def test_no_upgrade_oauth(self):
# When g.domain == g.oauth_domain we might send a cookie even though
# we're not using it for auth. Don't echo it back in responses.
c.oauth_user = self._account
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_oauth(self):
# When g.domain == g.oauth_domain we might send a cookie even though
# we're not using it for auth. Don't echo it back in responses.
c.oauth_user = self._account
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_loggedout(self):
# We might have a now-invalid session cookie, don't bother upgrading
# it if it's not acceptable.
c.user_is_loggedin = False
c.user = None
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_loggedout(self):
# We might have a now-invalid session cookie, don't bother upgrading
# it if it's not acceptable.
c.user_is_loggedin = False
c.user = None
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_no_cookie(self):
# Don't send back a cookie if we didn't even use cookie auth
upgrade_cookie_security()
self.assertFalse(g.login_cookie in c.cookies)
def test_no_upgrade_http(self):
c.secure = False
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_dont_remember_recent_session(self):
self._setSessionCookie(days_old=5)
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertNotEqual(c.cookies[g.login_cookie].expires, NEVER)
def test_cookie_unchanged(self):
self._setSessionCookie(days_old=60)
old_session = c.cookies[g.login_cookie].value
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertEqual(old_session, c.cookies[g.login_cookie].value)
def test_upgrade_posts(self):
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertTrue(c.cookies[g.login_cookie].secure)
def test_cookie_unchanged(self):
self._setSessionCookie(days_old=60)
old_session = c.cookies[g.login_cookie].value
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertEqual(old_session, c.cookies[g.login_cookie].value)
def test_no_upgrade_secure_session(self):
self._setSessionCookie(days_old=60)
c.cookies["secure_session"] = Cookie(value="1")
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_gets(self):
request.method = "GET"
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_no_cookie(self):
# Don't send back a cookie if we didn't even use cookie auth
upgrade_cookie_security()
self.assertFalse(g.login_cookie in c.cookies)
def test_no_upgrade_http(self):
c.secure = False
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_dont_remember_recent_session(self):
self._setSessionCookie(days_old=5)
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertNotEqual(c.cookies[g.login_cookie].expires, NEVER)
def test_no_upgrade_secure_session(self):
self._setSessionCookie(days_old=60)
c.cookies["secure_session"] = Cookie(value="1")
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_no_upgrade_gets(self):
request.method = "GET"
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertFalse(c.cookies[g.login_cookie].dirty)
def test_upgrade_posts(self):
self._setSessionCookie(days_old=60)
upgrade_cookie_security()
self.assertTrue(c.cookies[g.login_cookie].dirty)
self.assertTrue(c.cookies[g.login_cookie].secure)
