rack 1.6.13 → 2.0.0.alpha

data/test/spec_session_abstract_id.rb

@@ -1,53 +1,31 @@
+require 'minitest/autorun'
 ### WARNING: there be hax in this file.
 
 require 'rack/session/abstract/id'
 
 describe Rack::Session::Abstract::ID do
-  id = Rack::Session::Abstract::ID
+  attr_reader :id
 
-  def silence_warning
-    o, $VERBOSE = $VERBOSE, nil
-    yield
-  ensure
-    $VERBOSE = o
+  def setup
+    super
+    @id = Rack::Session::Abstract::ID
   end
 
-  def reload_id
-    $".delete $".find { |part| part =~ %r{session/abstract/id.rb} }
-    silence_warning { require 'rack/session/abstract/id' }
-  end
-
-  should "use securerandom when available" do
-    begin
-      fake = false
-      silence_warning do
-        ::SecureRandom = fake = true unless defined?(SecureRandom)
-      end
-      reload_id
-      id::DEFAULT_OPTIONS[:secure_random].should.eql(fake || SecureRandom)
-    ensure
-      Object.send(:remove_const, :SecureRandom) if fake
-    end
-  end
+  it "use securerandom" do
+    assert_equal ::SecureRandom, id::DEFAULT_OPTIONS[:secure_random]
 
-  should "not use securerandom when unavailable" do
-    begin
-      sr = Object.send(:remove_const, :SecureRandom) if defined?(SecureRandom)
-      reload_id
-      id::DEFAULT_OPTIONS[:secure_random].should.eql false
-    ensure
-      ::SecureRandom = sr if defined?(sr)
-    end
+    id = @id.new nil
+    assert_equal ::SecureRandom, id.sid_secure
   end
 
-  should "allow to use another securerandom provider" do
+  it "allow to use another securerandom provider" do
     secure_random = Class.new do
       def hex(*args)
         'fake_hex'
       end
     end
     id = Rack::Session::Abstract::ID.new nil, :secure_random => secure_random.new
-    id.send(:generate_sid).should.equal 'fake_hex'
+    id.send(:generate_sid).must_equal 'fake_hex'
   end
 
 end

data/test/spec_session_cookie.rb

@@ -1,3 +1,4 @@
+require 'minitest/autorun'
 require 'rack/session/cookie'
 require 'rack/lint'
 require 'rack/mock'
@@ -10,7 +11,7 @@ describe Rack::Session::Cookie do
     hash.delete("session_id")
     Rack::Response.new(hash.inspect).to_a
   end
-  
+
   session_id = lambda do |env|
     Rack::Response.new(env["rack.session"].to_hash.inspect).to_a
   end
@@ -73,31 +74,31 @@ describe Rack::Session::Cookie do
     it 'uses base64 to encode' do
       coder = Rack::Session::Cookie::Base64.new
       str   = 'fuuuuu'
-      coder.encode(str).should.equal [str].pack('m')
+      coder.encode(str).must_equal [str].pack('m')
     end
 
     it 'uses base64 to decode' do
       coder = Rack::Session::Cookie::Base64.new
       str   = ['fuuuuu'].pack('m')
-      coder.decode(str).should.equal str.unpack('m').first
+      coder.decode(str).must_equal str.unpack('m').first
     end
 
     describe 'Marshal' do
       it 'marshals and base64 encodes' do
         coder = Rack::Session::Cookie::Base64::Marshal.new
         str   = 'fuuuuu'
-        coder.encode(str).should.equal [::Marshal.dump(str)].pack('m')
+        coder.encode(str).must_equal [::Marshal.dump(str)].pack('m')
       end
 
       it 'marshals and base64 decodes' do
         coder = Rack::Session::Cookie::Base64::Marshal.new
         str   = [::Marshal.dump('fuuuuu')].pack('m')
-        coder.decode(str).should.equal ::Marshal.load(str.unpack('m').first)
+        coder.decode(str).must_equal ::Marshal.load(str.unpack('m').first)
       end
 
       it 'rescues failures on decode' do
         coder = Rack::Session::Cookie::Base64::Marshal.new
-        coder.decode('lulz').should.equal nil
+        coder.decode('lulz').must_equal nil
       end
     end
 
@@ -105,18 +106,18 @@ describe Rack::Session::Cookie do
       it 'marshals and base64 encodes' do
         coder = Rack::Session::Cookie::Base64::JSON.new
         obj   = %w[fuuuuu]
-        coder.encode(obj).should.equal [::Rack::Utils::OkJson.encode(obj)].pack('m')
+        coder.encode(obj).must_equal [::JSON.dump(obj)].pack('m')
       end
 
       it 'marshals and base64 decodes' do
         coder = Rack::Session::Cookie::Base64::JSON.new
-        str   = [::Rack::Utils::OkJson.encode(%w[fuuuuu])].pack('m')
-        coder.decode(str).should.equal ::Rack::Utils::OkJson.decode(str.unpack('m').first)
+        str   = [::JSON.dump(%w[fuuuuu])].pack('m')
+        coder.decode(str).must_equal ::JSON.parse(str.unpack('m').first)
       end
 
       it 'rescues failures on decode' do
         coder = Rack::Session::Cookie::Base64::JSON.new
-        coder.decode('lulz').should.equal nil
+        coder.decode('lulz').must_equal nil
       end
     end
 
@@ -124,31 +125,46 @@ describe Rack::Session::Cookie do
       it 'jsons, deflates, and base64 encodes' do
         coder = Rack::Session::Cookie::Base64::ZipJSON.new
         obj   = %w[fuuuuu]
-        json = Rack::Utils::OkJson.encode(obj)
-        coder.encode(obj).should.equal [Zlib::Deflate.deflate(json)].pack('m')
+        json = JSON.dump(obj)
+        coder.encode(obj).must_equal [Zlib::Deflate.deflate(json)].pack('m')
       end
 
       it 'base64 decodes, inflates, and decodes json' do
         coder = Rack::Session::Cookie::Base64::ZipJSON.new
         obj   = %w[fuuuuu]
-        json  = Rack::Utils::OkJson.encode(obj)
+        json  = JSON.dump(obj)
         b64   = [Zlib::Deflate.deflate(json)].pack('m')
-        coder.decode(b64).should.equal obj
+        coder.decode(b64).must_equal obj
       end
 
       it 'rescues failures on decode' do
         coder = Rack::Session::Cookie::Base64::ZipJSON.new
-        coder.decode('lulz').should.equal nil
+        coder.decode('lulz').must_equal nil
       end
     end
   end
 
   it "warns if no secret is given" do
     Rack::Session::Cookie.new(incrementor)
-    @warnings.first.should =~ /no secret/i
+    @warnings.first.must_match(/no secret/i)
     @warnings.clear
     Rack::Session::Cookie.new(incrementor, :secret => 'abc')
-    @warnings.should.be.empty?
+    @warnings.must_be :empty?
+  end
+
+  it "doesn't warn if coder is configured to handle encoding" do
+    Rack::Session::Cookie.new(
+      incrementor,
+      :coder => Object.new,
+      :let_coder_handle_secure_encoding => true)
+    @warnings.must_be :empty?
+  end
+
+  it "still warns if coder is not set" do
+    Rack::Session::Cookie.new(
+      incrementor,
+      :let_coder_handle_secure_encoding => true)
+    @warnings.first.must_match(/no secret/i)
   end
 
   it 'uses a coder' do
@@ -164,25 +180,25 @@ describe Rack::Session::Cookie do
     }.new
     response = response_for(:app => [incrementor, { :coder => identity }])
 
-    response["Set-Cookie"].should.include("rack.session=")
-    response.body.should.equal '{"counter"=>1}'
-    identity.calls.should.equal [:decode, :encode]
+    response["Set-Cookie"].must_include "rack.session="
+    response.body.must_equal '{"counter"=>1}'
+    identity.calls.must_equal [:decode, :encode]
   end
 
   it "creates a new cookie" do
     response = response_for(:app => incrementor)
-    response["Set-Cookie"].should.include("rack.session=")
-    response.body.should.equal '{"counter"=>1}'
+    response["Set-Cookie"].must_include "rack.session="
+    response.body.must_equal '{"counter"=>1}'
   end
 
   it "loads from a cookie" do
     response = response_for(:app => incrementor)
 
     response = response_for(:app => incrementor, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>2}'
 
     response = response_for(:app => incrementor, :cookie => response)
-    response.body.should.equal '{"counter"=>3}'
+    response.body.must_equal '{"counter"=>3}'
   end
 
   it "renew session id" do
@@ -191,29 +207,29 @@ describe Rack::Session::Cookie do
     response = response_for(:app => only_session_id, :cookie => cookie)
     cookie   = response['Set-Cookie'] if response['Set-Cookie']
 
-    response.body.should.not.equal ""
+    response.body.wont_equal ""
     old_session_id = response.body
 
     response = response_for(:app => renewer, :cookie => cookie)
     cookie   = response['Set-Cookie'] if response['Set-Cookie']
     response = response_for(:app => only_session_id, :cookie => cookie)
 
-    response.body.should.not.equal ""
-    response.body.should.not.equal old_session_id
+    response.body.wont_equal ""
+    response.body.wont_equal old_session_id
   end
 
   it "destroys session" do
     response = response_for(:app => incrementor)
     response = response_for(:app => only_session_id, :cookie => response)
 
-    response.body.should.not.equal ""
+    response.body.wont_equal ""
     old_session_id = response.body
 
     response = response_for(:app => destroy_session, :cookie => response)
     response = response_for(:app => only_session_id, :cookie => response)
 
-    response.body.should.not.equal ""
-    response.body.should.not.equal old_session_id
+    response.body.wont_equal ""
+    response.body.wont_equal old_session_id
   end
 
   it "survives broken cookies" do
@@ -221,19 +237,19 @@ describe Rack::Session::Cookie do
       :app => incrementor,
       :cookie => "rack.session=blarghfasel"
     )
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
 
     response = response_for(
       :app => [incrementor, { :secret => "test" }],
       :cookie => "rack.session="
     )
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
   end
 
   it "barks on too big cookies" do
     lambda{
       response_for(:app => bigcookie, :request => { :fatal => true })
-    }.should.raise(Rack::MockRequest::FatalWarning)
+    }.must_raise Rack::MockRequest::FatalWarning
   end
 
   it "loads from a cookie with integrity hash" do
@@ -241,58 +257,74 @@ describe Rack::Session::Cookie do
 
     response = response_for(:app => app)
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>2}'
 
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>3}'
+    response.body.must_equal '{"counter"=>3}'
 
     app = [incrementor, { :secret => "other" }]
 
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
   end
 
-  it "loads from a cookie wih accept-only integrity hash for graceful key rotation" do
+  it "loads from a cookie with accept-only integrity hash for graceful key rotation" do
     response = response_for(:app => [incrementor, { :secret => "test" }])
 
     app = [incrementor, { :secret => "test2", :old_secret => "test" }]
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>2}'
 
     app = [incrementor, { :secret => "test3", :old_secret => "test2" }]
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>3}'
+    response.body.must_equal '{"counter"=>3}'
   end
 
   it "ignores tampered with session cookies" do
     app = [incrementor, { :secret => "test" }]
     response = response_for(:app => app)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
 
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>2}'
 
     _, digest = response["Set-Cookie"].split("--")
     tampered_with_cookie = "hackerman-was-here" + "--" + digest
 
     response = response_for(:app => app, :cookie => tampered_with_cookie)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
   end
 
   it "supports either of secret or old_secret" do
     app = [incrementor, { :secret => "test" }]
     response = response_for(:app => app)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
 
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>2}'
 
     app = [incrementor, { :old_secret => "test" }]
     response = response_for(:app => app)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
+
+    response = response_for(:app => app, :cookie => response)
+    response.body.must_equal '{"counter"=>2}'
+  end
+
+  it "supports custom digest class" do
+    app = [incrementor, { :secret => "test", hmac: OpenSSL::Digest::SHA256 }]
+
+    response = response_for(:app => app)
+    response = response_for(:app => app, :cookie => response)
+    response.body.must_equal '{"counter"=>2}'
+
+    response = response_for(:app => app, :cookie => response)
+    response.body.must_equal '{"counter"=>3}'
+
+    app = [incrementor, { :secret => "other" }]
 
     response = response_for(:app => app, :cookie => response)
-    response.body.should.equal '{"counter"=>2}'
+    response.body.must_equal '{"counter"=>1}'
   end
 
   it "can handle Rack::Lint middleware" do
@@ -300,7 +332,7 @@ describe Rack::Session::Cookie do
 
     lint = Rack::Lint.new(session_id)
     response = response_for(:app => lint, :cookie => response)
-    response.body.should.not.be.nil
+    response.body.wont_be :nil?
   end
 
   it "can handle middleware that inspects the env" do
@@ -318,73 +350,73 @@ describe Rack::Session::Cookie do
 
     inspector = TestEnvInspector.new(session_id)
     response = response_for(:app => inspector, :cookie => response)
-    response.body.should.not.be.nil
+    response.body.wont_be :nil?
   end
 
   it "returns the session id in the session hash" do
     response = response_for(:app => incrementor)
-    response.body.should.equal '{"counter"=>1}'
+    response.body.must_equal '{"counter"=>1}'
 
     response = response_for(:app => session_id, :cookie => response)
-    response.body.should.match(/"session_id"=>/)
-    response.body.should.match(/"counter"=>1/)
+    response.body.must_match(/"session_id"=>/)
+    response.body.must_match(/"counter"=>1/)
   end
 
   it "does not return a cookie if set to secure but not using ssl" do
     app = [incrementor, { :secure => true }]
 
     response = response_for(:app => app)
-    response["Set-Cookie"].should.be.nil
+    response["Set-Cookie"].must_be_nil
 
     response = response_for(:app => app, :request => { "HTTPS" => "on" })
-    response["Set-Cookie"].should.not.be.nil
-    response["Set-Cookie"].should.match(/secure/)
+    response["Set-Cookie"].wont_be :nil?
+    response["Set-Cookie"].must_match(/secure/)
   end
 
   it "does not return a cookie if cookie was not read/written" do
     response = response_for(:app => nothing)
-    response["Set-Cookie"].should.be.nil
+    response["Set-Cookie"].must_be_nil
   end
 
   it "does not return a cookie if cookie was not written (only read)" do
     response = response_for(:app => session_id)
-    response["Set-Cookie"].should.be.nil
+    response["Set-Cookie"].must_be_nil
   end
 
   it "returns even if not read/written if :expire_after is set" do
     app = [nothing, { :expire_after => 3600 }]
     request = { "rack.session" => { "not" => "empty" }}
     response = response_for(:app => app, :request => request)
-    response["Set-Cookie"].should.not.be.nil
+    response["Set-Cookie"].wont_be :nil?
   end
 
   it "returns no cookie if no data was written and no session was created previously, even if :expire_after is set" do
     app = [nothing, { :expire_after => 3600 }]
     response = response_for(:app => app)
-    response["Set-Cookie"].should.be.nil
+    response["Set-Cookie"].must_be_nil
   end
 
   it "exposes :secret in env['rack.session.option']" do
     response = response_for(:app => [session_option[:secret], { :secret => "foo" }])
-    response.body.should == '"foo"'
+    response.body.must_equal '"foo"'
   end
 
   it "exposes :coder in env['rack.session.option']" do
     response = response_for(:app => session_option[:coder])
-    response.body.should.match(/Base64::Marshal/)
+    response.body.must_match(/Base64::Marshal/)
   end
 
   it "allows passing in a hash with session data from middleware in front" do
     request = { 'rack.session' => { :foo => 'bar' }}
     response = response_for(:app => session_id, :request => request)
-    response.body.should.match(/foo/)
+    response.body.must_match(/foo/)
   end
 
   it "allows modifying session data with session data from middleware in front" do
     request = { 'rack.session' => { :foo => 'bar' }}
     response = response_for(:app => incrementor, :request => request)
-    response.body.should.match(/counter/)
-    response.body.should.match(/foo/)
+    response.body.must_match(/counter/)
+    response.body.must_match(/foo/)
   end
 
   it "allows more than one '--' in the cookie when calculating digests" do
@@ -403,8 +435,8 @@ describe Rack::Session::Cookie do
     }.new
     _app = [ app, { :secret => "test", :coder => unsafe_coder } ]
     response = response_for(:app => _app)
-    response.body.should.equal "1--"
+    response.body.must_equal "1--"
     response = response_for(:app => _app, :cookie => response)
-    response.body.should.equal "1--2--"
+    response.body.must_equal "1--2--"
   end
 end