class CookieStoreTest

Constants

Generator
SessionKey
SessionSecret
SignedBar
SignedSerializedCookie

{:foo=>#<SessionAutoloadTest::Foo bar:“baz”>, :session_id=>“ce8b0752a6ab7c7af3cdb8a80e6b9e46”}

Verifier

Public Instance Methods

test_class_type_after_session_reset() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 213
def test_class_type_after_session_reset
  with_test_route_set do
    get "/set_session_value"
    assert_response :success
    assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
      headers["Set-Cookie"]

    get "/get_class_after_reset_session"
    assert_response :success
    assert_not_equal [], headers["Set-Cookie"]
    assert_equal "class: ActionDispatch::Request::Session", response.body
  end
end
test_close_raises_when_data_overflows() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 167
def test_close_raises_when_data_overflows
  with_test_route_set do
    assert_raise(ActionDispatch::Cookies::CookieOverflow) {
      get "/raise_data_overflow"
    }
  end
end
test_deserializes_unloaded_classes_on_get_id() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 145
def test_deserializes_unloaded_classes_on_get_id
  with_test_route_set do
    with_autoload_path "session_autoload_test" do
      cookies[SessionKey] = SignedSerializedCookie
      get "/get_session_id"
      assert_response :success
      assert_equal "id: ce8b0752a6ab7c7af3cdb8a80e6b9e46", response.body, "should auto-load unloaded class"
    end
  end
end
test_deserializes_unloaded_classes_on_get_value() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 156
def test_deserializes_unloaded_classes_on_get_value
  with_test_route_set do
    with_autoload_path "session_autoload_test" do
      cookies[SessionKey] = SignedSerializedCookie
      get "/get_session_value"
      assert_response :success
      assert_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">', response.body, "should auto-load unloaded class"
    end
  end
end
test_disregards_tampered_sessions() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 105
def test_disregards_tampered_sessions
  with_test_route_set do
    cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
    get "/get_session_value"
    assert_response :success
    assert_equal "foo: nil", response.body
  end
end
test_does_not_set_secure_cookies_over_http() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 114
def test_does_not_set_secure_cookies_over_http
  with_test_route_set(secure: true) do
    get "/set_session_value"
    assert_response :success
    assert_nil headers["Set-Cookie"]
  end
end
test_does_set_secure_cookies_over_https() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 133
def test_does_set_secure_cookies_over_https
  with_test_route_set(secure: true) do
    get "/set_session_value", headers: { "HTTPS" => "on" }
    assert_response :success
    assert_equal "_myapp_session=#{response.body}; path=/; secure; HttpOnly",
      headers["Set-Cookie"]
  end
end
test_getting_from_nonexistent_session() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 227
def test_getting_from_nonexistent_session
  with_test_route_set do
    get "/get_session_value"
    assert_response :success
    assert_equal "foo: nil", response.body
    assert_nil headers["Set-Cookie"], "should only create session on write, not read"
  end
end
test_getting_session_id() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 91
def test_getting_session_id
  with_test_route_set do
    cookies[SessionKey] = SignedBar
    get "/persistent_session_id"
    assert_response :success
    assert_equal 32, response.body.size
    session_id = response.body

    get "/get_session_id"
    assert_response :success
    assert_equal "id: #{session_id}", response.body, "should be able to read session id without accessing the session hash"
  end
end
test_getting_session_value() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 82
def test_getting_session_value
  with_test_route_set do
    cookies[SessionKey] = SignedBar
    get "/get_session_value"
    assert_response :success
    assert_equal 'foo: "bar"', response.body
  end
end
test_persistent_session_id() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 252
def test_persistent_session_id
  with_test_route_set do
    cookies[SessionKey] = SignedBar
    get "/persistent_session_id"
    assert_response :success
    assert_equal 32, response.body.size
    session_id = response.body
    get "/persistent_session_id"
    assert_equal session_id, response.body
    reset!
    get "/persistent_session_id"
    assert_not_equal session_id, response.body
  end
end
test_properly_renew_cookies() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 122
def test_properly_renew_cookies
  with_test_route_set do
    get "/set_session_value"
    get "/persistent_session_id"
    session_id = response.body
    get "/renew_session_id"
    get "/persistent_session_id"
    assert_not_equal response.body, session_id
  end
end
test_session_store_with_all_domains() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 335
def test_session_store_with_all_domains
  with_test_route_set(domain: :all) do
    get "/set_session_value"
    assert_match(/domain=\.example\.com/, headers["Set-Cookie"])
  end
end
test_session_store_with_expire_after() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 280
def test_session_store_with_expire_after
  with_test_route_set(expire_after: 5.hours) do
    # First request accesses the session
    time = Time.local(2008, 4, 24)
    cookie_body = nil

    Time.stub :now, time do
      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000")

      cookies[SessionKey] = SignedBar

      get "/set_session_value_expires_in_five_hours"
      assert_response :success

      cookie_body = response.body
      assert_equal "_myapp_session=#{cookie_body}; path=/; expires=#{expected_expiry}; HttpOnly",
        headers["Set-Cookie"]
    end

    # Second request does not access the session
    time = Time.local(2008, 4, 25)
    Time.stub :now, time do
      expected_expiry = (time + 5.hours).gmtime.strftime("%a, %d %b %Y %H:%M:%S -0000")

      get "/no_session_access"
      assert_response :success

      assert_equal "_myapp_session=#{cookies[SessionKey]}; path=/; expires=#{expected_expiry}; HttpOnly",
        headers["Set-Cookie"]
    end
  end
end
test_session_store_with_explicit_domain() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 313
def test_session_store_with_explicit_domain
  with_test_route_set(domain: "example.es") do
    get "/set_session_value"
    assert_match(/domain=example\.es/, headers["Set-Cookie"])
    headers["Set-Cookie"]
  end
end
test_session_store_with_nil_domain() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 328
def test_session_store_with_nil_domain
  with_test_route_set(domain: nil) do
    get "/set_session_value"
    assert_no_match(/domain\=/, headers["Set-Cookie"])
  end
end
test_session_store_without_domain() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 321
def test_session_store_without_domain
  with_test_route_set do
    get "/set_session_value"
    assert_no_match(/domain\=/, headers["Set-Cookie"])
  end
end
test_setting_session_id_to_nil_is_respected() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 267
def test_setting_session_id_to_nil_is_respected
  with_test_route_set do
    cookies[SessionKey] = SignedBar

    get "/get_session_id"
    sid = response.body
    assert_equal 36, sid.size

    get "/change_session_id"
    assert_not_equal sid, response.body
  end
end
test_setting_session_value() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 73
def test_setting_session_value
  with_test_route_set do
    get "/set_session_value"
    assert_response :success
    assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
      headers["Set-Cookie"]
  end
end
test_setting_session_value_after_session_clear() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 236
def test_setting_session_value_after_session_clear
  with_test_route_set do
    get "/set_session_value"
    assert_response :success
    assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
      headers["Set-Cookie"]

    get "/call_session_clear"
    assert_response :success

    get "/get_session_value"
    assert_response :success
    assert_equal "foo: nil", response.body
  end
end
test_setting_session_value_after_session_reset() click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 193
def test_setting_session_value_after_session_reset
  with_test_route_set do
    get "/set_session_value"
    assert_response :success
    session_payload = response.body
    assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
      headers["Set-Cookie"]

    get "/call_reset_session"
    assert_response :success
    assert_not_equal [], headers["Set-Cookie"]
    assert_not_nil session_payload
    assert_not_equal session_payload, cookies[SessionKey]

    get "/get_session_value"
    assert_response :success
    assert_equal "foo: nil", response.body
  end
end

Private Instance Methods

get(path, *args) click to toggle source

Overwrite get to send SessionSecret in env hash

Calls superclass method TestHelpers::Rack#get
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 345
def get(path, *args)
  args[0] ||= {}
  args[0][:headers] ||= {}
  args[0][:headers]["action_dispatch.key_generator"] ||= Generator
  super(path, *args)
end
with_test_route_set(options = {}) { || ... } click to toggle source
# File actionpack/test/dispatch/session/cookie_store_test.rb, line 352
def with_test_route_set(options = {})
  with_routing do |set|
    set.draw do
      ActiveSupport::Deprecation.silence do
        get ":action", to: ::CookieStoreTest::TestController
      end
    end

    options = { key: SessionKey }.merge!(options)

    @app = self.class.build_app(set) do |middleware|
      middleware.use ActionDispatch::Session::CookieStore, options
      middleware.delete ActionDispatch::ShowExceptions
    end

    yield
  end
end