summaryrefslogtreecommitdiff
path: root/test/spec_session_cookie.rb
diff options
context:
space:
mode:
authorChristian Neukirchen <chneukirchen@gmail.com>2010-06-15 11:37:52 +0200
committerChristian Neukirchen <chneukirchen@gmail.com>2010-06-15 11:37:52 +0200
commite617e8f67bcbcff6b5fcb1670747bc020b869b72 (patch)
tree50b74613b03f57c2a8d757c6402ed8f5f144c752 /test/spec_session_cookie.rb
parent19c8aee05c2cbb4441017c751b2ff27fa3ca1cff (diff)
downloadrack-e617e8f67bcbcff6b5fcb1670747bc020b869b72.tar.gz
Rename spec/ back to test/
Diffstat (limited to 'test/spec_session_cookie.rb')
-rw-r--r--test/spec_session_cookie.rb70
1 files changed, 70 insertions, 0 deletions
diff --git a/test/spec_session_cookie.rb b/test/spec_session_cookie.rb
new file mode 100644
index 00000000..fda40cc4
--- /dev/null
+++ b/test/spec_session_cookie.rb
@@ -0,0 +1,70 @@
+require 'rack/session/cookie'
+require 'rack/mock'
+
+describe Rack::Session::Cookie do
+ incrementor = lambda do |env|
+ env["rack.session"]["counter"] ||= 0
+ env["rack.session"]["counter"] += 1
+ Rack::Response.new(env["rack.session"].inspect).to_a
+ end
+
+ it "creates a new cookie" do
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/")
+ res["Set-Cookie"].should.include("rack.session=")
+ res.body.should.equal '{"counter"=>1}'
+ end
+
+ it "loads from a cookie" do
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).get("/")
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>2}'
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>3}'
+ end
+
+ it "survives broken cookies" do
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)).
+ get("/", "HTTP_COOKIE" => "rack.session=blarghfasel")
+ res.body.should.equal '{"counter"=>1}'
+ end
+
+ bigcookie = lambda do |env|
+ env["rack.session"]["cookie"] = "big" * 3000
+ Rack::Response.new(env["rack.session"].inspect).to_a
+ end
+
+ it "barks on too big cookies" do
+ lambda{
+ Rack::MockRequest.new(Rack::Session::Cookie.new(bigcookie)).
+ get("/", :fatal => true)
+ }.should.raise(Rack::MockRequest::FatalWarning)
+ end
+
+ it "loads from a cookie wih integrity hash" do
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).get("/")
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>2}'
+ cookie = res["Set-Cookie"]
+ res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor, :secret => 'test')).
+ get("/", "HTTP_COOKIE" => cookie)
+ res.body.should.equal '{"counter"=>3}'
+ end
+
+ it "ignores tampered with session cookies" do
+ app = Rack::Session::Cookie.new(incrementor, :secret => 'test')
+ response1 = Rack::MockRequest.new(app).get("/")
+ _, digest = response1["Set-Cookie"].split("--")
+ tampered_with_cookie = "hackerman-was-here" + "--" + digest
+ response2 = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" =>
+ tampered_with_cookie)
+
+ # The tampered-with cookie is ignored, so we get back an identical Set-Cookie
+ response2["Set-Cookie"].should.equal(response1["Set-Cookie"])
+ end
+end
View Lorry Controller Status