X-Git-Url: https://git.njae.me.uk/?a=blobdiff_plain;f=vendor%2Frails%2Factionpack%2Ftest%2Fcontroller%2Fsession%2Fcookie_store_test.rb;fp=vendor%2Frails%2Factionpack%2Ftest%2Fcontroller%2Fsession%2Fcookie_store_test.rb;h=0000000000000000000000000000000000000000;hb=36d9f3351a3b4e8159279445190e2287ffdea86c;hp=9c93ca6539497fff5b592d4e69a606161448e4c1;hpb=913cf6054b1d29b5d2f5e620304af7ee77cc1f1f;p=feedcatcher.git diff --git a/vendor/rails/actionpack/test/controller/session/cookie_store_test.rb b/vendor/rails/actionpack/test/controller/session/cookie_store_test.rb deleted file mode 100644 index 9c93ca6..0000000 --- a/vendor/rails/actionpack/test/controller/session/cookie_store_test.rb +++ /dev/null @@ -1,239 +0,0 @@ -require 'abstract_unit' -require 'stringio' - -class CookieStoreTest < ActionController::IntegrationTest - SessionKey = '_myapp_session' - SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33' - - DispatcherApp = ActionController::Dispatcher.new - CookieStoreApp = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret) - - Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1') - - SignedBar = "BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367" - - class TestController < ActionController::Base - def no_session_access - head :ok - end - - def persistent_session_id - render :text => session[:session_id] - end - - def set_session_value - session[:foo] = "bar" - render :text => Rack::Utils.escape(Verifier.generate(session.to_hash)) - end - - def get_session_value - render :text => "foo: #{session[:foo].inspect}" - end - - def get_session_id - render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}" - end - - def call_reset_session - reset_session - head :ok - end - - def raise_data_overflow - session[:foo] = 'bye!' * 1024 - head :ok - end - - def rescue_action(e) raise end - end - - def setup - @integration_session = open_session(CookieStoreApp) - end - - def test_raises_argument_error_if_missing_session_key - assert_raise(ArgumentError, nil.inspect) { - ActionController::Session::CookieStore.new(nil, - :key => nil, :secret => SessionSecret) - } - - assert_raise(ArgumentError, ''.inspect) { - ActionController::Session::CookieStore.new(nil, - :key => '', :secret => SessionSecret) - } - end - - def test_raises_argument_error_if_missing_secret - assert_raise(ArgumentError, nil.inspect) { - ActionController::Session::CookieStore.new(nil, - :key => SessionKey, :secret => nil) - } - - assert_raise(ArgumentError, ''.inspect) { - ActionController::Session::CookieStore.new(nil, - :key => SessionKey, :secret => '') - } - end - - def test_raises_argument_error_if_secret_is_probably_insecure - assert_raise(ArgumentError, "password".inspect) { - ActionController::Session::CookieStore.new(nil, - :key => SessionKey, :secret => "password") - } - - assert_raise(ArgumentError, "secret".inspect) { - ActionController::Session::CookieStore.new(nil, - :key => SessionKey, :secret => "secret") - } - - assert_raise(ArgumentError, "12345678901234567890123456789".inspect) { - ActionController::Session::CookieStore.new(nil, - :key => SessionKey, :secret => "12345678901234567890123456789") - } - end - - def test_setting_session_value - with_test_route_set do - get '/set_session_value' - assert_response :success - assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] - end - end - - def test_getting_session_value - with_test_route_set do - cookies[SessionKey] = SignedBar - get '/get_session_value' - assert_response :success - assert_equal 'foo: "bar"', response.body - end - end - - def test_getting_session_id - with_test_route_set do - cookies[SessionKey] = SignedBar - get '/persistent_session_id' - assert_response :success - assert_equal response.body.size, 32 - session_id = response.body - - get '/get_session_id' - assert_response :success - assert_equal "foo: \"bar\"; id: #{session_id}", response.body - end - end - - def test_disregards_tampered_sessions - with_test_route_set do - cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780" - get '/get_session_value' - assert_response :success - assert_equal 'foo: nil', response.body - end - end - - def test_close_raises_when_data_overflows - with_test_route_set do - assert_raise(ActionController::Session::CookieStore::CookieOverflow) { - get '/raise_data_overflow' - } - end - end - - def test_doesnt_write_session_cookie_if_session_is_not_accessed - with_test_route_set do - get '/no_session_access' - assert_response :success - assert_equal "", headers['Set-Cookie'] - end - end - - def test_doesnt_write_session_cookie_if_session_is_unchanged - with_test_route_set do - cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--" + - "fef868465920f415f2c0652d6910d3af288a0367" - get '/no_session_access' - assert_response :success - assert_equal "", headers['Set-Cookie'] - end - end - - def test_setting_session_value_after_session_reset - with_test_route_set do - get '/set_session_value' - assert_response :success - session_payload = response.body - assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly", - headers['Set-Cookie'] - - get '/call_reset_session' - assert_response :success - assert_not_equal [], headers['Set-Cookie'] - assert_not_equal session_payload, cookies[SessionKey] - - get '/get_session_value' - assert_response :success - assert_equal 'foo: nil', response.body - end - end - - def test_persistent_session_id - with_test_route_set do - cookies[SessionKey] = SignedBar - get '/persistent_session_id' - assert_response :success - assert_equal response.body.size, 32 - session_id = response.body - get '/persistent_session_id' - assert_equal session_id, response.body - reset! - get '/persistent_session_id' - assert_not_equal session_id, response.body - end - end - - def test_session_store_with_expire_after - app = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret, :expire_after => 5.hours) - @integration_session = open_session(app) - - with_test_route_set do - # First request accesses the session - time = Time.local(2008, 4, 24) - Time.stubs(:now).returns(time) - expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT") - - cookies[SessionKey] = SignedBar - - get '/set_session_value' - assert_response :success - - cookie_body = response.body - assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", - headers['Set-Cookie'] - - # Second request does not access the session - time = Time.local(2008, 4, 25) - Time.stubs(:now).returns(time) - expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d-%b-%Y %H:%M:%S GMT") - - get '/no_session_access' - assert_response :success - - assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly", - headers['Set-Cookie'] - end - end - - private - def with_test_route_set - with_routing do |set| - set.draw do |map| - map.with_options :controller => "cookie_store_test/test" do |c| - c.connect "/:action" - end - end - yield - end - end -end