Permalink
Browse files

Merge branch 'master' of git@github.com:rails/rails

  • Loading branch information...
2 parents 19be3d3 + 43ac42c commit 89056885b030b981193d73ebde56cf60829a924c @jeremy jeremy committed Dec 16, 2008
Showing with 1,138 additions and 1,807 deletions.
  1. +6 −9 actionpack/lib/action_controller.rb
  2. +2 −10 actionpack/lib/action_controller/base.rb
  3. +0 −1 actionpack/lib/action_controller/cgi_ext.rb
  4. +0 −53 actionpack/lib/action_controller/cgi_ext/session.rb
  5. +1 −1 actionpack/lib/action_controller/cgi_process.rb
  6. +5 −3 actionpack/lib/action_controller/dispatcher.rb
  7. +2 −2 actionpack/lib/action_controller/integration.rb
  8. +20 −5 actionpack/lib/action_controller/middleware_stack.rb
  9. +12 −127 actionpack/lib/action_controller/rack_process.rb
  10. +131 −0 actionpack/lib/action_controller/session/abstract_store.rb
  11. +0 −350 actionpack/lib/action_controller/session/active_record_store.rb
  12. +187 −150 actionpack/lib/action_controller/session/cookie_store.rb
  13. +0 −32 actionpack/lib/action_controller/session/drb_server.rb
  14. +0 −35 actionpack/lib/action_controller/session/drb_store.rb
  15. +36 −83 actionpack/lib/action_controller/session/mem_cache_store.rb
  16. +48 −126 actionpack/lib/action_controller/session_management.rb
  17. +3 −7 actionpack/lib/action_view/template.rb
  18. +24 −1 actionpack/lib/action_view/template_handlers.rb
  19. +2 −0 actionpack/test/abstract_unit.rb
  20. +95 −107 actionpack/test/activerecord/active_record_store_test.rb
  21. +0 −2 actionpack/test/controller/integration_test.rb
  22. +0 −2 actionpack/test/controller/integration_upload_test.rb
  23. +2 −24 actionpack/test/controller/rack_test.rb
  24. +98 −250 actionpack/test/controller/session/cookie_store_test.rb
  25. +55 −152 actionpack/test/controller/session/mem_cache_store_test.rb
  26. +84 −84 actionpack/test/controller/session_fixation_test.rb
  27. +0 −178 actionpack/test/controller/session_management_test.rb
  28. +0 −2 actionpack/test/controller/webservice_test.rb
  29. +1 −0 activerecord/lib/active_record.rb
  30. +319 −0 activerecord/lib/active_record/session_store.rb
  31. +1 −0 activerecord/test/cases/helper.rb
  32. +2 −10 railties/lib/initializer.rb
  33. +1 −1 railties/lib/tasks/databases.rake
  34. +1 −0 railties/test/console_app_test.rb
@@ -89,18 +89,15 @@ module Http
autoload :Headers, 'action_controller/headers'
end
- # DEPRECATE: Remove CGI support
- autoload :CgiRequest, 'action_controller/cgi_process'
- autoload :CGIHandler, 'action_controller/cgi_process'
-end
-
-class CGI
- class Session
- autoload :ActiveRecordStore, 'action_controller/session/active_record_store'
+ module Session
+ autoload :AbstractStore, 'action_controller/session/abstract_store'
autoload :CookieStore, 'action_controller/session/cookie_store'
- autoload :DRbStore, 'action_controller/session/drb_store'
autoload :MemCacheStore, 'action_controller/session/mem_cache_store'
end
+
+ # DEPRECATE: Remove CGI support
+ autoload :CgiRequest, 'action_controller/cgi_process'
+ autoload :CGIHandler, 'action_controller/cgi_process'
end
autoload :Mime, 'action_controller/mime_type'
@@ -164,8 +164,8 @@ class UnknownHttpMethod < ActionControllerError #:nodoc:
#
# Other options for session storage are:
#
- # * ActiveRecordStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
- # unlike CookieStore, hides your session contents from the user. To use ActiveRecordStore, set
+ # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
+ # unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set
#
# config.action_controller.session_store = :active_record_store
#
@@ -1216,7 +1216,6 @@ def initialize_current_url
def log_processing
if logger && logger.info?
log_processing_for_request_id
- log_processing_for_session_id
log_processing_for_parameters
end
end
@@ -1229,13 +1228,6 @@ def log_processing_for_request_id
logger.info(request_id)
end
- def log_processing_for_session_id
- if @_session && @_session.respond_to?(:session_id) && @_session.respond_to?(:dbman) &&
- !@_session.dbman.is_a?(CGI::Session::CookieStore)
- logger.info " Session ID: #{@_session.session_id}"
- end
- end
-
def log_processing_for_parameters
parameters = respond_to?(:filter_parameters) ? filter_parameters(params) : params.dup
parameters = parameters.except!(:controller, :action, :format, :_method)
@@ -1,7 +1,6 @@
require 'action_controller/cgi_ext/stdinput'
require 'action_controller/cgi_ext/query_extension'
require 'action_controller/cgi_ext/cookie'
-require 'action_controller/cgi_ext/session'
class CGI #:nodoc:
include ActionController::CgiExt::Stdinput
@@ -1,53 +0,0 @@
-require 'digest/md5'
-require 'cgi/session'
-require 'cgi/session/pstore'
-
-class CGI #:nodoc:
- # * Expose the CGI instance to session stores.
- # * Don't require 'digest/md5' whenever a new session id is generated.
- class Session #:nodoc:
- def self.generate_unique_id(constant = nil)
- ActiveSupport::SecureRandom.hex(16)
- end
-
- # Make the CGI instance available to session stores.
- attr_reader :cgi
- attr_reader :dbman
- alias_method :initialize_without_cgi_reader, :initialize
- def initialize(cgi, options = {})
- @cgi = cgi
- initialize_without_cgi_reader(cgi, options)
- end
-
- private
- # Create a new session id.
- def create_new_id
- @new_session = true
- self.class.generate_unique_id
- end
-
- # * Don't require 'digest/md5' whenever a new session is started.
- class PStore #:nodoc:
- def initialize(session, option={})
- dir = option['tmpdir'] || Dir::tmpdir
- prefix = option['prefix'] || ''
- id = session.session_id
- md5 = Digest::MD5.hexdigest(id)[0,16]
- path = dir+"/"+prefix+md5
- path.untaint
- if File::exist?(path)
- @hash = nil
- else
- unless session.new_session
- raise CGI::Session::NoSession, "uninitialized session"
- end
- @hash = {}
- end
- @p = ::PStore.new(path)
- @p.transaction do |p|
- File.chmod(0600, p.path)
- end
- end
- end
- end
-end
@@ -61,7 +61,7 @@ def self.dispatch_cgi(app, cgi, out = $stdout)
class CgiRequest #:nodoc:
DEFAULT_SESSION_OPTIONS = {
- :database_manager => CGI::Session::CookieStore,
+ :database_manager => nil,
:prefix => "ruby_sess.",
:session_path => "/",
:session_key => "_session_id",
@@ -45,8 +45,10 @@ def to_prepare(identifier = nil, &block)
end
cattr_accessor :middleware
- self.middleware = MiddlewareStack.new
- self.middleware.use "ActionController::Failsafe"
+ self.middleware = MiddlewareStack.new do |middleware|
+ middleware.use "ActionController::Failsafe"
+ middleware.use "ActionController::SessionManagement::Middleware"
+ end
include ActiveSupport::Callbacks
define_callbacks :prepare_dispatch, :before_dispatch, :after_dispatch
@@ -89,7 +91,7 @@ def call(env)
def _call(env)
@request = RackRequest.new(env)
- @response = RackResponse.new(@request)
+ @response = RackResponse.new
dispatch
end
@@ -489,8 +489,8 @@ def reset!
# By default, a single session is automatically created for you, but you
# can use this method to open multiple sessions that ought to be tested
# simultaneously.
- def open_session
- application = ActionController::Dispatcher.new
+ def open_session(application = nil)
+ application ||= ActionController::Dispatcher.new
session = Integration::Session.new(application)
# delegate the fixture accessors back to the test instance
@@ -4,7 +4,12 @@ class Middleware
attr_reader :klass, :args, :block
def initialize(klass, *args, &block)
- @klass = klass.is_a?(Class) ? klass : klass.to_s.constantize
+ if klass.is_a?(Class)
+ @klass = klass
+ else
+ @klass = klass.to_s.constantize
+ end
+
@args = args
@block = block
end
@@ -21,18 +26,28 @@ def ==(middleware)
end
def inspect
- str = @klass.to_s
- @args.each { |arg| str += ", #{arg.inspect}" }
+ str = klass.to_s
+ args.each { |arg| str += ", #{arg.inspect}" }
str
end
def build(app)
- klass.new(app, *args, &block)
+ if block
+ klass.new(app, *args, &block)
+ else
+ klass.new(app, *args)
+ end
end
end
+ def initialize(*args, &block)
+ super(*args)
+ block.call(self) if block_given?
+ end
+
def use(*args, &block)
- push(Middleware.new(*args, &block))
+ middleware = Middleware.new(*args, &block)
+ push(middleware)
end
def build(app)
@@ -3,24 +3,12 @@
module ActionController #:nodoc:
class RackRequest < AbstractRequest #:nodoc:
attr_accessor :session_options
- attr_reader :cgi
class SessionFixationAttempt < StandardError #:nodoc:
end
- DEFAULT_SESSION_OPTIONS = {
- :database_manager => CGI::Session::CookieStore, # store data in cookie
- :prefix => "ruby_sess.", # prefix session file names
- :session_path => "/", # available to all paths in app
- :session_key => "_session_id",
- :cookie_only => true,
- :session_http_only=> true
- }
-
- def initialize(env, session_options = DEFAULT_SESSION_OPTIONS)
- @session_options = session_options
+ def initialize(env)
@env = env
- @cgi = CGIWrapper.new(self)
super()
end
@@ -66,87 +54,25 @@ def server_software
@env['SERVER_SOFTWARE'].split("/").first
end
- def session
- unless defined?(@session)
- if @session_options == false
- @session = Hash.new
- else
- stale_session_check! do
- if cookie_only? && query_parameters[session_options_with_string_keys['session_key']]
- raise SessionFixationAttempt
- end
- case value = session_options_with_string_keys['new_session']
- when true
- @session = new_session
- when false
- begin
- @session = CGI::Session.new(@cgi, session_options_with_string_keys)
- # CGI::Session raises ArgumentError if 'new_session' == false
- # and no session cookie or query param is present.
- rescue ArgumentError
- @session = Hash.new
- end
- when nil
- @session = CGI::Session.new(@cgi, session_options_with_string_keys)
- else
- raise ArgumentError, "Invalid new_session option: #{value}"
- end
- @session['__valid_session']
- end
- end
- end
- @session
+ def session_options
+ @env['rack.session.options'] ||= {}
end
- def reset_session
- @session.delete if defined?(@session) && @session.is_a?(CGI::Session)
- @session = new_session
+ def session_options=(options)
+ @env['rack.session.options'] = options
end
- private
- # Delete an old session if it exists then create a new one.
- def new_session
- if @session_options == false
- Hash.new
- else
- CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => false)).delete rescue nil
- CGI::Session.new(@cgi, session_options_with_string_keys.merge("new_session" => true))
- end
- end
-
- def cookie_only?
- session_options_with_string_keys['cookie_only']
- end
-
- def stale_session_check!
- yield
- rescue ArgumentError => argument_error
- if argument_error.message =~ %r{undefined class/module ([\w:]*\w)}
- begin
- # Note that the regexp does not allow $1 to end with a ':'
- $1.constantize
- rescue LoadError, NameError => const_error
- raise ActionController::SessionRestoreError, <<-end_msg
-Session contains objects whose class definition isn\'t available.
-Remember to require the classes for all objects kept in the session.
-(Original exception: #{const_error.message} [#{const_error.class}])
-end_msg
- end
-
- retry
- else
- raise
- end
- end
+ def session
+ @env['rack.session'] ||= {}
+ end
- def session_options_with_string_keys
- @session_options_with_string_keys ||= DEFAULT_SESSION_OPTIONS.merge(@session_options).stringify_keys
- end
+ def reset_session
+ @env['rack.session'] = {}
+ end
end
class RackResponse < AbstractResponse #:nodoc:
- def initialize(request)
- @cgi = request.cgi
+ def initialize
@writer = lambda { |x| @body << x }
@block = nil
super()
@@ -247,49 +173,8 @@ def set_cookies!
else cookies << cookie.to_s
end
- @cgi.output_cookies.each { |c| cookies << c.to_s } if @cgi.output_cookies
-
headers['Set-Cookie'] = [headers['Set-Cookie'], cookies].flatten.compact
end
end
end
-
- class CGIWrapper < ::CGI
- attr_reader :output_cookies
-
- def initialize(request, *args)
- @request = request
- @args = *args
- @input = request.body
-
- super *args
- end
-
- def params
- @params ||= @request.params
- end
-
- def cookies
- @request.cookies
- end
-
- def query_string
- @request.query_string
- end
-
- # Used to wrap the normal args variable used inside CGI.
- def args
- @args
- end
-
- # Used to wrap the normal env_table variable used inside CGI.
- def env_table
- @request.env
- end
-
- # Used to wrap the normal stdinput variable used inside CGI.
- def stdinput
- @input
- end
- end
end
Oops, something went wrong.

0 comments on commit 8905688

Please sign in to comment.