Fix cookie processing for RDAP URL update (#630)

* Fix cookie processing for RDAP URL update The existing code only does cookie processing on the _first_ Set-Cookie header. Therefore, if the "id" cookie used for authentication is defined in anything other than the first Set-Cookie header (as it now is), we don't find it. Replace the cookie processing stanza with a line that processes all cookies in all Set-Cookie headers.
2025-07-20 09:46:03 +02:00 · 2020-06-16 15:07:13 -04:00 · 2020-06-16 15:07:13 -04:00 · 8cca863df9
commit 8cca863df9
parent dcaef1c6fc
2 changed files with 6 additions and 1 deletions
--- a/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
+++ b/core/src/main/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsAction.java
@ -101,7 +101,8 @@ public final class UpdateRegistrarRdapBaseUrlsAction implements Runnable {
    HttpResponse response = request.execute();

    Optional<HttpCookie> idCookie =
-        HttpCookie.parse(response.getHeaders().getFirstHeaderStringValue("Set-Cookie")).stream()
+        response.getHeaders().getHeaderStringValues("Set-Cookie").stream()
+            .flatMap(value -> HttpCookie.parse(value).stream())
            .filter(cookie -> cookie.getName().equals(COOKIE_ID))
            .findAny();
    checkState(
--- a/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
+++ b/core/src/test/java/google/registry/rdap/UpdateRegistrarRdapBaseUrlsActionTest.java
@ -319,6 +319,10 @@ public final class UpdateRegistrarRdapBaseUrlsActionTest extends ShardableTestCa

  private static void addValidResponses(TestHttpTransport httpTransport) {
    MockLowLevelHttpResponse loginResponse = new MockLowLevelHttpResponse();
+    loginResponse.addHeader(
+        "Set-Cookie",
+        "JSESSIONID=bogusid; "
+            + "Expires=Tue, 11-Jun-2019 16:34:21 GMT; Path=/; Secure; HttpOnly");
    loginResponse.addHeader(
        "Set-Cookie",
        "id=myAuthenticationId; "