Permalink
Browse files

fix session fixation test

  • Loading branch information...
1 parent b352897 commit 139dd035f19c1ec92e0ca89e4c6f5a7fdc9662c7 @binarylogic committed Feb 28, 2014
@@ -1,5 +1,5 @@
PATH
- remote: /Users/nathany/Dropbox/Development/jobber/vendor/authlogic
+ remote: /Users/benjohnson/projects/binarylogic/authlogic
specs:
authlogic (3.3.0)
activerecord (>= 3.2)
@@ -1,5 +1,5 @@
PATH
- remote: /Users/nathany/Dropbox/Development/jobber/vendor/authlogic
+ remote: /Users/benjohnson/projects/binarylogic/authlogic
specs:
authlogic (3.3.0)
activerecord (>= 3.2)
View
@@ -1,3 +1,4 @@
+# encoding: UTF-8
module Authlogic
# This is a module the contains regular expressions used throughout Authlogic. The point of extracting
# them out into their own module is to make them easily available to you for other uses. Ex:
@@ -12,7 +12,7 @@ def self.included(klass)
after_persisting :update_session, :unless => :single_access?
end
end
-
+
# Configuration for the session feature.
module Config
# Works exactly like cookie_key, but for sessions. See cookie_key for more info.
@@ -24,7 +24,7 @@ def session_key(value = nil)
end
alias_method :session_key=, :session_key
end
-
+
# Instance methods for the session feature.
module InstanceMethods
private
@@ -43,15 +43,15 @@ def persist_by_session
false
end
end
-
+
def session_credentials
- [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].compact
+ [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].collect { |i| i.nil? ? i : i.to_s }.compact
end
-
+
def session_key
build_key(self.class.session_key)
end
-
+
def update_session
controller.session[session_key] = record && record.persistence_token
controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
@@ -5,18 +5,10 @@ class BCryptTest < ActiveSupport::TestCase
def test_encrypt
assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
end
-
+
def test_matches
hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
assert Authlogic::CryptoProviders::BCrypt.matches?(hash, "mypass")
end
-
- def test_minimum_cost
- Authlogic::CryptoProviders::BCrypt.cost = 4
- assert_equal 4, Authlogic::CryptoProviders::BCrypt.cost
-
- assert_raises(ArgumentError) { Authlogic::CryptoProviders::BCrypt.cost = 2 }
- assert_equal 4, Authlogic::CryptoProviders::BCrypt.cost
- end
end
end
@@ -6,12 +6,12 @@ class ConfigTest < ActiveSupport::TestCase
def test_session_key
UserSession.session_key = "my_session_key"
assert_equal "my_session_key", UserSession.session_key
-
+
UserSession.session_key "user_credentials"
assert_equal "user_credentials", UserSession.session_key
end
end
-
+
class InstanceMethodsTest < ActiveSupport::TestCase
def test_persist_persist_by_session
ben = users(:ben)
@@ -38,24 +38,24 @@ def test_persist_persist_by_session_with_sql_injection_attack
end
assert @user_session.blank?
end
-
+
def test_persist_persist_by_session_with_token_only
ben = users(:ben)
set_session_for(ben)
controller.session["user_credentials_id"] = nil
- assert session = UserSession.find
+ session = UserSession.find
assert_equal ben, session.record
assert_equal ben.persistence_token, controller.session["user_credentials"]
end
-
+
def test_after_save_update_session
ben = users(:ben)
session = UserSession.new(ben)
assert controller.session["user_credentials"].blank?
assert session.save
assert_equal ben.persistence_token, controller.session["user_credentials"]
end
-
+
def test_after_destroy_update_session
ben = users(:ben)
set_session_for(ben)
@@ -64,7 +64,7 @@ def test_after_destroy_update_session
assert session.destroy
assert controller.session["user_credentials"].blank?
end
-
+
def test_after_persisting_update_session
ben = users(:ben)
set_cookie_for(ben)

0 comments on commit 139dd03

Please sign in to comment.