commit 5cf65e941f371be40ab9be0dd82ee4b39cad5e4d · anil.recoil.org/ocaml-cookeio

+22 -12

lib/core/cookeio.ml

···

       40
       40
        
         secure : bool;

     

       41
       41
        
         http_only : bool;

     

       42
       42
        
         partitioned : bool;

     

       43
       43
       +
         host_only : bool;

     

       43
       44
        
         expires : Expiration.t option;

     

       44
       45
        
         max_age : Ptime.Span.t option;

     

       45
       46
        
         same_site : SameSite.t option;

     
···

       67
       68
        
       let secure cookie = cookie.secure

     

       68
       69
        
       let http_only cookie = cookie.http_only

     

       69
       70
        
       let partitioned cookie = cookie.partitioned

     

       71
       71
       +
       let host_only cookie = cookie.host_only

     

       70
       72
        
       let expires cookie = cookie.expires

     

       71
       73
        
       let max_age cookie = cookie.max_age

     

       72
       74
        
       let same_site cookie = cookie.same_site

     
···

       74
       76
        
       let last_access cookie = cookie.last_access

     

       75
       77
        
       

     

       76
       78
        
       let make ~domain ~path ~name ~value ?(secure = false) ?(http_only = false)

     

       77
       77
       -
           ?expires ?max_age ?same_site ?(partitioned = false) ~creation_time

     

       78
       78
       -
           ~last_access () =

     

       79
       79
       +
           ?expires ?max_age ?same_site ?(partitioned = false) ?(host_only = false)

     

       80
       80
       +
           ~creation_time ~last_access () =

     

       79
       81
        
         {

     

       80
       82
        
           domain;

     

       81
       83
        
           path;

     
···

       84
       86
        
           secure;

     

       85
       87
        
           http_only;

     

       86
       88
        
           partitioned;

     

       89
       89
       +
           host_only;

     

       87
       90
        
           expires;

     

       88
       91
        
           max_age;

     

       89
       92
        
           same_site;

     
···

       304
       307
        
         in

     

       305
       308
        
         samesite_valid && partitioned_valid

     

       306
       309
        
       

     

       307
       307
       -
       (** Build final cookie from name/value and accumulated attributes *)

     

       310
       310
       +
       (** Build final cookie from name/value and accumulated attributes.

     

       311
       311
       +
           Per RFC 6265 Section 5.3:

     

       312
       312
       +
           - If Domain attribute is present, host_only = false, domain = attribute value

     

       313
       313
       +
           - If Domain attribute is absent, host_only = true, domain = request host *)

     

       308
       314
        
       let build_cookie ~request_domain ~request_path ~name ~value attrs ~now =

     

       309
       309
       -
         let domain =

     

       310
       310
       -
           normalize_domain (Option.value attrs.domain ~default:request_domain)

     

       315
       315
       +
         let host_only, domain =

     

       316
       316
       +
           match attrs.domain with

     

       317
       317
       +
           | Some d -> (false, normalize_domain d)

     

       318
       318
       +
           | None -> (true, request_domain)

     

       311
       319
        
         in

     

       312
       320
        
         let path = Option.value attrs.path ~default:request_path in

     

       313
       321
        
         make ~domain ~path ~name ~value ~secure:attrs.secure

     

       314
       322
        
           ~http_only:attrs.http_only ?expires:attrs.expires ?max_age:attrs.max_age

     

       315
       315
       -
           ?same_site:attrs.same_site ~partitioned:attrs.partitioned ~creation_time:now

     

       316
       316
       -
           ~last_access:now ()

     

       323
       323
       +
           ?same_site:attrs.same_site ~partitioned:attrs.partitioned ~host_only

     

       324
       324
       +
           ~creation_time:now ~last_access:now ()

     

       317
       325
        
       

     

       318
       326
        
       (** {1 Pretty Printing} *)

     

       319
       327
        
       

     

       320
       328
        
       let pp ppf cookie =

     

       321
       329
        
         Format.fprintf ppf

     

       322
       330
        
           "@[<hov 2>{ name=%S;@ value=%S;@ domain=%S;@ path=%S;@ secure=%b;@ \

     

       323
       323
       -
            http_only=%b;@ partitioned=%b;@ expires=%a;@ max_age=%a;@ same_site=%a \

     

       324
       324
       -
            }@]"

     

       331
       331
       +
            http_only=%b;@ partitioned=%b;@ host_only=%b;@ expires=%a;@ max_age=%a;@ \

     

       332
       332
       +
            same_site=%a }@]"

     

       325
       333
        
           (name cookie) (value cookie) (domain cookie) (path cookie) (secure cookie)

     

       326
       326
       -
           (http_only cookie) (partitioned cookie)

     

       334
       334
       +
           (http_only cookie) (partitioned cookie) (host_only cookie)

     

       327
       335
        
           (Format.pp_print_option Expiration.pp)

     

       328
       336
        
           (expires cookie)

     

       329
       337
        
           (Format.pp_print_option Ptime.Span.pp)

     
···

       410
       418
        
                     |> String.trim

     

       411
       419
        
                   in

     

       412
       420
        
                   let current_time = now () in

     

       413
       413
       -
                   (* Create cookie with defaults from Cookie header context *)

     

       421
       421
       +
                   (* Create cookie with defaults from Cookie header context.

     

       422
       422
       +
                      Cookies from Cookie headers have host_only=true since we don't

     

       423
       423
       +
                      know if they originally had a Domain attribute. *)

     

       414
       424
        
                   let cookie =

     

       415
       425
        
                     make ~domain ~path ~name:cookie_name ~value:cookie_value

     

       416
       416
       -
                       ~secure:false ~http_only:false ~partitioned:false

     

       426
       426
       +
                       ~secure:false ~http_only:false ~partitioned:false ~host_only:true

     

       417
       427
        
                       ~creation_time:current_time ~last_access:current_time ()

     

       418
       428
        
                   in

     

       419
       429
        
                   Ok cookie)

+20

lib/core/cookeio.mli

···

       115
       115
        
           privacy-preserving third-party cookie functionality. Partitioned cookies

     

       116
       116
        
           must always be Secure. *)

     

       117
       117
        
       

     

       118
       118
       +
       val host_only : t -> bool

     

       119
       119
       +
       (** Check if cookie has the host-only flag set.

     

       120
       120
       +
       

     

       121
       121
       +
           Per RFC 6265 Section 5.3:

     

       122
       122
       +
           - If the Set-Cookie header included a Domain attribute, host_only is false

     

       123
       123
       +
             and the cookie matches the domain and all subdomains.

     

       124
       124
       +
           - If no Domain attribute was present, host_only is true and the cookie

     

       125
       125
       +
             only matches the exact request host.

     

       126
       126
       +
       

     

       127
       127
       +
           Example:

     

       128
       128
       +
           - Cookie set on "example.com" with Domain=example.com: host_only=false,

     

       129
       129
       +
             matches example.com and sub.example.com

     

       130
       130
       +
           - Cookie set on "example.com" without Domain attribute: host_only=true,

     

       131
       131
       +
             matches only example.com, not sub.example.com *)

     

       132
       132
       +
       

     

       118
       133
        
       val expires : t -> Expiration.t option

     

       119
       134
        
       (** Get the expiration attribute if set.

     

       120
       135
        
       

     
···

       152
       167
        
         ?max_age:Ptime.Span.t ->

     

       153
       168
        
         ?same_site:SameSite.t ->

     

       154
       169
        
         ?partitioned:bool ->

     

       170
       170
       +
         ?host_only:bool ->

     

       155
       171
        
         creation_time:Ptime.t ->

     

       156
       172
        
         last_access:Ptime.t ->

     

       157
       173
        
         unit ->

     

       158
       174
        
         t

     

       159
       175
        
       (** Create a new cookie with the given attributes.

     

       176
       176
       +
       

     

       177
       177
       +
           @param host_only If true, the cookie only matches the exact domain (no

     

       178
       178
       +
           subdomains). Defaults to false. Per RFC 6265, this should be true when no

     

       179
       179
       +
           Domain attribute was present in the Set-Cookie header.

     

       160
       180
        
       

     

       161
       181
        
           Note: If [partitioned] is [true], the cookie must also be [secure]. Invalid

     

       162
       182
        
           combinations will result in validation errors. *)

+26 -14

lib/jar/cookeio_jar.ml

···

       34
       34
        
             String.sub domain 1 (String.length domain - 1)

     

       35
       35
        
         | _ -> domain

     

       36
       36
        
       

     

       37
       37
       -
       let domain_matches cookie_domain request_domain =

     

       38
       38
       -
         (* Cookie domains are stored without leading dots per RFC 6265.

     

       39
       39
       -
            A cookie with domain "example.com" should match both "example.com" (exact)

     

       40
       40
       -
            and "sub.example.com" (subdomain). *)

     

       37
       37
       +
       let domain_matches ~host_only cookie_domain request_domain =

     

       38
       38
       +
         (* RFC 6265 Section 5.4: Domain matching for Cookie header.

     

       39
       39
       +
            Cookie domains are stored without leading dots per RFC 6265. *)

     

       41
       40
        
         request_domain = cookie_domain

     

       42
       42
       -
         || String.ends_with ~suffix:("." ^ cookie_domain) request_domain

     

       41
       41
       +
         || (not host_only

     

       42
       42
       +
             && String.ends_with ~suffix:("." ^ cookie_domain) request_domain)

     

       43
       43
        
       

     

       44
       44
        
       let path_matches cookie_path request_path =

     

       45
       45
       -
         (* Cookie path /foo matches /foo, /foo/, /foo/bar *)

     

       46
       46
       -
         String.starts_with ~prefix:cookie_path request_path

     

       45
       45
       +
         (* RFC 6265 Section 5.1.4: A request-path path-matches a cookie-path if:

     

       46
       46
       +
            1. The cookie-path and the request-path are identical, OR

     

       47
       47
       +
            2. The cookie-path is a prefix of request-path AND cookie-path ends with "/", OR

     

       48
       48
       +
            3. The cookie-path is a prefix of request-path AND the first char of

     

       49
       49
       +
               request-path not in cookie-path is "/" *)

     

       50
       50
       +
         if cookie_path = request_path then true

     

       51
       51
       +
         else if String.starts_with ~prefix:cookie_path request_path then

     

       52
       52
       +
           let cookie_len = String.length cookie_path in

     

       53
       53
       +
           String.ends_with ~suffix:"/" cookie_path

     

       54
       54
       +
           || (String.length request_path > cookie_len && request_path.[cookie_len] = '/')

     

       55
       55
       +
         else false

     

       47
       56
        
       

     

       48
       57
        
       (** {1 HTTP Date Parsing} *)

     

       49
       58
        
       let is_expired cookie clock =

     
···

       123
       132
        
           ~http_only:(Cookeio.http_only cookie) ~expires:(`DateTime past_expiry)

     

       124
       133
        
           ~max_age:(Ptime.Span.of_int_s 0) ?same_site:(Cookeio.same_site cookie)

     

       125
       134
        
           ~partitioned:(Cookeio.partitioned cookie)

     

       135
       135
       +
           ~host_only:(Cookeio.host_only cookie)

     

       126
       136
        
           ~creation_time:now ~last_access:now ()

     

       127
       137
        
       

     

       128
       138
        
       let remove jar ~clock cookie =

     
···

       184
       194
        
             (fun cookie ->

     

       185
       195
        
               Cookeio.value cookie <> ""

     

       186
       196
        
               (* Exclude removal cookies *)

     

       187
       187
       -
               && domain_matches (Cookeio.domain cookie) request_domain

     

       197
       197
       +
               && domain_matches ~host_only:(Cookeio.host_only cookie)

     

       198
       198
       +
                    (Cookeio.domain cookie) request_domain

     

       188
       199
        
               && path_matches (Cookeio.path cookie) request_path

     

       189
       200
        
               && ((not (Cookeio.secure cookie)) || is_secure))

     

       190
       201
        
             unique_cookies

     
···

       204
       215
        
                   ?expires:(Cookeio.expires c) ?max_age:(Cookeio.max_age c)

     

       205
       216
        
                   ?same_site:(Cookeio.same_site c)

     

       206
       217
        
                   ~partitioned:(Cookeio.partitioned c)

     

       218
       218
       +
                   ~host_only:(Cookeio.host_only c)

     

       207
       219
        
                   ~creation_time:(Cookeio.creation_time c) ~last_access:now ()

     

       208
       220
        
               else c)

     

       209
       221
        
             cookies

     
···

       319
       331
        
       

     

       320
       332
        
         List.iter

     

       321
       333
        
           (fun cookie ->

     

       322
       322
       -
             let include_subdomains =

     

       323
       323
       -
               if String.starts_with ~prefix:"." (Cookeio.domain cookie) then "TRUE"

     

       324
       324
       -
               else "FALSE"

     

       325
       325
       -
             in

     

       334
       334
       +
             (* Mozilla format: include_subdomains=TRUE means host_only=false *)

     

       335
       335
       +
             let include_subdomains = if Cookeio.host_only cookie then "FALSE" else "TRUE" in

     

       326
       336
        
             let secure_flag = if Cookeio.secure cookie then "TRUE" else "FALSE" in

     

       327
       337
        
             let expires_str =

     

       328
       338
        
               match Cookeio.expires cookie with

     
···

       357
       367
        
             let line = String.trim line in

     

       358
       368
        
             if line <> "" && not (String.starts_with ~prefix:"#" line) then

     

       359
       369
        
               match String.split_on_char '\t' line with

     

       360
       360
       -
               | [ domain; _include_subdomains; path; secure; expires; name; value ] ->

     

       370
       370
       +
               | [ domain; include_subdomains; path; secure; expires; name; value ] ->

     

       361
       371
        
                   let now =

     

       362
       372
        
                     Ptime.of_float_s (Eio.Time.now clock)

     

       363
       373
        
                     |> Option.value ~default:Ptime.epoch

     
···

       370
       380
        
                       | Some t -> Some (`DateTime t)

     

       371
       381
        
                       | None -> None

     

       372
       382
        
                   in

     

       383
       383
       +
                   (* Mozilla format: include_subdomains=TRUE means host_only=false *)

     

       384
       384
       +
                   let host_only = include_subdomains <> "TRUE" in

     

       373
       385
        
       

     

       374
       386
        
                   let cookie =

     

       375
       387
        
                     Cookeio.make ~domain:(normalize_domain domain) ~path ~name ~value

     

       376
       388
        
                       ~secure:(secure = "TRUE") ~http_only:false ?expires

     

       377
       377
       -
                       ?max_age:None ?same_site:None ~partitioned:false

     

       389
       389
       +
                       ?max_age:None ?same_site:None ~partitioned:false ~host_only

     

       378
       390
        
                       ~creation_time:now ~last_access:now ()

     

       379
       391
        
                   in

     

       380
       392
        
                   add_original jar cookie;

+348

test/test_cookeio.ml

···

       1885
       1885
        
             end

     

       1886
       1886
        
         | None -> Alcotest.fail "Should parse cookie with both attributes"

     

       1887
       1887
        
       

     

       1888
       1888
       +
       (* ============================================================================ *)

     

       1889
       1889
       +
       (* Host-Only Flag Tests (RFC 6265 Section 5.3) *)

     

       1890
       1890
       +
       (* ============================================================================ *)

     

       1891
       1891
       +
       

     

       1892
       1892
       +
       let test_host_only_without_domain_attribute () =

     

       1893
       1893
       +
         Eio_mock.Backend.run @@ fun () ->

     

       1894
       1894
       +
         let clock = Eio_mock.Clock.make () in

     

       1895
       1895
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       1896
       1896
       +
       

     

       1897
       1897
       +
         (* Cookie without Domain attribute should have host_only=true *)

     

       1898
       1898
       +
         let header = "session=abc123; Secure; HttpOnly" in

     

       1899
       1899
       +
         let cookie_opt =

     

       1900
       1900
       +
           of_set_cookie_header

     

       1901
       1901
       +
             ~now:(fun () ->

     

       1902
       1902
       +
               Ptime.of_float_s (Eio.Time.now clock)

     

       1903
       1903
       +
               |> Option.value ~default:Ptime.epoch)

     

       1904
       1904
       +
             ~domain:"example.com" ~path:"/" header

     

       1905
       1905
       +
         in

     

       1906
       1906
       +
         Alcotest.(check bool) "cookie parsed" true (Option.is_some cookie_opt);

     

       1907
       1907
       +
         let cookie = Option.get cookie_opt in

     

       1908
       1908
       +
         Alcotest.(check bool) "host_only is true" true (Cookeio.host_only cookie);

     

       1909
       1909
       +
         Alcotest.(check string) "domain is request host" "example.com" (Cookeio.domain cookie)

     

       1910
       1910
       +
       

     

       1911
       1911
       +
       let test_host_only_with_domain_attribute () =

     

       1912
       1912
       +
         Eio_mock.Backend.run @@ fun () ->

     

       1913
       1913
       +
         let clock = Eio_mock.Clock.make () in

     

       1914
       1914
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       1915
       1915
       +
       

     

       1916
       1916
       +
         (* Cookie with Domain attribute should have host_only=false *)

     

       1917
       1917
       +
         let header = "session=abc123; Domain=example.com; Secure" in

     

       1918
       1918
       +
         let cookie_opt =

     

       1919
       1919
       +
           of_set_cookie_header

     

       1920
       1920
       +
             ~now:(fun () ->

     

       1921
       1921
       +
               Ptime.of_float_s (Eio.Time.now clock)

     

       1922
       1922
       +
               |> Option.value ~default:Ptime.epoch)

     

       1923
       1923
       +
             ~domain:"example.com" ~path:"/" header

     

       1924
       1924
       +
         in

     

       1925
       1925
       +
         Alcotest.(check bool) "cookie parsed" true (Option.is_some cookie_opt);

     

       1926
       1926
       +
         let cookie = Option.get cookie_opt in

     

       1927
       1927
       +
         Alcotest.(check bool) "host_only is false" false (Cookeio.host_only cookie);

     

       1928
       1928
       +
         Alcotest.(check string) "domain is attribute value" "example.com" (Cookeio.domain cookie)

     

       1929
       1929
       +
       

     

       1930
       1930
       +
       let test_host_only_with_dotted_domain_attribute () =

     

       1931
       1931
       +
         Eio_mock.Backend.run @@ fun () ->

     

       1932
       1932
       +
         let clock = Eio_mock.Clock.make () in

     

       1933
       1933
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       1934
       1934
       +
       

     

       1935
       1935
       +
         (* Cookie with .domain should have host_only=false and normalized domain *)

     

       1936
       1936
       +
         let header = "session=abc123; Domain=.example.com" in

     

       1937
       1937
       +
         let cookie_opt =

     

       1938
       1938
       +
           of_set_cookie_header

     

       1939
       1939
       +
             ~now:(fun () ->

     

       1940
       1940
       +
               Ptime.of_float_s (Eio.Time.now clock)

     

       1941
       1941
       +
               |> Option.value ~default:Ptime.epoch)

     

       1942
       1942
       +
             ~domain:"example.com" ~path:"/" header

     

       1943
       1943
       +
         in

     

       1944
       1944
       +
         Alcotest.(check bool) "cookie parsed" true (Option.is_some cookie_opt);

     

       1945
       1945
       +
         let cookie = Option.get cookie_opt in

     

       1946
       1946
       +
         Alcotest.(check bool) "host_only is false" false (Cookeio.host_only cookie);

     

       1947
       1947
       +
         Alcotest.(check string) "domain normalized" "example.com" (Cookeio.domain cookie)

     

       1948
       1948
       +
       

     

       1949
       1949
       +
       let test_host_only_domain_matching () =

     

       1950
       1950
       +
         Eio_mock.Backend.run @@ fun () ->

     

       1951
       1951
       +
         let clock = Eio_mock.Clock.make () in

     

       1952
       1952
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       1953
       1953
       +
       

     

       1954
       1954
       +
         let jar = create () in

     

       1955
       1955
       +
       

     

       1956
       1956
       +
         (* Add a host-only cookie (no Domain attribute) *)

     

       1957
       1957
       +
         let host_only_cookie =

     

       1958
       1958
       +
           Cookeio.make ~domain:"example.com" ~path:"/" ~name:"host_only" ~value:"val1"

     

       1959
       1959
       +
             ~secure:false ~http_only:false ~host_only:true

     

       1960
       1960
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       1961
       1961
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       1962
       1962
       +
         in

     

       1963
       1963
       +
         add_cookie jar host_only_cookie;

     

       1964
       1964
       +
       

     

       1965
       1965
       +
         (* Add a domain cookie (with Domain attribute) *)

     

       1966
       1966
       +
         let domain_cookie =

     

       1967
       1967
       +
           Cookeio.make ~domain:"example.com" ~path:"/" ~name:"domain" ~value:"val2"

     

       1968
       1968
       +
             ~secure:false ~http_only:false ~host_only:false

     

       1969
       1969
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       1970
       1970
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       1971
       1971
       +
         in

     

       1972
       1972
       +
         add_cookie jar domain_cookie;

     

       1973
       1973
       +
       

     

       1974
       1974
       +
         (* Both cookies should match exact domain *)

     

       1975
       1975
       +
         let cookies_exact =

     

       1976
       1976
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/" ~is_secure:false

     

       1977
       1977
       +
         in

     

       1978
       1978
       +
         Alcotest.(check int) "both match exact domain" 2 (List.length cookies_exact);

     

       1979
       1979
       +
       

     

       1980
       1980
       +
         (* Only domain cookie should match subdomain *)

     

       1981
       1981
       +
         let cookies_sub =

     

       1982
       1982
       +
           get_cookies jar ~clock ~domain:"sub.example.com" ~path:"/" ~is_secure:false

     

       1983
       1983
       +
         in

     

       1984
       1984
       +
         Alcotest.(check int) "only domain cookie matches subdomain" 1 (List.length cookies_sub);

     

       1985
       1985
       +
         let sub_cookie = List.hd cookies_sub in

     

       1986
       1986
       +
         Alcotest.(check string) "subdomain match is domain cookie" "domain" (Cookeio.name sub_cookie)

     

       1987
       1987
       +
       

     

       1988
       1988
       +
       let test_host_only_cookie_header_parsing () =

     

       1989
       1989
       +
         Eio_mock.Backend.run @@ fun () ->

     

       1990
       1990
       +
         let clock = Eio_mock.Clock.make () in

     

       1991
       1991
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       1992
       1992
       +
       

     

       1993
       1993
       +
         (* Cookies from Cookie header should have host_only=true *)

     

       1994
       1994
       +
         let results =

     

       1995
       1995
       +
           of_cookie_header

     

       1996
       1996
       +
             ~now:(fun () ->

     

       1997
       1997
       +
               Ptime.of_float_s (Eio.Time.now clock)

     

       1998
       1998
       +
               |> Option.value ~default:Ptime.epoch)

     

       1999
       1999
       +
             ~domain:"example.com" ~path:"/" "session=abc; theme=dark"

     

       2000
       2000
       +
         in

     

       2001
       2001
       +
         let cookies = List.filter_map Result.to_option results in

     

       2002
       2002
       +
         Alcotest.(check int) "parsed 2 cookies" 2 (List.length cookies);

     

       2003
       2003
       +
         List.iter (fun c ->

     

       2004
       2004
       +
           Alcotest.(check bool)

     

       2005
       2005
       +
             ("host_only is true for " ^ Cookeio.name c)

     

       2006
       2006
       +
             true (Cookeio.host_only c)

     

       2007
       2007
       +
         ) cookies

     

       2008
       2008
       +
       

     

       2009
       2009
       +
       let test_host_only_mozilla_format_round_trip () =

     

       2010
       2010
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2011
       2011
       +
         let clock = Eio_mock.Clock.make () in

     

       2012
       2012
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2013
       2013
       +
       

     

       2014
       2014
       +
         let jar = create () in

     

       2015
       2015
       +
       

     

       2016
       2016
       +
         (* Add host-only cookie *)

     

       2017
       2017
       +
         let host_only =

     

       2018
       2018
       +
           Cookeio.make ~domain:"example.com" ~path:"/" ~name:"hostonly" ~value:"v1"

     

       2019
       2019
       +
             ~secure:false ~http_only:false ~host_only:true

     

       2020
       2020
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2021
       2021
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2022
       2022
       +
         in

     

       2023
       2023
       +
         add_cookie jar host_only;

     

       2024
       2024
       +
       

     

       2025
       2025
       +
         (* Add domain cookie *)

     

       2026
       2026
       +
         let domain_cookie =

     

       2027
       2027
       +
           Cookeio.make ~domain:"example.com" ~path:"/" ~name:"domain" ~value:"v2"

     

       2028
       2028
       +
             ~secure:false ~http_only:false ~host_only:false

     

       2029
       2029
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2030
       2030
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2031
       2031
       +
         in

     

       2032
       2032
       +
         add_cookie jar domain_cookie;

     

       2033
       2033
       +
       

     

       2034
       2034
       +
         (* Round trip through Mozilla format *)

     

       2035
       2035
       +
         let mozilla = to_mozilla_format jar in

     

       2036
       2036
       +
         let jar2 = from_mozilla_format ~clock mozilla in

     

       2037
       2037
       +
         let cookies = get_all_cookies jar2 in

     

       2038
       2038
       +
       

     

       2039
       2039
       +
         Alcotest.(check int) "2 cookies after round trip" 2 (List.length cookies);

     

       2040
       2040
       +
       

     

       2041
       2041
       +
         let find name_val = List.find (fun c -> Cookeio.name c = name_val) cookies in

     

       2042
       2042
       +
         Alcotest.(check bool) "hostonly preserved" true (Cookeio.host_only (find "hostonly"));

     

       2043
       2043
       +
         Alcotest.(check bool) "domain preserved" false (Cookeio.host_only (find "domain"))

     

       2044
       2044
       +
       

     

       2045
       2045
       +
       (* ============================================================================ *)

     

       2046
       2046
       +
       (* Path Matching Tests (RFC 6265 Section 5.1.4) *)

     

       2047
       2047
       +
       (* ============================================================================ *)

     

       2048
       2048
       +
       

     

       2049
       2049
       +
       let test_path_matching_identical () =

     

       2050
       2050
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2051
       2051
       +
         let clock = Eio_mock.Clock.make () in

     

       2052
       2052
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2053
       2053
       +
       

     

       2054
       2054
       +
         let jar = create () in

     

       2055
       2055
       +
         let cookie =

     

       2056
       2056
       +
           Cookeio.make ~domain:"example.com" ~path:"/foo" ~name:"test" ~value:"val"

     

       2057
       2057
       +
             ~secure:false ~http_only:false

     

       2058
       2058
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2059
       2059
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2060
       2060
       +
         in

     

       2061
       2061
       +
         add_cookie jar cookie;

     

       2062
       2062
       +
       

     

       2063
       2063
       +
         (* Identical path should match *)

     

       2064
       2064
       +
         let cookies =

     

       2065
       2065
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo" ~is_secure:false

     

       2066
       2066
       +
         in

     

       2067
       2067
       +
         Alcotest.(check int) "identical path matches" 1 (List.length cookies)

     

       2068
       2068
       +
       

     

       2069
       2069
       +
       let test_path_matching_with_trailing_slash () =

     

       2070
       2070
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2071
       2071
       +
         let clock = Eio_mock.Clock.make () in

     

       2072
       2072
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2073
       2073
       +
       

     

       2074
       2074
       +
         let jar = create () in

     

       2075
       2075
       +
         let cookie =

     

       2076
       2076
       +
           Cookeio.make ~domain:"example.com" ~path:"/foo/" ~name:"test" ~value:"val"

     

       2077
       2077
       +
             ~secure:false ~http_only:false

     

       2078
       2078
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2079
       2079
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2080
       2080
       +
         in

     

       2081
       2081
       +
         add_cookie jar cookie;

     

       2082
       2082
       +
       

     

       2083
       2083
       +
         (* Cookie path /foo/ should match /foo/bar *)

     

       2084
       2084
       +
         let cookies =

     

       2085
       2085
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo/bar" ~is_secure:false

     

       2086
       2086
       +
         in

     

       2087
       2087
       +
         Alcotest.(check int) "/foo/ matches /foo/bar" 1 (List.length cookies);

     

       2088
       2088
       +
       

     

       2089
       2089
       +
         (* Cookie path /foo/ should match /foo/ *)

     

       2090
       2090
       +
         let cookies2 =

     

       2091
       2091
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo/" ~is_secure:false

     

       2092
       2092
       +
         in

     

       2093
       2093
       +
         Alcotest.(check int) "/foo/ matches /foo/" 1 (List.length cookies2)

     

       2094
       2094
       +
       

     

       2095
       2095
       +
       let test_path_matching_prefix_with_slash () =

     

       2096
       2096
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2097
       2097
       +
         let clock = Eio_mock.Clock.make () in

     

       2098
       2098
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2099
       2099
       +
       

     

       2100
       2100
       +
         let jar = create () in

     

       2101
       2101
       +
         let cookie =

     

       2102
       2102
       +
           Cookeio.make ~domain:"example.com" ~path:"/foo" ~name:"test" ~value:"val"

     

       2103
       2103
       +
             ~secure:false ~http_only:false

     

       2104
       2104
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2105
       2105
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2106
       2106
       +
         in

     

       2107
       2107
       +
         add_cookie jar cookie;

     

       2108
       2108
       +
       

     

       2109
       2109
       +
         (* Cookie path /foo should match /foo/bar (next char is /) *)

     

       2110
       2110
       +
         let cookies =

     

       2111
       2111
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo/bar" ~is_secure:false

     

       2112
       2112
       +
         in

     

       2113
       2113
       +
         Alcotest.(check int) "/foo matches /foo/bar" 1 (List.length cookies);

     

       2114
       2114
       +
       

     

       2115
       2115
       +
         (* Cookie path /foo should match /foo/ *)

     

       2116
       2116
       +
         let cookies2 =

     

       2117
       2117
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo/" ~is_secure:false

     

       2118
       2118
       +
         in

     

       2119
       2119
       +
         Alcotest.(check int) "/foo matches /foo/" 1 (List.length cookies2)

     

       2120
       2120
       +
       

     

       2121
       2121
       +
       let test_path_matching_no_false_prefix () =

     

       2122
       2122
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2123
       2123
       +
         let clock = Eio_mock.Clock.make () in

     

       2124
       2124
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2125
       2125
       +
       

     

       2126
       2126
       +
         let jar = create () in

     

       2127
       2127
       +
         let cookie =

     

       2128
       2128
       +
           Cookeio.make ~domain:"example.com" ~path:"/foo" ~name:"test" ~value:"val"

     

       2129
       2129
       +
             ~secure:false ~http_only:false

     

       2130
       2130
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2131
       2131
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2132
       2132
       +
         in

     

       2133
       2133
       +
         add_cookie jar cookie;

     

       2134
       2134
       +
       

     

       2135
       2135
       +
         (* Cookie path /foo should NOT match /foobar (no / separator) *)

     

       2136
       2136
       +
         let cookies =

     

       2137
       2137
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foobar" ~is_secure:false

     

       2138
       2138
       +
         in

     

       2139
       2139
       +
         Alcotest.(check int) "/foo does NOT match /foobar" 0 (List.length cookies);

     

       2140
       2140
       +
       

     

       2141
       2141
       +
         (* Cookie path /foo should NOT match /foob *)

     

       2142
       2142
       +
         let cookies2 =

     

       2143
       2143
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foob" ~is_secure:false

     

       2144
       2144
       +
         in

     

       2145
       2145
       +
         Alcotest.(check int) "/foo does NOT match /foob" 0 (List.length cookies2)

     

       2146
       2146
       +
       

     

       2147
       2147
       +
       let test_path_matching_root () =

     

       2148
       2148
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2149
       2149
       +
         let clock = Eio_mock.Clock.make () in

     

       2150
       2150
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2151
       2151
       +
       

     

       2152
       2152
       +
         let jar = create () in

     

       2153
       2153
       +
         let cookie =

     

       2154
       2154
       +
           Cookeio.make ~domain:"example.com" ~path:"/" ~name:"test" ~value:"val"

     

       2155
       2155
       +
             ~secure:false ~http_only:false

     

       2156
       2156
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2157
       2157
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2158
       2158
       +
         in

     

       2159
       2159
       +
         add_cookie jar cookie;

     

       2160
       2160
       +
       

     

       2161
       2161
       +
         (* Root path should match everything *)

     

       2162
       2162
       +
         let cookies1 =

     

       2163
       2163
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/" ~is_secure:false

     

       2164
       2164
       +
         in

     

       2165
       2165
       +
         Alcotest.(check int) "/ matches /" 1 (List.length cookies1);

     

       2166
       2166
       +
       

     

       2167
       2167
       +
         let cookies2 =

     

       2168
       2168
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo" ~is_secure:false

     

       2169
       2169
       +
         in

     

       2170
       2170
       +
         Alcotest.(check int) "/ matches /foo" 1 (List.length cookies2);

     

       2171
       2171
       +
       

     

       2172
       2172
       +
         let cookies3 =

     

       2173
       2173
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo/bar/baz" ~is_secure:false

     

       2174
       2174
       +
         in

     

       2175
       2175
       +
         Alcotest.(check int) "/ matches /foo/bar/baz" 1 (List.length cookies3)

     

       2176
       2176
       +
       

     

       2177
       2177
       +
       let test_path_matching_no_match () =

     

       2178
       2178
       +
         Eio_mock.Backend.run @@ fun () ->

     

       2179
       2179
       +
         let clock = Eio_mock.Clock.make () in

     

       2180
       2180
       +
         Eio_mock.Clock.set_time clock 1000.0;

     

       2181
       2181
       +
       

     

       2182
       2182
       +
         let jar = create () in

     

       2183
       2183
       +
         let cookie =

     

       2184
       2184
       +
           Cookeio.make ~domain:"example.com" ~path:"/foo/bar" ~name:"test" ~value:"val"

     

       2185
       2185
       +
             ~secure:false ~http_only:false

     

       2186
       2186
       +
             ~creation_time:(Ptime.of_float_s 1000.0 |> Option.get)

     

       2187
       2187
       +
             ~last_access:(Ptime.of_float_s 1000.0 |> Option.get) ()

     

       2188
       2188
       +
         in

     

       2189
       2189
       +
         add_cookie jar cookie;

     

       2190
       2190
       +
       

     

       2191
       2191
       +
         (* Cookie path /foo/bar should NOT match /foo *)

     

       2192
       2192
       +
         let cookies =

     

       2193
       2193
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/foo" ~is_secure:false

     

       2194
       2194
       +
         in

     

       2195
       2195
       +
         Alcotest.(check int) "/foo/bar does NOT match /foo" 0 (List.length cookies);

     

       2196
       2196
       +
       

     

       2197
       2197
       +
         (* Cookie path /foo/bar should NOT match / *)

     

       2198
       2198
       +
         let cookies2 =

     

       2199
       2199
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/" ~is_secure:false

     

       2200
       2200
       +
         in

     

       2201
       2201
       +
         Alcotest.(check int) "/foo/bar does NOT match /" 0 (List.length cookies2);

     

       2202
       2202
       +
       

     

       2203
       2203
       +
         (* Cookie path /foo/bar should NOT match /baz *)

     

       2204
       2204
       +
         let cookies3 =

     

       2205
       2205
       +
           get_cookies jar ~clock ~domain:"example.com" ~path:"/baz" ~is_secure:false

     

       2206
       2206
       +
         in

     

       2207
       2207
       +
         Alcotest.(check int) "/foo/bar does NOT match /baz" 0 (List.length cookies3)

     

       2208
       2208
       +
       

     

       1888
       2209
        
       let () =

     

       1889
       2210
        
         Eio_main.run @@ fun env ->

     

       1890
       2211
        
         let open Alcotest in

     
···

       2018
       2339
        
                     test_max_age_and_expires_both_present env);

     

       2019
       2340
        
                 test_case "parse both" `Quick (fun () ->

     

       2020
       2341
        
                     test_parse_max_age_and_expires env);

     

       2342
       2342
       +
               ] );

     

       2343
       2343
       +
             ( "host_only_flag",

     

       2344
       2344
       +
               [

     

       2345
       2345
       +
                 test_case "host_only without Domain attribute" `Quick

     

       2346
       2346
       +
                   test_host_only_without_domain_attribute;

     

       2347
       2347
       +
                 test_case "host_only with Domain attribute" `Quick

     

       2348
       2348
       +
                   test_host_only_with_domain_attribute;

     

       2349
       2349
       +
                 test_case "host_only with dotted Domain attribute" `Quick

     

       2350
       2350
       +
                   test_host_only_with_dotted_domain_attribute;

     

       2351
       2351
       +
                 test_case "host_only domain matching" `Quick

     

       2352
       2352
       +
                   test_host_only_domain_matching;

     

       2353
       2353
       +
                 test_case "host_only Cookie header parsing" `Quick

     

       2354
       2354
       +
                   test_host_only_cookie_header_parsing;

     

       2355
       2355
       +
                 test_case "host_only Mozilla format round trip" `Quick

     

       2356
       2356
       +
                   test_host_only_mozilla_format_round_trip;

     

       2357
       2357
       +
               ] );

     

       2358
       2358
       +
             ( "path_matching",

     

       2359
       2359
       +
               [

     

       2360
       2360
       +
                 test_case "identical path" `Quick test_path_matching_identical;

     

       2361
       2361
       +
                 test_case "path with trailing slash" `Quick

     

       2362
       2362
       +
                   test_path_matching_with_trailing_slash;

     

       2363
       2363
       +
                 test_case "prefix with slash separator" `Quick

     

       2364
       2364
       +
                   test_path_matching_prefix_with_slash;

     

       2365
       2365
       +
                 test_case "no false prefix match" `Quick

     

       2366
       2366
       +
                   test_path_matching_no_false_prefix;

     

       2367
       2367
       +
                 test_case "root path matches all" `Quick test_path_matching_root;

     

       2368
       2368
       +
                 test_case "path no match" `Quick test_path_matching_no_match;

     

       2021
       2369
        
               ] );

     

       2022
       2370
        
           ]