mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Add encrypted cookie store
This commit is contained in:
parent
38c40dbbc1
commit
fb0cea2b8c
5 changed files with 78 additions and 9 deletions
|
@ -83,6 +83,7 @@ module ActionDispatch
|
|||
module Session
|
||||
autoload :AbstractStore, 'action_dispatch/middleware/session/abstract_store'
|
||||
autoload :CookieStore, 'action_dispatch/middleware/session/cookie_store'
|
||||
autoload :EncryptedCookieStore, 'action_dispatch/middleware/session/cookie_store'
|
||||
autoload :MemCacheStore, 'action_dispatch/middleware/session/mem_cache_store'
|
||||
autoload :CacheStore, 'action_dispatch/middleware/session/cache_store'
|
||||
end
|
||||
|
|
|
@ -57,8 +57,7 @@ module ActionDispatch
|
|||
def unpacked_cookie_data(env)
|
||||
env["action_dispatch.request.unsigned_session_cookie"] ||= begin
|
||||
stale_session_check! do
|
||||
request = ActionDispatch::Request.new(env)
|
||||
if data = request.cookie_jar.signed[@key]
|
||||
if data = cookie_jar(env)[@key]
|
||||
data.stringify_keys!
|
||||
end
|
||||
data || {}
|
||||
|
@ -72,8 +71,26 @@ module ActionDispatch
|
|||
end
|
||||
|
||||
def set_cookie(env, session_id, cookie)
|
||||
cookie_jar(env)[@key] = cookie
|
||||
end
|
||||
|
||||
def get_cookie
|
||||
cookie_jar(env)[@key]
|
||||
end
|
||||
|
||||
def cookie_jar(env)
|
||||
request = ActionDispatch::Request.new(env)
|
||||
request.cookie_jar.signed[@key] = cookie
|
||||
request.cookie_jar.signed
|
||||
end
|
||||
end
|
||||
|
||||
class EncryptedCookieStore < CookieStore
|
||||
|
||||
private
|
||||
|
||||
def cookie_jar(env)
|
||||
request = ActionDispatch::Request.new(env)
|
||||
request.cookie_jar.encrypted
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
<%= app_const %>.config.session_store :cookie_store, key: <%= "'_#{app_name}_session'" %>
|
||||
<%= app_const %>.config.session_store :encrypted_cookie_store, key: <%= "'_#{app_name}_session'" %>
|
||||
|
|
|
@ -128,5 +128,56 @@ module ApplicationTests
|
|||
get '/foo/read_cookie' # Cookie shouldn't be changed
|
||||
assert_equal '"1"', last_response.body
|
||||
end
|
||||
|
||||
test "session using encrypted cookie store" do
|
||||
app_file 'config/routes.rb', <<-RUBY
|
||||
AppTemplate::Application.routes.draw do
|
||||
get ':controller(/:action)'
|
||||
end
|
||||
RUBY
|
||||
|
||||
controller :foo, <<-RUBY
|
||||
class FooController < ActionController::Base
|
||||
def write_session
|
||||
session[:foo] = 1
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
def read_session
|
||||
render text: session[:foo]
|
||||
end
|
||||
|
||||
def read_encrypted_cookie
|
||||
render text: cookies.encrypted[:_myapp_session]['foo']
|
||||
end
|
||||
|
||||
def read_raw_cookie
|
||||
render text: cookies[:_myapp_session]
|
||||
end
|
||||
end
|
||||
RUBY
|
||||
|
||||
add_to_config <<-RUBY
|
||||
config.session_store :encrypted_cookie_store, key: '_myapp_session'
|
||||
config.action_dispatch.derive_signed_cookie_key = true
|
||||
RUBY
|
||||
|
||||
require "#{app_path}/config/environment"
|
||||
|
||||
get '/foo/write_session'
|
||||
get '/foo/write_session'
|
||||
get '/foo/read_session'
|
||||
assert_equal '1', last_response.body
|
||||
|
||||
get '/foo/read_encrypted_cookie'
|
||||
assert_equal '1', last_response.body
|
||||
|
||||
secret = app.key_generator.generate_key('encrypted cookie')
|
||||
sign_secret = app.key_generator.generate_key('signed encrypted cookie')
|
||||
encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret)
|
||||
|
||||
get '/foo/read_raw_cookie'
|
||||
assert_equal 1, encryptor.decrypt_and_verify(last_response.body)['foo']
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -341,7 +341,7 @@ class AppGeneratorTest < Rails::Generators::TestCase
|
|||
def test_new_hash_style
|
||||
run_generator [destination_root]
|
||||
assert_file "config/initializers/session_store.rb" do |file|
|
||||
assert_match(/config.session_store :cookie_store, key: '_.+_session'/, file)
|
||||
assert_match(/config.session_store :encrypted_cookie_store, key: '_.+_session'/, file)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue