rack 1.2.8 → 1.3.0.beta

data/test/spec_session_abstract_id.rb

@@ -0,0 +1,43 @@
+### WARNING: there be hax in this file.
+
+require 'rack/session/abstract/id'
+
+describe Rack::Session::Abstract::ID do
+  id = Rack::Session::Abstract::ID
+
+  def silence_warning
+    o, $VERBOSE = $VERBOSE, nil
+    yield
+  ensure
+    $VERBOSE = o
+  end
+
+  def reload_id
+    $".delete $".find { |part| part =~ %r{session/abstract/id.rb} }
+    silence_warning { require 'rack/session/abstract/id' }
+  end
+
+  should "use securerandom when available" do
+    begin
+      fake = false
+      silence_warning do
+        ::SecureRandom = fake = true unless defined?(SecureRandom)
+      end
+      reload_id
+      id::DEFAULT_OPTIONS[:secure_random].should.eql(fake || SecureRandom)
+    ensure
+      Object.send(:remove_const, :SecureRandom) if fake
+    end
+  end
+
+  should "not use securerandom when unavailable" do
+    begin
+      sr = Object.send(:remove_const, :SecureRandom) if defined?(SecureRandom)
+      reload_id
+      id::DEFAULT_OPTIONS[:secure_random].should.eql false
+    ensure
+      ::SecureRandom = sr if defined?(sr)
+    end
+  end
+
+end

data/test/spec_session_cookie.rb

@@ -5,26 +5,68 @@ describe Rack::Session::Cookie do
   incrementor = lambda do |env|
     env["rack.session"]["counter"] ||= 0
     env["rack.session"]["counter"] += 1
+    hash = env["rack.session"].dup
+    hash.delete("session_id")
+    Rack::Response.new(hash.inspect).to_a
+  end
+
+  session_id = lambda do |env|
     Rack::Response.new(env["rack.session"].inspect).to_a
   end
 
-  before do
-    @warnings = warnings = []
-    Rack::Session::Cookie.class_eval do
-      define_method(:warn) { |m| warnings << m }
-    end
+  nothing = lambda do |env|
+    Rack::Response.new("Nothing").to_a
   end
 
-  after do
-    Rack::Session::Cookie.class_eval { remove_method :warn }
+  describe 'Base64' do
+    it 'uses base64 to encode' do
+      coder = Rack::Session::Cookie::Base64.new
+      str   = 'fuuuuu'
+      coder.encode(str).should.equal [str].pack('m')
+    end
+
+    it 'uses base64 to decode' do
+      coder = Rack::Session::Cookie::Base64.new
+      str   = ['fuuuuu'].pack('m')
+      coder.decode(str).should.equal str.unpack('m').first
+    end
+
+    describe 'Marshal' do
+      it 'marshals and base64 encodes' do
+        coder = Rack::Session::Cookie::Base64::Marshal.new
+        str   = 'fuuuuu'
+        coder.encode(str).should.equal [::Marshal.dump(str)].pack('m')
+      end
+
+      it 'marshals and base64 decodes' do
+        coder = Rack::Session::Cookie::Base64::Marshal.new
+        str   = [::Marshal.dump('fuuuuu')].pack('m')
+        coder.decode(str).should.equal ::Marshal.load(str.unpack('m').first)
+      end
+
+      it 'rescues failures on decode' do
+        coder = Rack::Session::Cookie::Base64::Marshal.new
+        coder.decode('lulz').should.equal nil
+      end
+    end
   end
 
-  it "warns if no secret is given" do
-    cookie = Rack::Session::Cookie.new(incrementor)
-    @warnings.first.should =~ /no secret/i
-    @warnings.clear
-    cookie = Rack::Session::Cookie.new(incrementor, :secret => 'abc')
-    @warnings.should.be.empty?
+  it 'uses a coder' do
+    identity = Class.new {
+      attr_reader :calls
+
+      def initialize
+        @calls = []
+      end
+
+      def encode(str); @calls << :encode; str; end
+      def decode(str); @calls << :decode; str; end
+    }.new
+    cookie = Rack::Session::Cookie.new(incrementor, :coder => identity)
+    res = Rack::MockRequest.new(cookie).get("/")
+    res["Set-Cookie"].should.include("rack.session=")
+    res.body.should.equal '{"counter"=>1}'
+    identity.calls.should.equal [:decode, :encode]
   end
 
   it "creates a new cookie" do
@@ -78,12 +120,52 @@ describe Rack::Session::Cookie do
   it "ignores tampered with session cookies" do
     app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
     response1 = Rack::MockRequest.new(app).get("/")
+    response1.body.should.equal '{"counter"=>1}'
+
     _, digest = response1["Set-Cookie"].split("--")
     tampered_with_cookie = "hackerman-was-here" + "--" + digest
     response2 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" =>
                                                tampered_with_cookie)
 
-    # The tampered-with cookie is ignored, so we get back an identical Set-Cookie
-    response2["Set-Cookie"].should.equal(response1["Set-Cookie"])
+    # Tampared cookie was ignored. Counter is back to 1.
+    response2.body.should.equal '{"counter"=>1}'
+  end
+
+  it "returns the session id in the session hash" do
+    app = Rack::Session::Cookie.new(incrementor)
+    res = Rack::MockRequest.new(app).get("/")
+    res.body.should.equal '{"counter"=>1}'
+
+    app = Rack::Session::Cookie.new(session_id)
+    res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => res["Set-Cookie"])
+    res.body.should.match(/"session_id"=>/)
+    res.body.should.match(/"counter"=>1/)
+  end
+
+  it "does not return a cookie if set to secure but not using ssl" do
+    app = Rack::Session::Cookie.new(incrementor, :secure => true)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.be.nil
+
+    res = Rack::MockRequest.new(app).get("/", "HTTPS" => "on")
+    res["Set-Cookie"].should.not.be.nil
+  end
+
+  it "does not return a cookie if cookie was not read/written" do
+    app = Rack::Session::Cookie.new(nothing)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.be.nil
+  end
+
+  it "does not return a cookie if cookie was not written (only read)" do
+    app = Rack::Session::Cookie.new(session_id)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.be.nil
+  end
+
+  it "returns even if not read/written if :expire_after is set" do
+    app = Rack::Session::Cookie.new(nothing, :expire_after => 3600)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.not.be.nil
   end
 end

data/test/spec_session_memcache.rb

@@ -24,16 +24,13 @@ begin
       incrementor.call(env)
     end
 
+    # test memcache connection
+    Rack::Session::Memcache.new(incrementor)
+
     it "faults on no connection" do
-      if RUBY_VERSION < "1.9"
-        lambda{
-          Rack::Session::Memcache.new(incrementor, :memcache_server => 'nosuchserver')
-        }.should.raise
-      else
-        lambda{
-          Rack::Session::Memcache.new(incrementor, :memcache_server => 'nosuchserver')
-        }.should.raise ArgumentError
-      end
+      lambda{
+        Rack::Session::Memcache.new(incrementor, :memcache_server => 'nosuchserver')
+      }.should.raise
     end
 
     it "connects to existing server" do
@@ -64,6 +61,28 @@ begin
         body.should.equal '{"counter"=>3}'
     end
 
+    it "determines session only from a cookie by default" do
+      pool = Rack::Session::Memcache.new(incrementor)
+      req = Rack::MockRequest.new(pool)
+      res = req.get("/")
+      sid = res["Set-Cookie"][session_match, 1]
+      req.get("/?rack.session=#{sid}").
+        body.should.equal '{"counter"=>1}'
+      req.get("/?rack.session=#{sid}").
+        body.should.equal '{"counter"=>1}'
+    end
+
+    it "determines session from params" do
+      pool = Rack::Session::Memcache.new(incrementor, :cookie_only => false)
+      req = Rack::MockRequest.new(pool)
+      res = req.get("/")
+      sid = res["Set-Cookie"][session_match, 1]
+      req.get("/?rack.session=#{sid}").
+        body.should.equal '{"counter"=>2}'
+      req.get("/?rack.session=#{sid}").
+        body.should.equal '{"counter"=>3}'
+    end
+
     it "survives nonexistant cookies" do
       bad_cookie = "rack.session=blarghfasel"
       pool = Rack::Session::Memcache.new(incrementor)
@@ -89,23 +108,36 @@ begin
       res.body.should.include '"counter"=>1'
     end
 
-    it "deletes cookies with :drop option" do
+    it "does not send the same session id if it did not change" do
       pool = Rack::Session::Memcache.new(incrementor)
       req = Rack::MockRequest.new(pool)
-      drop = Rack::Utils::Context.new(pool, drop_session)
-      dreq = Rack::MockRequest.new(drop)
 
       res0 = req.get("/")
-      session = (cookie = res0["Set-Cookie"])[session_match]
+      cookie = res0["Set-Cookie"][session_match]
       res0.body.should.equal '{"counter"=>1}'
 
       res1 = req.get("/", "HTTP_COOKIE" => cookie)
-      res1["Set-Cookie"][session_match].should.equal session
+      res1["Set-Cookie"].should.be.nil
       res1.body.should.equal '{"counter"=>2}'
 
+      res2 = req.get("/", "HTTP_COOKIE" => cookie)
+      res2["Set-Cookie"].should.be.nil
+      res2.body.should.equal '{"counter"=>3}'
+    end
+
+    it "deletes cookies with :drop option" do
+      pool = Rack::Session::Memcache.new(incrementor)
+      req = Rack::MockRequest.new(pool)
+      drop = Rack::Utils::Context.new(pool, drop_session)
+      dreq = Rack::MockRequest.new(drop)
+
+      res1 = req.get("/")
+      session = (cookie = res1["Set-Cookie"])[session_match]
+      res1.body.should.equal '{"counter"=>1}'
+
       res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
       res2["Set-Cookie"].should.equal nil
-      res2.body.should.equal '{"counter"=>3}'
+      res2.body.should.equal '{"counter"=>2}'
 
       res3 = req.get("/", "HTTP_COOKIE" => cookie)
       res3["Set-Cookie"][session_match].should.not.equal session
@@ -118,50 +150,35 @@ begin
       renew = Rack::Utils::Context.new(pool, renew_session)
       rreq = Rack::MockRequest.new(renew)
 
-      res0 = req.get("/")
-      session = (cookie = res0["Set-Cookie"])[session_match]
-      res0.body.should.equal '{"counter"=>1}'
-
-      res1 = req.get("/", "HTTP_COOKIE" => cookie)
-      res1["Set-Cookie"][session_match].should.equal session
-      res1.body.should.equal '{"counter"=>2}'
+      res1 = req.get("/")
+      session = (cookie = res1["Set-Cookie"])[session_match]
+      res1.body.should.equal '{"counter"=>1}'
 
       res2 = rreq.get("/", "HTTP_COOKIE" => cookie)
       new_cookie = res2["Set-Cookie"]
       new_session = new_cookie[session_match]
       new_session.should.not.equal session
-      res2.body.should.equal '{"counter"=>3}'
+      res2.body.should.equal '{"counter"=>2}'
 
       res3 = req.get("/", "HTTP_COOKIE" => new_cookie)
-      res3["Set-Cookie"][session_match].should.equal new_session
-      res3.body.should.equal '{"counter"=>4}'
+      res3.body.should.equal '{"counter"=>3}'
+
+      # Old cookie was deleted
+      res4 = req.get("/", "HTTP_COOKIE" => cookie)
+      res4.body.should.equal '{"counter"=>1}'
     end
 
     it "omits cookie with :defer option" do
       pool = Rack::Session::Memcache.new(incrementor)
-      req = Rack::MockRequest.new(pool)
       defer = Rack::Utils::Context.new(pool, defer_session)
       dreq = Rack::MockRequest.new(defer)
 
-      res0 = req.get("/")
-      session = (cookie = res0["Set-Cookie"])[session_match]
+      res0 = dreq.get("/")
+      res0["Set-Cookie"].should.equal nil
       res0.body.should.equal '{"counter"=>1}'
-
-      res1 = req.get("/", "HTTP_COOKIE" => cookie)
-      res1["Set-Cookie"][session_match].should.equal session
-      res1.body.should.equal '{"counter"=>2}'
-
-      res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
-      res2["Set-Cookie"].should.equal nil
-      res2.body.should.equal '{"counter"=>3}'
-
-      res3 = req.get("/", "HTTP_COOKIE" => cookie)
-      res3["Set-Cookie"][session_match].should.equal session
-      res3.body.should.equal '{"counter"=>4}'
     end
 
     it "updates deep hashes correctly" do
-      store = nil
       hash_check = proc do |env|
         session = env['rack.session']
         unless session.include? 'test'
@@ -170,7 +187,7 @@ begin
         else
           session[:f][:g][:h] = :j
         end
-        [200, {}, session.inspect]
+        [200, {}, [session.inspect]]
       end
       pool = Rack::Session::Memcache.new(hash_check)
       req = Rack::MockRequest.new(pool)
@@ -179,7 +196,7 @@ begin
       session_id = (cookie = res0["Set-Cookie"])[session_match, 1]
       ses0 = pool.pool.get(session_id, true)
 
-      res1 = req.get("/", "HTTP_COOKIE" => cookie)
+      req.get("/", "HTTP_COOKIE" => cookie)
       ses1 = pool.pool.get(session_id, true)
 
       ses1.should.not.equal ses0
@@ -226,13 +243,6 @@ begin
 
       tnum = rand(7).to_i+5
       r = Array.new(tnum) do |i|
-        delta_time = proc do |env|
-          env['rack.session'][i]  = Time.now
-          Thread.stop
-          env['rack.session']     = env['rack.session'].dup
-          env['rack.session'][i] -= Time.now
-          incrementor.call(env)
-        end
         app = Rack::Utils::Context.new pool, time_delta
         req = Rack::MockRequest.new app
         Thread.new(req) do |run|

data/test/spec_session_pool.rb

@@ -12,6 +12,14 @@ describe Rack::Session::Pool do
     Rack::Response.new(env["rack.session"].inspect).to_a
   end
 
+  session_id = lambda do |env|
+    Rack::Response.new(env["rack.session"].inspect).to_a
+  end
+
+  nothing = lambda do |env|
+    Rack::Response.new("Nothing").to_a
+  end
+
   drop_session = lambda do |env|
     env['rack.session.options'][:drop] = true
     incrementor.call(env)
@@ -51,25 +59,40 @@ describe Rack::Session::Pool do
     res.body.should.equal '{"counter"=>1}'
   end
 
-  it "deletes cookies with :drop option" do
+  it "does not send the same session id if it did not change" do
     pool = Rack::Session::Pool.new(incrementor)
     req = Rack::MockRequest.new(pool)
-    drop = Rack::Utils::Context.new(pool, drop_session)
-    dreq = Rack::MockRequest.new(drop)
 
     res0 = req.get("/")
-    session = (cookie = res0["Set-Cookie"])[session_match]
+    cookie = res0["Set-Cookie"][session_match]
     res0.body.should.equal '{"counter"=>1}'
     pool.pool.size.should.equal 1
 
     res1 = req.get("/", "HTTP_COOKIE" => cookie)
-    res1["Set-Cookie"][session_match].should.equal session
+    res1["Set-Cookie"].should.be.nil
     res1.body.should.equal '{"counter"=>2}'
     pool.pool.size.should.equal 1
 
-    res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
-    res2["Set-Cookie"].should.equal nil
+    res2 = req.get("/", "HTTP_COOKIE" => cookie)
+    res2["Set-Cookie"].should.be.nil
     res2.body.should.equal '{"counter"=>3}'
+    pool.pool.size.should.equal 1
+  end
+
+  it "deletes cookies with :drop option" do
+    pool = Rack::Session::Pool.new(incrementor)
+    req = Rack::MockRequest.new(pool)
+    drop = Rack::Utils::Context.new(pool, drop_session)
+    dreq = Rack::MockRequest.new(drop)
+
+    res1 = req.get("/")
+    session = (cookie = res1["Set-Cookie"])[session_match]
+    res1.body.should.equal '{"counter"=>1}'
+    pool.pool.size.should.equal 1
+
+    res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
+    res2["Set-Cookie"].should.be.nil
+    res2.body.should.equal '{"counter"=>2}'
     pool.pool.size.should.equal 0
 
     res3 = req.get("/", "HTTP_COOKIE" => cookie)
@@ -84,53 +107,35 @@ describe Rack::Session::Pool do
     renew = Rack::Utils::Context.new(pool, renew_session)
     rreq = Rack::MockRequest.new(renew)
 
-    res0 = req.get("/")
-    session = (cookie = res0["Set-Cookie"])[session_match]
-    res0.body.should.equal '{"counter"=>1}'
-    pool.pool.size.should.equal 1
-
-    res1 = req.get("/", "HTTP_COOKIE" => cookie)
-    res1["Set-Cookie"][session_match].should.equal session
-    res1.body.should.equal '{"counter"=>2}'
+    res1 = req.get("/")
+    session = (cookie = res1["Set-Cookie"])[session_match]
+    res1.body.should.equal '{"counter"=>1}'
     pool.pool.size.should.equal 1
 
     res2 = rreq.get("/", "HTTP_COOKIE" => cookie)
     new_cookie = res2["Set-Cookie"]
     new_session = new_cookie[session_match]
     new_session.should.not.equal session
-    res2.body.should.equal '{"counter"=>3}'
+    res2.body.should.equal '{"counter"=>2}'
     pool.pool.size.should.equal 1
 
     res3 = req.get("/", "HTTP_COOKIE" => new_cookie)
-    res3["Set-Cookie"][session_match].should.equal new_session
-    res3.body.should.equal '{"counter"=>4}'
+    res3.body.should.equal '{"counter"=>3}'
     pool.pool.size.should.equal 1
+
+    res4 = req.get("/", "HTTP_COOKIE" => cookie)
+    res4.body.should.equal '{"counter"=>1}'
+    pool.pool.size.should.equal 2
   end
 
   it "omits cookie with :defer option" do
     pool = Rack::Session::Pool.new(incrementor)
-    req = Rack::MockRequest.new(pool)
     defer = Rack::Utils::Context.new(pool, defer_session)
     dreq = Rack::MockRequest.new(defer)
 
-    res0 = req.get("/")
-    session = (cookie = res0["Set-Cookie"])[session_match]
-    res0.body.should.equal '{"counter"=>1}'
-    pool.pool.size.should.equal 1
-
-    res1 = req.get("/", "HTTP_COOKIE" => cookie)
-    res1["Set-Cookie"][session_match].should.equal session
-    res1.body.should.equal '{"counter"=>2}'
-    pool.pool.size.should.equal 1
-
-    res2 = dreq.get("/", "HTTP_COOKIE" => cookie)
-    res2["Set-Cookie"].should.equal nil
-    res2.body.should.equal '{"counter"=>3}'
-    pool.pool.size.should.equal 1
-
-    res3 = req.get("/", "HTTP_COOKIE" => cookie)
-    res3["Set-Cookie"][session_match].should.equal session
-    res3.body.should.equal '{"counter"=>4}'
+    res1 = dreq.get("/")
+    res1["Set-Cookie"].should.equal nil
+    res1.body.should.equal '{"counter"=>1}'
     pool.pool.size.should.equal 1
   end
 
@@ -165,13 +170,31 @@ describe Rack::Session::Pool do
         run.get('/', "HTTP_COOKIE" => cookie, 'rack.multithread' => true)
       end
     end.reverse.map{|t| t.run.join.value }
-    r.each do |res|
-      res['Set-Cookie'].should.equal cookie
-      res.body.should.include '"counter"=>2'
+    r.each do |resp|
+      resp['Set-Cookie'].should.equal cookie
+      resp.body.should.include '"counter"=>2'
     end
 
     session = pool.pool[sess_id]
     session.size.should.equal tnum+1 # counter
     session['counter'].should.equal 2 # meeeh
   end
+
+  it "does not return a cookie if cookie was not read/written" do
+    app = Rack::Session::Cookie.new(nothing)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.be.nil
+  end
+
+  it "does not return a cookie if cookie was not written (only read)" do
+    app = Rack::Session::Cookie.new(session_id)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.be.nil
+  end
+
+  it "returns even if not read/written if :expire_after is set" do
+    app = Rack::Session::Cookie.new(nothing, :expire_after => 3600)
+    res = Rack::MockRequest.new(app).get("/")
+    res["Set-Cookie"].should.not.be.nil
+  end
 end