def check_save_load_encryption_cryptography(session_getter):
"""Test if the data is actually persistent across requests"""
# cryptography only works for py3.3+, so skip for python 3.2
if sys.version_info[0] == 3 and sys.version_info[1] < 3:
raise SkipTest("Cryptography not supported on Python 3 lower than 3.3")
try:
get_crypto_module('cryptography').has_aes
except BeakerException:
raise SkipTest()
session = session_getter(
encrypt_key='666a19cf7f61c64c',
validate_key='hoobermas',
crypto_type='cryptography')
session[u_('Suomi')] = u_('Kimi Räikkönen')
session[u_('Great Britain')] = u_('Jenson Button')
session[u_('Deutchland')] = u_('Sebastian Vettel')
session.save()
session = session_getter(
id=session.id, encrypt_key='666a19cf7f61c64c',
validate_key='hoobermas',
crypto_type='cryptography')
assert u_('Suomi') in session
assert u_('Great Britain') in session
assert u_('Deutchland') in session
assert session[u_('Suomi')] == u_('Kimi Räikkönen')
assert session[u_('Great Britain')] == u_('Jenson Button')
assert session[u_('Deutchland')] == u_('Sebastian Vettel')
def check_decryption_failure(session_getter):
"""Test if the data fails without the right keys"""
if not get_crypto_module('default').has_aes:
raise SkipTest()
session = session_getter(encrypt_key='666a19cf7f61c64c',
validate_key='hoobermas')
session[u_('Suomi')] = u_('Kimi Räikkönen')
session[u_('Great Britain')] = u_('Jenson Button')
session[u_('Deutchland')] = u_('Sebastian Vettel')
session.save()
session = session_getter(id=session.id, encrypt_key='asfdasdfadsfsadf',
validate_key='hoobermas', invalidate_corrupt=True)
assert u_('Suomi') not in session
assert u_('Great Britain') not in session
def check_save_load_encryption(session_getter):
"""Test if the data is actually persistent across requests"""
if not get_crypto_module('default').has_aes:
raise SkipTest()
session = session_getter(encrypt_key='666a19cf7f61c64c',
validate_key='hoobermas')
session[u_('Suomi')] = u_('Kimi Räikkönen')
session[u_('Great Britain')] = u_('Jenson Button')
session[u_('Deutchland')] = u_('Sebastian Vettel')
session.save()
session = session_getter(id=session.id, encrypt_key='666a19cf7f61c64c',
validate_key='hoobermas')
assert u_('Suomi') in session
assert u_('Great Britain') in session
assert u_('Deutchland') in session
assert session[u_('Suomi')] == u_('Kimi Räikkönen')
assert session[u_('Great Britain')] == u_('Jenson Button')
assert session[u_('Deutchland')] == u_('Sebastian Vettel')
import os
import json
import beaker.session
import beaker.util
from beaker.session import SignedCookie
from beaker._compat import b64decode
from beaker.middleware import SessionMiddleware
from nose import SkipTest
try:
from webtest import TestApp
except ImportError:
raise SkipTest("webtest not installed")
from beaker import crypto
if not crypto.get_crypto_module('default').has_aes:
raise SkipTest("No AES library is installed, can't test cookie-only "
"Sessions")
def simple_app(environ, start_response):
session = environ['beaker.session']
if not session.has_key('value'):
session['value'] = 0
session['value'] += 1
if not environ['PATH_INFO'].startswith('/nosave'):
session.save()
start_response('200 OK', [('Content-type', 'text/plain')])
msg = 'The current value is: %d and cookie is %s' % (session['value'], session)
return [msg.encode('UTF-8')]
def test_increment():
def __init__(self, request, key='beaker.session.id', timeout=None,
save_accessed_time=True, cookie_expires=True, cookie_domain=None,
cookie_path='/', encrypt_key=None, validate_key=None, secure=False,
httponly=False, data_serializer='pickle',
encrypt_nonce_bits=DEFAULT_NONCE_BITS, invalidate_corrupt=False,
crypto_type='default',
**kwargs):
self.crypto_module = get_crypto_module(crypto_type)
if not self.crypto_module.has_aes and encrypt_key:
raise InvalidCryptoBackendError("No AES library is installed, can't generate "
"encrypted cookie-only Session.")
self.request = request
self.key = key
self.timeout = timeout
self.save_atime = save_accessed_time
self.cookie_expires = cookie_expires
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.request['set_cookie'] = False
self.secure = secure
self.httponly = httponly
self._domain = cookie_domain
self._path = cookie_path
self.invalidate_corrupt = invalidate_corrupt
self._set_serializer(data_serializer)
try:
cookieheader = request['cookie']
except KeyError:
cookieheader = ''
if validate_key is None:
raise BeakerException("No validate_key specified for Cookie only "
"Session.")
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
try:
self.cookie = SignedCookie(
validate_key,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
validate_key,
input=None,
)
self['_id'] = _session_id()
self.is_new = True
# If we have a cookie, load it
if self.key in self.cookie and self.cookie[self.key].value is not None:
self.is_new = False
try:
cookie_data = self.cookie[self.key].value
if cookie_data is InvalidSignature:
raise BeakerException("Invalid signature")
self.update(self._decrypt_data(cookie_data))
self._path = self.get('_path', '/')
except Exception as e:
if self.invalidate_corrupt:
util.warn(
"Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
if self.timeout is not None:
now = time.time()
last_accessed_time = self.get('_accessed_time', now)
if now - last_accessed_time > self.timeout:
self.clear()
self.accessed_dict = self.copy()
self._create_cookie()
def __init__(self, request, id=None, invalidate_corrupt=False,
use_cookies=True, type=None, data_dir=None,
key='beaker.session.id', timeout=None, save_accessed_time=True,
cookie_expires=True, cookie_domain=None, cookie_path='/',
data_serializer='pickle', secret=None,
secure=False, namespace_class=None, httponly=False,
encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS,
crypto_type='default',
**namespace_args):
if not type:
if data_dir:
self.type = 'file'
else:
self.type = 'memory'
else:
self.type = type
self.namespace_class = namespace_class or clsmap[self.type]
self.namespace_args = namespace_args
self.request = request
self.data_dir = data_dir
self.key = key
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
self.timeout = timeout
self.save_atime = save_accessed_time
self.use_cookies = use_cookies
self.cookie_expires = cookie_expires
self._set_serializer(data_serializer)
# Default cookie domain/path
self._domain = cookie_domain
self._path = cookie_path
self.was_invalidated = False
self.secret = secret
self.secure = secure
self.httponly = httponly
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.crypto_module = get_crypto_module(crypto_type)
self.id = id
self.accessed_dict = {}
self.invalidate_corrupt = invalidate_corrupt
if self.use_cookies:
cookieheader = request.get('cookie', '')
if secret:
try:
self.cookie = SignedCookie(
secret,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
secret,
input=None,
)
else:
self.cookie = SimpleCookie(input=cookieheader)
if not self.id and self.key in self.cookie:
cookie_data = self.cookie[self.key].value
# Should we check invalidate_corrupt here?
if cookie_data is InvalidSignature:
cookie_data = None
self.id = cookie_data
self.is_new = self.id is None
if self.is_new:
self._create_id()
self['_accessed_time'] = self['_creation_time'] = time.time()
else:
try:
self.load()
except Exception as e:
if self.invalidate_corrupt:
util.warn(
"Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
def __init__(self, request, id=None, invalidate_corrupt=False,
use_cookies=True, type=None, data_dir=None,
key='beaker.session.id', timeout=None, save_accessed_time=True,
cookie_expires=True, cookie_domain=None, cookie_path='/',
data_serializer='pickle', secret=None,
secure=False, namespace_class=None, httponly=False,
encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS,
crypto_type='default', samesite='Lax',
**namespace_args):
if not type:
if data_dir:
self.type = 'file'
else:
self.type = 'memory'
else:
self.type = type
self.namespace_class = namespace_class or clsmap[self.type]
self.namespace_args = namespace_args
self.request = request
self.data_dir = data_dir
self.key = key
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
self.timeout = timeout
# If a timeout was provided, forward it to the backend too, so the backend
# can automatically expire entries if it's supported.
if self.timeout is not None:
# The backend expiration should always be a bit longer than the
# session expiration itself to prevent the case where the backend data expires while
# the session is being read (PR#153). 2 Minutes seems a reasonable time.
self.namespace_args['timeout'] = self.timeout + 60 * 2
self.save_atime = save_accessed_time
self.use_cookies = use_cookies
self.cookie_expires = cookie_expires
self._set_serializer(data_serializer)
# Default cookie domain/path
self._domain = cookie_domain
self._path = cookie_path
self.was_invalidated = False
self.secret = secret
self.secure = secure
self.httponly = httponly
self.samesite = samesite
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.crypto_module = get_crypto_module(crypto_type)
self.id = id
self.accessed_dict = {}
self.invalidate_corrupt = invalidate_corrupt
if self.use_cookies:
cookieheader = request.get('cookie', '')
if secret:
try:
self.cookie = SignedCookie(
secret,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
secret,
input=None,
)
else:
self.cookie = SimpleCookie(input=cookieheader)
if not self.id and self.key in self.cookie:
cookie_data = self.cookie[self.key].value
# Should we check invalidate_corrupt here?
if cookie_data is InvalidSignature:
cookie_data = None
self.id = cookie_data
self.is_new = self.id is None
if self.is_new:
self._create_id()
self['_accessed_time'] = self['_creation_time'] = time.time()
else:
try:
self.load()
except Exception as e:
if self.invalidate_corrupt:
util.warn(
"Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
def __init__(self,
request,
id=None,
invalidate_corrupt=False,
use_cookies=True,
type=None,
data_dir=None,
key='beaker.session.id',
timeout=None,
save_accessed_time=True,
cookie_expires=True,
cookie_domain=None,
cookie_path='/',
data_serializer='pickle',
secret=None,
secure=False,
namespace_class=None,
httponly=False,
encrypt_key=None,
validate_key=None,
encrypt_nonce_bits=DEFAULT_NONCE_BITS,
crypto_type='default',
**namespace_args):
if not type:
if data_dir:
self.type = 'file'
else:
self.type = 'memory'
else:
self.type = type
self.namespace_class = namespace_class or clsmap[self.type]
self.namespace_args = namespace_args
self.request = request
self.data_dir = data_dir
self.key = key
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
self.timeout = timeout
# If a timeout was provided, forward it to the backend too, so the backend
# can automatically expire entries if it's supported.
if self.timeout is not None:
# The backend expiration should always be a bit longer than the
# session expiration itself to prevent the case where the backend data expires while
# the session is being read (PR#153). 2 Minutes seems a reasonable time.
self.namespace_args['timeout'] = self.timeout + 60 * 2
self.save_atime = save_accessed_time
self.use_cookies = use_cookies
self.cookie_expires = cookie_expires
self._set_serializer(data_serializer)
# Default cookie domain/path
self._domain = cookie_domain
self._path = cookie_path
self.was_invalidated = False
self.secret = secret
self.secure = secure
self.httponly = httponly
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.crypto_module = get_crypto_module(crypto_type)
self.id = id
self.accessed_dict = {}
self.invalidate_corrupt = invalidate_corrupt
if self.use_cookies:
cookieheader = request.get('cookie', '')
if secret:
try:
self.cookie = SignedCookie(
secret,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
secret,
input=None,
)
else:
self.cookie = SimpleCookie(input=cookieheader)
if not self.id and self.key in self.cookie:
cookie_data = self.cookie[self.key].value
# Should we check invalidate_corrupt here?
if cookie_data is InvalidSignature:
cookie_data = None
self.id = cookie_data
self.is_new = self.id is None
if self.is_new:
self._create_id()
self['_accessed_time'] = self['_creation_time'] = time.time()
else:
try:
self.load()
except Exception as e:
if self.invalidate_corrupt:
util.warn("Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
def __init__(self,
request,
key='beaker.session.id',
timeout=None,
save_accessed_time=True,
cookie_expires=True,
cookie_domain=None,
cookie_path='/',
encrypt_key=None,
validate_key=None,
secure=False,
httponly=False,
data_serializer='pickle',
encrypt_nonce_bits=DEFAULT_NONCE_BITS,
invalidate_corrupt=False,
crypto_type='default',
**kwargs):
self.crypto_module = get_crypto_module(crypto_type)
if encrypt_key and not self.crypto_module.has_aes:
raise InvalidCryptoBackendError(
"No AES library is installed, can't generate "
"encrypted cookie-only Session.")
self.request = request
self.key = key
self.timeout = timeout
self.save_atime = save_accessed_time
self.cookie_expires = cookie_expires
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.request['set_cookie'] = False
self.secure = secure
self.httponly = httponly
self._domain = cookie_domain
self._path = cookie_path
self.invalidate_corrupt = invalidate_corrupt
self._set_serializer(data_serializer)
try:
cookieheader = request['cookie']
except KeyError:
cookieheader = ''
if validate_key is None:
raise BeakerException("No validate_key specified for Cookie only "
"Session.")
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
try:
self.cookie = SignedCookie(
validate_key,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
validate_key,
input=None,
)
self['_id'] = _session_id()
self.is_new = True
# If we have a cookie, load it
if self.key in self.cookie and self.cookie[self.key].value is not None:
self.is_new = False
try:
cookie_data = self.cookie[self.key].value
if cookie_data is InvalidSignature:
raise BeakerException("Invalid signature")
self.update(self._decrypt_data(cookie_data))
self._path = self.get('_path', '/')
except Exception as e:
if self.invalidate_corrupt:
util.warn("Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
if self.timeout is not None:
now = time.time()
last_accessed_time = self.get('_accessed_time', now)
if now - last_accessed_time > self.timeout:
self.clear()
self.accessed_dict = self.copy()
self._create_cookie()
def __init__(self,
request,
id=None,
invalidate_corrupt=False,
use_cookies=True,
type=None,
data_dir=None,
key='beaker.session.id',
timeout=None,
save_accessed_time=True,
cookie_expires=True,
cookie_domain=None,
cookie_path='/',
data_serializer='pickle',
secret=None,
secure=False,
namespace_class=None,
httponly=False,
encrypt_key=None,
validate_key=None,
encrypt_nonce_bits=DEFAULT_NONCE_BITS,
crypto_type='default',
**namespace_args):
if not type:
if data_dir:
self.type = 'file'
else:
self.type = 'memory'
else:
self.type = type
self.namespace_class = namespace_class or clsmap[self.type]
self.namespace_args = namespace_args
self.request = request
self.data_dir = data_dir
self.key = key
if timeout and not save_accessed_time:
raise BeakerException("timeout requires save_accessed_time")
self.timeout = timeout
self.save_atime = save_accessed_time
self.use_cookies = use_cookies
self.cookie_expires = cookie_expires
self._set_serializer(data_serializer)
# Default cookie domain/path
self._domain = cookie_domain
self._path = cookie_path
self.was_invalidated = False
self.secret = secret
self.secure = secure
self.httponly = httponly
self.encrypt_key = encrypt_key
self.validate_key = validate_key
self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits)
self.crypto_module = get_crypto_module(crypto_type)
self.id = id
self.accessed_dict = {}
self.invalidate_corrupt = invalidate_corrupt
if self.use_cookies:
cookieheader = request.get('cookie', '')
if secret:
try:
self.cookie = SignedCookie(
secret,
input=cookieheader,
)
except http_cookies.CookieError:
self.cookie = SignedCookie(
secret,
input=None,
)
else:
self.cookie = SimpleCookie(input=cookieheader)
if not self.id and self.key in self.cookie:
cookie_data = self.cookie[self.key].value
# Should we check invalidate_corrupt here?
if cookie_data is InvalidSignature:
cookie_data = None
self.id = cookie_data
self.is_new = self.id is None
if self.is_new:
self._create_id()
self['_accessed_time'] = self['_creation_time'] = time.time()
else:
try:
self.load()
except Exception as e:
if self.invalidate_corrupt:
util.warn("Invalidating corrupt session %s; "
"error was: %s. Set invalidate_corrupt=False "
"to propagate this exception." % (self.id, e))
self.invalidate()
else:
raise
import re
import os
import beaker.session
from beaker.middleware import SessionMiddleware
from nose import SkipTest
try:
from webtest import TestApp
except ImportError:
raise SkipTest("webtest not installed")
from beaker import crypto
if not crypto.get_crypto_module('default').has_aes:
raise SkipTest("No AES library is installed, can't test cookie-only "
"Sessions")
def simple_app(environ, start_response):
session = environ['beaker.session']
if not session.has_key('value'):
session['value'] = 0
session['value'] += 1
domain = environ.get('domain')
if domain:
session.domain = domain
if not environ['PATH_INFO'].startswith('/nosave'):
session.save()
start_response('200 OK', [('Content-type', 'text/plain')])
msg = 'The current value is: %d and cookie is %s' % (session['value'],
session)
import beaker.session
import beaker.util
from beaker.session import SignedCookie
from beaker._compat import b64decode
from beaker.middleware import SessionMiddleware
from nose import SkipTest
try:
from webtest import TestApp
except ImportError:
raise SkipTest("webtest not installed")
from beaker import crypto
if not crypto.get_crypto_module("default").has_aes:
raise SkipTest("No AES library is installed, can't test cookie-only "
"Sessions")
def simple_app(environ, start_response):
session = environ["beaker.session"]
if not session.has_key("value"):
session["value"] = 0
session["value"] += 1
if not environ["PATH_INFO"].startswith("/nosave"):
session.save()
start_response("200 OK", [("Content-type", "text/plain")])
msg = "The current value is: %d and cookie is %s" % (session["value"],
session)
return [msg.encode("UTF-8")]