def test_insecure_cookie_policy():
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
request = Request.blank("/")
headers = policy.forget(request)
_, cookie = headers[0]
chunks = cookie.split("; ")
assert "secure" not in chunks
def test_cookie_policy_max_age():
expiry = timedelta(seconds=10)
policy = JWTCookieAuthenticationPolicy("secret", expiration=expiry)
request = Request.blank("/")
headers = policy.forget(request)
_, cookie = headers[0]
chunks = cookie.split("; ")
assert "Max-Age=10" not in chunks
def test_cookie_policy_forget():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
headers = policy.forget(request)
header, cookie = headers[0]
assert header.lower() == "set-cookie"
chunks = cookie.split("; ")
cookie_values = [c for c in chunks if "=" in c]
assert cookie_values[0].startswith(f"{policy.cookie_name}=")
assert "Max-Age=0" in chunks
assert hasattr(request, "_jwt_cookie_reissue_revoked")
