1
// Copyright 2010 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
19
var writeSetCookiesTests = []struct {
24
&Cookie{Name: "cookie-1", Value: "v$1"},
28
&Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600},
29
"cookie-2=two; Max-Age=3600",
32
&Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"},
33
"cookie-3=three; Domain=example.com",
36
&Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"},
37
"cookie-4=four; Path=/restricted/",
40
&Cookie{Name: "cookie-5", Value: "five", Domain: "wrong;bad.abc"},
44
&Cookie{Name: "cookie-6", Value: "six", Domain: "bad-.abc"},
48
&Cookie{Name: "cookie-7", Value: "seven", Domain: "127.0.0.1"},
49
"cookie-7=seven; Domain=127.0.0.1",
52
&Cookie{Name: "cookie-8", Value: "eight", Domain: "::1"},
57
func TestWriteSetCookies(t *testing.T) {
58
defer log.SetOutput(os.Stderr)
59
var logbuf bytes.Buffer
60
log.SetOutput(&logbuf)
62
for i, tt := range writeSetCookiesTests {
63
if g, e := tt.Cookie.String(), tt.Raw; g != e {
64
t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, e, g)
69
if got, sub := logbuf.String(), "dropping domain attribute"; !strings.Contains(got, sub) {
70
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
74
type headerOnlyResponseWriter Header
76
func (ho headerOnlyResponseWriter) Header() Header {
80
func (ho headerOnlyResponseWriter) Write([]byte) (int, error) {
84
func (ho headerOnlyResponseWriter) WriteHeader(int) {
88
func TestSetCookie(t *testing.T) {
90
SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-1", Value: "one", Path: "/restricted/"})
91
SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600})
92
if l := len(m["Set-Cookie"]); l != 2 {
93
t.Fatalf("expected %d cookies, got %d", 2, l)
95
if g, e := m["Set-Cookie"][0], "cookie-1=one; Path=/restricted/"; g != e {
96
t.Errorf("cookie #1: want %q, got %q", e, g)
98
if g, e := m["Set-Cookie"][1], "cookie-2=two; Max-Age=3600"; g != e {
99
t.Errorf("cookie #2: want %q, got %q", e, g)
103
var addCookieTests = []struct {
112
[]*Cookie{{Name: "cookie-1", Value: "v$1"}},
117
{Name: "cookie-1", Value: "v$1"},
118
{Name: "cookie-2", Value: "v$2"},
119
{Name: "cookie-3", Value: "v$3"},
121
"cookie-1=v$1; cookie-2=v$2; cookie-3=v$3",
125
func TestAddCookie(t *testing.T) {
126
for i, tt := range addCookieTests {
127
req, _ := NewRequest("GET", "http://example.com/", nil)
128
for _, c := range tt.Cookies {
131
if g := req.Header.Get("Cookie"); g != tt.Raw {
132
t.Errorf("Test %d:\nwant: %s\n got: %s\n", i, tt.Raw, g)
138
var readSetCookiesTests = []struct {
143
Header{"Set-Cookie": {"Cookie-1=v$1"}},
144
[]*Cookie{{Name: "Cookie-1", Value: "v$1", Raw: "Cookie-1=v$1"}},
147
Header{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}},
150
Value: "99=YsDT5i3E-CXax-",
152
Domain: ".google.ch",
154
Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC),
155
RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT",
156
Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
160
Header{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
165
Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC),
166
RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT",
168
Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
172
Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}},
174
Name: "ASP.NET_SessionId",
178
Raw: "ASP.NET_SessionId=foo; path=/; HttpOnly",
182
// TODO(bradfitz): users have reported seeing this in the
183
// wild, but do browsers handle it? RFC 6265 just says "don't
184
// do that" (section 3) and then never mentions header folding
186
// Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
189
func toJSON(v interface{}) string {
190
b, err := json.Marshal(v)
192
return fmt.Sprintf("%#v", v)
197
func TestReadSetCookies(t *testing.T) {
198
for i, tt := range readSetCookiesTests {
199
for n := 0; n < 2; n++ { // to verify readSetCookies doesn't mutate its input
200
c := readSetCookies(tt.Header)
201
if !reflect.DeepEqual(c, tt.Cookies) {
202
t.Errorf("#%d readSetCookies: have\n%s\nwant\n%s\n", i, toJSON(c), toJSON(tt.Cookies))
209
var readCookiesTests = []struct {
215
Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
218
{Name: "Cookie-1", Value: "v$1"},
219
{Name: "c2", Value: "v2"},
223
Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
226
{Name: "c2", Value: "v2"},
230
Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
233
{Name: "Cookie-1", Value: "v$1"},
234
{Name: "c2", Value: "v2"},
238
Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
241
{Name: "c2", Value: "v2"},
246
func TestReadCookies(t *testing.T) {
247
for i, tt := range readCookiesTests {
248
for n := 0; n < 2; n++ { // to verify readCookies doesn't mutate its input
249
c := readCookies(tt.Header, tt.Filter)
250
if !reflect.DeepEqual(c, tt.Cookies) {
251
t.Errorf("#%d readCookies:\nhave: %s\nwant: %s\n", i, toJSON(c), toJSON(tt.Cookies))
258
func TestCookieSanitizeValue(t *testing.T) {
259
defer log.SetOutput(os.Stderr)
260
var logbuf bytes.Buffer
261
log.SetOutput(&logbuf)
267
{"foo bar", "foobar"},
268
{"\x00\x7e\x7f\x80", "\x7e"},
269
{`"withquotes"`, "withquotes"},
271
for _, tt := range tests {
272
if got := sanitizeCookieValue(tt.in); got != tt.want {
273
t.Errorf("sanitizeCookieValue(%q) = %q; want %q", tt.in, got, tt.want)
277
if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
278
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
282
func TestCookieSanitizePath(t *testing.T) {
283
defer log.SetOutput(os.Stderr)
284
var logbuf bytes.Buffer
285
log.SetOutput(&logbuf)
291
{"/path with space/", "/path with space/"},
292
{"/just;no;semicolon\x00orstuff/", "/justnosemicolonorstuff/"},
294
for _, tt := range tests {
295
if got := sanitizeCookiePath(tt.in); got != tt.want {
296
t.Errorf("sanitizeCookiePath(%q) = %q; want %q", tt.in, got, tt.want)
300
if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
301
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)