aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/dispatch/session
Commit message (Collapse)AuthorAgeFilesLines
* Embrace the instantiation in loving parens <3Kasper Timm Hansen2017-12-031-1/+2
|
* Update cookie_store_test to use encrypted cookiesMichael Coyne2017-11-271-41/+83
| | | | | | | This now modernizes these tests to use encrypted cookies instead of using secret_token HMACs. This commit also adds a tests to ensure session cookies with :expires_after set are invalidated and no longer accepted when the time has elapsed.
* Fix `test_session_store_with_expire_after` failure with rack-test 0.7.1Ryuta Kamizono2017-11-201-2/+2
| | | | https://travis-ci.org/rails/rails/jobs/304428814#L1977
* Add key rotation cookies middlewareMichael Coyne2017-09-241-0/+4
| | | | | | Using the action_dispatch.cookies_rotations interface, key rotation is now possible with cookies. Thus the secret_key_base as well as salts, ciphers, and digests, can be rotated without expiring sessions.
* freshen :expires option with duration support and add expiry metadata to cookiesAssain2017-08-201-2/+7
|
* Use frozen string literal in actionpack/Kir Shatrov2017-07-295-0/+10
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-025-5/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-015-0/+5
|
* Reduce string objects by using \ instead of + or << for concatenating stringsAkira Matsuda2017-01-121-1/+1
| | | | (I personally prefer writing one string in one line no matter how long it is, though)
* "Use assert_nil if expecting nil. This will fail in minitest 6."Akira Matsuda2016-12-253-7/+7
|
* Add three new rubocop rulesRafael Mendonça França2016-08-161-1/+1
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* applies remaining conventions across the projectXavier Noria2016-08-061-1/+0
|
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-4/+4
|
* modernizes hash syntax in actionpackXavier Noria2016-08-063-14/+14
|
* applies new string literal convention in actionpack/testXavier Noria2016-08-065-182/+182
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Deprecate :controller and :action path parametersAndrew White2016-03-013-3/+9
| | | | | | | | Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
* Revert "Update Session to utilize indiffernt access"Matthew Draper2016-02-265-117/+0
| | | | | | | | | | | This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a. HWIAs are better than silently deeply-stringified hashes... but that's a reaction to a shortcoming of one particular session store: we should not break the basic behaviour of other, more featureful, session stores in the process. Fixes #23884
* Update Session to utilize indiffernt accessTom Prats2016-01-305-0/+117
|
* implement abstract store methodsAaron Patterson2015-09-041-2/+2
| | | | converts old ID methods to the new abstract store methods in Rack
* Updating TestSession to access with indifferenceJeremy Friesen2015-08-261-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following Rails code failed (with a `KeyError` exception) under test: ```ruby class ApplicationController < ActionController::Base def user_strategy # At this point: # ```ruby # session == { # "user_strategy"=>"email", # "user_identifying_value"=>"hello@world.com" # } # ``` if session.key?(:user_strategy) session.fetch(:user_strategy) end end end ``` When I checked the session's keys (`session.keys`), I got an array of strings. If I accessed `session[:user_strategy]` I got the expected `'email'` value. However if I used `session.fetch(:user_strategy)` I got a `KeyError` exception. This appears to be a Rails 4.2.4 regression (as the code works under Rails 4.2.3). Closes #21383
* Merge pull request #21321 from rodzyn/removing_mochaKasper Timm Hansen2015-08-241-14/+18
|\ | | | | Get rid of mocha tests in actionpack - part 1
| * Get rid of mocha tests - part 1Marcin Olichwirowicz2015-08-241-14/+18
| |
* | use a request object in the session middlewareAaron Patterson2015-08-221-3/+3
|/ | | | | This commit allows us to use one request object rather than allocating multiple request objects to deal with the session.
* Fix deprecation warning in testseileencodes2015-08-081-1/+1
| | | | | | | | | | | | | Using the string version of the class reference is now deprecated when referencing middleware. This should be written as a class not as a string. Deprecation warning that this change fixes: ``` DEPRECATION WARNING: Passing strings or symbols to the middleware builder is deprecated, please change them to actual class references. For example: "ActionDispatch::ShowExceptions" => ActionDispatch::ShowExceptions ```
* finish deprecating handling strings and symbolsAaron Patterson2015-08-072-2/+2
| | | | | since we only work with instances of classes, it greatly simplifies the `Middleware` implementation.
* Adds missing argument handling for ActionController::TestSession toMatthew Gerrior2015-08-061-0/+10
| | | | allow testing controllers that use session#fetch with a default value.
* Stop using deprecated `render :text` in testPrem Sichanugrist2015-07-173-9/+9
| | | | | | | | | This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
* Use request.session.id instead of request.session_options[:id]Brian John2015-03-123-4/+4
| | | | | | | | | As of the upgrade to Rack 1.5, request.session_options[:id] is no longer populated. Reflect this change in the tests by using request.session.id instead. Related change in Rack: https://github.com/rack/rack/commit/83a270d6
* Consistent usage of spaces in hashes across our codebaseRafael Mendonça França2015-01-291-1/+1
|
* Switch to kwargs in ActionController::TestCase and ActionDispatch::IntegrationKir Shatrov2015-01-292-5/+7
| | | | | | | | Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
* Expectations firstAkira Matsuda2014-08-181-3/+3
|
* Regenerate sid when sbdy tries to fixate the sessionSantiago Pastorino2014-08-041-9/+8
| | | | | | Fixed broken test. Thanks Stephen Richards for reporting.
* Skip individual tests upon Dalli::RingErrorMatthew Draper2014-05-271-0/+18
| | | | | | | Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
* Add an explicit require for 4ece124396669d3580e7f229ab407a0d4882727a rather ↵Jeremy Kemper2014-03-161-0/+1
| | | | than assume SecureRandom is available
* Avoid concurrent test collision on the same memcache server by namespacing keysJeremy Kemper2014-03-161-1/+1
|
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-2/+2
|
* Add keys/values methods to TestSessionCarlos Antonio da Silva2013-01-251-5/+11
| | | | Bring back the same API we have with Request::Session.
* Integrate Action Pack with Rack 1.5Carlos Antonio da Silva2013-01-251-2/+2
| | | | | | All ActionPack and Railties tests are passing. Closes #8891. [Carlos Antonio da Silva + Santiago Pastorino]
* Alias refute methods to assert_not and perfer assert_not on testsRafael Mendonça França2012-12-311-1/+1
|
* Sign cookies using key deriverSantiago Pastorino2012-11-031-1/+4
|
* fix cache store testSteve Klabnik2012-09-301-0/+1
| | | | Pull #7800 broke the build, this should fix it.
* Add integration tests for reset_session in cookie storeAndreas Loupasakis2012-09-081-0/+20
|
* Dalli doesn't support autoloading of unloaded classesGuillermo Iguaran2012-09-061-5/+0
|
* Let's run action pack tests with DalliArun Agrawal2012-09-061-4/+4
| | | | There is no memcache gem left in repo.
* Revert "Merge pull request #7452 from arunagw/memcached_dalli"Jon Leighton2012-08-311-4/+4
| | | | | | | This reverts commit 7256cb53e0c34e510a4d59a50d120c0358cf1d99, reversing changes made to 6ebe22c3ae716d089af1e5090ddb0d12b31af8ac. Reason: A test was failing.
* Revert "Add missing require"Jon Leighton2012-08-311-1/+0
| | | | | | This reverts commit e4b33b08d6d2b88b627b1e52c4f349e57c5b89fc. https://github.com/rails/rails/pull/7452#issuecomment-8094302
* Add missing requireRafael Mendonça França2012-08-281-0/+1
|
* Let's run action pack tests with DalliArun Agrawal2012-08-271-4/+4
| | | There is no memcache gem left in repo.
* testing session store behaviorAaron Patterson2012-05-021-0/+56
|