Code review

leandrohlsilva · leandrohlsilva · commit dd521f2dc1fb · 2025-02-26T13:35:05.000-03:00
diff --git a/lib/index.js b/lib/index.js
@@ -295,7 +295,10 @@ exports.Definitions = class {
                 segment = `${segment}; SameSite=${definition.isSameSite}`;
             }
 
-            if (definition.isPartitioned && definition.isSecure && definition.isSameSite === 'None') {
+            if (definition.isPartitioned) {
+                if (!definition.isSecure || definition.isSameSite !== 'None') {
+                    throw Boom.badImplementation('Partitioned flag can only be used with secure SameSite=None cookies')
+                }
                 segment = `${segment}; Partitioned`;
             }
 
diff --git a/test/index.js b/test/index.js
@@ -1056,18 +1056,25 @@ describe('Definitions', () => {
                 expect(header[0]).to.equal('sid=fihfieuhr9384hf; Secure; HttpOnly; SameSite=None; Partitioned');
             });
 
-            it('ignores partitioned option if not secure', async () => {
+            it('throws error if partitioned option if not secure', async () => {
 
                 const definitions = new Statehood.Definitions();
-                const header = await definitions.format({ name: 'sid', value: 'fihfieuhr9384hf', options: { isPartitioned: true, isSecure: false, isHttpOnly: true, isSameSite: 'None' } });
-                expect(header[0]).to.equal('sid=fihfieuhr9384hf; HttpOnly; SameSite=None');
+                const result = await definitions.format({ name: 'sid', value: 'fihfieuhr9384hf', options: { isPartitioned: true, isSecure: false, isHttpOnly: true, isSameSite: 'None' } });
+                expect(result.message).to.equal('Partitioned cookies must be secure');
             });
 
-            it('ignores partitioned option if not SameSite=None', async () => {
+            it('throws error if partitioned option if not SameSite=None', async () => {
 
                 const definitions = new Statehood.Definitions();
-                const header = await definitions.format({ name: 'sid', value: 'fihfieuhr9384hf', options: { isPartitioned: true, isSecure: true, isHttpOnly: true, isSameSite: 'Lax' } });
-                expect(header[0]).to.equal('sid=fihfieuhr9384hf; Secure; HttpOnly; SameSite=Lax');
+                const result = await definitions.format({ name: 'sid', value: 'fihfieuhr9384hf', options: { isPartitioned: true, isSecure: true, isHttpOnly: true, isSameSite: 'Lax' } });
+                expect(result.message).to.equal('Partitioned cookies must have SameSite=None');
+            });
+
+            it('throws error if partitioned option if not secure and not SameSite=None', async () => {
+
+                const definitions = new Statehood.Definitions();
+                const result = await definitions.format({ name: 'sid', value: 'fihfieuhr9384hf', options: { isPartitioned: true, isSecure: false, isHttpOnly: true, isSameSite: 'Lax' } });
+                expect(result.message).to.equal('Partitioned cookies must be secure and have SameSite=None');
             });
         });
 

Original file line number	Diff line number	Diff line change
`@@ -295,7 +295,10 @@ exports.Definitions = class {`
`295`	`295`	segment = `${segment}; SameSite=${definition.isSameSite}`;
`296`	`296`	`}`
`297`	`297`
`298`		`- if (definition.isPartitioned && definition.isSecure && definition.isSameSite === 'None') {`
	`298`	`+ if (definition.isPartitioned) {`
	`299`	`+ if (!definition.isSecure \|\| definition.isSameSite !== 'None') {`
	`300`	`+ throw Boom.badImplementation('Partitioned flag can only be used with secure SameSite=None cookies')`
	`301`	`+ }`
`299`	`302`	segment = `${segment}; Partitioned`;
`300`	`303`	`}`
`301`	`304`