在尝试测试以下代码:
//SetSingleSignOn Sets the cookie to allow for single sign cross applications.
func SetSingleSignOn(w http.ResponseWriter, token string) {
http.SetCookie(w, &http.Cookie{
Name: ssoCookie,
Value: token,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now().AddDate(0, 0, 7),
MaxAge: 0,
})
}
//DestroySingleSignOn Gets rid of single sign on, in case a user logs out of the application.
func DestroySingleSignOn(r *http.Request, w http.ResponseWriter) {
cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
return
}
cookie = &http.Cookie{
Name: ssoCookie,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now(),
MaxAge: -1}
http.SetCookie(w, cookie)
}
我遇到了一个明显的错误失败。
我针对 SetSingleSignOn
的所有测试都通过了,但是针对 DestroySingleSignOn
的完整性测试失败了。
测试
看起来像这样:
t.Run("SignedOnFirst", func(t *testing.T) {
req := httptest.NewRequest("POST",
"localhost:42100",
nil)
w := httptest.NewRecorder()
SetSingleSignOn(w, "12446rewa12314")
// assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
DestroySingleSignOn(req, w)
// get the cookie
res := w.Result()
fmt.Println(res.Cookies())
assert.Equal(t, 1, len(res.Cookies()))
cookie := *res.Cookies()[0]
// cookie should be named ssoCookie
assert.Equal(t,
ssoCookie,
cookie.Name)
// cookie should have already expired
assert.True(t,
time.Now().After(cookie.Expires))
})
就好像 http.SetCookie(w, cookie)
根本没有被调用过一样!更奇怪的是,当我直接取消函数调用时
http.SetCookie(w, &http.Cookie{
Name: ssoCookie,
Path: "/",
HttpOnly: false,
Secure: false,
Domain: "localhost",
Expires: time.Now(),
MaxAge: -1}
它似乎有效(最后一个 cookie 处于非事件状态),但现在 res.Cookies()
中有两个 cookie!
这可能是什么原因造成的?
最佳答案
在您的 DestorySingleSignOn
函数中,您从这个 block 开始:
cookie, err := r.Cookie(ssoCookie)
if err != nil || cookie.Value == "" {
return
}
请注意,您正在检查请求 中的 cookie,但 cookie 仅在响应 中设置。您需要发出请求以获取初始 cookie 集,然后使用该 cookie 发出第二个请求才能正常工作。
t.Run("SignedOnFirst", func(t *testing.T) {
req := httptest.NewRequest("POST",
"localhost:42100",
nil)
w := httptest.NewRecorder()
SetSingleSignOn(w, "12446rewa12314")
// get the initial cookie
res := w.Result()
cookie := res.Cookies()[0]
// issue a second request with the cookie
req = httptest.NewRequest("POST",
"localhost:42100",
nil)
req.AddCookie(cookie)
w = httptest.NewRecorder()
// assert.NotPanics(t, func() { DestroySingleSignOn(req, w) })
DestroySingleSignOn(req, w)
// get the new cookie
res = w.Result()
fmt.Println(res.Cookies())
assert.Equal(t, 1, len(res.Cookies()))
cookie = *res.Cookies()[0]
// cookie should be named ssoCookie
assert.Equal(t,
ssoCookie,
cookie.Name)
// cookie should have already expired
assert.True(t,
time.Now().After(cookie.Expires))
})
关于Golang cookie 不删除,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51754125/