Allow Set-Cookie header to be overwritten in MockHttpServletResponse

Prior to this commit, there was no way to replace the Set-Cookie header
via MockHttpServletResponse. Specifically, an invocation of setHeader()
for the Set-Cookie header resulted in an additional Set-Cookie header
instead of replacing the existing one, which is in violation of the
contract for javax.servlet.http.HttpServletResponse.setHeader(...).

This commit refactors the internals of MockHttpServletResponse to ensure
that an existing Set-Cookie header is overwritten when set via an
invocation of setHeader(). This commit also verifies the expected
behavior for addHeader() and addCookie() with regard to multiple cookies.

Closes gh-23512
This commit is contained in:
Sam Brannen
2019-08-27 17:15:31 +02:00
parent 9d2a874e3f
commit 8189c90741
3 changed files with 108 additions and 24 deletions

View File

@@ -322,22 +322,36 @@ public class MockHttpServletResponseTests {
assertEquals(HttpServletResponse.SC_NOT_FOUND, response.getStatus());
}
/**
* @since 5.1.10
*/
@Test
public void setCookieHeaderValid() {
response.addHeader(HttpHeaders.SET_COOKIE, "SESSION=123; Path=/; Secure; HttpOnly; SameSite=Lax");
Cookie cookie = response.getCookie("SESSION");
assertNotNull(cookie);
assertTrue(cookie instanceof MockCookie);
assertEquals("SESSION", cookie.getName());
assertEquals("123", cookie.getValue());
assertEquals("/", cookie.getPath());
assertTrue(cookie.getSecure());
assertTrue(cookie.isHttpOnly());
assertEquals("Lax", ((MockCookie) cookie).getSameSite());
public void setCookieHeader() {
response.setHeader(HttpHeaders.SET_COOKIE, "SESSION=123; Path=/; Secure; HttpOnly; SameSite=Lax");
assertNumCookies(1);
assertPrimarySessionCookie("123");
// Setting the Set-Cookie header a 2nd time should overwrite the previous value
response.setHeader(HttpHeaders.SET_COOKIE, "SESSION=999; Path=/; Secure; HttpOnly; SameSite=Lax");
assertNumCookies(1);
assertPrimarySessionCookie("999");
}
@Test
public void addMockCookie() {
public void addCookieHeader() {
response.addHeader(HttpHeaders.SET_COOKIE, "SESSION=123; Path=/; Secure; HttpOnly; SameSite=Lax");
assertNumCookies(1);
assertPrimarySessionCookie("123");
// Adding a 2nd cookie header should result in 2 cookies.
response.addHeader(HttpHeaders.SET_COOKIE, "SESSION=999; Path=/; Secure; HttpOnly; SameSite=Lax");
assertNumCookies(2);
assertPrimarySessionCookie("123");
assertCookieValues("123", "999");
}
@Test
public void addCookie() {
MockCookie mockCookie = new MockCookie("SESSION", "123");
mockCookie.setPath("/");
mockCookie.setDomain("example.com");
@@ -348,9 +362,35 @@ public class MockHttpServletResponseTests {
response.addCookie(mockCookie);
assertNumCookies(1);
assertEquals("SESSION=123; Path=/; Domain=example.com; Max-Age=0; " +
"Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=Lax",
response.getHeader(HttpHeaders.SET_COOKIE));
// Adding a 2nd Cookie should result in 2 Cookies.
response.addCookie(new MockCookie("SESSION", "999"));
assertNumCookies(2);
assertCookieValues("123", "999");
}
private void assertNumCookies(int expected) {
assertEquals(expected, this.response.getCookies().length);
}
private void assertCookieValues(String... expected) {
assertArrayEquals(expected, Arrays.stream(response.getCookies()).map(Cookie::getValue).toArray());
}
private void assertPrimarySessionCookie(String expectedValue) {
Cookie cookie = this.response.getCookie("SESSION");
assertNotNull(cookie);
assertTrue(cookie instanceof MockCookie);
assertEquals("SESSION", cookie.getName());
assertEquals(expectedValue, cookie.getValue());
assertEquals("/", cookie.getPath());
assertTrue(cookie.getSecure());
assertTrue(cookie.isHttpOnly());
assertEquals("Lax", ((MockCookie) cookie).getSameSite());
}
}