diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-11-13 14:36:00 +0000 | 
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-11-13 14:36:00 +0000 | 
| commit | e70c9a5ca4cc2b739247658f895dba677390bcb4 (patch) | |
| tree | f97e5552a281a99b3c1a67009b633ec90ed48842 | |
| parent | 898593338c9de54ce256c5baf39ebd6613a2eb4d (diff) | |
Session keys are stored as strings in Rails 3.
Update our session-stripping code.
| -rw-r--r-- | lib/whatdotheyknow/strip_empty_sessions.rb | 4 | ||||
| -rw-r--r-- | spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 56 | 
2 files changed, 30 insertions, 30 deletions
| diff --git a/lib/whatdotheyknow/strip_empty_sessions.rb b/lib/whatdotheyknow/strip_empty_sessions.rb index e162acf67..6d175ca98 100644 --- a/lib/whatdotheyknow/strip_empty_sessions.rb +++ b/lib/whatdotheyknow/strip_empty_sessions.rb @@ -1,9 +1,9 @@  module WhatDoTheyKnow -   +    class StripEmptySessions      ENV_SESSION_KEY = "rack.session".freeze      HTTP_SET_COOKIE = "Set-Cookie".freeze -    STRIPPABLE_KEYS = [:session_id, :_csrf_token, :locale] +    STRIPPABLE_KEYS = ['session_id', '_csrf_token', 'locale']      def initialize(app, options = {})        @app = app diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb index 9bd5ccb93..fcd729b48 100644 --- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -1,71 +1,71 @@  require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')  describe WhatDoTheyKnow::StripEmptySessions do -   +    def make_response(session_data, response_headers)      app = lambda do |env|        env['rack.session'] = session_data -      return [200, response_headers, ['content']]  +      return [200, response_headers, ['content']]      end      strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions      app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true})      response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html')    end -   -  it 'should not prevent a cookie being set if there is data in the session' do  -    session_data = { :some_real_data => 'important',  -                     :session_id => 'my_session_id',  -                     :_csrf_token => 'hi_there' } -    application_response_headers = { 'Content-Type' => 'text/html',  + +  it 'should not prevent a cookie being set if there is data in the session' do +    session_data = { 'some_real_data' => 'important', +                     'session_id' => 'my_session_id', +                     '_csrf_token' => 'hi_there' } +    application_response_headers = { 'Content-Type' => 'text/html',                                       'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}      response = make_response(session_data, application_response_headers)      response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'    end -  describe 'if there is no meaningful data in the session' do  +  describe 'if there is no meaningful data in the session' do -    before do  -      @session_data = { :session_id => 'my_session_id',  -                       :_csrf_token => 'hi_there' } +    before do +      @session_data = { 'session_id' => 'my_session_id', +                       '_csrf_token' => 'hi_there' }      end -     -    it 'should not strip any other header' do  + +    it 'should not strip any other header' do        application_response_headers = { 'Content-Type' => 'text/html',                                         'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}        response = make_response(@session_data, application_response_headers)        response.headers['Content-Type'].should == 'text/html'      end -     -    it 'should strip the session cookie setting header ' do  -      application_response_headers = { 'Content-Type' => 'text/html',  + +    it 'should strip the session cookie setting header ' do +      application_response_headers = { 'Content-Type' => 'text/html',                                         'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}        response = make_response(@session_data, application_response_headers)        response.headers['Set-Cookie'].should == ""      end -   -    it 'should strip the session cookie setting header even with a locale' do  -      @session_data[:locale] = 'en' -      application_response_headers = { 'Content-Type' => 'text/html',  + +    it 'should strip the session cookie setting header even with a locale' do +      @session_data['locale'] = 'en' +      application_response_headers = { 'Content-Type' => 'text/html',                                         'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}        response = make_response(@session_data, application_response_headers)        response.headers['Set-Cookie'].should == ""      end -    it 'should not strip the session cookie setting for admins' do  -      @session_data[:using_admin] = 1 -      application_response_headers = { 'Content-Type' => 'text/html',  +    it 'should not strip the session cookie setting for admins' do +      @session_data['using_admin'] = 1 +      application_response_headers = { 'Content-Type' => 'text/html',                                         'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'}        response = make_response(@session_data, application_response_headers)        response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly"      end -   -    it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do  -      application_response_headers = { 'Content-Type' => 'text/html',  + +    it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do +      application_response_headers = { 'Content-Type' => 'text/html',                                         'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly',                                                          'other=mydata']}        response = make_response(@session_data, application_response_headers)        response.headers['Set-Cookie'].should == ['other=mydata']      end -     +    end  end | 
