aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/session/cookie_store_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Embrace the instantiation in loving parens <3Kasper Timm Hansen2017-12-031-1/+2
|
* Update cookie_store_test to use encrypted cookiesMichael Coyne2017-11-271-41/+83
| | | | | | | This now modernizes these tests to use encrypted cookies instead of using secret_token HMACs. This commit also adds a tests to ensure session cookies with :expires_after set are invalidated and no longer accepted when the time has elapsed.
* Fix `test_session_store_with_expire_after` failure with rack-test 0.7.1Ryuta Kamizono2017-11-201-2/+2
| | | | https://travis-ci.org/rails/rails/jobs/304428814#L1977
* Add key rotation cookies middlewareMichael Coyne2017-09-241-0/+4
| | | | | | Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
* freshen :expires option with duration support and add expiry metadata to cookiesAssain2017-08-201-2/+7
|
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Reduce string objects by using \ instead of + or << for concatenating stringsAkira Matsuda2017-01-121-1/+1
| | | | (I personally prefer writing one string in one line no matter how long it is, though)
* "Use assert_nil if expecting nil. This will fail in minitest 6."Akira Matsuda2016-12-251-3/+3
|
* applies remaining conventions across the projectXavier Noria2016-08-061-1/+0
|
* modernizes hash syntax in actionpackXavier Noria2016-08-061-10/+10
|
* applies new string literal convention in actionpack/testXavier Noria2016-08-061-66/+66
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Deprecate :controller and :action path parametersAndrew White2016-03-011-1/+3
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-261-34/+0
| | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* Update Session to utilize indiffernt accessTom Prats2016-01-301-0/+34
|
* Get rid of mocha tests - part 1Marcin Olichwirowicz2015-08-241-14/+18
|
* finish deprecating handling strings and symbolsAaron Patterson2015-08-071-1/+1
| | | | | since we only work with instances of classes, it greatly simplifies the `Middleware` implementation.
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-171-5/+5
| | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* Use request.session.id instead of request.session_options[:id]Brian John2015-03-121-2/+2
| | | | | | | | | As of the upgrade to Rack 1.5, request.session_options[:id] is no longer populated. Reflect this change in the tests by using request.session.id instead. Related change in Rack: https://github.com/rack/rack/commit/83a270d6
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-291-1/+1
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-291-4/+6
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Expectations firstAkira Matsuda2014-08-181-3/+3
|
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-2/+2
|
* Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-2/+2
| | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* Sign cookies using key deriverSantiago Pastorino2012-11-031-1/+4
|
* Add integration tests for reset_session in cookie storeAndreas Loupasakis2012-09-081-0/+20
|
* Remove default match without specified methodJose and Yehuda2012-04-241-1/+1
| | | | | | | | | | | | | | | | In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
* Remove rescue_action from compatibility module and testsCarlos Antonio da Silva2012-01-171-2/+0
|
* fix deprecation warning in cookie_store_testVijay Dev2011-09-251-1/+1
| | | | The options argument to MessageVerifier#initialize should be a hash.
* Replace references to ActiveSupport::SecureRandom with just SecureRandom, ↵Jon Leighton2011-05-231-1/+1
| | | | and require 'securerandom' from the stdlib when active support is required.
* Fix renew feature on cookies.José Valim2011-05-041-0/+16
|
* cleaning up some warnings on 1.9.3Aaron Patterson2011-02-071-1/+0
|
* Rely on Rack::Session stores API for more compatibility across the Ruby world.José Valim2010-10-031-12/+0
|
* Use parentheses when using assert_match followed by a regexp to avoid warnings.Emilio Tagua2010-09-271-1/+1
|
* Remove deprecated stuff in ActionControllerCarlos Antonio da Silva2010-09-261-3/+3
| | | | | | This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
* Only send secure cookies over SSL.W. Andrew Loe III2010-09-131-0/+17
|
* Removed deprecated RouteSet API, still many tests failPiotr Sarnacki2010-09-051-1/+1
|
* Deletes trailing whitespaces (over text files only find * -type f -exec sed ↵Santiago Pastorino2010-08-141-4/+4
| | | | 's/[ \t]*$//' -i {} \;)
* Set session options id to nil is respected and cancels lazy loading.José Valim2010-07-181-1/+19
|
* porting session.clear fix to master branch. [#5030 state:resolved]Aaron Patterson2010-07-011-0/+22
| | | | Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* Fixed that an ArgumentError is thrown when request.session_options[:id] is ↵Michael Lovitt2010-06-271-0/+26
| | | | | | | | read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
* Avoid deserializing cookies too early, which causes session objects to not ↵José Valim2010-06-241-3/+3
| | | | be available yet. Unfortunately, could not reproduce this in a test case.
* Sessions should not be created until written to and session data should be ↵Michael Lovitt2010-06-231-1/+10
| | | | | | | | destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
* The previous commit didn't work with complex domains, which is now fixed.Rizwan Reza2010-06-111-5/+5
|
* Add support for multi-subdomain session by setting cookie host in session ↵Rizwan Reza2010-06-111-0/+29
| | | | | | cookie so you can share session between www.example.com, example.com and user.example.com. [#4818 state:resolved] This reverts commit 330a89072a493aafef1e07c3558964477f85adf0.
* Cut the fat and make session stores rely on request.cookie_jar and change ↵José Valim2010-05-181-1/+1
| | | | set_session semantics to return the cookie value instead of a boolean.
* Simplify cookie_store by simply relying on cookies.signed.José Valim2010-05-181-46/+20
|
* Cookies middlewareJoshua Peek2010-01-161-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 22:09:37 +0000