src/couch/test/eunit/same_site_cookie_tests.erl

% Licensed under the Apache License, Version 2.0 (the "License"); you may not
% use this file except in compliance with the License. You may obtain a copy of
% the License at
%
%   http://www.apache.org/licenses/LICENSE-2.0
%
% Unless required by applicable law or agreed to in writing, software
% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
% License for the specific language governing permissions and limitations under
% the License.

-module(same_site_cookie_tests).

-include_lib("couch/include/couch_eunit.hrl").
-include_lib("couch/include/couch_db.hrl").

-define(USER, "jan").
-define(PASS, "apple").

-define(PERSIST, false).

setup() ->
    Hashed = couch_passwords:hash_admin_password(?PASS),
    ok = config:set("admins", ?USER, ?b2l(Hashed), ?PERSIST),
    Addr = config:get("httpd", "bind_address", "127.0.0.1"),
    Port = integer_to_list(mochiweb_socket_server:get(couch_httpd, port)),
    "http://" ++ Addr ++ ":" ++ Port.

teardown(_BaseUri) ->
    ok = config:delete("couch_httpd_auth", "same_site", ?PERSIST),
    ok = config:delete("admins", ?USER, ?PERSIST).

get_cookie(BaseUri, User, Password) ->
    {ok, _, Headers, _} = test_request:post(
        BaseUri ++ "/_session",
        [{"Content-Type", "application/json"}],
        couch_util:json_encode(#{username => ?l2b(User), password => ?l2b(Password)})
    ),
    proplists:get_value("Set-Cookie", Headers).

same_site_cookie_test_() ->
    {
        "same-site cookie tests",
        {
            setup,
            fun test_util:start_couch/0,
            fun test_util:stop_couch/1,
            {
                foreach,
                fun setup/0,
                fun teardown/1,
                [
                    ?TDEF_FE(same_site_none),
                    ?TDEF_FE(same_site_missing),
                    ?TDEF_FE(same_site_strict),
                    ?TDEF_FE(same_site_lax),
                    ?TDEF_FE(same_site_invalid)
                ]
            }
        }
    }.

same_site_none(BaseUri) ->
    ok = config:set("couch_httpd_auth", "same_site", "None", ?PERSIST),
    Cookie = get_cookie(BaseUri, ?USER, ?PASS),
    ?assertNotEqual(nomatch, string:find(Cookie, "; SameSite=None")).

same_site_missing(BaseUri) ->
    ok = config:set("couch_httpd_auth", "same_site", "", ?PERSIST),
    Cookie = get_cookie(BaseUri, ?USER, ?PASS),
    ?assertNotEqual(undefined, Cookie),
    ?assertEqual(nomatch, string:find(Cookie, "; SameSite=")).

same_site_strict(BaseUri) ->
    ok = config:set("couch_httpd_auth", "same_site", "Strict", ?PERSIST),
    Cookie = get_cookie(BaseUri, ?USER, ?PASS),
    ?assertNotEqual(nomatch, string:find(Cookie, "; SameSite=Strict")).

same_site_lax(BaseUri) ->
    ok = config:set("couch_httpd_auth", "same_site", "Lax", ?PERSIST),
    Cookie = get_cookie(BaseUri, ?USER, ?PASS),
    ?assertNotEqual(nomatch, string:find(Cookie, "; SameSite=Lax")).

same_site_invalid(BaseUri) ->
    ok = config:set("couch_httpd_auth", "same_site", "Invalid", ?PERSIST),
    Cookie = get_cookie(BaseUri, ?USER, ?PASS),
    ?assertEqual(nomatch, string:find(Cookie, "; SameSite=")).