Changed session key to use namespaced keyword

ring-clojure · May 19, 2014 · 69082e6 · 69082e6
1 parent f487969
commit 69082e6
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 15 deletions.
diff --git a/src/ring/middleware/anti_forgery.clj b/src/ring/middleware/anti_forgery.clj
@@ -12,15 +12,15 @@
   (random/base64 60))
 
 (defn- session-token [request]
-  (get-in request [:session "__anti-forgery-token"]))
+  (get-in request [:session ::anti-forgery-token]))
 
 (defn- assoc-session-token [response request token]
   (let [old-token (session-token request)]
     (if (= old-token token)
       response
       (-> response
           (assoc :session (:session response (:session request)))
-          (assoc-in [:session "__anti-forgery-token"] token)))))
+          (assoc-in [:session ::anti-forgery-token] token)))))
 
 (defn- form-params [request]
   (merge (:form-params request)

diff --git a/test/ring/middleware/test/anti_forgery.clj b/test/ring/middleware/test/anti_forgery.clj
@@ -1,4 +1,5 @@
 (ns ring.middleware.test.anti-forgery
+  (:require [ring.middleware.anti-forgery :as af])
   (:use clojure.test
         ring.middleware.anti-forgery
         ring.mock.request))
@@ -10,10 +11,10 @@
       403 (-> (request :post "/")
               (assoc :form-params {"__anti-forgery-token" "foo"}))
       403 (-> (request :post "/")
-              (assoc :session {"__anti-forgery-token" "foo"})
+              (assoc :session {::af/anti-forgery-token "foo"})
               (assoc :form-params {"__anti-forgery-token" "bar"}))
       200 (-> (request :post "/")
-              (assoc :session {"__anti-forgery-token" "foo"})
+              (assoc :session {::af/anti-forgery-token "foo"})
               (assoc :form-params {"__anti-forgery-token" "foo"})))))
 
 (deftest request-method-test
@@ -31,7 +32,7 @@
   (let [response {:status 200, :headers {}, :body "Foo"}
         handler  (wrap-anti-forgery (constantly response))
         sess-req (-> (request :post "/")
-                     (assoc :session {"__anti-forgery-token" "foo"}))]
+                     (assoc :session {::af/anti-forgery-token "foo"}))]
     (are [status req] (= (:status (handler req)) status)
       200 (assoc sess-req :headers {"x-csrf-token" "foo"})
       200 (assoc sess-req :headers {"x-xsrf-token" "foo"}))))
@@ -40,7 +41,7 @@
   (let [response {:status 200, :headers {}, :body "Foo"}
         handler  (wrap-anti-forgery (constantly response))]
     (is (= (-> (request :post "/")
-               (assoc :session {"__anti-forgery-token" "foo"})
+               (assoc :session {::af/anti-forgery-token "foo"})
                (assoc :multipart-params {"__anti-forgery-token" "foo"})
                handler
                :status)
@@ -50,19 +51,19 @@
   (let [response {:status 200, :headers {}, :body "Foo"}
         handler  (wrap-anti-forgery (constantly response))]
     (is (contains? (:session (handler (request :get "/")))
-                   "__anti-forgery-token"))
+                   ::af/anti-forgery-token))
     (is (not= (get-in (handler (request :get "/"))
-                      [:session "__anti-forgery-token"])
+                      [:session ::af/anti-forgery-token])
               (get-in (handler (request :get "/"))
-                      [:session "__anti-forgery-token"])))))
+                      [:session ::af/anti-forgery-token])))))
 
 (deftest token-binding-test
   (letfn [(handler [request]
             {:status 200
              :headers {}
              :body *anti-forgery-token*})]
     (let [response ((wrap-anti-forgery handler) (request :get "/"))]
-      (is (= (get-in response [:session "__anti-forgery-token"])
+      (is (= (get-in response [:session ::af/anti-forgery-token])
              (:body response))))))
 
 (deftest nil-response-test
@@ -76,30 +77,30 @@
              :headers {}
              :body *anti-forgery-token*})]
     (let [response ((wrap-anti-forgery handler) (request :get "/"))
-          token    (get-in response [:session "__anti-forgery-token"])]
+          token    (get-in response [:session ::af/anti-forgery-token])]
       (is (not (.contains token "\n"))))))
 
 (deftest single-token-per-session-test
   (let [expected {:status 200, :headers {}, :body "Foo"}
         handler  (wrap-anti-forgery (constantly expected))
         actual   (handler
                   (-> (request :get "/")
-                      (assoc-in [:session "__anti-forgery-token"] "foo")))]
+                      (assoc-in [:session ::af/anti-forgery-token] "foo")))]
     (is (= actual expected))))
 
 (deftest not-overwrite-session-test
   (let [response {:status 200 :headers {} :body nil}
         handler  (wrap-anti-forgery (constantly response))
         session  (:session (handler (-> (request :get "/")
                                         (assoc-in [:session "foo"] "bar"))))]
-    (is (contains? session "__anti-forgery-token"))
+    (is (contains? session ::af/anti-forgery-token))
     (is (= (session "foo") "bar"))))
 
 (deftest session-response-test
   (let [response {:status 200 :headers {} :session {"foo" "bar"} :body nil}
         handler  (wrap-anti-forgery (constantly response))
         session  (:session (handler (request :get "/")))]
-    (is (contains? session "__anti-forgery-token"))
+    (is (contains? session ::af/anti-forgery-token))
     (is (= (session "foo") "bar"))))
 
 (deftest custom-error-response-test
@@ -135,7 +136,7 @@
                   (constantly response)
                   {:read-token #(get-in % [:headers "x-forgery-token"])})
         req      (-> (request :post "/")
-                     (assoc :session {"__anti-forgery-token" "foo"})
+                     (assoc :session {::af/anti-forgery-token "foo"})
                      (assoc :headers {"x-forgery-token" "foo"}))]
     (is (= (:status (handler req))
            200))