From 7bb64bc7cf99ac387cd8348d454e7a3bed4de631 Mon Sep 17 00:00:00 2001 From: Lukas Oberhuber Date: Tue, 5 May 2020 17:50:09 +0100 Subject: [PATCH 1/4] Ensure some cookies don't cause failure --- lib/rack/mock.rb | 2 +- test/spec_mock.rb | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/rack/mock.rb b/lib/rack/mock.rb index 5b2512ca0..7e82a7630 100644 --- a/lib/rack/mock.rb +++ b/lib/rack/mock.rb @@ -257,7 +257,7 @@ def identify_cookie_attributes(cookie_filling) cookie_bits.each do |bit| if bit.include? '=' cookie_attribute, attribute_value = bit.split('=') - cookie_attributes.store(cookie_attribute.strip, attribute_value.strip) + cookie_attributes.store(cookie_attribute.strip, attribute_value&.strip) if cookie_attribute.include? 'max-age' cookie_attributes.store('expires', Time.now + attribute_value.strip.to_i) end diff --git a/test/spec_mock.rb b/test/spec_mock.rb index d2311f5a2..631f9ff2c 100644 --- a/test/spec_mock.rb +++ b/test/spec_mock.rb @@ -319,6 +319,12 @@ secure_cookie.expires.must_be_nil end + it "parses cookie headers with equals sign at the end" do + res = Rack::MockRequest.new(->(env) { [200, {"Set-Cookie" => "__cf_bm=_somebase64encodedstringwithequalsatthened=; array=awesome"}, [""]] }).get("") + cookie = res.cookie("__cf_bm") + cookie.value[0].must_equal "_somebase64encodedstringwithequalsatthened=" + end + it "return nil if a non existent cookie is requested" do res = Rack::MockRequest.new(app).get("") res.cookie("i_dont_exist").must_be_nil From 09a60df9bcca42e06399140cfd3ed9329a1106f9 Mon Sep 17 00:00:00 2001 From: Lukas Oberhuber Date: Tue, 5 May 2020 18:07:20 +0100 Subject: [PATCH 2/4] Add to changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b1ea71e5e..2fe8148d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ All notable changes to this project will be documented in this file. For info on ### Fixed - Avoid NoMethodError when accessing Rack::Session::Cookie without requiring delegate first. ([#1610](https://github.com/rack/rack/issues/1610), [@onigra](https://github.com/onigra)) +- Handle cookies with values that end in '=' ([#1645](https://github.com/rack/rack/pull/1645), [@lukaso](https://github.com/lukaso)) ## [2.2.2] - 2020-02-11 From f48f0b8349bee02810d0896946286ad80f3b859a Mon Sep 17 00:00:00 2001 From: Lukas Oberhuber Date: Wed, 6 May 2020 10:44:47 +0100 Subject: [PATCH 3/4] Ignore cookie value and only split on first equals --- lib/rack/mock.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/rack/mock.rb b/lib/rack/mock.rb index 7e82a7630..3f2199a61 100644 --- a/lib/rack/mock.rb +++ b/lib/rack/mock.rb @@ -254,10 +254,10 @@ def identify_cookie_attributes(cookie_filling) cookie_bits = cookie_filling.split(';') cookie_attributes = Hash.new cookie_attributes.store('value', cookie_bits[0].strip) - cookie_bits.each do |bit| + cookie_bits[1..].each do |bit| if bit.include? '=' - cookie_attribute, attribute_value = bit.split('=') - cookie_attributes.store(cookie_attribute.strip, attribute_value&.strip) + cookie_attribute, attribute_value = bit.split('=',2) + cookie_attributes.store(cookie_attribute.strip, attribute_value.strip) if cookie_attribute.include? 'max-age' cookie_attributes.store('expires', Time.now + attribute_value.strip.to_i) end From c17569c098bb5a820d828bb9e16990ab995cb6e6 Mon Sep 17 00:00:00 2001 From: Lukas Oberhuber Date: Fri, 8 May 2020 13:14:25 +0100 Subject: [PATCH 4/4] Use drop instead of endless range Co-authored-by: Aaron Patterson --- lib/rack/mock.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rack/mock.rb b/lib/rack/mock.rb index 3f2199a61..ac0416ed8 100644 --- a/lib/rack/mock.rb +++ b/lib/rack/mock.rb @@ -254,7 +254,7 @@ def identify_cookie_attributes(cookie_filling) cookie_bits = cookie_filling.split(';') cookie_attributes = Hash.new cookie_attributes.store('value', cookie_bits[0].strip) - cookie_bits[1..].each do |bit| + cookie_bits.drop(1).each do |bit| if bit.include? '=' cookie_attribute, attribute_value = bit.split('=',2) cookie_attributes.store(cookie_attribute.strip, attribute_value.strip)