From 2095179c4958e736047c9e078d9a5c9711962a96 Mon Sep 17 00:00:00 2001 From: Ryan Bigg Date: Sat, 4 Jul 2026 17:08:47 +1000 Subject: [PATCH] Do not cooerce session keys to strings for getters/setters --- lib/hanami/action/request/session.rb | 15 +++------------ spec/unit/hanami/action/csrf_protection_spec.rb | 4 ++-- spec/unit/hanami/action/session_spec.rb | 9 ++++++++- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/lib/hanami/action/request/session.rb b/lib/hanami/action/request/session.rb index 1c079217..faf03869 100644 --- a/lib/hanami/action/request/session.rb +++ b/lib/hanami/action/request/session.rb @@ -14,6 +14,9 @@ class Session def_delegators \ :@session, + :[], + :[]=, + :key?, :clear, :delete, :empty?, @@ -29,18 +32,6 @@ def initialize(session) @session = session end - def [](key) - @session[key.to_s] - end - - def []=(key, value) - @session[key.to_s] = value - end - - def key?(key) - @session.key?(key.to_s) - end - alias_method :has_key?, :key? alias_method :include?, :key? diff --git a/spec/unit/hanami/action/csrf_protection_spec.rb b/spec/unit/hanami/action/csrf_protection_spec.rb index a78529a9..26007c3d 100644 --- a/spec/unit/hanami/action/csrf_protection_spec.rb +++ b/spec/unit/hanami/action/csrf_protection_spec.rb @@ -40,7 +40,7 @@ context "Existing session" do let(:request) { super().merge("rack.session" => session) } - let(:session) { {"_csrf_token" => session_token} } + let(:session) { {_csrf_token: session_token} } let(:session_token) { "abc123" } context "matching CSRF token in request" do @@ -130,7 +130,7 @@ def verify_csrf_token?(_req, _res) context "Existing session" do let(:request) { super().merge("rack.session" => session) } - let(:session) { {"_csrf_token" => session_token} } + let(:session) { {_csrf_token: session_token} } let(:session_token) { "abc123" } it "includes the existing CSRF token in the response session" do diff --git a/spec/unit/hanami/action/session_spec.rb b/spec/unit/hanami/action/session_spec.rb index c714ae50..33f0a1d9 100644 --- a/spec/unit/hanami/action/session_spec.rb +++ b/spec/unit/hanami/action/session_spec.rb @@ -16,10 +16,17 @@ expect(response.session).to eq({}) end - it "allows value access via symbols" do + it "allows value access via strings" do action = SessionAction.new response = action.call("rack.session" => {"foo" => "bar"}) + expect(response.session["foo"]).to eq("bar") + end + + it "allows value access via symbols" do + action = SessionAction.new + response = action.call("rack.session" => {foo: "bar"}) + expect(response.session[:foo]).to eq("bar") end end