From eeba755a11dbdbf90afd4fd815e215bd7e9826e6 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Sun, 17 Jan 2010 21:30:38 -0600 Subject: [PATCH] Accessing nonexistant cookies through the signed jar should not raise an exception --- actionpack/lib/action_dispatch/middleware/cookies.rb | 4 +++- actionpack/test/controller/cookie_test.rb | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb index 5d2734a15e..0dc03a1a7e 100644 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb @@ -176,7 +176,9 @@ module ActionDispatch end def [](name) - @verifier.verify(@parent_jar[name]) + if value = @parent_jar[name] + @verifier.verify(value) + end end def []=(key, options) diff --git a/actionpack/test/controller/cookie_test.rb b/actionpack/test/controller/cookie_test.rb index fd6538b27a..f5ccef8aaf 100644 --- a/actionpack/test/controller/cookie_test.rb +++ b/actionpack/test/controller/cookie_test.rb @@ -141,6 +141,11 @@ class CookieTest < ActionController::TestCase assert_equal 45, @controller.send(:cookies).signed[:user_id] end + def test_accessing_nonexistant_signed_cookie_should_not_raise_an_invalid_signature + get :set_signed_cookie + assert_nil @controller.send(:cookies).signed[:non_existant_attribute] + end + def test_permanent_signed_cookie get :set_permanent_signed_cookie assert_match %r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"]