http-cookie 1.0.5 → 1.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5230b0bd44e032652855e7b9e60e3d994ca56adbd57550c7520930d4dbf734a4
-  data.tar.gz: 65240197f49ac57bac8c6f3d1104cfe4f8fff77e1ac992c05c72d74efbba8300
+  metadata.gz: 143890479b8951250d5f45d4528c390e03741d943269abe0901e091b544f95ca
+  data.tar.gz: 7bfef9e1bd7cd6cb01f0de248717fade7a1871fb120cd35227657a96c371d384
 SHA512:
-  metadata.gz: 7fc5bb2e287d60d060c54eb9fb9ccb6d55c55e84ec35525deff8c088c873d6ac26db86f7f1cf3c03a7cbf05e397b6cd0e3a1e1171c2dcff8848e0345a34b0905
-  data.tar.gz: 1c85e07a65fac1d5440126bea27dbc01160edc9a791f56e021cd3142070eada54bf1ec3cda31c9d9273f23c3a84c8786c308bcdd27e03f7266c203dde4abdd6f
+  metadata.gz: ba03e3c618d888517bc4bb9e95c08cf4c89bbe5a9ec075d31dcaba353d8864b338fe79bf7ad36f45d6e87a114eefabe41ed62a7b62876c3ba55f459e022fb24f
+  data.tar.gz: 846fa3243f97982df9b196fbc0645d13cd233105bbaa98e2e42b36f5a95b58c07d7571c213c6b35034b4ea41f1ce415857aabbbfe20042305611608fa3d327df

data/.github/CODEOWNERS

@@ -0,0 +1 @@
+* @knu

data/.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
       matrix:
         os: [ubuntu]
         # We still kind of support Ruby 1.8.7
-        ruby: [2.7, "3.0", 3.1, head, jruby]
+        ruby: ["2.7", "3.0", "3.1", "3.2", "3.3", "head", "jruby"]
 
     name: >-
       ${{matrix.os}}:ruby-${{matrix.ruby}}
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Check out
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up ruby and bundle
         uses: ruby/setup-ruby@v1

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 1.0.8 (2024-12-05)
+
+- `Cookie#expires=` accepts `DateTime` objects. (#52) @luke-hill @flavorjones
+
+
+## 1.0.7 (2024-06-06)
+
+- Explicitly require "cgi" to avoid `NameError` in some applications. (#50 by @flavorjones)
+
+
+## 1.0.6 (2024-06-01)
+
+- Fix error formatting bug in HTTP::CookieJar::AbstractStore (#42 by @andrelaszlo)
+- Allow non-RFC 3986-compliant URLs (#45 by @c960657)
+- Add coverage for Ruby 3.2 and 3.3 (#46 by @flavorjones)
+- Quash ruby 3.4 warnings (#47 by @flavorjones)
+
 ## 1.0.5 (2022-05-25)
 
 - Silence SQLite3 warnings

data/README.md

@@ -1,3 +1,5 @@
+[![Gem Version](https://badge.fury.io/rb/http-cookie.svg)](https://badge.fury.io/rb/http-cookie)
+
 # HTTP::Cookie
 
 HTTP::Cookie is a ruby library to handle HTTP cookies in a way both
@@ -20,7 +22,8 @@ The following is an incomplete list of its features:
 * It takes eTLD (effective TLD, also known as "Public Suffix") into
   account just as major browsers do, to reject cookies with an eTLD
   domain like "org", "co.jp", or "appspot.com".  This feature is
-  brought to you by the domain_name gem.
+  brought to you by the
+  [domain_name](https://github.com/knu/ruby-domain_name) gem.
 
 * The number of cookies and the size are properly capped so that a
   cookie store does not get flooded.
@@ -207,7 +210,7 @@ equivalent using HTTP::Cookie:
     guarantee that it will remain available in the future.
 
 
-HTTP::Cookie/CookieJar raise runtime errors to help migration, so
+HTTP::Cookie/CookieJar raises runtime errors to help migration, so
 after replacing the class names, try running your test code once to
 find out how to fix your code base.
 

data/lib/http/cookie/scanner.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'http/cookie'
 require 'strscan'
 require 'time'
@@ -23,7 +24,7 @@ class HTTP::Cookie::Scanner < StringScanner
   class << self
     def quote(s)
       return s unless s.match(RE_BAD_CHAR)
-      '"' << s.gsub(/([\\"])/, "\\\\\\1") << '"'
+      (+'"') << s.gsub(/([\\"])/, "\\\\\\1") << '"'
     end
   end
 
@@ -32,7 +33,7 @@ class HTTP::Cookie::Scanner < StringScanner
   end
 
   def scan_dquoted
-    ''.tap { |s|
+    (+'').tap { |s|
       case
       when skip(/"/)
         break
@@ -51,7 +52,7 @@ class HTTP::Cookie::Scanner < StringScanner
   end
 
   def scan_value(comma_as_separator = false)
-    ''.tap { |s|
+    (+'').tap { |s|
       case
       when scan(/[^,;"]+/)
         s << matched

data/lib/http/cookie/uri_parser.rb

@@ -0,0 +1,36 @@
+module HTTP::Cookie::URIParser
+  module_function
+
+  # Regular Expression taken from RFC 3986 Appendix B
+  URIREGEX = %r{
+    \A
+    (?: (?<scheme> [^:/?\#]+ ) : )?
+    (?: // (?<authority> [^/?\#]* ) )?
+    (?<path> [^?\#]* )
+    (?: \? (?<query> [^\#]* ) )?
+    (?: \# (?<fragment> .* ) )?
+    \z
+  }x
+
+  # Escape RFC 3986 "reserved" characters minus valid characters for path
+  # More specifically, gen-delims minus "/" / "?" / "#"
+  def escape_path(path)
+    path.sub(/\A[^?#]+/) { |p| p.gsub(/[:\[\]@]+/) { |r| CGI.escape(r) } }
+  end
+
+  # Parse a URI string or object, relaxing the constraints on the path component
+  def parse(uri)
+    URI(uri)
+  rescue URI::InvalidURIError
+    str = String.try_convert(uri) or
+      raise ArgumentError, "bad argument (expected URI object or URI string)"
+
+    m = URIREGEX.match(str) or raise
+
+    path = m[:path]
+    str[m.begin(:path)...m.end(:path)] = escape_path(path)
+    uri = URI.parse(str)
+    uri.__send__(:set_path, path)
+    uri
+  end
+end

data/lib/http/cookie/version.rb

@@ -1,5 +1,5 @@
 module HTTP
   class Cookie
-    VERSION = "1.0.5"
+    VERSION = "1.0.8"
   end
 end

data/lib/http/cookie.rb

@@ -1,9 +1,12 @@
 # :markup: markdown
+# frozen_string_literal: true
 require 'http/cookie/version'
+require 'http/cookie/uri_parser'
 require 'time'
 require 'uri'
 require 'domain_name'
 require 'http/cookie/ruby_compat'
+require 'cgi'
 
 module HTTP
   autoload :CookieJar, 'http/cookie_jar'
@@ -86,7 +89,7 @@ class HTTP::Cookie
 
   # The Expires attribute value as a Time object.
   #
-  # The setter method accepts a Time object, a string representation
+  # The setter method accepts a Time / DateTime object, a string representation
   # of date/time that Time.parse can understand, or `nil`.
   #
   # Setting this value resets #max_age to nil.  When #max_age is
@@ -275,7 +278,7 @@ class HTTP::Cookie
         logger = options[:logger]
         created_at = options[:created_at]
       end
-      origin = URI(origin)
+      origin = HTTP::Cookie::URIParser.parse(origin)
 
       [].tap { |cookies|
         Scanner.new(set_cookie, logger).scan_set_cookie { |name, value, attrs|
@@ -424,7 +427,7 @@ class HTTP::Cookie
   # Returns the domain, with a dot prefixed only if the domain flag is
   # on.
   def dot_domain
-    @for_domain ? '.' << @domain : @domain
+    @for_domain ? (+'.') << @domain : @domain
   end
 
   # Returns the domain attribute value as a DomainName object.
@@ -455,7 +458,7 @@ class HTTP::Cookie
     @origin.nil? or
       raise ArgumentError, "origin cannot be changed once it is set"
     # Delay setting @origin because #domain= or #path= may fail
-    origin = URI(origin)
+    origin = HTTP::Cookie::URIParser.parse(origin)
     if URI::HTTP === origin
       self.domain ||= origin.host
       self.path   ||= (origin + './').path
@@ -490,6 +493,8 @@ class HTTP::Cookie
   def expires= t
     case t
     when nil, Time
+    when DateTime
+      t = t.to_time
     else
       t = Time.parse(t)
     end
@@ -548,7 +553,7 @@ class HTTP::Cookie
   # Tests if it is OK to accept this cookie if it is sent from a given
   # URI/URL, `uri`.
   def acceptable_from_uri?(uri)
-    uri = URI(uri)
+    uri = HTTP::Cookie::URIParser.parse(uri)
     return false unless URI::HTTP === uri && uri.host
     host = DomainName.new(uri.host)
 
@@ -585,7 +590,7 @@ class HTTP::Cookie
     if @domain.nil?
       raise "cannot tell if this cookie is valid because the domain is unknown"
     end
-    uri = URI(uri)
+    uri = HTTP::Cookie::URIParser.parse(uri)
     # RFC 6265 5.4
     return false if secure? && !(URI::HTTPS === uri)
     acceptable_from_uri?(uri) && HTTP::Cookie.path_match?(@path, uri.path)
@@ -594,7 +599,7 @@ class HTTP::Cookie
   # Returns a string for use in the Cookie header, i.e. `name=value`
   # or `name="value"`.
   def cookie_value
-    "#{@name}=#{Scanner.quote(@value)}"
+    +"#{@name}=#{Scanner.quote(@value)}"
   end
   alias to_s cookie_value
 

data/lib/http/cookie_jar/abstract_store.rb

@@ -18,7 +18,7 @@ class HTTP::CookieJar::AbstractStore
         require 'http/cookie_jar/%s_store' % symbol
         @@class_map.fetch(symbol)
       rescue LoadError, IndexError => e
-        raise IndexError, 'cookie store unavailable: %s, error: %s' % symbol.inspect, e.message
+        raise IndexError, 'cookie store unavailable: %s, error: %s' % [symbol.inspect, e.message]
       end
     end
 

data/lib/http/cookie_jar/mozilla_store.rb

@@ -400,8 +400,6 @@ class HTTP::CookieJar
         }
       end
     else
-      require 'cgi'
-
       def encode_www_form(enum)
         enum.map { |k, v| "#{CGI.escape(k)}=#{CGI.escape(v)}" }.join('&')
       end

data/lib/http/cookie_jar.rb

@@ -156,7 +156,7 @@ class HTTP::CookieJar
     block_given? or return enum_for(__method__, uri)
 
     if uri
-      uri = URI(uri)
+      uri = HTTP::Cookie::URIParser.parse(uri)
       return self unless URI::HTTP === uri && uri.host
     end
 

data/test/helper.rb

@@ -7,7 +7,7 @@ module Test
   module Unit
     module Assertions
       def assert_warn(pattern, message = nil, &block)
-        class << (output = "")
+        class << (output = +"")
           alias write <<
         end
         stderr, $stderr = $stderr, output
@@ -50,6 +50,6 @@ end
 
 def sleep_until(time)
   if (s = time - Time.now) > 0
-    sleep s
+    sleep s + 0.01
   end
 end

data/test/test_http_cookie.rb

@@ -1,4 +1,5 @@
 # -*- coding: utf-8 -*-
+# frozen_string_literal: false
 require File.expand_path('helper', File.dirname(__FILE__))
 require 'psych' if !defined?(YAML) && RUBY_VERSION == "1.9.2"
 require 'yaml'
@@ -302,7 +303,8 @@ class TestHTTPCookie < Test::Unit::TestCase
       "name=Aaron; Domain=localhost; Expires=Sun, 06 Nov 2011 00:29:51 GMT; Path=/, " \
       "name=Aaron; Domain=localhost; Expires=Sun, 06 Nov 2011 00:29:51 GMT; Path=/; HttpOnly, " \
       "expired=doh; Expires=Fri, 04 Nov 2011 00:29:51 GMT; Path=/, " \
-      "a_path=some_path; Expires=Sun, 06 Nov 2011 00:29:51 GMT; Path=/some_path, " \
+      "a_path1=some_path; Expires=Sun, 06 Nov 2011 00:29:51 GMT; Path=/some_path, " \
+      "a_path2=some_path; Expires=Sun, 06 Nov 2011 00:29:51 GMT; Path=/some_path[], " \
       "no_path1=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT, no_expires=nope; Path=/, " \
       "no_path2=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path, " \
       "no_path3=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path=, " \
@@ -313,17 +315,22 @@ class TestHTTPCookie < Test::Unit::TestCase
       "no_domain3=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope; Domain="
 
     cookies = HTTP::Cookie.parse cookie_str, url
-    assert_equal 15, cookies.length
+    assert_equal 16, cookies.length
 
     name = cookies.find { |c| c.name == 'name' }
     assert_equal "Aaron",             name.value
     assert_equal "/",                 name.path
     assert_equal Time.at(1320539391), name.expires
 
-    a_path = cookies.find { |c| c.name == 'a_path' }
-    assert_equal "some_path",         a_path.value
-    assert_equal "/some_path",        a_path.path
-    assert_equal Time.at(1320539391), a_path.expires
+    a_path1 = cookies.find { |c| c.name == 'a_path1' }
+    assert_equal "some_path",         a_path1.value
+    assert_equal "/some_path",        a_path1.path
+    assert_equal Time.at(1320539391), a_path1.expires
+
+    a_path2 = cookies.find { |c| c.name == 'a_path2' }
+    assert_equal "some_path",         a_path2.value
+    assert_equal "/some_path[]",      a_path2.path
+    assert_equal Time.at(1320539391), a_path2.expires
 
     no_expires = cookies.find { |c| c.name == 'no_expires' }
     assert_equal "nope", no_expires.value
@@ -710,8 +717,22 @@ class TestHTTPCookie < Test::Unit::TestCase
   end
 
   def test_expiration
-    cookie = HTTP::Cookie.new(cookie_values)
+    expires = Time.now + 86400
+    cookie = HTTP::Cookie.new(cookie_values(expires: expires))
+
+    assert_equal(expires, cookie.expires)
+    assert_equal false, cookie.expired?
+    assert_equal true, cookie.expired?(cookie.expires + 1)
+    assert_equal false, cookie.expired?(cookie.expires - 1)
+    cookie.expire!
+    assert_equal true, cookie.expired?
+  end
 
+  def test_expiration_using_datetime
+    expires = DateTime.now + 1
+    cookie = HTTP::Cookie.new(cookie_values(expires: expires))
+
+    assert_equal(expires.to_time, cookie.expires)
     assert_equal false, cookie.expired?
     assert_equal true, cookie.expired?(cookie.expires + 1)
     assert_equal false, cookie.expired?(cookie.expires - 1)
@@ -751,7 +772,7 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal 12, cookie.max_age
 
     cookie.max_age = -3
-    assert_equal -3, cookie.max_age
+    assert_equal(-3, cookie.max_age)
   end
 
   def test_session
@@ -941,6 +962,10 @@ class TestHTTPCookie < Test::Unit::TestCase
       cookie.origin = URI.parse('http://www.example.com/')
     }
 
+    cookie = HTTP::Cookie.new('a', 'b')
+    cookie.origin = HTTP::Cookie::URIParser.parse('http://example.com/path[]/')
+    assert_equal '/path[]/', cookie.path
+
     cookie = HTTP::Cookie.new('a', 'b', :domain => '.example.com')
     cookie.origin = URI.parse('http://example.org/')
     assert_equal false, cookie.acceptable?
@@ -1006,7 +1031,7 @@ class TestHTTPCookie < Test::Unit::TestCase
           'https://www.example.com/dir2/test.html',
         ]
       },
-      HTTP::Cookie.parse('a4=b; domain=example.com; path=/dir2/',
+      HTTP::Cookie.parse('a3=b; domain=example.com; path=/dir2/',
         URI('http://example.com/dir/file.html')).first => {
         true => [
           'https://example.com/dir2/test.html',
@@ -1022,7 +1047,19 @@ class TestHTTPCookie < Test::Unit::TestCase
           'file:///dir2/test.html',
         ]
       },
-      HTTP::Cookie.parse('a4=b; secure',
+      HTTP::Cookie.parse('a4=b; domain=example.com; path=/dir2[]/',
+        HTTP::Cookie::URIParser.parse('http://example.com/dir[]/file.html')).first => {
+        true => [
+          HTTP::Cookie::URIParser.parse('https://example.com/dir2[]/file.html'),
+          HTTP::Cookie::URIParser.parse('http://example.com/dir2[]/file.html'),
+        ],
+        false => [
+          HTTP::Cookie::URIParser.parse('https://example.com/dir[]/file.html'),
+          HTTP::Cookie::URIParser.parse('http://example.com/dir[]/file.html'),
+          'file:///dir2/test.html',
+        ]
+      },
+      HTTP::Cookie.parse('a5=b; secure',
         URI('https://example.com/dir/file.html')).first => {
         true => [
           'https://example.com/dir/test.html',
@@ -1034,7 +1071,7 @@ class TestHTTPCookie < Test::Unit::TestCase
           'file:///dir2/test.html',
         ]
       },
-      HTTP::Cookie.parse('a5=b',
+      HTTP::Cookie.parse('a6=b',
         URI('https://example.com/')).first => {
         true => [
           'https://example.com',
@@ -1043,7 +1080,7 @@ class TestHTTPCookie < Test::Unit::TestCase
           'file:///',
         ]
       },
-      HTTP::Cookie.parse('a6=b; path=/dir',
+      HTTP::Cookie.parse('a7=b; path=/dir',
         'http://example.com/dir/file.html').first => {
         true => [
           'http://example.com/dir',
@@ -1069,7 +1106,7 @@ class TestHTTPCookie < Test::Unit::TestCase
       hash.each { |expected, urls|
         urls.each { |url|
           assert_equal expected, cookie.valid_for_uri?(url), '%s: %s' % [cookie.name, url]
-          assert_equal expected, cookie.valid_for_uri?(URI(url)), "%s: URI(%s)" % [cookie.name, url]
+          assert_equal expected, cookie.valid_for_uri?(HTTP::Cookie::URIParser.parse(url)), "%s: URI(%s)" % [cookie.name, url]
         }
       }
     }

data/test/test_http_cookie_jar.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 require File.expand_path('helper', File.dirname(__FILE__))
 require 'tmpdir'
 
@@ -9,6 +10,13 @@ module TestHTTPCookieJar
       }
     end
 
+    def test_nonexistent_store_in_config
+      expected = /cookie store unavailable: :nonexistent, error: (cannot load|no such file to load) .*nonexistent_store/
+      assert_raise_with_message(ArgumentError, expected) {
+        HTTP::CookieJar.new(store: :nonexistent)
+      }
+    end
+
     def test_erroneous_store
       Dir.mktmpdir { |dir|
         Dir.mkdir(File.join(dir, 'http'))
@@ -465,7 +473,7 @@ module TestHTTPCookieJar
     end
 
     def test_save_and_read_cookiestxt
-      url = URI 'http://rubyforge.org/foo/'
+      url = HTTP::Cookie::URIParser.parse('https://rubyforge.org/foo[]/')
 
       # Add one cookie with an expiration date in the future
       cookie = HTTP::Cookie.new(cookie_values)
@@ -474,7 +482,7 @@ module TestHTTPCookieJar
           :expires => nil))
       cookie2 = HTTP::Cookie.new(cookie_values(:name => 'Baz',
           :value => 'Foo#Baz',
-          :path => '/foo/',
+          :path => '/foo[]/',
           :for_domain => false))
       h_cookie = HTTP::Cookie.new(cookie_values(:name => 'Quux',
           :value => 'Foo#Quux',
@@ -523,7 +531,7 @@ module TestHTTPCookieJar
             assert_equal 'Foo#Baz', cookie.value
             assert_equal 'rubyforge.org', cookie.domain
             assert_equal false, cookie.for_domain
-            assert_equal '/foo/', cookie.path
+            assert_equal '/foo[]/', cookie.path
             assert_equal false, cookie.httponly?
           when 'Quux'
             assert_equal 'Foo#Quux', cookie.value
@@ -656,6 +664,34 @@ module TestHTTPCookieJar
       assert_equal(0, @jar.cookies(url).length)
     end
 
+    def test_non_rfc3986_compliant_paths
+      url = HTTP::Cookie::URIParser.parse('http://RubyForge.org/login[]')
+
+      values = cookie_values(:path => "/login[]", :expires => nil, :origin => url)
+
+      # Add one cookie with an expiration date in the future
+      cookie = HTTP::Cookie.new(values)
+      @jar.add(cookie)
+      assert_equal(1, @jar.cookies(url).length)
+
+      # Add a second cookie
+      @jar.add(HTTP::Cookie.new(values.merge( :name => 'Baz' )))
+      assert_equal(2, @jar.cookies(url).length)
+
+      # Make sure we don't get the cookie in a different path
+      assert_equal(0, @jar.cookies(HTTP::Cookie::URIParser.parse('http://RubyForge.org/hello[]')).length)
+      assert_equal(0, @jar.cookies(HTTP::Cookie::URIParser.parse('http://RubyForge.org/')).length)
+
+      # Expire the first cookie
+      @jar.add(HTTP::Cookie.new(values.merge( :expires => Time.now - (10 * 86400))))
+      assert_equal(1, @jar.cookies(url).length)
+
+      # Expire the second cookie
+      @jar.add(HTTP::Cookie.new(values.merge( :name => 'Baz',
+            :expires => Time.now - (10 * 86400))))
+      assert_equal(0, @jar.cookies(url).length)
+    end
+
     def test_ssl_cookies
       # thanks to michal "ocher" ochman for reporting the bug responsible for this test.
       values = cookie_values(:expires => nil)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http-cookie
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.0.8
 platform: ruby
 authors:
 - Akinori MUSHA
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-25 00:00:00.000000000 Z
+date: 2024-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: domain_name
@@ -127,6 +127,7 @@ extra_rdoc_files:
 - README.md
 - LICENSE.txt
 files:
+- ".github/CODEOWNERS"
 - ".github/workflows/ci.yml"
 - ".gitignore"
 - CHANGELOG.md
@@ -139,6 +140,7 @@ files:
 - lib/http/cookie.rb
 - lib/http/cookie/ruby_compat.rb
 - lib/http/cookie/scanner.rb
+- lib/http/cookie/uri_parser.rb
 - lib/http/cookie/version.rb
 - lib/http/cookie_jar.rb
 - lib/http/cookie_jar/abstract_saver.rb
@@ -171,7 +173,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.14
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: A Ruby library to handle HTTP Cookies based on RFC 6265