def _save_session(session: SecureCookieSession) -> Response:
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = 'secret'
response = Response('')
interface.save_session(app, session, response)
return response
def test_access_log_standard_atoms() -> None:
request_headers = CIMultiDict({
'Referer': 'stet.io',
'Remote-Addr': '127.0.0.1',
'User-Agent': 'quart',
})
request = Request('GET', '/?x=y', request_headers)
response = Response('Hello', 202)
atoms = AccessLogAtoms(request, response, 'h2', 0.000023)
assert atoms['h'] == '127.0.0.1'
assert atoms['l'] == '-'
assert time.strptime(atoms['t'], '[%d/%b/%Y:%H:%M:%S %z]')
assert int(atoms['s']) == 202
assert atoms['m'] == 'GET'
assert atoms['U'] == '/'
assert atoms['q'] == 'x=y'
assert atoms['H'] == 'h2'
assert int(atoms['b']) == len('Hello')
assert int(atoms['B']) == len('Hello')
assert atoms['f'] == 'stet.io'
assert atoms['a'] == 'quart'
assert atoms['p'] == f"<{os.getpid()}>"
assert atoms['not-atom'] == '-'
assert atoms['T'] == 0
assert atoms['D'] == 23
assert atoms['L'] == '0.000023'
async def _save_session(session: SecureCookieSession) -> Response:
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = "secret"
response = Response("")
await interface.save_session(app, session, response)
return response
def test_access_log_environ_atoms() -> None:
os.environ['Random'] = 'Environ'
request_headers = CIMultiDict({
'Remote-Addr': '127.0.0.1',
})
request = Request('GET', '/', request_headers)
response = Response('Hello', 200)
atoms = AccessLogAtoms(request, response, 'h2', 0)
assert atoms['{random}e'] == 'Environ'
async def save_session( # type: ignore
self, app: "Quart", session: SecureCookieSession,
response: Response) -> None:
# prevent set-cookie on unmodified session objects
if not session.modified:
return
# prevent set-cookie on (static) file responses
# https://github.com/fengsp/flask-session/pull/70
if self._config['SESSION_STATIC_FILE'] is False and \
isinstance(response.response, FileBody):
return
session_key = self.key_prefix + session.sid
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
if not session:
if session.modified:
await self.delete(key=session_key, app=app)
response.delete_cookie(app.session_cookie_name,
domain=domain,
path=path)
return
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
expires = self.get_expiration_time(app, session)
if self.serializer is None:
val = dict(session)
else:
val = self.serializer.dumps(dict(session))
await self.set(key=session_key, value=val, app=app)
if self.use_signer:
session_id = self._get_signer(app).sign(want_bytes(session.sid))
else:
session_id = session.sid
response.set_cookie(app.session_cookie_name,
session_id,
expires=expires,
httponly=httponly,
domain=domain,
path=path,
secure=secure)
def test_secure_cookie_session_interface_open_session() -> None:
session = SecureCookieSession()
session['something'] = 'else'
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = 'secret'
response = Response('')
interface.save_session(app, session, response)
request = Request('GET', 'http', '/', b'', CIMultiDict())
request.headers['Cookie'] = response.headers['Set-Cookie']
new_session = interface.open_session(app, request)
assert new_session == session
async def username(username):
if 'Origin' in request.headers:
hostname = urlparse(request.headers['Origin']).hostname
response = Response("{}",
headers={
'Access-Control-Allow-Origin':
'https://' + hostname,
'Access-Control-Allow-Headers': 'authorization'
})
return response
return 'hello {}'.format(username)
def test_access_log_header_atoms() -> None:
request_headers = CIMultiDict({
'Random': 'Request',
'Remote-Addr': '127.0.0.1',
})
request = Request('GET', '/', request_headers)
response_headers = CIMultiDict({
'Random': 'Response',
})
response = Response('Hello', 200, response_headers)
atoms = AccessLogAtoms(request, response, 'h2', 0)
assert atoms['{random}i'] == 'Request'
assert atoms['{RANDOM}i'] == 'Request'
assert atoms['{not-atom}i'] == '-'
assert atoms['{random}o'] == 'Response'
assert atoms['{RANDOM}o'] == 'Response'
def test_secure_cookie_session_interface_save_session() -> None:
session = SecureCookieSession()
session['something'] = 'else'
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = 'secret'
response = Response('')
interface.save_session(app, session, response)
cookies = SimpleCookie()
cookies.load(response.headers['Set-Cookie'])
cookie = cookies[app.session_cookie_name]
assert cookie['path'] == interface.get_cookie_path(app)
assert cookie['httponly'] == '' if not interface.get_cookie_httponly(app) else True
assert cookie['secure'] == '' if not interface.get_cookie_secure(app) else True
assert cookie['domain'] == (interface.get_cookie_domain(app) or '')
assert cookie['expires'] == (interface.get_expiration_time(app, session) or '')
assert response.headers['Vary'] == 'Cookie'
async def test_secure_cookie_session_interface_open_session() -> None:
session = SecureCookieSession()
session["something"] = "else"
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = "secret"
response = Response("")
await interface.save_session(app, session, response)
request = Request("GET",
"http",
"/",
b"",
Headers(),
"",
"1.1", {},
send_push_promise=no_op_push)
request.headers["Cookie"] = response.headers["Set-Cookie"]
new_session = await interface.open_session(app, request)
assert new_session == session
async def test_secure_cookie_session_interface_save_session() -> None:
session = SecureCookieSession()
session["something"] = "else"
interface = SecureCookieSessionInterface()
app = Quart(__name__)
app.secret_key = "secret"
response = Response("")
await interface.save_session(app, session, response)
cookies: SimpleCookie = SimpleCookie()
cookies.load(response.headers["Set-Cookie"])
cookie = cookies[app.session_cookie_name]
assert cookie["path"] == interface.get_cookie_path(app)
assert cookie["httponly"] == "" if not interface.get_cookie_httponly(
app) else True
assert cookie["secure"] == "" if not interface.get_cookie_secure(
app) else True
if version_info >= (3, 8):
assert cookie["samesite"] == (interface.get_cookie_samesite(app) or "")
assert cookie["domain"] == (interface.get_cookie_domain(app) or "")
assert cookie["expires"] == (interface.get_expiration_time(app, session)
or "")
assert response.headers["Vary"] == "Cookie"
import asyncio
from typing import NoReturn, Optional, Set
import pytest
from _pytest.monkeypatch import MonkeyPatch
from asynctest import Mock as AsyncMock
from quart.app import Quart
from quart.datastructures import CIMultiDict
from quart.globals import session, websocket
from quart.sessions import SecureCookieSession, SessionInterface
from quart.testing import no_op_push, WebsocketResponse
from quart.typing import ResponseReturnValue
from quart.wrappers import Response
TEST_RESPONSE = Response("")
def test_endpoint_overwrite() -> None:
app = Quart(__name__)
def route() -> str:
return ""
def route2() -> str:
return ""
async def route3() -> str:
return ""
app.add_url_rule("/a", "index", route, ["GET"])
import os
from typing import Optional, Set
from unittest.mock import Mock
import pytest
from quart.app import Quart
from quart.globals import session, websocket
from quart.sessions import SecureCookieSession
from quart.testing import WebsocketResponse
from quart.typing import ResponseReturnValue
from quart.wrappers import Response
TEST_RESPONSE = Response('')
def test_endpoint_overwrite() -> None:
app = Quart(__name__)
def route() -> str:
return ''
def route2() -> str:
return ''
async def route3() -> str:
return ''
app.add_url_rule('/a', 'index', route, ['GET'])
app.add_url_rule('/a/a', 'index', route,
['GET']) # Should not assert, as same view func
async def test_response_body() -> None:
response = Response(b'Body')
assert b'Body' == (await response.get_data()) # type: ignore
# Fetch again to ensure it isn't exhausted
assert b'Body' == (await response.get_data()) # type: ignore
import pytest
from _pytest.monkeypatch import MonkeyPatch
from hypercorn.typing import HTTPScope, WebsocketScope
from werkzeug.datastructures import Headers
from werkzeug.exceptions import InternalServerError
from werkzeug.wrappers import Response as WerkzeugResponse
from quart.app import Quart
from quart.globals import current_app, session, websocket
from quart.sessions import SecureCookieSession, SessionInterface
from quart.testing import no_op_push, WebsocketResponseError
from quart.typing import ResponseReturnValue
from quart.wrappers import Request, Response
TEST_RESPONSE = Response("")
try:
from unittest.mock import AsyncMock
except ImportError:
# Python < 3.8
from mock import AsyncMock # type: ignore
class SimpleError(Exception):
pass
def test_endpoint_overwrite() -> None:
app = Quart(__name__)
