redis-session-store 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9148a3bedfc1ab56951717dccdaed7c30e33e356
-  data.tar.gz: ca00490849f6276f4262ddfa100fa8d90c819087
+  metadata.gz: f983cb90979acec73acae5cdfb437c49c55ab2ac
+  data.tar.gz: db3641121bde418a8e3414e494e055f2cf9e1c38
 SHA512:
-  metadata.gz: fdbe30259d8e8eb71a650a73c59f613f830276f913d0e5bd062b5212db29704aa3ff56d7b5d443e95fabdd441085065a5ca8b02aa0c4b998264c3efeb4685cd9
-  data.tar.gz: ad31abd62bb1eb5b093aa03ba1e0f2c11bc197e3e3ff395bb78dabfb1d7659ef2a06f05435cd03a3db060510700a8a1f4ca509cd6561849e017de2014f2e068c
+  metadata.gz: 8d342305a4a45503a240145c8dbbfaca8405ffafff0887a7c4bccdf0512cb701acb401509903d31b5b14901f9e5907c87ea9aa6096a12c727551b914ea1fcade
+  data.tar.gz: a1558f707a7f04a99c7c52851f4cfe0540696a4bbe94b3450f707316c1c5bde503e279cabe0dc360ffbcc627353178f2463243bbcb1a797a715267275dc15484

data/.rubocop.yml

@@ -8,3 +8,8 @@
 # Offense count: 1
 FileName:
   Enabled: false
+
+# Offense count: 1
+# Configuration parameters: CountComments.
+ClassLength:
+  Max: 103

data/CHANGELOG.md

@@ -1,6 +1,12 @@
 redis-session-store history
 ===========================
 
+## v0.6.0 (2014-03-17)
+
+* Add custom serializer configuration
+* Add custom handling capability for session load errors
+* Always destroying sessions that cannot be loaded
+
 ## v0.5.0 (2014-03-16)
 
 * Keep generating session IDs until one is found that doesn't collide

data/README.md

@@ -80,6 +80,41 @@ My::Application.config.session_store = :redis_session_store, {
 }
 ```
 
+### Serializer
+
+By default the Marshal serializer is used. With Rails 4, you can use JSON as a
+custom serializer:
+
+* `:json` - serialize cookie values with `JSON` (Requires Rails 4+)
+* `:marshal` - serialize cookie values with `Marshal` (Default)
+* `:hybrid` - transparently migrate existing `Marshal` cookie values to `JSON` (Requires Rails 4+)
+* `CustomClass` - You can just pass the constant name of any class that responds to `.load` and `.dump`
+
+``` ruby
+My::Application.config.session_store = :redis_session_store, {
+  # ... other options ...
+  serializer: :hybrid
+}
+```
+
+**Note**: Rails 4 is required for using the `:json` and `:hybrid` serializers
+because the `Flash` object doesn't serializer well in 3.2. See [Rails #13945](https://github.com/rails/rails/pull/13945) for more info.
+
+### Session load error handling
+
+If you want to handle cases where the session data cannot be loaded, a
+custom callable handler may be provided as `on_session_load_error` which
+will be given the error and the session ID.
+
+``` ruby
+My::Application.config.session_store = :redis_session_store, {
+  # ... other options ...
+  on_session_load_error: ->(e, sid) { do_something_will_ya!(e) }
+}
+```
+
+**Note** The session will *always* be destroyed when it cannot be loaded.
+
 Contributing, Authors, & License
 --------------------------------
 

data/lib/redis-session-store.rb

@@ -4,7 +4,7 @@ require 'redis'
 # Redis session storage for Rails, and for Rails only. Derived from
 # the MemCacheStore code, simply dropping in Redis instead.
 class RedisSessionStore < ActionDispatch::Session::AbstractStore
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'
 
   # ==== Options
   # * +:key+ - Same as with the other cookie stores, key name
@@ -16,6 +16,8 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
   #   * +:expire_after+ - A number in seconds for session timeout
   # * +:on_sid_collision:+ - Called with SID string when generated SID collides
   # * +:on_redis_down:+ - Called with err, env, and SID on Errno::ECONNREFUSED
+  # * +:on_session_load_error:+ - Called with err and SID on Marshal.load fail
+  # * +:serializer:+ - Serializer to use on session data, default is :marshal.
   #
   # ==== Examples
   #
@@ -30,6 +32,7 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
   #       },
   #       on_sid_collision: ->(sid) { logger.warn("SID collision! #{sid}") },
   #       on_redis_down: ->(*a) { logger.error("Redis down! #{a.inspect}") }
+  #       serializer: :hybrid # migrate from Marshal to JSON
   #     }
   #
   def initialize(app, options = {})
@@ -42,13 +45,24 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
     @redis = Redis.new(redis_options)
     @on_sid_collision = options[:on_sid_collision]
     @on_redis_down = options[:on_redis_down]
+    @serializer = determine_serializer(options[:serializer])
+    @on_session_load_error = options[:on_session_load_error]
+    verify_handlers!
   end
 
-  attr_accessor :on_sid_collision, :on_redis_down
+  attr_accessor :on_sid_collision, :on_redis_down, :on_session_load_error
 
   private
 
-  attr_reader :redis, :key, :default_options
+  attr_reader :redis, :key, :default_options, :serializer
+
+  def verify_handlers!
+    %w(on_sid_collision on_redis_down on_session_load_error).each do |h|
+      if (handler = public_send(h)) && !handler.respond_to?(:call)
+        fail ArgumentError, "#{h} handler is not callable"
+      end
+    end
+  end
 
   def prefixed(sid)
     "#{default_options[:key_prefix]}#{sid}"
@@ -81,15 +95,25 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
 
   def load_session_from_redis(sid)
     data = redis.get(prefixed(sid))
-    data ? Marshal.load(data) : nil
+    begin
+      data ? decode(data) : nil
+    rescue => e
+      destroy_session_from_sid(sid, drop: true)
+      on_session_load_error.call(e, sid) if on_session_load_error
+      nil
+    end
+  end
+
+  def decode(data)
+    serializer.load(data)
   end
 
   def set_session(env, sid, session_data, options = nil)
     expiry = (options || env[ENV_SESSION_OPTIONS_KEY])[:expire_after]
     if expiry
-      redis.setex(prefixed(sid), expiry, Marshal.dump(session_data))
+      redis.setex(prefixed(sid), expiry, encode(session_data))
     else
-      redis.set(prefixed(sid), Marshal.dump(session_data))
+      redis.set(prefixed(sid), encode(session_data))
     end
     return sid
   rescue Errno::ECONNREFUSED => e
@@ -97,19 +121,66 @@ class RedisSessionStore < ActionDispatch::Session::AbstractStore
     return false
   end
 
+  def encode(session_data)
+    serializer.dump(session_data)
+  end
+
   def destroy_session(env, sid, options)
-    redis.del(prefixed(sid))
-    return nil if (options || {})[:drop]
-    generate_sid
+    destroy_session_from_sid(sid, (options || {}).merge(env: env))
   end
 
   def destroy(env)
     if env['rack.request.cookie_hash'] &&
         (sid = env['rack.request.cookie_hash'][key])
-      redis.del(prefixed(sid))
+      destroy_session_from_sid(sid, drop: true, env: env)
     end
-  rescue Errno::ECONNREFUSED => e
-    on_redis_down.call(e, env, sid) if on_redis_down
     false
   end
+
+  def destroy_session_from_sid(sid, options = {})
+    redis.del(prefixed(sid))
+    (options || {})[:drop] ? nil : generate_sid
+  rescue Errno::ECONNREFUSED => e
+    on_redis_down.call(e, options[:env] || {}, sid) if on_redis_down
+  end
+
+  def determine_serializer(serializer)
+    serializer ||= :marshal
+    case serializer
+    when :marshal then Marshal
+    when :json    then JsonSerializer
+    when :hybrid  then HybridSerializer
+    else serializer
+    end
+  end
+
+  # Uses built-in JSON library to encode/decode session
+  class JsonSerializer
+    def self.load(value)
+      JSON.parse(value, quirks_mode: true)
+    end
+
+    def self.dump(value)
+      JSON.generate(value, quirks_mode: true)
+    end
+  end
+
+  # Transparently migrates existing session values from Marshal to JSON
+  class HybridSerializer < JsonSerializer
+    MARSHAL_SIGNATURE = "\x04\x08".freeze
+
+    def self.load(value)
+      if needs_migration?(value)
+        Marshal.load(value)
+      else
+        super
+      end
+    end
+
+    private
+
+    def self.needs_migration?(value)
+      value.start_with?(MARSHAL_SIGNATURE)
+    end
+  end
 end

data/spec/redis_session_store_spec.rb

@@ -1,4 +1,5 @@
 # vim:fileencoding=utf-8
+require 'json'
 
 describe RedisSessionStore do
   let :random_string do
@@ -284,4 +285,169 @@ describe RedisSessionStore do
       end
     end
   end
+
+  describe 'session encoding' do
+    let(:env)          { double('env') }
+    let(:session_id)   { 12_345 }
+    let(:session_data) { { 'some' => 'data' } }
+    let(:options)      { {} }
+    let(:encoded_data) { Marshal.dump(session_data) }
+    let(:redis)        { double('redis', set: nil, get: encoded_data) }
+    let(:expected_encoding) { encoded_data }
+
+    before do
+      store.stub(:redis).and_return(redis)
+    end
+
+    shared_examples_for 'serializer' do
+      it 'encodes correctly' do
+        redis.should_receive(:set).with('12345', expected_encoding)
+        store.send(:set_session, env, session_id, session_data, options)
+      end
+
+      it 'decodes correctly' do
+        expect(store.send(:get_session, env, session_id))
+          .to eq([session_id, session_data])
+      end
+    end
+
+    context 'marshal' do
+      let(:options) { { serializer: :marshal } }
+      it_should_behave_like 'serializer'
+    end
+
+    context 'json' do
+      let(:options) { { serializer: :json } }
+      let(:encoded_data) { '{"some":"data"}' }
+
+      it_should_behave_like 'serializer'
+    end
+
+    context 'hybrid' do
+      let(:options) { { serializer: :hybrid } }
+      let(:expected_encoding) { '{"some":"data"}' }
+
+      context 'marshal encoded data' do
+        it_should_behave_like 'serializer'
+      end
+
+      context 'json encoded data' do
+        let(:encoded_data) { '{"some":"data"}' }
+
+        it_should_behave_like 'serializer'
+      end
+    end
+
+    context 'custom' do
+      let :custom_serializer do
+        Class.new do
+          def self.load(value)
+            { 'some' => 'data' }
+          end
+
+          def self.dump(value)
+            'somedata'
+          end
+        end
+      end
+
+      let(:options) { { serializer: custom_serializer } }
+      let(:expected_encoding) { 'somedata' }
+
+      it_should_behave_like 'serializer'
+    end
+  end
+
+  describe 'handling decode errors' do
+    context 'when a class is serialized that does not exist' do
+      before do
+        store.stub(
+          redis: double('redis', get: "\x04\bo:\nNonExistentClass\x00",
+                                 del: true)
+        )
+      end
+
+      it 'returns an empty session' do
+        expect(store.send(:load_session_from_redis, 'whatever')).to be_nil
+      end
+
+      it 'destroys and drops the session' do
+        store.should_receive(:destroy_session_from_sid).with('wut', drop: true)
+        store.send(:load_session_from_redis, 'wut')
+      end
+
+      context 'when a custom on_session_load_error handler is provided' do
+        before do
+          store.on_session_load_error = lambda do |e, sid|
+            @e = e
+            @sid = sid
+          end
+        end
+
+        it 'passes the error and the sid to the handler' do
+          store.send(:load_session_from_redis, 'foo')
+          expect(@e).to be_kind_of(StandardError)
+          expect(@sid).to eql('foo')
+        end
+      end
+    end
+
+    context 'when the encoded data is invalid' do
+      before do
+        store.stub(
+          redis: double('redis', get: "\x00\x00\x00\x00", del: true)
+        )
+      end
+
+      it 'returns an empty session' do
+        expect(store.send(:load_session_from_redis, 'bar')).to be_nil
+      end
+
+      it 'destroys and drops the session' do
+        store.should_receive(:destroy_session_from_sid).with('wut', drop: true)
+        store.send(:load_session_from_redis, 'wut')
+      end
+
+      context 'when a custom on_session_load_error handler is provided' do
+        before do
+          store.on_session_load_error = lambda do |e, sid|
+            @e = e
+            @sid = sid
+          end
+        end
+
+        it 'passes the error and the sid to the handler' do
+          store.send(:load_session_from_redis, 'foo')
+          expect(@e).to be_kind_of(StandardError)
+          expect(@sid).to eql('foo')
+        end
+      end
+    end
+  end
+
+  describe 'validating custom handlers' do
+    %w(on_redis_down on_sid_collision on_session_load_error).each do |h|
+      context 'when nil' do
+        it 'does not explode at init' do
+          expect { store }.to_not raise_error
+        end
+      end
+
+      context 'when callable' do
+        let(:options) { { :"#{h}" => ->(*) { !nil } } }
+
+        it 'does not explode at init' do
+          expect { store }.to_not raise_error
+        end
+      end
+
+      context 'when not callable' do
+        let(:options) { { :"#{h}" => 'herpderp' } }
+
+        it 'explodes at init' do
+          expect { store }.to raise_error(ArgumentError)
+        end
+      end
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: redis-session-store
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Mathias Meyer