Improve testing of cookies in functional tests:

- cookies can be set using string or symbol keys
- cookies are preserved across calls to get, post, etc.
- cookie names and values are escaped
- cookies can be cleared using @request.cookies.clear

[#6272 state:resolved]

actionpack/lib/action_controller/test_case.rb

@@ -172,6 +172,10 @@ def assign_parameters(routes, controller_path, action, parameters = {})
     end
 
     def recycle!
+      write_cookies!
+      @env.delete('HTTP_COOKIE') if @cookies.blank?
+      @env.delete('action_dispatch.cookies')
+      @cookies = nil
       @formats = nil
       @env.delete_if { |k, v| k =~ /^(action_dispatch|rack)\.request/ }
       @env.delete_if { |k, v| k =~ /^action_dispatch\.rescue/ }
@@ -301,7 +305,11 @@ def exists?
   # and cookies, though. For sessions, you just do:
   #
   #   @request.session[:key] = "value"
-  #   @request.cookies["key"] = "value"
+  #   @request.cookies[:key] = "value"
+  #
+  # To clear the cookies for a test just clear the request's cookies hash:
+  #
+  #   @request.cookies.clear
   #
   # == \Testing named routes
   #
@@ -416,6 +424,7 @@ def process(action, parameters = nil, session = nil, flash = nil, http_method =
         @controller.process_with_new_base_test(@request, @response)
         @assigns = @controller.respond_to?(:view_assigns) ? @controller.view_assigns : {}
         @request.session.delete('flash') if @request.session['flash'].blank?
+        @request.cookies.merge!(@response.cookies)
         @response
       end
 

actionpack/lib/action_dispatch/testing/test_process.rb

@@ -22,7 +22,7 @@ def flash
     end
 
     def cookies
-      HashWithIndifferentAccess.new(@request.cookies.merge(@response.cookies))
+      @request.cookies.merge(@response.cookies).with_indifferent_access
     end
 
     def redirect_to_url

actionpack/lib/action_dispatch/testing/test_request.rb

@@ -1,5 +1,6 @@
 require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/reverse_merge'
+require 'rack/utils'
 
 module ActionDispatch
   class TestRequest < Request
@@ -77,10 +78,14 @@ def cookies
     private
       def write_cookies!
         unless @cookies.blank?
-          @env['HTTP_COOKIE'] = @cookies.map { |name, value| "#{name}=#{value};" }.join(' ')
+          @env['HTTP_COOKIE'] = @cookies.map { |name, value| escape_cookie(name, value) }.join('; ')
         end
       end
 
+      def escape_cookie(name, value)
+        "#{Rack::Utils.escape(name)}=#{Rack::Utils.escape(value)}"
+      end
+
       def delete_nil_values!
         @env.delete_if { |k, v| v.nil? }
       end

actionpack/test/dispatch/cookies_test.rb

@@ -124,6 +124,20 @@ def string_key
       cookies['user_name'] = "david"
       head :ok
     end
+
+    def symbol_key_mock
+      cookies[:user_name] = "david" if cookies[:user_name] == "andrew"
+      head :ok
+    end
+
+    def string_key_mock
+      cookies['user_name'] = "david" if cookies['user_name'] == "andrew"
+      head :ok
+    end
+
+    def noop
+      head :ok
+    end
   end
 
   tests TestController
@@ -411,6 +425,57 @@ def test_cookies_hash_is_indifferent_access
     end
   end
 
+  def test_setting_request_cookies_is_indifferent_access
+    @request.cookies.clear
+    @request.cookies[:user_name] = "andrew"
+    get :string_key_mock
+    assert_equal "david", cookies[:user_name]
+
+    @request.cookies.clear
+    @request.cookies['user_name'] = "andrew"
+    get :symbol_key_mock
+    assert_equal "david", cookies['user_name']
+  end
+
+  def test_cookies_retained_across_requests
+    get :symbol_key
+    assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"]
+    assert_equal "david", cookies[:user_name]
+
+    get :noop
+    assert_nil @response.headers["Set-Cookie"]
+    assert_equal "user_name=david", @request.env['HTTP_COOKIE']
+    assert_equal "david", cookies[:user_name]
+
+    get :noop
+    assert_nil @response.headers["Set-Cookie"]
+    assert_equal "user_name=david", @request.env['HTTP_COOKIE']
+    assert_equal "david", cookies[:user_name]
+  end
+
+  def test_cookies_can_be_cleared
+    get :symbol_key
+    assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"]
+    assert_equal "david", cookies[:user_name]
+
+    @request.cookies.clear
+    get :noop
+    assert_nil @response.headers["Set-Cookie"]
+    assert_nil @request.env['HTTP_COOKIE']
+    assert_nil cookies[:user_name]
+
+    get :symbol_key
+    assert_equal "user_name=david; path=/", @response.headers["Set-Cookie"]
+    assert_equal "david", cookies[:user_name]
+  end
+
+  def test_cookies_are_escaped
+    @request.cookies[:user_ids] = '1;2'
+    get :noop
+    assert_equal "user_ids=1%3B2", @request.env['HTTP_COOKIE']
+    assert_equal "1;2", cookies[:user_ids]
+  end
+
   private
     def assert_cookie_header(expected)
       header = @response.headers["Set-Cookie"]

actionpack/test/dispatch/test_request_test.rb

@@ -36,10 +36,10 @@ class TestRequestTest < ActiveSupport::TestCase
 
     req.cookies["user_name"] = "david"
     assert_equal({"user_name" => "david"}, req.cookies)
-    assert_equal "user_name=david;", req.env["HTTP_COOKIE"]
+    assert_equal "user_name=david", req.env["HTTP_COOKIE"]
 
     req.cookies["login"] = "XJ-122"
     assert_equal({"user_name" => "david", "login" => "XJ-122"}, req.cookies)
-    assert_equal %w(login=XJ-122 user_name=david), req.env["HTTP_COOKIE"].split(/; ?/).sort
+    assert_equal %w(login=XJ-122 user_name=david), req.env["HTTP_COOKIE"].split(/; /).sort
   end
 end