diff options
| author | Kamil Kisiel <kamil@kamilkisiel.net> | 2015-03-27 18:58:05 +0300 |
|---|---|---|
| committer | Kamil Kisiel <kamil@kamilkisiel.net> | 2015-03-27 18:58:05 +0300 |
| commit | 8e98dd730fc43f1383f19615db6f2e702c9738e8 (patch) | |
| tree | 17bb032ea5d4d152aec5c852bfd09539dbd7bea1 | |
| parent | ab638a3cc27c77beedde96fd004f6c65b7d35211 (diff) | |
| parent | 2e358078af96ec4fe5b962482254f80aabc35f64 (diff) | |
Merge pull request #19 from dchest/testinvalid
Add test for decoding some invalid cookies.
| -rw-r--r-- | securecookie_test.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/securecookie_test.go b/securecookie_test.go index 381320d..241ff10 100644 --- a/securecookie_test.go +++ b/securecookie_test.go @@ -8,6 +8,7 @@ import ( "crypto/aes" "crypto/hmac" "crypto/sha256" + "encoding/base64" "errors" "fmt" "strings" @@ -66,6 +67,27 @@ func TestSecureCookie(t *testing.T) { } } +func TestDecodeInvalid(t *testing.T) { + // List of invalid cookies, which must not be accepted, base64-decoded + // (they will be encoded before passing to Decode). + invalidCookies := []string{ + "", + " ", + "\n", + "||", + "|||", + "cookie", + } + s := New([]byte("12345"), nil) + var dst string + for i, v := range invalidCookies { + err := s.Decode("name", base64.StdEncoding.EncodeToString([]byte(v)), &dst) + if err == nil { + t.Fatalf("%d: expected failure decoding", i) + } + } +} + func TestAuthentication(t *testing.T) { hash := hmac.New(sha256.New, []byte("secret-key")) for _, value := range testStrings { |