68 lines
1.6 KiB
Go
68 lines
1.6 KiB
Go
// Copyright (c) 2023 The Decred developers
|
|
// Use of this source code is governed by an ISC
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package webapi
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/gorilla/sessions"
|
|
)
|
|
|
|
// NOTE: This test does not test any vspd code.
|
|
//
|
|
// If the cookie store secret changes unexpectedly (common during development)
|
|
// the securecookie library returns an error with a hard-coded, non-exported
|
|
// string.
|
|
//
|
|
// "securecookie: the value is not valid"
|
|
//
|
|
// TestCookieSecretError ensures the string returned by the lib does not change,
|
|
// which is important because vspd checks for the error using string comparison.
|
|
func TestCookieSecretError(t *testing.T) {
|
|
|
|
// Create a cookie store, get a cookie from it.
|
|
|
|
store := sessions.NewCookieStore([]byte("first secret"))
|
|
|
|
req, err := http.NewRequest(http.MethodPost, "/", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
session, err := store.Get(req, "key")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
w := httptest.NewRecorder()
|
|
err = store.Save(req, w, session)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
cookie := w.Result().Header["Set-Cookie"][0]
|
|
|
|
// Create another cookie store using a different secret, send cookie from
|
|
// first store to the new store, confirm error is correct.
|
|
|
|
store2 := sessions.NewCookieStore([]byte("second secret"))
|
|
|
|
req2, err := http.NewRequest(http.MethodPost, "/", nil)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
req2.Header.Add("Cookie", cookie)
|
|
|
|
_, err = store2.Get(req2, "key")
|
|
|
|
if !strings.Contains(err.Error(), invalidCookieErr) {
|
|
t.Fatalf("securecookie library returned unexpected error, wanted %q, got %q",
|
|
invalidCookieErr, err.Error())
|
|
}
|
|
}
|