2009-12-18 20:16:58 -06:00
|
|
|
require 'rack/session/cookie'
|
|
|
|
require 'rack/mock'
|
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
describe Rack::Session::Cookie do
|
|
|
|
incrementor = lambda do |env|
|
2009-12-18 20:16:58 -06:00
|
|
|
env["rack.session"]["counter"] ||= 0
|
|
|
|
env["rack.session"]["counter"] += 1
|
|
|
|
Rack::Response.new(env["rack.session"].inspect).to_a
|
2010-06-13 23:09:24 -05:00
|
|
|
end
|
2009-12-18 20:16:58 -06:00
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
it "creates a new cookie" do
|
2009-12-18 20:16:58 -06:00
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/")
|
2010-06-13 23:09:24 -05:00
|
|
|
res["Set-Cookie"].should.include("rack.session=")
|
2009-12-18 20:16:58 -06:00
|
|
|
res.body.should.equal '{"counter"=>1}'
|
|
|
|
end
|
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
it "loads from a cookie" do
|
2009-12-18 20:16:58 -06:00
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/")
|
|
|
|
cookie = res["Set-Cookie"]
|
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
|
|
|
|
get("/", "HTTP_COOKIE" => cookie)
|
|
|
|
res.body.should.equal '{"counter"=>2}'
|
|
|
|
cookie = res["Set-Cookie"]
|
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
|
|
|
|
get("/", "HTTP_COOKIE" => cookie)
|
|
|
|
res.body.should.equal '{"counter"=>3}'
|
|
|
|
end
|
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
it "survives broken cookies" do
|
2009-12-18 20:16:58 -06:00
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
|
|
|
|
get("/", "HTTP_COOKIE" => "rack.session=blarghfasel")
|
|
|
|
res.body.should.equal '{"counter"=>1}'
|
|
|
|
end
|
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
bigcookie = lambda do |env|
|
2009-12-18 20:16:58 -06:00
|
|
|
env["rack.session"]["cookie"] = "big" * 3000
|
|
|
|
Rack::Response.new(env["rack.session"].inspect).to_a
|
2010-06-13 23:09:24 -05:00
|
|
|
end
|
2009-12-18 20:16:58 -06:00
|
|
|
|
2010-06-13 23:09:24 -05:00
|
|
|
it "barks on too big cookies" do
|
|
|
|
lambda{
|
2009-12-18 20:16:58 -06:00
|
|
|
Rack::MockRequest.new(Rack::Session::Cookie.new(bigcookie)).
|
|
|
|
get("/", :fatal => true)
|
|
|
|
}.should.raise(Rack::MockRequest::FatalWarning)
|
|
|
|
end
|
2010-06-13 23:09:24 -05:00
|
|
|
|
|
|
|
it "loads from a cookie wih integrity hash" do
|
2009-12-18 20:16:58 -06:00
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).get("/")
|
|
|
|
cookie = res["Set-Cookie"]
|
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
|
|
|
|
get("/", "HTTP_COOKIE" => cookie)
|
|
|
|
res.body.should.equal '{"counter"=>2}'
|
|
|
|
cookie = res["Set-Cookie"]
|
|
|
|
res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
|
|
|
|
get("/", "HTTP_COOKIE" => cookie)
|
|
|
|
res.body.should.equal '{"counter"=>3}'
|
|
|
|
end
|
2010-06-13 23:09:24 -05:00
|
|
|
|
|
|
|
it "ignores tampered with session cookies" do
|
2009-12-18 20:16:58 -06:00
|
|
|
app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
|
|
|
|
response1 = Rack::MockRequest.new(app).get("/")
|
|
|
|
_, digest = response1["Set-Cookie"].split("--")
|
|
|
|
tampered_with_cookie = "hackerman-was-here" + "--" + digest
|
|
|
|
response2 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" =>
|
|
|
|
tampered_with_cookie)
|
2010-06-13 23:09:24 -05:00
|
|
|
|
2009-12-18 20:16:58 -06:00
|
|
|
# The tampered-with cookie is ignored, so we get back an identical Set-Cookie
|
|
|
|
response2["Set-Cookie"].should.equal(response1["Set-Cookie"])
|
|
|
|
end
|
|
|
|
end
|