Validate cookie name (#278)

Validate cookie name passes go's isCookieNameValid check
2016-07-19 20:51:25 +01:00 · 2016-07-19 20:51:25 +01:00 · c015075996
parent 17f412e407
commit c015075996
2 changed files with 25 additions and 0 deletions
--- a/options.go
+++ b/options.go
@ -4,6 +4,7 @@ import (
 	"crypto"
 	"encoding/base64"
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"regexp"
@ -200,6 +201,7 @@ func (o *Options) Validate() error {
 	}

 	msgs = parseSignatureKey(o, msgs)
+	msgs = validateCookieName(o, msgs)

 	if len(msgs) != 0 {
 		return fmt.Errorf("Invalid configuration:\n  %s",
@ -261,6 +263,14 @@ func parseSignatureKey(o *Options, msgs []string) []string {
 	return msgs
 }

+func validateCookieName(o *Options, msgs []string) []string {
+	cookie := &http.Cookie{Name: o.CookieName}
+	if cookie.String() == "" {
+		return append(msgs, fmt.Sprintf("invalid cookie name: %q", o.CookieName))
+	}
+	return msgs
+}
+
 func addPadding(secret string) string {
 	padding := len(secret) % 4
 	switch padding {
--- a/options_test.go
+++ b/options_test.go
@ -2,6 +2,7 @@ package main

 import (
 	"crypto"
+	"fmt"
 	"net/url"
 	"strings"
 	"testing"
@ -216,3 +217,17 @@ func TestValidateSignatureKeyUnsupportedAlgorithm(t *testing.T) {
 	assert.Equal(t, err.Error(), "Invalid configuration:\n"+
 		"  unsupported signature hash algorithm: "+o.SignatureKey)
 }
+
+func TestValidateCookie(t *testing.T) {
+	o := testOptions()
+	o.CookieName = "_valid_cookie_name"
+	assert.Equal(t, nil, o.Validate())
+}
+
+func TestValidateCookieBadName(t *testing.T) {
+	o := testOptions()
+	o.CookieName = "_bad_cookie_name{}"
+	err := o.Validate()
+	assert.Equal(t, err.Error(), "Invalid configuration:\n"+
+		fmt.Sprintf("  invalid cookie name: %q", o.CookieName))
+}