diff options
author | Christian Neukirchen <chneukirchen@gmail.com> | 2010-06-15 11:37:52 +0200 |
---|---|---|
committer | Christian Neukirchen <chneukirchen@gmail.com> | 2010-06-15 11:37:52 +0200 |
commit | e617e8f67bcbcff6b5fcb1670747bc020b869b72 (patch) | |
tree | 50b74613b03f57c2a8d757c6402ed8f5f144c752 /test/spec_session_cookie.rb | |
parent | 19c8aee05c2cbb4441017c751b2ff27fa3ca1cff (diff) | |
download | rack-e617e8f67bcbcff6b5fcb1670747bc020b869b72.tar.gz |
Rename spec/ back to test/
Diffstat (limited to 'test/spec_session_cookie.rb')
-rw-r--r-- | test/spec_session_cookie.rb | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/test/spec_session_cookie.rb b/test/spec_session_cookie.rb new file mode 100644 index 00000000..fda40cc4 --- /dev/null +++ b/test/spec_session_cookie.rb @@ -0,0 +1,70 @@ +require 'rack/session/cookie' +require 'rack/mock' + +describe Rack::Session::Cookie do + incrementor = lambda do |env| + env["rack.session"]["counter"] ||= 0 + env["rack.session"]["counter"] += 1 + Rack::Response.new(env["rack.session"].inspect).to_a + end + + it "creates a new cookie" do + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/") + res["Set-Cookie"].should.include("rack.session=") + res.body.should.equal '{"counter"=>1}' + end + + it "loads from a cookie" do + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/") + cookie = res["Set-Cookie"] + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)). + get("/", "HTTP_COOKIE" => cookie) + res.body.should.equal '{"counter"=>2}' + cookie = res["Set-Cookie"] + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)). + get("/", "HTTP_COOKIE" => cookie) + res.body.should.equal '{"counter"=>3}' + end + + it "survives broken cookies" do + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)). + get("/", "HTTP_COOKIE" => "rack.session=blarghfasel") + res.body.should.equal '{"counter"=>1}' + end + + bigcookie = lambda do |env| + env["rack.session"]["cookie"] = "big" * 3000 + Rack::Response.new(env["rack.session"].inspect).to_a + end + + it "barks on too big cookies" do + lambda{ + Rack::MockRequest.new(Rack::Session::Cookie.new(bigcookie)). + get("/", :fatal => true) + }.should.raise(Rack::MockRequest::FatalWarning) + end + + it "loads from a cookie wih integrity hash" do + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).get("/") + cookie = res["Set-Cookie"] + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')). + get("/", "HTTP_COOKIE" => cookie) + res.body.should.equal '{"counter"=>2}' + cookie = res["Set-Cookie"] + res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')). + get("/", "HTTP_COOKIE" => cookie) + res.body.should.equal '{"counter"=>3}' + end + + it "ignores tampered with session cookies" do + app = Rack::Session::Cookie.new(incrementor, :secret => 'test') + response1 = Rack::MockRequest.new(app).get("/") + _, digest = response1["Set-Cookie"].split("--") + tampered_with_cookie = "hackerman-was-here" + "--" + digest + response2 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => + tampered_with_cookie) + + # The tampered-with cookie is ignored, so we get back an identical Set-Cookie + response2["Set-Cookie"].should.equal(response1["Set-Cookie"]) + end +end |