From eeba755a11dbdbf90afd4fd815e215bd7e9826e6 Mon Sep 17 00:00:00 2001
From: Joshua Peek <josh@joshpeek.com>
Date: Sun, 17 Jan 2010 21:30:38 -0600
Subject: Accessing nonexistant cookies through the signed jar should not raise
 an exception

---
 actionpack/lib/action_dispatch/middleware/cookies.rb | 4 +++-
 actionpack/test/controller/cookie_test.rb            | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 5d2734a15e..0dc03a1a7e 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -176,7 +176,9 @@ module ActionDispatch
       end
 
       def [](name)
-        @verifier.verify(@parent_jar[name])
+        if value = @parent_jar[name]
+          @verifier.verify(value)
+        end
       end
 
       def []=(key, options)
diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb
index fd6538b27a..f5ccef8aaf 100644
--- a/actionpack/test/controller/cookie_test.rb
+++ b/actionpack/test/controller/cookie_test.rb
@@ -141,6 +141,11 @@ class CookieTest < ActionController::TestCase
     assert_equal 45, @controller.send(:cookies).signed[:user_id]
   end
 
+  def test_accessing_nonexistant_signed_cookie_should_not_raise_an_invalid_signature
+    get :set_signed_cookie
+    assert_nil @controller.send(:cookies).signed[:non_existant_attribute]
+  end
+
   def test_permanent_signed_cookie
     get :set_permanent_signed_cookie
     assert_match %r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"]
-- 
cgit v1.2.3