mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
5169543a6d
Necessary in controller tests to determine if the CookieJar will delete the given cookie.
578 lines
No EOL
17 KiB
Ruby
578 lines
No EOL
17 KiB
Ruby
require 'abstract_unit'
|
|
|
|
class CookiesTest < ActionController::TestCase
|
|
class TestController < ActionController::Base
|
|
def authenticate
|
|
cookies["user_name"] = "david"
|
|
head :ok
|
|
end
|
|
|
|
def set_with_with_escapable_characters
|
|
cookies["that & guy"] = "foo & bar => baz"
|
|
head :ok
|
|
end
|
|
|
|
def authenticate_for_fourteen_days
|
|
cookies["user_name"] = { "value" => "david", "expires" => Time.utc(2005, 10, 10,5) }
|
|
head :ok
|
|
end
|
|
|
|
def authenticate_for_fourteen_days_with_symbols
|
|
cookies[:user_name] = { :value => "david", :expires => Time.utc(2005, 10, 10,5) }
|
|
head :ok
|
|
end
|
|
|
|
def set_multiple_cookies
|
|
cookies["user_name"] = { "value" => "david", "expires" => Time.utc(2005, 10, 10,5) }
|
|
cookies["login"] = "XJ-122"
|
|
head :ok
|
|
end
|
|
|
|
def access_frozen_cookies
|
|
cookies["will"] = "work"
|
|
head :ok
|
|
end
|
|
|
|
def logout
|
|
cookies.delete("user_name")
|
|
head :ok
|
|
end
|
|
|
|
def delete_cookie_with_path
|
|
cookies.delete("user_name", :path => '/beaten')
|
|
head :ok
|
|
end
|
|
|
|
def authenticate_with_http_only
|
|
cookies["user_name"] = { :value => "david", :httponly => true }
|
|
head :ok
|
|
end
|
|
|
|
def authenticate_with_secure
|
|
cookies["user_name"] = { :value => "david", :secure => true }
|
|
head :ok
|
|
end
|
|
|
|
def set_permanent_cookie
|
|
cookies.permanent[:user_name] = "Jamie"
|
|
head :ok
|
|
end
|
|
|
|
def set_signed_cookie
|
|
cookies.signed[:user_id] = 45
|
|
head :ok
|
|
end
|
|
|
|
def raise_data_overflow
|
|
cookies.signed[:foo] = 'bye!' * 1024
|
|
head :ok
|
|
end
|
|
|
|
def tampered_cookies
|
|
cookies[:tampered] = "BAh7BjoIZm9vIghiYXI%3D--123456780"
|
|
cookies.signed[:tampered]
|
|
head :ok
|
|
end
|
|
|
|
def set_permanent_signed_cookie
|
|
cookies.permanent.signed[:remember_me] = 100
|
|
head :ok
|
|
end
|
|
|
|
def delete_and_set_cookie
|
|
cookies.delete :user_name
|
|
cookies[:user_name] = { :value => "david", :expires => Time.utc(2005, 10, 10,5) }
|
|
head :ok
|
|
end
|
|
|
|
def set_cookie_with_domain
|
|
cookies[:user_name] = {:value => "rizwanreza", :domain => :all}
|
|
head :ok
|
|
end
|
|
|
|
def delete_cookie_with_domain
|
|
cookies.delete(:user_name, :domain => :all)
|
|
head :ok
|
|
end
|
|
|
|
def set_cookie_with_domain_and_tld
|
|
cookies[:user_name] = {:value => "rizwanreza", :domain => :all, :tld_length => 2}
|
|
head :ok
|
|
end
|
|
|
|
def delete_cookie_with_domain_and_tld
|
|
cookies.delete(:user_name, :domain => :all, :tld_length => 2)
|
|
head :ok
|
|
end
|
|
|
|
def set_cookie_with_domains
|
|
cookies[:user_name] = {:value => "rizwanreza", :domain => %w(example1.com example2.com .example3.com)}
|
|
head :ok
|
|
end
|
|
|
|
def delete_cookie_with_domains
|
|
cookies.delete(:user_name, :domain => %w(example1.com example2.com .example3.com))
|
|
head :ok
|
|
end
|
|
|
|
def symbol_key
|
|
cookies[:user_name] = "david"
|
|
head :ok
|
|
end
|
|
|
|
def string_key
|
|
cookies['user_name'] = "dhh"
|
|
head :ok
|
|
end
|
|
|
|
def symbol_key_mock
|
|
cookies[:user_name] = "david" if cookies[:user_name] == "andrew"
|
|
head :ok
|
|
end
|
|
|
|
def string_key_mock
|
|
cookies['user_name'] = "david" if cookies['user_name'] == "andrew"
|
|
head :ok
|
|
end
|
|
|
|
def noop
|
|
head :ok
|
|
end
|
|
end
|
|
|
|
tests TestController
|
|
|
|
def setup
|
|
super
|
|
@request.env["action_dispatch.secret_token"] = "b3c631c314c0bbca50c1b2843150fe33"
|
|
@request.host = "www.nextangle.com"
|
|
end
|
|
|
|
def test_each
|
|
request.cookie_jar['foo'] = :bar
|
|
list = []
|
|
request.cookie_jar.each do |k,v|
|
|
list << [k, v]
|
|
end
|
|
|
|
assert_equal [['foo', :bar]], list
|
|
end
|
|
|
|
def test_enumerable
|
|
request.cookie_jar['foo'] = :bar
|
|
actual = request.cookie_jar.map { |k,v| [k.to_s, v.to_s] }
|
|
assert_equal [['foo', 'bar']], actual
|
|
end
|
|
|
|
def test_key_methods
|
|
assert !request.cookie_jar.key?(:foo)
|
|
assert !request.cookie_jar.has_key?("foo")
|
|
|
|
request.cookie_jar[:foo] = :bar
|
|
assert request.cookie_jar.key?(:foo)
|
|
assert request.cookie_jar.has_key?("foo")
|
|
end
|
|
|
|
def test_setting_cookie
|
|
get :authenticate
|
|
assert_cookie_header "user_name=david; path=/"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_with_escapable_characters
|
|
get :set_with_with_escapable_characters
|
|
assert_cookie_header "that+%26+guy=foo+%26+bar+%3D%3E+baz; path=/"
|
|
assert_equal({"that & guy" => "foo & bar => baz"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_cookie_for_fourteen_days
|
|
get :authenticate_for_fourteen_days
|
|
assert_cookie_header "user_name=david; path=/; expires=Mon, 10-Oct-2005 05:00:00 GMT"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_cookie_for_fourteen_days_with_symbols
|
|
get :authenticate_for_fourteen_days_with_symbols
|
|
assert_cookie_header "user_name=david; path=/; expires=Mon, 10-Oct-2005 05:00:00 GMT"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_cookie_with_http_only
|
|
get :authenticate_with_http_only
|
|
assert_cookie_header "user_name=david; path=/; HttpOnly"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_cookie_with_secure
|
|
@request.env["HTTPS"] = "on"
|
|
get :authenticate_with_secure
|
|
assert_cookie_header "user_name=david; path=/; secure"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_cookie_with_secure_when_always_write_cookie_is_true
|
|
ActionDispatch::Cookies::CookieJar.any_instance.stubs(:always_write_cookie).returns(true)
|
|
get :authenticate_with_secure
|
|
assert_cookie_header "user_name=david; path=/; secure"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_not_setting_cookie_with_secure
|
|
get :authenticate_with_secure
|
|
assert_not_cookie_header "user_name=david; path=/; secure"
|
|
assert_not_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_multiple_cookies
|
|
get :set_multiple_cookies
|
|
assert_equal 2, @response.cookies.size
|
|
assert_cookie_header "user_name=david; path=/; expires=Mon, 10-Oct-2005 05:00:00 GMT\nlogin=XJ-122; path=/"
|
|
assert_equal({"login" => "XJ-122", "user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_setting_test_cookie
|
|
assert_nothing_raised { get :access_frozen_cookies }
|
|
end
|
|
|
|
def test_expiring_cookie
|
|
get :logout
|
|
assert_cookie_header "user_name=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
assert_equal({"user_name" => nil}, @response.cookies)
|
|
end
|
|
|
|
def test_delete_cookie_with_path
|
|
get :delete_cookie_with_path
|
|
assert_cookie_header "user_name=; path=/beaten; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
end
|
|
|
|
def test_deleted_cookie_predicate
|
|
cookies.delete("user_name")
|
|
assert cookies.deleted?("user_name")
|
|
assert_equal false, cookies.deleted?("another")
|
|
end
|
|
|
|
def test_deleted_cookie_predicate_with_mismatching_options
|
|
cookies.delete("user_name", :path => "/path")
|
|
assert_equal false, cookies.deleted?("user_name", :path => "/different")
|
|
end
|
|
|
|
def test_cookies_persist_throughout_request
|
|
response = get :authenticate
|
|
assert response.headers["Set-Cookie"] =~ /user_name=david/
|
|
end
|
|
|
|
def test_permanent_cookie
|
|
get :set_permanent_cookie
|
|
assert_match(/Jamie/, @response.headers["Set-Cookie"])
|
|
assert_match(%r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"])
|
|
end
|
|
|
|
def test_signed_cookie
|
|
get :set_signed_cookie
|
|
assert_equal 45, @controller.send(:cookies).signed[:user_id]
|
|
end
|
|
|
|
def test_accessing_nonexistant_signed_cookie_should_not_raise_an_invalid_signature
|
|
get :set_signed_cookie
|
|
assert_nil @controller.send(:cookies).signed[:non_existant_attribute]
|
|
end
|
|
|
|
def test_permanent_signed_cookie
|
|
get :set_permanent_signed_cookie
|
|
assert_match(%r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"])
|
|
assert_equal 100, @controller.send(:cookies).signed[:remember_me]
|
|
end
|
|
|
|
def test_delete_and_set_cookie
|
|
get :delete_and_set_cookie
|
|
assert_cookie_header "user_name=david; path=/; expires=Mon, 10-Oct-2005 05:00:00 GMT"
|
|
assert_equal({"user_name" => "david"}, @response.cookies)
|
|
end
|
|
|
|
def test_raise_data_overflow
|
|
assert_raise(ActionDispatch::Cookies::CookieOverflow) do
|
|
get :raise_data_overflow
|
|
end
|
|
end
|
|
|
|
def test_tampered_cookies
|
|
assert_nothing_raised do
|
|
get :tampered_cookies
|
|
assert_response :success
|
|
end
|
|
end
|
|
|
|
def test_raises_argument_error_if_missing_secret
|
|
assert_raise(ArgumentError, nil.inspect) {
|
|
@request.env["action_dispatch.secret_token"] = nil
|
|
get :set_signed_cookie
|
|
}
|
|
|
|
assert_raise(ArgumentError, ''.inspect) {
|
|
@request.env["action_dispatch.secret_token"] = ""
|
|
get :set_signed_cookie
|
|
}
|
|
end
|
|
|
|
def test_raises_argument_error_if_secret_is_probably_insecure
|
|
assert_raise(ArgumentError, "password".inspect) {
|
|
@request.env["action_dispatch.secret_token"] = "password"
|
|
get :set_signed_cookie
|
|
}
|
|
|
|
assert_raise(ArgumentError, "secret".inspect) {
|
|
@request.env["action_dispatch.secret_token"] = "secret"
|
|
get :set_signed_cookie
|
|
}
|
|
|
|
assert_raise(ArgumentError, "12345678901234567890123456789".inspect) {
|
|
@request.env["action_dispatch.secret_token"] = "12345678901234567890123456789"
|
|
get :set_signed_cookie
|
|
}
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_a_non_standard_tld
|
|
@request.host = "two.subdomains.nextangle.local"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_australian_style_tld
|
|
@request.host = "nextangle.com.au"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com.au; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_uk_style_tld
|
|
@request.host = "nextangle.co.uk"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_host_with_port
|
|
@request.host = "nextangle.local:3000"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_localhost
|
|
@request.host = "localhost"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_ipv4_address
|
|
@request.host = "192.168.1.1"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_ipv6_address
|
|
@request.host = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
|
|
get :set_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; path=/"
|
|
end
|
|
|
|
def test_deleting_cookie_with_all_domain_option
|
|
get :delete_cookie_with_domain
|
|
assert_response :success
|
|
assert_cookie_header "user_name=; domain=.nextangle.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_and_tld_length
|
|
get :set_cookie_with_domain_and_tld
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_a_non_standard_tld_and_tld_length
|
|
@request.host = "two.subdomains.nextangle.local"
|
|
get :set_cookie_with_domain_and_tld
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
|
|
end
|
|
|
|
def test_cookie_with_all_domain_option_using_host_with_port_and_tld_length
|
|
@request.host = "nextangle.local:3000"
|
|
get :set_cookie_with_domain_and_tld
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
|
|
end
|
|
|
|
def test_deleting_cookie_with_all_domain_option_and_tld_length
|
|
get :delete_cookie_with_domain_and_tld
|
|
assert_response :success
|
|
assert_cookie_header "user_name=; domain=.nextangle.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
end
|
|
|
|
def test_cookie_with_several_preset_domains_using_one_of_these_domains
|
|
@request.host = "example1.com"
|
|
get :set_cookie_with_domains
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=example1.com; path=/"
|
|
end
|
|
|
|
def test_cookie_with_several_preset_domains_using_other_domain
|
|
@request.host = "other-domain.com"
|
|
get :set_cookie_with_domains
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; path=/"
|
|
end
|
|
|
|
def test_cookie_with_several_preset_domains_using_shared_domain
|
|
@request.host = "example3.com"
|
|
get :set_cookie_with_domains
|
|
assert_response :success
|
|
assert_cookie_header "user_name=rizwanreza; domain=.example3.com; path=/"
|
|
end
|
|
|
|
def test_deletings_cookie_with_several_preset_domains_using_one_of_these_domains
|
|
@request.host = "example2.com"
|
|
get :delete_cookie_with_domains
|
|
assert_response :success
|
|
assert_cookie_header "user_name=; domain=example2.com; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
end
|
|
|
|
def test_deletings_cookie_with_several_preset_domains_using_other_domain
|
|
@request.host = "other-domain.com"
|
|
get :delete_cookie_with_domains
|
|
assert_response :success
|
|
assert_cookie_header "user_name=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
|
|
end
|
|
|
|
|
|
def test_cookies_hash_is_indifferent_access
|
|
get :symbol_key
|
|
assert_equal "david", cookies[:user_name]
|
|
assert_equal "david", cookies['user_name']
|
|
get :string_key
|
|
assert_equal "dhh", cookies[:user_name]
|
|
assert_equal "dhh", cookies['user_name']
|
|
end
|
|
|
|
|
|
|
|
def test_setting_request_cookies_is_indifferent_access
|
|
cookies.clear
|
|
cookies[:user_name] = "andrew"
|
|
get :string_key_mock
|
|
assert_equal "david", cookies['user_name']
|
|
|
|
cookies.clear
|
|
cookies['user_name'] = "andrew"
|
|
get :symbol_key_mock
|
|
assert_equal "david", cookies[:user_name]
|
|
end
|
|
|
|
def test_cookies_retained_across_requests
|
|
get :symbol_key
|
|
assert_cookie_header "user_name=david; path=/"
|
|
assert_equal "david", cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_nil @response.headers["Set-Cookie"]
|
|
assert_equal "david", cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_nil @response.headers["Set-Cookie"]
|
|
assert_equal "david", cookies[:user_name]
|
|
end
|
|
|
|
def test_cookies_can_be_cleared
|
|
get :symbol_key
|
|
assert_equal "david", cookies[:user_name]
|
|
|
|
cookies.clear
|
|
get :noop
|
|
assert_nil cookies[:user_name]
|
|
|
|
get :symbol_key
|
|
assert_equal "david", cookies[:user_name]
|
|
end
|
|
|
|
def test_can_set_http_cookie_header
|
|
@request.env['HTTP_COOKIE'] = 'user_name=david'
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
@request.env['HTTP_COOKIE'] = 'user_name=andrew'
|
|
get :noop
|
|
assert_equal 'andrew', cookies['user_name']
|
|
assert_equal 'andrew', cookies[:user_name]
|
|
end
|
|
|
|
def test_can_set_request_cookies
|
|
@request.cookies['user_name'] = 'david'
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
@request.cookies[:user_name] = 'andrew'
|
|
get :noop
|
|
assert_equal 'andrew', cookies['user_name']
|
|
assert_equal 'andrew', cookies[:user_name]
|
|
end
|
|
|
|
def test_cookies_precedence_over_http_cookie
|
|
@request.env['HTTP_COOKIE'] = 'user_name=andrew'
|
|
get :authenticate
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
end
|
|
|
|
def test_cookies_precedence_over_request_cookies
|
|
@request.cookies['user_name'] = 'andrew'
|
|
get :authenticate
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
|
|
get :noop
|
|
assert_equal 'david', cookies['user_name']
|
|
assert_equal 'david', cookies[:user_name]
|
|
end
|
|
|
|
private
|
|
def assert_cookie_header(expected)
|
|
header = @response.headers["Set-Cookie"]
|
|
if header.respond_to?(:to_str)
|
|
assert_equal expected.split("\n").sort, header.split("\n").sort
|
|
else
|
|
assert_equal expected.split("\n"), header
|
|
end
|
|
end
|
|
|
|
def assert_not_cookie_header(expected)
|
|
header = @response.headers["Set-Cookie"]
|
|
if header.respond_to?(:to_str)
|
|
assert_not_equal expected.split("\n").sort, header.split("\n").sort
|
|
else
|
|
assert_not_equal expected.split("\n"), header
|
|
end
|
|
end
|
|
end |