diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-11-13 14:36:00 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-11-18 14:41:10 +0000 |
| commit | 7b13d57fb826b1adb73313db71f1cf40749b16c8 (patch) | |
| tree | 67922993dd7f8c30f6c65e47b80277f47adab1bf | |
| parent | fa0a0cbbf5147e4582cb5ad223714657da9598b6 (diff) | |
Session keys are stored as strings in Rails 3.
Update our session-stripping code.
| -rw-r--r-- | lib/whatdotheyknow/strip_empty_sessions.rb | 4 | ||||
| -rw-r--r-- | spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb | 56 |
2 files changed, 30 insertions, 30 deletions
diff --git a/lib/whatdotheyknow/strip_empty_sessions.rb b/lib/whatdotheyknow/strip_empty_sessions.rb index e162acf67..6d175ca98 100644 --- a/lib/whatdotheyknow/strip_empty_sessions.rb +++ b/lib/whatdotheyknow/strip_empty_sessions.rb @@ -1,9 +1,9 @@ module WhatDoTheyKnow - + class StripEmptySessions ENV_SESSION_KEY = "rack.session".freeze HTTP_SET_COOKIE = "Set-Cookie".freeze - STRIPPABLE_KEYS = [:session_id, :_csrf_token, :locale] + STRIPPABLE_KEYS = ['session_id', '_csrf_token', 'locale'] def initialize(app, options = {}) @app = app diff --git a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb index 9bd5ccb93..fcd729b48 100644 --- a/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb +++ b/spec/lib/whatdotheyknow/strip_empty_sessions_spec.rb @@ -1,71 +1,71 @@ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper') describe WhatDoTheyKnow::StripEmptySessions do - + def make_response(session_data, response_headers) app = lambda do |env| env['rack.session'] = session_data - return [200, response_headers, ['content']] + return [200, response_headers, ['content']] end strip_empty_sessions = WhatDoTheyKnow::StripEmptySessions app = strip_empty_sessions.new(app, {:key => 'mykey', :path => '', :httponly => true}) response = Rack::MockRequest.new(app).get('/', 'HTTP_ACCEPT' => 'text/html') end - - it 'should not prevent a cookie being set if there is data in the session' do - session_data = { :some_real_data => 'important', - :session_id => 'my_session_id', - :_csrf_token => 'hi_there' } - application_response_headers = { 'Content-Type' => 'text/html', + + it 'should not prevent a cookie being set if there is data in the session' do + session_data = { 'some_real_data' => 'important', + 'session_id' => 'my_session_id', + '_csrf_token' => 'hi_there' } + application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} response = make_response(session_data, application_response_headers) response.headers['Set-Cookie'].should == 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly' end - describe 'if there is no meaningful data in the session' do + describe 'if there is no meaningful data in the session' do - before do - @session_data = { :session_id => 'my_session_id', - :_csrf_token => 'hi_there' } + before do + @session_data = { 'session_id' => 'my_session_id', + '_csrf_token' => 'hi_there' } end - - it 'should not strip any other header' do + + it 'should not strip any other header' do application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} response = make_response(@session_data, application_response_headers) response.headers['Content-Type'].should == 'text/html' end - - it 'should strip the session cookie setting header ' do - application_response_headers = { 'Content-Type' => 'text/html', + + it 'should strip the session cookie setting header ' do + application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} response = make_response(@session_data, application_response_headers) response.headers['Set-Cookie'].should == "" end - - it 'should strip the session cookie setting header even with a locale' do - @session_data[:locale] = 'en' - application_response_headers = { 'Content-Type' => 'text/html', + + it 'should strip the session cookie setting header even with a locale' do + @session_data['locale'] = 'en' + application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} response = make_response(@session_data, application_response_headers) response.headers['Set-Cookie'].should == "" end - it 'should not strip the session cookie setting for admins' do - @session_data[:using_admin] = 1 - application_response_headers = { 'Content-Type' => 'text/html', + it 'should not strip the session cookie setting for admins' do + @session_data['using_admin'] = 1 + application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => 'mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly'} response = make_response(@session_data, application_response_headers) response.headers['Set-Cookie'].should == "mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly" end - - it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do - application_response_headers = { 'Content-Type' => 'text/html', + + it 'should strip the session cookie setting header (but no other cookie setting header) if there is more than one' do + application_response_headers = { 'Content-Type' => 'text/html', 'Set-Cookie' => ['mykey=f274c61a35320c52d45e9f8d7d4e2649; path=/; HttpOnly', 'other=mydata']} response = make_response(@session_data, application_response_headers) response.headers['Set-Cookie'].should == ['other=mydata'] end - + end end |