def test_process_response_valid_cookie_checksum_calculation(self):
        self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'no checksum value'
        self.raw_request.COOKIES[ECOOKIE['NAME']] = cookie_val
        self.mi.process_response(self.raw_request, self.raw_response)
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join([cookie_val, calc_checksum(cookie_val, length=10)])
        set_cookie = self.raw_response.cookies[ ECOOKIE['NAME'] ]
        assert expected_cookie in str(set_cookie)
    def test_process_response_cookie_invalid_checksum_set_cookie(self):
        #self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'w/ checksum value'
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join([cookie_val, calc_checksum(cookie_val, length=10)])

        self.raw_request.COOKIES[ECOOKIE['NAME']] = expected_cookie[:-1]
        self.mi.process_response(self.raw_request, self.raw_response)

        assert ECOOKIE['INVALID'] in  str( self.raw_response.cookies[ECOOKIE['NAME']] )
    def test_process_response_valid_cookie_valid_checksum_dont_set_cookie(self):
        #self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'w/ checksum value'
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join([cookie_val, calc_checksum(cookie_val, length=10)])

        self.raw_request.COOKIES[ECOOKIE['NAME']] = expected_cookie
        self.mi.process_response(self.raw_request, self.raw_response)

        assert_equals([], self.raw_response.cookies.keys())
Beispiel #4
0
    def test_process_response_valid_cookie_checksum_calculation(self):
        self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'no checksum value'
        self.raw_request.COOKIES[ECOOKIE['NAME']] = cookie_val
        self.mi.process_response(self.raw_request, self.raw_response)
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join(
            [cookie_val, calc_checksum(cookie_val, length=10)])
        set_cookie = self.raw_response.cookies[ECOOKIE['NAME']]
        assert expected_cookie in str(set_cookie)
Beispiel #5
0
    def test_process_response_cookie_invalid_checksum_set_cookie(self):
        #self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'w/ checksum value'
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join(
            [cookie_val, calc_checksum(cookie_val, length=10)])

        self.raw_request.COOKIES[ECOOKIE['NAME']] = expected_cookie[:-1]
        self.mi.process_response(self.raw_request, self.raw_response)

        assert ECOOKIE['INVALID'] in str(
            self.raw_response.cookies[ECOOKIE['NAME']])
Beispiel #6
0
    def test_process_response_valid_cookie_valid_checksum_dont_set_cookie(
            self):
        #self.raw_request.entree_user = AnonymousUser()

        cookie_val = 'w/ checksum value'
        expected_cookie = COOKIE_CHECKSUM_SEPARATOR.join(
            [cookie_val, calc_checksum(cookie_val, length=10)])

        self.raw_request.COOKIES[ECOOKIE['NAME']] = expected_cookie
        self.mi.process_response(self.raw_request, self.raw_response)

        assert_equals([], self.raw_response.cookies.keys())
Beispiel #7
0
    def process_response(self, request, response):
        #TODO - update comment
        """
        check if login cookie exists
        if not, set anonymous (readable by JS) and do nothing
        if anonymous cookie already set, do nothing
        if user cookie set, check is user is valid
        """
        try:
            token_cookie = request.COOKIES[ECOOKIE['NAME']]
        except KeyError:
            invalid = request.entree_user.__class__ is InvalidUser
            self._set_anonymous_cookie(response, invalid)
            return response

        if token_cookie in (ECOOKIE['ANONYMOUS_VALUE'], ECOOKIE['INVALID']):
            return response

        try:
            token, checksum = token_cookie.split(COOKIE_CHECKSUM_SEPARATOR)
        except ValueError:
            token = token_cookie
            checksum = calc_checksum(token, length=COOKIE_CHECKSUM_LENGTH)
            new_val = COOKIE_CHECKSUM_SEPARATOR.join((token, checksum))

            response.set_cookie(key=ECOOKIE['NAME'],
                                value=new_val,
                                path=ECOOKIE['PATH'],
                                domain=ECOOKIE['DOMAIN'],
                                httponly=True)

        else:
            expected_checksum = calc_checksum(token,
                                              length=COOKIE_CHECKSUM_LENGTH)
            if expected_checksum != checksum:
                if ECOOKIE['NAME'] in request.COOKIES:
                    del request.COOKIES[ECOOKIE['NAME']]
                self._set_anonymous_cookie(response, invalid=True)

        return response
    def process_response(self, request, response):
        #TODO - update comment
        """
        check if login cookie exists
        if not, set anonymous (readable by JS) and do nothing
        if anonymous cookie already set, do nothing
        if user cookie set, check is user is valid
        """
        try:
            token_cookie = request.COOKIES[ECOOKIE['NAME']]
        except KeyError:
            invalid = request.entree_user.__class__ is InvalidUser
            self._set_anonymous_cookie(response, invalid)
            return response

        if token_cookie in (ECOOKIE['ANONYMOUS_VALUE'], ECOOKIE['INVALID']):
            return response

        try:
            token, checksum = token_cookie.split(COOKIE_CHECKSUM_SEPARATOR)
        except ValueError:
            token = token_cookie
            checksum = calc_checksum(token, length=COOKIE_CHECKSUM_LENGTH)
            new_val = COOKIE_CHECKSUM_SEPARATOR.join((token, checksum))

            response.set_cookie(key=ECOOKIE['NAME'], value=new_val,
                                path=ECOOKIE['PATH'],
                                domain=ECOOKIE['DOMAIN'], httponly=True)

        else:
            expected_checksum = calc_checksum(token, length=COOKIE_CHECKSUM_LENGTH)
            if expected_checksum != checksum:
                if ECOOKIE['NAME'] in request.COOKIES:
                    del request.COOKIES[ECOOKIE['NAME']]
                self._set_anonymous_cookie(response, invalid=True)

        return response
 def test_bad_checksum_raises(self):
     cookie_val = 'w/ checksum value'
     invalid_cookie = COOKIE_CHECKSUM_SEPARATOR.join([cookie_val, calc_checksum(cookie_val, length=10)])[:-1]
     assert_raises(InvalidAuth, self.fetcher.fetch, invalid_cookie)
Beispiel #10
0
 def test_bad_checksum_raises(self):
     cookie_val = 'w/ checksum value'
     invalid_cookie = COOKIE_CHECKSUM_SEPARATOR.join(
         [cookie_val, calc_checksum(cookie_val, length=10)])[:-1]
     assert_raises(InvalidAuth, self.fetcher.fetch, invalid_cookie)