | | | | Necessary in controller tests to determine if the CookieJar will delete the given cookie. | ||||
* | Get rid of the close checks since we cannot reliably close the session anyway. | José Valim | 2011-12-16 | 1 | -97/+1 |
| | |||||
* | configuration option to always write cookie | lest | 2011-11-23 | 1 | -2/+2 |
| | |||||
* | CookieJar is enumerable. fixes #2795 | Aaron Patterson | 2011-09-01 | 1 | -0/+16 |
| | |||||
* | Add has_key? and key? methods to CookieJar removed in 0ca69ca65f83b4bb34f8 | José Valim | 2011-06-30 | 1 | -0/+9 |
| | |||||
* | Add backward compatibility for testing cookies | Andrew White | 2011-06-05 | 1 | -2/+49 |
| | | | | | | | | | | | | | | | | | | | This commit restores the ability to assign cookies for testing via @request.env['HTTP_COOKIE'] and @request.cookies, e.g: @request.env['HTTP_COOKIE'] = 'user_name=david' get :index assert_equal 'david', cookies[:user_name] and @request.cookies[:user_name] = 'david' get :index assert_equal 'david', cookies[:user_name] Assigning via cookies[] is the preferred method and will take precedence over the other two methods. This is so that cookies set in controller actions have precedence and are carried over between calls to get, post, etc. | ||||
* | Refactor ActionController::TestCase cookies | Andrew White | 2011-06-04 | 1 | -18/+12 |
| | | | | | | | | | | | | | | | | | | Assigning cookies for test cases should now use cookies[], e.g: cookies[:email] = 'user@example.com' get :index assert_equal 'user@example.com', cookies[:email] To clear the cookies, use clear, e.g: cookies.clear get :index assert_nil cookies[:email] We now no longer write out HTTP_COOKIE and the cookie jar is persistent between requests so if you need to manipulate the environment for your test you need to do it before the cookie jar is created. | ||||
* | adding test | steve | 2011-05-19 | 1 | -4/+8 |
| | |||||
* | Revert "Use freeze instead of close!" | Santiago Pastorino | 2011-04-07 | 1 | -6/+0 |
| | | | | This reverts commit 29592a7f09dda2e7e1e0a915d9230fe6a9b5c0af. | ||||
* | cookies here | Santiago Pastorino | 2011-04-07 | 1 | -3/+3 |
| | |||||
* | Use freeze instead of close! | Santiago Pastorino | 2011-04-06 | 1 | -0/+6 |
| | |||||
* | Delete useless arguments | Santiago Pastorino | 2011-04-06 | 1 | -6/+6 |
| | |||||
* | Delete useless env variable | Santiago Pastorino | 2011-04-06 | 1 | -9/+3 |
| | |||||
* | Add tests to verify that signed and permanent cookies raises if someone tries | Santiago Pastorino | 2011-04-06 | 1 | -0/+51 |
| | | | | | to modify the cookies when it was already streamed back to the client or converted to HTTP headers | ||||
* | raise if someone tries to modify the cookies when it was already streamed ↵ | Santiago Pastorino | 2011-04-06 | 1 | -0/+51 |
| | | | | back to the client or converted to HTTP headers | ||||
* | Improve testing of cookies in functional tests: | Andrew White | 2011-03-06 | 1 | -0/+65 |
| | | | | | | | | | - cookies can be set using string or symbol keys - cookies are preserved across calls to get, post, etc. - cookie names and values are escaped - cookies can be cleared using @request.cookies.clear [#6272 state:resolved] | ||||
* | Add tld_length option when using domain :all in cookies | brainopia | 2011-01-21 | 1 | -0/+36 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Support list of possible domains for cookies | brainopia | 2011-01-21 | 1 | -0/+45 |
| | | | | Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Fix edge cases for domain :all option on cookie store | brainopia | 2010-12-16 | 1 | -0/+21 |
| | | | | | | | | Dont set explicit domain for cookies if host is not a domain name [#6002 state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Make cookies hash in ActionDispatch::TestProcess indifferent access [#5761 ↵ | David Trasbo | 2010-11-07 | 1 | -0/+18 |
| | | | | | | state:committed] Signed-off-by: Santiago Pastorino <santiago@wyeworks.com> | ||||
* | Don't write out secure cookies unless the request is secure | Andrew White | 2010-10-25 | 1 | -0/+23 |
| | |||||
* | Use parentheses when using assert_match followed by a regexp to avoid warnings. | Emilio Tagua | 2010-09-27 | 1 | -5/+5 |
| | |||||
* | Only send secure cookies over SSL. | W. Andrew Loe III | 2010-09-13 | 1 | -0/+11 |
| | |||||
* | Allow for any possible TLD when using the :all option with the cookie ↵ | Bryce Thornton | 2010-08-15 | 1 | -1/+29 |
| | | | | | | session store. This works for subdomain.mysite.local, google.co.uk, google.com.au, etc. [#5147 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> |