From bdb225556bbd9da15639ba9e77db0c4d33bd7396 Mon Sep 17 00:00:00 2001 From: Jared Hales Date: Thu, 18 Jan 2018 16:19:36 -0500 Subject: [PATCH 1/2] Better handle `cacheable-flash` transitioners The `cacheable-flash` gem is no longer maintained and the author suggests `unobtrusive_flash` as its successor: https://github.com/pboling/cacheable-flash However, the flash cookie format is different between these two libraries. This patch will make the transition from one to the other more painless (and as an added side effect also to help to handle tampered cookies that may not be in the expected format). I manually did this locally for our project and figured others might benefit from it as well. --- lib/unobtrusive_flash/controller_mixin.rb | 7 ++++--- spec/sanitize_flash_spec.rb | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/unobtrusive_flash/controller_mixin.rb b/lib/unobtrusive_flash/controller_mixin.rb index 26e316d..bcc5660 100644 --- a/lib/unobtrusive_flash/controller_mixin.rb +++ b/lib/unobtrusive_flash/controller_mixin.rb @@ -50,15 +50,16 @@ def sanitize_flash(flash, displayable_flash_keys) end def append_flash_to_cookie(existing_cookie, flash, unobtrusive_flash_keys) - cookie_flash = (existing_cookie && parse_cookie(existing_cookie)) || [] - cookie_flash += sanitize_flash(flash, unobtrusive_flash_keys) + cookie_flash = (existing_cookie && parse_cookie(existing_cookie)) + cookie_flash = [] unless cookie_flash.is_a? Array + cookie_flash += self.sanitize_flash(flash, unobtrusive_flash_keys) cookie_flash.uniq.to_json end def parse_cookie(existing_cookie) JSON.parse(existing_cookie) rescue JSON::JSONError - nil + [] end end end diff --git a/spec/sanitize_flash_spec.rb b/spec/sanitize_flash_spec.rb index 7f865b3..95c3534 100644 --- a/spec/sanitize_flash_spec.rb +++ b/spec/sanitize_flash_spec.rb @@ -20,6 +20,14 @@ expect(described_class.append_flash_to_cookie(nil, {:baz => 'qux'}, [:baz])).to eq('[["baz","qux"]]') end + it 'should gracefully handle non-conforming cookies' do + expect(described_class.append_flash_to_cookie('{}', {:baz => 'qux'}, [:baz])).to eq('[["baz","qux"]]') + end + + it 'should gracefully handle tampered cookies' do + expect(described_class.append_flash_to_cookie('some_invalid_json', {:baz => 'qux'}, [:baz])).to eq('[["baz","qux"]]') + end + it 'should reuse existing cookie' do expect(described_class.append_flash_to_cookie('[["foo","bar"]]', {:baz => 'qux'}, [:baz])).to eq('[["foo","bar"],["baz","qux"]]') end From 0dc2064d076fa75495e07e251912343e1b464a71 Mon Sep 17 00:00:00 2001 From: Jared Hales Date: Fri, 19 Jan 2018 12:19:16 -0500 Subject: [PATCH 2/2] remove redundant `self` --- lib/unobtrusive_flash/controller_mixin.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/unobtrusive_flash/controller_mixin.rb b/lib/unobtrusive_flash/controller_mixin.rb index bcc5660..820b585 100644 --- a/lib/unobtrusive_flash/controller_mixin.rb +++ b/lib/unobtrusive_flash/controller_mixin.rb @@ -52,7 +52,7 @@ def sanitize_flash(flash, displayable_flash_keys) def append_flash_to_cookie(existing_cookie, flash, unobtrusive_flash_keys) cookie_flash = (existing_cookie && parse_cookie(existing_cookie)) cookie_flash = [] unless cookie_flash.is_a? Array - cookie_flash += self.sanitize_flash(flash, unobtrusive_flash_keys) + cookie_flash += sanitize_flash(flash, unobtrusive_flash_keys) cookie_flash.uniq.to_json end