rust-httpc-test
rust-httpc-test copied to clipboard
jeremychone
Client.client_cookies not updating as expected when removing a cookies
TLDR; A removed cookie correctly has a empty string value when removed on a response, but client.cookie_value shows old cookie value.
The axum route handlers `async fn login( State(mm): State<ModelManager>, cookies: Cookies, payload: Json<LoginPayload> ) -> Result<StatusCode> { // get user by email let user = UserModel::find_user_by_email(mm.clone(), payload.email.clone()).await?; // compare user.pwd with pwd_clear verify_password(payload.pwd_clear.clone(), user.pwd)?; // create access using user_id let access_id = AccessModel::create(mm.clone(), user.id).await?; // create an auth_token let auth_token = generate_auth_token(user.id, access_id)?; let auth_token_string = json!(auth_token).to_string(); // set cookie on cookies cookies.add(build_auth_token_cookie(auth_token_string));
// return status code 201
Ok(StatusCode::CREATED)
}
pub async fn logout( State(_mm): State<ModelManager>, cookies: Cookies, ) -> Result<StatusCode> { cookies.remove(build_auth_token_cookie("auth_token_string".to_string())); Ok(StatusCode::OK) }`
The test `#[tokio::test] async fn test_routes_api_logout_ok() -> httpc_test::Result<()> { let hc = http_client().await?;
// Simulate a login to get a cookie (optional, depending on your app logic)
let login_res = hc.do_post("/api/auth/login", json!(valid_login_payload())).await.unwrap();
assert_eq!(login_res.status(), 201);
// Now logout
let logout_res = hc.do_post("/api/auth/logout", "").await.unwrap();
// Check that logout was successful
assert_eq!(logout_res.status(), 200);
// Optionally check that the cookie is removed
let auth_token_cookie = logout_res.res_cookie_value(AUTH_TOKEN);
match auth_token_cookie {
Some(val) => assert_eq!(val, ""),
None => assert!(false)
}
let auth_token_cookie = hc.cookie_value(AUTH_TOKEN);
match auth_token_cookie {
Some(val) => assert_eq!(val, ""),
None => assert!(false)
}
Ok(())
} `
The failure:
1 failed: api_routes_auth::test_routes_api_logout_ok ▐ ▐ ▐▐▐ ▐ ▐▐
thread 'api_routes_auth::test_routes_api_logout_ok' panicked at tests/api_routes_auth.rs:60:22: ▐ ▐ ▐▐▐
assertion left == right failed ▐ ▐
left: "{"access_id":1005,"expires":"2025-06-06T04:52:47.500497Z","signature":574558026420067120,"user_id":999}"
right: ""
Note, this is the second match, with hc.cookie_value. When commented out, this test passes.
The axum cookie store appears to correctly mark the auth-token cookie to be removed,
I genuinely don't know why this is happening. I looked and request::client::provide_cookie_store should pass management of the cookies to reqwest.
