From 2e358078af96ec4fe5b962482254f80aabc35f64 Mon Sep 17 00:00:00 2001
From: Dmitry Chestnykh <dmitry@codingrobots.com>
Date: Fri, 27 Mar 2015 16:48:51 +0100
Subject: Add test for decoding some invalid cookies.

---
 securecookie_test.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/securecookie_test.go b/securecookie_test.go
index 381320d..241ff10 100644
--- a/securecookie_test.go
+++ b/securecookie_test.go
@@ -8,6 +8,7 @@ import (
 	"crypto/aes"
 	"crypto/hmac"
 	"crypto/sha256"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"strings"
@@ -66,6 +67,27 @@ func TestSecureCookie(t *testing.T) {
 	}
 }
 
+func TestDecodeInvalid(t *testing.T) {
+	// List of invalid cookies, which must not be accepted, base64-decoded
+	// (they will be encoded before passing to Decode).
+	invalidCookies := []string{
+		"",
+		" ",
+		"\n",
+		"||",
+		"|||",
+		"cookie",
+	}
+	s := New([]byte("12345"), nil)
+	var dst string
+	for i, v := range invalidCookies {
+		err := s.Decode("name", base64.StdEncoding.EncodeToString([]byte(v)), &dst)
+		if err == nil {
+			t.Fatalf("%d: expected failure decoding", i)
+		}
+	}
+}
+
 func TestAuthentication(t *testing.T) {
 	hash := hmac.New(sha256.New, []byte("secret-key"))
 	for _, value := range testStrings {
-- 
cgit v1.2.3