1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cookies/canonical_cookie.h"
6
7 #include "base/memory/scoped_ptr.h"
8 #include "net/cookies/cookie_constants.h"
9 #include "net/cookies/cookie_options.h"
10 #include "testing/gtest/include/gtest/gtest.h"
11 #include "url/gurl.h"
12
13 namespace net {
14
TEST(CanonicalCookieTest,GetCookieSourceFromURL)15 TEST(CanonicalCookieTest, GetCookieSourceFromURL) {
16 EXPECT_EQ("http://example.com/",
17 CanonicalCookie::GetCookieSourceFromURL(
18 GURL("http://example.com")));
19 EXPECT_EQ("http://example.com/",
20 CanonicalCookie::GetCookieSourceFromURL(
21 GURL("http://example.com/")));
22 EXPECT_EQ("http://example.com/",
23 CanonicalCookie::GetCookieSourceFromURL(
24 GURL("http://example.com/test")));
25 EXPECT_EQ("file:///tmp/test.html",
26 CanonicalCookie::GetCookieSourceFromURL(
27 GURL("file:///tmp/test.html")));
28 EXPECT_EQ("http://example.com/",
29 CanonicalCookie::GetCookieSourceFromURL(
30 GURL("http://example.com:1234/")));
31 EXPECT_EQ("http://example.com/",
32 CanonicalCookie::GetCookieSourceFromURL(
33 GURL("https://example.com/")));
34 EXPECT_EQ("http://example.com/",
35 CanonicalCookie::GetCookieSourceFromURL(
36 GURL("http://user:pwd@example.com/")));
37 EXPECT_EQ("http://example.com/",
38 CanonicalCookie::GetCookieSourceFromURL(
39 GURL("http://example.com/test?foo")));
40 EXPECT_EQ("http://example.com/",
41 CanonicalCookie::GetCookieSourceFromURL(
42 GURL("http://example.com/test#foo")));
43 }
44
TEST(CanonicalCookieTest,Constructor)45 TEST(CanonicalCookieTest, Constructor) {
46 GURL url("http://www.example.com/test");
47 base::Time current_time = base::Time::Now();
48
49 CanonicalCookie cookie(url, "A", "2", "www.example.com", "/test",
50 current_time, base::Time(), current_time, false, false,
51 COOKIE_PRIORITY_DEFAULT);
52 EXPECT_EQ(url.GetOrigin().spec(), cookie.Source());
53 EXPECT_EQ("A", cookie.Name());
54 EXPECT_EQ("2", cookie.Value());
55 EXPECT_EQ("www.example.com", cookie.Domain());
56 EXPECT_EQ("/test", cookie.Path());
57 EXPECT_FALSE(cookie.IsSecure());
58
59 CanonicalCookie cookie2(url,
60 "A",
61 "2",
62 std::string(),
63 std::string(),
64 current_time,
65 base::Time(),
66 current_time,
67 false,
68 false,
69 COOKIE_PRIORITY_DEFAULT);
70 EXPECT_EQ(url.GetOrigin().spec(), cookie.Source());
71 EXPECT_EQ("A", cookie2.Name());
72 EXPECT_EQ("2", cookie2.Value());
73 EXPECT_EQ("", cookie2.Domain());
74 EXPECT_EQ("", cookie2.Path());
75 EXPECT_FALSE(cookie2.IsSecure());
76
77 }
78
TEST(CanonicalCookieTest,Create)79 TEST(CanonicalCookieTest, Create) {
80 // Test creating cookies from a cookie string.
81 GURL url("http://www.example.com/test/foo.html");
82 base::Time creation_time = base::Time::Now();
83 CookieOptions options;
84
85 scoped_ptr<CanonicalCookie> cookie(
86 CanonicalCookie::Create(url, "A=2", creation_time, options));
87 EXPECT_EQ(url.GetOrigin().spec(), cookie->Source());
88 EXPECT_EQ("A", cookie->Name());
89 EXPECT_EQ("2", cookie->Value());
90 EXPECT_EQ("www.example.com", cookie->Domain());
91 EXPECT_EQ("/test", cookie->Path());
92 EXPECT_FALSE(cookie->IsSecure());
93
94 GURL url2("http://www.foo.com");
95 cookie.reset(CanonicalCookie::Create(url2, "B=1", creation_time, options));
96 EXPECT_EQ(url2.GetOrigin().spec(), cookie->Source());
97 EXPECT_EQ("B", cookie->Name());
98 EXPECT_EQ("1", cookie->Value());
99 EXPECT_EQ("www.foo.com", cookie->Domain());
100 EXPECT_EQ("/", cookie->Path());
101 EXPECT_FALSE(cookie->IsSecure());
102
103 // Test creating secure cookies. RFC 6265 allows insecure urls to set secure
104 // cookies.
105 cookie.reset(
106 CanonicalCookie::Create(url, "A=2; Secure", creation_time, options));
107 EXPECT_TRUE(cookie.get());
108 EXPECT_TRUE(cookie->IsSecure());
109
110 // Test creating http only cookies.
111 cookie.reset(
112 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options));
113 EXPECT_FALSE(cookie.get());
114 CookieOptions httponly_options;
115 httponly_options.set_include_httponly();
116 cookie.reset(
117 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time,
118 httponly_options));
119 EXPECT_TRUE(cookie->IsHttpOnly());
120
121 // Test the creating cookies using specific parameter instead of a cookie
122 // string.
123 cookie.reset(CanonicalCookie::Create(
124 url, "A", "2", "www.example.com", "/test", creation_time, base::Time(),
125 false, false, COOKIE_PRIORITY_DEFAULT));
126 EXPECT_EQ(url.GetOrigin().spec(), cookie->Source());
127 EXPECT_EQ("A", cookie->Name());
128 EXPECT_EQ("2", cookie->Value());
129 EXPECT_EQ(".www.example.com", cookie->Domain());
130 EXPECT_EQ("/test", cookie->Path());
131 EXPECT_FALSE(cookie->IsSecure());
132
133 cookie.reset(CanonicalCookie::Create(
134 url, "A", "2", ".www.example.com", "/test", creation_time, base::Time(),
135 false, false, COOKIE_PRIORITY_DEFAULT));
136 EXPECT_EQ(url.GetOrigin().spec(), cookie->Source());
137 EXPECT_EQ("A", cookie->Name());
138 EXPECT_EQ("2", cookie->Value());
139 EXPECT_EQ(".www.example.com", cookie->Domain());
140 EXPECT_EQ("/test", cookie->Path());
141 EXPECT_FALSE(cookie->IsSecure());
142 }
143
TEST(CanonicalCookieTest,EmptyExpiry)144 TEST(CanonicalCookieTest, EmptyExpiry) {
145 GURL url("http://www7.ipdl.inpit.go.jp/Tokujitu/tjkta.ipdl?N0000=108");
146 base::Time creation_time = base::Time::Now();
147 CookieOptions options;
148
149 std::string cookie_line =
150 "ACSTM=20130308043820420042; path=/; domain=ipdl.inpit.go.jp; Expires=";
151 scoped_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
152 url, cookie_line, creation_time, options));
153 EXPECT_TRUE(cookie.get());
154 EXPECT_FALSE(cookie->IsPersistent());
155 EXPECT_FALSE(cookie->IsExpired(creation_time));
156 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
157
158 // With a stale server time
159 options.set_server_time(creation_time - base::TimeDelta::FromHours(1));
160 cookie.reset(CanonicalCookie::Create(
161 url, cookie_line, creation_time, options));
162 EXPECT_TRUE(cookie.get());
163 EXPECT_FALSE(cookie->IsPersistent());
164 EXPECT_FALSE(cookie->IsExpired(creation_time));
165 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
166
167 // With a future server time
168 options.set_server_time(creation_time + base::TimeDelta::FromHours(1));
169 cookie.reset(CanonicalCookie::Create(
170 url, cookie_line, creation_time, options));
171 EXPECT_TRUE(cookie.get());
172 EXPECT_FALSE(cookie->IsPersistent());
173 EXPECT_FALSE(cookie->IsExpired(creation_time));
174 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
175 }
176
TEST(CanonicalCookieTest,IsEquivalent)177 TEST(CanonicalCookieTest, IsEquivalent) {
178 GURL url("http://www.example.com/");
179 std::string cookie_name = "A";
180 std::string cookie_value = "2EDA-EF";
181 std::string cookie_domain = ".www.example.com";
182 std::string cookie_path = "/";
183 base::Time creation_time = base::Time::Now();
184 base::Time last_access_time = creation_time;
185 base::Time expiration_time = creation_time + base::TimeDelta::FromDays(2);
186 bool secure(false);
187 bool httponly(false);
188
189 // Test that a cookie is equivalent to itself.
190 scoped_ptr<CanonicalCookie> cookie(
191 new CanonicalCookie(url, cookie_name, cookie_value, cookie_domain,
192 cookie_path, creation_time, expiration_time,
193 last_access_time, secure, httponly,
194 COOKIE_PRIORITY_MEDIUM));
195 EXPECT_TRUE(cookie->IsEquivalent(*cookie));
196
197 // Test that two identical cookies are equivalent.
198 scoped_ptr<CanonicalCookie> other_cookie(
199 new CanonicalCookie(url, cookie_name, cookie_value, cookie_domain,
200 cookie_path, creation_time, expiration_time,
201 last_access_time, secure, httponly,
202 COOKIE_PRIORITY_MEDIUM));
203 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
204
205 // Tests that use different variations of attribute values that
206 // DON'T affect cookie equivalence.
207 other_cookie.reset(new CanonicalCookie(url, cookie_name, "2", cookie_domain,
208 cookie_path, creation_time,
209 expiration_time, last_access_time,
210 secure, httponly,
211 COOKIE_PRIORITY_HIGH));
212 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
213
214 base::Time other_creation_time =
215 creation_time + base::TimeDelta::FromMinutes(2);
216 other_cookie.reset(new CanonicalCookie(url, cookie_name, "2", cookie_domain,
217 cookie_path, other_creation_time,
218 expiration_time, last_access_time,
219 secure, httponly,
220 COOKIE_PRIORITY_MEDIUM));
221 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
222
223 other_cookie.reset(new CanonicalCookie(url, cookie_name, cookie_name,
224 cookie_domain, cookie_path,
225 creation_time, expiration_time,
226 last_access_time, true, httponly,
227 COOKIE_PRIORITY_LOW));
228 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
229
230 // Tests that use different variations of attribute values that
231 // DO affect cookie equivalence.
232 other_cookie.reset(new CanonicalCookie(url, "B", cookie_value, cookie_domain,
233 cookie_path, creation_time,
234 expiration_time, last_access_time,
235 secure, httponly,
236 COOKIE_PRIORITY_MEDIUM));
237 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
238
239 other_cookie.reset(new CanonicalCookie(url, cookie_name, cookie_value,
240 "www.example.com", cookie_path,
241 creation_time, expiration_time,
242 last_access_time, secure, httponly,
243 COOKIE_PRIORITY_MEDIUM));
244 EXPECT_TRUE(cookie->IsDomainCookie());
245 EXPECT_FALSE(other_cookie->IsDomainCookie());
246 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
247
248 other_cookie.reset(new CanonicalCookie(url, cookie_name, cookie_value,
249 ".example.com", cookie_path,
250 creation_time, expiration_time,
251 last_access_time, secure, httponly,
252 COOKIE_PRIORITY_MEDIUM));
253 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
254
255 other_cookie.reset(new CanonicalCookie(url, cookie_name, cookie_value,
256 cookie_domain, "/test/0",
257 creation_time, expiration_time,
258 last_access_time, secure, httponly,
259 COOKIE_PRIORITY_MEDIUM));
260 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
261 }
262
TEST(CanonicalCookieTest,IsDomainMatch)263 TEST(CanonicalCookieTest, IsDomainMatch) {
264 GURL url("http://www.example.com/test/foo.html");
265 base::Time creation_time = base::Time::Now();
266 CookieOptions options;
267
268 scoped_ptr<CanonicalCookie> cookie(
269 CanonicalCookie::Create(url, "A=2", creation_time, options));
270 EXPECT_TRUE(cookie->IsHostCookie());
271 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
272 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
273 EXPECT_FALSE(cookie->IsDomainMatch("foo.www.example.com"));
274 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
275 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
276
277 cookie.reset(
278 CanonicalCookie::Create(url, "A=2; Domain=www.example.com", creation_time,
279 options));
280 EXPECT_TRUE(cookie->IsDomainCookie());
281 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
282 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
283 EXPECT_TRUE(cookie->IsDomainMatch("foo.www.example.com"));
284 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
285 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
286
287 cookie.reset(
288 CanonicalCookie::Create(url, "A=2; Domain=.www.example.com",
289 creation_time, options));
290 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
291 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
292 EXPECT_TRUE(cookie->IsDomainMatch("foo.www.example.com"));
293 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
294 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
295 }
296
TEST(CanonicalCookieTest,IsOnPath)297 TEST(CanonicalCookieTest, IsOnPath) {
298 base::Time creation_time = base::Time::Now();
299 CookieOptions options;
300
301 scoped_ptr<CanonicalCookie> cookie(
302 CanonicalCookie::Create(GURL("http://www.example.com"),
303 "A=2", creation_time, options));
304 EXPECT_TRUE(cookie->IsOnPath("/"));
305 EXPECT_TRUE(cookie->IsOnPath("/test"));
306 EXPECT_TRUE(cookie->IsOnPath("/test/bar.html"));
307
308 // Test the empty string edge case.
309 EXPECT_FALSE(cookie->IsOnPath(std::string()));
310
311 cookie.reset(
312 CanonicalCookie::Create(GURL("http://www.example.com/test/foo.html"),
313 "A=2", creation_time, options));
314 EXPECT_FALSE(cookie->IsOnPath("/"));
315 EXPECT_TRUE(cookie->IsOnPath("/test"));
316 EXPECT_TRUE(cookie->IsOnPath("/test/bar.html"));
317 EXPECT_TRUE(cookie->IsOnPath("/test/sample/bar.html"));
318 }
319
TEST(CanonicalCookieTest,IncludeForRequestURL)320 TEST(CanonicalCookieTest, IncludeForRequestURL) {
321 GURL url("http://www.example.com");
322 base::Time creation_time = base::Time::Now();
323 CookieOptions options;
324
325 scoped_ptr<CanonicalCookie> cookie(
326 CanonicalCookie::Create(url, "A=2", creation_time, options));
327 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
328 EXPECT_TRUE(cookie->IncludeForRequestURL(
329 GURL("http://www.example.com/foo/bar"), options));
330 EXPECT_TRUE(cookie->IncludeForRequestURL(
331 GURL("https://www.example.com/foo/bar"), options));
332 EXPECT_FALSE(cookie->IncludeForRequestURL(GURL("https://sub.example.com"),
333 options));
334 EXPECT_FALSE(cookie->IncludeForRequestURL(GURL("https://sub.www.example.com"),
335 options));
336
337 // Test that cookie with a cookie path that does not match the url path are
338 // not included.
339 cookie.reset(CanonicalCookie::Create(url, "A=2; Path=/foo/bar", creation_time,
340 options));
341 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
342 EXPECT_TRUE(cookie->IncludeForRequestURL(
343 GURL("http://www.example.com/foo/bar/index.html"), options));
344
345 // Test that a secure cookie is not included for a non secure URL.
346 GURL secure_url("https://www.example.com");
347 cookie.reset(CanonicalCookie::Create(secure_url, "A=2; Secure", creation_time,
348 options));
349 EXPECT_TRUE(cookie->IsSecure());
350 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
351 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
352
353 // Test that http only cookies are only included if the include httponly flag
354 // is set on the cookie options.
355 options.set_include_httponly();
356 cookie.reset(
357 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options));
358 EXPECT_TRUE(cookie->IsHttpOnly());
359 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
360 options.set_exclude_httponly();
361 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
362 }
363
364 } // namespace net
365