From 74eed6290e63111d1aad2b181692a84f4f040aea Mon Sep 17 00:00:00 2001 From: Andreas Neuhaus Date: Sat, 10 May 2008 17:54:09 +0200 Subject: Fixed flash.now not being accessible in tests. Flash sweeping is now done before action processing instead after Signed-off-by: Michael Koziarski [#10 state:resolved] --- actionpack/test/controller/test_test.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/test_test.rb b/actionpack/test/controller/test_test.rb index 04cc2a20d8..ba6c7f4299 100644 --- a/actionpack/test/controller/test_test.rb +++ b/actionpack/test/controller/test_test.rb @@ -12,6 +12,11 @@ class TestTest < Test::Unit::TestCase render :text => 'ignore me' end + def set_flash_now + flash.now["test_now"] = ">#{flash["test_now"]}<" + render :text => 'ignore me' + end + def set_session session['string'] = 'A wonder' session[:symbol] = 'it works' @@ -145,6 +150,11 @@ XML assert_equal '>value<', flash['test'] end + def test_process_with_flash_now + process :set_flash_now, nil, nil, { "test_now" => "value_now" } + assert_equal '>value_now<', flash['test_now'] + end + def test_process_with_session process :set_session assert_equal 'A wonder', session['string'], "A value stored in the session should be available by string key" -- cgit v1.2.3 From c43623c48b977d05413d86867651bfc3762b745a Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sun, 11 May 2008 13:18:49 -0500 Subject: Added session(:on) to turn session management back on in a controller subclass if the superclass turned it off (Peter Jones) [#136 state:resolved] --- .../test/controller/session_management_test.rb | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/session_management_test.rb b/actionpack/test/controller/session_management_test.rb index 495a9153f8..592b0b549d 100644 --- a/actionpack/test/controller/session_management_test.rb +++ b/actionpack/test/controller/session_management_test.rb @@ -13,6 +13,19 @@ class SessionManagementTest < Test::Unit::TestCase end end + class SessionOffOnController < ActionController::Base + session :off + session :on, :only => :tell + + def show + render :text => "done" + end + + def tell + render :text => "done" + end + end + class TestController < ActionController::Base session :off, :only => :show session :session_secure => true, :except => :show @@ -100,6 +113,15 @@ class SessionManagementTest < Test::Unit::TestCase assert_equal false, @request.session_options end + def test_session_off_then_on_globally + @controller = SessionOffOnController.new + get :show + assert_equal false, @request.session_options + get :tell + assert_instance_of Hash, @request.session_options + assert_equal false, @request.session_options[:disabled] + end + def test_session_off_conditionally @controller = TestController.new get :show -- cgit v1.2.3 From 2a986200b9a6be0f68a0db504dc478da04842dee Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 7 May 2008 16:04:18 -0600 Subject: Bug: Earlier Check for Session in Forgery Protection The session is used by the form_authenticity_token method before it is tested to be valid. This patch moves a few lines around so that the session is validated first. Without this patch, if you try to use forgery protection with sessions turned off, you get this exception message: undefined method `session_id' for {}:Hash The patch includes a test that can be used to see this behavior before the request_forgery_protection.rb file is patched to fix it. --- .../controller/request_forgery_protection_test.rb | 24 ++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index d0c3c6e224..7022713e30 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -50,6 +50,14 @@ class CsrfCookieMonsterController < ActionController::Base protect_from_forgery :only => :index end +# sessions are turned off +class SessionOffController < ActionController::Base + protect_from_forgery :secret => 'foobar' + session :off + def rescue_action(e) raise e end + include RequestForgeryProtectionActions +end + class FreeCookieController < CsrfCookieMonsterController self.allow_forgery_protection = false @@ -224,3 +232,19 @@ class FreeCookieControllerTest < Test::Unit::TestCase end end end + +class SessionOffControllerTest < Test::Unit::TestCase + def setup + @controller = SessionOffController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + @token = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('SHA1'), 'abc', '123') + end + + def test_should_raise_correct_exception + @request.session = {} # session(:off) doesn't appear to work with controller tests + assert_raises(ActionController::InvalidAuthenticityToken) do + post :index, :authenticity_token => @token + end + end +end -- cgit v1.2.3 From a425cd147363a0e8d7e17177ef252dd760197f15 Mon Sep 17 00:00:00 2001 From: Rich Cavanaugh Date: Mon, 12 May 2008 15:25:56 -0700 Subject: Don't double-escape cookie store data. Don't split cookie values with newlines into an array. [#130 state:resolved] Signed-off-by: Jeremy Kemper --- actionpack/test/controller/cookie_test.rb | 5 +++++ actionpack/test/controller/session/cookie_store_test.rb | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) (limited to 'actionpack/test') diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index 42f3bd26a4..b8f3c629f4 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -137,4 +137,9 @@ class CookieTest < Test::Unit::TestCase cookies = CGI::Cookie.parse('return_to=http://rubyonrails.org/search?term=api&scope=all&global=true') assert_equal({"return_to" => ["http://rubyonrails.org/search?term=api&scope=all&global=true"]}, cookies) end + + def test_cookies_should_not_be_split_on_values_with_newlines + cookies = CGI::Cookie.new("name" => "val", "value" => "this\nis\na\ntest") + assert cookies.size == 1 + end end diff --git a/actionpack/test/controller/session/cookie_store_test.rb b/actionpack/test/controller/session/cookie_store_test.rb index d308f2a31b..5adaeaf5c5 100755 --- a/actionpack/test/controller/session/cookie_store_test.rb +++ b/actionpack/test/controller/session/cookie_store_test.rb @@ -43,7 +43,9 @@ class CookieStoreTest < Test::Unit::TestCase { :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}], :a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] } + end def setup @@ -101,6 +103,15 @@ class CookieStoreTest < Test::Unit::TestCase end end + def test_restores_double_encoded_cookies + set_cookie! cookie_value(:double_escaped) + new_session do |session| + session.dbman.restore + assert_equal session["user_id"], 123 + assert_equal session["flash"], {} + end + end + def test_close_doesnt_write_cookie_if_data_is_blank new_session do |session| assert_no_cookies session @@ -241,6 +252,7 @@ class CookieStoreWithMD5DigestTest < CookieStoreTest { :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}], :a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }], :typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}], - :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }] } + :flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }], + :double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] } end end -- cgit v1.2.3