Write unit tests for cookie isolation

author: João Oliveira <hello@jxs.pt> 2015-11-10 01:32:41 +0000
committer: João Oliveira <hello@jxs.pt> 2015-11-12 14:12:08 +0000
commit: 79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c (patch)
tree: e1ed6e62e89beadaf497f1ba9fdb1f3a17586570
parent: 49d48a8680003267f29ebf8cd47c244b07f4c4d2 (diff)
download: servo-79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c.tar.gz
servo-79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c.zip
1 files changed, 170 insertions, 0 deletions
diff --git a/tests/unit/net/http_loader.rs b/tests/unit/net/http_loader.rs
index 6aba4939c1e..e91d7d9eda6 100644
--- a/tests/unit/net/http_loader.rs
+++ b/tests/unit/net/http_loader.rs
@@ -241,6 +241,52 @@ fn assert_cookie_for_domain(cookie_jar: Arc<RwLock<CookieStorage>>, domain: &str
     }
 }
 
+struct AssertRequestMustNotHaveHeaders {
+    headers_not_expected: Vec<String>,
+    request_headers: Headers,
+    t: ResponseType
+}
+
+impl AssertRequestMustNotHaveHeaders {
+    fn new(t: ResponseType, headers_not_expected: Vec<String>) -> Self {
+        AssertRequestMustNotHaveHeaders {
+            headers_not_expected: headers_not_expected,
+            request_headers: Headers::new(), t: t }
+    }
+}
+
+impl HttpRequest for AssertRequestMustNotHaveHeaders {
+    type R = MockResponse;
+
+    fn headers_mut(&mut self) -> &mut Headers { &mut self.request_headers }
+
+    fn send(self, _: &Option<Vec<u8>>) -> Result<MockResponse, LoadError> {
+        for header in &self.headers_not_expected {
+            assert!(self.request_headers.get_raw(header).is_none());
+        }
+
+        response_for_request_type(self.t)
+    }
+}
+
+struct AssertMustNotHaveHeadersRequestFactory {
+    headers_not_expected: Vec<String>,
+    body: Vec<u8>
+}
+
+impl HttpRequestFactory for AssertMustNotHaveHeadersRequestFactory {
+    type R = AssertRequestMustNotHaveHeaders;
+
+    fn create(&self, _: Url, _: Method) -> Result<AssertRequestMustNotHaveHeaders, LoadError> {
+        Ok(
+            AssertRequestMustNotHaveHeaders::new(
+                ResponseType::Text(self.body.clone()),
+                self.headers_not_expected.clone()
+            )
+        )
+    }
+}
+
 struct AssertMustHaveBodyRequest {
     expected_body: Option<Vec<u8>>,
     headers: Headers,
@@ -734,6 +780,130 @@ fn test_load_sets_requests_cookies_header_for_url_by_getting_cookies_from_the_re
 }
 
 #[test]
+fn test_load_sends_cookie_if_nonhttp() {
+    let url = Url::parse("http://mozilla.com").unwrap();
+
+    let hsts_list = Arc::new(RwLock::new(HSTSList::new()));
+    let cookie_jar = Arc::new(RwLock::new(CookieStorage::new()));
+
+    {
+        let mut cookie_jar = cookie_jar.write().unwrap();
+        let cookie_url = url.clone();
+        let cookie = Cookie::new_wrapped(
+            CookiePair::new("mozillaIs".to_owned(), "theBest".to_owned()),
+            &cookie_url,
+            CookieSource::NonHTTP
+        ).unwrap();
+        cookie_jar.push(cookie, CookieSource::HTTP);
+    }
+
+    let mut load_data = LoadData::new(url, None);
+    load_data.data = Some(<[_]>::to_vec("Yay!".as_bytes()));
+
+    let mut headers = Headers::new();
+    headers.set_raw("Cookie".to_owned(), vec![<[_]>::to_vec("mozillaIs=theBest".as_bytes())]);
+
+    let _ = load::<AssertRequestMustIncludeHeaders>(
+        load_data.clone(), hsts_list, cookie_jar, None,
+        &AssertMustIncludeHeadersRequestFactory {
+            expected_headers: headers,
+            body: <[_]>::to_vec(&*load_data.data.unwrap())
+        }, DEFAULT_USER_AGENT.to_string());
+}
+
+#[test]
+fn test_cookie_set_with_httponly_should_not_be_available_using_getcookiesforurl() {
+    struct Factory;
+
+    impl HttpRequestFactory for Factory {
+        type R = MockRequest;
+
+        fn create(&self, _: Url, _: Method) -> Result<MockRequest, LoadError> {
+            let content = <[_]>::to_vec("Yay!".as_bytes());
+            let mut headers = Headers::new();
+            headers.set_raw("set-cookie", vec![b"mozillaIs=theBest; HttpOnly;".to_vec()]);
+            Ok(MockRequest::new(ResponseType::WithHeaders(content, headers)))
+        }
+    }
+
+    let url = Url::parse("http://mozilla.com").unwrap();
+
+    let hsts_list = Arc::new(RwLock::new(HSTSList::new()));
+    let cookie_jar = Arc::new(RwLock::new(CookieStorage::new()));
+
+    let load_data = LoadData::new(url.clone(), None);
+    let _ = load::<MockRequest>(load_data, hsts_list,
+                                cookie_jar.clone(),
+                                None,
+                                &Factory,
+                                DEFAULT_USER_AGENT.to_string());
+
+    let mut cookie_jar = cookie_jar.write().unwrap();
+    assert!(cookie_jar.cookies_for_url(&url, CookieSource::NonHTTP).is_none());
+}
+
+#[test]
+fn test_when_cookie_received_marked_secure_is_ignored_for_http() {
+    struct Factory;
+
+    impl HttpRequestFactory for Factory {
+        type R = MockRequest;
+
+        fn create(&self, _: Url, _: Method) -> Result<MockRequest, LoadError> {
+            let content = <[_]>::to_vec("Yay!".as_bytes());
+            let mut headers = Headers::new();
+            headers.set_raw("set-cookie", vec![b"mozillaIs=theBest; Secure;".to_vec()]);
+            Ok(MockRequest::new(ResponseType::WithHeaders(content, headers)))
+        }
+    }
+
+    let hsts_list = Arc::new(RwLock::new(HSTSList::new()));
+    let cookie_jar = Arc::new(RwLock::new(CookieStorage::new()));
+
+    let load_data = LoadData::new(Url::parse("http://mozilla.com").unwrap(), None);
+    let _ = load::<MockRequest>(load_data, hsts_list,
+                                cookie_jar.clone(),
+                                None,
+                                &Factory,
+                                DEFAULT_USER_AGENT.to_string());
+
+    assert_cookie_for_domain(cookie_jar, "http://mozilla.com", "");
+}
+
+#[test]
+fn test_when_cookie_set_marked_httpsonly_secure_isnt_sent_on_http_request() {
+
+    let sec_url = Url::parse("https://mozilla.com").unwrap();
+    let url = Url::parse("http://mozilla.com").unwrap();
+
+    let hsts_list = Arc::new(RwLock::new(HSTSList::new()));
+    let cookie_jar = Arc::new(RwLock::new(CookieStorage::new()));
+
+    {
+        let mut cookie_jar = cookie_jar.write().unwrap();
+        let cookie_url = sec_url.clone();
+        let cookie = Cookie::new_wrapped(
+            CookiePair::parse("mozillaIs=theBest; Secure;").unwrap(),
+            &cookie_url,
+            CookieSource::HTTP
+        ).unwrap();
+        cookie_jar.push(cookie, CookieSource::HTTP);
+    }
+
+    let mut load_data = LoadData::new(url, None);
+    load_data.data = Some(<[_]>::to_vec("Yay!".as_bytes()));
+
+    assert_cookie_for_domain(cookie_jar.clone(), "https://mozilla.com", "mozillaIs=theBest");
+
+    let _ = load::<AssertRequestMustNotHaveHeaders>(
+        load_data.clone(), hsts_list, cookie_jar, None,
+        &AssertMustNotHaveHeadersRequestFactory {
+            headers_not_expected: vec!["Cookie".to_owned()],
+            body: <[_]>::to_vec(&*load_data.data.unwrap())
+        }, DEFAULT_USER_AGENT.to_string());
+}
+
+#[test]
 fn test_load_sets_content_length_to_length_of_request_body() {
     let content = "This is a request body";
author	João Oliveira <hello@jxs.pt>	2015-11-10 01:32:41 +0000
committer	João Oliveira <hello@jxs.pt>	2015-11-12 14:12:08 +0000
commit	79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c (patch)
tree	e1ed6e62e89beadaf497f1ba9fdb1f3a17586570
parent	49d48a8680003267f29ebf8cd47c244b07f4c4d2 (diff)
download	servo-79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c.tar.gz servo-79fcd1da95b2076c5cf23cf28a0ecac7c1e93f4c.zip