test/spec_session_cookie.rb in rack-1.3.10 vs test/spec_session_cookie.rb in rack-1.4.0
- old
+ new
@@ -9,11 +9,11 @@
hash.delete("session_id")
Rack::Response.new(hash.inspect).to_a
end
session_id = lambda do |env|
- Rack::Response.new(env["rack.session"].inspect).to_a
+ Rack::Response.new(env["rack.session"].to_hash.inspect).to_a
end
session_option = lambda do |opt|
lambda do |env|
Rack::Response.new(env["rack.session.options"][opt].inspect).to_a
@@ -22,21 +22,10 @@
nothing = lambda do |env|
Rack::Response.new("Nothing").to_a
end
- before do
- @warnings = warnings = []
- Rack::Session::Cookie.class_eval do
- define_method(:warn) { |m| warnings << m }
- end
- end
-
- after do
- Rack::Session::Cookie.class_eval { remove_method :warn }
- end
-
describe 'Base64' do
it 'uses base64 to encode' do
coder = Rack::Session::Cookie::Base64.new
str = 'fuuuuu'
coder.encode(str).should.equal [str].pack('m')
@@ -66,18 +55,10 @@
coder.decode('lulz').should.equal nil
end
end
end
- it "warns if no secret is given" do
- cookie = Rack::Session::Cookie.new(incrementor)
- @warnings.first.should =~ /no secret/i
- @warnings.clear
- cookie = Rack::Session::Cookie.new(incrementor, :secret => 'abc')
- @warnings.should.be.empty?
- end
-
it 'uses a coder' do
identity = Class.new {
attr_reader :calls
def initialize
@@ -116,22 +97,27 @@
env["rack.session.options"][:renew] = true
Rack::Response.new("Nothing").to_a
end
only_session_id = lambda do |env|
- Rack::Response.new(env["rack.session"]["session_id"]).to_a
+ Rack::Response.new(env["rack.session"]["session_id"].to_s).to_a
end
it "renew session id" do
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/")
res = Rack::MockRequest.new(Rack::Session::Cookie.new(only_session_id)).
get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+
+ res.body.should.not.equal ""
old_session_id = res.body
+
res = Rack::MockRequest.new(Rack::Session::Cookie.new(renewer)).
get("/", "HTTP_COOKIE" => res["Set-Cookie"])
res = Rack::MockRequest.new(Rack::Session::Cookie.new(only_session_id)).
get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+
+ res.body.should.not.equal ""
res.body.should.not.equal old_session_id
end
it "survives broken cookies" do
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
@@ -161,10 +147,22 @@
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
get("/", "HTTP_COOKIE" => cookie)
res.body.should.equal '{"counter"=>3}'
end
+ it "loads from a cookie wih accept-only integrity hash for graceful key rotation" do
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).get("/")
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test2', :old_secret => 'test')).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>2}'
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test3', :old_secret => 'test2')).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>3}'
+ end
+
it "ignores tampered with session cookies" do
app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
response1 = Rack::MockRequest.new(app).get("/")
response1.body.should.equal '{"counter"=>1}'
@@ -175,10 +173,42 @@
# Tampared cookie was ignored. Counter is back to 1.
response2.body.should.equal '{"counter"=>1}'
end
+ describe "1.9 bugs relating to inspecting yet-to-be-loaded from cookie data: Rack::Session::Abstract::SessionHash" do
+
+ it "can handle Rack::Lint middleware" do
+ app = Rack::Session::Cookie.new(incrementor)
+ res = Rack::MockRequest.new(app).get("/")
+
+ app = Rack::Session::Cookie.new(Rack::Lint.new(session_id))
+ res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+ res.body.should.not.be.nil
+ end
+
+ it "can handle a middleware that inspects the env" do
+ class TestEnvInspector
+ def initialize(app)
+ @app = app
+ end
+ def call(env)
+ env.inspect
+ @app.call(env)
+ end
+ end
+
+ app = Rack::Session::Cookie.new(incrementor)
+ res = Rack::MockRequest.new(app).get("/")
+
+ app = Rack::Session::Cookie.new(TestEnvInspector.new(session_id))
+ res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+ res.body.should.not.be.nil
+ end
+
+ end
+
it "returns the session id in the session hash" do
app = Rack::Session::Cookie.new(incrementor)
res = Rack::MockRequest.new(app).get("/")
res.body.should.equal '{"counter"=>1}'
@@ -209,11 +239,17 @@
res["Set-Cookie"].should.be.nil
end
it "returns even if not read/written if :expire_after is set" do
app = Rack::Session::Cookie.new(nothing, :expire_after => 3600)
- res = Rack::MockRequest.new(app).get("/")
+ res = Rack::MockRequest.new(app).get("/", 'rack.session' => {'not' => 'empty'})
res["Set-Cookie"].should.not.be.nil
+ end
+
+ it "returns no cookie if no data was written and no session was created previously, even if :expire_after is set" do
+ app = Rack::Session::Cookie.new(nothing, :expire_after => 3600)
+ res = Rack::MockRequest.new(app).get("/")
+ res["Set-Cookie"].should.be.nil
end
it "exposes :secret in env['rack.session.option']" do
app = Rack::Session::Cookie.new(session_option[:secret], :secret => "foo")
res = Rack::MockRequest.new(app).get("/")