139 lines
5.7 KiB
TypeScript
139 lines
5.7 KiB
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
|
|
const {
|
|
extractCookieValue,
|
|
normalizeSessionCookieHeader,
|
|
stripCookieInputPrefix,
|
|
buildGrokCookieHeader,
|
|
buildQwenCookieHeader,
|
|
extractQwenToken,
|
|
} = await import("../../src/lib/providers/webCookieAuth.ts");
|
|
|
|
test("stripCookieInputPrefix removes 'cookie:' and 'bearer ' prefixes", () => {
|
|
assert.equal(stripCookieInputPrefix("Cookie: sso=abc"), "sso=abc");
|
|
assert.equal(stripCookieInputPrefix("bearer xyz"), "xyz");
|
|
assert.equal(stripCookieInputPrefix(" plain "), "plain");
|
|
assert.equal(stripCookieInputPrefix(""), "");
|
|
});
|
|
|
|
test("normalizeSessionCookieHeader returns input as-is when it already has '='", () => {
|
|
assert.equal(
|
|
normalizeSessionCookieHeader(
|
|
"__Secure-authjs.session-token=abc",
|
|
"__Secure-authjs.session-token"
|
|
),
|
|
"__Secure-authjs.session-token=abc"
|
|
);
|
|
assert.equal(
|
|
normalizeSessionCookieHeader("bare-value", "__Secure-authjs.session-token"),
|
|
"__Secure-authjs.session-token=bare-value"
|
|
);
|
|
});
|
|
|
|
test("extractCookieValue: bare value returns unchanged", () => {
|
|
assert.equal(extractCookieValue("eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
|
|
});
|
|
|
|
test("extractCookieValue: single name=value pair returns the value", () => {
|
|
assert.equal(extractCookieValue("sso=eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
|
|
assert.equal(extractCookieValue("Cookie: sso=eyJ0eXAi.abc.def", "sso"), "eyJ0eXAi.abc.def");
|
|
});
|
|
|
|
test("extractCookieValue: full DevTools cookie blob picks the named cookie", () => {
|
|
const blob =
|
|
"i18nextLng=en; stblid=aaaaaaaa; __cf_bm=foo; sso-rw=eyJOTHER; sso=eyJTARGET.abc.def; cf_clearance=baz;";
|
|
assert.equal(extractCookieValue(blob, "sso"), "eyJTARGET.abc.def");
|
|
assert.equal(extractCookieValue(blob, "sso-rw"), "eyJOTHER");
|
|
assert.equal(extractCookieValue(blob, "cf_clearance"), "baz");
|
|
});
|
|
|
|
test("extractCookieValue: blob without target cookie returns empty string", () => {
|
|
assert.equal(extractCookieValue("foo=1; bar=2;", "sso"), "");
|
|
});
|
|
|
|
test("extractCookieValue: empty input returns empty string", () => {
|
|
assert.equal(extractCookieValue("", "sso"), "");
|
|
assert.equal(extractCookieValue(" ", "sso"), "");
|
|
});
|
|
|
|
test("extractCookieValue: cookie name with regex metacharacters is escaped", () => {
|
|
const blob = "foo=1; my.cookie+name=hello; bar=2;";
|
|
assert.equal(extractCookieValue(blob, "my.cookie+name"), "hello");
|
|
});
|
|
|
|
// #3063 — Grok now requires the paired `sso-rw` write cookie alongside `sso`.
|
|
test("buildGrokCookieHeader: bare sso value emits only sso (no phantom sso-rw)", () => {
|
|
assert.equal(buildGrokCookieHeader("eyJ0eXAi.abc.def"), "sso=eyJ0eXAi.abc.def");
|
|
});
|
|
|
|
test("buildGrokCookieHeader: single sso= pair emits only sso", () => {
|
|
assert.equal(buildGrokCookieHeader("sso=eyJ0eXAi.abc"), "sso=eyJ0eXAi.abc");
|
|
});
|
|
|
|
test("buildGrokCookieHeader: full cookie blob forwards sso, sso-rw and cf_clearance", () => {
|
|
const blob = "cf_clearance=zzz; sso=AAA.bbb; sso-rw=CCC.ddd; other=1";
|
|
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; sso-rw=CCC.ddd; cf_clearance=zzz");
|
|
});
|
|
|
|
// #5350 — forward the Cloudflare cookies (cf_clearance + __cf_bm) when the pasted
|
|
// blob carries them, matching the real browser request (parity with AIClient2API).
|
|
test("buildGrokCookieHeader: forwards sso, sso-rw, cf_clearance and __cf_bm (order-independent)", () => {
|
|
const blob = "i18nextLng=en; __cf_bm=BM; sso=SSO; sso-rw=RW; cf_clearance=CF; x-userid=U";
|
|
const header = buildGrokCookieHeader(blob);
|
|
assert.match(header, /(?:^|;\s*)sso=SSO(?:;|$)/);
|
|
assert.match(header, /(?:^|;\s*)sso-rw=RW(?:;|$)/);
|
|
assert.match(header, /(?:^|;\s*)cf_clearance=CF(?:;|$)/);
|
|
assert.match(header, /(?:^|;\s*)__cf_bm=BM(?:;|$)/);
|
|
});
|
|
|
|
test("buildGrokCookieHeader: bare sso emits no phantom cf_clearance/__cf_bm keys", () => {
|
|
assert.equal(buildGrokCookieHeader("sso=SSO"), "sso=SSO");
|
|
assert.doesNotMatch(buildGrokCookieHeader("sso=SSO"), /cf_clearance|__cf_bm/);
|
|
});
|
|
|
|
test("buildGrokCookieHeader: forwards __cf_bm even when cf_clearance is absent", () => {
|
|
const blob = "foo=1; __cf_bm=BM; sso=AAA.bbb";
|
|
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; __cf_bm=BM");
|
|
});
|
|
|
|
test("buildGrokCookieHeader: order-independent — sso-rw before sso in the blob", () => {
|
|
const blob = "sso-rw=CCC.ddd; sso=AAA.bbb";
|
|
assert.equal(buildGrokCookieHeader(blob), "sso=AAA.bbb; sso-rw=CCC.ddd");
|
|
});
|
|
|
|
test("buildGrokCookieHeader: blob with sso but no sso-rw emits only sso", () => {
|
|
assert.equal(buildGrokCookieHeader("foo=1; sso=AAA.bbb; bar=2"), "sso=AAA.bbb");
|
|
});
|
|
|
|
test("buildGrokCookieHeader: blob without sso returns empty string", () => {
|
|
assert.equal(buildGrokCookieHeader("foo=1; sso-rw=CCC.ddd; bar=2"), "");
|
|
assert.equal(buildGrokCookieHeader(""), "");
|
|
});
|
|
|
|
test("buildQwenCookieHeader: passes through a full DevTools cookie blob", () => {
|
|
const blob = "cna=ABC; token=jwt.tok; ssxmod_itna=1-XYZ; ssxmod_itna2=1-QRS";
|
|
assert.equal(buildQwenCookieHeader(blob), blob);
|
|
});
|
|
|
|
test("buildQwenCookieHeader: strips a leading 'Cookie:' prefix", () => {
|
|
assert.equal(buildQwenCookieHeader("Cookie: cna=ABC; token=jwt"), "cna=ABC; token=jwt");
|
|
});
|
|
|
|
test("buildQwenCookieHeader: a bare token (no cookie pairs) yields no cookie header", () => {
|
|
assert.equal(buildQwenCookieHeader("eyJ0eXAi.abc.def"), "");
|
|
assert.equal(buildQwenCookieHeader(""), "");
|
|
});
|
|
|
|
test("extractQwenToken: pulls the token= value out of a cookie blob", () => {
|
|
assert.equal(extractQwenToken("cna=ABC; token=jwt.tok; ssxmod_itna=1-XYZ"), "jwt.tok");
|
|
});
|
|
|
|
test("extractQwenToken: returns a bare token unchanged", () => {
|
|
assert.equal(extractQwenToken("eyJ0eXAi.abc.def"), "eyJ0eXAi.abc.def");
|
|
});
|
|
|
|
test("extractQwenToken: a cookie blob without a token cookie yields empty string", () => {
|
|
assert.equal(extractQwenToken("cna=ABC; ssxmod_itna=1-XYZ"), "");
|
|
});
|