kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test/dispatch/session/mem_cache_store_test.rb

209 lines
5.9 KiB
Ruby
Raw Normal View History

Use frozen string literal in actionpack/
2017-07-24 16:20:53 -04:00
# frozen_string_literal: true
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
require "abstract_unit"
require "securerandom"
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
# You need to start a memcached server inorder to run these tests
Remove deprecated stuff in ActionController This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
2010-09-24 20:15:52 -04:00
class MemCacheStoreTest < ActionDispatch::IntegrationTest
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
class TestController < ActionController::Base
def no_session_access
head :ok
end
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
def set_session_value
session[:foo] = "bar"
head :ok
end
Deletes trailing whitespaces (over text files only find * -type f -exec sed 's/[ \t]*$//' -i {} \;)
2010-08-14 01:13:00 -04:00
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
def set_serialized_session_value
session[:foo] = SessionAutoloadTest::Foo.new
head :ok
end
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
def get_session_value
Stop using deprecated `render :text` in test This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
2015-07-17 21:48:00 -04:00
render plain: "foo: #{session[:foo].inspect}"
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
Ensure session id is set in session options hash [#1880 state:resolved]
2009-02-07 00:15:39 -05:00
def get_session_id
Stop using deprecated `render :text` in test This will silence deprecation warnings. Most of the test can be changed from `render :text` to render `:plain` or `render :body` right away. However, there are some tests that needed to be fixed by hand as they actually assert the default Content-Type returned from `render :body`.
2015-07-17 21:48:00 -04:00
render plain: "#{request.session.id}"
Ensure session id is set in session options hash [#1880 state:resolved]
2009-02-07 00:15:39 -05:00
end
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
def call_reset_session
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
session[:bar]
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
reset_session
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
session[:bar] = "baz"
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
head :ok
end
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
begin
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
require "dalli"
Respect ENV variables when finding DBs etc for the test suite If they're not set we'll still fall back to localhost, but this makes it possible to run the tests against a remote Postgres / Redis / whatever.
2019-02-05 09:50:06 -05:00
servers = ENV["MEMCACHE_SERVERS"] || "localhost:11211"
ss = Dalli::Client.new(servers).stats
raise Dalli::DalliError unless ss[servers]
Fix skipping memcache tests if a memcache server isn't running
2009-09-26 21:02:47 -04:00
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
def test_setting_and_getting_session_value
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
assert_equal 'foo: "bar"', response.body
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
def test_getting_nil_session_value
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "foo: nil", response.body
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
def test_getting_session_value_after_session_reset
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
session_cookie = cookies.send(:hash_for)["_session_id"]
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/call_reset_session"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_not_equal [], headers["Set-Cookie"]
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "foo: nil", response.body, "data for this session should have been obliterated from memcached"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
end
def test_getting_from_nonexistent_session
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "foo: nil", response.body
assert_nil cookies["_session_id"], "should only create session on write, not read"
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
end
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
def test_setting_session_value_after_session_reset
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
session_id = cookies["_session_id"]
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/call_reset_session"
Ensure session id is set in session options hash [#1880 state:resolved]
2009-02-07 00:15:39 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_not_equal [], headers["Set-Cookie"]
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "foo: nil", response.body
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_id"
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
assert_response :success
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
assert_not_equal session_id, response.body
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
def test_getting_session_id
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value"
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
session_id = cookies["_session_id"]
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_id"
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
assert_response :success
Sessions should not be created until written to and session data should be destroyed on reset. [#4938] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
2010-06-22 09:55:50 -04:00
assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
end
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
def test_deserializes_unloaded_class
with_test_route_set do
with_autoload_path "session_autoload_test" do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_serialized_session_value"
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
end
with_autoload_path "session_autoload_test" do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_id"
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
assert_response :success
end
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Fixed that an ArgumentError is thrown when request.session_options[:id] is read in the following scenario: when the cookie store is used, and the session contains a serialized object of an unloaded class, and no session data accesses have occurred yet. Pushed the stale_session_check responsibility out of the SessionHash and down into the session store, closer to where the deserialization actually occurs. Added some test coverage for this case and others related to deserialization of unloaded types. [#4938] Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-27 14:35:31 -04:00
end
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
def test_doesnt_write_session_cookie_if_session_id_is_already_exists
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value"
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert cookies["_session_id"]
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
assert_response :success
"Use assert_nil if expecting nil. This will fail in minitest 6."
2016-12-24 12:29:52 -05:00
assert_nil headers["Set-Cookie"], "should not resend the cookie again if session_id cookie is already exists"
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Make sure that Rails doesn't resent session_id cookie over and over again if it's already there [#2485 state:resolved] This apply to only Active Record store and Memcached store, as they both store only the session_id, which will be unchanged, in the cookie. Signed-off-by: José Valim <jose.valim@gmail.com>
2010-06-24 15:42:08 -04:00
end
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
def test_prevents_session_fixation
with_test_route_set do
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/get_session_value"
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_equal "foo: nil", response.body
session_id = cookies["_session_id"]
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
reset!
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
get "/set_session_value", params: { _session_id: session_id }
reset_session should force a new session id to be generated [#2173]
2009-03-09 23:45:38 -04:00
assert_response :success
applies new string literal convention in actionpack/test The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
2016-08-06 12:54:50 -04:00
assert_not_equal session_id, cookies["_session_id"]
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
end
Skip individual tests upon Dalli::RingError Unlike the outer `rescue`, this one is much more precise about what we want to handle: a connection failure (`Dalli::RingError`) is not relevant to what we're testing here. But other Dalli errors may well be indicating an actual problem.
2014-05-26 15:15:53 -04:00
rescue Dalli::RingError => ex
skip ex.message, ex.backtrace
Fix reset_session with lazy cookie stores [#1601 state:resolved] Signed-off-by: Joshua Peek <josh@joshpeek.com>
2008-12-20 15:37:51 -05:00
end
Let's run action pack tests with Dalli There is no memcache gem left in repo.
2012-08-27 00:16:35 -04:00
rescue LoadError, RuntimeError, Dalli::DalliError
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
$stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again."
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
private
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
def with_test_route_set
with_routing do |set|
Removed deprecated RouteSet API, still many tests fail
2010-08-05 09:44:23 -04:00
set.draw do
Deprecate :controller and :action path parameters Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
2016-03-01 03:48:53 -05:00
ActiveSupport::Deprecation.silence do
modernizes hash syntax in actionpack
2016-08-06 13:35:13 -04:00
get ":action", to: ::MemCacheStoreTest::TestController
Deprecate :controller and :action path parameters Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
2016-03-01 03:48:53 -05:00
end
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
end
Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean.
2010-05-17 21:18:23 -04:00
@app = self.class.build_app(set) do |middleware|
Respect ENV variables when finding DBs etc for the test suite If they're not set we'll still fall back to localhost, but this makes it possible to run the tests against a remote Postgres / Redis / whatever.
2019-02-05 09:50:06 -05:00
middleware.use ActionDispatch::Session::MemCacheStore,
key: "_session_id", namespace: "mem_cache_store_test:#{SecureRandom.hex(10)}",
memcache_server: ENV["MEMCACHE_SERVERS"] || "localhost:11211"
Fix deprecation warning in tests Using the string version of the class reference is now deprecated when referencing middleware. This should be written as a class not as a string. Deprecation warning that this change fixes: ``` DEPRECATION WARNING: Passing strings or symbols to the middleware builder is deprecated, please change them to actual class references. For example: "ActionDispatch::ShowExceptions" => ActionDispatch::ShowExceptions ```
2015-08-08 10:27:23 -04:00
middleware.delete ActionDispatch::ShowExceptions
Cut the fat and make session stores rely on request.cookie_jar and change set_session semantics to return the cookie value instead of a boolean.
2010-05-17 21:18:23 -04:00
end
Switch to Rack based session stores.
2008-12-15 17:33:31 -05:00
yield
end
Memcached sessions: add session data on initialization; don't silently discard exceptions; add unit tests. Closes #9823. git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7885 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-10-14 16:46:06 -04:00
end
end
Copy permalink