def test_no_upgrade_oauth(self): # When g.domain == g.oauth_domain we might send a cookie even though # we're not using it for auth. Don't echo it back in responses. c.oauth_user = self._account self._setSessionCookie(days_old=60) upgrade_cookie_security() self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_loggedout(self): # We might have a now-invalid session cookie, don't bother upgrading # it if it's not acceptable. c.user_is_loggedin = False c.user = None self._setSessionCookie(days_old=60) upgrade_cookie_security() self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_no_cookie(self): # Don't send back a cookie if we didn't even use cookie auth upgrade_cookie_security() self.assertFalse(g.login_cookie in c.cookies)
def test_no_upgrade_http(self): c.secure = False self._setSessionCookie(days_old=60) upgrade_cookie_security() self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_dont_remember_recent_session(self): self._setSessionCookie(days_old=5) upgrade_cookie_security() self.assertTrue(c.cookies[g.login_cookie].dirty) self.assertNotEqual(c.cookies[g.login_cookie].expires, NEVER)
def test_cookie_unchanged(self): self._setSessionCookie(days_old=60) old_session = c.cookies[g.login_cookie].value upgrade_cookie_security() self.assertTrue(c.cookies[g.login_cookie].dirty) self.assertEqual(old_session, c.cookies[g.login_cookie].value)
def test_upgrade_posts(self): self._setSessionCookie(days_old=60) upgrade_cookie_security() self.assertTrue(c.cookies[g.login_cookie].dirty) self.assertTrue(c.cookies[g.login_cookie].secure)
def test_no_upgrade_secure_session(self): self._setSessionCookie(days_old=60) c.cookies["secure_session"] = Cookie(value="1") upgrade_cookie_security() self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_gets(self): request.method = "GET" self._setSessionCookie(days_old=60) upgrade_cookie_security() self.assertFalse(c.cookies[g.login_cookie].dirty)