Exemple #1
0
void setCookiesFromDOM(const NetworkStorageSession& session, const URL& firstParty, const URL& url, const String& value)
{
    SoupCookieJar* jar = cookieJarForSession(session);
    if (!jar)
        return;

    GUniquePtr<SoupURI> origin = url.createSoupURI();
    GUniquePtr<SoupURI> firstPartyURI = firstParty.createSoupURI();

    // Get existing cookies for this origin.
    GSList* existingCookies = soup_cookie_jar_get_cookie_list(jar, origin.get(), TRUE);

    Vector<String> cookies;
    value.split('\n', cookies);
    const size_t cookiesCount = cookies.size();
    for (size_t i = 0; i < cookiesCount; ++i) {
        GUniquePtr<SoupCookie> cookie(soup_cookie_parse(cookies[i].utf8().data(), origin.get()));
        if (!cookie)
            continue;

        // Make sure the cookie is not httpOnly since such cookies should not be set from JavaScript.
        if (soup_cookie_get_http_only(cookie.get()))
            continue;

        // Make sure we do not overwrite httpOnly cookies from JavaScript.
        if (httpOnlyCookieExists(existingCookies, soup_cookie_get_name(cookie.get()), soup_cookie_get_path(cookie.get())))
            continue;

        soup_cookie_jar_add_cookie_with_first_party(jar, firstPartyURI.get(), cookie.release());
    }

    soup_cookies_free(existingCookies);
}
Exemple #2
0
void deleteCookie(const NetworkStorageSession& session, const URL& url, const String& name)
{
    SoupCookieJar* jar = cookieJarForSession(session);
    if (!jar)
        return;

    GUniquePtr<SoupURI> uri = url.createSoupURI();
    GUniquePtr<GSList> cookies(soup_cookie_jar_get_cookie_list(jar, uri.get(), TRUE));
    if (!cookies)
        return;

    CString cookieName = name.utf8();
    bool wasDeleted = false;
    for (GSList* iter = cookies.get(); iter; iter = g_slist_next(iter)) {
        SoupCookie* cookie = static_cast<SoupCookie*>(iter->data);
        if (!wasDeleted && cookieName == cookie->name) {
            soup_cookie_jar_delete_cookie(jar, cookie);
            wasDeleted = true;
        }
        soup_cookie_free(cookie);
    }
}
Exemple #3
0
bool getRawCookies(const NetworkStorageSession& session, const URL& /*firstParty*/, const URL& url, Vector<Cookie>& rawCookies)
{
    rawCookies.clear();
    SoupCookieJar* jar = cookieJarForSession(session);
    if (!jar)
        return false;

    GUniquePtr<SoupURI> uri = url.createSoupURI();
    GUniquePtr<GSList> cookies(soup_cookie_jar_get_cookie_list(jar, uri.get(), TRUE));
    if (!cookies)
        return false;

    for (GSList* iter = cookies.get(); iter; iter = g_slist_next(iter)) {
        SoupCookie* cookie = static_cast<SoupCookie*>(iter->data);
        rawCookies.append(Cookie(String::fromUTF8(cookie->name), String::fromUTF8(cookie->value), String::fromUTF8(cookie->domain),
            String::fromUTF8(cookie->path), cookie->expires ? static_cast<double>(soup_date_to_time_t(cookie->expires)) * 1000 : 0,
            cookie->http_only, cookie->secure, !cookie->expires));
        soup_cookie_free(cookie);
    }

    return true;
}
Exemple #4
0
/* Open database containing policies for cookie domains.
 * Create database and setup table structure if it does not exist yet.
 */
static void _cookie_permission_manager_open_database(CookiePermissionManager *self)
{
	CookiePermissionManagerPrivate	*priv=self->priv;
	const gchar						*configDir;
	gchar							*error=NULL;
	gint							success;
	sqlite3_stmt					*statement=NULL;

	/* Close any open database */
	if(priv->database)
	{
		g_free(priv->databaseFilename);
		priv->databaseFilename=NULL;

		sqlite3_close(priv->database);
		priv->database=NULL;

		g_object_notify_by_pspec(G_OBJECT(self), CookiePermissionManagerProperties[PROP_DATABASE]);
		g_object_notify_by_pspec(G_OBJECT(self), CookiePermissionManagerProperties[PROP_DATABASE_FILENAME]);
	}

	/* Build path to database file */
	configDir=midori_extension_get_config_dir(priv->extension);
	if(!configDir)
		return;
	
	if(katze_mkdir_with_parents(configDir, 0700))
	{
		g_warning(_("Could not create configuration folder for extension: %s"), g_strerror(errno));

		_cookie_permission_manager_error(self, _("Could not create configuration folder for extension."));
		return;
	}

	/* Open database */
	priv->databaseFilename=g_build_filename(configDir, COOKIE_PERMISSION_DATABASE, NULL);
	success=sqlite3_open(priv->databaseFilename, &priv->database);
	if(success!=SQLITE_OK)
	{
		g_warning(_("Could not open database of extenstion: %s"), sqlite3_errmsg(priv->database));

		g_free(priv->databaseFilename);
		priv->databaseFilename=NULL;

		if(priv->database) sqlite3_close(priv->database);
		priv->database=NULL;

		_cookie_permission_manager_error(self, _("Could not open database of extension."));
		return;
	}

	/* Create table structure if it does not exist */
	success=sqlite3_exec(priv->database,
							"CREATE TABLE IF NOT EXISTS "
							"policies(domain text, value integer);",
							NULL,
							NULL,
							&error);

	if(success==SQLITE_OK)
	{
		success=sqlite3_exec(priv->database,
								"CREATE UNIQUE INDEX IF NOT EXISTS "
								"domain ON policies (domain);",
								NULL,
								NULL,
								&error);
	}

	if(success==SQLITE_OK)
	{
		success=sqlite3_exec(priv->database,
								"PRAGMA journal_mode=TRUNCATE;",
								NULL,
								NULL,
								&error);
	}

	if(success!=SQLITE_OK || error)
	{
		_cookie_permission_manager_error(self, _("Could not set up database structure of extension."));

		if(error)
		{
			g_critical(_("Failed to execute database statement: %s"), error);
			sqlite3_free(error);
		}

		g_free(priv->databaseFilename);
		priv->databaseFilename=NULL;

		sqlite3_close(priv->database);
		priv->database=NULL;
		return;
	}

	// Delete all cookies allowed only in one session
	success=sqlite3_prepare_v2(priv->database,
								"SELECT domain FROM policies WHERE value=? ORDER BY domain DESC;",
								-1,
								&statement,
								NULL);
	if(statement && success==SQLITE_OK) success=sqlite3_bind_int(statement, 1, COOKIE_PERMISSION_MANAGER_POLICY_ACCEPT_FOR_SESSION);
	if(statement && success==SQLITE_OK)
	{
		while(sqlite3_step(statement)==SQLITE_ROW)
		{
			gchar		*domain=(gchar*)sqlite3_column_text(statement, 0);
			GSList		*cookies, *cookie;

#ifdef HAVE_LIBSOUP_2_40_0
			SoupURI		*uri;

			uri=soup_uri_new(NULL);
			soup_uri_set_host(uri, domain);
			soup_uri_set_path(uri, "/");
			cookies=soup_cookie_jar_get_cookie_list(priv->cookieJar, uri, TRUE);
			for(cookie=cookies; cookie; cookie=cookie->next)
			{
				soup_cookie_jar_delete_cookie(priv->cookieJar, (SoupCookie*)cookie->data);
			}
			soup_cookies_free(cookies);
			soup_uri_free(uri);
#else
			cookies=soup_cookie_jar_all_cookies(priv->cookieJar);
			for(cookie=cookies; cookie; cookie=cookie->next)
			{
				if(soup_cookie_domain_matches((SoupCookie*)cookie->data, domain))
				{
					soup_cookie_jar_delete_cookie(priv->cookieJar, (SoupCookie*)cookie->data);
				}
			}
			soup_cookies_free(cookies);
#endif
		}
	}
		else g_warning(_("SQL fails: %s"), sqlite3_errmsg(priv->database));

	sqlite3_finalize(statement);

	g_object_notify_by_pspec(G_OBJECT(self), CookiePermissionManagerProperties[PROP_DATABASE]);
	g_object_notify_by_pspec(G_OBJECT(self), CookiePermissionManagerProperties[PROP_DATABASE_FILENAME]);
}
Exemple #5
0
/* FIXME: moar tests! */
static void
do_cookies_parsing_test (void)
{
	SoupSession *session;
	SoupMessage *msg;
	SoupCookieJar *jar;
	GSList *cookies, *iter;
	SoupCookie *cookie;
	gboolean got1, got2, got3;

	debug_printf (1, "\nSoupCookie parsing test\n");

	session = soup_test_session_new (SOUP_TYPE_SESSION_ASYNC, NULL);
	soup_session_add_feature_by_type (session, SOUP_TYPE_COOKIE_JAR);
	jar = SOUP_COOKIE_JAR (soup_session_get_feature (session, SOUP_TYPE_COOKIE_JAR));

	/* "httponly" is case-insensitive, and its value (if any) is ignored */
	msg = soup_message_new_from_uri ("GET", first_party_uri);
	soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
				     "one=1; httponly; max-age=100");
	soup_session_send_message (session, msg);
	g_object_unref (msg);

	msg = soup_message_new_from_uri ("GET", first_party_uri);
	soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
				     "two=2; HttpOnly; max-age=100");
	soup_session_send_message (session, msg);
	g_object_unref (msg);

	msg = soup_message_new_from_uri ("GET", first_party_uri);
	soup_message_headers_append (msg->request_headers, "Echo-Set-Cookie",
				     "three=3; httpONLY=Wednesday; max-age=100");
	soup_session_send_message (session, msg);
	g_object_unref (msg);

	cookies = soup_cookie_jar_get_cookie_list (jar, first_party_uri, TRUE);
	got1 = got2 = got3 = FALSE;

	for (iter = cookies; iter; iter = iter->next) {
		cookie = iter->data;

		if (!strcmp (soup_cookie_get_name (cookie), "one")) {
			got1 = TRUE;
			if (!soup_cookie_get_http_only (cookie)) {
				debug_printf (1, "  cookie 1 is not HttpOnly!\n");
				errors++;
			}
			if (!soup_cookie_get_expires (cookie)) {
				debug_printf (1, "  cookie 1 did not fully parse!\n");
				errors++;
			}
		} else if (!strcmp (soup_cookie_get_name (cookie), "two")) {
			got2 = TRUE;
			if (!soup_cookie_get_http_only (cookie)) {
				debug_printf (1, "  cookie 2 is not HttpOnly!\n");
				errors++;
			}
			if (!soup_cookie_get_expires (cookie)) {
				debug_printf (1, "  cookie 3 did not fully parse!\n");
				errors++;
			}
		} else if (!strcmp (soup_cookie_get_name (cookie), "three")) {
			got3 = TRUE;
			if (!soup_cookie_get_http_only (cookie)) {
				debug_printf (1, "  cookie 3 is not HttpOnly!\n");
				errors++;
			}
			if (!soup_cookie_get_expires (cookie)) {
				debug_printf (1, "  cookie 3 did not fully parse!\n");
				errors++;
			}
		} else {
			debug_printf (1, "  got unexpected cookie '%s'\n",
				      soup_cookie_get_name (cookie));
			errors++;
		}

		soup_cookie_free (cookie);
	}
	g_slist_free (cookies);

	if (!got1) {
		debug_printf (1, "  didn't get cookie 1\n");
		errors++;
	}
	if (!got2) {
		debug_printf (1, "  didn't get cookie 2\n");
		errors++;
	}
	if (!got3) {
		debug_printf (1, "  didn't get cookie 3\n");
		errors++;
	}

	soup_test_session_abort_unref (session);
}