New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow session serializer key in config.session_store #13692

Merged
merged 1 commit into from Jan 29, 2014

Conversation

Projects
None yet
8 participants
@lukesarnacki
Contributor

lukesarnacki commented Jan 13, 2014

MessageEncryptor has :serializer option, where any serializer object can be passed.
This commit make it possible to set serializer from configuration level.

There are predefined serializers and custom serializer can be passed
by adding custom class to ActionDispatch::Session.

This was suggested in #12881

@chancancode

View changes

Show outdated Hide outdated actionpack/lib/action_dispatch/middleware/session/json_serializer.rb
@lukaszx0

This comment has been minimized.

Show comment
Hide comment
@lukaszx0

lukaszx0 Jan 21, 2014

Member

Wouldn't it be worth to put those serializers under session/serializers directory?

/cc @mattetti @NZKoz @rafaelfranca

Member

lukaszx0 commented Jan 21, 2014

Wouldn't it be worth to put those serializers under session/serializers directory?

/cc @mattetti @NZKoz @rafaelfranca

@NZKoz

This comment has been minimized.

Show comment
Hide comment
@NZKoz

NZKoz Jan 21, 2014

Member

No strong opinions on the layout, might be nice to simply allow:

  serializer: MyCrazySerializer.new

rather than requiring symbols corresponding to class names, it's more extensible that way.

Member

NZKoz commented Jan 21, 2014

No strong opinions on the layout, might be nice to simply allow:

  serializer: MyCrazySerializer.new

rather than requiring symbols corresponding to class names, it's more extensible that way.

@mattetti

This comment has been minimized.

Show comment
Hide comment
@mattetti

mattetti Jan 21, 2014

Contributor

I like @koz' suggestion.

On Tue, Jan 21, 2014 at 2:04 PM, Michael Koziarski <notifications@github.com

wrote:

No strong opinions on the layout, might be nice to simply allow:

serializer: MyCrazySerializer.new

rather than requiring symbols corresponding to class names, it's more
extensible that way.


Reply to this email directly or view it on GitHubhttps://github.com/rails/rails/pull/13692#issuecomment-32968788
.

Contributor

mattetti commented Jan 21, 2014

I like @koz' suggestion.

On Tue, Jan 21, 2014 at 2:04 PM, Michael Koziarski <notifications@github.com

wrote:

No strong opinions on the layout, might be nice to simply allow:

serializer: MyCrazySerializer.new

rather than requiring symbols corresponding to class names, it's more
extensible that way.


Reply to this email directly or view it on GitHubhttps://github.com/rails/rails/pull/13692#issuecomment-32968788
.

@lukesarnacki

This comment has been minimized.

Show comment
Hide comment
@lukesarnacki

lukesarnacki Jan 22, 2014

Contributor

@NZKoz , @mattetti, there are 2 reasons for using symbols:

  1. Some of the classes might not be loaded in config yet.
  2. I just thought that we could set :json_serializer as secure default in generators.

So maybe it would be better to enable both options. If symbol is passed, it will try to find it in ActionDispatch::Session namespace, if something else is passed (so i.e. new serializer class instance) it will just use it. And I can set :json_serializer in generator.

Contributor

lukesarnacki commented Jan 22, 2014

@NZKoz , @mattetti, there are 2 reasons for using symbols:

  1. Some of the classes might not be loaded in config yet.
  2. I just thought that we could set :json_serializer as secure default in generators.

So maybe it would be better to enable both options. If symbol is passed, it will try to find it in ActionDispatch::Session namespace, if something else is passed (so i.e. new serializer class instance) it will just use it. And I can set :json_serializer in generator.

@NZKoz

This comment has been minimized.

Show comment
Hide comment
@NZKoz

NZKoz Jan 22, 2014

Member

@lukesarnacki sounds good to me, it's definitely nice to be able to say :json for built in serializers, but it quickly gets annoying when you have a custom serializer and need to write your own code inside an ActiveSupport::SomeThing name space.

Member

NZKoz commented Jan 22, 2014

@lukesarnacki sounds good to me, it's definitely nice to be able to say :json for built in serializers, but it quickly gets annoying when you have a custom serializer and need to write your own code inside an ActiveSupport::SomeThing name space.

@lukesarnacki

This comment has been minimized.

Show comment
Hide comment
@lukesarnacki

lukesarnacki Jan 22, 2014

Contributor

@NZKoz @mattetti I made it possible to pass serializer object and added serializer: :json_serializer in generators. Please let me know if there is anything else that should be changed in order to merge :).

Contributor

lukesarnacki commented Jan 22, 2014

@NZKoz @mattetti I made it possible to pass serializer object and added serializer: :json_serializer in generators. Please let me know if there is anything else that should be changed in order to merge :).

@robin850

View changes

Show outdated Hide outdated guides/source/action_controller_overview.md
@lukesarnacki

This comment has been minimized.

Show comment
Hide comment
@lukesarnacki

lukesarnacki Jan 29, 2014

Contributor

@mattetti, @robin850, do you have any other suggestions? :)

Contributor

lukesarnacki commented Jan 29, 2014

@mattetti, @robin850, do you have any other suggestions? :)

@robin850

View changes

Show outdated Hide outdated actionpack/CHANGELOG.md
Allow session serializer key in config.session_store
MessageEncryptor has :serializer option, where any serializer object can
be passed. This commit make it possible to set this serializer from configuration
level.

There are predefined serializers (:marshal_serializer, :json_serialzier)
and custom serializer can be passed as String, Symbol (camelized and
constantized in ActionDispatch::Session namepspace) or serializer object.

Default :json_serializer was also added to generators to provide secure
defalt.
@guilleiguaran

This comment has been minimized.

Show comment
Hide comment
@guilleiguaran

guilleiguaran Jan 29, 2014

Member

Looks great 👍

Member

guilleiguaran commented Jan 29, 2014

Looks great 👍

guilleiguaran added a commit that referenced this pull request Jan 29, 2014

Merge pull request #13692 from lukesarnacki/change-default-session-se…
…rializer

Allow session serializer key in config.session_store

@guilleiguaran guilleiguaran merged commit b242552 into rails:master Jan 29, 2014

1 check passed

default The Travis CI build passed
Details
@lukaszx0

This comment has been minimized.

Show comment
Hide comment
@lukaszx0

lukaszx0 Jan 29, 2014

Member

Great work @lukesarnacki ! Thanks @mattetti and @NZKoz for helping out. 👍

Member

lukaszx0 commented Jan 29, 2014

Great work @lukesarnacki ! Thanks @mattetti and @NZKoz for helping out. 👍

@mattetti

This comment has been minimized.

Show comment
Hide comment
@mattetti

mattetti Jan 29, 2014

Contributor

Łukasz sounds good to me.

On Wed, Jan 29, 2014 at 10:49 AM, Guillermo Iguaran <
notifications@github.com> wrote:

Merged #13692 #13692.


Reply to this email directly or view it on GitHubhttps://github.com/rails/rails/pull/13692
.

Contributor

mattetti commented Jan 29, 2014

Łukasz sounds good to me.

On Wed, Jan 29, 2014 at 10:49 AM, Guillermo Iguaran <
notifications@github.com> wrote:

Merged #13692 #13692.


Reply to this email directly or view it on GitHubhttps://github.com/rails/rails/pull/13692
.

@lukesarnacki

This comment has been minimized.

Show comment
Hide comment
@lukesarnacki

lukesarnacki Jan 29, 2014

Contributor

@robin850 please add credits for @mattetti as you said, thanks! @mattetti thanks for helping with this, it wouldn't be done without you ❤️

@robin850 Also as I wrote in outdated diff, could it be mapped to both me and @mattetti ?

Contributor

lukesarnacki commented Jan 29, 2014

@robin850 please add credits for @mattetti as you said, thanks! @mattetti thanks for helping with this, it wouldn't be done without you ❤️

@robin850 Also as I wrote in outdated diff, could it be mapped to both me and @mattetti ?

@rafaelfranca

This comment has been minimized.

Show comment
Hide comment
@rafaelfranca

rafaelfranca Jan 29, 2014

Member

Very good. Thank you @lukesarnacki

Member

rafaelfranca commented Jan 29, 2014

Very good. Thank you @lukesarnacki

@lukesarnacki lukesarnacki deleted the lukesarnacki:change-default-session-serializer branch Jan 29, 2014

@robin850

This comment has been minimized.

Show comment
Hide comment
@robin850

robin850 Jan 29, 2014

Member

Thank you guys! ❤️

@lukesarnacki : Guillermo added credit for @mattetti in 0f15610. However, since the commit is now merged, we can't amend the commit to map both your names, I'm sorry. 😢

Member

robin850 commented Jan 29, 2014

Thank you guys! ❤️

@lukesarnacki : Guillermo added credit for @mattetti in 0f15610. However, since the commit is now merged, we can't amend the commit to map both your names, I'm sorry. 😢

@dplummer dplummer referenced this pull request Mar 11, 2014

Merged

Custom encoder class #16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment