| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
This now modernizes these tests to use encrypted cookies instead of
using secret_token HMACs. This commit also adds a tests to ensure
session cookies with :expires_after set are invalidated and no longer
accepted when the time has elapsed.
|
|
|
|
| |
https://travis-ci.org/rails/rails/jobs/304428814#L1977
|
|
|
|
|
|
| |
Using the action_dispatch.cookies_rotations interface, key rotation is
now possible with cookies. Thus the secret_key_base as well as salts,
ciphers, and digests, can be rotated without expiring sessions.
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
| |
(I personally prefer writing one string in one line no matter how long it is, though)
|
| |
|
|
|
|
|
|
|
|
| |
Style/SpaceBeforeBlockBraces
Style/SpaceInsideBlockBraces
Style/SpaceInsideHashLiteralBraces
Fix all violations in the repository.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
| |
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this it's
better that controllers and actions are explicitly whitelisted rather
than trying to blacklist or sanitize 'bad' values.
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 45a75a3fcc96b22954caf69be2df4e302b134d7a.
HWIAs are better than silently deeply-stringified hashes... but that's a
reaction to a shortcoming of one particular session store: we should not
break the basic behaviour of other, more featureful, session stores in
the process.
Fixes #23884
|
| |
|
|
|
|
| |
converts old ID methods to the new abstract store methods in Rack
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following Rails code failed (with a `KeyError` exception) under
test:
```ruby
class ApplicationController < ActionController::Base
def user_strategy
# At this point:
# ```ruby
# session == {
# "user_strategy"=>"email",
# "user_identifying_value"=>"hello@world.com"
# }
# ```
if session.key?(:user_strategy)
session.fetch(:user_strategy)
end
end
end
```
When I checked the session's keys (`session.keys`), I got an array of
strings. If I accessed `session[:user_strategy]` I got the expected
`'email'` value. However if I used `session.fetch(:user_strategy)` I
got a `KeyError` exception.
This appears to be a Rails 4.2.4 regression (as the code works under
Rails 4.2.3).
Closes #21383
|
|\
| |
| | |
Get rid of mocha tests in actionpack - part 1
|
| | |
|
|/
|
|
|
| |
This commit allows us to use one request object rather than allocating
multiple request objects to deal with the session.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the string version of the class reference is now deprecated when
referencing middleware. This should be written as a class not as a string.
Deprecation warning that this change fixes:
```
DEPRECATION WARNING: Passing strings or symbols to the middleware
builder is deprecated, please change
them to actual class references. For example:
"ActionDispatch::ShowExceptions" => ActionDispatch::ShowExceptions
```
|
|
|
|
|
| |
since we only work with instances of classes, it greatly simplifies the
`Middleware` implementation.
|
|
|
|
| |
allow testing controllers that use session#fetch with a default value.
|
|
|
|
|
|
|
|
|
| |
This will silence deprecation warnings.
Most of the test can be changed from `render :text` to render `:plain`
or `render :body` right away. However, there are some tests that needed
to be fixed by hand as they actually assert the default Content-Type
returned from `render :body`.
|
|
|
|
|
|
|
|
|
| |
As of the upgrade to Rack 1.5, request.session_options[:id] is no
longer populated. Reflect this change in the tests by using
request.session.id instead.
Related change in Rack:
https://github.com/rack/rack/commit/83a270d6
|
| |
|
|
|
|
|
|
|
|
| |
Non-kwargs requests are deprecated now.
Guides are updated as well.
`post url, nil, nil, { a: 'b' }` doesn't make sense.
`post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
|
| |
|
|
|
|
|
|
| |
Fixed broken test.
Thanks Stephen Richards for reporting.
|
|
|
|
|
|
|
| |
Unlike the outer `rescue`, this one is much more precise about what we
want to handle: a connection failure (`Dalli::RingError`) is not
relevant to what we're testing here. But other Dalli errors may well be
indicating an actual problem.
|
|
|
|
| |
than assume SecureRandom is available
|
| |
|
| |
|
| |
|
|
|
|
| |
Bring back the same API we have with Request::Session.
|
|
|
|
|
|
| |
All ActionPack and Railties tests are passing. Closes #8891.
[Carlos Antonio da Silva + Santiago Pastorino]
|
| |
|
| |
|
|
|
|
| |
Pull #7800 broke the build, this should fix it.
|
| |
|
| |
|
|
|
|
| |
There is no memcache gem left in repo.
|
|
|
|
|
|
|
| |
This reverts commit 7256cb53e0c34e510a4d59a50d120c0358cf1d99, reversing
changes made to 6ebe22c3ae716d089af1e5090ddb0d12b31af8ac.
Reason: A test was failing.
|
|
|
|
|
|
| |
This reverts commit e4b33b08d6d2b88b627b1e52c4f349e57c5b89fc.
https://github.com/rails/rails/pull/7452#issuecomment-8094302
|
| |
|
|
|
| |
There is no memcache gem left in repo.
|
| |
|