-
Notifications
You must be signed in to change notification settings - Fork 21.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cookies serializer improvements #13945
Merged
Merged
Changes from all commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
b927d67
Renamed session_serializer option to cookies_serializer
chancancode 54641fa
Just very so slightly better test coverage
chancancode fafe8ec
Added HybridSerializer to upgrade existing marshal cookies (wip: need…
chancancode 25f68ac
Removed an old test
chancancode d4b7aa7
Tests for the HybridSerializer
rafaelfranca 6de4888
Fixed minor typo in test code
chancancode ba6861d
Changed the tests to ensure HybridSerializer actually migrates the co…
chancancode a6ce984
Convert FlashHash in a Hash with indifferent access
guilleiguaran a668bef
Stringify the incoming hash in FlashHash
guilleiguaran ead947a
Re-write legacy (marshal) cookies on read
chancancode 3a89386
Remove serializer option from session_store.rb template
guilleiguaran cd5960e
Fix AppGeneratorTest: serializer option was removed from session_store
guilleiguaran b97e087
Fixed broken flash tests
chancancode 9fc7a6f
Missed FlashHash#replace
chancancode ecf04f1
Added changelog entry for Flash changes [ci skip]
chancancode 0b86a6e
Updated CHANGELOG, docs, guides and release notes.
chancancode 7a3ef98
Migrate hash-based cookie values correctly
chancancode dafc0ee
rm warning about variable shadowing
chancancode File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 0 additions & 13 deletions
13
actionpack/lib/action_dispatch/middleware/session/json_serializer.rb
This file was deleted.
Oops, something went wrong.
14 changes: 0 additions & 14 deletions
14
actionpack/lib/action_dispatch/middleware/session/marshal_serializer.rb
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not have an explicit hybrid serializer and keep the \x04 stuff in there? have deserialize support both and serialize write json?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was changed in ead947a to enable automatica write-back.
Previously, I was passing a
HybridSerializer
downstream to theMessage{Encryptor,Verifier}
, however, if we want to actually migrate the cookie value on read (i.e. if I accesscookies.signed[:some_key]
it will re-write it as json), then it has to be done on the cookie jar level, because it needs access to[]=
on the cookie jar.That is mainly to mirror the behaviour on the legacy cookie jar migration thing we did from 3.2 -> 4.0, and to more aggressively migrate legacy cookies.
If we don't care for that, it could be much simpler.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For reference, this is the before code:
rails/actionpack/lib/action_dispatch/middleware/cookies.rb
Lines 387 to 397 in fafe8ec
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, if you can't piggyback on
@set_cookies
in the cookie jar then I guess this is the best way to handle it, does seem a bit janky is allThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's definitely a bit of a hack. I tried to come up with better ways to implement this, but I couldn't =/ The main problem is that if the deserialization is happening downstream, the cookie jar has no insight on whether a migration is necessary or not. If there are any suggestions over this I'd love to hear them 😄