Correctly handle cookies

Automattic · Sep 21, 2023 · e6a7f4c · e6a7f4c
1 parent 1b186bb
commit e6a7f4c
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 16 deletions.
diff --git a/integration-tests/index.ts b/integration-tests/index.ts
@@ -46,18 +46,17 @@ async function run() {
     // Call authorization URL.
     console.info("Calling authorization URL", authorizationUrl.toString());
     let response = await httpsClient.get(authorizationUrl);
-    let responseUrl = new URL(response.request.res.responseUrl);
+    let responseUrl = new URL(response.config.url ?? "");
 
     // Log in, if needed.
     if (response.status === 200 && responseUrl.toString().includes("wp-login.php")) {
         response = await httpsClient.post(new URL(`${env.ISSUER_URL}/wp-login.php`), {
+            testcookie: "1",
             log: "admin",
             pwd: "password",
-            "wp-submit": "Log In",
             redirect_to: responseUrl.searchParams.get("redirect_to"),
-            testcookie: "1",
+
         });
-        httpsClient.setCookies(response);
         console.debug(response.data, response.status, response.statusText);
     }
 

diff --git a/integration-tests/package.json b/integration-tests/package.json
@@ -17,6 +17,7 @@
     "axios": "^1.5.0",
     "dotenv": "^16.3.1",
     "http-terminator": "^3.2.0",
-    "openid-client": "^5.5.0"
+    "openid-client": "^5.5.0",
+    "set-cookie-parser": "^2.6.0"
   }
 }
diff --git a/integration-tests/src/HttpsClient.ts b/integration-tests/src/HttpsClient.ts
@@ -1,33 +1,49 @@
 import https from "node:https";
 import axios, {AxiosInstance, AxiosResponse} from "axios";
+const setCookieParser = require('set-cookie-parser');
 
 type Options = {
     caCert: Buffer,
 }
 
 export class HttpsClient {
     private readonly axios: AxiosInstance;
+    private cookies: string[] = [];
 
     constructor(private readonly options: Options) {
         this.axios = axios.create({
             httpsAgent: new https.Agent({ ca: this.options.caCert }),
-            // maxRedirects: 0,        // Don't follow redirects.
-            withCredentials: true,  // Use cookies.
+            maxRedirects: 0,
+            validateStatus: function (status) {
+                return [200, 302].includes(status);
+            }
+        });
+
+        this.axios.interceptors.response.use(response => {
+            console.log("response", response.status, response.config.url, response.headers)
+            return response;
         });
 
         this.axios.interceptors.request.use(request => {
-            console.log(request.headers)
+            console.log("request", request.url, request.headers, request.data)
             return request;
         });
     }
 
-    setCookies(response: AxiosResponse) {
-        console.debug(response.headers["set-cookie"]);
-        this.axios.defaults.headers.put .Cookie = response.headers["set-cookie"];
-    }
-
     async get(url: URL): Promise<AxiosResponse> {
-        return this.axios.get(url.toString());
+        const response = await this.axios.get(url.toString(), {
+            headers: {
+                Cookie: this.cookieHeader(),
+            },
+        });
+
+        this.setCookies(response);
+
+        if (response.status === 302) {
+            return this.get(response.headers.location);
+        }
+
+        return response;
     }
 
     async post(url: URL, data: object): Promise<AxiosResponse> {
@@ -36,7 +52,41 @@ export class HttpsClient {
             // @ts-ignore
             formData.append(property, data[property]);
         }
-        console.debug(formData);
-        return this.axios.post(url.toString(), formData);
+
+        const response = await this.axios.post(url.toString(), formData, {
+            headers: {
+                Cookie: this.cookieHeader(),
+            },
+        });
+
+        this.setCookies(response);
+
+        if (response.status === 302) {
+            return this.get(response.headers.location);
+        }
+
+        return response
+    }
+
+    private setCookies(response: AxiosResponse) {
+        const cookies = setCookieParser.parse(response);
+        for (const cookie of cookies) {
+            this.cookies[cookie.name] = cookie.value;
+        }
+    }
+
+    private cookieHeader(): string {
+        let header = "";
+        for (const name in this.cookies) {
+            const value = this.cookies[name];
+            if (value.trim() === "") {
+                continue;
+            }
+            if (header !== "") {
+                header += "; ";
+            }
+            header += `${encodeURIComponent(name)}=${encodeURIComponent(this.cookies[name])}`;
+        }
+        return header;
     }
 }
diff --git a/integration-tests/yarn.lock b/integration-tests/yarn.lock
@@ -384,6 +384,11 @@ semver-compare@^1.0.0:
   resolved "https://registry.yarnpkg.com/semver-compare/-/semver-compare-1.0.0.tgz#0dee216a1c941ab37e9efb1788f6afc5ff5537fc"
   integrity sha512-YM3/ITh2MJ5MtzaM429anh+x2jiLVjqILF4m4oyQB18W7Ggea7BfqdH/wGMK7dDiMghv/6WG7znWMwUDzJiXow==
 
+set-cookie-parser@^2.6.0:
+  version "2.6.0"
+  resolved "https://registry.yarnpkg.com/set-cookie-parser/-/set-cookie-parser-2.6.0.tgz#131921e50f62ff1a66a461d7d62d7b21d5d15a51"
+  integrity sha512-RVnVQxTXuerk653XfuliOxBP81Sf0+qfQE73LIYKcyMYHG94AuH0kgrQpRDuTZnSmjpysHmzxJXKNfa6PjFhyQ==
+
 ts-node@^10.9.1:
   version "10.9.1"
   resolved "https://registry.yarnpkg.com/ts-node/-/ts-node-10.9.1.tgz#e73de9102958af9e1f0b168a6ff320e25adcff4b"