From fd487860db3097104cdb8d589f3931d75b767721 Mon Sep 17 00:00:00 2001 From: Guillermo Iguaran Date: Thu, 30 Jan 2014 01:12:23 -0500 Subject: Modify the session serializer implementation Rename allowed options to :marshal and :json, for custom serializers only allow the use of custom classes. --- actionpack/CHANGELOG.md | 15 ++++++++------- actionpack/lib/action_dispatch/middleware/cookies.rb | 8 +++++--- actionpack/test/dispatch/cookies_test.rb | 12 +++--------- 3 files changed, 16 insertions(+), 19 deletions(-) (limited to 'actionpack') diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index f836b69042..417847cc50 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,14 +1,15 @@ * Add `:serializer` option for `config.session_store :cookie_store`. This - changes default serializer when using `:cookie_store` to - `ActionDispatch::Session::MarshalSerializer` which is wrapper on Marshal. + changes default serializer when using `:cookie_store`. - It is also possible to pass: + It is possible to pass: - * `:json_serializer` which is secure wrapper on JSON using `JSON.parse` and + * `:json` which is a secure wrapper on JSON using `JSON.parse` and `JSON.generate` methods with quirks mode; - * any other Symbol or String like `:my_custom_serializer` which will be - camelized and constantized in `ActionDispatch::Session` namespace; - * serializer object with `load` and `dump` methods defined. + * `:marshal` which is a wrapper on Marshal; + * serializer class with `load` and `dump` methods defined. + + For new apps `:json` option is added by default and :marshal is used + when no option is specified. *Ɓukasz Sarnacki + Matt Aimonetti* diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index f9f034952e..23d0ecd529 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -466,10 +466,12 @@ module ActionDispatch end def serializer - serializer = @options[:session_serializer] || :marshal_serializer + serializer = @options[:session_serializer] || :marshal case serializer - when Symbol, String - ActionDispatch::Session.const_get(serializer.to_s.camelize) + when :marshal + ActionDispatch::Session::MarshalSerializer + when :json + ActionDispatch::Session::JsonSerializer else serializer end diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb index b19ce905f5..6101acdc25 100644 --- a/actionpack/test/dispatch/cookies_test.rb +++ b/actionpack/test/dispatch/cookies_test.rb @@ -379,7 +379,7 @@ class CookiesTest < ActionController::TestCase assert_equal 'bar', cookies.encrypted[:foo] end - class ActionDispatch::Session::CustomJsonSerializer + class CustomJsonSerializer def self.load(value) JSON.load(value) + " and loaded" end @@ -389,20 +389,14 @@ class CookiesTest < ActionController::TestCase end end - def test_encrypted_cookie_using_custom_json_serializer - @request.env["action_dispatch.session_serializer"] = :custom_json_serializer - get :set_encrypted_cookie - assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo] - end - def test_encrypted_cookie_using_serializer_object - @request.env["action_dispatch.session_serializer"] = ActionDispatch::Session::CustomJsonSerializer + @request.env["action_dispatch.session_serializer"] = CustomJsonSerializer get :set_encrypted_cookie assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo] end def test_encrypted_cookie_using_json_serializer - @request.env["action_dispatch.session_serializer"] = :json_serializer + @request.env["action_dispatch.session_serializer"] = :json get :set_encrypted_cookie cookies = @controller.send :cookies assert_not_equal 'bar', cookies[:foo] -- cgit v1.2.3