eactionpack 2.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +7 -0
- data/MIT-LICENSE +21 -0
- data/README +469 -0
- data/RUNNING_UNIT_TESTS +24 -0
- data/Rakefile +146 -0
- data/install.rb +30 -0
- data/lib/action_controller.rb +79 -0
- data/lib/action_controller/assertions.rb +69 -0
- data/lib/action_controller/assertions/dom_assertions.rb +39 -0
- data/lib/action_controller/assertions/model_assertions.rb +20 -0
- data/lib/action_controller/assertions/response_assertions.rb +172 -0
- data/lib/action_controller/assertions/routing_assertions.rb +146 -0
- data/lib/action_controller/assertions/selector_assertions.rb +491 -0
- data/lib/action_controller/assertions/tag_assertions.rb +130 -0
- data/lib/action_controller/base.rb +1288 -0
- data/lib/action_controller/benchmarking.rb +94 -0
- data/lib/action_controller/caching.rb +72 -0
- data/lib/action_controller/caching/actions.rb +144 -0
- data/lib/action_controller/caching/fragments.rb +138 -0
- data/lib/action_controller/caching/pages.rb +154 -0
- data/lib/action_controller/caching/sql_cache.rb +18 -0
- data/lib/action_controller/caching/sweeping.rb +97 -0
- data/lib/action_controller/cgi_ext.rb +16 -0
- data/lib/action_controller/cgi_ext/cookie.rb +110 -0
- data/lib/action_controller/cgi_ext/query_extension.rb +22 -0
- data/lib/action_controller/cgi_ext/session.rb +73 -0
- data/lib/action_controller/cgi_ext/stdinput.rb +24 -0
- data/lib/action_controller/cgi_process.rb +223 -0
- data/lib/action_controller/components.rb +166 -0
- data/lib/action_controller/cookies.rb +96 -0
- data/lib/action_controller/dispatcher.rb +162 -0
- data/lib/action_controller/filters.rb +642 -0
- data/lib/action_controller/flash.rb +172 -0
- data/lib/action_controller/headers.rb +31 -0
- data/lib/action_controller/helpers.rb +221 -0
- data/lib/action_controller/http_authentication.rb +124 -0
- data/lib/action_controller/integration.rb +634 -0
- data/lib/action_controller/layout.rb +309 -0
- data/lib/action_controller/mime_responds.rb +173 -0
- data/lib/action_controller/mime_type.rb +186 -0
- data/lib/action_controller/mime_types.rb +20 -0
- data/lib/action_controller/polymorphic_routes.rb +191 -0
- data/lib/action_controller/record_identifier.rb +102 -0
- data/lib/action_controller/request.rb +764 -0
- data/lib/action_controller/request_forgery_protection.rb +140 -0
- data/lib/action_controller/request_profiler.rb +169 -0
- data/lib/action_controller/rescue.rb +258 -0
- data/lib/action_controller/resources.rb +572 -0
- data/lib/action_controller/response.rb +76 -0
- data/lib/action_controller/routing.rb +387 -0
- data/lib/action_controller/routing/builder.rb +203 -0
- data/lib/action_controller/routing/optimisations.rb +120 -0
- data/lib/action_controller/routing/recognition_optimisation.rb +162 -0
- data/lib/action_controller/routing/route.rb +240 -0
- data/lib/action_controller/routing/route_set.rb +436 -0
- data/lib/action_controller/routing/routing_ext.rb +46 -0
- data/lib/action_controller/routing/segments.rb +283 -0
- data/lib/action_controller/session/active_record_store.rb +340 -0
- data/lib/action_controller/session/cookie_store.rb +166 -0
- data/lib/action_controller/session/drb_server.rb +32 -0
- data/lib/action_controller/session/drb_store.rb +35 -0
- data/lib/action_controller/session/mem_cache_store.rb +98 -0
- data/lib/action_controller/session_management.rb +158 -0
- data/lib/action_controller/status_codes.rb +88 -0
- data/lib/action_controller/streaming.rb +155 -0
- data/lib/action_controller/templates/rescues/_request_and_response.erb +24 -0
- data/lib/action_controller/templates/rescues/_trace.erb +26 -0
- data/lib/action_controller/templates/rescues/diagnostics.erb +11 -0
- data/lib/action_controller/templates/rescues/layout.erb +29 -0
- data/lib/action_controller/templates/rescues/missing_template.erb +2 -0
- data/lib/action_controller/templates/rescues/routing_error.erb +10 -0
- data/lib/action_controller/templates/rescues/template_error.erb +21 -0
- data/lib/action_controller/templates/rescues/unknown_action.erb +2 -0
- data/lib/action_controller/test_case.rb +83 -0
- data/lib/action_controller/test_process.rb +526 -0
- data/lib/action_controller/url_rewriter.rb +142 -0
- data/lib/action_controller/vendor/html-scanner/html/document.rb +68 -0
- data/lib/action_controller/vendor/html-scanner/html/node.rb +537 -0
- data/lib/action_controller/vendor/html-scanner/html/sanitizer.rb +173 -0
- data/lib/action_controller/vendor/html-scanner/html/selector.rb +828 -0
- data/lib/action_controller/vendor/html-scanner/html/tokenizer.rb +105 -0
- data/lib/action_controller/vendor/html-scanner/html/version.rb +11 -0
- data/lib/action_controller/verification.rb +130 -0
- data/lib/action_pack.rb +24 -0
- data/lib/action_pack/version.rb +9 -0
- data/lib/action_view.rb +44 -0
- data/lib/action_view/base.rb +335 -0
- data/lib/action_view/helpers/active_record_helper.rb +276 -0
- data/lib/action_view/helpers/asset_tag_helper.rb +599 -0
- data/lib/action_view/helpers/atom_feed_helper.rb +143 -0
- data/lib/action_view/helpers/benchmark_helper.rb +33 -0
- data/lib/action_view/helpers/cache_helper.rb +40 -0
- data/lib/action_view/helpers/capture_helper.rb +161 -0
- data/lib/action_view/helpers/date_helper.rb +711 -0
- data/lib/action_view/helpers/debug_helper.rb +31 -0
- data/lib/action_view/helpers/form_helper.rb +767 -0
- data/lib/action_view/helpers/form_options_helper.rb +458 -0
- data/lib/action_view/helpers/form_tag_helper.rb +458 -0
- data/lib/action_view/helpers/javascript_helper.rb +148 -0
- data/lib/action_view/helpers/number_helper.rb +186 -0
- data/lib/action_view/helpers/record_identification_helper.rb +20 -0
- data/lib/action_view/helpers/record_tag_helper.rb +59 -0
- data/lib/action_view/helpers/sanitize_helper.rb +229 -0
- data/lib/action_view/helpers/tag_helper.rb +134 -0
- data/lib/action_view/helpers/text_helper.rb +507 -0
- data/lib/action_view/helpers/url_helper.rb +573 -0
- data/lib/action_view/inline_template.rb +20 -0
- data/lib/action_view/partial_template.rb +70 -0
- data/lib/action_view/partials.rb +158 -0
- data/lib/action_view/template.rb +125 -0
- data/lib/action_view/template_error.rb +110 -0
- data/lib/action_view/template_finder.rb +176 -0
- data/lib/action_view/template_handler.rb +34 -0
- data/lib/action_view/template_handlers/builder.rb +27 -0
- data/lib/action_view/template_handlers/compilable.rb +128 -0
- data/lib/action_view/template_handlers/erb.rb +56 -0
- data/lib/action_view/test_case.rb +58 -0
- data/lib/actionpack.rb +1 -0
- data/test/abstract_unit.rb +36 -0
- data/test/active_record_unit.rb +105 -0
- data/test/activerecord/active_record_store_test.rb +141 -0
- data/test/activerecord/render_partial_with_record_identification_test.rb +191 -0
- data/test/adv_attr_test.rb +20 -0
- data/test/controller/action_pack_assertions_test.rb +543 -0
- data/test/controller/addresses_render_test.rb +43 -0
- data/test/controller/assert_select_test.rb +331 -0
- data/test/controller/base_test.rb +219 -0
- data/test/controller/benchmark_test.rb +32 -0
- data/test/controller/caching_test.rb +581 -0
- data/test/controller/capture_test.rb +89 -0
- data/test/controller/cgi_test.rb +116 -0
- data/test/controller/components_test.rb +140 -0
- data/test/controller/content_type_test.rb +139 -0
- data/test/controller/controller_fixtures/app/controllers/admin/user_controller.rb +0 -0
- data/test/controller/controller_fixtures/app/controllers/user_controller.rb +0 -0
- data/test/controller/controller_fixtures/vendor/plugins/bad_plugin/lib/plugin_controller.rb +0 -0
- data/test/controller/cookie_test.rb +146 -0
- data/test/controller/custom_handler_test.rb +45 -0
- data/test/controller/deprecation/deprecated_base_methods_test.rb +37 -0
- data/test/controller/dispatcher_test.rb +105 -0
- data/test/controller/fake_controllers.rb +33 -0
- data/test/controller/fake_models.rb +11 -0
- data/test/controller/filter_params_test.rb +49 -0
- data/test/controller/filters_test.rb +881 -0
- data/test/controller/flash_test.rb +146 -0
- data/test/controller/header_test.rb +14 -0
- data/test/controller/helper_test.rb +210 -0
- data/test/controller/html-scanner/cdata_node_test.rb +15 -0
- data/test/controller/html-scanner/document_test.rb +148 -0
- data/test/controller/html-scanner/node_test.rb +89 -0
- data/test/controller/html-scanner/sanitizer_test.rb +269 -0
- data/test/controller/html-scanner/tag_node_test.rb +238 -0
- data/test/controller/html-scanner/text_node_test.rb +50 -0
- data/test/controller/html-scanner/tokenizer_test.rb +131 -0
- data/test/controller/http_authentication_test.rb +54 -0
- data/test/controller/integration_test.rb +252 -0
- data/test/controller/integration_upload_test.rb +43 -0
- data/test/controller/layout_test.rb +255 -0
- data/test/controller/mime_responds_test.rb +514 -0
- data/test/controller/mime_type_test.rb +84 -0
- data/test/controller/new_render_test.rb +843 -0
- data/test/controller/polymorphic_routes_test.rb +174 -0
- data/test/controller/record_identifier_test.rb +139 -0
- data/test/controller/redirect_test.rb +289 -0
- data/test/controller/render_test.rb +484 -0
- data/test/controller/request_forgery_protection_test.rb +305 -0
- data/test/controller/request_test.rb +928 -0
- data/test/controller/rescue_test.rb +517 -0
- data/test/controller/resources_test.rb +873 -0
- data/test/controller/routing_test.rb +2464 -0
- data/test/controller/selector_test.rb +628 -0
- data/test/controller/send_file_test.rb +138 -0
- data/test/controller/session/cookie_store_test.rb +258 -0
- data/test/controller/session/mem_cache_store_test.rb +181 -0
- data/test/controller/session_fixation_test.rb +89 -0
- data/test/controller/session_management_test.rb +178 -0
- data/test/controller/test_test.rb +695 -0
- data/test/controller/url_rewriter_test.rb +310 -0
- data/test/controller/verification_test.rb +270 -0
- data/test/controller/view_paths_test.rb +140 -0
- data/test/controller/webservice_test.rb +229 -0
- data/test/fixtures/addresses/list.erb +1 -0
- data/test/fixtures/bad_customers/_bad_customer.html.erb +1 -0
- data/test/fixtures/companies.yml +24 -0
- data/test/fixtures/company.rb +10 -0
- data/test/fixtures/content_type/render_default_content_types_for_respond_to.rhtml +1 -0
- data/test/fixtures/content_type/render_default_for_js.js.erb +1 -0
- data/test/fixtures/content_type/render_default_for_rhtml.rhtml +1 -0
- data/test/fixtures/content_type/render_default_for_rxml.rxml +1 -0
- data/test/fixtures/customers/_customer.html.erb +1 -0
- data/test/fixtures/db_definitions/sqlite.sql +49 -0
- data/test/fixtures/developer.rb +9 -0
- data/test/fixtures/developers.yml +21 -0
- data/test/fixtures/developers_projects.yml +13 -0
- data/test/fixtures/fun/games/hello_world.erb +1 -0
- data/test/fixtures/functional_caching/_partial.erb +3 -0
- data/test/fixtures/functional_caching/fragment_cached.html.erb +2 -0
- data/test/fixtures/functional_caching/html_fragment_cached_with_partial.html.erb +1 -0
- data/test/fixtures/functional_caching/js_fragment_cached_with_partial.js.rjs +1 -0
- data/test/fixtures/good_customers/_good_customer.html.erb +1 -0
- data/test/fixtures/helpers/abc_helper.rb +5 -0
- data/test/fixtures/helpers/fun/games_helper.rb +3 -0
- data/test/fixtures/helpers/fun/pdf_helper.rb +3 -0
- data/test/fixtures/layout_tests/alt/hello.rhtml +1 -0
- data/test/fixtures/layout_tests/layouts/controller_name_space/nested.rhtml +1 -0
- data/test/fixtures/layout_tests/layouts/item.rhtml +1 -0
- data/test/fixtures/layout_tests/layouts/layout_test.rhtml +1 -0
- data/test/fixtures/layout_tests/layouts/multiple_extensions.html.erb +1 -0
- data/test/fixtures/layout_tests/layouts/third_party_template_library.mab +1 -0
- data/test/fixtures/layout_tests/views/hello.rhtml +1 -0
- data/test/fixtures/layouts/block_with_layout.erb +3 -0
- data/test/fixtures/layouts/builder.builder +3 -0
- data/test/fixtures/layouts/partial_with_layout.erb +3 -0
- data/test/fixtures/layouts/standard.erb +1 -0
- data/test/fixtures/layouts/talk_from_action.erb +2 -0
- data/test/fixtures/layouts/yield.erb +2 -0
- data/test/fixtures/mascot.rb +3 -0
- data/test/fixtures/mascots.yml +4 -0
- data/test/fixtures/mascots/_mascot.html.erb +1 -0
- data/test/fixtures/multipart/binary_file +0 -0
- data/test/fixtures/multipart/boundary_problem_file +10 -0
- data/test/fixtures/multipart/bracketed_param +5 -0
- data/test/fixtures/multipart/large_text_file +10 -0
- data/test/fixtures/multipart/mixed_files +0 -0
- data/test/fixtures/multipart/mona_lisa.jpg +0 -0
- data/test/fixtures/multipart/single_parameter +5 -0
- data/test/fixtures/multipart/text_file +10 -0
- data/test/fixtures/override/test/hello_world.erb +1 -0
- data/test/fixtures/override2/layouts/test/sub.erb +1 -0
- data/test/fixtures/post_test/layouts/post.html.erb +1 -0
- data/test/fixtures/post_test/layouts/super_post.iphone.erb +1 -0
- data/test/fixtures/post_test/post/index.html.erb +1 -0
- data/test/fixtures/post_test/post/index.iphone.erb +1 -0
- data/test/fixtures/post_test/super_post/index.html.erb +1 -0
- data/test/fixtures/post_test/super_post/index.iphone.erb +1 -0
- data/test/fixtures/project.rb +3 -0
- data/test/fixtures/projects.yml +7 -0
- data/test/fixtures/public/404.html +1 -0
- data/test/fixtures/public/500.html +1 -0
- data/test/fixtures/public/images/rails.png +0 -0
- data/test/fixtures/public/javascripts/application.js +1 -0
- data/test/fixtures/public/javascripts/bank.js +1 -0
- data/test/fixtures/public/javascripts/robber.js +1 -0
- data/test/fixtures/public/javascripts/version.1.0.js +1 -0
- data/test/fixtures/public/stylesheets/bank.css +1 -0
- data/test/fixtures/public/stylesheets/robber.css +1 -0
- data/test/fixtures/public/stylesheets/version.1.0.css +1 -0
- data/test/fixtures/replies.yml +15 -0
- data/test/fixtures/reply.rb +7 -0
- data/test/fixtures/respond_to/all_types_with_layout.html.erb +1 -0
- data/test/fixtures/respond_to/custom_constant_handling_without_block.mobile.erb +1 -0
- data/test/fixtures/respond_to/iphone_with_html_response_type.html.erb +1 -0
- data/test/fixtures/respond_to/iphone_with_html_response_type.iphone.erb +1 -0
- data/test/fixtures/respond_to/layouts/missing.html.erb +1 -0
- data/test/fixtures/respond_to/layouts/standard.html.erb +1 -0
- data/test/fixtures/respond_to/layouts/standard.iphone.erb +1 -0
- data/test/fixtures/respond_to/using_defaults.html.erb +1 -0
- data/test/fixtures/respond_to/using_defaults.js.rjs +1 -0
- data/test/fixtures/respond_to/using_defaults.xml.builder +1 -0
- data/test/fixtures/respond_to/using_defaults_with_type_list.html.erb +1 -0
- data/test/fixtures/respond_to/using_defaults_with_type_list.js.rjs +1 -0
- data/test/fixtures/respond_to/using_defaults_with_type_list.xml.builder +1 -0
- data/test/fixtures/scope/test/modgreet.erb +1 -0
- data/test/fixtures/shared.html.erb +1 -0
- data/test/fixtures/symlink_parent/symlinked_layout.erb +5 -0
- data/test/fixtures/test/_customer.erb +1 -0
- data/test/fixtures/test/_customer_counter.erb +1 -0
- data/test/fixtures/test/_customer_greeting.erb +1 -0
- data/test/fixtures/test/_form.erb +1 -0
- data/test/fixtures/test/_hash_greeting.erb +1 -0
- data/test/fixtures/test/_hash_object.erb +2 -0
- data/test/fixtures/test/_hello.builder +1 -0
- data/test/fixtures/test/_labelling_form.erb +1 -0
- data/test/fixtures/test/_layout_for_partial.html.erb +3 -0
- data/test/fixtures/test/_partial.erb +1 -0
- data/test/fixtures/test/_partial.html.erb +1 -0
- data/test/fixtures/test/_partial.js.erb +1 -0
- data/test/fixtures/test/_partial_for_use_in_layout.html.erb +1 -0
- data/test/fixtures/test/_partial_only.erb +1 -0
- data/test/fixtures/test/_person.erb +2 -0
- data/test/fixtures/test/_raise.html.erb +1 -0
- data/test/fixtures/test/action_talk_to_layout.erb +2 -0
- data/test/fixtures/test/block_content_for.erb +2 -0
- data/test/fixtures/test/calling_partial_with_layout.html.erb +1 -0
- data/test/fixtures/test/capturing.erb +4 -0
- data/test/fixtures/test/content_for.erb +2 -0
- data/test/fixtures/test/content_for_concatenated.erb +3 -0
- data/test/fixtures/test/content_for_with_parameter.erb +2 -0
- data/test/fixtures/test/delete_with_js.rjs +2 -0
- data/test/fixtures/test/dot.directory/render_file_with_ivar.erb +1 -0
- data/test/fixtures/test/enum_rjs_test.rjs +6 -0
- data/test/fixtures/test/erb_content_for.erb +2 -0
- data/test/fixtures/test/formatted_html_erb.html.erb +1 -0
- data/test/fixtures/test/formatted_xml_erb.builder +1 -0
- data/test/fixtures/test/formatted_xml_erb.html.erb +1 -0
- data/test/fixtures/test/formatted_xml_erb.xml.erb +1 -0
- data/test/fixtures/test/greeting.erb +1 -0
- data/test/fixtures/test/greeting.js.rjs +1 -0
- data/test/fixtures/test/hello.builder +4 -0
- data/test/fixtures/test/hello_world.erb +1 -0
- data/test/fixtures/test/hello_world_container.builder +3 -0
- data/test/fixtures/test/hello_world_from_rxml.builder +4 -0
- data/test/fixtures/test/hello_world_with_layout_false.erb +1 -0
- data/test/fixtures/test/hello_xml_world.builder +11 -0
- data/test/fixtures/test/list.erb +1 -0
- data/test/fixtures/test/non_erb_block_content_for.builder +4 -0
- data/test/fixtures/test/potential_conflicts.erb +4 -0
- data/test/fixtures/test/render_file_from_template.html.erb +1 -0
- data/test/fixtures/test/render_file_with_ivar.erb +1 -0
- data/test/fixtures/test/render_file_with_locals.erb +1 -0
- data/test/fixtures/test/render_to_string_test.erb +1 -0
- data/test/fixtures/test/update_element_with_capture.erb +9 -0
- data/test/fixtures/test/using_layout_around_block.html.erb +1 -0
- data/test/fixtures/topic.rb +3 -0
- data/test/fixtures/topics.yml +22 -0
- data/test/fixtures/topics/_topic.html.erb +1 -0
- data/test/template/active_record_helper_test.rb +268 -0
- data/test/template/asset_tag_helper_test.rb +514 -0
- data/test/template/atom_feed_helper_test.rb +179 -0
- data/test/template/benchmark_helper_test.rb +60 -0
- data/test/template/date_helper_test.rb +1791 -0
- data/test/template/deprecated_erb_variable_test.rb +9 -0
- data/test/template/erb_util_test.rb +24 -0
- data/test/template/form_helper_test.rb +885 -0
- data/test/template/form_options_helper_test.rb +1333 -0
- data/test/template/form_tag_helper_test.rb +272 -0
- data/test/template/javascript_helper_test.rb +73 -0
- data/test/template/number_helper_test.rb +97 -0
- data/test/template/record_tag_helper_test.rb +54 -0
- data/test/template/sanitize_helper_test.rb +48 -0
- data/test/template/tag_helper_test.rb +77 -0
- data/test/template/template_finder_test.rb +73 -0
- data/test/template/template_object_test.rb +95 -0
- data/test/template/test_test.rb +56 -0
- data/test/template/text_helper_test.rb +367 -0
- data/test/template/url_helper_test.rb +544 -0
- data/test/testing_sandbox.rb +15 -0
- metadata +469 -0
@@ -0,0 +1,166 @@
|
|
1
|
+
require 'cgi'
|
2
|
+
require 'cgi/session'
|
3
|
+
require 'openssl' # to generate the HMAC message digest
|
4
|
+
|
5
|
+
# This cookie-based session store is the Rails default. Sessions typically
|
6
|
+
# contain at most a user_id and flash message; both fit within the 4K cookie
|
7
|
+
# size limit. Cookie-based sessions are dramatically faster than the
|
8
|
+
# alternatives.
|
9
|
+
#
|
10
|
+
# If you have more than 4K of session data or don't want your data to be
|
11
|
+
# visible to the user, pick another session store.
|
12
|
+
#
|
13
|
+
# CookieOverflow is raised if you attempt to store more than 4K of data.
|
14
|
+
# TamperedWithCookie is raised if the data integrity check fails.
|
15
|
+
#
|
16
|
+
# A message digest is included with the cookie to ensure data integrity:
|
17
|
+
# a user cannot alter his +user_id+ without knowing the secret key included in
|
18
|
+
# the hash. New apps are generated with a pregenerated secret in
|
19
|
+
# config/environment.rb. Set your own for old apps you're upgrading.
|
20
|
+
#
|
21
|
+
# Session options:
|
22
|
+
#
|
23
|
+
# * <tt>:secret</tt>: An application-wide key string or block returning a string
|
24
|
+
# called per generated digest. The block is called with the CGI::Session
|
25
|
+
# instance as an argument. It's important that the secret is not vulnerable to
|
26
|
+
# a dictionary attack. Therefore, you should choose a secret consisting of
|
27
|
+
# random numbers and letters and more than 30 characters. Examples:
|
28
|
+
#
|
29
|
+
# :secret => '449fe2e7daee471bffae2fd8dc02313d'
|
30
|
+
# :secret => Proc.new { User.current_user.secret_key }
|
31
|
+
#
|
32
|
+
# * <tt>:digest</tt>: The message digest algorithm used to verify session
|
33
|
+
# integrity defaults to 'SHA1' but may be any digest provided by OpenSSL,
|
34
|
+
# such as 'MD5', 'RIPEMD160', 'SHA256', etc.
|
35
|
+
#
|
36
|
+
# To generate a secret key for an existing application, run
|
37
|
+
# "rake secret" and set the key in config/environment.rb.
|
38
|
+
#
|
39
|
+
# Note that changing digest or secret invalidates all existing sessions!
|
40
|
+
class CGI::Session::CookieStore
|
41
|
+
# Cookies can typically store 4096 bytes.
|
42
|
+
MAX = 4096
|
43
|
+
SECRET_MIN_LENGTH = 30 # characters
|
44
|
+
|
45
|
+
# Raised when storing more than 4K of session data.
|
46
|
+
class CookieOverflow < StandardError; end
|
47
|
+
|
48
|
+
# Raised when the cookie fails its integrity check.
|
49
|
+
class TamperedWithCookie < StandardError; end
|
50
|
+
|
51
|
+
# Called from CGI::Session only.
|
52
|
+
def initialize(session, options = {})
|
53
|
+
# The session_key option is required.
|
54
|
+
if options['session_key'].blank?
|
55
|
+
raise ArgumentError, 'A session_key is required to write a cookie containing the session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase" } in config/environment.rb'
|
56
|
+
end
|
57
|
+
|
58
|
+
# The secret option is required.
|
59
|
+
ensure_secret_secure(options['secret'])
|
60
|
+
|
61
|
+
# Keep the session and its secret on hand so we can read and write cookies.
|
62
|
+
@session, @secret = session, options['secret']
|
63
|
+
|
64
|
+
# Message digest defaults to SHA1.
|
65
|
+
@digest = options['digest'] || 'SHA1'
|
66
|
+
|
67
|
+
# Default cookie options derived from session settings.
|
68
|
+
@cookie_options = {
|
69
|
+
'name' => options['session_key'],
|
70
|
+
'path' => options['session_path'],
|
71
|
+
'domain' => options['session_domain'],
|
72
|
+
'expires' => options['session_expires'],
|
73
|
+
'secure' => options['session_secure']
|
74
|
+
}
|
75
|
+
|
76
|
+
# Set no_hidden and no_cookies since the session id is unused and we
|
77
|
+
# set our own data cookie.
|
78
|
+
options['no_hidden'] = true
|
79
|
+
options['no_cookies'] = true
|
80
|
+
end
|
81
|
+
|
82
|
+
# To prevent users from using something insecure like "Password" we make sure that the
|
83
|
+
# secret they've provided is at least 30 characters in length.
|
84
|
+
def ensure_secret_secure(secret)
|
85
|
+
# There's no way we can do this check if they've provided a proc for the
|
86
|
+
# secret.
|
87
|
+
return true if secret.is_a?(Proc)
|
88
|
+
|
89
|
+
if secret.blank?
|
90
|
+
raise ArgumentError, %Q{A secret is required to generate an integrity hash for cookie session data. Use config.action_controller.session = { :session_key => "_myapp_session", :secret => "some secret phrase of at least #{SECRET_MIN_LENGTH} characters" } in config/environment.rb}
|
91
|
+
end
|
92
|
+
|
93
|
+
if secret.length < SECRET_MIN_LENGTH
|
94
|
+
raise ArgumentError, %Q{Secret should be something secure, like "#{CGI::Session.generate_unique_id}". The value you provided, "#{secret}", is shorter than the minimum length of #{SECRET_MIN_LENGTH} characters}
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
# Restore session data from the cookie.
|
99
|
+
def restore
|
100
|
+
@original = read_cookie
|
101
|
+
@data = unmarshal(@original) || {}
|
102
|
+
end
|
103
|
+
|
104
|
+
# Wait until close to write the session data cookie.
|
105
|
+
def update; end
|
106
|
+
|
107
|
+
# Write the session data cookie if it was loaded and has changed.
|
108
|
+
def close
|
109
|
+
if defined?(@data) && !@data.blank?
|
110
|
+
updated = marshal(@data)
|
111
|
+
raise CookieOverflow if updated.size > MAX
|
112
|
+
write_cookie('value' => updated) unless updated == @original
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
# Delete the session data by setting an expired cookie with no data.
|
117
|
+
def delete
|
118
|
+
@data = nil
|
119
|
+
clear_old_cookie_value
|
120
|
+
write_cookie('value' => nil, 'expires' => 1.year.ago)
|
121
|
+
end
|
122
|
+
|
123
|
+
# Generate the HMAC keyed message digest. Uses SHA1 by default.
|
124
|
+
def generate_digest(data)
|
125
|
+
key = @secret.respond_to?(:call) ? @secret.call(@session) : @secret
|
126
|
+
OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(@digest), key, data)
|
127
|
+
end
|
128
|
+
|
129
|
+
private
|
130
|
+
# Marshal a session hash into safe cookie data. Include an integrity hash.
|
131
|
+
def marshal(session)
|
132
|
+
data = ActiveSupport::Base64.encode64(Marshal.dump(session)).chop
|
133
|
+
"#{data}--#{generate_digest(data)}"
|
134
|
+
end
|
135
|
+
|
136
|
+
# Unmarshal cookie data to a hash and verify its integrity.
|
137
|
+
def unmarshal(cookie)
|
138
|
+
if cookie
|
139
|
+
data, digest = cookie.split('--')
|
140
|
+
|
141
|
+
# Do two checks to transparently support old double-escaped data.
|
142
|
+
unless digest == generate_digest(data) || digest == generate_digest(data = CGI.unescape(data))
|
143
|
+
delete
|
144
|
+
raise TamperedWithCookie
|
145
|
+
end
|
146
|
+
|
147
|
+
Marshal.load(ActiveSupport::Base64.decode64(data))
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
# Read the session data cookie.
|
152
|
+
def read_cookie
|
153
|
+
@session.cgi.cookies[@cookie_options['name']].first
|
154
|
+
end
|
155
|
+
|
156
|
+
# CGI likes to make you hack.
|
157
|
+
def write_cookie(options)
|
158
|
+
cookie = CGI::Cookie.new(@cookie_options.merge(options))
|
159
|
+
@session.cgi.send :instance_variable_set, '@output_cookies', [cookie]
|
160
|
+
end
|
161
|
+
|
162
|
+
# Clear cookie value so subsequent new_session doesn't reload old data.
|
163
|
+
def clear_old_cookie_value
|
164
|
+
@session.cgi.cookies[@cookie_options['name']].clear
|
165
|
+
end
|
166
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
#!/usr/local/bin/ruby -w
|
2
|
+
|
3
|
+
# This is a really simple session storage daemon, basically just a hash,
|
4
|
+
# which is enabled for DRb access.
|
5
|
+
|
6
|
+
require 'drb'
|
7
|
+
|
8
|
+
session_hash = Hash.new
|
9
|
+
session_hash.instance_eval { @mutex = Mutex.new }
|
10
|
+
|
11
|
+
class <<session_hash
|
12
|
+
def []=(key, value)
|
13
|
+
@mutex.synchronize do
|
14
|
+
super(key, value)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def [](key)
|
19
|
+
@mutex.synchronize do
|
20
|
+
super(key)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def delete(key)
|
25
|
+
@mutex.synchronize do
|
26
|
+
super(key)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
DRb.start_service('druby://127.0.0.1:9192', session_hash)
|
32
|
+
DRb.thread.join
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'cgi'
|
2
|
+
require 'cgi/session'
|
3
|
+
require 'drb'
|
4
|
+
|
5
|
+
class CGI #:nodoc:all
|
6
|
+
class Session
|
7
|
+
class DRbStore
|
8
|
+
@@session_data = DRbObject.new(nil, 'druby://localhost:9192')
|
9
|
+
|
10
|
+
def initialize(session, option=nil)
|
11
|
+
@session_id = session.session_id
|
12
|
+
end
|
13
|
+
|
14
|
+
def restore
|
15
|
+
@h = @@session_data[@session_id] || {}
|
16
|
+
end
|
17
|
+
|
18
|
+
def update
|
19
|
+
@@session_data[@session_id] = @h
|
20
|
+
end
|
21
|
+
|
22
|
+
def close
|
23
|
+
update
|
24
|
+
end
|
25
|
+
|
26
|
+
def delete
|
27
|
+
@@session_data.delete(@session_id)
|
28
|
+
end
|
29
|
+
|
30
|
+
def data
|
31
|
+
@@session_data[@session_id]
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
# cgi/session/memcached.rb - persistent storage of marshalled session data
|
2
|
+
#
|
3
|
+
# == Overview
|
4
|
+
#
|
5
|
+
# This file provides the CGI::Session::MemCache class, which builds
|
6
|
+
# persistence of storage data on top of the MemCache library. See
|
7
|
+
# cgi/session.rb for more details on session storage managers.
|
8
|
+
#
|
9
|
+
|
10
|
+
begin
|
11
|
+
require 'cgi/session'
|
12
|
+
require_library_or_gem 'memcache'
|
13
|
+
|
14
|
+
class CGI
|
15
|
+
class Session
|
16
|
+
# MemCache-based session storage class.
|
17
|
+
#
|
18
|
+
# This builds upon the top-level MemCache class provided by the
|
19
|
+
# library file memcache.rb. Session data is marshalled and stored
|
20
|
+
# in a memcached cache.
|
21
|
+
class MemCacheStore
|
22
|
+
def check_id(id) #:nodoc:#
|
23
|
+
/[^0-9a-zA-Z]+/ =~ id.to_s ? false : true
|
24
|
+
end
|
25
|
+
|
26
|
+
# Create a new CGI::Session::MemCache instance
|
27
|
+
#
|
28
|
+
# This constructor is used internally by CGI::Session. The
|
29
|
+
# user does not generally need to call it directly.
|
30
|
+
#
|
31
|
+
# +session+ is the session for which this instance is being
|
32
|
+
# created. The session id must only contain alphanumeric
|
33
|
+
# characters; automatically generated session ids observe
|
34
|
+
# this requirement.
|
35
|
+
#
|
36
|
+
# +options+ is a hash of options for the initializer. The
|
37
|
+
# following options are recognized:
|
38
|
+
#
|
39
|
+
# cache:: an instance of a MemCache client to use as the
|
40
|
+
# session cache.
|
41
|
+
#
|
42
|
+
# expires:: an expiry time value to use for session entries in
|
43
|
+
# the session cache. +expires+ is interpreted in seconds
|
44
|
+
# relative to the current time if it�s less than 60*60*24*30
|
45
|
+
# (30 days), or as an absolute Unix time (e.g., Time#to_i) if
|
46
|
+
# greater. If +expires+ is +0+, or not passed on +options+,
|
47
|
+
# the entry will never expire.
|
48
|
+
#
|
49
|
+
# This session's memcache entry will be created if it does
|
50
|
+
# not exist, or retrieved if it does.
|
51
|
+
def initialize(session, options = {})
|
52
|
+
id = session.session_id
|
53
|
+
unless check_id(id)
|
54
|
+
raise ArgumentError, "session_id '%s' is invalid" % id
|
55
|
+
end
|
56
|
+
@cache = options['cache'] || MemCache.new('localhost')
|
57
|
+
@expires = options['expires'] || 0
|
58
|
+
@session_key = "session:#{id}"
|
59
|
+
@session_data = {}
|
60
|
+
# Add this key to the store if haven't done so yet
|
61
|
+
unless @cache.get(@session_key)
|
62
|
+
@cache.add(@session_key, @session_data, @expires)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# Restore session state from the session's memcache entry.
|
67
|
+
#
|
68
|
+
# Returns the session state as a hash.
|
69
|
+
def restore
|
70
|
+
@session_data = @cache[@session_key] || {}
|
71
|
+
end
|
72
|
+
|
73
|
+
# Save session state to the session's memcache entry.
|
74
|
+
def update
|
75
|
+
@cache.set(@session_key, @session_data, @expires)
|
76
|
+
end
|
77
|
+
|
78
|
+
# Update and close the session's memcache entry.
|
79
|
+
def close
|
80
|
+
update
|
81
|
+
end
|
82
|
+
|
83
|
+
# Delete the session's memcache entry.
|
84
|
+
def delete
|
85
|
+
@cache.delete(@session_key)
|
86
|
+
@session_data = {}
|
87
|
+
end
|
88
|
+
|
89
|
+
def data
|
90
|
+
@session_data
|
91
|
+
end
|
92
|
+
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
rescue LoadError
|
97
|
+
# MemCache wasn't available so neither can the store be
|
98
|
+
end
|
@@ -0,0 +1,158 @@
|
|
1
|
+
require 'action_controller/session/cookie_store'
|
2
|
+
require 'action_controller/session/drb_store'
|
3
|
+
require 'action_controller/session/mem_cache_store'
|
4
|
+
if Object.const_defined?(:ActiveRecord)
|
5
|
+
require 'action_controller/session/active_record_store'
|
6
|
+
end
|
7
|
+
|
8
|
+
module ActionController #:nodoc:
|
9
|
+
module SessionManagement #:nodoc:
|
10
|
+
def self.included(base)
|
11
|
+
base.class_eval do
|
12
|
+
extend ClassMethods
|
13
|
+
alias_method_chain :process, :session_management_support
|
14
|
+
alias_method_chain :process_cleanup, :session_management_support
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
module ClassMethods
|
19
|
+
# Set the session store to be used for keeping the session data between requests.
|
20
|
+
# By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),
|
21
|
+
# but you can also specify one of the other included stores (<tt>:active_record_store</tt>,
|
22
|
+
# <tt>:p_store</tt>, <tt>:drb_store</tt>, <tt>:mem_cache_store</tt>, or
|
23
|
+
# <tt>:memory_store</tt>) or your own custom class.
|
24
|
+
def session_store=(store)
|
25
|
+
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager] =
|
26
|
+
store.is_a?(Symbol) ? CGI::Session.const_get(store == :drb_store ? "DRbStore" : store.to_s.camelize) : store
|
27
|
+
end
|
28
|
+
|
29
|
+
# Returns the session store class currently used.
|
30
|
+
def session_store
|
31
|
+
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:database_manager]
|
32
|
+
end
|
33
|
+
|
34
|
+
# Returns the hash used to configure the session. Example use:
|
35
|
+
#
|
36
|
+
# ActionController::Base.session_options[:session_secure] = true # session only available over HTTPS
|
37
|
+
def session_options
|
38
|
+
ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS
|
39
|
+
end
|
40
|
+
|
41
|
+
# Specify how sessions ought to be managed for a subset of the actions on
|
42
|
+
# the controller. Like filters, you can specify <tt>:only</tt> and
|
43
|
+
# <tt>:except</tt> clauses to restrict the subset, otherwise options
|
44
|
+
# apply to all actions on this controller.
|
45
|
+
#
|
46
|
+
# The session options are inheritable, as well, so if you specify them in
|
47
|
+
# a parent controller, they apply to controllers that extend the parent.
|
48
|
+
#
|
49
|
+
# Usage:
|
50
|
+
#
|
51
|
+
# # turn off session management for all actions.
|
52
|
+
# session :off
|
53
|
+
#
|
54
|
+
# # turn off session management for all actions _except_ foo and bar.
|
55
|
+
# session :off, :except => %w(foo bar)
|
56
|
+
#
|
57
|
+
# # turn off session management for only the foo and bar actions.
|
58
|
+
# session :off, :only => %w(foo bar)
|
59
|
+
#
|
60
|
+
# # the session will only work over HTTPS, but only for the foo action
|
61
|
+
# session :only => :foo, :session_secure => true
|
62
|
+
#
|
63
|
+
# # the session will only be disabled for 'foo', and only if it is
|
64
|
+
# # requested as a web service
|
65
|
+
# session :off, :only => :foo,
|
66
|
+
# :if => Proc.new { |req| req.parameters[:ws] }
|
67
|
+
#
|
68
|
+
# # the session will be disabled for non html/ajax requests
|
69
|
+
# session :off,
|
70
|
+
# :if => Proc.new { |req| !(req.format.html? || req.format.js?) }
|
71
|
+
#
|
72
|
+
# # turn the session back on, useful when it was turned off in the
|
73
|
+
# # application controller, and you need it on in another controller
|
74
|
+
# session :on
|
75
|
+
#
|
76
|
+
# All session options described for ActionController::Base.process_cgi
|
77
|
+
# are valid arguments.
|
78
|
+
def session(*args)
|
79
|
+
options = args.extract_options!
|
80
|
+
|
81
|
+
options[:disabled] = false if args.delete(:on)
|
82
|
+
options[:disabled] = true if !args.empty?
|
83
|
+
options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
|
84
|
+
options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
|
85
|
+
if options[:only] && options[:except]
|
86
|
+
raise ArgumentError, "only one of either :only or :except are allowed"
|
87
|
+
end
|
88
|
+
|
89
|
+
write_inheritable_array("session_options", [options])
|
90
|
+
end
|
91
|
+
|
92
|
+
# So we can declare session options in the Rails initializer.
|
93
|
+
alias_method :session=, :session
|
94
|
+
|
95
|
+
def cached_session_options #:nodoc:
|
96
|
+
@session_options ||= read_inheritable_attribute("session_options") || []
|
97
|
+
end
|
98
|
+
|
99
|
+
def session_options_for(request, action) #:nodoc:
|
100
|
+
if (session_options = cached_session_options).empty?
|
101
|
+
{}
|
102
|
+
else
|
103
|
+
options = {}
|
104
|
+
|
105
|
+
action = action.to_s
|
106
|
+
session_options.each do |opts|
|
107
|
+
next if opts[:if] && !opts[:if].call(request)
|
108
|
+
if opts[:only] && opts[:only].include?(action)
|
109
|
+
options.merge!(opts)
|
110
|
+
elsif opts[:except] && !opts[:except].include?(action)
|
111
|
+
options.merge!(opts)
|
112
|
+
elsif !opts[:only] && !opts[:except]
|
113
|
+
options.merge!(opts)
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
if options.empty? then options
|
118
|
+
else
|
119
|
+
options.delete :only
|
120
|
+
options.delete :except
|
121
|
+
options.delete :if
|
122
|
+
options[:disabled] ? false : options
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
def process_with_session_management_support(request, response, method = :perform_action, *arguments) #:nodoc:
|
129
|
+
set_session_options(request)
|
130
|
+
process_without_session_management_support(request, response, method, *arguments)
|
131
|
+
end
|
132
|
+
|
133
|
+
private
|
134
|
+
def set_session_options(request)
|
135
|
+
request.session_options = self.class.session_options_for(request, request.parameters["action"] || "index")
|
136
|
+
end
|
137
|
+
|
138
|
+
def process_cleanup_with_session_management_support
|
139
|
+
clear_persistent_model_associations
|
140
|
+
process_cleanup_without_session_management_support
|
141
|
+
end
|
142
|
+
|
143
|
+
# Clear cached associations in session data so they don't overflow
|
144
|
+
# the database field. Only applies to ActiveRecordStore since there
|
145
|
+
# is not a standard way to iterate over session data.
|
146
|
+
def clear_persistent_model_associations #:doc:
|
147
|
+
if defined?(@_session) && @_session.respond_to?(:data)
|
148
|
+
session_data = @_session.data
|
149
|
+
|
150
|
+
if session_data && session_data.respond_to?(:each_value)
|
151
|
+
session_data.each_value do |obj|
|
152
|
+
obj.clear_association_cache if obj.respond_to?(:clear_association_cache)
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|