mongoid_session_store 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.gitignore +21 -0
- data/Gemfile +12 -0
- data/Gemfile.lock +49 -0
- data/LICENSE +20 -0
- data/README.rdoc +33 -0
- data/Rakefile +56 -0
- data/VERSION +1 -0
- data/example/.gitignore +4 -0
- data/example/Gemfile +35 -0
- data/example/Gemfile.lock +94 -0
- data/example/README +256 -0
- data/example/Rakefile +7 -0
- data/example/app/controllers/application_controller.rb +3 -0
- data/example/app/controllers/sessions_controller.rb +26 -0
- data/example/app/helpers/application_helper.rb +2 -0
- data/example/app/helpers/sessions_helper.rb +2 -0
- data/example/app/views/layouts/application.html.erb +14 -0
- data/example/config/application.rb +44 -0
- data/example/config/boot.rb +13 -0
- data/example/config/database.yml +22 -0
- data/example/config/environment.rb +5 -0
- data/example/config/environments/development.rb +22 -0
- data/example/config/environments/production.rb +49 -0
- data/example/config/environments/test.rb +35 -0
- data/example/config/initializers/backtrace_silencers.rb +7 -0
- data/example/config/initializers/inflections.rb +10 -0
- data/example/config/initializers/mime_types.rb +5 -0
- data/example/config/initializers/secret_token.rb +7 -0
- data/example/config/initializers/session_store.rb +11 -0
- data/example/config/locales/en.yml +5 -0
- data/example/config/mongoid.yml +19 -0
- data/example/config/routes.rb +3 -0
- data/example/config.ru +4 -0
- data/example/db/migrate/20100810035140_add_sessions_table.rb +16 -0
- data/example/db/schema.rb +25 -0
- data/example/db/seeds.rb +7 -0
- data/example/doc/README_FOR_APP +2 -0
- data/example/lib/tasks/.gitkeep +0 -0
- data/example/public/404.html +26 -0
- data/example/public/422.html +26 -0
- data/example/public/500.html +26 -0
- data/example/public/favicon.ico +0 -0
- data/example/public/images/rails.png +0 -0
- data/example/public/index.html +262 -0
- data/example/public/javascripts/application.js +2 -0
- data/example/public/javascripts/controls.js +965 -0
- data/example/public/javascripts/dragdrop.js +974 -0
- data/example/public/javascripts/effects.js +1123 -0
- data/example/public/javascripts/prototype.js +6001 -0
- data/example/public/javascripts/rails.js +175 -0
- data/example/public/robots.txt +5 -0
- data/example/public/stylesheets/.gitkeep +0 -0
- data/example/script/rails +6 -0
- data/example/test/functional/sessions_controller_test.rb +8 -0
- data/example/test/integration/sessions_test.rb +152 -0
- data/example/test/performance/browsing_test.rb +9 -0
- data/example/test/test_helper.rb +13 -0
- data/example/test/unit/helpers/sessions_helper_test.rb +4 -0
- data/example/vendor/plugins/.gitkeep +0 -0
- data/lib/mongoid_session_store/mongoid_store.rb +71 -0
- data/lib/mongoid_session_store.rb +1 -0
- data/mongoid_session_store.gemspec +115 -0
- data/test/helper.rb +23 -0
- data/test/test_mongoid_session_store.rb +11 -0
- metadata +175 -0
@@ -0,0 +1,175 @@
|
|
1
|
+
(function() {
|
2
|
+
// Technique from Juriy Zaytsev
|
3
|
+
// http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
|
4
|
+
function isEventSupported(eventName) {
|
5
|
+
var el = document.createElement('div');
|
6
|
+
eventName = 'on' + eventName;
|
7
|
+
var isSupported = (eventName in el);
|
8
|
+
if (!isSupported) {
|
9
|
+
el.setAttribute(eventName, 'return;');
|
10
|
+
isSupported = typeof el[eventName] == 'function';
|
11
|
+
}
|
12
|
+
el = null;
|
13
|
+
return isSupported;
|
14
|
+
}
|
15
|
+
|
16
|
+
function isForm(element) {
|
17
|
+
return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
|
18
|
+
}
|
19
|
+
|
20
|
+
function isInput(element) {
|
21
|
+
if (Object.isElement(element)) {
|
22
|
+
var name = element.nodeName.toUpperCase()
|
23
|
+
return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
|
24
|
+
}
|
25
|
+
else return false
|
26
|
+
}
|
27
|
+
|
28
|
+
var submitBubbles = isEventSupported('submit'),
|
29
|
+
changeBubbles = isEventSupported('change')
|
30
|
+
|
31
|
+
if (!submitBubbles || !changeBubbles) {
|
32
|
+
// augment the Event.Handler class to observe custom events when needed
|
33
|
+
Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
|
34
|
+
function(init, element, eventName, selector, callback) {
|
35
|
+
init(element, eventName, selector, callback)
|
36
|
+
// is the handler being attached to an element that doesn't support this event?
|
37
|
+
if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
|
38
|
+
(!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
|
39
|
+
// "submit" => "emulated:submit"
|
40
|
+
this.eventName = 'emulated:' + this.eventName
|
41
|
+
}
|
42
|
+
}
|
43
|
+
)
|
44
|
+
}
|
45
|
+
|
46
|
+
if (!submitBubbles) {
|
47
|
+
// discover forms on the page by observing focus events which always bubble
|
48
|
+
document.on('focusin', 'form', function(focusEvent, form) {
|
49
|
+
// special handler for the real "submit" event (one-time operation)
|
50
|
+
if (!form.retrieve('emulated:submit')) {
|
51
|
+
form.on('submit', function(submitEvent) {
|
52
|
+
var emulated = form.fire('emulated:submit', submitEvent, true)
|
53
|
+
// if custom event received preventDefault, cancel the real one too
|
54
|
+
if (emulated.returnValue === false) submitEvent.preventDefault()
|
55
|
+
})
|
56
|
+
form.store('emulated:submit', true)
|
57
|
+
}
|
58
|
+
})
|
59
|
+
}
|
60
|
+
|
61
|
+
if (!changeBubbles) {
|
62
|
+
// discover form inputs on the page
|
63
|
+
document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
|
64
|
+
// special handler for real "change" events
|
65
|
+
if (!input.retrieve('emulated:change')) {
|
66
|
+
input.on('change', function(changeEvent) {
|
67
|
+
input.fire('emulated:change', changeEvent, true)
|
68
|
+
})
|
69
|
+
input.store('emulated:change', true)
|
70
|
+
}
|
71
|
+
})
|
72
|
+
}
|
73
|
+
|
74
|
+
function handleRemote(element) {
|
75
|
+
var method, url, params;
|
76
|
+
|
77
|
+
var event = element.fire("ajax:before");
|
78
|
+
if (event.stopped) return false;
|
79
|
+
|
80
|
+
if (element.tagName.toLowerCase() === 'form') {
|
81
|
+
method = element.readAttribute('method') || 'post';
|
82
|
+
url = element.readAttribute('action');
|
83
|
+
params = element.serialize();
|
84
|
+
} else {
|
85
|
+
method = element.readAttribute('data-method') || 'get';
|
86
|
+
url = element.readAttribute('href');
|
87
|
+
params = {};
|
88
|
+
}
|
89
|
+
|
90
|
+
new Ajax.Request(url, {
|
91
|
+
method: method,
|
92
|
+
parameters: params,
|
93
|
+
evalScripts: true,
|
94
|
+
|
95
|
+
onComplete: function(request) { element.fire("ajax:complete", request); },
|
96
|
+
onSuccess: function(request) { element.fire("ajax:success", request); },
|
97
|
+
onFailure: function(request) { element.fire("ajax:failure", request); }
|
98
|
+
});
|
99
|
+
|
100
|
+
element.fire("ajax:after");
|
101
|
+
}
|
102
|
+
|
103
|
+
function handleMethod(element) {
|
104
|
+
var method = element.readAttribute('data-method'),
|
105
|
+
url = element.readAttribute('href'),
|
106
|
+
csrf_param = $$('meta[name=csrf-param]')[0],
|
107
|
+
csrf_token = $$('meta[name=csrf-token]')[0];
|
108
|
+
|
109
|
+
var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
|
110
|
+
element.parentNode.insert(form);
|
111
|
+
|
112
|
+
if (method !== 'post') {
|
113
|
+
var field = new Element('input', { type: 'hidden', name: '_method', value: method });
|
114
|
+
form.insert(field);
|
115
|
+
}
|
116
|
+
|
117
|
+
if (csrf_param) {
|
118
|
+
var param = csrf_param.readAttribute('content'),
|
119
|
+
token = csrf_token.readAttribute('content'),
|
120
|
+
field = new Element('input', { type: 'hidden', name: param, value: token });
|
121
|
+
form.insert(field);
|
122
|
+
}
|
123
|
+
|
124
|
+
form.submit();
|
125
|
+
}
|
126
|
+
|
127
|
+
|
128
|
+
document.on("click", "*[data-confirm]", function(event, element) {
|
129
|
+
var message = element.readAttribute('data-confirm');
|
130
|
+
if (!confirm(message)) event.stop();
|
131
|
+
});
|
132
|
+
|
133
|
+
document.on("click", "a[data-remote]", function(event, element) {
|
134
|
+
if (event.stopped) return;
|
135
|
+
handleRemote(element);
|
136
|
+
event.stop();
|
137
|
+
});
|
138
|
+
|
139
|
+
document.on("click", "a[data-method]", function(event, element) {
|
140
|
+
if (event.stopped) return;
|
141
|
+
handleMethod(element);
|
142
|
+
event.stop();
|
143
|
+
});
|
144
|
+
|
145
|
+
document.on("submit", function(event) {
|
146
|
+
var element = event.findElement(),
|
147
|
+
message = element.readAttribute('data-confirm');
|
148
|
+
if (message && !confirm(message)) {
|
149
|
+
event.stop();
|
150
|
+
return false;
|
151
|
+
}
|
152
|
+
|
153
|
+
var inputs = element.select("input[type=submit][data-disable-with]");
|
154
|
+
inputs.each(function(input) {
|
155
|
+
input.disabled = true;
|
156
|
+
input.writeAttribute('data-original-value', input.value);
|
157
|
+
input.value = input.readAttribute('data-disable-with');
|
158
|
+
});
|
159
|
+
|
160
|
+
var element = event.findElement("form[data-remote]");
|
161
|
+
if (element) {
|
162
|
+
handleRemote(element);
|
163
|
+
event.stop();
|
164
|
+
}
|
165
|
+
});
|
166
|
+
|
167
|
+
document.on("ajax:after", "form", function(event, element) {
|
168
|
+
var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
|
169
|
+
inputs.each(function(input) {
|
170
|
+
input.value = input.readAttribute('data-original-value');
|
171
|
+
input.removeAttribute('data-original-value');
|
172
|
+
input.disabled = false;
|
173
|
+
});
|
174
|
+
});
|
175
|
+
})();
|
File without changes
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,152 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class SessionsTest < ActionDispatch::IntegrationTest
|
4
|
+
fixtures :all
|
5
|
+
|
6
|
+
def setup
|
7
|
+
# Mongoid.master.collections.select {|c| c.name !~ /system/ }.each(&:drop)
|
8
|
+
ActionDispatch::Session::MongoidStore::Session.delete_all
|
9
|
+
end
|
10
|
+
|
11
|
+
test "set session value" do
|
12
|
+
get '/set_session_value'
|
13
|
+
assert_response :success
|
14
|
+
assert cookies['_session_id']
|
15
|
+
session_id = cookies['_session_id']
|
16
|
+
end
|
17
|
+
|
18
|
+
test "setting and getting session value with" do
|
19
|
+
get '/set_session_value'
|
20
|
+
assert_response :success
|
21
|
+
assert cookies['_session_id']
|
22
|
+
|
23
|
+
get '/get_session_value'
|
24
|
+
assert_response :success
|
25
|
+
assert_equal 'foo: "bar"', response.body
|
26
|
+
|
27
|
+
get '/set_session_value', :foo => "baz"
|
28
|
+
assert_response :success
|
29
|
+
assert cookies['_session_id']
|
30
|
+
|
31
|
+
get '/get_session_value'
|
32
|
+
assert_response :success
|
33
|
+
assert_equal 'foo: "baz"', response.body
|
34
|
+
|
35
|
+
get '/call_reset_session'
|
36
|
+
assert_response :success
|
37
|
+
assert_not_equal [], headers['Set-Cookie']
|
38
|
+
end
|
39
|
+
|
40
|
+
test "getting nil session value" do
|
41
|
+
get '/get_session_value'
|
42
|
+
assert_response :success
|
43
|
+
assert_equal 'foo: nil', response.body
|
44
|
+
end
|
45
|
+
|
46
|
+
test "setting session value after session reset" do
|
47
|
+
get '/set_session_value'
|
48
|
+
assert_response :success
|
49
|
+
assert cookies['_session_id']
|
50
|
+
session_id = cookies['_session_id']
|
51
|
+
|
52
|
+
get '/call_reset_session'
|
53
|
+
assert_response :success
|
54
|
+
assert_not_equal [], headers['Set-Cookie']
|
55
|
+
|
56
|
+
get '/get_session_value'
|
57
|
+
assert_response :success
|
58
|
+
assert_equal 'foo: "baz"', response.body
|
59
|
+
|
60
|
+
get '/get_session_id'
|
61
|
+
assert_response :success
|
62
|
+
assert_not_equal session_id, response.body
|
63
|
+
end
|
64
|
+
|
65
|
+
test "getting session value after session reset" do
|
66
|
+
get '/set_session_value'
|
67
|
+
assert_response :success
|
68
|
+
assert cookies['_session_id']
|
69
|
+
session_cookie = cookies.send(:hash_for)['_session_id']
|
70
|
+
|
71
|
+
get '/call_reset_session'
|
72
|
+
assert_response :success
|
73
|
+
assert_not_equal [], headers['Set-Cookie']
|
74
|
+
|
75
|
+
cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
|
76
|
+
|
77
|
+
get '/get_session_value'
|
78
|
+
assert_response :success
|
79
|
+
assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from the database"
|
80
|
+
end
|
81
|
+
|
82
|
+
test "getting from nonexistent session" do
|
83
|
+
get '/get_session_value'
|
84
|
+
assert_response :success
|
85
|
+
assert_equal 'foo: nil', response.body
|
86
|
+
assert_nil cookies['_session_id'], "should only create session on write, not read"
|
87
|
+
end
|
88
|
+
|
89
|
+
test "getting session id" do
|
90
|
+
get '/set_session_value'
|
91
|
+
assert_response :success
|
92
|
+
assert cookies['_session_id']
|
93
|
+
session_id = cookies['_session_id']
|
94
|
+
|
95
|
+
get '/get_session_id'
|
96
|
+
assert_response :success
|
97
|
+
assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
|
98
|
+
end
|
99
|
+
|
100
|
+
test "doesnt write session cookie if session id is already exists" do
|
101
|
+
get '/set_session_value'
|
102
|
+
assert_response :success
|
103
|
+
assert cookies['_session_id']
|
104
|
+
|
105
|
+
get '/get_session_value'
|
106
|
+
assert_response :success
|
107
|
+
assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
|
108
|
+
end
|
109
|
+
|
110
|
+
test "prevents_session_fixation" do
|
111
|
+
get '/set_session_value'
|
112
|
+
assert_response :success
|
113
|
+
assert cookies['_session_id']
|
114
|
+
|
115
|
+
get '/get_session_value'
|
116
|
+
assert_response :success
|
117
|
+
assert_equal 'foo: "bar"', response.body
|
118
|
+
session_id = cookies['_session_id']
|
119
|
+
assert session_id
|
120
|
+
|
121
|
+
reset!
|
122
|
+
|
123
|
+
get '/get_session_value', :_session_id => session_id
|
124
|
+
assert_response :success
|
125
|
+
assert_equal 'foo: nil', response.body
|
126
|
+
assert_not_equal session_id, cookies['_session_id']
|
127
|
+
end
|
128
|
+
|
129
|
+
test "test allows session fixation" do
|
130
|
+
get '/set_session_value'
|
131
|
+
assert_response :success
|
132
|
+
assert cookies['_session_id']
|
133
|
+
|
134
|
+
get '/get_session_value'
|
135
|
+
assert_response :success
|
136
|
+
assert_equal 'foo: "bar"', response.body
|
137
|
+
session_id = cookies['_session_id']
|
138
|
+
assert session_id
|
139
|
+
|
140
|
+
reset!
|
141
|
+
|
142
|
+
get '/set_session_value', :_session_id => session_id, :foo => "baz"
|
143
|
+
assert_response :success
|
144
|
+
assert_equal session_id, cookies['_session_id']
|
145
|
+
|
146
|
+
get '/get_session_value', :_session_id => session_id
|
147
|
+
assert_response :success
|
148
|
+
assert_equal 'foo: "baz"', response.body
|
149
|
+
assert_equal session_id, cookies['_session_id']
|
150
|
+
end
|
151
|
+
|
152
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
ENV["RAILS_ENV"] = "test"
|
2
|
+
require File.expand_path('../../config/environment', __FILE__)
|
3
|
+
require 'rails/test_help'
|
4
|
+
|
5
|
+
class ActiveSupport::TestCase
|
6
|
+
# Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
|
7
|
+
#
|
8
|
+
# Note: You'll currently still have to declare fixtures explicitly in integration tests
|
9
|
+
# -- they do not yet inherit this setting
|
10
|
+
fixtures :all
|
11
|
+
|
12
|
+
# Add more helper methods to be used by all tests here...
|
13
|
+
end
|
File without changes
|
@@ -0,0 +1,71 @@
|
|
1
|
+
module ActionDispatch
|
2
|
+
module Session
|
3
|
+
class MongoidStore < AbstractStore
|
4
|
+
|
5
|
+
class Session
|
6
|
+
include Mongoid::Document
|
7
|
+
include Mongoid::Timestamps
|
8
|
+
|
9
|
+
store_in :sessions
|
10
|
+
|
11
|
+
field :data, :type => String, :default => [Marshal.dump({})].pack("m*")
|
12
|
+
field :session_id, :type => String, :allow_nil => false
|
13
|
+
|
14
|
+
index :updated_at
|
15
|
+
index :session_id
|
16
|
+
end
|
17
|
+
|
18
|
+
# The class used for session storage.
|
19
|
+
cattr_accessor :session_class
|
20
|
+
self.session_class = Session
|
21
|
+
|
22
|
+
SESSION_RECORD_KEY = 'rack.session.record'.freeze
|
23
|
+
|
24
|
+
private
|
25
|
+
|
26
|
+
def get_session(env, sid)
|
27
|
+
session = find_session(sid)
|
28
|
+
env[SESSION_RECORD_KEY] = session
|
29
|
+
[sid, unpack(session.data)]
|
30
|
+
end
|
31
|
+
|
32
|
+
def set_session(env, sid, session_data)
|
33
|
+
record = get_session_model(env, sid)
|
34
|
+
record.data = pack(session_data)
|
35
|
+
|
36
|
+
# Rack spec dictates that set_session should return true or false
|
37
|
+
# depending on whether or not the session was saved or not.
|
38
|
+
# However, ActionPack seems to want a session id instead.
|
39
|
+
record.save ? sid : false
|
40
|
+
end
|
41
|
+
|
42
|
+
def find_session(id)
|
43
|
+
@@session_class.where(:session_id => id).first || @@session_class.new(:session_id => id)
|
44
|
+
end
|
45
|
+
|
46
|
+
def destroy(env)
|
47
|
+
if sid = current_session_id(env)
|
48
|
+
find_session(sid).destroy
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def get_session_model(env, sid)
|
53
|
+
if env[ENV_SESSION_OPTIONS_KEY][:id].nil?
|
54
|
+
env[SESSION_RECORD_KEY] = find_session(sid)
|
55
|
+
else
|
56
|
+
env[SESSION_RECORD_KEY] ||= find_session(sid)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def pack(data)
|
61
|
+
[Marshal.dump(data)].pack("m*")
|
62
|
+
end
|
63
|
+
|
64
|
+
def unpack(packed)
|
65
|
+
return nil unless packed
|
66
|
+
Marshal.load(packed.unpack("m*").first)
|
67
|
+
end
|
68
|
+
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|