kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Renamed session_serializer option to cookies_serializer

Browse source
This commit is contained in:
Godfrey Chan 2014-02-04 09:31:48 -08:00
parent f0d8996dcc
commit b927d67dec
7 changed files with 64 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_dispatch.rb
View file

@ -84,8 +84,6 @@ module ActionDispatch
autoload :CookieStore, 'action_dispatch/middleware/session/cookie_store' autoload :CookieStore, 'action_dispatch/middleware/session/cookie_store'
autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store' autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
autoload :CacheStore, 'action_dispatch/middleware/session/cache_store' autoload :CacheStore, 'action_dispatch/middleware/session/cache_store'
autoload :JsonSerializer, 'action_dispatch/middleware/session/json_serializer'
autoload :MarshalSerializer, 'action_dispatch/middleware/session/marshal_serializer'
end end
mattr_accessor :test_app mattr_accessor :test_app

45
actionpack/lib/action_dispatch/middleware/cookies.rb
View file

@ -89,7 +89,7 @@ module ActionDispatch
ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze ENCRYPTED_SIGNED_COOKIE_SALT = "action_dispatch.encrypted_signed_cookie_salt".freeze
SECRET_TOKEN = "action_dispatch.secret_token".freeze SECRET_TOKEN = "action_dispatch.secret_token".freeze
SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze SECRET_KEY_BASE = "action_dispatch.secret_key_base".freeze
SESSION_SERIALIZER = "action_dispatch.session_serializer".freeze COOKIES_SERIALIZER = "action_dispatch.cookies_serializer".freeze
# Cookies can typically store 4096 bytes. # Cookies can typically store 4096 bytes.
MAX_COOKIE_SIZE = 4096 MAX_COOKIE_SIZE = 4096
@ -212,7 +212,7 @@ module ActionDispatch
secret_token: env[SECRET_TOKEN], secret_token: env[SECRET_TOKEN],
secret_key_base: env[SECRET_KEY_BASE], secret_key_base: env[SECRET_KEY_BASE],
upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?, upgrade_legacy_signed_cookies: env[SECRET_TOKEN].present? && env[SECRET_KEY_BASE].present?,
session_serializer: env[SESSION_SERIALIZER] serializer: env[COOKIES_SERIALIZER]
} }
end end
@ -374,14 +374,40 @@ module ActionDispatch
end end
end end
class JsonSerializer
def self.load(value)
JSON.parse(value, quirks_mode: true)
end
def self.dump(value)
JSON.generate(value, quirks_mode: true)
end
end
module SerializedCookieJars
protected
def serializer
serializer = @options[:serializer] || :marshal
case serializer
when :marshal
Marshal
when :json
JsonSerializer
else
serializer
end
end
end
class SignedCookieJar #:nodoc: class SignedCookieJar #:nodoc:
include ChainedCookieJars include ChainedCookieJars
include SerializedCookieJars
def initialize(parent_jar, key_generator, options = {}) def initialize(parent_jar, key_generator, options = {})
@parent_jar = parent_jar @parent_jar = parent_jar
@options = options @options = options
secret = key_generator.generate_key(@options[:signed_cookie_salt]) secret = key_generator.generate_key(@options[:signed_cookie_salt])
@verifier = ActiveSupport::MessageVerifier.new(secret) @verifier = ActiveSupport::MessageVerifier.new(secret, serializer: serializer)
end end
def [](name) def [](name)
@ -426,6 +452,7 @@ module ActionDispatch
class EncryptedCookieJar #:nodoc: class EncryptedCookieJar #:nodoc:
include ChainedCookieJars include ChainedCookieJars
include SerializedCookieJars
def initialize(parent_jar, key_generator, options = {}) def initialize(parent_jar, key_generator, options = {})
if ActiveSupport::LegacyKeyGenerator === key_generator if ActiveSupport::LegacyKeyGenerator === key_generator
@ -464,18 +491,6 @@ module ActionDispatch
rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage rescue ActiveSupport::MessageVerifier::InvalidSignature, ActiveSupport::MessageEncryptor::InvalidMessage
nil nil
end end
def serializer
serializer = @options[:session_serializer] || :marshal
case serializer
when :marshal
ActionDispatch::Session::MarshalSerializer
when :json
ActionDispatch::Session::JsonSerializer
else
serializer
end
end
end end
# UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore # UpgradeLegacyEncryptedCookieJar is used by ActionDispatch::Session::CookieStore

13
actionpack/lib/action_dispatch/middleware/session/json_serializer.rb
View file

@ -1,13 +0,0 @@
module ActionDispatch
module Session
class JsonSerializer
def self.load(value)
JSON.parse(value, quirks_mode: true)
end
def self.dump(value)
JSON.generate(value, quirks_mode: true)
end
end
end
end

14
actionpack/lib/action_dispatch/middleware/session/marshal_serializer.rb
View file

@ -1,14 +0,0 @@
module ActionDispatch
module Session
class MarshalSerializer
def self.load(value)
Marshal.load(value)
end
def self.dump(value)
Marshal.dump(value)
end
end
end
end

12
actionpack/test/dispatch/cookies_test.rb
View file

@ -379,28 +379,28 @@ class CookiesTest < ActionController::TestCase
assert_equal 'bar', cookies.encrypted[:foo] assert_equal 'bar', cookies.encrypted[:foo]
end end
class CustomJsonSerializer class CustomSerializer
def self.load(value) def self.load(value)
JSON.load(value) + " and loaded" value.to_s + " and loaded"
end end
def self.dump(value) def self.dump(value)
JSON.dump(value + " was dumped") value.to_s + " was dumped"
end end
end end
def test_encrypted_cookie_using_serializer_object def test_encrypted_cookie_using_serializer_object
@request.env["action_dispatch.session_serializer"] = CustomJsonSerializer @request.env["action_dispatch.cookies_serializer"] = CustomSerializer
get :set_encrypted_cookie get :set_encrypted_cookie
assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo] assert_equal 'bar was dumped and loaded', cookies.encrypted[:foo]
end end
def test_encrypted_cookie_using_json_serializer def test_encrypted_cookie_using_json_serializer
@request.env["action_dispatch.session_serializer"] = :json @request.env["action_dispatch.cookies_serializer"] = :json
get :set_encrypted_cookie get :set_encrypted_cookie
cookies = @controller.send :cookies cookies = @controller.send :cookies
assert_not_equal 'bar', cookies[:foo] assert_not_equal 'bar', cookies[:foo]
assert_raises TypeError do assert_raises ::JSON::ParserError do
cookies.signed[:foo] cookies.signed[:foo]
end end
assert_equal 'bar', cookies.encrypted[:foo] assert_equal 'bar', cookies.encrypted[:foo]

43
guides/source/action_controller_overview.md
View file

@ -381,22 +381,6 @@ You can also pass a `:domain` key and specify the domain name for the cookie:
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com" YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', domain: ".example.com"
``` ```
You can pass `:serializer` key to specify serializer for serializing session:
```ruby
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: :json
```
The default serializer for new application is `:json`. For compatibility with
old applications `:marshal` is used when `serializer` option is not specified.
It is also possible to pass a custom serializer class with `load` and `dump`
public methods defined:
```ruby
YourApp::Application.config.session_store :cookie_store, key: '_your_app_session', serializer: MyCustomSerializer
```
Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb` Rails sets up (for the CookieStore) a secret key used for signing the session data. This can be changed in `config/initializers/secret_token.rb`
```ruby ```ruby
@ -588,6 +572,33 @@ end
Note that while for session values you set the key to `nil`, to delete a cookie value you should use `cookies.delete(:key)`. Note that while for session values you set the key to `nil`, to delete a cookie value you should use `cookies.delete(:key)`.
Rails also provides a signed cookie jar and an encrypted cookie jar for storing
sensitive data. The signed cookie jar appends a cryptographic signature on the
cookie values to protect their integrity. The encrypted cookie jar encrypts the
values in addition to signing them, so that they cannot be read by the end user.
Refer to the [API documentation](http://api.rubyonrails.org/classes/ActionDispatch/Cookies.html)
for more details.
These special cookie jars use a serializer to serialize the assigned values into
strings and deserializes them into Ruby objects on read.
You can specify what serializer to use:
```ruby
YourApp::Application.config.cookies_serializer :json
```
The possible options are `:marshal` or `:json`. The default serializer for new
applications is `:json`. For compatibility with old applications with existing
cookies, `:marshal` is used when `serializer` option is not specified.
It is also possible to pass a custom serializer class or object that responds
to `load` and `dump`:
```ruby
YourApp::Application.config.cookies_serializer MyCustomSerializer
```
Rendering XML and JSON data Rendering XML and JSON data
--------------------------- ---------------------------

2
railties/lib/rails/application.rb
View file

@ -206,7 +206,7 @@ module Rails
"action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt, "action_dispatch.signed_cookie_salt" => config.action_dispatch.signed_cookie_salt,
"action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt, "action_dispatch.encrypted_cookie_salt" => config.action_dispatch.encrypted_cookie_salt,
"action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt, "action_dispatch.encrypted_signed_cookie_salt" => config.action_dispatch.encrypted_signed_cookie_salt,
"action_dispatch.session_serializer" => config.session_options[:serializer] "action_dispatch.cookies_serializer" => config.action_dispatch.cookies_serializer
}) })
end end
end end