[Pkg-javascript-commits] [node-cookies] 02/06: Imported Upstream version 0.5.0
Andrew Kelley
andrewrk-guest at moszumanska.debian.org
Tue Sep 9 17:10:08 UTC 2014
This is an automated email from the git hooks/post-receive script.
andrewrk-guest pushed a commit to branch master
in repository node-cookies.
commit d033882390ed149715d6983f2835699e88bd79fc
Author: Andrew Kelley <superjoe30 at gmail.com>
Date: Tue Sep 9 17:04:10 2014 +0000
Imported Upstream version 0.5.0
---
.npmignore | 2 +
.travis.yml | 9 ++-
History.md | 53 ++++++++++++++-
README.md | 5 +-
lib/cookies.js | 16 ++++-
package.json | 26 +++-----
test/express.js | 197 +++++++++++++++++++++++++++++++++++++-------------------
test/http.js | 144 +++++++++++++++++++++--------------------
test/restify.js | 55 ++++++++++------
9 files changed, 325 insertions(+), 182 deletions(-)
diff --git a/.npmignore b/.npmignore
new file mode 100644
index 0000000..ac0bfb9
--- /dev/null
+++ b/.npmignore
@@ -0,0 +1,2 @@
+test/
+.travis.yml
diff --git a/.travis.yml b/.travis.yml
index 61fec9a..65cf4bc 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,9 @@
language: node_js
node_js:
- - 0.10
- - 0.8
+ - "0.8"
+ - "0.10"
+ - "0.11"
+matrix:
+ allow_failures:
+ - node_js: "0.11"
+ fast_finish: true
diff --git a/History.md b/History.md
index 4663729..9fbdaac 100644
--- a/History.md
+++ b/History.md
@@ -1,5 +1,56 @@
+0.5.0 / 2014-07-27
+==================
+
+ * Integrate with `req.protocol` for secure cookies
+ * Support `maxAge` as well as `maxage`
+
+0.4.1 / 2014-05-07
+==================
+
+ * Update package for repo move
0.4.0 / 2014-01-31
==================
- * added: allow passing an array of strings as keys
+ * Allow passing an array of strings as keys
+
+0.3.8-0.2.0
+===========
+
+ * TODO: write down history for these releases
+
+0.1.6 / 2011-03-01
+==================
+
+ * SSL cookies secure by default
+ * Use httpOnly by default unless explicitly false
+
+0.1.5 / 2011-02-26
+==================
+
+ * Delete sig cookie if signed cookie is deleted
+
+0.1.4 / 2011-02-26
+==================
+
+ * Always set path
+
+0.1.3 / 2011-02-26
+==================
+
+ * Add sensible defaults for path
+
+0.1.2 / 2011-02-26
+==================
+
+ * Inherit cookie properties to signature cookie
+
+0.1.1 / 2011-02-25
+==================
+
+ * Readme updates
+
+0.1.0 / 2011-02-25
+==================
+
+ * Initial release
diff --git a/README.md b/README.md
index 32311f7..951a377 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,8 @@
Cookies
=======
-[](http://travis-ci.org/expressjs/cookies)
+[](https://badge.fury.io/js/cookies)
+[](https://travis-ci.org/expressjs/cookies)
Cookies is a [node.js](http://nodejs.org/) module for getting and setting HTTP(S) cookies. Cookies can be signed to prevent tampering, using [Keygrip](https://github.com/expressjs/keygrip). It can be used with the built-in node.js HTTP library, or as Connect/Express middleware.
@@ -55,7 +56,7 @@ If the _value_ is omitted, an outbound header with an expired date is used to de
If the _options_ object is provided, it will be used to generate the outbound cookie header as follows:
-* `maxage`: a number representing the milliseconds from `Date.now()` for expiry
+* `maxAge`: a number representing the milliseconds from `Date.now()` for expiry
* `expires`: a `Date` object indicating the cookie's expiration date (expires at the end of session by default).
* `path`: a string indicating the path of the cookie (`/` by default).
* `domain`: a string indicating the domain of the cookie (no default).
diff --git a/lib/cookies.js b/lib/cookies.js
index c1b615b..6f67a36 100644
--- a/lib/cookies.js
+++ b/lib/cookies.js
@@ -51,13 +51,15 @@ Cookies.prototype = {
var res = this.response
, req = this.request
, headers = res.getHeader("Set-Cookie") || []
- , secure = req.connection.encrypted
+ , secure = req.protocol === 'https' || req.connection.encrypted
, cookie = new Cookie(name, value, opts)
, signed = opts && opts.signed !== undefined ? opts.signed : !!this.keys
if (typeof headers == "string") headers = [headers]
- if (!secure && opts && opts.secure) throw new Error("Cannot send secure cookie over unencrypted socket")
+ if (!secure && opts && opts.secure) {
+ throw new Error('Cannot send secure cookie over unencrypted connection')
+ }
cookie.secure = secure
if (opts && "secure" in opts) cookie.secure = opts.secure
@@ -101,7 +103,7 @@ Cookie.prototype = {
toHeader: function() {
var header = this.toString()
- if (this.maxage) this.expires = new Date(Date.now() + this.maxage);
+ if (this.maxAge) this.expires = new Date(Date.now() + this.maxAge);
if (this.path ) header += "; path=" + this.path
if (this.expires ) header += "; expires=" + this.expires.toUTCString()
@@ -113,6 +115,14 @@ Cookie.prototype = {
}
}
+// back-compat so maxage mirrors maxAge
+Object.defineProperty(Cookie.prototype, 'maxage', {
+ configurable: true,
+ enumerable: true,
+ get: function () { return this.maxAge },
+ set: function (val) { return this.maxAge = val }
+});
+
function getPattern(name) {
if (cache[name]) return cache[name]
diff --git a/package.json b/package.json
index a22113d..4b9e498 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "cookies",
- "version": "0.4.1",
+ "version": "0.5.0",
"description": "Cookies, optionally signed using Keygrip.",
"main": "./lib/cookies",
"dependencies": {
@@ -8,25 +8,17 @@
},
"devDependencies": {
"express": "*",
- "restify": "*"
+ "restify": "*",
+ "supertest": "0",
+ "mocha": "1"
},
- "licenses": [
- {
- "type": "MIT",
- "url": "https://raw.github.com/expressjs/cookies/master/LICENSE.txt"
- }
- ],
"engines": {
- "node": ">= 0.6.0"
+ "node": ">= 0.8.0"
},
+ "license": "MIT",
"author": "Jed Schmidt <tr at nslator.jp> (http://jed.is)",
- "homepage": "https://github.com/expressjs/cookies",
- "repository": {
- "type": "git",
- "url": "git://github.com/expressjs/cookies.git"
- },
+ "repository": "expressjs/cookies",
"scripts": {
- "test": "node ./test/http.js && node ./test/express.js && node ./test/restify.js"
- },
- "optionalDependencies": {}
+ "test": "mocha --reporter spec"
+ }
}
diff --git a/test/express.js b/test/express.js
index af00870..b3e8f64 100644
--- a/test/express.js
+++ b/test/express.js
@@ -1,80 +1,141 @@
-#!/usr/bin/env node
var assert = require( "assert" )
, express = require( "express" )
, http = require( "http" )
, keys = require( "keygrip" )(['a', 'b'])
, cookies = require( "../" ).express
- , options = { host: "localhost", port: 8000, path: "/set" }
- , app = express.createServer()
-
-app.use( cookies( keys ) )
-
-app.get( "/set", function(req, res) {
- res.cookies
- // set a regular cookie
- .set( "unsigned", "foo", { signed:false, httpOnly: false } )
-
- // set a signed cookie
- .set( "signed", "bar", { signed: true } )
-
- // mimic a signed cookie, but with a bogus signature
- .set( "tampered", "baz" )
- .set( "tampered.sig", "bogus" )
-
- // set a cookie that will be overwritten
- .set( "overwrite", "old-value", { signed: true } )
- .set( "overwrite", "new-value", { overwrite: true, signed: true } )
-
- res.writeHead(302, {Location: "/"})
- res.end()
-})
-
-app.get("/", function(req, res) {
- var unsigned = req.cookies.get( "unsigned" )
- , signed = req.cookies.get( "signed", { signed: true } )
- , tampered = req.cookies.get( "tampered", { signed: true } )
- , overwrite = req.cookies.get( "overwrite", { signed: true } )
-
- assert.equal( unsigned, "foo" )
- assert.equal( req.cookies.get( "unsigned.sig", { signed:false } ), undefined)
- assert.equal( signed, "bar" )
- assert.equal( req.cookies.get( "signed.sig", { signed: false } ), keys.sign('signed=bar') )
- assert.notEqual( tampered, "baz" )
- assert.equal( tampered, undefined )
- assert.equal( overwrite, "new-value" )
- assert.equal( req.cookies.get( "overwrite.sig", { signed:false } ), keys.sign('overwrite=new-value') )
-
- assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
-
- res.send(
- "unsigned expected: foo\n" +
- "unsigned actual: " + unsigned + "\n\n" +
- "signed expected: bar\n" +
- "signed actual: " + signed + "\n\n" +
- "tampered expected: undefined\n"+
- "tampered: " + tampered + "\n"
- )
-})
-
-var server = require('http').createServer(app);
-
-server.listen( 8000 )
+ , request = require('supertest')
+
+describe('Express', function () {
+ var server
+ var header
+
+ before(function setup() {
+ var app = express()
+
+ app.use( cookies( keys ) )
+
+ app.get( "/set", function(req, res) {
+ res.cookies
+ // set a regular cookie
+ .set( "unsigned", "foo", { signed:false, httpOnly: false } )
+
+ // set a signed cookie
+ .set( "signed", "bar", { signed: true } )
+
+ // mimic a signed cookie, but with a bogus signature
+ .set( "tampered", "baz" )
+ .set( "tampered.sig", "bogus" )
+
+ // set a cookie that will be overwritten
+ .set( "overwrite", "old-value", { signed: true } )
+ .set( "overwrite", "new-value", { overwrite: true, signed: true } )
+
+ res.writeHead(302, {Location: "/"})
+ res.end()
+ })
+
+ app.get("/", function(req, res) {
+ var unsigned = req.cookies.get( "unsigned" )
+ , signed = req.cookies.get( "signed", { signed: true } )
+ , tampered = req.cookies.get( "tampered", { signed: true } )
+ , overwrite = req.cookies.get( "overwrite", { signed: true } )
+
+ assert.equal( unsigned, "foo" )
+ assert.equal( req.cookies.get( "unsigned.sig", { signed:false } ), undefined)
+ assert.equal( signed, "bar" )
+ assert.equal( req.cookies.get( "signed.sig", { signed: false } ), keys.sign('signed=bar') )
+ assert.notEqual( tampered, "baz" )
+ assert.equal( tampered, undefined )
+ assert.equal( overwrite, "new-value" )
+ assert.equal( req.cookies.get( "overwrite.sig", { signed:false } ), keys.sign('overwrite=new-value') )
+
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
+
+ res.send(
+ "unsigned expected: foo\n" +
+ "unsigned actual: " + unsigned + "\n\n" +
+ "signed expected: bar\n" +
+ "signed actual: " + signed + "\n\n" +
+ "tampered expected: undefined\n"+
+ "tampered: " + tampered + "\n"
+ )
+ })
+
+ server = require('http').createServer(app).listen()
+ })
-http.get( options, function( res ) {
- var header = res.headers[ "set-cookie" ]
- , body = ""
+ it('should set cookies', function (done) {
+ request(server)
+ .get('/set')
+ .expect(302, function (err, res) {
+ if (err) return done(err)
- console.log( "\ncookies set:", header )
- console.log( "\n============\n" )
- assert.equal(header.length, 7)
+ header = res.headers['set-cookie']
+ assert.equal(header.length, 7)
+ done()
+ })
+ })
- options.path = res.headers[ "Location" ]
- options.headers = { "Cookie": header.join(";") }
+ it('should get cookies', function (done) {
+ request(server)
+ .get('/')
+ .set('Cookie', header.join(';'))
+ .expect(200, done)
+ })
- http.get( options, function( res ) {
- res.on( "data", function( chunk ){ body += chunk } )
- res.on( "end", function(){ console.log( body ) })
- server.close()
+ describe('when "secure: true"', function () {
+ it('should not set when not secure', function (done) {
+ var app = express()
+
+ app.set('env', 'test')
+ app.use(cookies(keys))
+ app.use(function (req, res) {
+ res.cookies.set('foo', 'bar', {secure: true})
+ res.end()
+ })
+
+ request(app)
+ .get('/')
+ .expect(500, /Cannot send secure cookie over unencrypted connection/, done)
+ })
+
+ it('should set for secure connection', function (done) {
+ var app = express()
+
+ app.set('env', 'test')
+ app.use(cookies(keys))
+ app.use(function (req, res, next) {
+ res.connection.encrypted = true
+ next()
+ })
+ app.use(function (req, res) {
+ res.cookies.set('foo', 'bar', {secure: true})
+ res.end()
+ })
+
+ request(app)
+ .get('/')
+ .expect('Set-Cookie', /foo=bar.*secure/i)
+ .expect(200, done)
+ })
+
+ it('should set for proxy settings', function (done) {
+ var app = express()
+
+ app.set('env', 'test')
+ app.set('trust proxy', true)
+ app.use(cookies(keys))
+ app.use(function (req, res) {
+ res.cookies.set('foo', 'bar', {secure: true})
+ res.end()
+ })
+
+ request(app)
+ .get('/')
+ .set('X-Forwarded-Proto', 'https')
+ .expect('Set-Cookie', /foo=bar.*secure/i)
+ .expect(200, done)
+ })
})
})
diff --git a/test/http.js b/test/http.js
index 5d1f4f3..cbb2d50 100644
--- a/test/http.js
+++ b/test/http.js
@@ -1,79 +1,83 @@
-#!/usr/bin/env node
var assert = require( "assert" )
, http = require( "http" )
, keys = require( "keygrip" )(['a', 'b'])
, Cookies = require( "../" )
- , options = { host: "localhost", port: 8000, path: "/set" }
- , server
-
-server = http.createServer( function( req, res ) {
- var cookies = new Cookies( req, res, keys )
- , unsigned, signed, tampered, overwrite
-
- if ( req.url == "/set" ) {
- cookies
- // set a regular cookie
- .set( "unsigned", "foo", { signed:false, httpOnly: false } )
-
- // set a signed cookie
- .set( "signed", "bar", { signed: true } )
-
- // mimic a signed cookie, but with a bogus signature
- .set( "tampered", "baz" )
- .set( "tampered.sig", "bogus" )
-
- // set a cookie that will be overwritten
- .set( "overwrite", "old-value", { signed: true } )
- .set( "overwrite", "new-value", { overwrite: true, signed: true } )
-
- res.writeHead( 302, { "Location": "/" } )
- return res.end( "Now let's check." )
- }
-
- unsigned = cookies.get( "unsigned" )
- signed = cookies.get( "signed", { signed: true } )
- tampered = cookies.get( "tampered", { signed: true } )
- overwrite = cookies.get( "overwrite", { signed: true } )
-
- assert.equal( unsigned, "foo" )
- assert.equal( cookies.get( "unsigned.sig", { signed:false } ), undefined)
- assert.equal( signed, "bar" )
- assert.equal( cookies.get( "signed.sig", { signed: false } ), keys.sign('signed=bar') )
- assert.notEqual( tampered, "baz" )
- assert.equal( tampered, undefined )
- assert.equal( overwrite, "new-value" )
- assert.equal( cookies.get( "overwrite.sig", { signed:false } ), keys.sign('overwrite=new-value') )
-
- assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
-
- res.writeHead( 200, { "Content-Type": "text/plain" } )
- res.end(
- "unsigned expected: foo\n" +
- "unsigned actual: " + unsigned + "\n\n" +
- "signed expected: bar\n" +
- "signed actual: " + signed + "\n\n" +
- "tampered expected: undefined\n"+
- "tampered: " + tampered + "\n"
- )
-})
-
-server.listen( 8000 )
-
-http.get( options, function( res ) {
- var cookies = res.headers[ "set-cookie" ]
- , body = ""
+ , request = require('supertest')
+
+describe('HTTP', function () {
+ var server
+ var header
+
+ before(function setup() {
+ server = http.createServer( function( req, res ) {
+ var cookies = new Cookies( req, res, keys )
+ , unsigned, signed, tampered, overwrite
+
+ if ( req.url == "/set" ) {
+ cookies
+ // set a regular cookie
+ .set( "unsigned", "foo", { signed:false, httpOnly: false } )
+
+ // set a signed cookie
+ .set( "signed", "bar", { signed: true } )
+
+ // mimic a signed cookie, but with a bogus signature
+ .set( "tampered", "baz" )
+ .set( "tampered.sig", "bogus" )
+
+ // set a cookie that will be overwritten
+ .set( "overwrite", "old-value", { signed: true } )
+ .set( "overwrite", "new-value", { overwrite: true, signed: true } )
+
+ res.writeHead( 302, { "Location": "/" } )
+ return res.end( "Now let's check." )
+ }
+
+ unsigned = cookies.get( "unsigned" )
+ signed = cookies.get( "signed", { signed: true } )
+ tampered = cookies.get( "tampered", { signed: true } )
+ overwrite = cookies.get( "overwrite", { signed: true } )
+
+ assert.equal( unsigned, "foo" )
+ assert.equal( cookies.get( "unsigned.sig", { signed:false } ), undefined)
+ assert.equal( signed, "bar" )
+ assert.equal( cookies.get( "signed.sig", { signed: false } ), keys.sign('signed=bar') )
+ assert.notEqual( tampered, "baz" )
+ assert.equal( tampered, undefined )
+ assert.equal( overwrite, "new-value" )
+ assert.equal( cookies.get( "overwrite.sig", { signed:false } ), keys.sign('overwrite=new-value') )
+
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
+
+ res.writeHead( 200, { "Content-Type": "text/plain" } )
+ res.end(
+ "unsigned expected: foo\n" +
+ "unsigned actual: " + unsigned + "\n\n" +
+ "signed expected: bar\n" +
+ "signed actual: " + signed + "\n\n" +
+ "tampered expected: undefined\n"+
+ "tampered: " + tampered + "\n"
+ )
+ }).listen()
+ })
- console.log( "\ncookies set:", cookies )
- console.log( "\n============\n" )
- assert.equal(cookies.length, 7)
+ it('should set cookies', function (done) {
+ request(server)
+ .get('/set')
+ .expect(302, function (err, res) {
+ if (err) return done(err)
- options.path = res.headers[ "location" ]
- options.headers = { "Cookie": cookies.join(";") }
+ header = res.headers['set-cookie']
+ assert.equal(header.length, 7)
+ done()
+ })
+ })
- http.get( options, function( res ) {
- res.on( "data", function( chunk ){ body += chunk } )
- res.on( "end", function(){ console.log( body ) })
- server.close()
+ it('should get cookies', function (done) {
+ request(server)
+ .get('/')
+ .set('Cookie', header.join(';'))
+ .expect(200, done)
})
-})
\ No newline at end of file
+})
diff --git a/test/restify.js b/test/restify.js
index 6d5699e..5fdaa02 100644
--- a/test/restify.js
+++ b/test/restify.js
@@ -2,29 +2,46 @@ var assert = require('assert'),
restify = require('restify'),
keys = require('keygrip')(['a', 'b']),
http = require('http'),
- Cookies = require('../')
+ Cookies = require('../'),
+ request = require('supertest')
-var server = restify.createServer()
+describe('Restify', function () {
+ var header
+ var server
-server.get('/set', function (req, res) {
- setCookies(req, res)
- res.json({ status : 'ok'})
-})
+ before(function setup(done) {
+ server = restify.createServer()
-server.get('/get', function (req, res) {
- assertCookies(req, res)
- res.send(200)
-})
+ server.get('/set', function (req, res) {
+ setCookies(req, res)
+ res.json({ status : 'ok'})
+ })
-server.listen(8000, function() {
- http.get({ path: '/set', host: 'localhost', port: 8000 }, function(res) {
- assert.equal(res.statusCode, 200)
- var header = res.headers['set-cookie']
- assertSetCookieHeader(header)
- http.get({ path: '/get', host: 'localhost', port: 8000, headers: { 'Cookie': header.join(';') } }, function(res) {
- assert.equal(res.statusCode, 200)
- server.close()
+ server.get('/get', function (req, res) {
+ assertCookies(req, res)
+ res.send(200)
})
+
+ server.listen(done)
+ })
+
+ it('should set cookies', function (done) {
+ request(server)
+ .get('/set')
+ .expect(200, function (err, res) {
+ if (err) return done(err)
+
+ header = res.headers['set-cookie']
+ assertSetCookieHeader(header)
+ done()
+ })
+ })
+
+ it('should get cookies', function (done) {
+ request(server)
+ .get('/get')
+ .set('Cookie', header.join(';'))
+ .expect(200, done)
})
})
@@ -66,4 +83,4 @@ function assertSetCookieHeader(header) {
assert.equal(header[4], 'tampered.sig=bogus; path=/; httponly')
assert.equal(header[5], 'overwrite=new-value; path=/; httponly')
assert.ok(/^overwrite\.sig=.{27}; path=\/; httponly$/.test(header[6]))
-}
\ No newline at end of file
+}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-cookies.git
More information about the Pkg-javascript-commits
mailing list