Rework payload handling.

Author: ioquatix

.github/workflows/test.yaml

@@ -21,10 +21,6 @@ jobs:
           - macos
 
         ruby:
-          - "2.5"
-          - "2.6"
-          - "2.7"
-          - "3.0"
           - "3.1"
           - "3.2"
           - "3.3"

config/sus.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+TEST_PATTERN = "sus/**/*.rb"
+
+def test_paths
+  return Dir.glob(TEST_PATTERN, base: @root)
+end

gems.rb

@@ -7,6 +7,8 @@
 
 gemspec
 
+gem "rake"
+
 group :maintenance, optional: true do
   if RUBY_VERSION > "3.1"
     gem "bake"
@@ -24,6 +26,12 @@
 end
 
 group :test do
+  gem "sus"
+
   gem "bake-test"
   gem "bake-test-external"
+
+  gem "minitest", "~> 5.0"
+  gem "minitest-global_expectations"
+  gem "minitest-sprint"
 end

lib/rack/session/abstract/id.rb

@@ -15,9 +15,7 @@
 require_relative '../constants'
 
 module Rack
-
   module Session
-
     class SessionId
       ID_VERSION = 2
 

lib/rack/session/cookie.rb

@@ -156,26 +156,30 @@ def decode(str)
 
       attr_reader :coder, :encryptors
 
-      def initialize(app, options = {})
-        # support both :secrets and :secret for backwards compatibility
-        secrets = [*(options[:secrets] || options[:secret])]
+      def initialize(app, coder: Marshal, serialize_json: false, key: nil, purpose: nil, secrets: [], secret: nil, **options)
+        # Support both :secrets and :secret for backwards compatibility:
+        if secret
+          secrets << secret
+        end
+
+        # `serialize_json` is awefully specific... allow a general `coder` option:
+        if serialize_json
+          coder ||= JSON
+        end
 
-        encryptor_opts = {
-          purpose: options[:key], serialize_json: options[:serialize_json]
-        }
+        # Let's consider `key` to be legacy:
+        purpose ||= key
 
-        # For each secret, create an Encryptor. We have iterate this Array at
-        # decryption time to achieve key rotation.
+        # For each secret, create an Encryptor, to support key rotation:
         @encryptors = secrets.map do |secret|
-          Rack::Session::Encryptor.new secret, encryptor_opts
+          Rack::Session::Encryptor.new(secret, delegate: coder, purpose: purpose)
         end
 
-        # If a legacy HMAC secret is present, initialize those features.
-        # Fallback to :secret for backwards compatibility.
-        if options.has_key?(:legacy_hmac_secret) || options.has_key?(:secret)
+        # If a legacy HMAC secret is present, initialize those features:
+        if options.has_key?(:legacy_hmac_secret) || secret
           @legacy_hmac = options.fetch(:legacy_hmac, 'SHA1')
 
-          @legacy_hmac_secret = options[:legacy_hmac_secret] || options[:secret]
+          @legacy_hmac_secret = options[:legacy_hmac_secret] || secret
           @legacy_hmac_coder  = options.fetch(:legacy_hmac_coder, Base64::Marshal.new)
         else
           @legacy_hmac = false
@@ -216,7 +220,7 @@ def unpacked_cookie_data(request)
             session_data = nil
 
             # Try to decrypt the session data with our encryptors
-            encryptors.each do |encryptor|
+            @encryptors.each do |encryptor|
               begin
                 session_data = encryptor.decrypt(cookie_data)
                 break
@@ -290,10 +294,10 @@ def legacy_generate_hmac(data)
       end
 
       def encode_session_data(session)
-        if encryptors.empty?
+        if @encryptors.empty?
           coder.encode(session)
         else
-          encryptors.first.encrypt(session)
+          @encryptors.first.encrypt(session)
         end
       end