Rack Session is broken

[artis3n]

Bug

I can't build ruby 2.3.3 on OSX anymore but I can build ruby 2.3.8. On that version, this PR bumping rack to 2.0.8 breaks the code on master. Deploying master and simply navigating to the home page causes this error:

➜ ruby serpico.rb
|+| [06/01/2020 16:56] Using Serpico only logging .. : SERVER_LOG
|+| [06/01/2020 16:56] Sending Webrick logging to /dev/null..
2020-01-06 16:56:37 - RuntimeError - :
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/session/abstract/id.rb:31:in `to_s'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/property/string.rb:46:in `typecast_to_primitive'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/property.rb:686:in `typecast'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:320:in `typecast_property'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:315:in `typecast'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:495:in `typecast'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:291:in `initialize'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:60:in `new'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query/conditions/comparison.rb:60:in `new'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1182:in `append_property_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1148:in `append_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1213:in `append_string_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1150:in `append_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1193:in `append_symbol_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1149:in `append_condition'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1020:in `block (2 levels) in merge_conditions'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1020:in `each'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1020:in `block in merge_conditions'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1014:in `each'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:1014:in `merge_conditions'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/query.rb:370:in `update'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/dm-core-1.2.1/lib/dm-core/model.rb:373:in `first'
        /Users/user/Documents/SerpicoTest/model/master.rb:264:in `is_valid?'
        /Users/user/Documents/SerpicoTest/server.rb:166:in `valid_session?'
        /Users/user/Documents/SerpicoTest/routes/basic.rb:24:in `block (2 levels) in <top (required)>'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1635:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1635:in `block in compile!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1040:in `block in process_route'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1038:in `catch'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1038:in `process_route'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:983:in `block in filter!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:983:in `each'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:983:in `filter!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:982:in `filter!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1096:in `block in dispatch!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `block in invoke'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `catch'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `invoke'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1094:in `dispatch!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:924:in `block in call!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `block in invoke'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `catch'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1076:in `invoke'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:924:in `call!'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:913:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/xss_header.rb:18:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/base.rb:50:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/base.rb:50:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/path_traversal.rb:16:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/json_csrf.rb:26:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/base.rb:50:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/base.rb:50:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-protection-2.0.4/lib/rack/protection/frame_options.rb:31:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/session/abstract/id.rb:259:in `context'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/session/abstract/id.rb:253:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/head.rb:12:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/method_override.rb:22:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:194:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1957:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1502:in `block in call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1729:in `synchronize'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/sinatra-2.0.4/lib/sinatra/base.rb:1502:in `call'
        /Users/user/.rvm/gems/ruby-2.3.8/gems/rack-2.0.8/lib/rack/handler/webrick.rb:86:in `service'
        /Users/user/.rvm/rubies/ruby-2.3.8/lib/ruby/2.3.0/webrick/httpserver.rb:140:in `service'
        /Users/user/.rvm/rubies/ruby-2.3.8/lib/ruby/2.3.0/webrick/httpserver.rb:96:in `run'
        /Users/user/.rvm/rubies/ruby-2.3.8/lib/ruby/2.3.0/webrick/server.rb:314:in `block in start_thread'

1. RVM install ruby-2.3.8 (2.3.3 fails due to openssl issue, well documented on google and semi-unrelated to this direct bug)
2. gem install bundler & bundle install
3. ruby scripts/first_time.rb
4. ruby serpico.rb
5. Navigate to https://127.0.0.1:8443, see error dump posted above in the console. Webpage will show

Error!! Check the process dump for the error or turn show_exceptions on to show in the web interface.

[artis3n]

I'm assuming this works fine on ruby 2.3.3, which is why it was merged, but I cannot run 2.3.3 to find out.

[BuffaloWill]

Thanks @artis3n! I am going to roll back to rack 2.0.5.

As a heads up, within the next week I am going to change around the build process. This would allow us to update Ruby to a modern version would give us room to upgrade some of these gems.

[BuffaloWill]

OK, rolled back. What a mess :man_facepalming:. TBH this is self inflicted tech debt, but still using these older versions of Ruby and Gems isn't acceptable and we need to get it fixed.

[artis3n]

Glad to help!

within the next week I am going to change around the build process. This would allow us to update Ruby to a modern version would give us room to upgrade some of these gems.

🎉 🎉 🎉