http-cookie 0.1.5 → 1.0.0.pre1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c45ee093b1364bc1ce8c5c4120a4f4fae298a5e6
-  data.tar.gz: d007f3979523ad48a557281b99292d660a5d781b
+  metadata.gz: 9f5ccaec04a2b731f1120d21079f05fda32dc05f
+  data.tar.gz: aea993fb843b5218522f7a12adf189112dd8a477
 SHA512:
-  metadata.gz: 62257900f2b0e4ffad506bff326f11b724ebcb0f3495cdc156338188efc8db7c4bfb49d155ae43ea50889f5e0acb4059586f016a0c5fd84f659e58605b512d49
-  data.tar.gz: c3f9f8a5deafe3335063e8cf3b09d054da55d01729b47e7b55171e06585b8e270da021bcea1804132b0fabe855b90d3d21c2cc333913b7283c318167f799496b
+  metadata.gz: f02c9afbb827b9a35e2417e4104488d3cfc237ac9ec8007c6b77b96b61c2b5c1f3a74f10660211ff1e4e2ee5000f28ddb1052148ce3cba5ccc1d2d3d49e135a8
+  data.tar.gz: 8316457b65faeb9d19449bf49e11b920d53d9c5c8e37edf8d99d02b32fcf30350dff5c270cad654a8e0d4dcc45950894d59496450a7fde2f14e339a1b5b0d077

data/.travis.yml

@@ -1,12 +1,14 @@
 language: ruby
 rvm:
   - 1.8.7
+  - ree
   - 1.9.2
   - 1.9.3
   - 2.0.0
-  - ree
+  - ruby-head
   - jruby-18mode
   - jruby-19mode
+  - jruby-head
   - rbx-18mode
   - rbx-19mode
 matrix:

data/lib/http/cookie.rb

@@ -1,3 +1,4 @@
+# :markup: markdown
 require 'http/cookie/version'
 require 'time'
 require 'uri'
@@ -7,11 +8,12 @@ module HTTP
   autoload :CookieJar, 'http/cookie_jar'
 end
 
-# In Ruby < 1.9.3 URI() does not accept an URI object.
+# In Ruby < 1.9.3 URI() does not accept a URI object.
 if RUBY_VERSION < "1.9.3"
   begin
     URI(URI(''))
   rescue
+    # :nodoc:
     def URI(url)
       url.is_a?(URI) ? url : URI.parse(url)
     end
@@ -20,13 +22,17 @@ end
 
 # This class is used to represent an HTTP Cookie.
 class HTTP::Cookie
-  # Maximum number of bytes per cookie (RFC 6265 6.1 requires 4096 at least)
+  # Maximum number of bytes per cookie (RFC 6265 6.1 requires 4096 at
+  # least)
   MAX_LENGTH = 4096
-  # Maximum number of cookies per domain (RFC 6265 6.1 requires 50 at least)
+  # Maximum number of cookies per domain (RFC 6265 6.1 requires 50 at
+  # least)
   MAX_COOKIES_PER_DOMAIN = 50
-  # Maximum number of cookies total (RFC 6265 6.1 requires 3000 at least)
+  # Maximum number of cookies total (RFC 6265 6.1 requires 3000 at
+  # least)
   MAX_COOKIES_TOTAL = 3000
 
+  # :stopdoc:
   UNIX_EPOCH = Time.at(0)
 
   PERSISTENT_PROPERTIES = %w[
@@ -52,31 +58,91 @@ class HTTP::Cookie
     end
     private :check_string_type
   end
+  # :startdoc:
 
-  attr_reader :name, :domain, :path, :origin
-  attr_accessor :secure, :httponly, :value, :version
-  attr_reader :domain_name, :expires
-  attr_accessor :comment, :max_age
+  # The cookie name.  It may not be nil or empty.
+  #
+  # Trying to set a value with the normal setter method will raise
+  # ArgumentError only when it contains any of these characters:
+  # control characters (\x00-\x1F and \x7F), space and separators
+  # `,;\"=`.
+  #
+  # Note that RFC 6265 4.1.1 lists more characters disallowed for use
+  # in a cookie name, which are these: `<>@:/[]?{}`.  Using these
+  # characters will reduce interoperability.
+  #
+  # :attr_accessor: name
+
+  # The cookie value.
+  #
+  # Trying to set a value with the normal setter method will raise an
+  # ArgumentError only when it contains any of these characters:
+  # control characters (\x00-\x1F and \x7F).
+  #
+  # Note that RFC 6265 4.1.1 lists more characters disallowed for use
+  # in a cookie value, which are these: ` ",;\`.  Using these
+  # characters will reduce interoperability.
+  #
+  # :attr_accessor: value
 
-  attr_accessor :session
+  # The cookie domain.
+  #
+  # Setting a domain with a leading dot implies that the #for_domain
+  # flag should be turned on.  The setter accepts a `DomainName`
+  # object as well as a string-like.
+  #
+  # :attr_accessor: domain
 
-  attr_accessor :created_at
-  attr_accessor :accessed_at
+  # The path attribute value.
+  #
+  # The setter treats an empty path ("") as the root path ("/").
+  #
+  # :attr_accessor: path
+
+  # The origin of the cookie.
+  #
+  # Setting this will initialize the #domain and #path attribute
+  # values if unknown yet.
+  #
+  # :attr_accessor: origin
+
+  # The Expires attribute value as a Time object.
+  #
+  # The setter method accepts a Time object, a string representation
+  # of date/time, or `nil`.
+  #
+  # Note that #max_age and #expires are mutually exclusive.  Setting
+  # \#max_age resets #expires to nil, and vice versa.
+  #
+  # :attr_accessor: expires
+
+  # The Max-Age attribute value as an integer, the number of seconds
+  # before expiration.
+  #
+  # The setter method accepts an integer, or a string-like that
+  # represents an integer which will be stringified and then
+  # integerized using #to_i.
+  #
+  # Note that #max_age and #expires are mutually exclusive.  Setting
+  # \#max_age resets #expires to nil, and vice versa.
+  #
+  # :attr_accessor: max_age
 
   # :call-seq:
   #     new(name, value)
   #     new(name, value, attr_hash)
   #     new(attr_hash)
   #
-  # Creates a cookie object.  For each key of +attr_hash+, the setter
+  # Creates a cookie object.  For each key of `attr_hash`, the setter
   # is called if defined.  Each key can be either a symbol or a
   # string, downcased or not.
   #
   # This methods accepts any attribute name for which a setter method
-  # is defined.  Beware, however, any error (typically ArgumentError)
-  # a setter method raises will be passed through.
+  # is defined.  Beware, however, any error (typically
+  # `ArgumentError`) a setter method raises will be passed through.
   #
   # e.g.
+  #
   #     new("uid", "a12345")
   #     new("uid", "a12345", :domain => 'example.org',
   #                          :for_domain => true, :expired => Time.now + 7*86400)
@@ -86,11 +152,12 @@ class HTTP::Cookie
     @version = 0     # Netscape Cookie
 
     @origin = @domain = @path =
-      @secure = @httponly =
       @expires = @max_age =
       @comment = nil
-
+    @secure = @httponly = false
+    @session = true
     @created_at = @accessed_at = Time.now
+
     case args.size
     when 2
       self.name, self.value = *args
@@ -129,45 +196,43 @@ class HTTP::Cookie
     end
   end
 
-  # If this flag is true, this cookie will be sent to any host in the
-  # +domain+.  If it is false, this cookie will be sent only to the
-  # host indicated by the +domain+.
-  attr_accessor :for_domain
-  alias for_domain? for_domain
+  autoload :Scanner, 'http/cookie/scanner'
 
   class << self
-    include URIFix if defined?(URIFix)
-
-    # Normalizes a given path.  If it is empty, the root path '/' is
-    # returned.  If a URI object is given, returns a new URI object
-    # with the path part normalized.
-    def normalize_path(uri)
-      # Currently does not replace // to /
-      case uri
-      when URI
-        uri.path.empty? ? uri + '/' : uri
-      else
-        uri.empty? ? '/' : uri
-      end
+    # Normalizes a given path.  If it is empty or it is a relative
+    # path, the root path '/' is returned.
+    #
+    # If a URI object is given, returns a new URI object with the path
+    # part normalized.
+    def normalize_path(path)
+      return path + normalize_path(path.path) if URI === path
+      # RFC 6265 5.1.4
+      path.start_with?('/') ? path : '/'
     end
 
-    # Parses a Set-Cookie header value +set_cookie+ into an array of
+    # Parses a Set-Cookie header value `set_cookie` into an array of
     # Cookie objects.  Parts (separated by commas) that are malformed
     # or invalid are silently ignored.  For example, a cookie that a
     # given origin is not allowed to issue is not included in the
     # resulted array.
     #
+    # Any Max-Age attribute value found is converted to an expires
+    # value computing from the current time so that expiration check
+    # (#expired?) can be performed.
+    #
     # If a block is given, each cookie object is passed to the block.
     #
     # Available option keywords are below:
     #
-    # * +origin+
-    #   The cookie's origin URI/URL
-    # * +date+
-    #   The base date used for interpreting Max-Age attribute values
+    # `origin`
+    # : The cookie's origin URI/URL
+    #
+    # `date`
+    # : The base date used for interpreting Max-Age attribute values
     #   instead of the current time
-    # * +logger+
-    #   Logger object useful for debugging
+    #
+    # `logger`
+    # : Logger object useful for debugging
     def parse(set_cookie, options = nil, *_, &block)
       _.empty? && !options.is_a?(String) or
         raise ArgumentError, 'HTTP::Cookie equivalent for Mechanize::Cookie.parse(uri, set_cookie[, log]) is HTTP::Cookie.parse(set_cookie, :origin => uri[, :logger => log]).'
@@ -180,83 +245,44 @@ class HTTP::Cookie
       date ||= Time.now
 
       [].tap { |cookies|
-        # The expires attribute may include a comma in the value.
-        set_cookie.split(/,(?=[^;,]*=|\s*\z)/).each { |c|
-          if c.bytesize > MAX_LENGTH
-            logger.warn("Cookie definition too long: #{c}") if logger
-            next
-          end
-
-          first_elem, *cookie_elem = c.split(/;+/)
-          first_elem.strip!
-          key, value = first_elem.split(/\=/, 2)
+        s = Scanner.new(set_cookie, logger)
+        until s.eos?
+          name, value, attrs = s.scan_cookie
+          break if name.nil? || name.empty?
 
-          begin
-            cookie = new(key, value.dup)
-          rescue
-            logger.warn("Couldn't parse key/value: #{first_elem}") if logger
-            next
-          end
-
-          cookie_elem.each do |pair|
-            pair.strip!
-            key, value = pair.split(/=/, 2) #/)
-            next unless key
-            case value # may be nil
-            when /\A"(.*)"\z/
-              value = $1.gsub(/\\(.)/, "\\1")
-            end
-
-            case key.downcase
-            when 'domain'
-              next unless value && !value.empty?
-              begin
-                cookie.domain = value
+          cookie = new(name, value)
+          attrs.each { |aname, avalue|
+            begin
+              case aname
+              when 'domain'
+                cookie.domain = avalue
                 cookie.for_domain = true
-              rescue
-                logger.warn("Couldn't parse domain: #{value}") if logger
-              end
-            when 'path'
-              next unless value && !value.empty?
-              cookie.path = value
-            when 'expires'
-              next unless value && !value.empty?
-              begin
-                cookie.expires = Time.parse(value)
-              rescue
-                logger.warn("Couldn't parse expires: #{value}") if logger
-              end
-            when 'max-age'
-              next unless value && !value.empty?
-              begin
-                cookie.max_age = Integer(value)
-              rescue
-                logger.warn("Couldn't parse max age '#{value}'") if logger
-              end
-            when 'comment'
-              next unless value
-              cookie.comment = value
-            when 'version'
-              next unless value
-              begin
-                cookie.version = Integer(value)
-              rescue
-                logger.warn("Couldn't parse version '#{value}'") if logger
-                cookie.version = nil
+              when 'path'
+                cookie.path = avalue
+              when 'expires'
+                # RFC 6265 4.1.2.2
+                # The Max-Age attribute has precedence over the Expires
+                # attribute.
+                cookie.expires = avalue unless cookie.max_age
+              when 'max-age'
+                cookie.max_age = avalue
+              when 'comment'
+                cookie.comment = avalue
+              when 'version'
+                cookie.version = avalue
+              when 'secure'
+                cookie.secure = avalue
+              when 'httponly'
+                cookie.httponly = avalue
               end
-            when 'secure'
-              cookie.secure = true
-            when 'httponly'
-              cookie.httponly = true
+            rescue => e
+              logger.warn("Couldn't parse #{aname} '#{avalue}': #{e}") if logger
             end
-          end
-
-          cookie.secure   ||= false
-          cookie.httponly ||= false
+          }
 
-          # RFC 6265 4.1.2.2
-          cookie.expires    = date + cookie.max_age if cookie.max_age
-          cookie.session    = !cookie.expires
+          # Have `expires` set instead of `max_age`, so that
+          # expiration check (`expired?`) can be performed.
+          cookie.expires = date + cookie.max_age if cookie.max_age
 
           if origin
             begin
@@ -270,22 +296,46 @@ class HTTP::Cookie
           yield cookie if block_given?
 
           cookies << cookie
-        }
+        end
       }
     end
   end
 
+  attr_reader :name
+
+  # See #name.
   def name=(name)
-    if name.nil? || name.empty?
+    name = check_string_type(name) or
+      raise TypeError, "#{name.class} is not a String"
+    if name.empty?
       raise ArgumentError, "cookie name cannot be empty"
-    elsif name.match(/[\x00-\x1F=\x7F]/)
-      raise ArgumentError, "cookie name cannot contain a control character or an equal sign"
+    elsif name.match(/[\x00-\x20\x7F,;\\"=]/)
+      raise ArgumentError, "invalid cookie name"
     end
+    # RFC 6265 4.1.1
+    # cookie-name may not match:
+    # /[\x00-\x20\x7F()<>@,;:\\"\/\[\]?={}]/
     @name = name
   end
 
-  # Sets the domain attribute.  A leading dot in +domain+ implies
-  # turning the +for_domain?+ flag on.
+  attr_reader :value
+
+  # See #value.
+  def value=(value)
+    value = check_string_type(value) or
+      raise TypeError, "#{value.class} is not a String"
+    if value.match(/[\x00-\x1F\x7F]/)
+      raise ArgumentError, "invalid cookie value"
+    end
+    # RFC 6265 4.1.1
+    # cookie-name may not match:
+    # /[^\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]/
+    @value = value
+  end
+
+  attr_reader :domain
+
+  # See #domain.
   def domain=(domain)
     if DomainName === domain
       @domain_name = domain
@@ -310,13 +360,29 @@ class HTTP::Cookie
     raise NoMethodError, 'HTTP::Cookie equivalent for Mechanize::CookieJar#set_domain() is #domain=().'
   end
 
-  # Sets the path attribute.
+  # Returns the domain attribute value as a DomainName object.
+  attr_reader :domain_name
+
+  # The domain flag.
+  #
+  # If this flag is true, this cookie will be sent to any host in the
+  # \#domain, including the host domain itself.  If it is false, this
+  # cookie will be sent only to the host indicated by the #domain.
+  attr_accessor :for_domain
+  alias for_domain? for_domain
+
+  attr_reader :path
+
+  # See #path.
   def path=(path)
+    path = check_string_type(path) or
+      raise TypeError, "#{path.class} is not a String"
     @path = HTTP::Cookie.normalize_path(path)
   end
 
-  # Sets the origin of the cookie.  This initializes the `domain` and
-  # `path` attribute values if unknown yet.
+  attr_reader :origin
+
+  # See #origin.
   def origin=(origin)
     @origin.nil? or
       raise ArgumentError, "origin cannot be changed once it is set"
@@ -328,14 +394,58 @@ class HTTP::Cookie
     @origin = origin
   end
 
-  # Sets the expires attribute.  A `Time` object, a string
-  # representation of date/time, and `nil` are good values to set.
+  # The secure flag.
+  #
+  # A cookie with this flag on should only be sent via a secure
+  # protocol like HTTPS.
+  attr_accessor :secure
+  alias secure? secure
+
+  # The HttpOnly flag.
+  #
+  # A cookie with this flag on should be hidden from a client script.
+  attr_accessor :httponly
+  alias httponly? httponly
+
+  # The session flag.
+  #
+  # A cookie with this flag on should be hidden from a client script.
+  attr_reader :session
+  alias session? session
+
+  attr_reader :expires
+
+  # See #expires.
   def expires=(t)
     case t
     when nil, Time
-      @expires = t
     else
-      @expires = Time.parse(t)
+      t = Time.parse(t)
+    end
+    @max_age = nil
+    @session = t.nil?
+    @expires = t
+  end
+
+  alias expires_at expires
+  alias expires_at= expires=
+
+  attr_reader :max_age
+
+  # See #max_age.
+  def max_age=(sec)
+    @expires = nil
+    case sec
+    when Integer, nil
+    else
+      str = check_string_type(sec) or
+        raise TypeError, "#{sec.class} is not an Integer or String"
+      sec = str.to_i
+    end
+    if @session = sec.nil?
+      @max_age = nil
+    else
+      @max_age = sec
     end
   end
 
@@ -347,17 +457,26 @@ class HTTP::Cookie
 
   # Expires this cookie by setting the expires attribute value to a
   # past date.
-  def expire
-    @expires = UNIX_EPOCH
+  def expire!
+    self.expires = UNIX_EPOCH
     self
   end
 
-  alias secure? secure
-  alias httponly? httponly
-  alias session? session
+  # The version attribute.  The only known version of the cookie
+  # format is 0.
+  attr_accessor :version
+
+  # The comment attribute.
+  attr_accessor :comment
+
+  # The time this cookie was created at.
+  attr_accessor :created_at
+
+  # The time this cookie was last accessed at.
+  attr_accessor :accessed_at
 
   # Tests if it is OK to accept this cookie if it is sent from a given
-  # +uri.
+  # `uri`.
   def acceptable_from_uri?(uri)
     uri = URI(uri)
     return false unless URI::HTTP === uri && uri.host
@@ -377,7 +496,7 @@ class HTTP::Cookie
     end
   end
 
-  # Tests if it is OK to send this cookie to a given +uri+, A runtime
+  # Tests if it is OK to send this cookie to a given `uri`.  A runtime
   # error is raised if the cookie's domain is unknown.
   def valid_for_uri?(uri)
     if @domain.nil?
@@ -405,28 +524,37 @@ class HTTP::Cookie
     origin = origin ? URI(origin) : @origin or
       raise "origin must be specified to produce a value for Set-Cookie"
 
-    string = cookie_value
+    string = "#{@name}=#{Scanner.quote(@value)}"
     if @for_domain || @domain != DomainName.new(origin.host).hostname
-      string << "; domain=#{@domain}"
+      string << "; Domain=#{@domain}"
     end
     if (HTTP::Cookie.normalize_path(origin) + './').path != @path
-      string << "; path=#{@path}"
+      string << "; Path=#{@path}"
     end
-    if @expires
-      string << "; expires=#{@expires.httpdate}"
+    if @max_age
+      string << "; Max-Age=#{@max_age}"
+    elsif @expires
+      string << "; Expires=#{@expires.httpdate}"
     end
     if @comment
-      string << "; comment=#{@comment}"
+      string << "; Comment=#{Scanner.quote(@comment)}"
     end
     if @httponly
       string << "; HttpOnly"
     end
     if @secure
-      string << "; secure"
+      string << "; Secure"
     end
     string
   end
 
+  def inspect
+    '#<%s:' % self.class << PERSISTENT_PROPERTIES.map { |key|
+      '%s=%s' % [key, instance_variable_get(:"@#{key}").inspect]
+    }.join(', ') << ' origin=%s>' % [@origin ? @origin.to_s : 'nil']
+
+  end
+
   # Compares the cookie with another.  When there are many cookies with
   # the same name for a URL, the value of the smallest must be used.
   def <=>(other)
@@ -461,7 +589,7 @@ class HTTP::Cookie
     map.each { |key, value|
       case key
       when *PERSISTENT_PROPERTIES
-        send(:"#{key}=", value)
+        __send__(:"#{key}=", value)
       end
     }
   end

data/lib/http/cookie/scanner.rb

@@ -0,0 +1,215 @@
+require 'http/cookie'
+require 'strscan'
+require 'time'
+
+class HTTP::Cookie::Scanner < StringScanner
+  # Whitespace.
+  RE_WSP = /[ \t]+/
+
+  # A pattern that matches a cookie name or attribute name which may
+  # be empty, capturing trailing whitespace.
+  RE_NAME = /(?!#{RE_WSP})[^,;\\"=]*/
+
+  RE_BAD_CHAR = /([\x00-\x20\x7F",;\\])/
+
+  # A pattern that matches the comma in a (typically date) value.
+  RE_COOKIE_COMMA = /,(?=#{RE_WSP}?#{RE_NAME}=)/
+
+  def initialize(string, logger = nil)
+    @logger = logger
+    super(string)
+  end
+
+  class << self
+    def quote(s)
+      return s unless s.match(RE_BAD_CHAR)
+      '"' << s.gsub(RE_BAD_CHAR, "\\\\\\1") << '"'
+    end
+  end
+
+  def skip_wsp
+    skip(RE_WSP)
+  end
+
+  def scan_dquoted
+    ''.tap { |s|
+      case
+      when skip(/"/)
+        break
+      when skip(/\\/)
+        s << getch
+      when scan(/[^"\\]+/)
+        s << matched
+      end until eos?
+    }
+  end
+
+  def scan_name
+    scan(RE_NAME).tap { |s|
+      s.rstrip! if s
+    }
+  end
+
+  def scan_value
+    ''.tap { |s|
+      case
+      when scan(/[^,;"]+/)
+        s << matched
+      when skip(/"/)
+        # RFC 6265 2.2
+        # A cookie-value may be DQUOTE'd.
+        s << scan_dquoted
+      when check(/;|#{RE_COOKIE_COMMA}/o)
+        break
+      else
+        s << getch
+      end until eos?
+      s.rstrip!
+    }
+  end
+
+  def scan_name_value
+    name = scan_name
+    if skip(/\=/)
+      value = scan_value
+    else
+      scan_value
+      value = nil
+    end
+    [name, value]
+  end
+
+  if Time.respond_to?(:strptime)
+    def tuple_to_time(day_of_month, month, year, time)
+      Time.strptime(
+        '%02d %s %04d %02d:%02d:%02d UTC' % [day_of_month, month, year, *time],
+        '%d %b %Y %T %Z'
+      ).tap { |date|
+        date.day == day_of_month or return nil
+      }
+    end
+  else
+    def tuple_to_time(day_of_month, month, year, time)
+      Time.parse(
+        '%02d %s %04d %02d:%02d:%02d UTC' % [day_of_month, month, year, *time]
+      ).tap { |date|
+        date.day == day_of_month or return nil
+      }
+    end
+  end
+  private :tuple_to_time
+
+  def parse_cookie_date(s)
+    # RFC 6265 5.1.1
+    time = day_of_month = month = year = nil
+
+    s.split(/[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]+/).each { |token|
+      case
+      when time.nil? && token.match(/\A(\d{1,2}):(\d{1,2})(?::(\d{1,2}))?(?=\D|\z)/)
+        sec =
+          if $3
+            $3.to_i
+          else
+            # violation of the RFC
+            @logger.warn("Time lacks the second part: #{token}") if @logger
+            0
+          end
+        time = [$1.to_i, $2.to_i, sec]
+      when day_of_month.nil? && token.match(/\A(\d{1,2})(?=\D|\z)/)
+        day_of_month = $1.to_i
+      when month.nil? && token.match(/\A(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)/i)
+        month = $1.capitalize
+      when year.nil? && token.match(/\A(\d{2,4})(?=\D|\z)/)
+        year = $1.to_i
+      end
+    }
+
+    if day_of_month.nil? || month.nil? || year.nil? || time.nil?
+      return nil
+    end
+
+    case day_of_month
+    when 1..31
+    else
+      return nil
+    end
+
+    case year
+    when 100..1600
+      return nil
+    when 70..99
+      year += 1900
+    when 0..69
+      year += 2000
+    end
+
+    if (time <=> [23,59,59]) > 0
+      return nil
+    end
+
+    tuple_to_time(day_of_month, month, year, time)
+  end
+
+  def scan_cookie
+    # cf. RFC 6265 5.2
+    until eos?
+      start = pos
+      len = nil
+
+      skip_wsp
+
+      name, value = scan_name_value
+      if name.nil?
+        break
+      elsif value.nil?
+        @logger.warn("Cookie definition lacks a name-value pair.") if @logger
+      elsif name.empty?
+        @logger.warn("Cookie definition has an empty name.") if @logger
+        value = nil
+      end
+      attrs = {}
+
+      case
+      when skip(/,/)
+        len = (pos - 1) - start
+        break
+      when skip(/;/)
+        skip_wsp
+        aname, avalue = scan_name_value
+        break if aname.nil?
+        next if aname.empty? || value.nil?
+        aname.downcase!
+        case aname
+        when 'expires'
+          # RFC 6265 5.2.1
+          avalue &&= parse_cookie_date(avalue) or next
+        when 'max-age'
+          # RFC 6265 5.2.2
+          next unless /\A-?\d+\z/.match(avalue)
+        when 'domain'
+          # RFC 6265 5.2.3
+          # An empty value SHOULD be ignored.
+          next if avalue.nil? || avalue.empty?
+        when 'path'
+          # RFC 6265 5.2.4
+          # A relative path must be ignored rather than normalizing it
+          # to "/".
+          next unless /\A\//.match(avalue)
+        when 'secure', 'httponly'
+          # RFC 6265 5.2.5, 5.2.6
+          avalue = true
+        end
+        attrs[aname] = avalue
+      end until eos?
+
+      len ||= pos - start
+
+      if len > HTTP::Cookie::MAX_LENGTH
+        @logger.warn("Cookie definition too long: #{name}") if @logger
+        next
+      end
+
+      return [name, value, attrs] if value
+    end
+  end
+end

data/lib/http/cookie/version.rb

@@ -1,5 +1,5 @@
 module HTTP
   class Cookie
-    VERSION = "0.1.5"
+    VERSION = "1.0.0.pre1"
   end
 end

data/lib/http/cookie_jar.rb

@@ -224,7 +224,7 @@ class HTTP::CookieJar
   end
 
   # Used to exist in Mechanize::CookieJar.  Use #clear().
-  def clear!(*args)
+  def clear!
     raise NoMethodError, 'HTTP::Cookie equivalent for Mechanize::CookieJar#clear!() is #clear().'
   end
 

data/lib/http/cookie_jar/hash_store.rb

@@ -114,7 +114,7 @@ class HTTP::CookieJar
         if (debt = domain_cookies.size - HTTP::Cookie::MAX_COOKIES_PER_DOMAIN) > 0
           domain_cookies.sort_by!(&:created_at)
           domain_cookies.slice!(0, debt).each { |cookie|
-            add(cookie.expire)
+            add(cookie.expire!)
           }
         end
 
@@ -124,7 +124,7 @@ class HTTP::CookieJar
       if (debt = all_cookies.size - HTTP::Cookie::MAX_COOKIES_TOTAL) > 0
         all_cookies.sort_by!(&:created_at)
         all_cookies.slice!(0, debt).each { |cookie|
-          add(cookie.expire)
+          add(cookie.expire!)
         }
       end
 

data/test/test_http_cookie.rb

@@ -33,7 +33,7 @@ class TestHTTPCookie < Test::Unit::TestCase
               "Fri, 17 Mar 89 4:01:33",
               "Fri, 17 Mar 89 4:01 GMT",
               "Mon Jan 16 16:12 PDT 1989",
-              "Mon Jan 16 16:12 +0130 1989",
+              #"Mon Jan 16 16:12 +0130 1989",
               "6 May 1992 16:41-JST (Wednesday)",
               #"22-AUG-1993 10:59:12.82",
               "22-AUG-1993 10:59pm",
@@ -42,7 +42,7 @@ class TestHTTPCookie < Test::Unit::TestCase
               #"Friday, August 04, 1995 3:54 PM",
               #"06/21/95 04:24:34 PM",
               #"20/06/95 21:07",
-              "95-06-08 19:32:48 EDT",
+              #"95-06-08 19:32:48 EDT",
     ]
 
     dates.each do |date|
@@ -83,7 +83,7 @@ class TestHTTPCookie < Test::Unit::TestCase
   def test_parse_too_long_cookie
     uri = URI.parse 'http://example'
 
-    cookie_str = "foo=#{'クッキー' * 340}; path=/ab/"
+    cookie_str = "foo=#{'Cookie' * 680}; path=/ab/"
     assert_equal(HTTP::Cookie::MAX_LENGTH - 1, cookie_str.bytesize)
 
     assert_equal 1, HTTP::Cookie.parse(cookie_str, :origin => uri).size
@@ -101,7 +101,7 @@ class TestHTTPCookie < Test::Unit::TestCase
 
     assert_equal 1, HTTP::Cookie.parse(cookie_str, :origin => uri) { |cookie|
       assert_equal 'quoted', cookie.name
-      assert_equal '"value"', cookie.value
+      assert_equal 'value', cookie.value
       assert_equal 'comment is "comment"', cookie.comment
     }.size
   end
@@ -248,12 +248,14 @@ class TestHTTPCookie < Test::Unit::TestCase
       "no_path1=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT, no_expires=nope; Path=/, " \
       "no_path2=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path, " \
       "no_path3=no_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path=, " \
+      "rel_path1=rel_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path=foo/bar, " \
+      "rel_path1=rel_path; Expires=Sun, 06 Nov 2011 00:29:52 GMT; no_expires=nope; Path=foo, " \
       "no_domain1=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope, " \
       "no_domain2=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope; Domain, " \
       "no_domain3=no_domain; Expires=Sun, 06 Nov 2011 00:29:53 GMT; no_expires=nope; Domain="
 
     cookies = HTTP::Cookie.parse cookie_str, :origin => url
-    assert_equal 13, cookies.length
+    assert_equal 15, cookies.length
 
     name = cookies.find { |c| c.name == 'name' }
     assert_equal "Aaron",             name.value
@@ -277,6 +279,13 @@ class TestHTTPCookie < Test::Unit::TestCase
       assert_equal Time.at(1320539392), c.expires, c.name
     }
 
+    rel_path_cookies = cookies.select { |c| c.value == 'rel_path' }
+    assert_equal 2, rel_path_cookies.size
+    rel_path_cookies.each { |c|
+      assert_equal "/",                 c.path,    c.name
+      assert_equal Time.at(1320539392), c.expires, c.name
+    }
+
     no_domain_cookies = cookies.select { |c| c.value == 'no_domain' }
     assert_equal 3, no_domain_cookies.size
     no_domain_cookies.each { |c|
@@ -364,23 +373,32 @@ class TestHTTPCookie < Test::Unit::TestCase
 
   def test_set_cookie_value
     url = URI.parse('http://rubyforge.org/')
-    cookie_params = @cookie_params.merge('secure' => 'secure')
-    cookie_value = 'foo=bar'
 
-    cookie_params.keys.combine.each do |keys|
-      cookie_text = [cookie_value, *keys.map { |key| cookie_params[key] }].join('; ')
-      cookie, = HTTP::Cookie.parse(cookie_text, :origin => url)
-      cookie2, = HTTP::Cookie.parse(cookie.set_cookie_value, :origin => url)
-
-      assert_equal(cookie.name, cookie2.name)
-      assert_equal(cookie.value, cookie2.value)
-      assert_equal(cookie.domain, cookie2.domain)
-      assert_equal(cookie.for_domain?, cookie2.for_domain?)
-      assert_equal(cookie.path, cookie2.path)
-      assert_equal(cookie.expires, cookie2.expires)
-      assert_equal(cookie.secure?, cookie2.secure?)
-      assert_equal(cookie.httponly?, cookie2.httponly?)
-    end
+    ['foo=bar', 'foo="bar"', 'foo="ba\"r baz"'].each { |cookie_value|
+      cookie_params = @cookie_params.merge('secure' => 'secure', 'max-age' => 'Max-Age=1000')
+      date = Time.at(Time.now.to_i)
+      cookie_params.keys.combine.each do |keys|
+        cookie_text = [cookie_value, *keys.map { |key| cookie_params[key] }].join('; ')
+        cookie, = HTTP::Cookie.parse(cookie_text, :origin => url, :date => date)
+        cookie2, = HTTP::Cookie.parse(cookie.set_cookie_value, :origin => url, :date => date)
+
+        assert_equal(cookie.name, cookie2.name)
+        assert_equal(cookie.value, cookie2.value)
+        assert_equal(cookie.domain, cookie2.domain)
+        assert_equal(cookie.for_domain?, cookie2.for_domain?)
+        assert_equal(cookie.path, cookie2.path)
+        assert_equal(cookie.expires, cookie2.expires)
+        if keys.include?('max-age')
+          assert_equal(date + 1000, cookie2.expires)
+        elsif keys.include?('expires')
+          assert_equal(@expires, cookie2.expires)
+        else
+          assert_equal(nil, cookie2.expires)
+        end
+        assert_equal(cookie.secure?, cookie2.secure?)
+        assert_equal(cookie.httponly?, cookie2.httponly?)
+      end
+    }
   end
 
   def test_parse_cookie_no_spaces
@@ -445,6 +463,37 @@ class TestHTTPCookie < Test::Unit::TestCase
    }.merge(options)
   end
 
+  def test_bad_name
+    [
+      "a\tb", "a\vb", "a\rb", "a\nb", 'a b',
+      "a\\b", 'a"b', # 'a:b', 'a/b', 'a[b]',
+      'a=b', 'a,b', 'a;b',
+    ].each { |name|
+      assert_raises(ArgumentError) {
+        HTTP::Cookie.new(cookie_values(:name => name))
+      }
+      cookie = HTTP::Cookie.new(cookie_values)
+      assert_raises(ArgumentError) {
+        cookie.name = name
+      }
+    }
+  end
+
+  def test_bad_value
+    [
+      "a\tb", "a\vb", "a\rb", "a\nb",
+      "a\\b", 'a"b', # 'a:b', 'a/b', 'a[b]',
+    ].each { |name|
+      assert_raises(ArgumentError) {
+        HTTP::Cookie.new(cookie_values(:name => name))
+      }
+      cookie = HTTP::Cookie.new(cookie_values)
+      assert_raises(ArgumentError) {
+        cookie.name = name
+      }
+    }
+  end
+
   def test_compare
     time = Time.now
     cookies = [
@@ -466,10 +515,33 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal false, cookie.expired?
     assert_equal true, cookie.expired?(cookie.expires + 1)
     assert_equal false, cookie.expired?(cookie.expires - 1)
-    cookie.expire
+    cookie.expire!
     assert_equal true, cookie.expired?
   end
 
+  def test_session
+    cookie = HTTP::Cookie.new(cookie_values)
+
+    assert_equal false, cookie.session?
+    assert_equal nil, cookie.max_age
+
+    cookie.expires = nil
+    assert_equal true, cookie.session?
+    assert_equal nil, cookie.max_age
+
+    cookie.expires = Time.now + 3600
+    assert_equal false, cookie.session?
+    assert_equal nil, cookie.max_age
+
+    cookie.max_age = 3600
+    assert_equal false, cookie.session?
+    assert_equal nil, cookie.expires
+
+    cookie.max_age = nil
+    assert_equal true, cookie.session?
+    assert_equal nil, cookie.expires
+  end
+
   def test_equal
     assert_not_equal(HTTP::Cookie.new(cookie_values),
       HTTP::Cookie.new(cookie_values(:value => 'bar')))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http-cookie
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 1.0.0.pre1
 platform: ruby
 authors:
 - Akinori MUSHA
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-17 00:00:00.000000000 Z
+date: 2013-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: domain_name
@@ -116,6 +116,7 @@ files:
 - http-cookie.gemspec
 - lib/http-cookie.rb
 - lib/http/cookie.rb
+- lib/http/cookie/scanner.rb
 - lib/http/cookie/version.rb
 - lib/http/cookie_jar.rb
 - lib/http/cookie_jar/abstract_saver.rb
@@ -141,9 +142,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.3