def test_python_cookies(self):
"""
Test cases copied from Python's Lib/test/test_http_cookies.py
"""
self.assertEqual(
parse_cookie("chips=ahoy; vienna=finger"),
{
"chips": "ahoy",
"vienna": "finger"
},
)
# Here parse_cookie() differs from Python's cookie parsing in that it
# treats all semicolons as delimiters, even within quotes.
self.assertEqual(
parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
{
"keebler": '"E=mc2',
"L": '\\"Loves\\"',
"fudge": "\\012",
"": '"'
},
)
# Illegal cookies that have an '=' char in an unquoted value.
self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"})
# Cookies with ':' character in their name.
self.assertEqual(parse_cookie("key:term=value:term"),
{"key:term": "value:term"})
# Cookies with '[' and ']'.
self.assertEqual(parse_cookie("a=b; c=[; d=r; f=h"), {
"a": "b",
"c": "[",
"d": "r",
"f": "h"
})
def test_python_cookies(self):
"""
Test cases copied from Python's Lib/test/test_http_cookies.py
"""
self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {
'chips': 'ahoy',
'vienna': 'finger'
})
# Here parse_cookie() differs from Python's cookie parsing in that it
# treats all semicolons as delimiters, even within quotes.
self.assertEqual(
parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), {
'keebler': '"E=mc2',
'L': '\\"Loves\\"',
'fudge': '\\012',
'': '"'
})
# Illegal cookies that have an '=' char in an unquoted value.
self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'})
# Cookies with ':' character in their name.
self.assertEqual(parse_cookie('key:term=value:term'),
{'key:term': 'value:term'})
# Cookies with '[' and ']'.
self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {
'a': 'b',
'c': '[',
'd': 'r',
'f': 'h'
})
def test_cookie_edgecases(self):
# Cookies that RFC6265 allows.
self.assertEqual(parse_cookie('a=b; Domain=example.com'),
{'a': 'b', 'Domain': 'example.com'})
# parse_cookie() has historically kept only the last cookie with the
# same name.
self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
def test_cookie_edgecases(self):
# Cookies that RFC6265 allows.
self.assertEqual(
parse_cookie("a=b; Domain=example.com"), {"a": "b", "Domain": "example.com"}
)
# parse_cookie() has historically kept only the last cookie with the
# same name.
self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
def test_cookie_edgecases(self):
# Cookies that RFC6265 allows.
self.assertEqual(parse_cookie('a=b; Domain=example.com'), {
'a': 'b',
'Domain': 'example.com'
})
# parse_cookie() has historically kept only the last cookie with the
# same name.
self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
def test_cookie_edgecases(self):
# Cookies that RFC6265 allows.
self.assertEqual(parse_cookie("a=b; Domain=example.com"), {
"a": "b",
"Domain": "example.com"
})
# parse_cookie() has historically kept only the last cookie with the
# same name.
self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
async def test_logout(jp_serverapp, login, http_server_client, jp_base_url):
jp_serverapp.identity_provider.cookie_name = "test-cookie"
expected = jp_base_url
resp = await login(next=jp_base_url)
cookie_header = resp.headers["Set-Cookie"]
cookies = parse_cookie(cookie_header)
assert cookies.get("test-cookie")
resp = await http_server_client.fetch(jp_base_url + "logout",
headers={"Cookie": cookie_header})
assert resp.code == 200
cookie_header = resp.headers["Set-Cookie"]
cookies = parse_cookie(cookie_header)
assert cookies.get("test-cookie") == ""
assert "Successfully logged out" in resp.body.decode("utf8")
def assert_session_in_response(self, response, sid=None):
self.assertTrue("Set-Cookie" in response.headers)
cookie = parse_cookie(response.headers["Set-Cookie"])
self.assertTrue(app_session.PCSD_SESSION, cookie)
if sid:
self.assertEqual(cookie[app_session.PCSD_SESSION], sid)
return cookie[app_session.PCSD_SESSION]
async def _login(jp_serverapp, http_server_client, jp_base_url, next):
# first: request login page with no creds
login_url = url_path_join(jp_base_url, "login")
first = await http_server_client.fetch(login_url)
cookie_header = first.headers["Set-Cookie"]
cookies = parse_cookie(cookie_header)
# second, submit login form with credentials
try:
resp = await http_server_client.fetch(
url_concat(login_url, {"next": next}),
method="POST",
body=urlencode({
"password": jp_serverapp.token,
"_xsrf": cookies.get("_xsrf", ""),
}),
headers={"Cookie": cookie_header},
follow_redirects=False,
)
except HTTPClientError as e:
if e.code != 302:
raise
return e.response.headers["Location"]
else:
assert resp.code == 302, "Should have returned a redirect!"
def test_python_cookies(self):
"""
Test cases copied from Python's Lib/test/test_http_cookies.py
"""
self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {'chips': 'ahoy', 'vienna': 'finger'})
# Here parse_cookie() differs from Python's cookie parsing in that it
# treats all semicolons as delimiters, even within quotes.
self.assertEqual(
parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
{'keebler': '"E=mc2', 'L': '\\"Loves\\"', 'fudge': '\\012', '': '"'}
)
# Illegal cookies that have an '=' char in an unquoted value.
self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'})
# Cookies with ':' character in their name.
self.assertEqual(parse_cookie('key:term=value:term'), {'key:term': 'value:term'})
# Cookies with '[' and ']'.
self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {'a': 'b', 'c': '[', 'd': 'r', 'f': 'h'})
def cookies(self):
"""Get cookies as dict"""
cookies = {}
for new_cookie in self.response.headers.get_list('Set-Cookie'):
for n, v in parse_cookie(new_cookie).items():
cookies[n] = v
return cookies
def setCookie(self, response):
#get the cookies
cookies = response.headers['set-cookie'].split(",")
parsed = [httputil.parse_cookie(c) for c in cookies]
#get the user cookie
userCookie = next((c for c in parsed if "user" in c.keys()), None)
#get the role cookie
roleCookie = next((c for c in parsed if "role" in c.keys()), None)
self.cookie = "user="******";role=" + roleCookie['role']
def decode_cookie(response, name, max_age):
cookies = response.headers.get_list('Set-Cookie')
for cookie in cookies:
parsed = parse_cookie(cookie)
if name not in parsed:
continue
result = decode_signed_value(secret_conf.cookie_secret, name,
parsed[name], max_age)
return result
return None
def test_invalid_cookies(self):
"""
Cookie strings that go against RFC6265 but browsers will send if set
via document.cookie.
"""
# Chunks without an equals sign appear as unnamed values per
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
self.assertIn(
"django_language",
parse_cookie("abc=def; unnamed; django_language=en").keys(),
)
# Even a double quote may be an unamed value.
self.assertEqual(parse_cookie('a=b; "; c=d'), {"a": "b", "": '"', "c": "d"})
# Spaces in names and values, and an equals sign in values.
self.assertEqual(
parse_cookie("a b c=d e = f; gh=i"), {"a b c": "d e = f", "gh": "i"}
)
# More characters the spec forbids.
self.assertEqual(
parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'),
{"a b,c<>@:/[]?{}": 'd " =e,f g'},
)
# Unicode characters. The spec only allows ASCII.
self.assertEqual(
parse_cookie("saint=André Bessette"),
{"saint": native_str("André Bessette")},
)
# Browsers don't send extra whitespace or semicolons in Cookie headers,
# but parse_cookie() should parse whitespace the same way
# document.cookie parses whitespace.
self.assertEqual(
parse_cookie(" = b ; ; = ; c = ; "), {"": "b", "c": ""}
)
def test_invalid_cookies(self):
"""
Cookie strings that go against RFC6265 but browsers will send if set
via document.cookie.
"""
# Chunks without an equals sign appear as unnamed values per
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
self.assertIn(
'django_language',
parse_cookie('abc=def; unnamed; django_language=en').keys())
# Even a double quote may be an unamed value.
self.assertEqual(parse_cookie('a=b; "; c=d'), {
'a': 'b',
'': '"',
'c': 'd'
})
# Spaces in names and values, and an equals sign in values.
self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {
'a b c': 'd e = f',
'gh': 'i'
})
# More characters the spec forbids.
self.assertEqual(parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'),
{'a b,c<>@:/[]?{}': 'd " =e,f g'})
# Unicode characters. The spec only allows ASCII.
self.assertEqual(parse_cookie('saint=André Bessette'),
{'saint': native_str('André Bessette')})
# Browsers don't send extra whitespace or semicolons in Cookie headers,
# but parse_cookie() should parse whitespace the same way
# document.cookie parses whitespace.
self.assertEqual(parse_cookie(' = b ; ; = ; c = ; '), {
'': 'b',
'c': ''
})
async def fetch(self,
request: HTTPRequest,
proxy=None,
use_proxy_for_request=True,
**kwargs):
ok_statuses = set([200] + kwargs.get('ok_statuses', []))
logging.debug(f"Sending {request.method} : {request.url}")
if kwargs.get('cookies'):
cookies = ';'.join([
f'{i[0]}={i[1]}' for i in {
**parse_cookie(request.headers.get('Cookie', '')),
**kwargs.get('cookies')
}.items()
])
request.headers['Cookie'] = cookies
is_proxying = self.enable_proxy and use_proxy_for_request
curr_proxy = None
try:
if is_proxying:
while not self.proxy_manager.has_proxies():
await asyncio.sleep(1)
self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy(
)
curr_proxy: Proxy = self.proxy_manager.current_proxy if not proxy else proxy
request.proxy_host = curr_proxy.ip
request.proxy_port = curr_proxy.port
if curr_proxy.username:
request.proxy_username = curr_proxy.username
if curr_proxy.password:
request.proxy_password = curr_proxy.password
request.connect_timeout = kwargs.get('connect_timeout', 10)
request.request_timeout = kwargs.get('request_timeout', 60)
if is_proxying and curr_proxy:
logging.debug(f"using proxy: {curr_proxy.ip}")
res = await self._client.fetch(request, raise_error=False)
if res.code not in ok_statuses:
# not self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy()
logging.error(f"BadResponseCodeException: {res.code}")
raise BadResponseCodeException(res.code)
if is_proxying:
self.proxy_manager.promote_proxy(curr_proxy)
return self.enhance_response(res)
except CancelledError:
pass
except Exception as e:
if kwargs.get('error_handler'):
kwargs.get('error_handler')(e, self.proxy_manager, curr_proxy)
if is_proxying:
await self.proxy_manager.punish_proxy(curr_proxy, e)
raise e
def test_python_cookies(self):
"""
Test cases copied from Python's Lib/test/test_http_cookies.py
"""
self.assertEqual(
parse_cookie("chips=ahoy; vienna=finger"),
{"chips": "ahoy", "vienna": "finger"},
)
# Here parse_cookie() differs from Python's cookie parsing in that it
# treats all semicolons as delimiters, even within quotes.
self.assertEqual(
parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
{"keebler": '"E=mc2', "L": '\\"Loves\\"', "fudge": "\\012", "": '"'},
)
# Illegal cookies that have an '=' char in an unquoted value.
self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"})
# Cookies with ':' character in their name.
self.assertEqual(
parse_cookie("key:term=value:term"), {"key:term": "value:term"}
)
# Cookies with '[' and ']'.
self.assertEqual(
parse_cookie("a=b; c=[; d=r; f=h"), {"a": "b", "c": "[", "d": "r", "f": "h"}
)
def _get_xsrf_cookie(self):
"""Parses the headers and extracts the _xsrf cookie value if it exists."""
# Why not use Tornado's existing get_cookie method?
# When the "jupyter_http_over_ws_auth_url" query param is set, handlers make
# a proxied request and set the XSRF cookie based on the result. The
# get_cookie method uses the headers processed as part of the initial
# request and is thus insufficient.
for cookie_header in self.request.headers.get_list('Cookie'):
try:
cookie_vals = httputil.parse_cookie(cookie_header)
if '_xsrf' in cookie_vals:
return cookie_vals['_xsrf']
except Exception: # pylint:disable=broad-except
# Malformed cookie header, return empty.
pass
return None
def create(
cls, request: Union[HTTPRequest,
HTTPServerRequest]) -> OpenAPIRequest:
"""Creates an OpenAPI request from Tornado request objects.
Supports both :class:`tornado.httpclient.HTTPRequest` and
:class:`tornado.httputil.HTTPServerRequest` objects.
"""
if isinstance(request, HTTPRequest):
if request.url:
path, _, querystring = request.url.partition("?")
query_arguments: ImmutableMultiDict[str,
str] = ImmutableMultiDict(
parse_qsl(querystring))
else:
path = ""
query_arguments = ImmutableMultiDict()
else:
path, _, _ = request.full_url().partition("?")
if path == "://":
path = ""
query_arguments = ImmutableMultiDict(
itertools.chain(
*[[(k, v.decode("utf-8")) for v in vs]
for k, vs in request.query_arguments.items()]))
return OpenAPIRequest(
full_url_pattern=path,
method=request.method.lower() if request.method else "get",
parameters=RequestParameters(
query=query_arguments,
header=Headers(request.headers.get_all()),
cookie=parse_cookie(request.headers.get("Cookie", "")),
),
body=request.body if request.body else b"",
mimetype=parse_mimetype(
request.headers.get("Content-Type",
"application/x-www-form-urlencoded")),
)
async def _login(
jp_serverapp,
http_server_client,
jp_base_url,
login_headers,
next="/",
password=None,
new_password=None,
):
# first: request login page with no creds
login_url = url_path_join(jp_base_url, "login")
first = await http_server_client.fetch(login_url)
cookie_header = first.headers["Set-Cookie"]
cookies = parse_cookie(cookie_header)
form = {"_xsrf": cookies.get("_xsrf")}
if password is None:
password = jp_serverapp.identity_provider.token
if password:
form["password"] = password
if new_password:
form["new_password"] = new_password
# second, submit login form with credentials
try:
resp = await http_server_client.fetch(
url_concat(login_url, {"next": next}),
method="POST",
body=urlencode(form),
headers={"Cookie": cookie_header},
follow_redirects=False,
)
except HTTPClientError as e:
if e.code != 302:
raise
assert e.response is not None
resp = e.response
else:
assert resp.code == 302, "Should have returned a redirect!"
return resp
def test_invalid_cookies(self):
"""
Cookie strings that go against RFC6265 but browsers will send if set
via document.cookie.
"""
# Chunks without an equals sign appear as unnamed values per
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
self.assertIn('django_language', parse_cookie('abc=def; unnamed; django_language=en').keys())
# Even a double quote may be an unamed value.
self.assertEqual(parse_cookie('a=b; "; c=d'), {'a': 'b', '': '"', 'c': 'd'})
# Spaces in names and values, and an equals sign in values.
self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {'a b c': 'd e = f', 'gh': 'i'})
# More characters the spec forbids.
self.assertEqual(parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {'a b,c<>@:/[]?{}': 'd " =e,f g'})
# Unicode characters. The spec only allows ASCII.
self.assertEqual(parse_cookie('saint=André Bessette'), {'saint': native_str('André Bessette')})
# Browsers don't send extra whitespace or semicolons in Cookie headers,
# but parse_cookie() should parse whitespace the same way
# document.cookie parses whitespace.
self.assertEqual(parse_cookie(' = b ; ; = ; c = ; '), {'': 'b', 'c': ''})
def test_invalid_cookies(self):
"""
Cookie strings that go against RFC6265 but browsers will send if set
via document.cookie.
"""
# Chunks without an equals sign appear as unnamed values per
# https://bugzilla.mozilla.org/show_bug.cgi?id=169091
self.assertIn(
"django_language",
parse_cookie("abc=def; unnamed; django_language=en").keys(),
)
# Even a double quote may be an unamed value.
self.assertEqual(parse_cookie('a=b; "; c=d'), {
"a": "b",
"": '"',
"c": "d"
})
# Spaces in names and values, and an equals sign in values.
self.assertEqual(parse_cookie("a b c=d e = f; gh=i"), {
"a b c": "d e = f",
"gh": "i"
})
# More characters the spec forbids.
self.assertEqual(
parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'),
{"a b,c<>@:/[]?{}": 'd " =e,f g'},
)
# Unicode characters. The spec only allows ASCII.
self.assertEqual(
parse_cookie("saint=André Bessette"),
{"saint": native_str("André Bessette")},
)
# Browsers don't send extra whitespace or semicolons in Cookie headers,
# but parse_cookie() should parse whitespace the same way
# document.cookie parses whitespace.
self.assertEqual(parse_cookie(" = b ; ; = ; c = ; "), {
"": "b",
"c": ""
})
def _load_cookies_fr_resp(self, resp):
"""Load cookies from response"""
for new_cookie in resp.cookies:
for n, v in parse_cookie(new_cookie).items():
self._cookies_dict[n] = v
def sid_from_body(self, response):
self.assertIn("Set-Cookie", response.headers)
cookie = parse_cookie(response.headers["Set-Cookie"])
self.assertIn(app_session.PCSD_SESSION, cookie)
return cookie[app_session.PCSD_SESSION]
