github.com/blend/go-sdk@v1.20220411.3/web/read_set_cookies_test.go

github.com/blend/go-sdk@v1.20220411.3/web/read_set_cookies_test.go (about)

     1  /*
     2  
     3  Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved
     4  Use of this source code is governed by a MIT license that can be found in the LICENSE file.
     5  
     6  */
     7  
     8  package web
     9  
    10  import (
    11  	"net/http"
    12  	"testing"
    13  	"time"
    14  
    15  	"github.com/blend/go-sdk/assert"
    16  )
    17  
    18  var readSetCookiesTests = []struct {
    19  	Header  http.Header
    20  	Cookies []*http.Cookie
    21  }{
    22  	{
    23  		http.Header{"Set-Cookie": {"Cookie-1=v$1"}},
    24  		[]*http.Cookie{{Name: "Cookie-1", Value: "v$1", Raw: "Cookie-1=v$1"}},
    25  	},
    26  	{
    27  		http.Header{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}},
    28  		[]*http.Cookie{{
    29  			Name:       "NID",
    30  			Value:      "99=YsDT5i3E-CXax-",
    31  			Path:       "/",
    32  			Domain:     ".google.ch",
    33  			HttpOnly:   true,
    34  			Expires:    time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC),
    35  			RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT",
    36  			Raw:        "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
    37  		}},
    38  	},
    39  	{
    40  		http.Header{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
    41  		[]*http.Cookie{{
    42  			Name:       ".ASPXAUTH",
    43  			Value:      "7E3AA",
    44  			Path:       "/",
    45  			Expires:    time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC),
    46  			RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT",
    47  			HttpOnly:   true,
    48  			Raw:        ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
    49  		}},
    50  	},
    51  	{
    52  		http.Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}},
    53  		[]*http.Cookie{{
    54  			Name:     "ASP.NET_SessionId",
    55  			Value:    "foo",
    56  			Path:     "/",
    57  			HttpOnly: true,
    58  			Raw:      "ASP.NET_SessionId=foo; path=/; HttpOnly",
    59  		}},
    60  	},
    61  	{
    62  		http.Header{"Set-Cookie": {"samesitedefault=foo; SameSite"}},
    63  		[]*http.Cookie{{
    64  			Name:     "samesitedefault",
    65  			Value:    "foo",
    66  			SameSite: http.SameSiteDefaultMode,
    67  			Raw:      "samesitedefault=foo; SameSite",
    68  		}},
    69  	},
    70  	{
    71  		http.Header{"Set-Cookie": {"samesitelax=foo; SameSite=Lax"}},
    72  		[]*http.Cookie{{
    73  			Name:     "samesitelax",
    74  			Value:    "foo",
    75  			SameSite: http.SameSiteLaxMode,
    76  			Raw:      "samesitelax=foo; SameSite=Lax",
    77  		}},
    78  	},
    79  	{
    80  		http.Header{"Set-Cookie": {"samesitestrict=foo; SameSite=Strict"}},
    81  		[]*http.Cookie{{
    82  			Name:     "samesitestrict",
    83  			Value:    "foo",
    84  			SameSite: http.SameSiteStrictMode,
    85  			Raw:      "samesitestrict=foo; SameSite=Strict",
    86  		}},
    87  	},
    88  	// Make sure we can properly read back the Set-Cookie headers we create
    89  	// for values containing spaces or commas:
    90  	{
    91  		http.Header{"Set-Cookie": {`special-1=a z`}},
    92  		[]*http.Cookie{{Name: "special-1", Value: "a z", Raw: `special-1=a z`}},
    93  	},
    94  	{
    95  		http.Header{"Set-Cookie": {`special-2=" z"`}},
    96  		[]*http.Cookie{{Name: "special-2", Value: " z", Raw: `special-2=" z"`}},
    97  	},
    98  	{
    99  		http.Header{"Set-Cookie": {`special-3="a "`}},
   100  		[]*http.Cookie{{Name: "special-3", Value: "a ", Raw: `special-3="a "`}},
   101  	},
   102  	{
   103  		http.Header{"Set-Cookie": {`special-4=" "`}},
   104  		[]*http.Cookie{{Name: "special-4", Value: " ", Raw: `special-4=" "`}},
   105  	},
   106  	{
   107  		http.Header{"Set-Cookie": {`special-5=a,z`}},
   108  		[]*http.Cookie{{Name: "special-5", Value: "a,z", Raw: `special-5=a,z`}},
   109  	},
   110  	{
   111  		http.Header{"Set-Cookie": {`special-6=",z"`}},
   112  		[]*http.Cookie{{Name: "special-6", Value: ",z", Raw: `special-6=",z"`}},
   113  	},
   114  	{
   115  		http.Header{"Set-Cookie": {`special-7=a,`}},
   116  		[]*http.Cookie{{Name: "special-7", Value: "a,", Raw: `special-7=a,`}},
   117  	},
   118  	{
   119  		http.Header{"Set-Cookie": {`special-8=","`}},
   120  		[]*http.Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}},
   121  	},
   122  
   123  	// TODO(bradfitz): users have reported seeing this in the
   124  	// wild, but do browsers handle it? RFC 6265 just says "don't
   125  	// do that" (section 3) and then never mentions header folding
   126  	// again.
   127  	// Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
   128  }
   129  
   130  func TestReadSetCookies(t *testing.T) {
   131  	assert := assert.New(t)
   132  
   133  	for _, tt := range readSetCookiesTests {
   134  		for n := 0; n < 2; n++ { // to verify readSetCookies doesn't mutate its input
   135  			c := ReadSetCookies(tt.Header)
   136  			assert.NonFatal().Equal(c, tt.Cookies)
   137  		}
   138  	}
   139  }