galakei 0.4.1 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/galakei/request.rb +0 -4
- data/lib/galakei/session_id_parameter/in_form.rb +18 -13
- data/lib/galakei/session_id_parameter/in_url.rb +19 -25
- data/lib/galakei/session_id_parameter/railtie.rb +2 -2
- data/lib/galakei/version.rb +1 -1
- data/spec/acceptance/app/fake.rb +3 -1
- data/spec/acceptance/session_spec.rb +61 -13
- data/spec/acceptance/support/capybara_ssl_fix.rb +28 -0
- metadata +5 -4
data/lib/galakei/request.rb
CHANGED
@@ -3,25 +3,30 @@
|
|
3
3
|
# that the session id parameter is properly injected into forms.
|
4
4
|
module Galakei::SessionIdParameter::InForm
|
5
5
|
def extra_tags_for_form(html_options)
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
end
|
10
|
-
s
|
6
|
+
return super unless html_options["method"] == :get
|
7
|
+
session_id = extract_session_id!(html_options["action"])
|
8
|
+
session_id.blank? ? super : super << session_input_tag(session_id)
|
11
9
|
end
|
12
10
|
|
13
11
|
def button_to(name, options = {}, html_options = {})
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
s
|
12
|
+
return super unless html_options[:method] == :get
|
13
|
+
url = (options.is_a?(String) ? options : url_for(options))
|
14
|
+
session_id = extract_session_id!(url)
|
15
|
+
return super if session_id.blank?
|
16
|
+
s = super(name, url, html_options)
|
17
|
+
s.sub!("</form>", session_input_tag(session_id) + "</form>".html_safe)
|
19
18
|
end
|
20
19
|
|
21
20
|
private
|
22
21
|
|
23
|
-
|
24
|
-
|
25
|
-
|
22
|
+
# returns session id if present in url (or path) and removes it from the passed in parameter
|
23
|
+
def extract_session_id!(url)
|
24
|
+
url.gsub!(/#{::Rails.application.config.session_options[:key]}=([^&]+)&?/, '')
|
25
|
+
url.chomp!('?')
|
26
|
+
$1
|
27
|
+
end
|
28
|
+
|
29
|
+
def session_input_tag(session_id)
|
30
|
+
tag(:input, :type => "hidden", :name => ::Rails.application.config.session_options[:key], :value => session_id)
|
26
31
|
end
|
27
32
|
end
|
@@ -1,33 +1,27 @@
|
|
1
|
-
|
2
|
-
def
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
session_opts[:id] = ActiveSupport::SecureRandom.hex(8)
|
13
|
-
end
|
14
|
-
sid = session_opts[:id]
|
15
|
-
logger.debug("Galakei: adding session param '#{key}' to default_url_options")
|
16
|
-
default_url_options[key] = sid
|
17
|
-
else
|
18
|
-
# default_url_options aren't cleared, so we need to clear them
|
19
|
-
default_url_options.delete(key)
|
1
|
+
module Galakei::SessionIdParameter::InUrl
|
2
|
+
def url_for(options = {})
|
3
|
+
return super unless inject_session_id_parameter?(options)
|
4
|
+
session_opts = request.env[ActionDispatch::Session::AbstractStore::ENV_SESSION_OPTIONS_KEY]
|
5
|
+
# if we don't have a session ID yet, create one
|
6
|
+
if session_opts[:id].blank?
|
7
|
+
# make sure to reset any active record session store,
|
8
|
+
# we'll have to create a new one for the new session
|
9
|
+
request.env[ActiveRecord::SessionStore::SESSION_RECORD_KEY] = nil
|
10
|
+
# create a new session ID
|
11
|
+
session_opts[:id] = ActiveSupport::SecureRandom.hex(8)
|
20
12
|
end
|
13
|
+
super(options.merge(::Rails.application.config.session_options[:key] => session_opts[:id]))
|
21
14
|
end
|
22
15
|
|
23
16
|
private
|
24
17
|
|
25
|
-
def
|
26
|
-
|
27
|
-
|
18
|
+
def inject_session_id_parameter?(options)
|
19
|
+
return false unless options.is_a?(Hash)
|
20
|
+
return true if request.imode_browser_1_0?
|
28
21
|
|
29
|
-
|
30
|
-
|
22
|
+
# au and softbank have two forms of cookies depending on if it is
|
23
|
+
# http or https, so carry over session id when switching protocols
|
24
|
+
return false unless options[:protocol]
|
25
|
+
(request.au? || request.softbank?) && (request.protocol != options[:protocol])
|
31
26
|
end
|
32
|
-
|
33
27
|
end
|
@@ -4,8 +4,8 @@ module Galakei
|
|
4
4
|
config.galakei.session_id_parameter = false
|
5
5
|
initializer "galakei.session_id_parameter" do |app|
|
6
6
|
if app.config.galakei.session_id_parameter
|
7
|
-
|
8
|
-
|
7
|
+
Rails.application.routes.url_helpers.class_eval do
|
8
|
+
include Galakei::SessionIdParameter::InUrl
|
9
9
|
end
|
10
10
|
ActiveSupport.on_load :action_view do
|
11
11
|
include Galakei::SessionIdParameter::InForm
|
data/lib/galakei/version.rb
CHANGED
data/spec/acceptance/app/fake.rb
CHANGED
@@ -18,5 +18,7 @@ app.config.active_support.deprecation = :log
|
|
18
18
|
app.config.galakei.session_id_parameter = true
|
19
19
|
app.initialize!
|
20
20
|
|
21
|
-
app.routes.draw
|
21
|
+
app.routes.draw do
|
22
|
+
match ':controller(/:action(/:id))'
|
23
|
+
end
|
22
24
|
class ApplicationController < ActionController::Base; end
|
@@ -13,7 +13,7 @@ class SessionsController < ApplicationController
|
|
13
13
|
session[:previous_page] = "in_get_form"
|
14
14
|
@search = Search.new
|
15
15
|
render :layout => true, :inline => <<-EOD
|
16
|
-
<%= form_for @search, :url =>
|
16
|
+
<%= form_for @search, :url => { :controller => :sessions }, :html => { :method => :get } do |f| %>"
|
17
17
|
<%= f.text_field :query %>
|
18
18
|
<%= f.submit "in_get_form" %>
|
19
19
|
<% end %>
|
@@ -27,6 +27,18 @@ class SessionsController < ApplicationController
|
|
27
27
|
EOD
|
28
28
|
end
|
29
29
|
|
30
|
+
def secure_link
|
31
|
+
render :layout => true, :inline => <<-EOD
|
32
|
+
<%= link_to "secure_link", :action => :index, :protocol => "https://" %>
|
33
|
+
EOD
|
34
|
+
end
|
35
|
+
|
36
|
+
def insecure_link
|
37
|
+
render :layout => true, :inline => <<-EOD
|
38
|
+
<%= link_to "insecure_link", :action => :index, :protocol => "http://" %>
|
39
|
+
EOD
|
40
|
+
end
|
41
|
+
|
30
42
|
def button_to_get
|
31
43
|
session[:previous_page] = "button_to_get"
|
32
44
|
render :layout => true, :inline => <<-EOD
|
@@ -51,7 +63,7 @@ end
|
|
51
63
|
|
52
64
|
|
53
65
|
feature 'session' do
|
54
|
-
%w[
|
66
|
+
%w[link button_to_post].each do |s|
|
55
67
|
context s do
|
56
68
|
scenario 'for au', :driver => :au do
|
57
69
|
visit "/sessions/#{s}"
|
@@ -68,20 +80,56 @@ feature 'session' do
|
|
68
80
|
end
|
69
81
|
end
|
70
82
|
end
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
83
|
+
|
84
|
+
%w[in_get_form button_to_get].each do |s|
|
85
|
+
context s do
|
86
|
+
scenario 'for au', :driver => :au do
|
87
|
+
visit "/sessions/#{s}"
|
88
|
+
click_on s
|
89
|
+
page.should have_content("Session Data: #{s}")
|
90
|
+
page.should have_content("Session Param: false")
|
91
|
+
end
|
92
|
+
|
93
|
+
scenario 'for docomo', :driver => :docomo do
|
94
|
+
visit "/sessions/#{s}"
|
95
|
+
page.find('form')["action"].should == "/sessions"
|
96
|
+
page.find('form input[name="_myapp_session"]')["value"].should_not be_blank
|
97
|
+
click_on s
|
98
|
+
page.should have_content("Session Data: #{s}")
|
99
|
+
page.should have_content("Session Param: true")
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
scenario 'link https to https for au', :driver => :au do
|
105
|
+
visit "https://www.example.com/sessions/link"
|
106
|
+
click_on 'link'
|
107
|
+
page.should have_content("Session Param: false")
|
108
|
+
end
|
109
|
+
|
110
|
+
%w[au softbank].each do |s|
|
111
|
+
scenario "link http to https for #{s}", :driver => s.to_sym do
|
112
|
+
visit "http://www.example.com/sessions/secure_link"
|
113
|
+
click_on 'secure_link'
|
114
|
+
page.should have_content("Session Param: true")
|
77
115
|
end
|
78
116
|
|
79
|
-
scenario
|
80
|
-
visit "/sessions/
|
81
|
-
|
82
|
-
click_on "button_to_get"
|
83
|
-
page.should have_content("Session Data: button_to_get")
|
117
|
+
scenario "link https to http for #{s}", :driver => s.to_sym do
|
118
|
+
visit "https://www.example.com/sessions/insecure_link"
|
119
|
+
click_on 'insecure_link'
|
84
120
|
page.should have_content("Session Param: true")
|
85
121
|
end
|
86
122
|
end
|
123
|
+
|
124
|
+
scenario 'link http to https for docomo_2_0', :driver => :docomo_2_0 do
|
125
|
+
visit "http://www.example.com/sessions/secure_link"
|
126
|
+
click_on 'secure_link'
|
127
|
+
page.should have_content("Session Param: false")
|
128
|
+
end
|
129
|
+
|
130
|
+
scenario 'link https to http for docomo_2_0', :driver => :docomo_2_0 do
|
131
|
+
visit "https://www.example.com/sessions/insecure_link"
|
132
|
+
click_on 'insecure_link'
|
133
|
+
page.should have_content("Session Param: false")
|
134
|
+
end
|
87
135
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# This makes Capybara work with sites that switch between HTTP and HTTPS
|
2
|
+
# See http://github.com/jnicklas/capybara/issues#issue/85
|
3
|
+
|
4
|
+
module Capybara::Driver::RackTest::SslFix
|
5
|
+
|
6
|
+
[:get, :post, :put, :delete].each do |method|
|
7
|
+
define_method method do |*args|
|
8
|
+
args[0] = path_to_ssl_aware_url(args[0])
|
9
|
+
super(*args)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def path_to_ssl_aware_url(path)
|
16
|
+
unless path =~ /:\/\//
|
17
|
+
env = request.env
|
18
|
+
path = "#{env["rack.url_scheme"]}://#{env["SERVER_NAME"]}#{path}"
|
19
|
+
end
|
20
|
+
path
|
21
|
+
rescue Rack::Test::Error
|
22
|
+
# no request yet
|
23
|
+
path
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
Capybara::Driver::RackTest.send :include, Capybara::Driver::RackTest::SslFix
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 0
|
7
|
-
-
|
8
|
-
-
|
9
|
-
version: 0.
|
7
|
+
- 5
|
8
|
+
- 0
|
9
|
+
version: 0.5.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Paul McMahon
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-04-
|
18
|
+
date: 2011-04-06 00:00:00 +09:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -109,6 +109,7 @@ files:
|
|
109
109
|
- spec/acceptance/handset_detection_spec.rb
|
110
110
|
- spec/acceptance/input_mode_spec.rb
|
111
111
|
- spec/acceptance/session_spec.rb
|
112
|
+
- spec/acceptance/support/capybara_ssl_fix.rb
|
112
113
|
- spec/acceptance/support/handsets.rb
|
113
114
|
- spec/acceptance/views_spec.rb
|
114
115
|
- spec/galakei/docomo_css/stylesheet_spec.rb
|