def __init__(self, expiry, data, dough, mac): self._expiry = expiry self._data = data self._mac = mac self._cookie = Cookie.SmartCookie() self._cookie[_TOKEN] = '%s%s' % (dough, mac) self._name = '%s%s' % (dough, mac) # XXX WebKit only.
def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:36] + chr(ord(cout[36]) ^ 1) + cout[37:] s = Cookie.SmartCookie() s.load(str) self.assertFalse(self.jar.isGoodCookieString(s.output()))
def test_cookie_str_arbitrary_change(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:32] + 'this is bad' + cout[32:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output()))
def test_cookie_str_changed_data(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:36] + 'X' + cout[37:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output()))
def __init__(self, sessionpath=None, sessionlifetime=None, config=None): """ Initialisieren der Session Pruefen ob Sessionverzeichnis vorhanden, wenn nicht anlegen. """ if sessionlifetime is not None: self.sessionlifetime = sessionlifetime if sessionpath is None: self.sessionpath = Config.sessionpath else: self.sessionpath = sessionpath # legt Sessionverzeichnis an, wenn nicht vorhanden if not os.path.exists(self.sessionpath): os.makedirs(self.sessionpath) self.cookie = Cookie.SmartCookie() self.loadCookie() self.newSession() # Attribute Laden wenn Cookie 'sid' gesetzt if self.cookie is not None: self.loadAttributes()
def test_cookie_str_changed_mac(self): c = self.jar.makeCookie(self.exp, self.data) cout = c.output() str = cout[:76] + chr(ord(cout[76]) ^ 1) + cout[77:] s = Cookie.SmartCookie() s.load(str) self.failIf(self.jar.isGoodCookieString(s.output()))
def get_cookie(self, headers_in, key): if headers_in.has_key('Cookie'): cookie = Cookie.SmartCookie(headers_in['Cookie']) cookie.load(headers_in['Cookie']) if cookie.has_key(key): return cookie[key].value return None
def test_mix_unmix3(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) exp, data, digest = unmix3(s[self._token].value) self.failUnlessEqual(data, self.data) self.failUnlessEqual(float(exp), self.exp) key = self.jar._key # Peeking... mac = binascii.b2a_base64(EVP.hmac(key, mix(self.exp, self.data), 'sha1'))[:-1] self.failUnlessEqual(digest, mac)
def add_cookie(self, server, header): header = string.strip(header) new_cookies = Cookie.SmartCookie() new_cookies.load(header) for cookie in new_cookies.values(): if not cookie.get('domain', None): cookie['domain'] = string.lower(server) bigtest.Assert(len(cookie['domain']) > 0) self.cookies.update(new_cookies) self._debug("added cookie: server=%s, header=%s" % (server, header))
def isGoodCookieString(self, cookie_str): c = Cookie.SmartCookie() c.load(cookie_str) if _TOKEN not in c: return 0 undough = unmix3(c[_TOKEN].value) if undough is None: return 0 exp, data, mac = undough c2 = self.makeCookie(exp, data) return (not c2.isExpired()) and (c2._mac == mac)
def set_client_Cookie(): # Create a Cookie object. a_cookie = Cookie.SmartCookie() # Assign the cookie a value. a_cookie["user"] = "******" # Required header that tells the browser how to render the HTML. print "Content-Type: text/html" # Send the cookie back to the client. print a_cookie, "\n\n" # Print the cookie value. print "<HTML><BODY>" print a_cookie["user"].value, "user cookie set.\n" print "<FORM METHOD = post ACTION = \"example_7.4.cgi\">\n" print "<INPUT TYPE = \"hidden\" NAME = \ \"set\" VALUE =\"yes\">\n" print "<INPUT TYPE = \"submit\" VALUE = \"Go\"></FORM>\n" print "</BODY></HTML>\n" # Define function to read a cookie. def read_client_Cookie(): # Create a Cookie object. a_cookie = Cookie.SmartCookie(os.environ.get("HTTP_COOKIE", "")) # Assign the variable a cookie value. cookie_val = a_cookie["user"].value # Required header that tells the browser how to render the HTML. print "Content-Type: text/html\n\n" # Print the cookie value. print "<HTML><BODY>" print cookie_val, "user cookie read from client.\n" print "</BODY></HTML>\n" # Define main function. def main(): form = cgi.FieldStorage() if (form.has_key("set")): if (form["set"].value == "yes"): read_client_Cookie() else: set_client_Cookie() # Call main function. main()
def parse_request(request): access_token = request.META.get('HTTP_AUTHORIZATION', None) if not access_token: cookie = Cookie.SmartCookie() if 'HTTP_COOKIE' in request.META: cookie.load(request.META['HTTP_COOKIE']) if TOKEN_KEY_NAME in cookie: access_token = cookie[TOKEN_KEY_NAME].value if not access_token: raise JWTError('No token found', 'Access token is missing in the request header') return access_token
def _getHTML(url, params=None): global _opener if not _opener: _opener = urllib.FancyURLopener() _opener.addheaders = [ ('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)') ] if params: data = urllib.urlencode(params) usock = _opener.open(url, data) else: usock = _opener.open(url) cookies = Cookie.SmartCookie() for c in usock.headers.getallmatchingheaders("set-cookie"): cookies.load(c) html = usock.read() usock.close() _opener.addheaders.extend([ ('Cookie', c) for c in cookies.output().replace("\n", "").split("Set-Cookie: ")[1:] ]) return html
def test_cookie_str2(self): c = self.jar.makeCookie(self.exp, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failUnless(self.jar.isGoodCookieString(s.output()))
users = udb.get_users() # Force email to lower case for comparison to users list, which we # lower-cased when loading. if email: email = email.lower() if email not in users: # print ("openid_session %s" % openid_session) if email: common.print_http_header() print("Access Denied ... '%s' not in users<br>" % (email)) sys.exit(0) elif auth_type == 'OpenID': out_cookies = Cookie.SmartCookie() out_cookies[common.OPENID_SESSION_COOKIE_NAME] = '' out_cookies[common.OPENID_SESSION_COOKIE_NAME][ 'path'] = '/cloudsim/inside/cgi-bin/' print(out_cookies) common.print_http_header() print(""" Your open session ID is not associated with a user. Please login again<br> <a href="/cloudsim/index.html">login</a> """) sys.exit(0) # Save session ID and email to our own database if auth_type == 'OpenID': sdb.db[openid_session] = email sdb.save()
def GetCookieValue(headers_in, key): if headers_in.has_key('Cookie'): import Cookie C = Cookie.SmartCookie(headers_in['Cookie']) if C.has_key(key): return C[key].value
def read_client_Cookie(): # Create a Cookie object. a_cookie = Cookie.SmartCookie(os.environ.get("HTTP_COOKIE", ""))
def test_cookie_str_expired(self): t = self.exp - 7200 c = self.jar.makeCookie(t, self.data) s = Cookie.SmartCookie() s.load(c.output()) self.failIf(self.jar.isGoodCookieString(s.output()))
def __init__(self, use_cookies=1, debug_level=0): self.cookies = Cookie.SmartCookie() self.use_cookies = use_cookies self.debug_level = debug_level self.standard_headers = [] self.authorisation = None
import Cookie import os, time cookie = Cookie.SimpleCookie() cookie["user"] = "******" cookie["timestamp"] = time.time() print cookie # simulate CGI roundtrip os.environ["HTTP_COOKIE"] = str(cookie) print cookie = Cookie.SmartCookie() cookie.load(os.environ["HTTP_COOKIE"]) for key, item in cookie.items(): # dictionary items are "Morsel" instances # use value attribute to get actual value print key, repr(item.value)
def __call__(self): self._cookies = Cookie.SmartCookie() self._cookies.load(os.environ.get('HTTP_COOKIE', '')) d = read_data() # TODO: handle partial data write_data(self.process(d), self._cookies.output())
def main(): #create new smart cookie to extract request token cookie = Cookie.SmartCookie() #if a cookie is available, load it if os.environ.has_key('HTTP_COOKIE'): cookie.load(os.environ['HTTP_COOKIE']) #if the request token cookie is available, load and parse it if cookie.has_key('request_token'): request_token = cookie.get('request_token').value rt_params = cgi.parse_qs(request_token) #parse query string parameters into dictionary qs_params = {} string_split = [ s for s in os.environ['QUERY_STRING'].split('&') if s ] for item in string_split: key, value = item.split('=') qs_params[key] = value #create base consumer and signature method objects base_consumer = oauth.OAuthConsumer(common.consumer_key, common.consumer_secret) signature_method_hmac_sha1 = oauth.OAuthSignatureMethod_HMAC_SHA1() #build dictionary of request token and secret to exchange for access token req_token = dotdict({ 'key': rt_params['token'][0], 'secret': rt_params['token_secret'][0] }) #build request token to access token exchange request object and sign it oauth_request = oauth.OAuthRequest.from_consumer_and_token( base_consumer, token=req_token, verifier=qs_params['oauth_verifier'], http_url=common.oauth_access_token_endpoint) oauth_request.sign_request(signature_method_hmac_sha1, base_consumer, req_token) #obtain request token as string and dictionary objects token_read = urllib.urlopen(oauth_request.to_url()) token_string = token_read.read() token_params = cgi.parse_qs(token_string) #create access token object out of access token string access_token = oauth.OAuthToken.from_string(token_string) #create url to Yahoo! servers to access user profile guid = token_params['xoauth_yahoo_guid'][0] url = 'http://%s/v1/user/%s/profile' % ('social.yahooapis.com', guid) #create new oauth request and sign using HMAC-SHA1 to get profile of authorized user oauth_request = oauth.OAuthRequest.from_consumer_and_token( base_consumer, token=access_token, http_method='GET', http_url=url) oauth_request.sign_request(signature_method_hmac_sha1, base_consumer, access_token) #make request to get profile of user profile_read = urllib.urlopen(oauth_request.to_url()) profile_string = profile_read.read() print 'Content-Type: text/plain' print '' print profile_string else: #if request token cookie was not available, end print 'Request token cookie not found - exiting' sys.exit() else: #if cookies were not available, end print 'Request token cookie not found - exiting' sys.exit()