From 43c09383cefbc3b62e9b124792fb0d0278689d2b Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Fri, 6 Feb 2009 23:15:39 -0600
Subject: Ensure session id is set in session options hash [#1880
 state:resolved]

---
 .../test/controller/session/cookie_store_test.rb       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 95d2eb11c4..f00a80c1c2 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -30,6 +30,10 @@ class CookieStoreTest < ActionController::IntegrationTest
       render :text => "foo: #{session[:foo].inspect}"
     end
 
+    def get_session_id
+      render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
+    end
+
     def call_reset_session
       reset_session
       head :ok
@@ -106,6 +110,20 @@ class CookieStoreTest < ActionController::IntegrationTest
    end
   end
 
+  def test_getting_session_id
+    with_test_route_set do
+      cookies[SessionKey] = SignedBar
+      get '/persistent_session_id'
+      assert_response :success
+      assert_equal response.body.size, 32
+      session_id = response.body
+
+      get '/get_session_id'
+      assert_response :success
+      assert_equal "foo: \"bar\"; id: #{session_id}", response.body
+    end
+  end
+
   def test_disregards_tampered_sessions
     with_test_route_set do
       cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
-- 
cgit v1.2.3


From 2277fbedbea930fb8ce38ab7eb133de6fcc4a2d6 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sat, 7 Feb 2009 00:08:28 -0600
Subject: Temporarily bundle Rack 1.0 prerelease for testing

---
 actionpack/test/controller/session/cookie_store_test.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index f00a80c1c2..2a04850fc0 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -96,7 +96,7 @@ class CookieStoreTest < ActionController::IntegrationTest
     with_test_route_set do
       get '/set_session_value'
       assert_response :success
-      assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
+      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
         headers['Set-Cookie']
    end
   end
@@ -164,7 +164,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/set_session_value'
       assert_response :success
       session_payload = response.body
-      assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
+      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
         headers['Set-Cookie']
 
       get '/call_reset_session'
@@ -209,7 +209,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       assert_response :success
 
       cookie_body = response.body
-      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie']
+      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly"], headers['Set-Cookie']
 
       # Second request does not access the session
       time = Time.local(2008, 4, 25)
@@ -219,7 +219,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/no_session_access'
       assert_response :success
 
-      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; httponly"], headers['Set-Cookie']
+      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly"], headers['Set-Cookie']
     end
   end
 
-- 
cgit v1.2.3


From 524d8edf68ab94315a128cbd7570d1cf4faf7d7a Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sat, 7 Feb 2009 16:18:09 -0600
Subject: Update bundled Rack for Ruby 1.9 spec changes

---
 actionpack/test/controller/session/cookie_store_test.rb | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 2a04850fc0..c94d7b0915 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -96,7 +96,7 @@ class CookieStoreTest < ActionController::IntegrationTest
     with_test_route_set do
       get '/set_session_value'
       assert_response :success
-      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
+      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
         headers['Set-Cookie']
    end
   end
@@ -145,7 +145,7 @@ class CookieStoreTest < ActionController::IntegrationTest
     with_test_route_set do
       get '/no_session_access'
       assert_response :success
-      assert_equal [], headers['Set-Cookie']
+      assert_equal "", headers['Set-Cookie']
     end
   end
 
@@ -155,7 +155,7 @@ class CookieStoreTest < ActionController::IntegrationTest
         "fef868465920f415f2c0652d6910d3af288a0367"
       get '/no_session_access'
       assert_response :success
-      assert_equal [], headers['Set-Cookie']
+      assert_equal "", headers['Set-Cookie']
     end
   end
 
@@ -164,7 +164,7 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/set_session_value'
       assert_response :success
       session_payload = response.body
-      assert_equal ["_myapp_session=#{response.body}; path=/; HttpOnly"],
+      assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
         headers['Set-Cookie']
 
       get '/call_reset_session'
@@ -209,7 +209,8 @@ class CookieStoreTest < ActionController::IntegrationTest
       assert_response :success
 
       cookie_body = response.body
-      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly"], headers['Set-Cookie']
+      assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly",
+        headers['Set-Cookie']
 
       # Second request does not access the session
       time = Time.local(2008, 4, 25)
@@ -219,7 +220,8 @@ class CookieStoreTest < ActionController::IntegrationTest
       get '/no_session_access'
       assert_response :success
 
-      assert_equal ["_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly"], headers['Set-Cookie']
+      assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly",
+        headers['Set-Cookie']
     end
   end
 
-- 
cgit v1.2.3


From b6c8379834cb10564349967b08012b87d1f4fe0e Mon Sep 17 00:00:00 2001
From: moro <moronatural@gmail.com>
Date: Sat, 14 Feb 2009 11:08:43 +0900
Subject: Expected cookie value should also be escaped.

Ruby 1.9 compat for test.

[#1965 state:committed]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
---
 actionpack/test/controller/session/cookie_store_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index c94d7b0915..9c93ca6539 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -23,7 +23,7 @@ class CookieStoreTest < ActionController::IntegrationTest
 
     def set_session_value
       session[:foo] = "bar"
-      render :text => Verifier.generate(session.to_hash)
+      render :text => Rack::Utils.escape(Verifier.generate(session.to_hash))
     end
 
     def get_session_value
-- 
cgit v1.2.3


From 367049cae69ec535e7105b35f4877167adca1188 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sun, 15 Mar 2009 23:17:31 -0500
Subject: Fix brittle Time.now mock

---
 .../test/controller/session/cookie_store_test.rb     | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 9c93ca6539..c406188972 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -199,29 +199,17 @@ class CookieStoreTest < ActionController::IntegrationTest
 
     with_test_route_set do
       # First request accesses the session
-      time = Time.local(2008, 4, 24)
-      Time.stubs(:now).returns(time)
-      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT")
-
       cookies[SessionKey] = SignedBar
 
       get '/set_session_value'
       assert_response :success
+      cookie = headers['Set-Cookie']
 
-      cookie_body = response.body
-      assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly",
-        headers['Set-Cookie']
-
-      # Second request does not access the session
-      time = Time.local(2008, 4, 25)
-      Time.stubs(:now).returns(time)
-      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT")
-
+      # Second request does not access the session so the
+      # expires header should not be changed
       get '/no_session_access'
       assert_response :success
-
-      assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly",
-        headers['Set-Cookie']
+      assert_equal cookie, headers['Set-Cookie']
     end
   end
 
-- 
cgit v1.2.3


From 0706de4301bbf12a4c369bd4776ad58affee9ad4 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sun, 15 Mar 2009 23:41:47 -0500
Subject: Better error message to try to figure out why the CI build is failing

---
 actionpack/test/controller/session/cookie_store_test.rb | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index c406188972..48a961ca34 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -209,7 +209,8 @@ class CookieStoreTest < ActionController::IntegrationTest
       # expires header should not be changed
       get '/no_session_access'
       assert_response :success
-      assert_equal cookie, headers['Set-Cookie']
+      assert_equal cookie, headers['Set-Cookie'],
+        "#{unmarshal_session(cookie).inspect} expected but was #{unmarshal_session(headers['Set-Cookie']).inspect}"
     end
   end
 
@@ -224,4 +225,13 @@ class CookieStoreTest < ActionController::IntegrationTest
         yield
       end
     end
+
+    def unmarshal_session(cookie_string)
+      session = Rack::Utils.parse_query(cookie_string, ';,').inject({}) {|h,(k,v)|
+        h[k] = Array === v ? v.first : v
+        h
+      }[SessionKey]
+      verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1')
+      verifier.verify(session)
+    end
 end
-- 
cgit v1.2.3


From 03700b4f0131059f3e848324ad42f2b53f12d8c9 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Tue, 24 Mar 2009 10:34:30 -0500
Subject: just kill brittle test

---
 .../test/controller/session/cookie_store_test.rb    | 21 ---------------------
 1 file changed, 21 deletions(-)

(limited to 'actionpack/test/controller/session/cookie_store_test.rb')

diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb
index 48a961ca34..40fcd56846 100644
--- a/actionpack/test/controller/session/cookie_store_test.rb
+++ b/actionpack/test/controller/session/cookie_store_test.rb
@@ -193,27 +193,6 @@ class CookieStoreTest < ActionController::IntegrationTest
     end
   end
 
-  def test_session_store_with_expire_after
-    app = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret, :expire_after => 5.hours)
-    @integration_session = open_session(app)
-
-    with_test_route_set do
-      # First request accesses the session
-      cookies[SessionKey] = SignedBar
-
-      get '/set_session_value'
-      assert_response :success
-      cookie = headers['Set-Cookie']
-
-      # Second request does not access the session so the
-      # expires header should not be changed
-      get '/no_session_access'
-      assert_response :success
-      assert_equal cookie, headers['Set-Cookie'],
-        "#{unmarshal_session(cookie).inspect} expected but was #{unmarshal_session(headers['Set-Cookie']).inspect}"
-    end
-  end
-
   private
     def with_test_route_set
       with_routing do |set|
-- 
cgit v1.2.3