mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fix #9168 Initialize NullCookieJar with all options needed for KeyGenerator
This commit is contained in:
parent
01e67316d8
commit
4127332a5f
4 changed files with 49 additions and 5 deletions
|
@ -13,6 +13,11 @@
|
|||
|
||||
*Yves Senn*
|
||||
|
||||
* Fix error (#9168) which was produced by setting signed/encrypted
|
||||
cookie when :null_session forgery protection method was used.
|
||||
|
||||
*Andrey Chernih*
|
||||
|
||||
* `assert_template` can be used to verify the locals of partials,
|
||||
which live inside a directory.
|
||||
Fixes #8516.
|
||||
|
|
|
@ -126,7 +126,7 @@ module ActionController #:nodoc:
|
|||
host = request.host
|
||||
secure = request.ssl?
|
||||
|
||||
new(key_generator, host, secure)
|
||||
new(key_generator, host, secure, options_for_env({}))
|
||||
end
|
||||
|
||||
def write(*)
|
||||
|
|
|
@ -110,13 +110,17 @@ module ActionDispatch
|
|||
# $& => example.local
|
||||
DOMAIN_REGEXP = /[^.]*\.([^.]*|..\...|...\...)$/
|
||||
|
||||
def self.options_for_env(env) #:nodoc:
|
||||
{ signed_cookie_salt: env[SIGNED_COOKIE_SALT] || '',
|
||||
encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT] || '',
|
||||
encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT] || '',
|
||||
token_key: env[TOKEN_KEY] }
|
||||
end
|
||||
|
||||
def self.build(request)
|
||||
env = request.env
|
||||
key_generator = env[GENERATOR_KEY]
|
||||
options = { signed_cookie_salt: env[SIGNED_COOKIE_SALT],
|
||||
encrypted_cookie_salt: env[ENCRYPTED_COOKIE_SALT],
|
||||
encrypted_signed_cookie_salt: env[ENCRYPTED_SIGNED_COOKIE_SALT],
|
||||
token_key: env[TOKEN_KEY] }
|
||||
options = options_for_env env
|
||||
|
||||
host = request.host
|
||||
secure = request.ssl?
|
||||
|
|
|
@ -66,6 +66,19 @@ class RequestForgeryProtectionControllerUsingException < ActionController::Base
|
|||
protect_from_forgery :only => %w(index meta), :with => :exception
|
||||
end
|
||||
|
||||
class RequestForgeryProtectionControllerUsingNullSession < ActionController::Base
|
||||
protect_from_forgery :with => :null_session
|
||||
|
||||
def signed
|
||||
cookies.signed[:foo] = 'bar'
|
||||
render :nothing => true
|
||||
end
|
||||
|
||||
def encrypted
|
||||
cookies.encrypted[:foo] = 'bar'
|
||||
render :nothing => true
|
||||
end
|
||||
end
|
||||
|
||||
class FreeCookieController < RequestForgeryProtectionControllerUsingResetSession
|
||||
self.allow_forgery_protection = false
|
||||
|
@ -287,6 +300,28 @@ class RequestForgeryProtectionControllerUsingResetSessionTest < ActionController
|
|||
end
|
||||
end
|
||||
|
||||
class NullSessionDummyKeyGenerator
|
||||
def generate_key(secret)
|
||||
'03312270731a2ed0d11ed091c2338a06'
|
||||
end
|
||||
end
|
||||
|
||||
class RequestForgeryProtectionControllerUsingNullSessionTest < ActionController::TestCase
|
||||
def setup
|
||||
@request.env[ActionDispatch::Cookies::GENERATOR_KEY] = NullSessionDummyKeyGenerator.new
|
||||
end
|
||||
|
||||
test 'should allow to set signed cookies' do
|
||||
post :signed
|
||||
assert_response :ok
|
||||
end
|
||||
|
||||
test 'should allow to set encrypted cookies' do
|
||||
post :encrypted
|
||||
assert_response :ok
|
||||
end
|
||||
end
|
||||
|
||||
class RequestForgeryProtectionControllerUsingExceptionTest < ActionController::TestCase
|
||||
include RequestForgeryProtectionTests
|
||||
def assert_blocked
|
||||
|
|
Loading…
Reference in a new issue