toolkit/components/extensions/test/mochitest/test_ext_cookies.html
author Rob Wu <rob@robwu.nl>
Sat, 02 Dec 2017 02:09:51 +0100
changeset 396558 eb72a70b524f7434a307df720019efa7442a6554
parent 393109 d75942aa9845ad70fd40ee8841c8b2d7169756a7
child 397757 36bccd1ca96f91d2d1fccfbb3b7af37bc38ba279
permissions -rw-r--r--
Bug 1417828 - Ignore ports in cookies API r=zombie Fixes regression from bug 1398630, where nsIURI was replaced with DOM URL. In nsIURI, "host" does not include a port number, but in a DOM URL, "host" does include a port number and "hostname" has to be used to obtain the original result. MozReview-Commit-ID: KxCF6Srn7X4

<!DOCTYPE HTML>
<html>
<head>
  <title>WebExtension test</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/SpawnTask.js"></script>
  <script type="text/javascript" src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
  <script type="text/javascript" src="head.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>

<script type="text/javascript">
"use strict";

add_task(async function test_cookies() {
  async function background() {
    function assertExpected(expected, cookie) {
      for (let key of Object.keys(cookie)) {
        browser.test.assertTrue(key in expected, `found property ${key}`);
        browser.test.assertEq(expected[key], cookie[key], `property value for ${key} is correct`);
      }
      browser.test.assertEq(Object.keys(expected).length, Object.keys(cookie).length, "all expected properties found");
    }

    async function getDocumentCookie(tabId) {
      let results = await browser.tabs.executeScript(tabId, {
        code: "document.cookie",
      });
      browser.test.assertEq(results.length, 1, "executeScript returns one result");
      return results[0];
    }

    async function openPrivateWindowAndTab(TEST_URL) {
      // Add some random suffix to make sure that we select the right tab.
      const PRIVATE_TEST_URL = TEST_URL + "?random" + Math.random();

      let tabReadyPromise = new Promise((resolve) => {
        browser.webNavigation.onDOMContentLoaded.addListener(function listener({tabId}) {
          browser.webNavigation.onDOMContentLoaded.removeListener(listener);
          resolve(tabId);
        }, {
          url: [{
            urlPrefix: PRIVATE_TEST_URL,
          }],
        });
      });
      // This tab is opened for two purposes:
      // 1. To allow tests to run content scripts in the context of a tab,
      //    for fetching the value of document.cookie.
      // 2. TODO Bug 1309637 To work around cookies in incognito windows,
      //    based on the analysis in comment 8.
      let {id: windowId} = await browser.windows.create({
        incognito: true,
        url: PRIVATE_TEST_URL,
      });
      let tabId = await tabReadyPromise;
      return {windowId, tabId};
    }

    function changePort(href, port) {
      let url = new URL(href);
      url.port = port;
      return url.href;
    }

    const TEST_URL = "http://example.org/";
    const TEST_SECURE_URL = "https://example.org/";
    const THE_FUTURE = Date.now() + 5 * 60;
    const TEST_PATH = "set_path";
    const TEST_URL_WITH_PATH = TEST_URL + TEST_PATH;
    const TEST_COOKIE_PATH = `/${TEST_PATH}`;
    const STORE_ID = "firefox-default";
    const PRIVATE_STORE_ID = "firefox-private";

    let expected = {
      name: "name1",
      value: "value1",
      domain: "example.org",
      hostOnly: true,
      path: "/",
      secure: false,
      httpOnly: false,
      session: false,
      expirationDate: THE_FUTURE,
      storeId: STORE_ID,
    };

    // Remove all cookies before starting the test.
    await browser.browsingData.removeCookies({});

    let cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", expirationDate: THE_FUTURE});
    assertExpected(expected, cookie);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    assertExpected(expected, cookie);

    let cookies = await browser.cookies.getAll({name: "name1"});
    browser.test.assertEq(cookies.length, 1, "one cookie found for matching name");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({domain: "example.org"});
    browser.test.assertEq(cookies.length, 1, "one cookie found for matching domain");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({domain: "example.net"});
    browser.test.assertEq(cookies.length, 0, "no cookies found for non-matching domain");

    cookies = await browser.cookies.getAll({secure: false});
    browser.test.assertEq(cookies.length, 1, "one non-secure cookie found");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({secure: true});
    browser.test.assertEq(cookies.length, 0, "no secure cookies found");

    cookies = await browser.cookies.getAll({storeId: STORE_ID});
    browser.test.assertEq(cookies.length, 1, "one cookie found for valid storeId");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({storeId: "invalid_id"});
    browser.test.assertEq(cookies.length, 0, "no cookies found for invalid storeId");

    let details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    // Ports in cookie URLs should be ignored. Every API call uses a different port number for better coverage.
    cookie = await browser.cookies.set({url: changePort(TEST_URL, 1234), name: "name1", value: "value1", expirationDate: THE_FUTURE});
    assertExpected(expected, cookie);

    cookie = await browser.cookies.get({url: changePort(TEST_URL, 65535), name: "name1"});
    assertExpected(expected, cookie);

    cookies = await browser.cookies.getAll({url: TEST_URL});
    browser.test.assertEq(cookies.length, 1, "Found cookie using getAll without port");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({url: changePort(TEST_URL, 1)});
    browser.test.assertEq(cookies.length, 1, "Found cookie using getAll with port");
    assertExpected(expected, cookies[0]);

    // .remove should return the URL of the API call, so the port is included in the return value.
    const TEST_URL_TO_REMOVE = changePort(TEST_URL, 1023);
    details = await browser.cookies.remove({url: TEST_URL_TO_REMOVE, name: "name1"});
    assertExpected({url: TEST_URL_TO_REMOVE, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    let stores = await browser.cookies.getAllCookieStores();
    browser.test.assertEq(1, stores.length, "expected number of stores returned");
    browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
    browser.test.assertEq(1, stores[0].tabIds.length, "one tabId returned for store");
    browser.test.assertEq("number", typeof stores[0].tabIds[0], "tabId is a number");

    // TODO bug 1372178: Opening private windows/tabs is not supported on Android
    if (browser.windows) {
      let {windowId} = await openPrivateWindowAndTab(TEST_URL);
      let stores = await browser.cookies.getAllCookieStores();

      browser.test.assertEq(2, stores.length, "expected number of stores returned");
      browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
      browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for store");
      browser.test.assertEq(PRIVATE_STORE_ID, stores[1].id, "expected private store id returned");
      browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for private store");

      await browser.windows.remove(windowId);
    }

    cookie = await browser.cookies.set({url: TEST_URL, name: "name2", domain: ".example.org", expirationDate: THE_FUTURE});
    browser.test.assertEq(false, cookie.hostOnly, "cookie is not a hostOnly cookie");

    details = await browser.cookies.remove({url: TEST_URL, name: "name2"});
    assertExpected({url: TEST_URL, name: "name2", storeId: STORE_ID}, details);

    // Create a session cookie.
    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1"});
    browser.test.assertEq(true, cookie.session, "session cookie set");

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(true, cookie.session, "got session cookie");

    cookies = await browser.cookies.getAll({session: true});
    browser.test.assertEq(cookies.length, 1, "one session cookie found");
    browser.test.assertEq(true, cookies[0].session, "found session cookie");

    cookies = await browser.cookies.getAll({session: false});
    browser.test.assertEq(cookies.length, 0, "no non-session cookies found");

    details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    cookie = await browser.cookies.set({url: TEST_SECURE_URL, name: "name1", value: "value1", secure: true});
    browser.test.assertEq(true, cookie.secure, "secure cookie set");

    cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
    browser.test.assertEq(true, cookie.session, "got secure cookie");

    cookies = await browser.cookies.getAll({secure: true});
    browser.test.assertEq(cookies.length, 1, "one secure cookie found");
    browser.test.assertEq(true, cookies[0].secure, "found secure cookie");

    cookies = await browser.cookies.getAll({secure: false});
    browser.test.assertEq(cookies.length, 0, "no non-secure cookies found");

    details = await browser.cookies.remove({url: TEST_SECURE_URL, name: "name1"});
    assertExpected({url: TEST_SECURE_URL, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    cookie = await browser.cookies.set({url: TEST_URL_WITH_PATH, path: TEST_COOKIE_PATH, name: "name1", value: "value1", expirationDate: THE_FUTURE});
    browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "created cookie with path");

    cookie = await browser.cookies.get({url: TEST_URL_WITH_PATH, name: "name1"});
    browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "got cookie with path");

    cookies = await browser.cookies.getAll({path: TEST_COOKIE_PATH});
    browser.test.assertEq(cookies.length, 1, "one cookie with path found");
    browser.test.assertEq(TEST_COOKIE_PATH, cookies[0].path, "found cookie with path");

    cookie = await browser.cookies.get({url: TEST_URL + "invalid_path", name: "name1"});
    browser.test.assertEq(null, cookie, "get with invalid path returns null");

    cookies = await browser.cookies.getAll({path: "/invalid_path"});
    browser.test.assertEq(cookies.length, 0, "getAll with invalid path returns 0 cookies");

    details = await browser.cookies.remove({url: TEST_URL_WITH_PATH, name: "name1"});
    assertExpected({url: TEST_URL_WITH_PATH, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: true});
    browser.test.assertEq(true, cookie.httpOnly, "httpOnly cookie set");

    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: false});
    browser.test.assertEq(false, cookie.httpOnly, "non-httpOnly cookie set");

    details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID}, details);

    cookie = await browser.cookies.set({url: TEST_URL});
    browser.test.assertEq("", cookie.name, "default name set");
    browser.test.assertEq("", cookie.value, "default value set");
    browser.test.assertEq(true, cookie.session, "no expiry date created session cookie");

    // TODO bug 1372178: Opening private windows/tabs is not supported on Android
    if (browser.windows) {
      let {tabId, windowId} = await openPrivateWindowAndTab(TEST_URL);

      browser.test.assertEq("", await getDocumentCookie(tabId), "initially no cookie");

      let cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "private", expirationDate: THE_FUTURE, storeId: PRIVATE_STORE_ID});
      browser.test.assertEq("private", cookie.value, "set the private cookie");

      cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "default", expirationDate: THE_FUTURE, storeId: STORE_ID});
      browser.test.assertEq("default", cookie.value, "set the default cookie");

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      browser.test.assertEq("private", cookie.value, "get the private cookie");
      browser.test.assertEq(PRIVATE_STORE_ID, cookie.storeId, "get the private cookie storeId");

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
      browser.test.assertEq("default", cookie.value, "get the default cookie");
      browser.test.assertEq(STORE_ID, cookie.storeId, "get the default cookie storeId");

      browser.test.assertEq("store=private", await getDocumentCookie(tabId), "private document.cookie should be set");

      let details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: STORE_ID});
      assertExpected({url: TEST_URL, name: "store", storeId: STORE_ID}, details);

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
      browser.test.assertEq(null, cookie, "deleted the default cookie");

      details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      assertExpected({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID}, details);

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      browser.test.assertEq(null, cookie, "deleted the private cookie");

      browser.test.assertEq("", await getDocumentCookie(tabId), "private document.cookie should be removed");

      await browser.windows.remove(windowId);
    }

    browser.test.notifyPass("cookies");
  }

  let extension = ExtensionTestUtils.loadExtension({
    background,
    manifest: {
      permissions: ["cookies", "*://example.org/", "webNavigation", "browsingData"],
    },
  });

  await extension.startup();
  await extension.awaitFinish("cookies");
  await extension.unload();
});

</script>

</body>
</html>