github.com/crewjam/saml@v0.4.14/samlsp/session_cookie_test.go

github.com/crewjam/saml@v0.4.14/samlsp/session_cookie_test.go (about)

     1  package samlsp
     2  
     3  import (
     4  	"net/http"
     5  	"net/http/httptest"
     6  	"testing"
     7  
     8  	"gotest.tools/assert"
     9  	is "gotest.tools/assert/cmp"
    10  
    11  	"github.com/crewjam/saml"
    12  )
    13  
    14  func TestCookieSameSite(t *testing.T) {
    15  	t.Parallel()
    16  
    17  	csp := CookieSessionProvider{
    18  		Name:   "token",
    19  		Domain: "localhost",
    20  		Codec: DefaultSessionCodec(Options{
    21  			Key: NewMiddlewareTest(t).Key,
    22  		}),
    23  	}
    24  
    25  	getSessionCookie := func(tb testing.TB) *http.Cookie {
    26  		resp := httptest.NewRecorder()
    27  		req := httptest.NewRequest(http.MethodGet, "/", nil)
    28  		err := csp.CreateSession(resp, req, &saml.Assertion{})
    29  		assert.Check(tb, err)
    30  
    31  		result := resp.Result()
    32  		cookies := result.Cookies()
    33  		assert.Check(tb, is.Len(cookies, 1), "Expected to have a cookie set")
    34  		assert.Check(tb, result.Body.Close())
    35  
    36  		return cookies[0]
    37  	}
    38  
    39  	t.Run("no same site", func(t *testing.T) {
    40  		cookie := getSessionCookie(t)
    41  		assert.Check(t, is.Equal(http.SameSite(0), cookie.SameSite))
    42  	})
    43  
    44  	t.Run("with same site", func(t *testing.T) {
    45  		csp.SameSite = http.SameSiteStrictMode
    46  		cookie := getSessionCookie(t)
    47  		assert.Check(t, is.Equal(http.SameSiteStrictMode, cookie.SameSite))
    48  	})
    49  }