Fix cookie processing for RDAP URL update (#630)

* Fix cookie processing for RDAP URL update The existing code only does cookie processing on the _first_ Set-Cookie header. Therefore, if the "id" cookie used for authentication is defined in anything other than the first Set-Cookie header (as it now is), we don't find it. Replace the cookie processing stanza with a line that processes all cookies in all Set-Cookie headers.
2026-01-08 23:23:32 +00:00 · 2020-06-16 15:07:13 -04:00
parent 4f37c65af5
commit 31841ccc55
2 changed files with 6 additions and 1 deletions
--- a/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
+++ b/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
@@ -101,7 +101,8 @@ public final class UpdateRegistrarRdapBaseUrlsAction implements Runnable {
    HttpResponse response = request.execute();

    Optional<HttpCookie> idCookie =
-        HttpCookie.parse(response.getHeaders().getFirstHeaderStringValue("Set-Cookie")).stream()
+        response.getHeaders().getHeaderStringValues("Set-Cookie").stream()
+            .flatMap(value -> HttpCookie.parse(value).stream())
            .filter(cookie -> cookie.getName().equals(COOKIE_ID))
            .findAny();
    checkState(
--- a/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
+++ b/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
@@ -319,6 +319,10 @@ public final class UpdateRegistrarRdapBaseUrlsActionTest extends ShardableTestCa

  private static void addValidResponses(TestHttpTransport httpTransport) {
    MockLowLevelHttpResponse loginResponse = new MockLowLevelHttpResponse();
+    loginResponse.addHeader(
+        "Set-Cookie",
+        "JSESSIONID=bogusid; "
+            + "Expires=Tue, 11-Jun-2019 16:34:21 GMT; Path=/; Secure; HttpOnly");
    loginResponse.addHeader(
        "Set-Cookie",
        "id=myAuthenticationId; "