Changeset 6294
- Timestamp:
- 03/03/07 08:18:30 (2 years ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/lib/action_controller/session/cookie_store.rb
r6226 r6294 90 90 if cookie 91 91 data, digest = CGI.unescape(cookie).split('--') 92 raise TamperedWithCookie unless digest == generate_digest(data) 92 unless digest == generate_digest(data) 93 delete 94 raise TamperedWithCookie 95 end 93 96 Marshal.load(Base64.decode64(data)) 94 97 end trunk/actionpack/test/controller/session/cookie_store_test.rb
r6226 r6294 69 69 end 70 70 71 def test_restore_deletes_tampered_cookies 72 set_cookie! 'a--b' 73 new_session do |session| 74 assert_raise(CGI::Session::CookieStore::TamperedWithCookie) { session['fail'] } 75 assert_cookie_deleted session 76 end 77 end 78 71 79 def test_close_doesnt_write_cookie_if_data_is_blank 72 80 new_session do |session| 73 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect81 assert_no_cookies session 74 82 session.close 75 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect83 assert_no_cookies session 76 84 end 77 85 end … … 80 88 set_cookie! Cookies::TYPICAL.first 81 89 new_session do |session| 82 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect90 assert_no_cookies session 83 91 session['user_id'] = session['user_id'] 84 92 session.close 85 assert_nil session.cgi.output_cookies, session.cgi.output_cookies.inspect 93 assert_no_cookies session 94 end 95 end 96 97 def test_close_raises_when_data_overflows 98 set_cookie! Cookies::EMPTY.first 99 new_session do |session| 100 session['overflow'] = 'bye!' * 1024 101 assert_raise(CGI::Session::CookieStore::CookieOverflow) { session.close } 102 assert_no_cookies session 86 103 end 87 104 end … … 90 107 set_cookie! Cookies::TYPICAL.first 91 108 new_session do |session| 92 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect109 assert_no_cookies session 93 110 session['flash'] = {} 94 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect111 assert_no_cookies session 95 112 session.close 96 113 assert_equal 1, session.cgi.output_cookies.size … … 98 115 assert_equal ['_myapp_session', [Cookies::FLASHED.first]], 99 116 [cookie.name, cookie.value] 117 assert_cookie cookie, Cookies::FLASHED.first 100 118 end 101 119 end … … 104 122 set_cookie! Cookies::TYPICAL.first 105 123 new_session do |session| 106 assert_n il session.cgi.output_cookies, session.cgi.output_cookies.inspect124 assert_no_cookies session 107 125 session.delete 108 assert_equal 1, session.cgi.output_cookies.size 109 cookie = session.cgi.output_cookies.first 110 assert_equal ['_myapp_session', [], 1.year.ago.to_date], 111 [cookie.name, cookie.value, cookie.expires.to_date] 126 assert_cookie_deleted session 112 127 113 128 # @data is set to nil so #close doesn't send another cookie. 114 129 session.close 115 assert_equal ['_myapp_session', [], 1.year.ago.to_date], 116 [cookie.name, cookie.value, cookie.expires.to_date] 130 assert_cookie_deleted session 117 131 end 118 132 end 119 133 120 134 private 135 def assert_no_cookies(session) 136 assert_nil session.cgi.output_cookies, session.cgi.output_cookies.inspect 137 end 138 139 def assert_cookie_deleted(session, message = 'Expected session deletion cookie to be set') 140 assert_equal 1, session.cgi.output_cookies.size 141 cookie = session.cgi.output_cookies.first 142 assert_cookie cookie, nil, 1.year.ago.to_date, message 143 end 144 145 def assert_cookie(cookie, value = nil, expires = nil, message = nil) 146 assert_equal '_myapp_session', cookie.name, message 147 assert_equal [value].compact, cookie.value, message 148 assert_equal expires, cookie.expires ? cookie.expires.to_date : cookie.expires, message 149 end 150 121 151 def set_cookie!(value) 122 152 ENV['HTTP_COOKIE'] = "_myapp_session=#{value}"
