kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Renamed session_serializer option to cookies_serializer

Browse source
This commit is contained in:
Godfrey Chan 2014-02-04 09:31:48 -08:00
parent f0d8996dcc
commit b927d67dec
7 changed files with 64 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_dispatch.rb
View file

@ -84,8 +84,6 @@ module ActionDispatch
autoload :CookieStore, 'action_dispatch/middleware/session/cookie_store'
autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
autoload :CacheStore, 'action_dispatch/middleware/session/cache_store'
autoload :JsonSerializer, 'action_dispatch/middleware/session/json_serializer'
autoload :MarshalSerializer, 'action_dispatch/middleware/session/marshal_serializer'
end
mattr_accessor :test_app

45
actionpack/lib/action_dispatch/middleware/cookies.rb
View file

@ -89,7 +89,7 @@ module ActionDispatch
ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze
SECRET_TOKEN = "action_dispatch.secret_token".freeze
SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze
SESSION_SERIALIZER = "action_dispatch.session_serializer".freeze
COOKIES_SERIALIZER = "action_dispatch.cookies_serializer".freeze
# Cookies can typically store 4096 bytes.
MAX_COOKIE_SIZE = 4096
@ -212,7 +212,7 @@ module ActionDispatch
secret_token: env[SECRET_TOKEN],
secret_key_base: env[SECRET_KEY_BASE],
upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
session_serializer: env[SESSION_SERIALIZER]
serializer: env[COOKIES_SERIALIZER]
}
end
@ -374,14 +374,40 @@ module ActionDispatch
end
end
class JsonSerializer
def self.load(value)
JSON.parse(value, quirks_mode: true)
end
def self.dump(value)
JSON.generate(value, quirks_mode: true)
end
end
module SerializedCookieJars
protected
def serializer
serializer = @options[:serializer] || :marshal
case serializer
when :marshal
Marshal
when :json
JsonSerializer
else
serializer
end
end
end
class SignedCookieJar #:nodoc:
include ChainedCookieJars
include SerializedCookieJars
def initialize(parent_jar, key_generator, options = {})
@parent_jar = parent_jar
@options = options
secret = key_generator.generate_key(@options[:signed_cookie_salt])
@verifier = ActiveSupport::MessageVerifier.new(secret)
@verifier = ActiveSupport::MessageVerifier.new(secret, serializer: serializer)
end
def [](name)
@ -426,6 +452,7 @@ module ActionDispatch
class EncryptedCookieJar #:nodoc:
include ChainedCookieJars
include SerializedCookieJars
def initialize(parent_jar, key_generator, options = {})
if ActiveSupport::LegacyKeyGenerator === key_generator
@ -464,18 +491,6 @@ module ActionDispatch
rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage
nil
end
def serializer
serializer = @options[:session_serializer] || :marshal
case serializer
when :marshal
ActionDispatch::Session::MarshalSerializer
when :json
ActionDispatch::Session::JsonSerializer
else
serializer
end
end
end
# UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore

13
actionpack/lib/action_dispatch/middleware/session/json_serializer.rb
View file

@ -1,13 +0,0 @@
module ActionDispatch
module Session
class JsonSerializer
def self.load(value)
JSON.parse(value, quirks_mode: true)
end
def self.dump(value)
JSON.generate(value, quirks_mode: true)
end
end
end
end

14
actionpack/lib/action_dispatch/middleware/session/marshal_serializer.rb
View file

@ -1,14 +0,0 @@
module ActionDispatch
module Session
class MarshalSerializer
def self.load(value)
Marshal.load(value)
end
def self.dump(value)
Marshal.dump(value)
end
end
end
end

12
actionpack/test/dispatch/cookies_test.rb
View file

@ -379,28 +379,28 @@ class CookiesTest < ActionController::TestCase
assert_equal 'bar', cookies.encrypted[:foo]
end
class CustomJsonSerializer
class CustomSerializer
def self.load(value)
JSON.load(value) + " and loaded"
value.to_s + " and loaded"
end
def self.dump(value)
JSON.dump(value + " was dumped")
value.to_s + " was dumped"
end
end
def test_encrypted_cookie_using_serializer_object
@request.env["action_dispatch.session_serializer"] = CustomJsonSerializer
@request.env["action_dispatch.cookies_serializer"] = CustomSerializer
get :set_encrypted_cookie
assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo]
end
def test_encrypted_cookie_using_json_serializer
@request.env["action_dispatch.session_serializer"] = :json
@request.env["action_dispatch.cookies_serializer"] = :json
get :set_encrypted_cookie
cookies = @controller.send :cookies
assert_not_equal 'bar', cookies[:foo]
assert_raises TypeError do
assert_raises ::JSON::ParserError do
cookies.signed[:foo]
end
assert_equal 'bar', cookies.encrypted[:foo]

43
guides/source/action_controller_overview.md
View file

@ -381,22 +381,6 @@ You can also pass a `:domain` key and specify the domain name for the cookie:
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com"
```
You can pass `:serializer` key to specify serializer for serializing session:
```ruby
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: :json
```
The default serializer for new application is `:json`. For compatibility with
old applications `:marshal` is used when `serializer` option is not specified.
It is also possible to pass a custom serializer class with `load` and `dump`
public methods defined:
```ruby
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: MyCustomSerializer
```
Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb`
```ruby
@ -588,6 +572,33 @@ end
Note that while for session values you set the key to `nil`, to delete a cookie value you should use `cookies.delete(:key)`.
Rails also provides a signed cookie jar and an encrypted cookie jar for storing
sensitive data. The signed cookie jar appends a cryptographic signature on the
cookie values to protect their integrity. The encrypted cookie jar encrypts the
values in addition to signing them, so that they cannot be read by the end user.
Refer to the [API documentation](http://api.rubyonrails.org/classes/ActionDispatch/Cookies.html)
for more details.
These special cookie jars use a serializer to serialize the assigned values into
strings and deserializes them into Ruby objects on read.
You can specify what serializer to use:
```ruby
YourApp::Application.config.cookies_serializer :json
```
The possible options are `:marshal` or `:json`. The default serializer for new
applications is `:json`. For compatibility with old applications with existing
cookies, `:marshal` is used when `serializer` option is not specified.
It is also possible to pass a custom serializer class or object that responds
to `load` and `dump`:
```ruby
YourApp::Application.config.cookies_serializer MyCustomSerializer
```
Rendering XML and JSON data
---------------------------

2
railties/lib/rails/application.rb
View file

@ -206,7 +206,7 @@ module Rails
"action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
"action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
"action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
"action_dispatch.session_serializer" => config.session_options[:serializer]
"action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer
})
end
end