Skip to content

[5.6] Fix assertCookie() now cookies are unserialized by default #25149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 8, 2018
Merged

[5.6] Fix assertCookie() now cookies are unserialized by default #25149

merged 1 commit into from
Aug 8, 2018

Conversation

derekmd
Copy link
Contributor

@derekmd derekmd commented Aug 8, 2018
edited
Loading

With the security fix, EncryptCookies middleware now has $serialize = false out-of-the-box so cookie
tests now fail with app('encrypter')->decrypt($cookieValue, $unserialize = true) always called by assertCookie().

This breaks the method signature by adding another optional argument but today's changes also (necessarily) do so ¯\_(ツ)_/¯.

To avoid changing the method signature in 5.5 & 5.6, an alternate solution is to hardcode assertCookie() to false:

app('encrypter')->decrypt($cookieValue, false)

And if anyone wishes to keep:

protected static $serialize = true;

in their EncryptCookies middleware, they must add macros to TestReponse with their own assertion methods.

Fix assertCookie() when unserialized
5dea660 
EncryptCookies middleware now has
`$serialize = false` OOTB so cookie
assertions in tests now fail.
@derekmd derekmd changed the title [5.6] Fix assertCookie() now that cookies are unserialized by default [5.6] Fix assertCookie() now cookies are unserialized by default Aug 8, 2018
@derekmd
Copy link
Contributor Author

derekmd commented Aug 8, 2018

It looks like Laravel Dusk's InteractsWithCookies trait will need some fixes as well.

@taylorotwell taylorotwell merged commit 20bc4da into laravel:5.6 Aug 8, 2018
@derekmd derekmd deleted the assert-cookie-unserialize-disabled branch August 8, 2018 20:56
@macecchi macecchi mentioned this pull request Aug 26, 2018
Merged
taylorotwell pushed a commit that referenced this pull request Aug 27, 2018
@macecchi @taylorotwell
Fix assertCookie() when unserialized (#25149) (#25347)
cc2555f 
EncryptCookies middleware now has
`$serialize = false` OOTB so cookie
assertions in tests now fail.
EspadaV8 pushed a commit to intellihr/framework that referenced this pull request Jan 28, 2021
@macecchi @EspadaV8
Fix assertCookie() when unserialized (laravel#25149) (laravel#25347)
9548ee8 
EncryptCookies middleware now has
`$serialize = false` OOTB so cookie
assertions in tests now fail.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@derekmd @taylorotwell