Fix 319 http only #320

Merged
merged 1 commit into from Oct 23, 2012
@@ -168,7 +168,7 @@ def save_cookie
:value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
:expires => remember_me_until,
:secure => secure,
- :http_only => httponly,
+ :httponly => httponly,
:domain => controller.cookie_domain
}
end
@@ -179,4 +179,4 @@ def destroy_cookie
end
end
end
-end
+end
@@ -6,99 +6,100 @@ class ConfiTest < ActiveSupport::TestCase
def test_cookie_key
UserSession.cookie_key = "my_cookie_key"
assert_equal "my_cookie_key", UserSession.cookie_key
-
+
UserSession.cookie_key "user_credentials"
assert_equal "user_credentials", UserSession.cookie_key
end
-
+
def test_default_cookie_key
assert_equal "user_credentials", UserSession.cookie_key
assert_equal "back_office_user_credentials", BackOfficeUserSession.cookie_key
end
-
+
def test_remember_me
UserSession.remember_me = true
assert_equal true, UserSession.remember_me
session = UserSession.new
assert_equal true, session.remember_me
-
+
UserSession.remember_me false
assert_equal false, UserSession.remember_me
session = UserSession.new
assert_equal false, session.remember_me
end
-
+
def test_remember_me_for
UserSession.remember_me_for = 3.years
assert_equal 3.years, UserSession.remember_me_for
session = UserSession.new
session.remember_me = true
assert_equal 3.years, session.remember_me_for
-
+
UserSession.remember_me_for 3.months
assert_equal 3.months, UserSession.remember_me_for
session = UserSession.new
session.remember_me = true
assert_equal 3.months, session.remember_me_for
end
end
-
+
class InstanceMethodsTest < ActiveSupport::TestCase
def test_credentials
session = UserSession.new
session.credentials = {:remember_me => true}
assert_equal true, session.remember_me
end
-
+
def test_remember_me
session = UserSession.new
assert_equal false, session.remember_me
assert !session.remember_me?
-
+
session.remember_me = false
assert_equal false, session.remember_me
assert !session.remember_me?
-
+
session.remember_me = true
assert_equal true, session.remember_me
assert session.remember_me?
-
+
session.remember_me = nil
assert_nil session.remember_me
assert !session.remember_me?
-
+
session.remember_me = "1"
assert_equal "1", session.remember_me
assert session.remember_me?
-
+
session.remember_me = "true"
assert_equal "true", session.remember_me
assert session.remember_me?
end
-
+
def test_remember_me_until
session = UserSession.new
assert_nil session.remember_me_until
-
+
session.remember_me = true
assert 3.months.from_now <= session.remember_me_until
end
-
+
def test_persist_persist_by_cookie
ben = users(:ben)
assert !UserSession.find
set_cookie_for(ben)
assert session = UserSession.find
assert_equal ben, session.record
end
-
+
def test_after_save_save_cookie
ben = users(:ben)
session = UserSession.new(ben)
assert session.save
assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
+ assert_equal false, controller.cookies["httponly"]
end
-
+
def test_after_destroy_destroy_cookie
ben = users(:ben)
set_cookie_for(ben)
@@ -109,4 +110,4 @@ def test_after_destroy_destroy_cookie
end
end
end
-end
+end