toolkit/components/extensions/test/mochitest/test_ext_cookies.html
author myeongjun <myeongjun.ko@gmail.com>
Thu, 16 May 2019 19:13:16 +0000
changeset 474291 2f69f765ef513a61ad39b4fc2b294135cf514e98
parent 470048 c83490ca7185506ddf5e9828f8159930c03d15a0
permissions -rw-r--r--
Bug 1517993 - An unexpected error occured with browser.cookies.set() with domain and url key for ip address. r=robwu,rpl,mixedpuppy Differential Revision: https://phabricator.services.mozilla.com/D29933

<!DOCTYPE HTML>
<html>
<head>
  <title>WebExtension test</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <script src="/tests/SimpleTest/ExtensionTestUtils.js"></script>
  <script type="text/javascript" src="head.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
</head>
<body>

<script type="text/javascript">
"use strict";

add_task(async function test_cookies() {
  await SpecialPowers.pushPrefEnv({set: [
    ["extensions.allowPrivateBrowsingByDefault", false],
  ]});

  async function background() {
    function assertExpected(expected, cookie) {
      for (let key of Object.keys(cookie)) {
        browser.test.assertTrue(key in expected, `found property ${key}`);
        browser.test.assertEq(expected[key], cookie[key], `property value for ${key} is correct`);
      }
      browser.test.assertEq(Object.keys(expected).length, Object.keys(cookie).length, "all expected properties found");
    }

    async function getDocumentCookie(tabId) {
      let results = await browser.tabs.executeScript(tabId, {
        code: "document.cookie",
      });
      browser.test.assertEq(1, results.length, "executeScript returns one result");
      return results[0];
    }

    async function testIpCookie(ipAddress, setHostOnly) {
      const IP_TEST_HOST = ipAddress;
      const IP_TEST_URL = `http://${IP_TEST_HOST}/`;
      const IP_THE_FUTURE = Date.now() + 5 * 60;
      const IP_STORE_ID = "firefox-default";

      let expectedCookie = {
        name: "name1",
        value: "value1",
        domain: IP_TEST_HOST,
        hostOnly: true,
        path: "/",
        secure: false,
        httpOnly: false,
        sameSite: "no_restriction",
        session: false,
        expirationDate: IP_THE_FUTURE,
        storeId: IP_STORE_ID,
        firstPartyDomain: "",
      };

      await browser.browsingData.removeCookies({});
      let ip_cookie = await browser.cookies.set({
        url: IP_TEST_URL,
        domain: setHostOnly ? ipAddress : undefined,
        name: "name1",
        value: "value1",
        expirationDate: IP_THE_FUTURE,
      });
      assertExpected(expectedCookie, ip_cookie);

      let ip_cookies = await browser.cookies.getAll({name: "name1"});
      browser.test.assertEq(1, ip_cookies.length, "ip cookie can be added");
      assertExpected(expectedCookie, ip_cookies[0]);

      ip_cookies = await browser.cookies.getAll({domain: IP_TEST_HOST, name: "name1"});
      browser.test.assertEq(1, ip_cookies.length, "can get ip cookie by host");
      assertExpected(expectedCookie, ip_cookies[0]);

      let ip_details = await browser.cookies.remove({url: IP_TEST_URL, name: "name1"});
      assertExpected({url: IP_TEST_URL, name: "name1", storeId: IP_STORE_ID, firstPartyDomain: ""}, ip_details);

      ip_cookies = await browser.cookies.getAll({name: "name1"});
      browser.test.assertEq(0, ip_cookies.length, "ip cookie can be removed");
    }

    async function openPrivateWindowAndTab(TEST_URL) {
      // Add some random suffix to make sure that we select the right tab.
      const PRIVATE_TEST_URL = TEST_URL + "?random" + Math.random();

      let tabReadyPromise = new Promise((resolve) => {
        browser.webNavigation.onDOMContentLoaded.addListener(function listener({tabId}) {
          browser.webNavigation.onDOMContentLoaded.removeListener(listener);
          resolve(tabId);
        }, {
          url: [{
            urlPrefix: PRIVATE_TEST_URL,
          }],
        });
      });
      // This tab is opened for two purposes:
      // 1. To allow tests to run content scripts in the context of a tab,
      //    for fetching the value of document.cookie.
      // 2. TODO Bug 1309637 To work around cookies in incognito windows,
      //    based on the analysis in comment 8.
      let {id: windowId} = await browser.windows.create({
        incognito: true,
        url: PRIVATE_TEST_URL,
      });
      let tabId = await tabReadyPromise;
      return {windowId, tabId};
    }

    function changePort(href, port) {
      let url = new URL(href);
      url.port = port;
      return url.href;
    }

    await testIpCookie("[2a03:4000:6:310e:216:3eff:fe53:99b]", false);
    await testIpCookie("[2a03:4000:6:310e:216:3eff:fe53:99b]", true);
    await testIpCookie("192.168.1.1", false);
    await testIpCookie("192.168.1.1", true);

    const TEST_URL = "http://example.org/";
    const TEST_SECURE_URL = "https://example.org/";
    const THE_FUTURE = Date.now() + 5 * 60;
    const TEST_PATH = "set_path";
    const TEST_URL_WITH_PATH = TEST_URL + TEST_PATH;
    const TEST_COOKIE_PATH = `/${TEST_PATH}`;
    const STORE_ID = "firefox-default";
    const PRIVATE_STORE_ID = "firefox-private";

    let expected = {
      name: "name1",
      value: "value1",
      domain: "example.org",
      hostOnly: true,
      path: "/",
      secure: false,
      httpOnly: false,
      sameSite: "no_restriction",
      session: false,
      expirationDate: THE_FUTURE,
      storeId: STORE_ID,
      firstPartyDomain: "",
    };

    // Remove all cookies before starting the test.
    await browser.browsingData.removeCookies({});

    let cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", expirationDate: THE_FUTURE});
    assertExpected(expected, cookie);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    assertExpected(expected, cookie);

    let cookies = await browser.cookies.getAll({name: "name1"});
    browser.test.assertEq(1, cookies.length, "one cookie found for matching name");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({domain: "example.org"});
    browser.test.assertEq(1, cookies.length, "one cookie found for matching domain");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({domain: "example.net"});
    browser.test.assertEq(0, cookies.length, "no cookies found for non-matching domain");

    cookies = await browser.cookies.getAll({secure: false});
    browser.test.assertEq(1, cookies.length, "one non-secure cookie found");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({secure: true});
    browser.test.assertEq(0, cookies.length, "no secure cookies found");

    cookies = await browser.cookies.getAll({storeId: STORE_ID});
    browser.test.assertEq(1, cookies.length, "one cookie found for valid storeId");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({storeId: "invalid_id"});
    browser.test.assertEq(0, cookies.length, "no cookies found for invalid storeId");

    let details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    // Ports in cookie URLs should be ignored. Every API call uses a different port number for better coverage.
    cookie = await browser.cookies.set({url: changePort(TEST_URL, 1234), name: "name1", value: "value1", expirationDate: THE_FUTURE});
    assertExpected(expected, cookie);

    cookie = await browser.cookies.get({url: changePort(TEST_URL, 65535), name: "name1"});
    assertExpected(expected, cookie);

    cookies = await browser.cookies.getAll({url: TEST_URL});
    browser.test.assertEq(cookies.length, 1, "Found cookie using getAll without port");
    assertExpected(expected, cookies[0]);

    cookies = await browser.cookies.getAll({url: changePort(TEST_URL, 1)});
    browser.test.assertEq(cookies.length, 1, "Found cookie using getAll with port");
    assertExpected(expected, cookies[0]);

    // .remove should return the URL of the API call, so the port is included in the return value.
    const TEST_URL_TO_REMOVE = changePort(TEST_URL, 1023);
    details = await browser.cookies.remove({url: TEST_URL_TO_REMOVE, name: "name1"});
    assertExpected({url: TEST_URL_TO_REMOVE, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    let stores = await browser.cookies.getAllCookieStores();
    browser.test.assertEq(1, stores.length, "expected number of stores returned");
    browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
    browser.test.assertEq(1, stores[0].tabIds.length, "one tabId returned for store");
    browser.test.assertEq("number", typeof stores[0].tabIds[0], "tabId is a number");

    // TODO bug 1372178: Opening private windows/tabs is not supported on Android
    if (browser.windows) {
      let {windowId} = await openPrivateWindowAndTab(TEST_URL);
      let stores = await browser.cookies.getAllCookieStores();

      browser.test.assertEq(2, stores.length, "expected number of stores returned");
      browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
      browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for store");
      browser.test.assertEq(PRIVATE_STORE_ID, stores[1].id, "expected private store id returned");
      browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for private store");

      await browser.windows.remove(windowId);
    }

    cookie = await browser.cookies.set({url: TEST_URL, name: "name2", domain: ".example.org", expirationDate: THE_FUTURE});
    browser.test.assertEq(false, cookie.hostOnly, "cookie is not a hostOnly cookie");

    details = await browser.cookies.remove({url: TEST_URL, name: "name2"});
    assertExpected({url: TEST_URL, name: "name2", storeId: STORE_ID, firstPartyDomain: ""}, details);

    // Create a session cookie.
    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1"});
    browser.test.assertEq(true, cookie.session, "session cookie set");

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(true, cookie.session, "got session cookie");

    cookies = await browser.cookies.getAll({session: true});
    browser.test.assertEq(1, cookies.length, "one session cookie found");
    browser.test.assertEq(true, cookies[0].session, "found session cookie");

    cookies = await browser.cookies.getAll({session: false});
    browser.test.assertEq(0, cookies.length, "no non-session cookies found");

    details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    cookie = await browser.cookies.set({url: TEST_SECURE_URL, name: "name1", value: "value1", secure: true});
    browser.test.assertEq(true, cookie.secure, "secure cookie set");

    cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
    browser.test.assertEq(true, cookie.session, "got secure cookie");

    cookies = await browser.cookies.getAll({secure: true});
    browser.test.assertEq(1, cookies.length, "one secure cookie found");
    browser.test.assertEq(true, cookies[0].secure, "found secure cookie");

    cookies = await browser.cookies.getAll({secure: false});
    browser.test.assertEq(0, cookies.length, "no non-secure cookies found");

    details = await browser.cookies.remove({url: TEST_SECURE_URL, name: "name1"});
    assertExpected({url: TEST_SECURE_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.get({url: TEST_SECURE_URL, name: "name1"});
    browser.test.assertEq(null, cookie, "removed cookie not found");

    cookie = await browser.cookies.set({url: TEST_URL_WITH_PATH, path: TEST_COOKIE_PATH, name: "name1", value: "value1", expirationDate: THE_FUTURE});
    browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "created cookie with path");

    cookie = await browser.cookies.get({url: TEST_URL_WITH_PATH, name: "name1"});
    browser.test.assertEq(TEST_COOKIE_PATH, cookie.path, "got cookie with path");

    cookies = await browser.cookies.getAll({path: TEST_COOKIE_PATH});
    browser.test.assertEq(1, cookies.length, "one cookie with path found");
    browser.test.assertEq(TEST_COOKIE_PATH, cookies[0].path, "found cookie with path");

    cookie = await browser.cookies.get({url: TEST_URL + "invalid_path", name: "name1"});
    browser.test.assertEq(null, cookie, "get with invalid path returns null");

    cookies = await browser.cookies.getAll({path: "/invalid_path"});
    browser.test.assertEq(0, cookies.length, "getAll with invalid path returns 0 cookies");

    details = await browser.cookies.remove({url: TEST_URL_WITH_PATH, name: "name1"});
    assertExpected({url: TEST_URL_WITH_PATH, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: true});
    browser.test.assertEq(true, cookie.httpOnly, "httpOnly cookie set");

    cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", httpOnly: false});
    browser.test.assertEq(false, cookie.httpOnly, "non-httpOnly cookie set");

    details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
    assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID, firstPartyDomain: ""}, details);

    cookie = await browser.cookies.set({url: TEST_URL});
    browser.test.assertEq("", cookie.name, "default name set");
    browser.test.assertEq("", cookie.value, "default value set");
    browser.test.assertEq(true, cookie.session, "no expiry date created session cookie");

    // TODO bug 1372178: Opening private windows/tabs is not supported on Android
    if (browser.windows) {
      let {tabId, windowId} = await openPrivateWindowAndTab(TEST_URL);

      browser.test.assertEq("", await getDocumentCookie(tabId), "initially no cookie");

      let cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "private", expirationDate: THE_FUTURE, storeId: PRIVATE_STORE_ID});
      browser.test.assertEq("private", cookie.value, "set the private cookie");

      cookie = await browser.cookies.set({url: TEST_URL, name: "store", value: "default", expirationDate: THE_FUTURE, storeId: STORE_ID});
      browser.test.assertEq("default", cookie.value, "set the default cookie");

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      browser.test.assertEq("private", cookie.value, "get the private cookie");
      browser.test.assertEq(PRIVATE_STORE_ID, cookie.storeId, "get the private cookie storeId");

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
      browser.test.assertEq("default", cookie.value, "get the default cookie");
      browser.test.assertEq(STORE_ID, cookie.storeId, "get the default cookie storeId");

      browser.test.assertEq("store=private", await getDocumentCookie(tabId), "private document.cookie should be set");

      let details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: STORE_ID});
      assertExpected({url: TEST_URL, name: "store", storeId: STORE_ID, firstPartyDomain: ""}, details);

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
      browser.test.assertEq(null, cookie, "deleted the default cookie");

      details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      assertExpected({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID, firstPartyDomain: ""}, details);

      cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
      browser.test.assertEq(null, cookie, "deleted the private cookie");

      browser.test.assertEq("", await getDocumentCookie(tabId), "private document.cookie should be removed");

      await browser.windows.remove(windowId);
    }

    browser.test.notifyPass("cookies");
  }

  let extension = ExtensionTestUtils.loadExtension({
    incognitoOverride: "spanning",
    background,
    manifest: {
      permissions: ["cookies", "*://example.org/", "*://[2a03:4000:6:310e:216:3eff:fe53:99b]/", "*://192.168.1.1/", "webNavigation", "browsingData"],
    },
  });

  await extension.startup();
  await extension.awaitFinish("cookies");
  await extension.unload();
});

</script>

</body>
</html>