dwaite / cookiejar Goto Github PK

I'm looking at the docs, but I don't find any examples on how to use this gem. Would be nice with a simple example for a quick getting-started.

Hi @dwaite ,

There hasn't been a release for this project in quite a while. Are you looking for other maintainers to help keep this project going?

Best,
Michael

CookieJar's goal is to parse RFC 2109 cookies, right?

According to RFC 2109: HTTP State Management Mechanism:

Informally, the Set-Cookie response header comprises the token Set-Cookie:, followed by a comma-separated list of one or more cookies. Each cookie begins with a NAME=VALUE pair, followed by zero or more semi-colon-separated attribute-value pairs.

I haven't found an API method in cookiejar that handles comma-separated cookies. I tried set_cookie and that failed.

Unless I misunderstood the cookie spec and/or overlooked something in the code, this is a bug. I didn't see any tests checking for multiple cookies.

Hopefully easy to fix, though!

Please consider creating git tags for existing releases. This will make it easier to navigate the history and will make it also easy to determine which changes have been made since the last published release, if any.

https://rubygems.org/gems/cookiejar/versions/0.3.3

Licenses:
N/A

Currently, cookiejar raises an exception when a cookie has an attribute/parameter that the cookiejar parser does not recognize. It also fails to parse cookies in headers if it contains unrecognized attributes. It should ignore the attribute rather than raise an exception. This is in violation of all current and former RFCs describing implementation of cookies.

irb(main):008:0> jar.set_cookie(u, 'foo=bar; RandomAttribute=1')
CookieJar::InvalidCookieError: Unknown cookie parameter 'randomattribute'

RFC 6525 4.1.2 "User agents ignore unrecognized cookie attributes (but not the entire cookie)."

RFC 2965 3.3 "The user agent MUST ignore attribute-value pairs whose attribute it does not recognize."

RFC 2109 10.1.1 "An "old" client that receives a "new" cookie will ignore attributes it does not understand; it returns what it does understand to the origin server."

It looks like when adb79c0 was merged, the gem version was not bumped and the changes were not pushed to RubyGems. Is there a plan to release a new version of the gem around this change?

I'm getting multiple warnings under Ruby 1.9.2-p0:

/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/cookie_validation.rb:278: warning: (...) interpreted as grouped expression
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/cookie_validation.rb:294: warning: ambiguous first argument; put parentheses or even spaces
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/cookie_validation.rb:385: warning: ambiguous first argument; put parentheses or even spaces
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:128: warning: mismatched indentations at 'end' with 'def' at 124
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:142: warning: mismatched indentations at 'end' with 'def' at 134
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:153: warning: `*' interpreted as argument prefix
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:154: warning: `*' interpreted as argument prefix
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:155: warning: mismatched indentations at 'end' with 'def' at 150
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:224: warning: mismatched indentations at 'end' with 'if' at 220
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:267: warning: mismatched indentations at 'end' with 'unless' at 260
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:273: warning: mismatched indentations at 'end' with 'if' at 251
/home/hal/.rvm/gems/ruby-1.9.2-p0/gems/cookiejar-0.3.0/lib/cookiejar/jar.rb:280: warning: useless use of a variable in void context

I ran into a problem where I would not get any cookies set given this header:
"s=AAAAAAAAY1UAAAFJAB4UawAAAAAAAAAApPcqHqisJSmL4TuQ-RsJradrFZt9fTMSdEi8bw; Domain=.example.com; Path=/; HttpOnly; Secure; Max-Age=63072000"

Using set_cookies_from_headers would not do anything, but also not yield any errors. Eventually after poking around in the source code I called the methods that set_cookies_from_headers calls and found there to be errors:

CookieJar::Cookie.from_set_cookie("https://example.com/", "s=AAAAAAAAY1UAAAFJAB4UawAAAAAAAAAApPcqHqisJSmL4TuQ-RsJradrFZt9fTMSdEi8bw; Domain=.example.com; Path=/; HttpOnly; Secure; Max-Age=63072000").inspect
Error: #<CookieJar::InvalidCookieError: Unknown cookie parameter 'max-age'>
C:/Users/Thomas/AppData/Roaming/SketchUp/SketchUp 2015/SketchUp/Gems64/gems/cookiejar-0.3.2/lib/cookiejar/cookie_validation.rb:324:in `block in parse_set_cookie'
C:/Users/Thomas/AppData/Roaming/SketchUp/SketchUp 2015/SketchUp/Gems64/gems/cookiejar-0.3.2/lib/cookiejar/cookie_validation.rb:297:in `each'
C:/Users/Thomas/AppData/Roaming/SketchUp/SketchUp 2015/SketchUp/Gems64/gems/cookiejar-0.3.2/lib/cookiejar/cookie_validation.rb:297:in `parse_set_cookie'
C:/Users/Thomas/AppData/Roaming/SketchUp/SketchUp 2015/SketchUp/Gems64/gems/cookiejar-0.3.2/lib/cookiejar/cookie.rb:92:in `from_set_cookie'
<main>:in `<main>'
SketchUp:1:in `eval'

Should it really raise errors upon unknown value? Or rather ignore those and yet save the cookie using the value it does now. I'd prefer that former.

Any workaround for this?

The existing code for cookie validation was written 9 years ago, before the RFC 6265. So it only supports one level of subdomains between the cookie domain-value and the requested host name:

Set-Cookie: "Hello=w0r1d;Path=/;Domain=.grandma.com"

matches eat.grandma.com, but does not match lets.eat.grandma.com.

The latest version is showing file perms of 600 instead of 644 for all files within the gem. This creates a problem when people install gems as root into /usr/local/lib/ruby, and then try to load it with another user on the system.

0.3.0 is packaged correctly. something had changed in the last version

/usr/local/lib/ruby/gems/2.1.0/gems/cookiejar-0.3.1$ ls -l
total 24
-rw------- 1 root root  363 Feb 19 01:19 contributors.json
drwxr-xr-x 3 root root 4096 Feb 19 01:19 lib
-rw------- 1 root root 1320 Feb 19 01:19 LICENSE
-rw------- 1 root root  717 Feb 19 01:19 Rakefile
-rw------- 1 root root  670 Feb 19 01:19 README.markdown
drwxr-xr-x 2 root root 4096 Feb 19 01:19 spec
/usr/local/lib/ruby/gems/2.1.0/gems/cookiejar-0.3.1$ ls -l ../cookiejar-0.3.0
total 8
drwxr-xr-x 3 root root 4096 Jan  9 06:54 lib
drwxr-xr-x 2 root root 4096 Jan  9 06:54 test

Hello, I am wondering if this project is no longer being maintained. There are a number of pull requests that have valid reasons to be merged, but it appears to have no activity. Would you be willing to pass on the gem to a new maintainer?

Hi @dwaite, thanks for all the great work on this.

I was wondering if you'd consider another stable release at some point given there's been a good few new features and it's been a while since the last one.

Thanks!