go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/server/auth/deprecated/cookie_test.go (about)

     1  // Copyright 2015 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package deprecated
    16  
    17  import (
    18  	"context"
    19  	"net/http"
    20  	"testing"
    21  	"time"
    22  
    23  	"go.chromium.org/luci/common/clock"
    24  	"go.chromium.org/luci/common/clock/testclock"
    25  
    26  	"go.chromium.org/luci/server/secrets"
    27  	"go.chromium.org/luci/server/secrets/testsecrets"
    28  
    29  	. "github.com/smartystreets/goconvey/convey"
    30  )
    31  
    32  func TestCookie(t *testing.T) {
    33  	Convey("With context", t, func() {
    34  		c := context.Background()
    35  		c, _ = testclock.UseTime(c, time.Unix(1442540000, 0))
    36  		c = secrets.Use(c, &testsecrets.Store{})
    37  
    38  		Convey("Encode and decode works", func() {
    39  			cookie, err := makeSessionCookie(c, "sid", true)
    40  			So(err, ShouldBeNil)
    41  			So(cookie, ShouldResemble, &http.Cookie{
    42  				Name: "oid_session",
    43  				Value: "AXsiX2kiOiIxNDQyNTQwMDAwMDAwIiwic2lkIjoic2lkIn1NXPzKTFXWhzt" +
    44  					"tmqW2uODV4f1Nvt1zLxAnWTtjqkhGEQ",
    45  				Path:     "/",
    46  				Expires:  clock.Now(c).Add(2591100 * time.Second),
    47  				MaxAge:   2591100,
    48  				Secure:   true,
    49  				HttpOnly: true,
    50  			})
    51  
    52  			r, err := http.NewRequest("GET", "http://example.com", nil)
    53  			So(err, ShouldBeNil)
    54  			r.AddCookie(cookie)
    55  
    56  			sid, err := decodeSessionCookie(c, r)
    57  			So(err, ShouldBeNil)
    58  			So(sid, ShouldEqual, "sid")
    59  		})
    60  
    61  		Convey("Bad cookie is ignored", func() {
    62  			r, err := http.NewRequest("GET", "http://example.com", nil)
    63  			So(err, ShouldBeNil)
    64  			r.AddCookie(&http.Cookie{
    65  				Name:     "oid_session",
    66  				Value:    "garbage",
    67  				Path:     "/",
    68  				Expires:  clock.Now(c).Add(2591100 * time.Second),
    69  				MaxAge:   2591100,
    70  				Secure:   true,
    71  				HttpOnly: true,
    72  			})
    73  			sid, err := decodeSessionCookie(c, r)
    74  			So(err, ShouldBeNil)
    75  			So(sid, ShouldEqual, "")
    76  		})
    77  
    78  		Convey("Expired session token is ignored", func() {
    79  			r, err := http.NewRequest("GET", "http://example.com", nil)
    80  			So(err, ShouldBeNil)
    81  			r.AddCookie(&http.Cookie{
    82  				Name: "oid_session",
    83  				Value: "AXsiX2kiOiIxNDQyNTQwMDAwMDAwIiwic2lkIjoic2lkIn1NXPzKTFXWhzt" +
    84  					"tmqW2uODV4f1Nvt1zLxAnWTtjqkhGEQ",
    85  				Path:     "/",
    86  				Expires:  clock.Now(c).Add(2591100 * time.Second),
    87  				MaxAge:   2591100,
    88  				Secure:   true,
    89  				HttpOnly: true,
    90  			})
    91  
    92  			// Works now.
    93  			sid, err := decodeSessionCookie(c, r)
    94  			So(err, ShouldBeNil)
    95  			So(sid, ShouldEqual, "sid")
    96  
    97  			// Doesn't work after expiration.
    98  			clock.Get(c).(testclock.TestClock).Add(2600000 * time.Second)
    99  			sid, err = decodeSessionCookie(c, r)
   100  			So(err, ShouldBeNil)
   101  			So(sid, ShouldEqual, "")
   102  		})
   103  	})
   104  }