🐛 [Bug]: There is something weird with Fiber and the usage of Http lib for testing.

jujur10 commented 1 day ago

Bug Description

You are using the HTTP library (https://docs.gofiber.io/api/app/#test) but some fiber features are not RFC compliant, example with cookies using the " character. You can't use HTTP library if you have to send (and the backend have to receive) a golang json structure. If you want to stock data in cookies (very practical but non RFC compliant).

How to Reproduce

Make an OAuth2 login and callback entries.
Add data in the state field (for example make a structure).
With a modern navigator, you will see that the cookie works fine.
Try to make a test with HTTP. Like in the doc: https://docs.gofiber.io/api/app/#test
You will see that it is not possible to handle the test, because HTTP library doesn't support ".

Expected Behavior

The cookie with " are supposed to work.

Fiber Version

v2.52.5

Code Snippet (optional)

// addServiceToUser simulates adding a service to a user by invoking the OAuth callback endpoint.
func addServiceToUserTesting(app *fiber.App, sessionCookie *http.Cookie) error {
    // Simulate generating and setting the state
    mockState := StateData{
        State:             "test-state",
        RedirectURL:       "",
        StoreSessionInURL: false,
    }

    // Encode the state and redirect URI into JSON.
    value, err := sonic.Marshal(mockState)
    if err != nil {
        return fmt.Errorf("failed to marshall token: %s", err)
    }

    // Encode to base64 (in order to be able to use it in the backend).
    encodedState := base64.StdEncoding.EncodeToString(value)

    fullURL := fmt.Sprintf("/protected/oauth2/noServiceUsedForTesting/callback?code=test-code&state=%s",
        encodedState)

    // Create the HTTP request
    req, err := http.NewRequest("GET", fullURL, nil)
    if err != nil {
        return err
    }

    // Attach the session cookie for authentication
    if sessionCookie != nil {
        req.AddCookie(sessionCookie)
    }

    // OAuth handler checks for the state in a cookie, set it here
    req.AddCookie(&http.Cookie{
        Name:  "oauth_state",
        Value: encodedState,
    })

    // Perform the request
    resp, err := app.Test(req, -1)
    if err != nil {
        return err
    }
    ...
}

For this part:

    // OAuth handler checks for the state in a cookie, set it here
    req.AddCookie(&http.Cookie{
        Name:  "oauth_state",
        Value: encodedState,
    })

It is mandatory to convert to base 64 in order to handle the " in the backend.

Checklist:

[X] I agree to follow Fiber's Code of Conduct.
[X] I have checked for existing issues that describe my problem prior to opening this one.
[X] I understand that improperly formatted bug reports may be closed without explanation.

welcome[bot] commented 1 day ago

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

gaby commented 1 day ago

@jujur10 I'm not following what the issue is from the code. You are sending a " inside the cookie value?

Can you provide a more simple reproducible example? Ican't copy/run what you provided.

gofiber / fiber