Fix bug where cookies mutated by request were not persisted

With changes made in 8363b8 and ae29142 cookies that are mutated on the request like `cookies.signed = x` were not retained in subsequent tests, breaking cookie authentiation in controller tests. The test added demonstrates the issue. The reason we need to select from non-deleted cookies is because without checking the `@delete_cookies` the `cookie_jar` `@cookies` will send the wrong cookies to be updated. The code must check for `@deleted_cookies` before sending an `#update` with the requests cookie_jar cookies. This follows how the cookie_jar cookies from the request were updated before these changes.
2015-09-01 04:20:32 -04:00 · 2015-09-01 04:20:32 -04:00 · 75a121a2c5
parent 8ce0fdb5c4
commit 75a121a2c5
3 changed files with 17 additions and 0 deletions
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@ -476,6 +476,7 @@ module ActionController
        end

        self.cookies.update @request.cookies
+        self.cookies.update_cookies_from_jar
        @request.set_header 'HTTP_COOKIE', cookies.to_header
        @request.delete_header 'action_dispatch.cookies'

--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@ -319,6 +319,13 @@ module ActionDispatch
        self
      end

+      def update_cookies_from_jar
+        request_jar = @request.cookie_jar.instance_variable_get(:@cookies)
+        set_cookies = request_jar.reject { |k,_| @delete_cookies.key?(k) }
+
+        @cookies.update set_cookies if set_cookies
+      end
+
      def to_header
        @cookies.map { |k,v| "#{k}=#{v}" }.join ';'
      end
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@ -653,6 +653,15 @@ class CookiesTest < ActionController::TestCase
    end
  end

+  def test_cookie_jar_mutated_by_request_persists_on_future_requests
+    get :authenticate
+    cookie_jar = @request.cookie_jar
+    cookie_jar.signed[:user_id] = 123
+    assert_equal ["user_name", "user_id"], @request.cookie_jar.instance_variable_get(:@cookies).keys
+    get :get_signed_cookie
+    assert_equal ["user_name", "user_id"], @request.cookie_jar.instance_variable_get(:@cookies).keys
+  end
+
  def test_raises_argument_error_if_missing_secret
    assert_raise(ArgumentError, nil.inspect) {
      @request.env["action_dispatch.key_generator"] = ActiveSupport::LegacyKeyGenerator.new(nil)