mongoid_session_store 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. data/.document +5 -0
  2. data/.gitignore +21 -0
  3. data/Gemfile +12 -0
  4. data/Gemfile.lock +49 -0
  5. data/LICENSE +20 -0
  6. data/README.rdoc +33 -0
  7. data/Rakefile +56 -0
  8. data/VERSION +1 -0
  9. data/example/.gitignore +4 -0
  10. data/example/Gemfile +35 -0
  11. data/example/Gemfile.lock +94 -0
  12. data/example/README +256 -0
  13. data/example/Rakefile +7 -0
  14. data/example/app/controllers/application_controller.rb +3 -0
  15. data/example/app/controllers/sessions_controller.rb +26 -0
  16. data/example/app/helpers/application_helper.rb +2 -0
  17. data/example/app/helpers/sessions_helper.rb +2 -0
  18. data/example/app/views/layouts/application.html.erb +14 -0
  19. data/example/config/application.rb +44 -0
  20. data/example/config/boot.rb +13 -0
  21. data/example/config/database.yml +22 -0
  22. data/example/config/environment.rb +5 -0
  23. data/example/config/environments/development.rb +22 -0
  24. data/example/config/environments/production.rb +49 -0
  25. data/example/config/environments/test.rb +35 -0
  26. data/example/config/initializers/backtrace_silencers.rb +7 -0
  27. data/example/config/initializers/inflections.rb +10 -0
  28. data/example/config/initializers/mime_types.rb +5 -0
  29. data/example/config/initializers/secret_token.rb +7 -0
  30. data/example/config/initializers/session_store.rb +11 -0
  31. data/example/config/locales/en.yml +5 -0
  32. data/example/config/mongoid.yml +19 -0
  33. data/example/config/routes.rb +3 -0
  34. data/example/config.ru +4 -0
  35. data/example/db/migrate/20100810035140_add_sessions_table.rb +16 -0
  36. data/example/db/schema.rb +25 -0
  37. data/example/db/seeds.rb +7 -0
  38. data/example/doc/README_FOR_APP +2 -0
  39. data/example/lib/tasks/.gitkeep +0 -0
  40. data/example/public/404.html +26 -0
  41. data/example/public/422.html +26 -0
  42. data/example/public/500.html +26 -0
  43. data/example/public/favicon.ico +0 -0
  44. data/example/public/images/rails.png +0 -0
  45. data/example/public/index.html +262 -0
  46. data/example/public/javascripts/application.js +2 -0
  47. data/example/public/javascripts/controls.js +965 -0
  48. data/example/public/javascripts/dragdrop.js +974 -0
  49. data/example/public/javascripts/effects.js +1123 -0
  50. data/example/public/javascripts/prototype.js +6001 -0
  51. data/example/public/javascripts/rails.js +175 -0
  52. data/example/public/robots.txt +5 -0
  53. data/example/public/stylesheets/.gitkeep +0 -0
  54. data/example/script/rails +6 -0
  55. data/example/test/functional/sessions_controller_test.rb +8 -0
  56. data/example/test/integration/sessions_test.rb +152 -0
  57. data/example/test/performance/browsing_test.rb +9 -0
  58. data/example/test/test_helper.rb +13 -0
  59. data/example/test/unit/helpers/sessions_helper_test.rb +4 -0
  60. data/example/vendor/plugins/.gitkeep +0 -0
  61. data/lib/mongoid_session_store/mongoid_store.rb +71 -0
  62. data/lib/mongoid_session_store.rb +1 -0
  63. data/mongoid_session_store.gemspec +115 -0
  64. data/test/helper.rb +23 -0
  65. data/test/test_mongoid_session_store.rb +11 -0
  66. metadata +175 -0
@@ -0,0 +1,175 @@
1
+ (function() {
2
+ // Technique from Juriy Zaytsev
3
+ // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
4
+ function isEventSupported(eventName) {
5
+ var el = document.createElement('div');
6
+ eventName = 'on' + eventName;
7
+ var isSupported = (eventName in el);
8
+ if (!isSupported) {
9
+ el.setAttribute(eventName, 'return;');
10
+ isSupported = typeof el[eventName] == 'function';
11
+ }
12
+ el = null;
13
+ return isSupported;
14
+ }
15
+
16
+ function isForm(element) {
17
+ return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
18
+ }
19
+
20
+ function isInput(element) {
21
+ if (Object.isElement(element)) {
22
+ var name = element.nodeName.toUpperCase()
23
+ return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
24
+ }
25
+ else return false
26
+ }
27
+
28
+ var submitBubbles = isEventSupported('submit'),
29
+ changeBubbles = isEventSupported('change')
30
+
31
+ if (!submitBubbles || !changeBubbles) {
32
+ // augment the Event.Handler class to observe custom events when needed
33
+ Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
34
+ function(init, element, eventName, selector, callback) {
35
+ init(element, eventName, selector, callback)
36
+ // is the handler being attached to an element that doesn't support this event?
37
+ if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
38
+ (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
39
+ // "submit" => "emulated:submit"
40
+ this.eventName = 'emulated:' + this.eventName
41
+ }
42
+ }
43
+ )
44
+ }
45
+
46
+ if (!submitBubbles) {
47
+ // discover forms on the page by observing focus events which always bubble
48
+ document.on('focusin', 'form', function(focusEvent, form) {
49
+ // special handler for the real "submit" event (one-time operation)
50
+ if (!form.retrieve('emulated:submit')) {
51
+ form.on('submit', function(submitEvent) {
52
+ var emulated = form.fire('emulated:submit', submitEvent, true)
53
+ // if custom event received preventDefault, cancel the real one too
54
+ if (emulated.returnValue === false) submitEvent.preventDefault()
55
+ })
56
+ form.store('emulated:submit', true)
57
+ }
58
+ })
59
+ }
60
+
61
+ if (!changeBubbles) {
62
+ // discover form inputs on the page
63
+ document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
64
+ // special handler for real "change" events
65
+ if (!input.retrieve('emulated:change')) {
66
+ input.on('change', function(changeEvent) {
67
+ input.fire('emulated:change', changeEvent, true)
68
+ })
69
+ input.store('emulated:change', true)
70
+ }
71
+ })
72
+ }
73
+
74
+ function handleRemote(element) {
75
+ var method, url, params;
76
+
77
+ var event = element.fire("ajax:before");
78
+ if (event.stopped) return false;
79
+
80
+ if (element.tagName.toLowerCase() === 'form') {
81
+ method = element.readAttribute('method') || 'post';
82
+ url = element.readAttribute('action');
83
+ params = element.serialize();
84
+ } else {
85
+ method = element.readAttribute('data-method') || 'get';
86
+ url = element.readAttribute('href');
87
+ params = {};
88
+ }
89
+
90
+ new Ajax.Request(url, {
91
+ method: method,
92
+ parameters: params,
93
+ evalScripts: true,
94
+
95
+ onComplete: function(request) { element.fire("ajax:complete", request); },
96
+ onSuccess: function(request) { element.fire("ajax:success", request); },
97
+ onFailure: function(request) { element.fire("ajax:failure", request); }
98
+ });
99
+
100
+ element.fire("ajax:after");
101
+ }
102
+
103
+ function handleMethod(element) {
104
+ var method = element.readAttribute('data-method'),
105
+ url = element.readAttribute('href'),
106
+ csrf_param = $$('meta[name=csrf-param]')[0],
107
+ csrf_token = $$('meta[name=csrf-token]')[0];
108
+
109
+ var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
110
+ element.parentNode.insert(form);
111
+
112
+ if (method !== 'post') {
113
+ var field = new Element('input', { type: 'hidden', name: '_method', value: method });
114
+ form.insert(field);
115
+ }
116
+
117
+ if (csrf_param) {
118
+ var param = csrf_param.readAttribute('content'),
119
+ token = csrf_token.readAttribute('content'),
120
+ field = new Element('input', { type: 'hidden', name: param, value: token });
121
+ form.insert(field);
122
+ }
123
+
124
+ form.submit();
125
+ }
126
+
127
+
128
+ document.on("click", "*[data-confirm]", function(event, element) {
129
+ var message = element.readAttribute('data-confirm');
130
+ if (!confirm(message)) event.stop();
131
+ });
132
+
133
+ document.on("click", "a[data-remote]", function(event, element) {
134
+ if (event.stopped) return;
135
+ handleRemote(element);
136
+ event.stop();
137
+ });
138
+
139
+ document.on("click", "a[data-method]", function(event, element) {
140
+ if (event.stopped) return;
141
+ handleMethod(element);
142
+ event.stop();
143
+ });
144
+
145
+ document.on("submit", function(event) {
146
+ var element = event.findElement(),
147
+ message = element.readAttribute('data-confirm');
148
+ if (message && !confirm(message)) {
149
+ event.stop();
150
+ return false;
151
+ }
152
+
153
+ var inputs = element.select("input[type=submit][data-disable-with]");
154
+ inputs.each(function(input) {
155
+ input.disabled = true;
156
+ input.writeAttribute('data-original-value', input.value);
157
+ input.value = input.readAttribute('data-disable-with');
158
+ });
159
+
160
+ var element = event.findElement("form[data-remote]");
161
+ if (element) {
162
+ handleRemote(element);
163
+ event.stop();
164
+ }
165
+ });
166
+
167
+ document.on("ajax:after", "form", function(event, element) {
168
+ var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
169
+ inputs.each(function(input) {
170
+ input.value = input.readAttribute('data-original-value');
171
+ input.removeAttribute('data-original-value');
172
+ input.disabled = false;
173
+ });
174
+ });
175
+ })();
@@ -0,0 +1,5 @@
1
+ # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
2
+ #
3
+ # To ban all spiders from the entire site uncomment the next two lines:
4
+ # User-Agent: *
5
+ # Disallow: /
File without changes
@@ -0,0 +1,6 @@
1
+ #!/usr/bin/env ruby
2
+ # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
3
+
4
+ APP_PATH = File.expand_path('../../config/application', __FILE__)
5
+ require File.expand_path('../../config/boot', __FILE__)
6
+ require 'rails/commands'
@@ -0,0 +1,8 @@
1
+ require 'test_helper'
2
+
3
+ class SessionsControllerTest < ActionController::TestCase
4
+ # Replace this with your real tests.
5
+ test "the truth" do
6
+ assert true
7
+ end
8
+ end
@@ -0,0 +1,152 @@
1
+ require 'test_helper'
2
+
3
+ class SessionsTest < ActionDispatch::IntegrationTest
4
+ fixtures :all
5
+
6
+ def setup
7
+ # Mongoid.master.collections.select {|c| c.name !~ /system/ }.each(&:drop)
8
+ ActionDispatch::Session::MongoidStore::Session.delete_all
9
+ end
10
+
11
+ test "set session value" do
12
+ get '/set_session_value'
13
+ assert_response :success
14
+ assert cookies['_session_id']
15
+ session_id = cookies['_session_id']
16
+ end
17
+
18
+ test "setting and getting session value with" do
19
+ get '/set_session_value'
20
+ assert_response :success
21
+ assert cookies['_session_id']
22
+
23
+ get '/get_session_value'
24
+ assert_response :success
25
+ assert_equal 'foo: "bar"', response.body
26
+
27
+ get '/set_session_value', :foo => "baz"
28
+ assert_response :success
29
+ assert cookies['_session_id']
30
+
31
+ get '/get_session_value'
32
+ assert_response :success
33
+ assert_equal 'foo: "baz"', response.body
34
+
35
+ get '/call_reset_session'
36
+ assert_response :success
37
+ assert_not_equal [], headers['Set-Cookie']
38
+ end
39
+
40
+ test "getting nil session value" do
41
+ get '/get_session_value'
42
+ assert_response :success
43
+ assert_equal 'foo: nil', response.body
44
+ end
45
+
46
+ test "setting session value after session reset" do
47
+ get '/set_session_value'
48
+ assert_response :success
49
+ assert cookies['_session_id']
50
+ session_id = cookies['_session_id']
51
+
52
+ get '/call_reset_session'
53
+ assert_response :success
54
+ assert_not_equal [], headers['Set-Cookie']
55
+
56
+ get '/get_session_value'
57
+ assert_response :success
58
+ assert_equal 'foo: "baz"', response.body
59
+
60
+ get '/get_session_id'
61
+ assert_response :success
62
+ assert_not_equal session_id, response.body
63
+ end
64
+
65
+ test "getting session value after session reset" do
66
+ get '/set_session_value'
67
+ assert_response :success
68
+ assert cookies['_session_id']
69
+ session_cookie = cookies.send(:hash_for)['_session_id']
70
+
71
+ get '/call_reset_session'
72
+ assert_response :success
73
+ assert_not_equal [], headers['Set-Cookie']
74
+
75
+ cookies << session_cookie # replace our new session_id with our old, pre-reset session_id
76
+
77
+ get '/get_session_value'
78
+ assert_response :success
79
+ assert_equal 'foo: nil', response.body, "data for this session should have been obliterated from the database"
80
+ end
81
+
82
+ test "getting from nonexistent session" do
83
+ get '/get_session_value'
84
+ assert_response :success
85
+ assert_equal 'foo: nil', response.body
86
+ assert_nil cookies['_session_id'], "should only create session on write, not read"
87
+ end
88
+
89
+ test "getting session id" do
90
+ get '/set_session_value'
91
+ assert_response :success
92
+ assert cookies['_session_id']
93
+ session_id = cookies['_session_id']
94
+
95
+ get '/get_session_id'
96
+ assert_response :success
97
+ assert_equal session_id, response.body, "should be able to read session id without accessing the session hash"
98
+ end
99
+
100
+ test "doesnt write session cookie if session id is already exists" do
101
+ get '/set_session_value'
102
+ assert_response :success
103
+ assert cookies['_session_id']
104
+
105
+ get '/get_session_value'
106
+ assert_response :success
107
+ assert_equal nil, headers['Set-Cookie'], "should not resend the cookie again if session_id cookie is already exists"
108
+ end
109
+
110
+ test "prevents_session_fixation" do
111
+ get '/set_session_value'
112
+ assert_response :success
113
+ assert cookies['_session_id']
114
+
115
+ get '/get_session_value'
116
+ assert_response :success
117
+ assert_equal 'foo: "bar"', response.body
118
+ session_id = cookies['_session_id']
119
+ assert session_id
120
+
121
+ reset!
122
+
123
+ get '/get_session_value', :_session_id => session_id
124
+ assert_response :success
125
+ assert_equal 'foo: nil', response.body
126
+ assert_not_equal session_id, cookies['_session_id']
127
+ end
128
+
129
+ test "test allows session fixation" do
130
+ get '/set_session_value'
131
+ assert_response :success
132
+ assert cookies['_session_id']
133
+
134
+ get '/get_session_value'
135
+ assert_response :success
136
+ assert_equal 'foo: "bar"', response.body
137
+ session_id = cookies['_session_id']
138
+ assert session_id
139
+
140
+ reset!
141
+
142
+ get '/set_session_value', :_session_id => session_id, :foo => "baz"
143
+ assert_response :success
144
+ assert_equal session_id, cookies['_session_id']
145
+
146
+ get '/get_session_value', :_session_id => session_id
147
+ assert_response :success
148
+ assert_equal 'foo: "baz"', response.body
149
+ assert_equal session_id, cookies['_session_id']
150
+ end
151
+
152
+ end
@@ -0,0 +1,9 @@
1
+ require 'test_helper'
2
+ require 'rails/performance_test_help'
3
+
4
+ # Profiling results for each test method are written to tmp/performance.
5
+ class BrowsingTest < ActionDispatch::PerformanceTest
6
+ def test_homepage
7
+ get '/'
8
+ end
9
+ end
@@ -0,0 +1,13 @@
1
+ ENV["RAILS_ENV"] = "test"
2
+ require File.expand_path('../../config/environment', __FILE__)
3
+ require 'rails/test_help'
4
+
5
+ class ActiveSupport::TestCase
6
+ # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
7
+ #
8
+ # Note: You'll currently still have to declare fixtures explicitly in integration tests
9
+ # -- they do not yet inherit this setting
10
+ fixtures :all
11
+
12
+ # Add more helper methods to be used by all tests here...
13
+ end
@@ -0,0 +1,4 @@
1
+ require 'test_helper'
2
+
3
+ class SessionsHelperTest < ActionView::TestCase
4
+ end
File without changes
@@ -0,0 +1,71 @@
1
+ module ActionDispatch
2
+ module Session
3
+ class MongoidStore < AbstractStore
4
+
5
+ class Session
6
+ include Mongoid::Document
7
+ include Mongoid::Timestamps
8
+
9
+ store_in :sessions
10
+
11
+ field :data, :type => String, :default => [Marshal.dump({})].pack("m*")
12
+ field :session_id, :type => String, :allow_nil => false
13
+
14
+ index :updated_at
15
+ index :session_id
16
+ end
17
+
18
+ # The class used for session storage.
19
+ cattr_accessor :session_class
20
+ self.session_class = Session
21
+
22
+ SESSION_RECORD_KEY = 'rack.session.record'.freeze
23
+
24
+ private
25
+
26
+ def get_session(env, sid)
27
+ session = find_session(sid)
28
+ env[SESSION_RECORD_KEY] = session
29
+ [sid, unpack(session.data)]
30
+ end
31
+
32
+ def set_session(env, sid, session_data)
33
+ record = get_session_model(env, sid)
34
+ record.data = pack(session_data)
35
+
36
+ # Rack spec dictates that set_session should return true or false
37
+ # depending on whether or not the session was saved or not.
38
+ # However, ActionPack seems to want a session id instead.
39
+ record.save ? sid : false
40
+ end
41
+
42
+ def find_session(id)
43
+ @@session_class.where(:session_id => id).first || @@session_class.new(:session_id => id)
44
+ end
45
+
46
+ def destroy(env)
47
+ if sid = current_session_id(env)
48
+ find_session(sid).destroy
49
+ end
50
+ end
51
+
52
+ def get_session_model(env, sid)
53
+ if env[ENV_SESSION_OPTIONS_KEY][:id].nil?
54
+ env[SESSION_RECORD_KEY] = find_session(sid)
55
+ else
56
+ env[SESSION_RECORD_KEY] ||= find_session(sid)
57
+ end
58
+ end
59
+
60
+ def pack(data)
61
+ [Marshal.dump(data)].pack("m*")
62
+ end
63
+
64
+ def unpack(packed)
65
+ return nil unless packed
66
+ Marshal.load(packed.unpack("m*").first)
67
+ end
68
+
69
+ end
70
+ end
71
+ end