Improve cookie attribute assertions.

2023-07-18 15:51:54 +12:00 · 2023-07-18 15:51:54 +12:00 · 8fbf70c889
parent b505e2358c
commit 8fbf70c889
4 changed files with 35 additions and 5 deletions
--- a/actionpack/test/abstract_unit.rb
+++ b/actionpack/test/abstract_unit.rb
@ -381,6 +381,7 @@ module CookieAssertions
      key.downcase!

      if value
+        value.downcase!
        attributes[key] = value
      else
        attributes[key] = true
@ -418,6 +419,35 @@ module CookieAssertions
    cookies
  end

+  def assert_set_cookie_attributes(name, attributes, header = @response.headers["Set-Cookie"])
+    cookies = parse_set_cookies_headers(header)
+    attributes = parse_set_cookie_attributes(attributes) if attributes.is_a?(String)
+
+    assert cookies.key?(name), "No cookie found with the name '#{name}', found cookies: #{cookies.keys.join(', ')}"
+    cookie = cookies[name]
+
+    attributes.each do |key, value|
+      assert cookie.key?(key), "No attribute '#{key}' found for cookie '#{name}'"
+      assert_equal value, cookie[key]
+    end
+  end
+
+  def assert_not_set_cookie_attributes(name, attributes, header = @response.headers["Set-Cookie"])
+    cookies = parse_set_cookies_headers(header)
+    attributes = parse_set_cookie_attributes(attributes) if attributes.is_a?(String)
+
+    assert cookies.key?(name), "No cookie found with the name '#{name}'"
+    cookie = cookies[name]
+
+    attributes.each do |key, value|
+      if value == true
+        assert_nil cookie[key]
+      else
+        assert_not_equal value, cookie[key]
+      end
+    end
+  end
+
  def assert_set_cookie_header(expected, header = @response.headers["Set-Cookie"])
    # In Rack v2, this is newline delimited. In Rack v3, this is an array.
    # Normalize the comparison so that we can assert equality in both cases.
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@ -1238,7 +1238,7 @@ class CookieCsrfTokenStorageStrategyControllerTest < ActionController::TestCase

  def test_csrf_token_cookie_has_same_site_lax
    get :cookie
-    assert_match "SameSite=Lax", @response.headers["Set-Cookie"]
+    assert_set_cookie_attributes("csrf_token", "SameSite=Lax")
  end

  include CookieAssertions
--- a/actionpack/test/dispatch/cookies_test.rb
+++ b/actionpack/test/dispatch/cookies_test.rb
@ -424,7 +424,7 @@ class CookiesTest < ActionController::TestCase
    error = assert_raise ArgumentError do
      get :authenticate
    end
-    assert_match "Invalid SameSite value: :funky", error.message
+    assert_match(/Invalid :?Same_?Site value: :funky/i, error.message)
  end

  def test_setting_cookie_with_same_site_strict
--- a/actionpack/test/dispatch/session/cookie_store_test.rb
+++ b/actionpack/test/dispatch/session/cookie_store_test.rb
@ -392,21 +392,21 @@ class CookieStoreTest < ActionDispatch::IntegrationTest
  test "default same_site derives SameSite from env" do
    with_test_route_set do
      get "/set_session_value"
-      assert_match %r/SameSite=Lax/, headers["Set-Cookie"]
+      assert_set_cookie_attributes("_myapp_session", "SameSite=Lax")
    end
  end

  test "explicit same_site sets SameSite" do
    with_test_route_set(same_site: :strict) do
      get "/set_session_value"
-      assert_match %r/SameSite=Strict/, headers["Set-Cookie"]
+      assert_set_cookie_attributes("_myapp_session", "SameSite=Strict")
    end
  end

  test "explicit nil same_site omits SameSite" do
    with_test_route_set(same_site: nil) do
      get "/set_session_value"
-      assert_no_match %r/SameSite=/, headers["Set-Cookie"]
+      assert_not_set_cookie_attributes("_myapp_session", "SameSite")
    end
  end