Merge pull request #484 from jbr/bugfix-parse-cookie-header

🐞 correctly parse multiple values out of the Cookie header
http-rs · May 7, 2020 · 96acc0c · 96acc0c
2 parents b7252dd + f368310
commit 96acc0c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 15 deletions.
diff --git a/src/cookies/middleware.rs b/src/cookies/middleware.rs
@@ -2,7 +2,7 @@ use crate::response::CookieEvent;
 use crate::utils::BoxFuture;
 use crate::{Middleware, Next, Request};
 
-use cookie::CookieJar;
+use cookie::{Cookie, CookieJar};
 use http_types::headers;
 
 use std::sync::{Arc, RwLock};
@@ -77,16 +77,21 @@ pub(crate) struct CookieData {
 
 impl CookieData {
     pub(crate) fn from_request<S>(req: &Request<S>) -> Self {
-        let cookie_jar = req.request.cookies().and_then(|cookies| {
-            let mut jar = CookieJar::new();
-            for cookie in cookies.into_iter() {
-                jar.add_original(cookie.into_owned());
-            }
+        let mut jar = CookieJar::new();
 
-            Ok(jar)
-        });
-        let content = Arc::new(RwLock::new(cookie_jar.unwrap_or_default()));
+        if let Some(cookie_headers) = req.header(&headers::COOKIE) {
+            for cookie_header in cookie_headers {
+                // spec says there should be only one, so this is permissive
+                for pair in cookie_header.as_str().split(";") {
+                    if let Ok(cookie) = Cookie::parse_encoded(String::from(pair)) {
+                        jar.add_original(cookie);
+                    }
+                }
+            }
+        }
 
-        CookieData { content }
+        CookieData {
+            content: Arc::new(RwLock::new(jar)),
+        }
     }
 }
diff --git a/tests/cookies.rs b/tests/cookies.rs
@@ -8,7 +8,11 @@ use tide::{Request, Response, Server, StatusCode};
 static COOKIE_NAME: &str = "testCookie";
 
 async fn retrieve_cookie(cx: Request<()>) -> tide::Result<String> {
-    Ok(cx.cookie(COOKIE_NAME).unwrap().value().to_string())
+    Ok(format!(
+        "{} and also {}",
+        cx.cookie(COOKIE_NAME).unwrap().value(),
+        cx.cookie("secondTestCookie").unwrap().value()
+    ))
 }
 
 async fn set_cookie(_req: Request<()>) -> tide::Result {
@@ -47,8 +51,11 @@ fn make_request(endpoint: &str) -> http_types::Response {
         http_types::Method::Get,
         format!("http://example.com{}", endpoint).parse().unwrap(),
     );
-    req.insert_header(http_types::headers::COOKIE, "testCookie=RequestCookieValue")
-        .unwrap();
+    req.insert_header(
+        http_types::headers::COOKIE,
+        "testCookie=RequestCookieValue; secondTestCookie=Other%3BCookie%20Value",
+    )
+    .unwrap();
 
     server.simulate(req).unwrap()
 }
@@ -61,10 +68,10 @@ fn successfully_retrieve_request_cookie() {
     let body = block_on(async move {
         let mut buffer = Vec::new();
         res.read_to_end(&mut buffer).await.unwrap();
-        buffer
+        String::from_utf8(buffer).unwrap()
     });
 
-    assert_eq!(&*body, &*b"RequestCookieValue");
+    assert_eq!(&body, "RequestCookieValue and also Other;Cookie Value");
 }
 
 #[test]