search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Refactor connection_security into SecurityStateModel (patchset #17 id:36000...
[chromium-blink-merge.git] / net / cookies / canonical_cookie_unittest.cc
blob9b10d13ff3b7036ae73d9c244fa9ce20b62145da
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cookies/canonical_cookie.h"
6
7 #include "base/memory/scoped_ptr.h"
8 #include "net/cookies/cookie_constants.h"
9 #include "net/cookies/cookie_options.h"
10 #include "testing/gtest/include/gtest/gtest.h"
11 #include "url/gurl.h"
12
13 namespace net {
14
15 TEST(CanonicalCookieTest, Constructor) {
16 GURL url("http://www.example.com/test");
17 base::Time current_time = base::Time::Now();
18
19 CanonicalCookie cookie(url, "A", "2", "www.example.com", "/test",
20 current_time, base::Time(), current_time, false, false,
21 false, COOKIE_PRIORITY_DEFAULT);
22 EXPECT_EQ(url.GetOrigin(), cookie.Source());
23 EXPECT_EQ("A", cookie.Name());
24 EXPECT_EQ("2", cookie.Value());
25 EXPECT_EQ("www.example.com", cookie.Domain());
26 EXPECT_EQ("/test", cookie.Path());
27 EXPECT_FALSE(cookie.IsSecure());
28 EXPECT_FALSE(cookie.IsHttpOnly());
29 EXPECT_FALSE(cookie.IsFirstPartyOnly());
30
31 CanonicalCookie cookie2(url, "A", "2", std::string(), std::string(),
32 current_time, base::Time(), current_time, false,
33 false, false, COOKIE_PRIORITY_DEFAULT);
34 EXPECT_EQ(url.GetOrigin(), cookie.Source());
35 EXPECT_EQ("A", cookie2.Name());
36 EXPECT_EQ("2", cookie2.Value());
37 EXPECT_EQ("", cookie2.Domain());
38 EXPECT_EQ("", cookie2.Path());
39 EXPECT_FALSE(cookie2.IsSecure());
40 EXPECT_FALSE(cookie2.IsHttpOnly());
41 EXPECT_FALSE(cookie2.IsFirstPartyOnly());
42 }
43
44 TEST(CanonicalCookieTest, Create) {
45 // Test creating cookies from a cookie string.
46 GURL url("http://www.example.com/test/foo.html");
47 base::Time creation_time = base::Time::Now();
48 CookieOptions options;
49
50 scoped_ptr<CanonicalCookie> cookie(
51 CanonicalCookie::Create(url, "A=2", creation_time, options));
52 EXPECT_EQ(url.GetOrigin(), cookie->Source());
53 EXPECT_EQ("A", cookie->Name());
54 EXPECT_EQ("2", cookie->Value());
55 EXPECT_EQ("www.example.com", cookie->Domain());
56 EXPECT_EQ("/test", cookie->Path());
57 EXPECT_FALSE(cookie->IsSecure());
58
59 GURL url2("http://www.foo.com");
60 cookie.reset(CanonicalCookie::Create(url2, "B=1", creation_time, options));
61 EXPECT_EQ(url2.GetOrigin(), cookie->Source());
62 EXPECT_EQ("B", cookie->Name());
63 EXPECT_EQ("1", cookie->Value());
64 EXPECT_EQ("www.foo.com", cookie->Domain());
65 EXPECT_EQ("/", cookie->Path());
66 EXPECT_FALSE(cookie->IsSecure());
67
68 // Test creating secure cookies. RFC 6265 allows insecure urls to set secure
69 // cookies.
70 cookie.reset(
71 CanonicalCookie::Create(url, "A=2; Secure", creation_time, options));
72 EXPECT_TRUE(cookie.get());
73 EXPECT_TRUE(cookie->IsSecure());
74
75 // Test creating http only cookies.
76 cookie.reset(
77 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options));
78 EXPECT_FALSE(cookie.get());
79 CookieOptions httponly_options;
80 httponly_options.set_include_httponly();
81 cookie.reset(CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time,
82 httponly_options));
83 EXPECT_TRUE(cookie->IsHttpOnly());
84
85 // Test creating http only cookies.
86 CookieOptions first_party_options;
87 first_party_options.set_first_party_url(url);
88 cookie.reset(CanonicalCookie::Create(url, "A=2; First-Party-Only",
89 creation_time, httponly_options));
90 EXPECT_TRUE(cookie.get());
91 EXPECT_TRUE(cookie->IsFirstPartyOnly());
92
93 // Test the creating cookies using specific parameter instead of a cookie
94 // string.
95 cookie.reset(CanonicalCookie::Create(
96 url, "A", "2", "www.example.com", "/test", creation_time, base::Time(),
97 false, false, false, COOKIE_PRIORITY_DEFAULT));
98 EXPECT_EQ(url.GetOrigin(), cookie->Source());
99 EXPECT_EQ("A", cookie->Name());
100 EXPECT_EQ("2", cookie->Value());
101 EXPECT_EQ(".www.example.com", cookie->Domain());
102 EXPECT_EQ("/test", cookie->Path());
103 EXPECT_FALSE(cookie->IsSecure());
104 EXPECT_FALSE(cookie->IsHttpOnly());
105 EXPECT_FALSE(cookie->IsFirstPartyOnly());
106
107 cookie.reset(CanonicalCookie::Create(
108 url, "A", "2", ".www.example.com", "/test", creation_time, base::Time(),
109 false, false, false, COOKIE_PRIORITY_DEFAULT));
110 EXPECT_EQ(url.GetOrigin(), cookie->Source());
111 EXPECT_EQ("A", cookie->Name());
112 EXPECT_EQ("2", cookie->Value());
113 EXPECT_EQ(".www.example.com", cookie->Domain());
114 EXPECT_EQ("/test", cookie->Path());
115 EXPECT_FALSE(cookie->IsSecure());
116 EXPECT_FALSE(cookie->IsHttpOnly());
117 EXPECT_FALSE(cookie->IsFirstPartyOnly());
118 }
119
120 TEST(CanonicalCookieTest, EmptyExpiry) {
121 GURL url("http://www7.ipdl.inpit.go.jp/Tokujitu/tjkta.ipdl?N0000=108");
122 base::Time creation_time = base::Time::Now();
123 CookieOptions options;
124
125 std::string cookie_line =
126 "ACSTM=20130308043820420042; path=/; domain=ipdl.inpit.go.jp; Expires=";
127 scoped_ptr<CanonicalCookie> cookie(
128 CanonicalCookie::Create(url, cookie_line, creation_time, options));
129 EXPECT_TRUE(cookie.get());
130 EXPECT_FALSE(cookie->IsPersistent());
131 EXPECT_FALSE(cookie->IsExpired(creation_time));
132 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
133
134 // With a stale server time
135 options.set_server_time(creation_time - base::TimeDelta::FromHours(1));
136 cookie.reset(
137 CanonicalCookie::Create(url, cookie_line, creation_time, options));
138 EXPECT_TRUE(cookie.get());
139 EXPECT_FALSE(cookie->IsPersistent());
140 EXPECT_FALSE(cookie->IsExpired(creation_time));
141 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
142
143 // With a future server time
144 options.set_server_time(creation_time + base::TimeDelta::FromHours(1));
145 cookie.reset(
146 CanonicalCookie::Create(url, cookie_line, creation_time, options));
147 EXPECT_TRUE(cookie.get());
148 EXPECT_FALSE(cookie->IsPersistent());
149 EXPECT_FALSE(cookie->IsExpired(creation_time));
150 EXPECT_EQ(base::Time(), cookie->ExpiryDate());
151 }
152
153 TEST(CanonicalCookieTest, IsEquivalent) {
154 GURL url("http://www.example.com/");
155 std::string cookie_name = "A";
156 std::string cookie_value = "2EDA-EF";
157 std::string cookie_domain = ".www.example.com";
158 std::string cookie_path = "/";
159 base::Time creation_time = base::Time::Now();
160 base::Time last_access_time = creation_time;
161 base::Time expiration_time = creation_time + base::TimeDelta::FromDays(2);
162 bool secure(false);
163 bool httponly(false);
164 bool firstparty(false);
165
166 // Test that a cookie is equivalent to itself.
167 scoped_ptr<CanonicalCookie> cookie(new CanonicalCookie(
168 url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
169 expiration_time, last_access_time, secure, httponly, firstparty,
170 COOKIE_PRIORITY_MEDIUM));
171 EXPECT_TRUE(cookie->IsEquivalent(*cookie));
172
173 // Test that two identical cookies are equivalent.
174 scoped_ptr<CanonicalCookie> other_cookie(new CanonicalCookie(
175 url, cookie_name, cookie_value, cookie_domain, cookie_path, creation_time,
176 expiration_time, last_access_time, secure, httponly, firstparty,
177 COOKIE_PRIORITY_MEDIUM));
178 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
179
180 // Tests that use different variations of attribute values that
181 // DON'T affect cookie equivalence.
182 other_cookie.reset(
183 new CanonicalCookie(url, cookie_name, "2", cookie_domain, cookie_path,
184 creation_time, expiration_time, last_access_time,
185 secure, httponly, firstparty, COOKIE_PRIORITY_HIGH));
186 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
187
188 base::Time other_creation_time =
189 creation_time + base::TimeDelta::FromMinutes(2);
190 other_cookie.reset(new CanonicalCookie(
191 url, cookie_name, "2", cookie_domain, cookie_path, other_creation_time,
192 expiration_time, last_access_time, secure, httponly, firstparty,
193 COOKIE_PRIORITY_MEDIUM));
194 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
195
196 other_cookie.reset(new CanonicalCookie(
197 url, cookie_name, cookie_name, cookie_domain, cookie_path, creation_time,
198 expiration_time, last_access_time, true, httponly, firstparty,
199 COOKIE_PRIORITY_LOW));
200 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
201
202 other_cookie.reset(new CanonicalCookie(
203 url, cookie_name, cookie_name, cookie_domain, cookie_path, creation_time,
204 expiration_time, last_access_time, secure, true, firstparty,
205 COOKIE_PRIORITY_LOW));
206 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
207
208 other_cookie.reset(new CanonicalCookie(
209 url, cookie_name, cookie_name, cookie_domain, cookie_path, creation_time,
210 expiration_time, last_access_time, secure, httponly, true,
211 COOKIE_PRIORITY_LOW));
212 EXPECT_TRUE(cookie->IsEquivalent(*other_cookie));
213
214 // Tests that use different variations of attribute values that
215 // DO affect cookie equivalence.
216 other_cookie.reset(new CanonicalCookie(
217 url, "B", cookie_value, cookie_domain, cookie_path, creation_time,
218 expiration_time, last_access_time, secure, httponly, firstparty,
219 COOKIE_PRIORITY_MEDIUM));
220 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
221
222 other_cookie.reset(new CanonicalCookie(
223 url, cookie_name, cookie_value, "www.example.com", cookie_path,
224 creation_time, expiration_time, last_access_time, secure, httponly,
225 firstparty, COOKIE_PRIORITY_MEDIUM));
226 EXPECT_TRUE(cookie->IsDomainCookie());
227 EXPECT_FALSE(other_cookie->IsDomainCookie());
228 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
229
230 other_cookie.reset(new CanonicalCookie(
231 url, cookie_name, cookie_value, ".example.com", cookie_path,
232 creation_time, expiration_time, last_access_time, secure, httponly,
233 firstparty, COOKIE_PRIORITY_MEDIUM));
234 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
235
236 other_cookie.reset(new CanonicalCookie(
237 url, cookie_name, cookie_value, cookie_domain, "/test/0", creation_time,
238 expiration_time, last_access_time, secure, httponly, firstparty,
239 COOKIE_PRIORITY_MEDIUM));
240 EXPECT_FALSE(cookie->IsEquivalent(*other_cookie));
241 }
242
243 TEST(CanonicalCookieTest, IsDomainMatch) {
244 GURL url("http://www.example.com/test/foo.html");
245 base::Time creation_time = base::Time::Now();
246 CookieOptions options;
247
248 scoped_ptr<CanonicalCookie> cookie(
249 CanonicalCookie::Create(url, "A=2", creation_time, options));
250 EXPECT_TRUE(cookie->IsHostCookie());
251 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
252 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
253 EXPECT_FALSE(cookie->IsDomainMatch("foo.www.example.com"));
254 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
255 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
256
257 cookie.reset(CanonicalCookie::Create(url, "A=2; Domain=www.example.com",
258 creation_time, options));
259 EXPECT_TRUE(cookie->IsDomainCookie());
260 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
261 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
262 EXPECT_TRUE(cookie->IsDomainMatch("foo.www.example.com"));
263 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
264 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
265
266 cookie.reset(CanonicalCookie::Create(url, "A=2; Domain=.www.example.com",
267 creation_time, options));
268 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
269 EXPECT_TRUE(cookie->IsDomainMatch("www.example.com"));
270 EXPECT_TRUE(cookie->IsDomainMatch("foo.www.example.com"));
271 EXPECT_FALSE(cookie->IsDomainMatch("www0.example.com"));
272 EXPECT_FALSE(cookie->IsDomainMatch("example.com"));
273 }
274
275 TEST(CanonicalCookieTest, IsOnPath) {
276 base::Time creation_time = base::Time::Now();
277 CookieOptions options;
278
279 scoped_ptr<CanonicalCookie> cookie(CanonicalCookie::Create(
280 GURL("http://www.example.com"), "A=2", creation_time, options));
281 EXPECT_TRUE(cookie->IsOnPath("/"));
282 EXPECT_TRUE(cookie->IsOnPath("/test"));
283 EXPECT_TRUE(cookie->IsOnPath("/test/bar.html"));
284
285 // Test the empty string edge case.
286 EXPECT_FALSE(cookie->IsOnPath(std::string()));
287
288 cookie.reset(
289 CanonicalCookie::Create(GURL("http://www.example.com/test/foo.html"),
290 "A=2", creation_time, options));
291 EXPECT_FALSE(cookie->IsOnPath("/"));
292 EXPECT_TRUE(cookie->IsOnPath("/test"));
293 EXPECT_TRUE(cookie->IsOnPath("/test/bar.html"));
294 EXPECT_TRUE(cookie->IsOnPath("/test/sample/bar.html"));
295 }
296
297 TEST(CanonicalCookieTest, IncludeForRequestURL) {
298 GURL url("http://www.example.com");
299 base::Time creation_time = base::Time::Now();
300 CookieOptions options;
301
302 scoped_ptr<CanonicalCookie> cookie(
303 CanonicalCookie::Create(url, "A=2", creation_time, options));
304 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
305 EXPECT_TRUE(cookie->IncludeForRequestURL(
306 GURL("http://www.example.com/foo/bar"), options));
307 EXPECT_TRUE(cookie->IncludeForRequestURL(
308 GURL("https://www.example.com/foo/bar"), options));
309 EXPECT_FALSE(
310 cookie->IncludeForRequestURL(GURL("https://sub.example.com"), options));
311 EXPECT_FALSE(cookie->IncludeForRequestURL(GURL("https://sub.www.example.com"),
312 options));
313
314 // Test that cookie with a cookie path that does not match the url path are
315 // not included.
316 cookie.reset(CanonicalCookie::Create(url, "A=2; Path=/foo/bar", creation_time,
317 options));
318 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
319 EXPECT_TRUE(cookie->IncludeForRequestURL(
320 GURL("http://www.example.com/foo/bar/index.html"), options));
321
322 // Test that a secure cookie is not included for a non secure URL.
323 GURL secure_url("https://www.example.com");
324 cookie.reset(CanonicalCookie::Create(secure_url, "A=2; Secure", creation_time,
325 options));
326 EXPECT_TRUE(cookie->IsSecure());
327 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
328 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
329
330 // Test that http only cookies are only included if the include httponly flag
331 // is set on the cookie options.
332 options.set_include_httponly();
333 cookie.reset(
334 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options));
335 EXPECT_TRUE(cookie->IsHttpOnly());
336 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
337 options.set_exclude_httponly();
338 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
339 }
340
341 TEST(CanonicalCookieTest, IncludeFirstPartyForFirstPartyURL) {
342 GURL insecure_url("http://example.test");
343 GURL secure_url("https://example.test");
344 GURL secure_url_with_path("https://example.test/foo/bar/index.html");
345 GURL third_party_url("https://not-example.test");
346 base::Time creation_time = base::Time::Now();
347 CookieOptions options;
348 scoped_ptr<CanonicalCookie> cookie;
349
350 // First-party-only cookies are not inlcuded if a top-level URL is unset.
351 cookie.reset(CanonicalCookie::Create(secure_url, "A=2; First-Party-Only",
352 creation_time, options));
353 EXPECT_TRUE(cookie->IsFirstPartyOnly());
354 options.set_first_party_url(GURL());
355 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
356
357 // First-party-only cookies are included only if the cookie's origin matches
358 // the
359 // first-party origin.
360 options.set_first_party_url(secure_url);
361 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
362 options.set_first_party_url(insecure_url);
363 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
364 options.set_first_party_url(third_party_url);
365 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
366
367 // "First-Party-Only" doesn't override the 'secure' flag.
368 cookie.reset(CanonicalCookie::Create(
369 secure_url, "A=2; Secure; First-Party-Only", creation_time, options));
370 options.set_first_party_url(secure_url);
371 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options));
372 EXPECT_FALSE(cookie->IncludeForRequestURL(insecure_url, options));
373 options.set_first_party_url(insecure_url);
374 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
375 EXPECT_FALSE(cookie->IncludeForRequestURL(insecure_url, options));
376
377 // "First-Party-Only" doesn't override the 'path' flag.
378 cookie.reset(CanonicalCookie::Create(secure_url_with_path,
379 "A=2; First-Party-Only; path=/foo/bar",
380 creation_time, options));
381 options.set_first_party_url(secure_url_with_path);
382 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options));
383 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
384 options.set_first_party_url(secure_url);
385 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options));
386 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
387 }
388
389 TEST(CanonicalCookieTest, PartialCompare) {
390 GURL url("http://www.example.com");
391 base::Time creation_time = base::Time::Now();
392 CookieOptions options;
393 scoped_ptr<CanonicalCookie> cookie(
394 CanonicalCookie::Create(url, "a=b", creation_time, options));
395 scoped_ptr<CanonicalCookie> cookie_different_path(
396 CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
397 scoped_ptr<CanonicalCookie> cookie_different_value(
398 CanonicalCookie::Create(url, "a=c", creation_time, options));
399
400 // Cookie is equivalent to itself.
401 EXPECT_FALSE(cookie->PartialCompare(*cookie));
402
403 // Changing the path affects the ordering.
404 EXPECT_TRUE(cookie->PartialCompare(*cookie_different_path));
405 EXPECT_FALSE(cookie_different_path->PartialCompare(*cookie));
406
407 // Changing the value does not affect the ordering.
408 EXPECT_FALSE(cookie->PartialCompare(*cookie_different_value));
409 EXPECT_FALSE(cookie_different_value->PartialCompare(*cookie));
410
411 // Cookies identical for PartialCompare() are equivalent.
412 EXPECT_TRUE(cookie->IsEquivalent(*cookie_different_value));
413 EXPECT_TRUE(cookie->IsEquivalent(*cookie));
414 }
415
416 TEST(CanonicalCookieTest, FullCompare) {
417 GURL url("http://www.example.com");
418 base::Time creation_time = base::Time::Now();
419 CookieOptions options;
420 scoped_ptr<CanonicalCookie> cookie(
421 CanonicalCookie::Create(url, "a=b", creation_time, options));
422 scoped_ptr<CanonicalCookie> cookie_different_path(
423 CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
424 scoped_ptr<CanonicalCookie> cookie_different_value(
425 CanonicalCookie::Create(url, "a=c", creation_time, options));
426
427 // Cookie is equivalent to itself.
428 EXPECT_FALSE(cookie->FullCompare(*cookie));
429
430 // Changing the path affects the ordering.
431 EXPECT_TRUE(cookie->FullCompare(*cookie_different_path));
432 EXPECT_FALSE(cookie_different_path->FullCompare(*cookie));
433
434 // Changing the value affects the ordering.
435 EXPECT_TRUE(cookie->FullCompare(*cookie_different_value));
436 EXPECT_FALSE(cookie_different_value->FullCompare(*cookie));
437
438 // FullCompare() implies PartialCompare().
439 auto check_consistency =
440 [](const CanonicalCookie& a, const CanonicalCookie& b) {
441 if (a.FullCompare(b))
442 EXPECT_FALSE(b.PartialCompare(a));
443 else if (b.FullCompare(a))
444 EXPECT_FALSE(a.PartialCompare(b));
445 };
446
447 check_consistency(*cookie, *cookie_different_path);
448 check_consistency(*cookie, *cookie_different_value);
449 check_consistency(*cookie_different_path, *cookie_different_value);
450 }
451
452 } // namespace net