在尝试测试以下代码时:
//SetSingleSignOn Sets the cookie to allow for single sign cross applications.
func SetSingleSignOn(w http.ResponseWriter, token string) {
http.SetCookie(w, &http.Cookie{
Name: ssoCookie,
Value: token,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now().AddDate(0, 0, 7),
MaxAge: 0,
})
}
//DestroySingleSignOn Gets rid of single sign on, in case a user logs out of the application.
func DestroySingleSignOn(r *http.Request, w http.ResponseWriter) {
cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
return
}
cookie = &http.Cookie{
Name: ssoCookie,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now(),
MaxAge: -1}
http.SetCookie(w, cookie)
}
我遇到了明显的错误失败。
我对SetSingleSignOn
的所有测试均通过,但是对DestroySingleSignOn
的健全性测试失败。
测试
看起来像这样:
t.Run("SignedOnFirst", func(t *testing.T) {
req := httptest.NewRequest("POST",
"localhost:42100",
nil)
w := httptest.NewRecorder()
SetSingleSignOn(w, "12446rewa12314")
// assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
DestroySingleSignOn(req, w)
// get the cookie
res := w.Result()
fmt.Println(res.Cookies())
assert.Equal(t, 1, len(res.Cookies()))
cookie := *res.Cookies()[0]
// cookie should be named ssoCookie
assert.Equal(t,
ssoCookie,
cookie.Name)
// cookie should have already expired
assert.True(t,
time.Now().After(cookie.Expires))
})
就好像根本没有调用http.SetCookie(w, cookie)
一样!更奇怪的是,当我取消对函数的直接调用
http.SetCookie(w, &http.Cookie{
Name: ssoCookie,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now(),
MaxAge: -1}
它似乎可以工作(最后一个cookie处于非活动状态),但是现在res.Cookies()
中有两个 cookie!
可能是什么原因造成的?
答案 0 :(得分:3)
在DestorySingleSignOn
函数中,您将从以下代码段开始:
cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
return
}
注意,您正在检查请求上的cookie,但是该cookie仅在响应上设置。您将需要发出请求以获取初始cookie集,然后使用该cookie发出第二个请求才能使该cookie工作。
t.Run("SignedOnFirst", func(t *testing.T) {
req := httptest.NewRequest("POST",
"localhost:42100",
nil)
w := httptest.NewRecorder()
SetSingleSignOn(w, "12446rewa12314")
// get the initial cookie
res := w.Result()
cookie := res.Cookies()[0]
// issue a second request with the cookie
req = httptest.NewRequest("POST",
"localhost:42100",
nil)
req.AddCookie(cookie)
w = httptest.NewRecorder()
// assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
DestroySingleSignOn(req, w)
// get the new cookie
res = w.Result()
fmt.Println(res.Cookies())
assert.Equal(t, 1, len(res.Cookies()))
cookie = *res.Cookies()[0]
// cookie should be named ssoCookie
assert.Equal(t,
ssoCookie,
cookie.Name)
// cookie should have already expired
assert.True(t,
time.Now().After(cookie.Expires))
})