What could cause an "Invalid cookie signature"-error when testing?


#1

Dear Silhouette Forum,

I am trying to set up a test on a secured action (in play). The environment that is being used takes a user and the CookieAuthenticator. When testing the application manually, everything works fine, meaning: I log in and get a cookie. When accessing a secured URL, the cookie is working and I am granted access.

However, when trying to set up a test for the page (and following the docs as close as possible), the action always returns a 401. This is the test-code:


class SettingsSpec extends PlaySpecification with TestUsers {

  "Settings" should {

    "work" in new WithApplication {
      val loginInfo = LoginInfo(CredentialsProvider.ID, testUserConfirmed.email.current)
      val identity = testUserConfirmed
      implicit val env = FakeEnvironment[PortalEnv](Seq(loginInfo -> identity))
      val request = FakeRequest(controllers.consumer.routes.SettingsController.settings()).withAuthenticator(loginInfo)
      request.headers.toSimpleMap.foreach(println(_))

      val controller = app.injector.instanceOf[SettingsController]
      val result = controller.settings(request)

      status(result) must equalTo(OK)
    }
  }
}

When setting the logs to DEBUG level, I can see, that the request fails like this:

[info] - com.mohiva.play.silhouette.impl.authenticators.CookieAuthenticatorService - [Silhouette][cookie-authenticator] Invalid cookie signature
com.mohiva.play.silhouette.api.exceptions.AuthenticatorException: [Silhouette][cookie-authenticator] Invalid cookie signature
        at com.mohiva.play.silhouette.impl.authenticators.CookieAuthenticator$.unserialize(CookieAuthenticator.scala:124)
        at com.mohiva.play.silhouette.impl.authenticators.CookieAuthenticatorService$$anonfun$retrieve$3.apply(CookieAuthenticator.scala:209)
        at com.mohiva.play.silhouette.impl.authenticators.CookieAuthenticatorService$$anonfun$retrieve$3.apply(CookieAuthenticator.scala:204)
        at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:253)
        at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:251)
        at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
        at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
        at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
        at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
        at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
        at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
        at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
        at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
        at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:405)
        at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
        at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
        at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
        at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: com.mohiva.play.silhouette.api.exceptions.CryptoException: [Silhouette][JcaCookieSigner] Invalid message format; Expected [VERSION]-[SIGNATURE]-[DATA]
        at com.mohiva.play.silhouette.crypto.JcaCookieSigner.com$mohiva$play$silhouette$crypto$JcaCookieSigner$$fragment(JcaCookieSigner.scala:82)
        at com.mohiva.play.silhouette.crypto.JcaCookieSigner.extract(JcaCookieSigner.scala:61)
        at com.mohiva.play.silhouette.impl.authenticators.CookieAuthenticator$.unserialize(CookieAuthenticator.scala:122)
        ... 17 common frames omitted
[debug] - com.mohiva.play.silhouette.api.actions.DefaultSecuredErrorHandler - [Silhouette] Unauthenticated user trying to access '/settings'

I assume it must be some sort of miss-configuration, but do not a have an idea what could actually create the problem in testing, while it is working when used normally.

Any hints would be much appreciated. Thank you!


#2

Hi,

Do you bind the fake environment for the test, so that it can be injected into your controller?

Best regards,
Christian


#3

Ah, snap. Somehow missed that. Thanks for the help!