cookiejar 0.3.2 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +7 -0
- data/.rspec +2 -0
- data/.travis.yml +17 -0
- data/Gemfile +2 -0
- data/LICENSE +1 -1
- data/README.markdown +20 -1
- data/Rakefile +11 -12
- data/_config.yml +1 -0
- data/cookiejar.gemspec +28 -0
- data/lib/cookiejar/cookie.rb +57 -63
- data/lib/cookiejar/cookie_validation.rb +105 -100
- data/lib/cookiejar/jar.rb +51 -49
- data/lib/cookiejar/version.rb +4 -0
- data/lib/cookiejar.rb +2 -1
- data/spec/cookie_spec.rb +90 -90
- data/spec/cookie_validation_spec.rb +147 -155
- data/spec/jar_spec.rb +107 -110
- data/spec/spec_helper.rb +5 -0
- metadata +55 -22
@@ -1,244 +1,236 @@
|
|
1
|
-
require '
|
2
|
-
require 'rubygems'
|
1
|
+
require 'spec_helper'
|
3
2
|
|
4
3
|
include CookieJar
|
5
4
|
describe CookieValidation do
|
6
|
-
describe
|
5
|
+
describe '#validate_cookie' do
|
7
6
|
localaddr = 'http://localhost/foo/bar/'
|
8
|
-
it
|
9
|
-
|
7
|
+
it 'should fail if version unset' do
|
8
|
+
expect {
|
10
9
|
unversioned = Cookie.from_set_cookie localaddr, 'foo=bar'
|
11
10
|
unversioned.instance_variable_set :@version, nil
|
12
11
|
CookieValidation.validate_cookie localaddr, unversioned
|
13
|
-
|
14
|
-
end
|
15
|
-
it
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
end
|
45
|
-
it
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
it "should fail for setting subdomain cookies" do
|
52
|
-
lambda do
|
53
|
-
subdomain = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=auth.foo.com'
|
54
|
-
# validate_cookie 'http://foo.com/', subdomain
|
55
|
-
end.should raise_error InvalidCookieError
|
56
|
-
end
|
57
|
-
it "should handle a normal implicit internet cookie" do
|
12
|
+
}.to raise_error InvalidCookieError
|
13
|
+
end
|
14
|
+
it 'should fail if the path is more specific' do
|
15
|
+
expect {
|
16
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;path=/foo/bar/baz'
|
17
|
+
}.to raise_error InvalidCookieError
|
18
|
+
end
|
19
|
+
it 'should fail if the path is different than the request' do
|
20
|
+
expect {
|
21
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;path=/baz/'
|
22
|
+
}.to raise_error InvalidCookieError
|
23
|
+
end
|
24
|
+
it 'should fail if the domain has no dots' do
|
25
|
+
expect {
|
26
|
+
Cookie.from_set_cookie 'http://zero/', 'foo=bar;domain=zero'
|
27
|
+
}.to raise_error InvalidCookieError
|
28
|
+
end
|
29
|
+
it 'should fail for explicit localhost' do
|
30
|
+
expect {
|
31
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;domain=localhost'
|
32
|
+
}.to raise_error InvalidCookieError
|
33
|
+
end
|
34
|
+
it 'should fail for mismatched domains' do
|
35
|
+
expect {
|
36
|
+
Cookie.from_set_cookie 'http://www.foo.com/', 'foo=bar;domain=bar.com'
|
37
|
+
}.to raise_error InvalidCookieError
|
38
|
+
end
|
39
|
+
it 'should fail for domains more than one level up' do
|
40
|
+
expect {
|
41
|
+
Cookie.from_set_cookie 'http://x.y.z.com/', 'foo=bar;domain=z.com'
|
42
|
+
}.to raise_error InvalidCookieError
|
43
|
+
end
|
44
|
+
it 'should fail for setting subdomain cookies' do
|
45
|
+
expect {
|
46
|
+
Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=auth.foo.com'
|
47
|
+
}.to raise_error InvalidCookieError
|
48
|
+
end
|
49
|
+
it 'should handle a normal implicit internet cookie' do
|
58
50
|
normal = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar'
|
59
|
-
CookieValidation.validate_cookie('http://foo.com/', normal).
|
51
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', normal)).to be_truthy
|
60
52
|
end
|
61
|
-
it
|
53
|
+
it 'should handle a normal implicit localhost cookie' do
|
62
54
|
localhost = Cookie.from_set_cookie 'http://localhost/', 'foo=bar'
|
63
|
-
CookieValidation.validate_cookie('http://localhost/', localhost).
|
55
|
+
expect(CookieValidation.validate_cookie('http://localhost/', localhost)).to be_truthy
|
64
56
|
end
|
65
|
-
it
|
66
|
-
ipaddr =
|
67
|
-
CookieValidation.validate_cookie('http://127.0.0.1/', ipaddr).
|
57
|
+
it 'should handle an implicit IP address cookie' do
|
58
|
+
ipaddr = Cookie.from_set_cookie 'http://127.0.0.1/', 'foo=bar'
|
59
|
+
expect(CookieValidation.validate_cookie('http://127.0.0.1/', ipaddr)).to be_truthy
|
68
60
|
end
|
69
|
-
it
|
61
|
+
it 'should handle an explicit domain on an internet site' do
|
70
62
|
explicit = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=.foo.com'
|
71
|
-
CookieValidation.validate_cookie('http://foo.com/', explicit).
|
63
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', explicit)).to be_truthy
|
72
64
|
end
|
73
|
-
it
|
65
|
+
it 'should handle setting a cookie explicitly on a superdomain' do
|
74
66
|
superdomain = Cookie.from_set_cookie 'http://auth.foo.com/', 'foo=bar;domain=.foo.com'
|
75
|
-
CookieValidation.validate_cookie('http://foo.com/', superdomain).
|
67
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', superdomain)).to be_truthy
|
76
68
|
end
|
77
|
-
it
|
69
|
+
it 'should handle explicitly setting a cookie' do
|
78
70
|
explicit = Cookie.from_set_cookie 'http://foo.com/bar/', 'foo=bar;path=/bar/'
|
79
71
|
CookieValidation.validate_cookie('http://foo.com/bar/', explicit)
|
80
72
|
end
|
81
|
-
it
|
73
|
+
it 'should handle setting a cookie on a higher path' do
|
82
74
|
higher = Cookie.from_set_cookie 'http://foo.com/bar/baz/', 'foo=bar;path=/bar/'
|
83
75
|
CookieValidation.validate_cookie('http://foo.com/bar/baz/', higher)
|
84
|
-
end
|
76
|
+
end
|
85
77
|
end
|
86
78
|
describe '#cookie_base_path' do
|
87
79
|
it "should leave '/' alone" do
|
88
|
-
CookieValidation.cookie_base_path('/').
|
80
|
+
expect(CookieValidation.cookie_base_path('/')).to eq '/'
|
89
81
|
end
|
90
82
|
it "should strip off everything after the last '/'" do
|
91
|
-
CookieValidation.cookie_base_path('/foo/bar/baz').
|
83
|
+
expect(CookieValidation.cookie_base_path('/foo/bar/baz')).to eq '/foo/bar/'
|
92
84
|
end
|
93
|
-
it
|
94
|
-
CookieValidation.cookie_base_path('/foo/bar?query=a/b/c#fragment/b/c').
|
85
|
+
it 'should handle query parameters and fragments with slashes' do
|
86
|
+
expect(CookieValidation.cookie_base_path('/foo/bar?query=a/b/c#fragment/b/c')).to eq '/foo/'
|
95
87
|
end
|
96
|
-
it
|
97
|
-
CookieValidation.cookie_base_path(URI.parse('http://www.foo.com/bar/')).
|
88
|
+
it 'should handle URI objects' do
|
89
|
+
expect(CookieValidation.cookie_base_path(URI.parse('http://www.foo.com/bar/'))).to eq '/bar/'
|
98
90
|
end
|
99
|
-
it
|
100
|
-
CookieValidation.cookie_base_path(
|
91
|
+
it 'should preserve case' do
|
92
|
+
expect(CookieValidation.cookie_base_path('/BaR/')).to eq '/BaR/'
|
101
93
|
end
|
102
94
|
end
|
103
95
|
describe '#determine_cookie_path' do
|
104
|
-
it
|
105
|
-
CookieValidation.determine_cookie_path('http://foo.com/', nil).
|
106
|
-
CookieValidation.determine_cookie_path('http://foo.com/bar/baz', '').
|
96
|
+
it 'should use the requested path when none is specified for the cookie' do
|
97
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/', nil)).to eq '/'
|
98
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/bar/baz', '')).to eq '/bar/'
|
107
99
|
end
|
108
|
-
it
|
109
|
-
CookieValidation.determine_cookie_path(URI.parse('http://foo.com/bar/'), '').
|
100
|
+
it 'should handle URI objects' do
|
101
|
+
expect(CookieValidation.determine_cookie_path(URI.parse('http://foo.com/bar/'), '')).to eq '/bar/'
|
110
102
|
end
|
111
|
-
it
|
112
|
-
cookie = Cookie.from_set_cookie('http://foo.com/',
|
113
|
-
CookieValidation.determine_cookie_path('http://foo.com/', cookie).
|
103
|
+
it 'should handle Cookie objects' do
|
104
|
+
cookie = Cookie.from_set_cookie('http://foo.com/', 'name=value;path=/')
|
105
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/', cookie)).to eq '/'
|
114
106
|
end
|
115
|
-
it
|
116
|
-
CookieValidation.determine_cookie_path('http://foo.com/ignorable/path', '/path/').
|
107
|
+
it 'should ignore the request when a path is specified' do
|
108
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/ignorable/path', '/path/')).to eq '/path/'
|
117
109
|
end
|
118
110
|
end
|
119
111
|
describe '#compute_search_domains' do
|
120
|
-
it
|
121
|
-
CookieValidation.compute_search_domains('http://www.auth.foo.com/').
|
122
|
-
|
112
|
+
it 'should handle subdomains' do
|
113
|
+
expect(CookieValidation.compute_search_domains('http://www.auth.foo.com/')).to eq(
|
114
|
+
['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com'])
|
123
115
|
end
|
124
|
-
it
|
125
|
-
CookieValidation.compute_search_domains('http://foo.com/').
|
126
|
-
|
116
|
+
it 'should handle root domains' do
|
117
|
+
expect(CookieValidation.compute_search_domains('http://foo.com/')).to eq(
|
118
|
+
['foo.com', '.foo.com'])
|
127
119
|
end
|
128
|
-
it
|
129
|
-
CookieValidation.compute_search_domains('http://tiny.cc/').
|
130
|
-
|
120
|
+
it 'should handle hexadecimal TLDs' do
|
121
|
+
expect(CookieValidation.compute_search_domains('http://tiny.cc/')).to eq(
|
122
|
+
['tiny.cc', '.tiny.cc'])
|
131
123
|
end
|
132
|
-
it
|
133
|
-
CookieValidation.compute_search_domains('http://127.0.0.1/').
|
134
|
-
|
124
|
+
it 'should handle IP addresses' do
|
125
|
+
expect(CookieValidation.compute_search_domains('http://127.0.0.1/')).to eq(
|
126
|
+
['127.0.0.1'])
|
135
127
|
end
|
136
|
-
it
|
137
|
-
CookieValidation.compute_search_domains('http://zero/').
|
138
|
-
|
128
|
+
it 'should handle local addresses' do
|
129
|
+
expect(CookieValidation.compute_search_domains('http://zero/')).to eq(
|
130
|
+
['zero.local', '.zero.local', '.local'])
|
139
131
|
end
|
140
132
|
end
|
141
133
|
describe '#determine_cookie_domain' do
|
142
|
-
it
|
143
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', 'foo.com').
|
134
|
+
it 'should add a dot to the front of domains' do
|
135
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', 'foo.com')).to eq '.foo.com'
|
144
136
|
end
|
145
|
-
it
|
146
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', '.foo.com').
|
137
|
+
it 'should not add a second dot if one present' do
|
138
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', '.foo.com')).to eq '.foo.com'
|
147
139
|
end
|
148
|
-
it
|
149
|
-
c = Cookie.from_set_cookie('http://foo.com/',
|
150
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', c).
|
140
|
+
it 'should handle Cookie objects' do
|
141
|
+
c = Cookie.from_set_cookie('http://foo.com/', 'foo=bar;domain=foo.com')
|
142
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', c)).to eq '.foo.com'
|
151
143
|
end
|
152
|
-
it
|
153
|
-
CookieValidation.determine_cookie_domain(URI.parse('http://foo.com/'), '.foo.com').
|
144
|
+
it 'should handle URI objects' do
|
145
|
+
expect(CookieValidation.determine_cookie_domain(URI.parse('http://foo.com/'), '.foo.com')).to eq '.foo.com'
|
154
146
|
end
|
155
|
-
it
|
156
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', '').
|
147
|
+
it 'should use an exact hostname when no domain specified' do
|
148
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', '')).to eq 'foo.com'
|
157
149
|
end
|
158
|
-
it
|
159
|
-
CookieValidation.determine_cookie_domain('http://127.0.0.1/', '127.0.0.1').
|
150
|
+
it 'should leave IPv4 addresses alone' do
|
151
|
+
expect(CookieValidation.determine_cookie_domain('http://127.0.0.1/', '127.0.0.1')).to eq '127.0.0.1'
|
160
152
|
end
|
161
|
-
it
|
153
|
+
it 'should leave IPv6 addresses alone' do
|
162
154
|
['2001:db8:85a3::8a2e:370:7334', '::ffff:192.0.2.128'].each do |value|
|
163
|
-
CookieValidation.determine_cookie_domain("http://[#{value}]/", value).
|
155
|
+
expect(CookieValidation.determine_cookie_domain("http://[#{value}]/", value)).to eq value
|
164
156
|
end
|
165
157
|
end
|
166
158
|
end
|
167
|
-
describe
|
168
|
-
it
|
159
|
+
describe '#effective_host' do
|
160
|
+
it 'should leave proper domains the same' do
|
169
161
|
['google.com', 'www.google.com', 'google.com.'].each do |value|
|
170
|
-
CookieValidation.effective_host(value).
|
162
|
+
expect(CookieValidation.effective_host(value)).to eq value
|
171
163
|
end
|
172
164
|
end
|
173
|
-
it
|
174
|
-
CookieValidation.effective_host(URI.parse('http://example.com/')).
|
175
|
-
end
|
176
|
-
it
|
177
|
-
CookieValidation.effective_host('localhost').
|
165
|
+
it 'should handle a URI object' do
|
166
|
+
expect(CookieValidation.effective_host(URI.parse('http://example.com/'))).to eq 'example.com'
|
167
|
+
end
|
168
|
+
it 'should add a local suffix on unqualified hosts' do
|
169
|
+
expect(CookieValidation.effective_host('localhost')).to eq 'localhost.local'
|
178
170
|
end
|
179
|
-
it
|
180
|
-
CookieValidation.effective_host('127.0.0.1').
|
171
|
+
it 'should leave IPv4 addresses alone' do
|
172
|
+
expect(CookieValidation.effective_host('127.0.0.1')).to eq '127.0.0.1'
|
181
173
|
end
|
182
|
-
it
|
174
|
+
it 'should leave IPv6 addresses alone' do
|
183
175
|
['2001:db8:85a3::8a2e:370:7334', ':ffff:192.0.2.128'].each do |value|
|
184
|
-
CookieValidation.effective_host(value).
|
176
|
+
expect(CookieValidation.effective_host(value)).to eq value
|
185
177
|
end
|
186
178
|
end
|
187
|
-
it
|
188
|
-
CookieValidation.effective_host('FOO.COM').
|
179
|
+
it 'should lowercase addresses' do
|
180
|
+
expect(CookieValidation.effective_host('FOO.COM')).to eq 'foo.com'
|
189
181
|
end
|
190
182
|
end
|
191
183
|
describe '#match_domains' do
|
192
|
-
it
|
193
|
-
CookieValidation.domains_match('localhost.local', 'localhost.local').
|
194
|
-
CookieValidation.domains_match('foo.com', 'foo.com').
|
195
|
-
CookieValidation.domains_match('127.0.0.1', '127.0.0.1').
|
196
|
-
CookieValidation.domains_match('::ffff:192.0.2.128', '::ffff:192.0.2.128').
|
184
|
+
it 'should handle exact matches' do
|
185
|
+
expect(CookieValidation.domains_match('localhost.local', 'localhost.local')).to eq 'localhost.local'
|
186
|
+
expect(CookieValidation.domains_match('foo.com', 'foo.com')).to eq 'foo.com'
|
187
|
+
expect(CookieValidation.domains_match('127.0.0.1', '127.0.0.1')).to eq '127.0.0.1'
|
188
|
+
expect(CookieValidation.domains_match('::ffff:192.0.2.128', '::ffff:192.0.2.128')).to eq '::ffff:192.0.2.128'
|
197
189
|
end
|
198
|
-
it
|
199
|
-
CookieValidation.domains_match('.foo.com', 'auth.foo.com').
|
200
|
-
CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com').
|
190
|
+
it 'should handle matching a superdomain' do
|
191
|
+
expect(CookieValidation.domains_match('.foo.com', 'auth.foo.com')).to eq '.foo.com'
|
192
|
+
expect(CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com')).to eq '.y.z.foo.com'
|
201
193
|
end
|
202
|
-
it
|
203
|
-
CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com').
|
204
|
-
CookieValidation.domains_match('foo.com', 'com').
|
194
|
+
it 'should not match superdomains, or illegal domains' do
|
195
|
+
expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to be_nil
|
196
|
+
expect(CookieValidation.domains_match('foo.com', 'com')).to be_nil
|
205
197
|
end
|
206
|
-
it
|
207
|
-
CookieValidation.domains_match('foo.com.', 'foo.com').
|
198
|
+
it 'should not match domains with and without a dot suffix together' do
|
199
|
+
expect(CookieValidation.domains_match('foo.com.', 'foo.com')).to be_nil
|
208
200
|
end
|
209
201
|
end
|
210
202
|
describe '#hostname_reach' do
|
211
|
-
it
|
212
|
-
{'www.google.com' => 'google.com', 'auth.corp.companyx.com' => 'corp.companyx.com'}.each do |entry|
|
213
|
-
CookieValidation.hostname_reach(entry[0]).
|
203
|
+
it 'should find the next highest subdomain' do
|
204
|
+
{ 'www.google.com' => 'google.com', 'auth.corp.companyx.com' => 'corp.companyx.com' }.each do |entry|
|
205
|
+
expect(CookieValidation.hostname_reach(entry[0])).to eq entry[1]
|
214
206
|
end
|
215
207
|
end
|
216
|
-
it
|
217
|
-
CookieValidation.hostname_reach('www.google.com.').
|
208
|
+
it 'should handle domains with suffixed dots' do
|
209
|
+
expect(CookieValidation.hostname_reach('www.google.com.')).to eq 'google.com.'
|
218
210
|
end
|
219
|
-
it
|
220
|
-
CookieValidation.hostname_reach('github.com').
|
211
|
+
it 'should return nil for a root domain' do
|
212
|
+
expect(CookieValidation.hostname_reach('github.com')).to be_nil
|
221
213
|
end
|
222
214
|
it "should return 'local' for a local domain" do
|
223
215
|
['foo.local', 'foo.local.'].each do |hostname|
|
224
|
-
CookieValidation.hostname_reach(hostname).
|
216
|
+
expect(CookieValidation.hostname_reach(hostname)).to eq 'local'
|
225
217
|
end
|
226
218
|
end
|
227
219
|
it "should handle mixed-case '.local'" do
|
228
|
-
CookieValidation.hostname_reach('foo.LOCAL').
|
220
|
+
expect(CookieValidation.hostname_reach('foo.LOCAL')).to eq 'local'
|
229
221
|
end
|
230
|
-
it
|
231
|
-
CookieValidation.hostname_reach('127.0.0.1').
|
222
|
+
it 'should return nil for an IPv4 address' do
|
223
|
+
expect(CookieValidation.hostname_reach('127.0.0.1')).to be_nil
|
232
224
|
end
|
233
|
-
it
|
225
|
+
it 'should return nil for IPv6 addresses' do
|
234
226
|
['2001:db8:85a3::8a2e:370:7334', '::ffff:192.0.2.128'].each do |value|
|
235
|
-
CookieValidation.hostname_reach(value).
|
227
|
+
expect(CookieValidation.hostname_reach(value)).to be_nil
|
236
228
|
end
|
237
229
|
end
|
238
230
|
end
|
239
231
|
describe '#parse_set_cookie' do
|
240
|
-
it
|
241
|
-
CookieValidation.parse_set_cookie(
|
232
|
+
it 'should max out at 2038 on 32bit systems' do
|
233
|
+
expect(CookieValidation.parse_set_cookie('TRACK_USER_P=98237480810003948000782774;expires=Sat, 30-Jun-2040 05:39:49 GMT;path=/')[:expires_at].to_i).to be >= 0x7FFFFFFF
|
242
234
|
end
|
243
|
-
end
|
244
|
-
end
|
235
|
+
end
|
236
|
+
end
|