cookiejar 0.3.2 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +7 -0
- data/.rspec +2 -0
- data/.travis.yml +17 -0
- data/Gemfile +2 -0
- data/LICENSE +1 -1
- data/README.markdown +20 -1
- data/Rakefile +11 -12
- data/_config.yml +1 -0
- data/cookiejar.gemspec +28 -0
- data/lib/cookiejar/cookie.rb +57 -63
- data/lib/cookiejar/cookie_validation.rb +105 -100
- data/lib/cookiejar/jar.rb +51 -49
- data/lib/cookiejar/version.rb +4 -0
- data/lib/cookiejar.rb +2 -1
- data/spec/cookie_spec.rb +90 -90
- data/spec/cookie_validation_spec.rb +147 -155
- data/spec/jar_spec.rb +107 -110
- data/spec/spec_helper.rb +5 -0
- metadata +55 -22
@@ -1,244 +1,236 @@
|
|
1
|
-
require '
|
2
|
-
require 'rubygems'
|
1
|
+
require 'spec_helper'
|
3
2
|
|
4
3
|
include CookieJar
|
5
4
|
describe CookieValidation do
|
6
|
-
describe
|
5
|
+
describe '#validate_cookie' do
|
7
6
|
localaddr = 'http://localhost/foo/bar/'
|
8
|
-
it
|
9
|
-
|
7
|
+
it 'should fail if version unset' do
|
8
|
+
expect {
|
10
9
|
unversioned = Cookie.from_set_cookie localaddr, 'foo=bar'
|
11
10
|
unversioned.instance_variable_set :@version, nil
|
12
11
|
CookieValidation.validate_cookie localaddr, unversioned
|
13
|
-
|
14
|
-
end
|
15
|
-
it
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
end
|
45
|
-
it
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
it "should fail for setting subdomain cookies" do
|
52
|
-
lambda do
|
53
|
-
subdomain = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=auth.foo.com'
|
54
|
-
# validate_cookie 'http://foo.com/', subdomain
|
55
|
-
end.should raise_error InvalidCookieError
|
56
|
-
end
|
57
|
-
it "should handle a normal implicit internet cookie" do
|
12
|
+
}.to raise_error InvalidCookieError
|
13
|
+
end
|
14
|
+
it 'should fail if the path is more specific' do
|
15
|
+
expect {
|
16
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;path=/foo/bar/baz'
|
17
|
+
}.to raise_error InvalidCookieError
|
18
|
+
end
|
19
|
+
it 'should fail if the path is different than the request' do
|
20
|
+
expect {
|
21
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;path=/baz/'
|
22
|
+
}.to raise_error InvalidCookieError
|
23
|
+
end
|
24
|
+
it 'should fail if the domain has no dots' do
|
25
|
+
expect {
|
26
|
+
Cookie.from_set_cookie 'http://zero/', 'foo=bar;domain=zero'
|
27
|
+
}.to raise_error InvalidCookieError
|
28
|
+
end
|
29
|
+
it 'should fail for explicit localhost' do
|
30
|
+
expect {
|
31
|
+
Cookie.from_set_cookie localaddr, 'foo=bar;domain=localhost'
|
32
|
+
}.to raise_error InvalidCookieError
|
33
|
+
end
|
34
|
+
it 'should fail for mismatched domains' do
|
35
|
+
expect {
|
36
|
+
Cookie.from_set_cookie 'http://www.foo.com/', 'foo=bar;domain=bar.com'
|
37
|
+
}.to raise_error InvalidCookieError
|
38
|
+
end
|
39
|
+
it 'should fail for domains more than one level up' do
|
40
|
+
expect {
|
41
|
+
Cookie.from_set_cookie 'http://x.y.z.com/', 'foo=bar;domain=z.com'
|
42
|
+
}.to raise_error InvalidCookieError
|
43
|
+
end
|
44
|
+
it 'should fail for setting subdomain cookies' do
|
45
|
+
expect {
|
46
|
+
Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=auth.foo.com'
|
47
|
+
}.to raise_error InvalidCookieError
|
48
|
+
end
|
49
|
+
it 'should handle a normal implicit internet cookie' do
|
58
50
|
normal = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar'
|
59
|
-
CookieValidation.validate_cookie('http://foo.com/', normal).
|
51
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', normal)).to be_truthy
|
60
52
|
end
|
61
|
-
it
|
53
|
+
it 'should handle a normal implicit localhost cookie' do
|
62
54
|
localhost = Cookie.from_set_cookie 'http://localhost/', 'foo=bar'
|
63
|
-
CookieValidation.validate_cookie('http://localhost/', localhost).
|
55
|
+
expect(CookieValidation.validate_cookie('http://localhost/', localhost)).to be_truthy
|
64
56
|
end
|
65
|
-
it
|
66
|
-
ipaddr =
|
67
|
-
CookieValidation.validate_cookie('http://127.0.0.1/', ipaddr).
|
57
|
+
it 'should handle an implicit IP address cookie' do
|
58
|
+
ipaddr = Cookie.from_set_cookie 'http://127.0.0.1/', 'foo=bar'
|
59
|
+
expect(CookieValidation.validate_cookie('http://127.0.0.1/', ipaddr)).to be_truthy
|
68
60
|
end
|
69
|
-
it
|
61
|
+
it 'should handle an explicit domain on an internet site' do
|
70
62
|
explicit = Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=.foo.com'
|
71
|
-
CookieValidation.validate_cookie('http://foo.com/', explicit).
|
63
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', explicit)).to be_truthy
|
72
64
|
end
|
73
|
-
it
|
65
|
+
it 'should handle setting a cookie explicitly on a superdomain' do
|
74
66
|
superdomain = Cookie.from_set_cookie 'http://auth.foo.com/', 'foo=bar;domain=.foo.com'
|
75
|
-
CookieValidation.validate_cookie('http://foo.com/', superdomain).
|
67
|
+
expect(CookieValidation.validate_cookie('http://foo.com/', superdomain)).to be_truthy
|
76
68
|
end
|
77
|
-
it
|
69
|
+
it 'should handle explicitly setting a cookie' do
|
78
70
|
explicit = Cookie.from_set_cookie 'http://foo.com/bar/', 'foo=bar;path=/bar/'
|
79
71
|
CookieValidation.validate_cookie('http://foo.com/bar/', explicit)
|
80
72
|
end
|
81
|
-
it
|
73
|
+
it 'should handle setting a cookie on a higher path' do
|
82
74
|
higher = Cookie.from_set_cookie 'http://foo.com/bar/baz/', 'foo=bar;path=/bar/'
|
83
75
|
CookieValidation.validate_cookie('http://foo.com/bar/baz/', higher)
|
84
|
-
end
|
76
|
+
end
|
85
77
|
end
|
86
78
|
describe '#cookie_base_path' do
|
87
79
|
it "should leave '/' alone" do
|
88
|
-
CookieValidation.cookie_base_path('/').
|
80
|
+
expect(CookieValidation.cookie_base_path('/')).to eq '/'
|
89
81
|
end
|
90
82
|
it "should strip off everything after the last '/'" do
|
91
|
-
CookieValidation.cookie_base_path('/foo/bar/baz').
|
83
|
+
expect(CookieValidation.cookie_base_path('/foo/bar/baz')).to eq '/foo/bar/'
|
92
84
|
end
|
93
|
-
it
|
94
|
-
CookieValidation.cookie_base_path('/foo/bar?query=a/b/c#fragment/b/c').
|
85
|
+
it 'should handle query parameters and fragments with slashes' do
|
86
|
+
expect(CookieValidation.cookie_base_path('/foo/bar?query=a/b/c#fragment/b/c')).to eq '/foo/'
|
95
87
|
end
|
96
|
-
it
|
97
|
-
CookieValidation.cookie_base_path(URI.parse('http://www.foo.com/bar/')).
|
88
|
+
it 'should handle URI objects' do
|
89
|
+
expect(CookieValidation.cookie_base_path(URI.parse('http://www.foo.com/bar/'))).to eq '/bar/'
|
98
90
|
end
|
99
|
-
it
|
100
|
-
CookieValidation.cookie_base_path(
|
91
|
+
it 'should preserve case' do
|
92
|
+
expect(CookieValidation.cookie_base_path('/BaR/')).to eq '/BaR/'
|
101
93
|
end
|
102
94
|
end
|
103
95
|
describe '#determine_cookie_path' do
|
104
|
-
it
|
105
|
-
CookieValidation.determine_cookie_path('http://foo.com/', nil).
|
106
|
-
CookieValidation.determine_cookie_path('http://foo.com/bar/baz', '').
|
96
|
+
it 'should use the requested path when none is specified for the cookie' do
|
97
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/', nil)).to eq '/'
|
98
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/bar/baz', '')).to eq '/bar/'
|
107
99
|
end
|
108
|
-
it
|
109
|
-
CookieValidation.determine_cookie_path(URI.parse('http://foo.com/bar/'), '').
|
100
|
+
it 'should handle URI objects' do
|
101
|
+
expect(CookieValidation.determine_cookie_path(URI.parse('http://foo.com/bar/'), '')).to eq '/bar/'
|
110
102
|
end
|
111
|
-
it
|
112
|
-
cookie = Cookie.from_set_cookie('http://foo.com/',
|
113
|
-
CookieValidation.determine_cookie_path('http://foo.com/', cookie).
|
103
|
+
it 'should handle Cookie objects' do
|
104
|
+
cookie = Cookie.from_set_cookie('http://foo.com/', 'name=value;path=/')
|
105
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/', cookie)).to eq '/'
|
114
106
|
end
|
115
|
-
it
|
116
|
-
CookieValidation.determine_cookie_path('http://foo.com/ignorable/path', '/path/').
|
107
|
+
it 'should ignore the request when a path is specified' do
|
108
|
+
expect(CookieValidation.determine_cookie_path('http://foo.com/ignorable/path', '/path/')).to eq '/path/'
|
117
109
|
end
|
118
110
|
end
|
119
111
|
describe '#compute_search_domains' do
|
120
|
-
it
|
121
|
-
CookieValidation.compute_search_domains('http://www.auth.foo.com/').
|
122
|
-
|
112
|
+
it 'should handle subdomains' do
|
113
|
+
expect(CookieValidation.compute_search_domains('http://www.auth.foo.com/')).to eq(
|
114
|
+
['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com'])
|
123
115
|
end
|
124
|
-
it
|
125
|
-
CookieValidation.compute_search_domains('http://foo.com/').
|
126
|
-
|
116
|
+
it 'should handle root domains' do
|
117
|
+
expect(CookieValidation.compute_search_domains('http://foo.com/')).to eq(
|
118
|
+
['foo.com', '.foo.com'])
|
127
119
|
end
|
128
|
-
it
|
129
|
-
CookieValidation.compute_search_domains('http://tiny.cc/').
|
130
|
-
|
120
|
+
it 'should handle hexadecimal TLDs' do
|
121
|
+
expect(CookieValidation.compute_search_domains('http://tiny.cc/')).to eq(
|
122
|
+
['tiny.cc', '.tiny.cc'])
|
131
123
|
end
|
132
|
-
it
|
133
|
-
CookieValidation.compute_search_domains('http://127.0.0.1/').
|
134
|
-
|
124
|
+
it 'should handle IP addresses' do
|
125
|
+
expect(CookieValidation.compute_search_domains('http://127.0.0.1/')).to eq(
|
126
|
+
['127.0.0.1'])
|
135
127
|
end
|
136
|
-
it
|
137
|
-
CookieValidation.compute_search_domains('http://zero/').
|
138
|
-
|
128
|
+
it 'should handle local addresses' do
|
129
|
+
expect(CookieValidation.compute_search_domains('http://zero/')).to eq(
|
130
|
+
['zero.local', '.zero.local', '.local'])
|
139
131
|
end
|
140
132
|
end
|
141
133
|
describe '#determine_cookie_domain' do
|
142
|
-
it
|
143
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', 'foo.com').
|
134
|
+
it 'should add a dot to the front of domains' do
|
135
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', 'foo.com')).to eq '.foo.com'
|
144
136
|
end
|
145
|
-
it
|
146
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', '.foo.com').
|
137
|
+
it 'should not add a second dot if one present' do
|
138
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', '.foo.com')).to eq '.foo.com'
|
147
139
|
end
|
148
|
-
it
|
149
|
-
c = Cookie.from_set_cookie('http://foo.com/',
|
150
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', c).
|
140
|
+
it 'should handle Cookie objects' do
|
141
|
+
c = Cookie.from_set_cookie('http://foo.com/', 'foo=bar;domain=foo.com')
|
142
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', c)).to eq '.foo.com'
|
151
143
|
end
|
152
|
-
it
|
153
|
-
CookieValidation.determine_cookie_domain(URI.parse('http://foo.com/'), '.foo.com').
|
144
|
+
it 'should handle URI objects' do
|
145
|
+
expect(CookieValidation.determine_cookie_domain(URI.parse('http://foo.com/'), '.foo.com')).to eq '.foo.com'
|
154
146
|
end
|
155
|
-
it
|
156
|
-
CookieValidation.determine_cookie_domain('http://foo.com/', '').
|
147
|
+
it 'should use an exact hostname when no domain specified' do
|
148
|
+
expect(CookieValidation.determine_cookie_domain('http://foo.com/', '')).to eq 'foo.com'
|
157
149
|
end
|
158
|
-
it
|
159
|
-
CookieValidation.determine_cookie_domain('http://127.0.0.1/', '127.0.0.1').
|
150
|
+
it 'should leave IPv4 addresses alone' do
|
151
|
+
expect(CookieValidation.determine_cookie_domain('http://127.0.0.1/', '127.0.0.1')).to eq '127.0.0.1'
|
160
152
|
end
|
161
|
-
it
|
153
|
+
it 'should leave IPv6 addresses alone' do
|
162
154
|
['2001:db8:85a3::8a2e:370:7334', '::ffff:192.0.2.128'].each do |value|
|
163
|
-
CookieValidation.determine_cookie_domain("http://[#{value}]/", value).
|
155
|
+
expect(CookieValidation.determine_cookie_domain("http://[#{value}]/", value)).to eq value
|
164
156
|
end
|
165
157
|
end
|
166
158
|
end
|
167
|
-
describe
|
168
|
-
it
|
159
|
+
describe '#effective_host' do
|
160
|
+
it 'should leave proper domains the same' do
|
169
161
|
['google.com', 'www.google.com', 'google.com.'].each do |value|
|
170
|
-
CookieValidation.effective_host(value).
|
162
|
+
expect(CookieValidation.effective_host(value)).to eq value
|
171
163
|
end
|
172
164
|
end
|
173
|
-
it
|
174
|
-
CookieValidation.effective_host(URI.parse('http://example.com/')).
|
175
|
-
end
|
176
|
-
it
|
177
|
-
CookieValidation.effective_host('localhost').
|
165
|
+
it 'should handle a URI object' do
|
166
|
+
expect(CookieValidation.effective_host(URI.parse('http://example.com/'))).to eq 'example.com'
|
167
|
+
end
|
168
|
+
it 'should add a local suffix on unqualified hosts' do
|
169
|
+
expect(CookieValidation.effective_host('localhost')).to eq 'localhost.local'
|
178
170
|
end
|
179
|
-
it
|
180
|
-
CookieValidation.effective_host('127.0.0.1').
|
171
|
+
it 'should leave IPv4 addresses alone' do
|
172
|
+
expect(CookieValidation.effective_host('127.0.0.1')).to eq '127.0.0.1'
|
181
173
|
end
|
182
|
-
it
|
174
|
+
it 'should leave IPv6 addresses alone' do
|
183
175
|
['2001:db8:85a3::8a2e:370:7334', ':ffff:192.0.2.128'].each do |value|
|
184
|
-
CookieValidation.effective_host(value).
|
176
|
+
expect(CookieValidation.effective_host(value)).to eq value
|
185
177
|
end
|
186
178
|
end
|
187
|
-
it
|
188
|
-
CookieValidation.effective_host('FOO.COM').
|
179
|
+
it 'should lowercase addresses' do
|
180
|
+
expect(CookieValidation.effective_host('FOO.COM')).to eq 'foo.com'
|
189
181
|
end
|
190
182
|
end
|
191
183
|
describe '#match_domains' do
|
192
|
-
it
|
193
|
-
CookieValidation.domains_match('localhost.local', 'localhost.local').
|
194
|
-
CookieValidation.domains_match('foo.com', 'foo.com').
|
195
|
-
CookieValidation.domains_match('127.0.0.1', '127.0.0.1').
|
196
|
-
CookieValidation.domains_match('::ffff:192.0.2.128', '::ffff:192.0.2.128').
|
184
|
+
it 'should handle exact matches' do
|
185
|
+
expect(CookieValidation.domains_match('localhost.local', 'localhost.local')).to eq 'localhost.local'
|
186
|
+
expect(CookieValidation.domains_match('foo.com', 'foo.com')).to eq 'foo.com'
|
187
|
+
expect(CookieValidation.domains_match('127.0.0.1', '127.0.0.1')).to eq '127.0.0.1'
|
188
|
+
expect(CookieValidation.domains_match('::ffff:192.0.2.128', '::ffff:192.0.2.128')).to eq '::ffff:192.0.2.128'
|
197
189
|
end
|
198
|
-
it
|
199
|
-
CookieValidation.domains_match('.foo.com', 'auth.foo.com').
|
200
|
-
CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com').
|
190
|
+
it 'should handle matching a superdomain' do
|
191
|
+
expect(CookieValidation.domains_match('.foo.com', 'auth.foo.com')).to eq '.foo.com'
|
192
|
+
expect(CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com')).to eq '.y.z.foo.com'
|
201
193
|
end
|
202
|
-
it
|
203
|
-
CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com').
|
204
|
-
CookieValidation.domains_match('foo.com', 'com').
|
194
|
+
it 'should not match superdomains, or illegal domains' do
|
195
|
+
expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to be_nil
|
196
|
+
expect(CookieValidation.domains_match('foo.com', 'com')).to be_nil
|
205
197
|
end
|
206
|
-
it
|
207
|
-
CookieValidation.domains_match('foo.com.', 'foo.com').
|
198
|
+
it 'should not match domains with and without a dot suffix together' do
|
199
|
+
expect(CookieValidation.domains_match('foo.com.', 'foo.com')).to be_nil
|
208
200
|
end
|
209
201
|
end
|
210
202
|
describe '#hostname_reach' do
|
211
|
-
it
|
212
|
-
{'www.google.com' => 'google.com', 'auth.corp.companyx.com' => 'corp.companyx.com'}.each do |entry|
|
213
|
-
CookieValidation.hostname_reach(entry[0]).
|
203
|
+
it 'should find the next highest subdomain' do
|
204
|
+
{ 'www.google.com' => 'google.com', 'auth.corp.companyx.com' => 'corp.companyx.com' }.each do |entry|
|
205
|
+
expect(CookieValidation.hostname_reach(entry[0])).to eq entry[1]
|
214
206
|
end
|
215
207
|
end
|
216
|
-
it
|
217
|
-
CookieValidation.hostname_reach('www.google.com.').
|
208
|
+
it 'should handle domains with suffixed dots' do
|
209
|
+
expect(CookieValidation.hostname_reach('www.google.com.')).to eq 'google.com.'
|
218
210
|
end
|
219
|
-
it
|
220
|
-
CookieValidation.hostname_reach('github.com').
|
211
|
+
it 'should return nil for a root domain' do
|
212
|
+
expect(CookieValidation.hostname_reach('github.com')).to be_nil
|
221
213
|
end
|
222
214
|
it "should return 'local' for a local domain" do
|
223
215
|
['foo.local', 'foo.local.'].each do |hostname|
|
224
|
-
CookieValidation.hostname_reach(hostname).
|
216
|
+
expect(CookieValidation.hostname_reach(hostname)).to eq 'local'
|
225
217
|
end
|
226
218
|
end
|
227
219
|
it "should handle mixed-case '.local'" do
|
228
|
-
CookieValidation.hostname_reach('foo.LOCAL').
|
220
|
+
expect(CookieValidation.hostname_reach('foo.LOCAL')).to eq 'local'
|
229
221
|
end
|
230
|
-
it
|
231
|
-
CookieValidation.hostname_reach('127.0.0.1').
|
222
|
+
it 'should return nil for an IPv4 address' do
|
223
|
+
expect(CookieValidation.hostname_reach('127.0.0.1')).to be_nil
|
232
224
|
end
|
233
|
-
it
|
225
|
+
it 'should return nil for IPv6 addresses' do
|
234
226
|
['2001:db8:85a3::8a2e:370:7334', '::ffff:192.0.2.128'].each do |value|
|
235
|
-
CookieValidation.hostname_reach(value).
|
227
|
+
expect(CookieValidation.hostname_reach(value)).to be_nil
|
236
228
|
end
|
237
229
|
end
|
238
230
|
end
|
239
231
|
describe '#parse_set_cookie' do
|
240
|
-
it
|
241
|
-
CookieValidation.parse_set_cookie(
|
232
|
+
it 'should max out at 2038 on 32bit systems' do
|
233
|
+
expect(CookieValidation.parse_set_cookie('TRACK_USER_P=98237480810003948000782774;expires=Sat, 30-Jun-2040 05:39:49 GMT;path=/')[:expires_at].to_i).to be >= 0x7FFFFFFF
|
242
234
|
end
|
243
|
-
end
|
244
|
-
end
|
235
|
+
end
|
236
|
+
end
|