Permalink
Browse files

Revert "Eagerly load Signed and Permanent cookies"

This reverts commit dffeda3.
  • Loading branch information...
spastorino committed Apr 7, 2011
1 parent 1720543 commit 5b0149a17aa423d0adbec10c8fb8449f15d16673
Showing with 10 additions and 17 deletions.
  1. +10 −17 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -116,8 +116,6 @@ def initialize(secret = nil, host = nil, secure = false)
@host = host
@secure = secure
@cookies = {}
- @permanent = PermanentCookieJar.new(self, @secret)
- @signed = @secret && SignedCookieJar.new(self, @secret)
end
alias :closed? :frozen?
@@ -195,7 +193,9 @@ def delete(key, options = {})
#
# cookies.permanent.signed[:remember_me] = current_user.id
# # => Set-Cookie: remember_me=BAhU--848956038e692d7046deab32b7131856ab20e14e; path=/; expires=Sun, 16-Dec-2029 03:24:16 GMT
- attr_reader :permanent
+ def permanent
+ @permanent ||= PermanentCookieJar.new(self, @secret)
+ end
# Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from
# the cookie again. This is useful for creating cookies with values that the user is not supposed to change. If a signed
@@ -211,8 +211,7 @@ def delete(key, options = {})
#
# cookies.signed[:discount] # => 45
def signed
- SignedCookieJar.ensure_secret_provided(@secret)
- @signed
+ @signed ||= SignedCookieJar.new(self, @secret)
end
def write(headers)
@@ -229,9 +228,7 @@ def write_cookie?(cookie)
class PermanentCookieJar < CookieJar #:nodoc:
def initialize(parent_jar, secret)
- @parent_jar = parent_jar
- @secret = secret
- @signed = @secret && SignedCookieJar.new(self, @secret)
+ @parent_jar, @secret = parent_jar, secret
end
def []=(key, options)
@@ -247,8 +244,7 @@ def []=(key, options)
end
def signed
- SignedCookieJar.ensure_secret_provided(@secret)
- @signed
+ @signed ||= SignedCookieJar.new(self, @secret)
end
def method_missing(method, *arguments, &block)
@@ -261,8 +257,7 @@ class SignedCookieJar < CookieJar #:nodoc:
SECRET_MIN_LENGTH = 30 # Characters
def initialize(parent_jar, secret)
- self.class.ensure_secret_provided(secret)
- self.class.ensure_secret_length(secret)
+ ensure_secret_secure(secret)
@parent_jar = parent_jar
@verifier = ActiveSupport::MessageVerifier.new(secret)
end
@@ -294,19 +289,17 @@ def method_missing(method, *arguments, &block)
protected
- def self.ensure_secret_provided(secret)
+ # To prevent users from using something insecure like "Password" we make sure that the
+ # secret they've provided is at least 30 characters in length.
+ def ensure_secret_secure(secret)
if secret.blank?
raise ArgumentError, "A secret is required to generate an " +
"integrity hash for cookie session data. Use " +
"config.secret_token = \"some secret phrase of at " +
"least #{SECRET_MIN_LENGTH} characters\"" +
"in config/initializers/secret_token.rb"
end
- end
- # To prevent users from using something insecure like "Password" we make sure that the
- # secret they've provided is at least 30 characters in length.
- def self.ensure_secret_length(secret)
if secret.length < SECRET_MIN_LENGTH
raise ArgumentError, "Secret should be something secure, " +
"like \"#{ActiveSupport::SecureRandom.hex(16)}\". The value you " +

0 comments on commit 5b0149a

Please sign in to comment.