Update to Rails 2.3.8

vendor/rails/actionpack/lib/action_controller/cookies.rb

@@ -46,6 +46,7 @@ module ActionController #:nodoc:
   module Cookies
     def self.included(base)
       base.helper_method :cookies
+      base.cattr_accessor :cookie_verifier_secret
     end
 
     protected
@@ -56,6 +57,8 @@ module ActionController #:nodoc:
   end
 
   class CookieJar < Hash #:nodoc:
+    attr_reader :controller
+    
     def initialize(controller)
       @controller, @cookies = controller, controller.request.cookies
       super()
@@ -91,5 +94,98 @@ module ActionController #:nodoc:
       @controller.response.delete_cookie(key, options)
       value
     end
+
+    # Returns a jar that'll automatically set the assigned cookies to have an expiration date 20 years from now. Example:
+    #
+    #   cookies.permanent[:prefers_open_id] = true
+    #   # => Set-Cookie: prefers_open_id=true; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+    #
+    # This jar is only meant for writing. You'll read permanent cookies through the regular accessor.
+    #
+    # This jar allows chaining with the signed jar as well, so you can set permanent, signed cookies. Examples:
+    #
+    #   cookies.permanent.signed[:remember_me] = current_user.id
+    #   # => Set-Cookie: discount=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
+    def permanent
+      @permanent ||= PermanentCookieJar.new(self)
+    end
+    
+    # Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
+    # the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
+    # cookie was tampered with by the user (or a 3rd party), an ActiveSupport::MessageVerifier::InvalidSignature exception will
+    # be raised.
+    #
+    # This jar requires that you set a suitable secret for the verification on ActionController::Base.cookie_verifier_secret.
+    #
+    # Example:
+    #
+    #   cookies.signed[:discount] = 45
+    #   # => Set-Cookie: discount=BAhpMg==--2c1c6906c90a3bc4fd54a51ffb41dffa4bf6b5f7; path=/
+    #
+    #   cookies.signed[:discount] # => 45
+    def signed
+      @signed ||= SignedCookieJar.new(self)
+    end
+  end
+  
+  class PermanentCookieJar < CookieJar #:nodoc:
+    def initialize(parent_jar)
+      @parent_jar = parent_jar
+    end
+
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+      else
+        options = { :value => options }
+      end
+      
+      options[:expires] = 20.years.from_now
+      @parent_jar[key] = options
+    end
+
+    def signed
+      @signed ||= SignedCookieJar.new(self)
+    end
+
+    def controller
+      @parent_jar.controller
+    end
+
+    def method_missing(method, *arguments, &block)
+      @parent_jar.send(method, *arguments, &block)
+    end
+  end
+  
+  class SignedCookieJar < CookieJar #:nodoc:
+    def initialize(parent_jar)
+      unless parent_jar.controller.class.cookie_verifier_secret
+        raise "You must set ActionController::Base.cookie_verifier_secret to use signed cookies"
+      end
+
+      @parent_jar = parent_jar
+      @verifier = ActiveSupport::MessageVerifier.new(@parent_jar.controller.class.cookie_verifier_secret)
+    end
+    
+    def [](name)
+      if value = @parent_jar[name]
+        @verifier.verify(value)
+      end
+    end
+    
+    def []=(key, options)
+      if options.is_a?(Hash)
+        options.symbolize_keys!
+        options[:value] = @verifier.generate(options[:value])
+      else
+        options = { :value => @verifier.generate(options) }
+      end
+      
+      @parent_jar[key] = options
+    end
+    
+    def method_missing(method, *arguments, &block)
+      @parent_jar.send(method, *arguments, &block)
+    end
   end
 end