Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-02-16 12:18:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Vendoring Rails 2.3.5

Browse source
This commit is contained in:
Eric Allen 2009-12-07 12:42:42 -05:00
parent 3e83d19299
commit f8779795ce
943 changed files with 56503 additions and 61351 deletions
Download patch file Download diff file Expand all files Collapse all files

426
vendor/rails/actionpack/test/controller/session/cookie_store_test.rb vendored
View file

@ -1,310 +1,216 @@
require 'abstract_unit'
require 'action_controller/cgi_process'
require 'action_controller/cgi_ext'
require 'stringio'
class CookieStoreTest < ActionController::IntegrationTest
SessionKey = '_myapp_session'
SessionSecret = 'b3c631c314c0bbca50c1b2843150fe33'
class CGI::Session::CookieStore
def ensure_secret_secure_with_test_hax(secret)
if secret == CookieStoreTest.default_session_options['secret']
return true
else
ensure_secret_secure_without_test_hax(secret)
DispatcherApp = ActionController::Dispatcher.new
CookieStoreApp = ActionController::Session::CookieStore.new(DispatcherApp, :key => SessionKey, :secret => SessionSecret)
Verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1')
SignedBar = "BAh7BjoIZm9vIghiYXI%3D--fef868465920f415f2c0652d6910d3af288a0367"
class TestController < ActionController::Base
def no_session_access
head :ok
end
end
alias_method_chain :ensure_secret_secure, :test_hax
end
# Expose for tests.
class CGI
attr_reader :output_cookies, :output_hidden
class Session
attr_reader :dbman
class CookieStore
attr_reader :data, :original, :cookie_options
def persistent_session_id
render :text => session[:session_id]
end
end
end
class CookieStoreTest < Test::Unit::TestCase
def self.default_session_options
{ 'database_manager' => CGI::Session::CookieStore,
'session_key' => '_myapp_session',
'secret' => 'Keep it secret; keep it safe.',
'no_cookies' => true,
'no_hidden' => true,
'session_http_only' => true
}
end
def set_session_value
session[:foo] = "bar"
render :text => Rack::Utils.escape(Verifier.generate(session.to_hash))
end
def self.cookies
{ :empty => ['BAgw--0686dcaccc01040f4bd4f35fe160afe9bc04c330', {}],
:a_one => ['BAh7BiIGYWkG--5689059497d7f122a7119f171aef81dcfd807fec', { 'a' => 1 }],
:typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--9d20154623b9eeea05c62ab819be0e2483238759', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
:flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--bf9785a666d3c4ac09f7fe3353496b437546cfbf', { 'user_id' => 123, 'flash' => {} }],
:double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--bf9785a666d3c4ac09f7fe3353496b437546cfbf'), { 'user_id' => 123, 'flash' => {} }] }
def get_session_value
render :text => "foo: #{session[:foo].inspect}"
end
def get_session_id
render :text => "foo: #{session[:foo].inspect}; id: #{request.session_options[:id]}"
end
def call_reset_session
reset_session
head :ok
end
def raise_data_overflow
session[:foo] = 'bye!' * 1024
head :ok
end
def rescue_action(e) raise end
end
def setup
ENV.delete('HTTP_COOKIE')
@integration_session = open_session(CookieStoreApp)
end
def test_raises_argument_error_if_missing_session_key
[nil, ''].each do |blank|
assert_raise(ArgumentError, blank.inspect) { new_session 'session_key' => blank }
end
assert_raise(ArgumentError, nil.inspect) {
ActionController::Session::CookieStore.new(nil,
:key => nil, :secret => SessionSecret)
}
assert_raise(ArgumentError, ''.inspect) {
ActionController::Session::CookieStore.new(nil,
:key => '', :secret => SessionSecret)
}
end
def test_raises_argument_error_if_missing_secret
[nil, ''].each do |blank|
assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank }
end
assert_raise(ArgumentError, nil.inspect) {
ActionController::Session::CookieStore.new(nil,
:key => SessionKey, :secret => nil)
}
assert_raise(ArgumentError, ''.inspect) {
ActionController::Session::CookieStore.new(nil,
:key => SessionKey, :secret => '')
}
end
def test_raises_argument_error_if_secret_is_probably_insecure
["password", "secret", "12345678901234567890123456789"].each do |blank|
assert_raise(ArgumentError, blank.inspect) { new_session 'secret' => blank }
assert_raise(ArgumentError, "password".inspect) {
ActionController::Session::CookieStore.new(nil,
:key => SessionKey, :secret => "password")
}
assert_raise(ArgumentError, "secret".inspect) {
ActionController::Session::CookieStore.new(nil,
:key => SessionKey, :secret => "secret")
}
assert_raise(ArgumentError, "12345678901234567890123456789".inspect) {
ActionController::Session::CookieStore.new(nil,
:key => SessionKey, :secret => "12345678901234567890123456789")
}
end
def test_setting_session_value
with_test_route_set do
get '/set_session_value'
assert_response :success
assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
headers['Set-Cookie']
end
end
def test_getting_session_value
with_test_route_set do
cookies[SessionKey] = SignedBar
get '/get_session_value'
assert_response :success
assert_equal 'foo: "bar"', response.body
end
end
def test_getting_session_id
with_test_route_set do
cookies[SessionKey] = SignedBar
get '/persistent_session_id'
assert_response :success
assert_equal response.body.size, 32
session_id = response.body
get '/get_session_id'
assert_response :success
assert_equal "foo: \"bar\"; id: #{session_id}", response.body
end
end
def test_reconfigures_session_to_omit_id_cookie_and_hidden_field
new_session do |session|
assert_equal true, @options['no_hidden']
assert_equal true, @options['no_cookies']
end
end
def test_restore_unmarshals_missing_cookie_as_empty_hash
new_session do |session|
assert_nil session.dbman.data
assert_nil session['test']
assert_equal Hash.new, session.dbman.data
end
end
def test_restore_unmarshals_good_cookies
cookies(:empty, :a_one, :typical).each do |value, expected|
set_cookie! value
new_session do |session|
assert_nil session['lazy loads the data hash']
assert_equal expected, session.dbman.data
end
end
end
def test_restore_deletes_tampered_cookies
set_cookie! 'a--b'
new_session do |session|
assert_raise(CGI::Session::CookieStore::TamperedWithCookie) { session['fail'] }
assert_cookie_deleted session
end
end
def test_restores_double_encoded_cookies
set_cookie! cookie_value(:double_escaped)
new_session do |session|
session.dbman.restore
assert_equal session["user_id"], 123
assert_equal session["flash"], {}
end
end
def test_close_doesnt_write_cookie_if_data_is_blank
new_session do |session|
assert_no_cookies session
session.close
assert_no_cookies session
end
end
def test_close_doesnt_write_cookie_if_data_is_unchanged
set_cookie! cookie_value(:typical)
new_session do |session|
assert_no_cookies session
session['user_id'] = session['user_id']
session.close
assert_no_cookies session
def test_disregards_tampered_sessions
with_test_route_set do
cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
end
end
def test_close_raises_when_data_overflows
set_cookie! cookie_value(:empty)
new_session do |session|
session['overflow'] = 'bye!' * 1024
assert_raise(CGI::Session::CookieStore::CookieOverflow) { session.close }
assert_no_cookies session
with_test_route_set do
assert_raise(ActionController::Session::CookieStore::CookieOverflow) {
get '/raise_data_overflow'
}
end
end
def test_close_marshals_and_writes_cookie
set_cookie! cookie_value(:typical)
new_session do |session|
assert_no_cookies session
session['flash'] = {}
assert_no_cookies session
session.close
assert_equal 1, session.cgi.output_cookies.size
cookie = session.cgi.output_cookies.first
assert_cookie cookie, cookie_value(:flashed)
assert_http_only_cookie cookie
assert_secure_cookie cookie, false
def test_doesnt_write_session_cookie_if_session_is_not_accessed
with_test_route_set do
get '/no_session_access'
assert_response :success
assert_equal "", headers['Set-Cookie']
end
end
def test_writes_non_secure_cookie_by_default
set_cookie! cookie_value(:typical)
new_session do |session|
session['flash'] = {}
session.close
cookie = session.cgi.output_cookies.first
assert_secure_cookie cookie,false
def test_doesnt_write_session_cookie_if_session_is_unchanged
with_test_route_set do
cookies[SessionKey] = "BAh7BjoIZm9vIghiYXI%3D--" +
"fef868465920f415f2c0652d6910d3af288a0367"
get '/no_session_access'
assert_response :success
assert_equal "", headers['Set-Cookie']
end
end
def test_writes_secure_cookie
set_cookie! cookie_value(:typical)
new_session('session_secure'=>true) do |session|
session['flash'] = {}
session.close
cookie = session.cgi.output_cookies.first
assert_secure_cookie cookie
def test_setting_session_value_after_session_reset
with_test_route_set do
get '/set_session_value'
assert_response :success
session_payload = response.body
assert_equal "_myapp_session=#{response.body}; path=/; HttpOnly",
headers['Set-Cookie']
get '/call_reset_session'
assert_response :success
assert_not_equal [], headers['Set-Cookie']
assert_not_equal session_payload, cookies[SessionKey]
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
end
end
def test_http_only_cookie_by_default
set_cookie! cookie_value(:typical)
new_session do |session|
session['flash'] = {}
session.close
cookie = session.cgi.output_cookies.first
assert_http_only_cookie cookie
end
end
def test_overides_http_only_cookie
set_cookie! cookie_value(:typical)
new_session('session_http_only'=>false) do |session|
session['flash'] = {}
session.close
cookie = session.cgi.output_cookies.first
assert_http_only_cookie cookie, false
end
end
def test_delete_writes_expired_empty_cookie_and_sets_data_to_nil
set_cookie! cookie_value(:typical)
new_session do |session|
assert_no_cookies session
session.delete
assert_cookie_deleted session
# @data is set to nil so #close doesn't send another cookie.
session.close
assert_cookie_deleted session
end
end
def test_new_session_doesnt_reuse_deleted_cookie_data
set_cookie! cookie_value(:typical)
new_session do |session|
assert_not_nil session['user_id']
session.delete
# Start a new session using the same CGI instance.
post_delete_session = CGI::Session.new(session.cgi, self.class.default_session_options)
assert_nil post_delete_session['user_id']
def test_persistent_session_id
with_test_route_set do
cookies[SessionKey] = SignedBar
get '/persistent_session_id'
assert_response :success
assert_equal response.body.size, 32
session_id = response.body
get '/persistent_session_id'
assert_equal session_id, response.body
reset!
get '/persistent_session_id'
assert_not_equal session_id, response.body
end
end
private
def assert_no_cookies(session)
assert_nil session.cgi.output_cookies, session.cgi.output_cookies.inspect
end
def assert_cookie_deleted(session, message = 'Expected session deletion cookie to be set')
assert_equal 1, session.cgi.output_cookies.size
cookie = session.cgi.output_cookies.first
assert_cookie cookie, nil, 1.year.ago.to_date, "#{message}: #{cookie.name} => #{cookie.value}"
end
def assert_cookie(cookie, value = nil, expires = nil, message = nil)
assert_equal '_myapp_session', cookie.name, message
assert_equal [value].compact, cookie.value, message
assert_equal expires, cookie.expires ? cookie.expires.to_date : cookie.expires, message
end
def assert_secure_cookie(cookie,value=true)
assert cookie.secure==value
end
def assert_http_only_cookie(cookie,value=true)
assert cookie.http_only==value
end
def cookies(*which)
self.class.cookies.values_at(*which)
end
def cookie_value(which)
self.class.cookies[which].first
end
def set_cookie!(value)
ENV['HTTP_COOKIE'] = "_myapp_session=#{value}"
end
def new_session(options = {})
with_cgi do |cgi|
assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}"
assert_nil cgi.output_cookies, "Output cookies should be empty: #{cgi.output_cookies.inspect}"
@options = self.class.default_session_options.merge(options)
session = CGI::Session.new(cgi, @options)
ObjectSpace.undefine_finalizer(session)
assert_nil cgi.output_hidden, "Output hidden params should be empty: #{cgi.output_hidden.inspect}"
assert_nil cgi.output_cookies, "Output cookies should be empty: #{cgi.output_cookies.inspect}"
yield session if block_given?
session
def with_test_route_set
with_routing do |set|
set.draw do |map|
map.with_options :controller => "cookie_store_test/test" do |c|
c.connect "/:action"
end
end
yield
end
end
def with_cgi
ENV['REQUEST_METHOD'] = 'GET'
ENV['HTTP_HOST'] = 'example.com'
ENV['QUERY_STRING'] = ''
cgi = CGI.new('query', StringIO.new(''))
yield cgi if block_given?
cgi
def unmarshal_session(cookie_string)
session = Rack::Utils.parse_query(cookie_string, ';,').inject({}) {|h,(k,v)|
h[k] = Array === v ? v.first : v
h
}[SessionKey]
verifier = ActiveSupport::MessageVerifier.new(SessionSecret, 'SHA1')
verifier.verify(session)
end
end
class CookieStoreWithBlockAsSecretTest < CookieStoreTest
def self.default_session_options
CookieStoreTest.default_session_options.merge 'secret' => Proc.new { 'Keep it secret; keep it safe.' }
end
end
class CookieStoreWithMD5DigestTest < CookieStoreTest
def self.default_session_options
CookieStoreTest.default_session_options.merge 'digest' => 'MD5'
end
def self.cookies
{ :empty => ['BAgw--0415cc0be9579b14afc22ee2d341aa21', {}],
:a_one => ['BAh7BiIGYWkG--5a0ed962089cc6600ff44168a5d59bc8', { 'a' => 1 }],
:typical => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7BiILbm90aWNlIgxIZXkgbm93--f426763f6ef435b3738b493600db8d64', { 'user_id' => 123, 'flash' => { 'notice' => 'Hey now' }}],
:flashed => ['BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA==--0af9156650dab044a53a91a4ddec2c51', { 'user_id' => 123, 'flash' => {} }],
:double_escaped => [CGI.escape('BAh7ByIMdXNlcl9pZGkBeyIKZmxhc2h7AA%3D%3D--0af9156650dab044a53a91a4ddec2c51'), { 'user_id' => 123, 'flash' => {} }] }
end
end

282
vendor/rails/actionpack/test/controller/session/mem_cache_store_test.rb vendored
View file

@ -1,181 +1,127 @@
require 'abstract_unit'
require 'action_controller/cgi_process'
require 'action_controller/cgi_ext'
class CGI::Session
def cache
dbman.instance_variable_get(:@cache)
end
end
uses_mocha 'MemCacheStore tests' do
if defined? MemCache::MemCacheError
class MemCacheStoreTest < Test::Unit::TestCase
SESSION_KEY_RE = /^session:[0-9a-z]+/
CONN_TEST_KEY = 'connection_test'
MULTI_TEST_KEY = '0123456789'
TEST_DATA = 'Hello test'
def self.get_mem_cache_if_available
begin
require 'memcache'
cache = MemCache.new('127.0.0.1')
# Test availability of the connection
cache.set(CONN_TEST_KEY, 1)
unless cache.get(CONN_TEST_KEY) == 1
puts 'Warning: memcache server available but corrupted.'
return nil
end
rescue LoadError, MemCache::MemCacheError
return nil
# You need to start a memcached server inorder to run these tests
class MemCacheStoreTest < ActionController::IntegrationTest
class TestController < ActionController::Base
def no_session_access
head :ok
end
return cache
def set_session_value
session[:foo] = "bar"
head :ok
end
def get_session_value
render :text => "foo: #{session[:foo].inspect}"
end
def get_session_id
session[:foo]
render :text => "#{request.session_options[:id]}"
end
def call_reset_session
session[:bar]
reset_session
session[:bar] = "baz"
head :ok
end
def rescue_action(e) raise end
end
CACHE = get_mem_cache_if_available
begin
DispatcherApp = ActionController::Dispatcher.new
MemCacheStoreApp = ActionController::Session::MemCacheStore.new(
DispatcherApp, :key => '_session_id')
def test_initialization
assert_raise(ArgumentError) { new_session('session_id' => '!invalid_id') }
new_session do |s|
assert_equal Hash.new, s.cache.get('session:' + s.session_id)
def setup
@integration_session = open_session(MemCacheStoreApp)
end
def test_setting_and_getting_session_value
with_test_route_set do
get '/set_session_value'
assert_response :success
assert cookies['_session_id']
get '/get_session_value'
assert_response :success
assert_equal 'foo: "bar"', response.body
end
end
def test_getting_nil_session_value
with_test_route_set do
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
end
end
def test_setting_session_value_after_session_reset
with_test_route_set do
get '/set_session_value'
assert_response :success
assert cookies['_session_id']
session_id = cookies['_session_id']
get '/call_reset_session'
assert_response :success
assert_not_equal [], headers['Set-Cookie']
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
get '/get_session_id'
assert_response :success
assert_not_equal session_id, response.body
end
end
def test_getting_session_id
with_test_route_set do
get '/set_session_value'
assert_response :success
assert cookies['_session_id']
session_id = cookies['_session_id']
get '/get_session_id'
assert_response :success
assert_equal session_id, response.body
end
end
def test_prevents_session_fixation
with_test_route_set do
get '/get_session_value'
assert_response :success
assert_equal 'foo: nil', response.body
session_id = cookies['_session_id']
reset!
get '/set_session_value', :_session_id => session_id
assert_response :success
assert_equal nil, cookies['_session_id']
end
end
rescue LoadError, RuntimeError
$stderr.puts "Skipping MemCacheStoreTest tests. Start memcached and try again."
end
def test_storage
d = rand(0xffff)
new_session do |s|
session_key = 'session:' + s.session_id
unless CACHE
s.cache.expects(:get).with(session_key) \
.returns(:test => d)
s.cache.expects(:set).with(session_key,
has_entry(:test, d),
0)
end
s[:test] = d
s.close
assert_equal d, s.cache.get(session_key)[:test]
assert_equal d, s[:test]
end
end
def test_deletion
new_session do |s|
session_key = 'session:' + s.session_id
unless CACHE
s.cache.expects(:delete)
s.cache.expects(:get).with(session_key) \
.returns(nil)
end
s[:test] = rand(0xffff)
s.delete
assert_nil s.cache.get(session_key)
end
end
def test_other_session_retrieval
new_session do |sa|
unless CACHE
sa.cache.expects(:set).with('session:' + sa.session_id,
has_entry(:test, TEST_DATA),
0)
end
sa[:test] = TEST_DATA
sa.close
new_session('session_id' => sa.session_id) do |sb|
unless CACHE
sb.cache.expects(:[]).with('session:' + sb.session_id) \
.returns(:test => TEST_DATA)
end
assert_equal(TEST_DATA, sb[:test])
end
end
end
def test_multiple_sessions
s_slots = Array.new(10)
operation = :write
last_data = nil
reads = writes = 0
50.times do
current = rand(10)
s_slots[current] ||= new_session('session_id' => MULTI_TEST_KEY,
'new_session' => true)
s = s_slots[current]
case operation
when :write
last_data = rand(0xffff)
unless CACHE
s.cache.expects(:set).with('session:' + MULTI_TEST_KEY,
{ :test => last_data },
0)
end
s[:test] = last_data
s.close
writes += 1
when :read
# Make CGI::Session#[] think there was no data retrieval yet.
# Normally, the session caches the data during its lifetime.
s.instance_variable_set(:@data, nil)
unless CACHE
s.cache.expects(:[]).with('session:' + MULTI_TEST_KEY) \
.returns(:test => last_data)
end
d = s[:test]
assert_equal(last_data, d, "OK reads: #{reads}, OK writes: #{writes}")
reads += 1
end
operation = rand(5) == 0 ? :write : :read
end
end
private
def obtain_session_options
options = { 'database_manager' => CGI::Session::MemCacheStore,
'session_key' => '_test_app_session'
}
# if don't have running memcache server we use mock instead
unless CACHE
options['cache'] = c = mock
c.stubs(:[]).with(regexp_matches(SESSION_KEY_RE))
c.stubs(:get).with(regexp_matches(SESSION_KEY_RE)) \
.returns(Hash.new)
c.stubs(:add).with(regexp_matches(SESSION_KEY_RE),
instance_of(Hash),
0)
def with_test_route_set
with_routing do |set|
set.draw do |map|
map.with_options :controller => "mem_cache_store_test/test" do |c|
c.connect "/:action"
end
end
yield
end
end
options
end
def new_session(options = {})
with_cgi do |cgi|
@options = obtain_session_options.merge(options)
session = CGI::Session.new(cgi, @options)
yield session if block_given?
return session
end
end
def with_cgi
ENV['REQUEST_METHOD'] = 'GET'
ENV['HTTP_HOST'] = 'example.com'
ENV['QUERY_STRING'] = ''
cgi = CGI.new('query', StringIO.new(''))
yield cgi if block_given?
cgi
end
end
end # defined? MemCache
end # uses_mocha

58
vendor/rails/actionpack/test/controller/session/test_session_test.rb vendored Normal file
View file

@ -0,0 +1,58 @@
require 'abstract_unit'
require 'stringio'
class ActionController::TestSessionTest < ActiveSupport::TestCase
def test_calling_delete_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
assert_deprecated(/use clear instead/){ ActionController::TestSession.new.delete }
end
def test_calling_update_without_parameters_raises_deprecation_warning_and_calls_to_clear_test_session
assert_deprecated(/use replace instead/){ ActionController::TestSession.new.update }
end
def test_calling_close_raises_deprecation_warning
assert_deprecated(/sessions should no longer be closed/){ ActionController::TestSession.new.close }
end
def test_defaults
session = ActionController::TestSession.new
assert_equal({}, session.data)
assert_equal('', session.session_id)
end
def test_ctor_allows_setting
session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
assert_equal('one', session[:one])
assert_equal('two', session[:two])
end
def test_setting_session_item_sets_item
session = ActionController::TestSession.new
session[:key] = 'value'
assert_equal('value', session[:key])
end
def test_calling_delete_removes_item_and_returns_its_value
session = ActionController::TestSession.new
session[:key] = 'value'
assert_equal('value', session[:key])
assert_equal('value', session.delete(:key))
assert_nil(session[:key])
end
def test_calling_update_with_params_passes_to_attributes
session = ActionController::TestSession.new()
session.update('key' => 'value')
assert_equal('value', session[:key])
end
def test_clear_emptys_session
params = {:one => 'one', :two => 'two'}
session = ActionController::TestSession.new({:one => 'one', :two => 'two'})
session.clear
assert_nil(session[:one])
assert_nil(session[:two])
end
end