/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/*
* Copyright (C) 2010 Igalia S.L.
*/
#include "test-utils.h"
SoupServer *server;
SoupURI *first_party_uri, *third_party_uri;
const char *first_party = "http://127.0.0.1/";
const char *third_party = "http://localhost/";
static void
server_callback (SoupServer *server, SoupMessage *msg,
const char *path, GHashTable *query,
SoupClientContext *context, gpointer data)
{
if (g_str_equal (path, "/index.html")) {
soup_message_headers_replace (msg->response_headers,
"Set-Cookie",
"foo=bar");
} else if (g_str_equal (path, "/foo.jpg")) {
soup_message_headers_replace (msg->response_headers,
"Set-Cookie",
"baz=qux");
} else if (soup_message_headers_get_one (msg->request_headers,
"Echo-Set-Cookie")) {
soup_message_headers_replace (msg->response_headers,
"Set-Cookie",
soup_message_headers_get_one (msg->request_headers,
"Echo-Set-Cookie"));
}
soup_message_set_status (msg, SOUP_STATUS_OK);
}
typedef struct {
SoupCookieJarAcceptPolicy policy;
int n_cookies;
} CookiesForPolicy;
static const CookiesForPolicy validResults[] = {
{ SOUP_COOKIE_JAR_ACCEPT_ALWAYS, 2 },
{ SOUP_COOKIE_JAR_ACCEPT_NEVER, 0 },
{ SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY, 1 }
};
static void
do_cookies_accept_policy_test (void)
{
SoupSession *session;
SoupMessage *msg;
SoupURI *uri;
SoupCookieJar *jar;
GSList *l, *p;
int i;
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
soup_session_add_feature_by_type (session, SOUP_TYPE_COOKIE_JAR);
jar = SOUP_COOKIE_JAR (soup_session_get_feature (session, SOUP_TYPE_COOKIE_JAR));
for (i = 0; i < G_N_ELEMENTS (validResults); i++) {
soup_cookie_jar_set_accept_policy (jar, validResults[i].policy);
uri = soup_uri_new_with_base (first_party_uri, "/index.html");
msg = soup_message_new_from_uri ("GET", uri);
soup_message_set_first_party (msg, first_party_uri);
soup_session_send_message (session, msg);
soup_uri_free (uri);
g_object_unref (msg);
/* We can't use two servers due to limitations in
* test_server, so let's swap first and third party here
* to simulate a cookie coming from a third party.
*/
uri = soup_uri_new_with_base (first_party_uri, "/foo.jpg");
msg = soup_message_new_from_uri ("GET", uri);
soup_message_set_first_party (msg, third_party_uri);
soup_session_send_message (session, msg);
soup_uri_free (uri);
g_object_unref (msg);
l = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (l), ==, validResults[i].n_cookies);
for (p = l; p; p = p->next) {
soup_cookie_jar_delete_cookie (jar, p->data);
soup_cookie_free (p->data);
}
g_slist_free (l);
}
soup_test_session_abort_unref (session);
}
static void
do_cookies_subdomain_policy_test (void)
{
SoupCookieJar *jar;
GSList *cookies;
SoupURI *uri1;
SoupURI *uri2;
SoupURI *uri3;
g_test_bug ("792130");
/* Only the base domain should be considered when deciding
* whether a cookie is a third-party cookie.
*/
uri1 = soup_uri_new ("https://www.gnome.org");
uri2 = soup_uri_new ("https://foundation.gnome.org");
uri3 = soup_uri_new ("https://www.gnome.org.");
/* We can't check subdomains with a test server running on
* localhost, so we'll just check the cookie jar API itself.
*/
/* Cookie should be accepted. One cookie in the jar. */
jar = soup_cookie_jar_new ();
soup_cookie_jar_set_accept_policy (jar, SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY);
soup_cookie_jar_set_cookie_with_first_party (jar, uri1, uri2, "1=foo");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 1);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* Cookie should be accepted. Two cookies in the jar. */
soup_cookie_jar_set_cookie_with_first_party (jar, uri2, uri1, "2=foo");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 2);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* Third-party cookie should be rejected, so there are still
* only two cookies in the jar.
*/
soup_cookie_jar_set_cookie_with_first_party (jar, third_party_uri, uri1, "3=foo");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 2);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* Now some Domain attribute tests.*/
soup_cookie_jar_set_accept_policy (jar, SOUP_COOKIE_JAR_ACCEPT_ALWAYS);
/* The cookie must be rejected if the Domain is not an appropriate
* match for the URI. Still two cookies in the jar.
*/
soup_cookie_jar_set_cookie (jar, uri1, "4=foo; Domain=gitlab.gnome.org");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 2);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* Now the Domain is an appropriate match. Three cookies in the jar. */
soup_cookie_jar_set_cookie (jar, uri1, "5=foo; Domain=gnome.org");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 3);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* A leading dot in the domain property should not affect things.
* This cookie should be accepted. Four cookies in the jar.
*/
soup_cookie_jar_set_cookie (jar, uri1, "6=foo; Domain=.www.gnome.org");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 4);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* The cookie must be rejected if the Domain ends in a trailing dot
* but the uri doesn't.
*/
soup_cookie_jar_set_cookie (jar, uri1, "7=foo; Domain=www.gnome.org.");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 4);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* The cookie should be accepted if both Domain and URI end with a trailing
* dot and they are a match. Five cookies in the jar.
*/
soup_cookie_jar_set_cookie (jar, uri3, "8=foo; Domain=gnome.org.");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 5);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* The cookie should be rejected if URI has trailing dot but Domain doesn't.
* Five cookies in the jar.
*/
soup_cookie_jar_set_cookie (jar, uri3, "9=foo; Domain=gnome.org");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 5);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* It should not be possible to set a cookie for a TLD. Still five
* cookies in the jar.
*/
soup_cookie_jar_set_cookie (jar, uri1, "10=foo; Domain=.org");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 5);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
/* It should still not be possible to set a cookie for a TLD, even if
* we are tricksy and have a trailing dot. Still only five cookies.
*/
soup_cookie_jar_set_cookie (jar, uri3, "11=foo; Domain=.org.");
cookies = soup_cookie_jar_all_cookies (jar);
g_assert_cmpint (g_slist_length (cookies), ==, 5);
g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free);
soup_uri_free (uri1);
soup_uri_free (uri2);
soup_uri_free (uri3);
g_object_unref (jar);
}
/* FIXME: moar tests! */
static void
do_cookies_parsing_test (void)
{
SoupSession *session;
SoupMessage *msg;
SoupCookieJar *jar;
GSList *cookies, *iter;
SoupCookie *cookie;
gboolean got1, got2, got3;
g_test_bug ("678753");
session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
soup_session_add_feature_by_type (session, SOUP_TYPE_COOKIE_JAR);
jar = SOUP_COOKIE_JAR (soup_session_get_feature (session, SOUP_TYPE_COOKIE_JAR));
/* "httponly" is case-insensitive, and its value (if any) is ignored */
msg = soup_message_new_from_uri ("GET", first_party_uri);
soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
"one=1; httponly; max-age=100");
soup_session_send_message (session, msg);
g_object_unref (msg);
msg = soup_message_new_from_uri ("GET", first_party_uri);
soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
"two=2; HttpOnly; max-age=100");
soup_session_send_message (session, msg);
g_object_unref (msg);
msg = soup_message_new_from_uri ("GET", first_party_uri);
soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
"three=3; httpONLY=Wednesday; max-age=100");
soup_session_send_message (session, msg);
g_object_unref (msg);
cookies = soup_cookie_jar_get_cookie_list (jar, first_party_uri, TRUE);
got1 = got2 = got3 = FALSE;
for (iter = cookies; iter; iter = iter->next) {
cookie = iter->data;
if (!strcmp (soup_cookie_get_name (cookie), "one")) {
got1 = TRUE;
g_assert_true (soup_cookie_get_http_only (cookie));
g_assert_true (soup_cookie_get_expires (cookie) != NULL);
} else if (!strcmp (soup_cookie_get_name (cookie), "two")) {
got2 = TRUE;
g_assert_true (soup_cookie_get_http_only (cookie));
g_assert_true (soup_cookie_get_expires (cookie) != NULL);
} else if (!strcmp (soup_cookie_get_name (cookie), "three")) {
got3 = TRUE;
g_assert_true (soup_cookie_get_http_only (cookie));
g_assert_true (soup_cookie_get_expires (cookie) != NULL);
} else {
soup_test_assert (FALSE, "got unexpected cookie '%s'",
soup_cookie_get_name (cookie));
}
soup_cookie_free (cookie);
}
g_slist_free (cookies);
g_assert_true (got1);
g_assert_true (got2);
g_assert_true (got3);
soup_test_session_abort_unref (session);
}
static void
do_cookies_parsing_nopath_nullorigin (void)
{
SoupCookie *cookie = soup_cookie_parse ("NAME=Value", NULL);
g_assert_nonnull (cookie);
g_assert_cmpstr ("/", ==, soup_cookie_get_path (cookie));
soup_cookie_free (cookie);
}
int
main (int argc, char **argv)
{
SoupURI *server_uri;
int ret;
test_init (argc, argv, NULL);
server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD);
soup_server_add_handler (server, NULL, server_callback, NULL, NULL);
server_uri = soup_test_server_get_uri (server, "http", NULL);
first_party_uri = soup_uri_new (first_party);
third_party_uri = soup_uri_new (third_party);
soup_uri_set_port (first_party_uri, server_uri->port);
soup_uri_set_port (third_party_uri, server_uri->port);
g_test_add_func ("/cookies/accept-policy", do_cookies_accept_policy_test);
g_test_add_func ("/cookies/accept-policy-subdomains", do_cookies_subdomain_policy_test);
g_test_add_func ("/cookies/parsing", do_cookies_parsing_test);
g_test_add_func ("/cookies/parsing/no-path-null-origin", do_cookies_parsing_nopath_nullorigin);
ret = g_test_run ();
soup_uri_free (first_party_uri);
soup_uri_free (third_party_uri);
soup_uri_free (server_uri);
soup_test_server_quit_unref (server);
test_cleanup ();
return ret;
}