2008-01-05 08:32:06 -05:00
|
|
|
require 'abstract_unit'
|
2014-03-16 19:08:16 -04:00
|
|
|
require 'securerandom'
|
2007-10-14 16:46:06 -04:00
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
# You need to start a memcached server inorder to run these tests
|
2010-09-24 20:15:52 -04:00
|
|
|
class MemCacheStoreTest < ActionDispatch::IntegrationTest
|
2008-12-15 17:33:31 -05:00
|
|
|
class TestController < ActionController::Base
|
|
|
|
def no_session_access
|
|
|
|
head :ok
|
|
|
|
end
|
2007-10-14 16:46:06 -04:00
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
def set_session_value
|
|
|
|
session[:foo] = "bar"
|
|
|
|
head :ok
|
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2010-06-27 14:35:31 -04:00
|
|
|
def set_serialized_session_value
|
|
|
|
session[:foo] = SessionAutoloadTest::Foo.new
|
|
|
|
head :ok
|
|
|
|
end
|
2007-10-14 16:46:06 -04:00
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
def get_session_value
|
|
|
|
render :text => "foo: #{session[:foo].inspect}"
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
2008-12-15 17:33:31 -05:00
|
|
|
|
2009-02-07 00:15:39 -05:00
|
|
|
def get_session_id
|
2009-03-09 23:45:38 -04:00
|
|
|
render :text => "#{request.session_options[:id]}"
|
2009-02-07 00:15:39 -05:00
|
|
|
end
|
|
|
|
|
2008-12-20 15:37:51 -05:00
|
|
|
def call_reset_session
|
2009-03-09 23:45:38 -04:00
|
|
|
session[:bar]
|
2008-12-20 15:37:51 -05:00
|
|
|
reset_session
|
2009-03-09 23:45:38 -04:00
|
|
|
session[:bar] = "baz"
|
2008-12-20 15:37:51 -05:00
|
|
|
head :ok
|
|
|
|
end
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
begin
|
2012-08-27 00:16:35 -04:00
|
|
|
require 'dalli'
|
|
|
|
ss = Dalli::Client.new('localhost:11211').stats
|
|
|
|
raise Dalli::DalliError unless ss['localhost:11211']
|
2009-09-26 21:02:47 -04:00
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
def test_setting_and_getting_session_value
|
|
|
|
with_test_route_set do
|
|
|
|
get '/set_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert cookies['_session_id']
|
2007-10-14 16:46:06 -04:00
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal 'foo: "bar"', response.body
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
def test_getting_nil_session_value
|
|
|
|
with_test_route_set do
|
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
2009-02-07 00:15:39 -05:00
|
|
|
assert_equal 'foo: nil', response.body
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
|
|
|
|
2010-06-22 09:55:50 -04:00
|
|
|
def test_getting_session_value_after_session_reset
|
|
|
|
with_test_route_set do
|
|
|
|
get '/set_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert cookies['_session_id']
|
|
|
|
session_cookie = cookies.send(:hash_for)['_session_id']
|
|
|
|
|
|
|
|
get '/call_reset_session'
|
|
|
|
assert_response :success
|
|
|
|
assert_not_equal [], headers['Set-Cookie']
|
|
|
|
|
|
|
|
cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
|
|
|
|
|
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from memcached"
|
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2010-06-22 09:55:50 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_getting_from_nonexistent_session
|
|
|
|
with_test_route_set do
|
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal 'foo: nil', response.body
|
|
|
|
assert_nil cookies['_session_id'], "should only create session on write, not read"
|
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2010-06-22 09:55:50 -04:00
|
|
|
end
|
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
def test_setting_session_value_after_session_reset
|
2008-12-15 17:33:31 -05:00
|
|
|
with_test_route_set do
|
2009-02-07 00:15:39 -05:00
|
|
|
get '/set_session_value'
|
2008-12-15 17:33:31 -05:00
|
|
|
assert_response :success
|
2009-02-07 00:15:39 -05:00
|
|
|
assert cookies['_session_id']
|
2008-12-15 17:33:31 -05:00
|
|
|
session_id = cookies['_session_id']
|
2007-10-14 16:46:06 -04:00
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
get '/call_reset_session'
|
2009-02-07 00:15:39 -05:00
|
|
|
assert_response :success
|
2009-03-09 23:45:38 -04:00
|
|
|
assert_not_equal [], headers['Set-Cookie']
|
2008-12-15 17:33:31 -05:00
|
|
|
|
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal 'foo: nil', response.body
|
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
get '/get_session_id'
|
2008-12-15 17:33:31 -05:00
|
|
|
assert_response :success
|
2009-03-09 23:45:38 -04:00
|
|
|
assert_not_equal session_id, response.body
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
2008-12-20 15:37:51 -05:00
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
def test_getting_session_id
|
2008-12-20 15:37:51 -05:00
|
|
|
with_test_route_set do
|
|
|
|
get '/set_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert cookies['_session_id']
|
2009-03-09 23:45:38 -04:00
|
|
|
session_id = cookies['_session_id']
|
2008-12-20 15:37:51 -05:00
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
get '/get_session_id'
|
2008-12-20 15:37:51 -05:00
|
|
|
assert_response :success
|
2010-06-22 09:55:50 -04:00
|
|
|
assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
|
2009-03-09 23:45:38 -04:00
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2009-03-09 23:45:38 -04:00
|
|
|
end
|
2008-12-20 15:37:51 -05:00
|
|
|
|
2010-06-27 14:35:31 -04:00
|
|
|
def test_deserializes_unloaded_class
|
|
|
|
with_test_route_set do
|
|
|
|
with_autoload_path "session_autoload_test" do
|
|
|
|
get '/set_serialized_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert cookies['_session_id']
|
|
|
|
end
|
|
|
|
with_autoload_path "session_autoload_test" do
|
|
|
|
get '/get_session_id'
|
|
|
|
assert_response :success
|
|
|
|
end
|
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2010-06-27 14:35:31 -04:00
|
|
|
end
|
|
|
|
|
2010-06-24 15:42:08 -04:00
|
|
|
def test_doesnt_write_session_cookie_if_session_id_is_already_exists
|
|
|
|
with_test_route_set do
|
|
|
|
get '/set_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert cookies['_session_id']
|
|
|
|
|
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
|
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2010-06-24 15:42:08 -04:00
|
|
|
end
|
|
|
|
|
2009-03-09 23:45:38 -04:00
|
|
|
def test_prevents_session_fixation
|
|
|
|
with_test_route_set do
|
2008-12-20 15:37:51 -05:00
|
|
|
get '/get_session_value'
|
|
|
|
assert_response :success
|
|
|
|
assert_equal 'foo: nil', response.body
|
2009-03-09 23:45:38 -04:00
|
|
|
session_id = cookies['_session_id']
|
|
|
|
|
|
|
|
reset!
|
|
|
|
|
|
|
|
get '/set_session_value', :_session_id => session_id
|
|
|
|
assert_response :success
|
2009-09-26 21:51:05 -04:00
|
|
|
assert_not_equal session_id, cookies['_session_id']
|
2008-12-20 15:37:51 -05:00
|
|
|
end
|
2014-05-26 15:15:53 -04:00
|
|
|
rescue Dalli::RingError => ex
|
|
|
|
skip ex.message, ex.backtrace
|
2008-12-20 15:37:51 -05:00
|
|
|
end
|
2012-08-27 00:16:35 -04:00
|
|
|
rescue LoadError, RuntimeError, Dalli::DalliError
|
2008-12-15 17:33:31 -05:00
|
|
|
$stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again."
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
2008-12-15 17:33:31 -05:00
|
|
|
def with_test_route_set
|
|
|
|
with_routing do |set|
|
2010-08-05 09:44:23 -04:00
|
|
|
set.draw do
|
2012-04-24 23:32:09 -04:00
|
|
|
get ':action', :to => ::MemCacheStoreTest::TestController
|
2008-12-15 17:33:31 -05:00
|
|
|
end
|
2010-05-17 21:18:23 -04:00
|
|
|
|
|
|
|
@app = self.class.build_app(set) do |middleware|
|
2014-03-16 19:06:27 -04:00
|
|
|
middleware.use ActionDispatch::Session::MemCacheStore, :key => '_session_id', :namespace => "mem_cache_store_test:#{SecureRandom.hex(10)}"
|
2010-05-17 21:18:23 -04:00
|
|
|
middleware.delete "ActionDispatch::ShowExceptions"
|
|
|
|
end
|
|
|
|
|
2008-12-15 17:33:31 -05:00
|
|
|
yield
|
|
|
|
end
|
2007-10-14 16:46:06 -04:00
|
|
|
end
|
|
|
|
end
|