From ebee77a28a7267d5f23a28ba23c1eb88a2d7d527 Mon Sep 17 00:00:00 2001
From: Michael Lovitt <michael@lovitt.net>
Date: Sun, 27 Jun 2010 14:35:31 -0400
Subject: Fixed that an ArgumentError is thrown when
 request.session_options[:id] is read in the following scenario: when the
 cookie store is used, and the session contains a serialized object of an
 unloaded class, and no session data accesses have occurred yet. Pushed the
 stale_session_check responsibility out of the SessionHash and down into the
 session store, closer to where the deserialization actually occurs. Added
 some test coverage for this case and others related to deserialization of
 unloaded types.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[#4938]

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 .../middleware/session/abstract_store.rb           | 64 +++++++++++-----------
 .../middleware/session/cookie_store.rb             | 10 ++--
 2 files changed, 38 insertions(+), 36 deletions(-)

(limited to 'actionpack/lib/action_dispatch/middleware')

diff --git a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
index bc1d6fab83..08bc80dbc2 100644
--- a/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/abstract_store.rb
@@ -88,9 +88,7 @@ module ActionDispatch
 
         def exists?
           return @exists if instance_variable_defined?(:@exists)
-          stale_session_check! do
-            @exists = @by.send(:exists?, @env)
-          end
+          @exists = @by.send(:exists?, @env)
         end
 
         def loaded?
@@ -115,29 +113,12 @@ module ActionDispatch
           end
 
           def load!
-            stale_session_check! do
-              id, session = @by.send(:load_session, @env)
-              @env[ENV_SESSION_OPTIONS_KEY][:id] = id
-              replace(session.stringify_keys)
-              @loaded = true
-            end
+            id, session = @by.send(:load_session, @env)
+            @env[ENV_SESSION_OPTIONS_KEY][:id] = id
+            replace(session.stringify_keys)
+            @loaded = true
           end
 
-          def stale_session_check!
-            yield
-          rescue ArgumentError => argument_error
-            if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
-              begin
-                # Note that the regexp does not allow $1 to end with a ':'
-                $1.constantize
-              rescue LoadError, NameError => const_error
-                raise ActionDispatch::Session::SessionRestoreError, "Session contains objects whose class definition isn't available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: #{const_error.message} [#{const_error.class}])\n"
-              end
-              retry
-            else
-              raise
-            end
-          end
       end
 
       DEFAULT_OPTIONS = {
@@ -204,16 +185,20 @@ module ActionDispatch
         end
 
         def load_session(env)
-          sid = current_session_id(env)
-          sid, session = get_session(env, sid)
-          [sid, session]
+          stale_session_check! do
+            sid = current_session_id(env)
+            sid, session = get_session(env, sid)
+            [sid, session]
+          end
         end
 
         def extract_session_id(env)
-          request = ActionDispatch::Request.new(env)
-          sid = request.cookies[@key]
-          sid ||= request.params[@key] unless @cookie_only
-          sid
+          stale_session_check! do
+            request = ActionDispatch::Request.new(env)
+            sid = request.cookies[@key]
+            sid ||= request.params[@key] unless @cookie_only
+            sid
+          end
         end
 
         def current_session_id(env)
@@ -229,6 +214,22 @@ module ActionDispatch
           end
         end
 
+        def stale_session_check!
+          yield
+        rescue ArgumentError => argument_error
+          if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
+            begin
+              # Note that the regexp does not allow $1 to end with a ':'
+              $1.constantize
+            rescue LoadError, NameError => const_error
+              raise ActionDispatch::Session::SessionRestoreError, "Session contains objects whose class definition isn't available.\nRemember to require the classes for all objects kept in the session.\n(Original exception: #{const_error.message} [#{const_error.class}])\n"
+            end
+            retry
+          else
+            raise
+          end
+        end
+
         def exists?(env)
           current_session_id(env).present?
         end
@@ -245,7 +246,6 @@ module ActionDispatch
         def destroy(env)
           raise '#destroy needs to be implemented.'
         end
-
     end
   end
 end
diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 7ebd532f4a..dce47c63bc 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -63,11 +63,13 @@ module ActionDispatch
 
         def unpacked_cookie_data(env)
           env["action_dispatch.request.unsigned_session_cookie"] ||= begin
-            request = ActionDispatch::Request.new(env)
-            if data = request.cookie_jar.signed[@key]
-              data.stringify_keys!
+            stale_session_check! do
+              request = ActionDispatch::Request.new(env)
+              if data = request.cookie_jar.signed[@key]
+                data.stringify_keys!
+              end
+              data || {}
             end
-            data || {}
           end
         end
 
-- 
cgit v1.2.3