From 4a35ff7b772a32f0124ce0f055d836a19f0f796c Mon Sep 17 00:00:00 2001 From: jvelilla Date: Fri, 13 Mar 2015 17:41:48 -0300 Subject: [PATCH] Updated code based on Jocelyn's comments. --- .../network/protocol/http/src/http_cookie.e | 78 ++++++++++++------- .../http/tests/http_cookie_test_set.e | 18 ++--- 2 files changed, 60 insertions(+), 36 deletions(-) diff --git a/library/network/protocol/http/src/http_cookie.e b/library/network/protocol/http/src/http_cookie.e index 4dddd775..92503db3 100644 --- a/library/network/protocol/http/src/http_cookie.e +++ b/library/network/protocol/http/src/http_cookie.e @@ -3,7 +3,7 @@ note This class represents the value of a HTTP cookie, transferred in a request. The class has features to build an HTTP cookie. - Following a newer RFC standard for Cookies RCF6265. + Following a newer RFC standard for Cookies http://tools.ietf.org/html/rfc6265 Domain * WARNING: Some existing user agents treat an absent Domain attribute as if the Domain attribute were present and contained the current host name. @@ -20,7 +20,7 @@ note ]" date: "$Date$" revision: "$Revision$" - EIS: "name=HTTP Cookie specification", "src=https://httpwg.github.io/specs/rfc6265.html", "protocol=uri" + EIS: "name=HTTP Cookie specification", "src=http://tools.ietf.org/html/rfc6265", "protocol=uri" class HTTP_COOKIE @@ -29,7 +29,7 @@ create feature {NONE} -- Initialization - make (a_name: READABLE_STRING_32; a_value: READABLE_STRING_32) + make (a_name: READABLE_STRING_8; a_value: READABLE_STRING_8) -- Create an object instance of cookie with name `a_name' and value `a_value'. require make_sense: (a_name /= Void and a_value /= Void) and then (not a_name.is_empty and not a_value.is_empty) @@ -45,21 +45,21 @@ feature {NONE} -- Initialization feature -- Access - name: STRING_32 + name: STRING_8 -- name of the cookie. - value: STRING_32 + value: STRING_8 -- value of the cookie. - expiration: detachable STRING + expiration: detachable STRING_8 -- Value of the Expires attribute. - path: detachable STRING_32 + path: detachable STRING_8 -- Value of the Path attribute. -- Path to which the cookie applies. --| The path "/", specify a cookie that apply to all URLs in your site. - domain: detachable STRING_32 + domain: detachable STRING_8 -- Value of the Domain attribute. -- Domain to which the cookies apply. @@ -79,23 +79,22 @@ feature -- Access --| By default max_age < 0 indicate a cookie will last only for the current user-agent (Browser, etc) session. --| A value of 0 instructs the user-agent to delete the cookie. - has_valid_characters (a_name: READABLE_STRING_32):BOOLEAN + has_valid_characters (a_name: READABLE_STRING_GENERAL):BOOLEAN -- Has `a_name' valid characters for cookies? local l_iterator: STRING_ITERATION_CURSOR l_found: BOOLEAN do create l_iterator.make (a_name) - from - l_iterator.start + + across + l_iterator as ic until - l_iterator.after or l_found + l_found loop - if valid_characters.index_of (l_iterator.item.to_character_8, 0) = -1 then + if is_valid_character (ic.item.to_character_8) then Result := False l_found := True - else - l_iterator.forth end end end @@ -110,28 +109,28 @@ feature -- Access feature -- Change Element - set_name (a_name: READABLE_STRING_32) + set_name (a_name: READABLE_STRING_GENERAL) -- Set `name' with `a_name'. do - name := a_name + name := a_name.as_string_8 ensure name_set: name = a_name end - set_value (a_value: READABLE_STRING_32) + set_value (a_value: READABLE_STRING_GENERAL) -- Set `value' with `a_value'. do - value := a_value + value := a_value.as_string_8 ensure value_set: value = a_value end - set_expiration (a_date: READABLE_STRING_32) + set_expiration (a_date: READABLE_STRING_GENERAL) -- Set `expiration' with `a_date' do - expiration := a_date + expiration := a_date.as_string_32 ensure - expiration_set: attached expiration as l_expiration and then l_expiration.same_string (a_date) + expiration_set: attached expiration as l_expiration and then l_expiration.same_string (a_date.as_string_8) end set_expiration_date (a_date: DATE_TIME) @@ -142,22 +141,22 @@ feature -- Change Element expiration_set: attached expiration as l_expiration and then l_expiration.same_string (date_to_rfc1123_http_date_format (a_date)) end - set_path (a_path: READABLE_STRING_32) + set_path (a_path: READABLE_STRING_GENERAL) -- Set `path' with `a_path' do - path := a_path + path := a_path.as_string_8 ensure path_set: path = a_path end - set_domain (a_domain: READABLE_STRING_32) + set_domain (a_domain: READABLE_STRING_GENERAL) -- Set `domain' with `a_domain' -- Note: you should avoid using "localhost" as `domain' for local cookies -- since they are not always handled by browser (for instance Chrome) require domain_without_port_info: a_domain /= Void implies a_domain.index_of (':', 1) = 0 do - domain := a_domain + domain := a_domain.as_string_8 ensure domain_set: domain = a_domain end @@ -236,7 +235,7 @@ feature -- Date Utils feature -- Output - cookie_header: STRING + header_line: STRING -- String representation of Set-Cookie header of current. local s: STRING @@ -307,6 +306,31 @@ feature {NONE} -- Constants Result := ("!#$%%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~").area end + + is_valid_character (c: CHARACTER): BOOLEAN + -- RFC6265 that specifies that the following is valid for characters in cookies. Cookies are also supposed to be double quoted. + -- The following character ranges are valid:http://tools.ietf.org/html/rfc6265#section-4.1.1 + -- %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E + -- 0x21: ! + -- 0x23-2B: #$%&'()*+ + -- 0x2D-3A: -./0123456789: + -- 0x3C-5B: <=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[ + -- 0x5D-7E: ]^_`abcdefghijklmnopqrstuvwxyz{|}~ + note + EIS: "name=valid-characters", "src=http://tools.ietf.org/html/rfc6265#section-4.1.1", "protocol=uri" + do + Result := True + inspect c.natural_32_code + when 0x21 then + when 0x23 .. 0x2B then + when 0x2D .. 0x3A then + when 0x3C .. 0x5B then + when 0x5D .. 0x7E then + else + Result := False + end + end + note copyright: "2011-2015, Jocelyn Fiat, Eiffel Software and others" license: "Eiffel Forum License v2 (see http://www.eiffel.com/licensing/forum.txt)" diff --git a/library/network/protocol/http/tests/http_cookie_test_set.e b/library/network/protocol/http/tests/http_cookie_test_set.e index ab6a8468..55fb1f36 100644 --- a/library/network/protocol/http/tests/http_cookie_test_set.e +++ b/library/network/protocol/http/tests/http_cookie_test_set.e @@ -20,7 +20,7 @@ feature -- Test routines l_cookie: HTTP_COOKIE do create l_cookie.make ("user_id", "u12345") - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1")) end test_cookie_value_with_illegal_characters @@ -46,7 +46,7 @@ feature -- Test routines l_cookie.set_path ("/") l_cookie.set_secure (True) l_cookie.set_http_only (True) - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Expires=Sat, 18 Apr 2015 21:22:05 GMT; Max-Age=-1; Secure; HttpOnly")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Expires=Sat, 18 Apr 2015 21:22:05 GMT; Max-Age=-1; Secure; HttpOnly")) end test_cookie_include_expires @@ -60,7 +60,7 @@ feature -- Test routines l_cookie.set_secure (True) l_cookie.set_http_only (True) l_cookie.mark_expires - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Expires=Sat, 18 Apr 2015 21:22:05 GMT; Secure; HttpOnly")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Expires=Sat, 18 Apr 2015 21:22:05 GMT; Secure; HttpOnly")) end test_cookie_full_include_max_age @@ -74,7 +74,7 @@ feature -- Test routines l_cookie.set_secure (True) l_cookie.set_http_only (True) l_cookie.mark_max_age - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Max-Age=-1; Secure; HttpOnly")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Path=/; Max-Age=-1; Secure; HttpOnly")) end test_cookie_defaults_and_http_only @@ -83,7 +83,7 @@ feature -- Test routines do create l_cookie.make ("user_id", "u12345") l_cookie.set_http_only (True) - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1; HttpOnly")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1; HttpOnly")) end test_cookie_defaults_and_secure @@ -92,7 +92,7 @@ feature -- Test routines do create l_cookie.make ("user_id", "u12345") l_cookie.set_secure (True) - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1; Secure")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Max-Age=-1; Secure")) end @@ -102,7 +102,7 @@ feature -- Test routines do create l_cookie.make ("user_id", "u12345") l_cookie.set_domain ("www.example.com") - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Max-Age=-1")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Domain=www.example.com; Max-Age=-1")) end @@ -112,7 +112,7 @@ feature -- Test routines do create l_cookie.make ("user_id", "u12345") l_cookie.set_path ("/") - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Path=/; Max-Age=-1")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Path=/; Max-Age=-1")) end test_cookie_default_and_custom_max_age @@ -121,7 +121,7 @@ feature -- Test routines do create l_cookie.make ("user_id", "u12345") l_cookie.set_max_age (120) - assert("Expected", l_cookie.cookie_header.same_string ("Set-Cookie: user_id=u12345; Max-Age=120")) + assert("Expected", l_cookie.header_line.same_string ("Set-Cookie: user_id=u12345; Max-Age=120")) end