def setcookie(self,
key,
value,
max_age=None,
expires=None,
path='/',
domain=None,
secure=None,
httponly=False):
newcookie = Morsel()
newcookie.key = key
newcookie.value = value
newcookie.coded_value = value
if max_age is not None:
newcookie['max-age'] = max_age
if expires is not None:
newcookie['expires'] = expires
if path is not None:
newcookie['path'] = path
if domain is not None:
newcookie['domain'] = domain
if secure:
newcookie['secure'] = secure
if httponly:
newcookie['httponly'] = httponly
self.sent_cookies = [c for c in self.sent_cookies if c.key != key]
self.sent_cookies.append(newcookie)
def setUp(self):
"""Setting up test."""
self.logd("setUp")
self.server_url = self.conf_get('main', 'url')
# XXX here you can setup the credential access like this
credential_host = self.conf_get('credential', 'host')
credential_port = self.conf_getInt('credential', 'port')
self.login, self.password = xmlrpc_get_credential(credential_host,
credential_port,
'members')
#self.login = '******'
#self.password = '******'
# Set the zope cookie. This is a little evil but avoids having to
# call the login page.
morsel = Morsel()
morsel.key = '__ac'
morsel.value = morsel.coded_value = urlquote(
encodestring('%s:%s' % (self.login, self.password)))
self._browser.cookies = {
'rhaptos': {
'/': {
'__ac': morsel
}
}
}
async def start(self, cookies, cookieopts=None):
"""
Session start operation. First check among the cookies to find existed sessions;
if there is not an existed session, create a new one.
:param cookies: cookie header from the client
:param cookieopts: extra options used when creating a new cookie
:return: ``(session_handle, cookies)`` where session_handle is a SessionHandle object,
and cookies is a list of created Set-Cookie headers (may be empty)
"""
c = SimpleCookie(cookies)
sid = c.get(self.cookiename)
create = True
if sid is not None:
sh = await self.get(sid.value)
if sh is not None:
return (self.SessionHandle(sh, self.apiroutine), [])
if create:
sh = await self.create()
m = Morsel()
m.key = self.cookiename
m.value = sh.id
m.coded_value = sh.id
opts = {'path': '/', 'httponly': True}
if cookieopts:
opts.update(cookieopts)
if not cookieopts['httponly']:
del cookieopts['httponly']
m.update(opts)
return (sh, [m])
def start(self, cookies, cookieopts=None):
c = SimpleCookie(cookies)
sid = c.get(self.cookiename)
create = True
if sid is not None:
for m in self.get(sid.value):
yield m
if self.apiroutine.retvalue is not None:
self.apiroutine.retvalue = (self.SessionHandle(
self.apiroutine.retvalue, self.apiroutine), [])
create = False
if create:
for m in self.create():
yield m
sh = self.apiroutine.retvalue
m = Morsel()
m.key = self.cookiename
m.value = sh.id
m.coded_value = sh.id
opts = {'path': '/', 'httponly': True}
if cookieopts:
opts.update(cookieopts)
if not cookieopts['httponly']:
del cookieopts['httponly']
m.update(opts)
self.apiroutine.retvalue = (sh, [m])
def destroy(self, sessionid):
for m in callAPI(self.apiroutine, 'memorystorage', 'delete',
{'key': __name__ + '.' + sessionid}):
yield m
m = Morsel()
m.key = self.cookiename
m.value = 'deleted'
m.coded_value = 'deleted'
opts = {'path': '/', 'httponly': True, 'max-age': 0}
m.update(opts)
self.apiroutine.retvalue = [m]
def test_kill_cookie(self):
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
self.assertTrue(len(response.cookies) == 0)
new_cookies = {}
m = Morsel()
m.key = 'test1'
m.value = '1'
new_cookies[m.key] = m
m = Morsel()
m.key = 'test2'
m.value = '2'
new_cookies[m.key] = m
request.cookies = new_cookies
ESAPI.http_utilities().kill_cookie( "test1", request, response )
self.assertTrue(len(response.cookies) == 1)
def set_cookie(self, **kwargs):
key = kwargs['key']
m = Morsel()
m.key = key
m.value = kwargs['value']
m.coded_value = kwargs['value']
for k, v in kwargs.items():
try:
m[k] = v
except:
pass
self.cookies[key] = m
self.headers['Set-Cookie'] = str(m)
def delete_cookie(self, key, path='/', domain=None):
"""
Deletes a cookie from the client by setting the cookie to an empty
string, and max_age=0 so it should expire immediately.
"""
if self.cookies.has_key(key):
self.cookies[key].value = ''
self.cookies[key]['max-age'] = 0
else:
m = Morsel()
m.key = key
m.value = ''
m.path = path
m.domain = domain
m['max-age'] = 0
self.cookies[key] = m
def injecting_start_response(status, headers, exc_info=None):
if session.should_save:
morsel = Morsel()
morsel.key = self.cookie_name
morsel.coded_value = session.sid
if self.cookie_age is not None:
morsel['max-age'] = self.cookie_age
morsel['expires'] = cookie_date(time() + self.cookie_age)
if self.cookie_domain is not None:
morsel['domain'] = self.cookie_domain
if self.cookie_path is not None:
morsel['path'] = self.cookie_path
if self.cookie_secure is not None:
morsel['secure'] = self.cookie_secure
headers.append(tuple(str(morsel).split(':', 1)))
return start_response(status, headers, exc_info)
async def destroy(self, sessionid):
"""
Destroy a session
:param sessionid: session ID
:return: a list of Set-Cookie headers to be sent to the client
"""
await call_api(self.apiroutine, 'memorystorage', 'delete',
{'key': __name__ + '.' + sessionid})
m = Morsel()
m.key = self.cookiename
m.value = 'deleted'
m.coded_value = 'deleted'
opts = {'path': '/', 'httponly': True, 'max-age': 0}
m.update(opts)
return [m]
def test_morsel_to_cookie(self):
from time import strftime, localtime
time_template = "%a, %d-%b-%Y %H:%M:%S GMT"
m = Morsel()
m['domain'] = ".yandex"
m['domain'] = ".yandex.ru"
m['path'] = "/"
m['expires'] = "Fri, 27-Aug-2021 17:43:25 GMT"
m.key = "dj2enbdj3w"
m.value = "fvjlrwnlkjnf"
c = morsel_to_cookie(m)
self.assertEquals(m.key, c.name)
self.assertEquals(m.value, c.value)
for x in ('expires', 'path', 'comment', 'domain',
'secure', 'version'):
if x == 'expires':
self.assertEquals(m[x], strftime(time_template, localtime(getattr(c, x, None))))
elif x == 'version':
self.assertTrue(isinstance(getattr(c, x, None), int))
else:
self.assertEquals(m[x], getattr(c, x, None))
def submit_app(self):
# try to submit an app
ret = self.get('/developers/submit/app', ok_codes=[200, 302])
# generate a random web-app manifest
random_id = uuid.uuid1().hex
manifest_url = WEBAPP % random_id
# we need to accept the TOS once per user
if 'read_dev_agreement' in ret.body:
params = [['read_dev_agreement', 'True']]
add_csrf_token(ret, params)
ret = self.post(ret.url, params=params)
# submit the manifest
params = [['manifest', manifest_url]]
add_csrf_token(ret, params)
ret = self.post('/developers/upload-manifest', params=params)
data = json.loads(ret.body)
validation = data['validation']
app_exists = False
if isinstance(validation, dict) and 'messages' in validation:
messages = [m['message'] for m in data['validation']['messages']]
app_exists = 'already' in ' '.join(messages)
# we should be able to test editing the app
if app_exists:
return
if isinstance(validation, dict) and 'errors' in validation:
self.assertEqual(data['validation']['errors'], 0, data)
# now we can submit the app basics, first load the form again
ret = self.get('/developers/submit/app/manifest')
params = [['upload', data['upload']],
['free', 'free-os'],
['free', 'free-desktop'],
['free', 'free-phone'],
['free', 'free-tablet']]
add_csrf_token(ret, params)
ret = self.post('/developers/submit/app/manifest', params=params)
self.assertTrue('/submit/app/details/' in ret.url, ret.url)
app_slug = ret.url.split('/')[-1]
# upload icon
params = [['upload_image', Upload(ICON)]]
add_csrf_token(ret, params)
ret = self.post('/developers/app/%s/upload_icon' % app_slug,
params=params)
data = json.loads(ret.body)
self.assertEqual(len(data['errors']), 0, data)
icon_hash = data['upload_hash']
# upload screenshot
ret = self.get('/developers/submit/app/details/%s' % app_slug)
params = [['upload_image', Upload(SCREENSHOT)]]
add_csrf_token(ret, params)
ret = self.post('/developers/app/%s/upload_image' % app_slug,
params=params)
data = json.loads(ret.body)
self.assertEqual(len(data['errors']), 0, data)
screenshot_hash = data['upload_hash']
# fill in some more app details
ret = self.get('/developers/submit/app/details/%s' % app_slug)
params = [
['slug', app_slug],
['slug_en-us', app_slug],
['name_en-us', app_slug],
['summary_en-us', 'HA Test web app'],
['privacy_policy_en-us', 'We sell all your data!'],
['support_email_en-us', '*****@*****.**'],
['icon_upload_hash', icon_hash],
['icon_upload_hash_en-us', icon_hash],
['icon_type', 'image/png'],
['icon_type_en-us', 'image/png'],
['categories', '167'],
['categories_en-us', '167'],
['files-0-position', '0'],
['files-0-position_en-us', '0'],
['files-0-upload_hash', screenshot_hash],
['files-0-upload_hash_en-us', screenshot_hash],
['files-0-unsaved_image_type', 'image/png'],
['files-0-unsaved_image_type_en-us', 'image/png'],
['files-TOTAL_FORMS', '1'],
['files-TOTAL_FORMS_en-us', '1'],
['files-INITIAL_FORMS', '0'],
['files-INITIAL_FORMS_en-us', '0'],
['files-MAX_NUM_FORMS', '1'],
['files-MAX_NUM_FORMS_en-us', '1'],
]
token = add_csrf_token(ret, params)
if token:
# work around creative code in app edit form
params.append(['csrfmiddlewaretoken_en-us', token])
# hack in the current_locale cookie
cookies = self._browser.cookies
morsel = Morsel()
morsel.set('current_locale', 'en-us', 'en-us')
for domain, value in cookies.items():
value['/'].setdefault('current_locale', morsel)
# fill details and submit
ret = self.post(ret.url, params=params)
# finally delete the app
ret = self.get('/developers/app/%s/status' % app_slug)
params = []
add_csrf_token(ret, params)
self.post('/developers/app/%s/delete' % app_slug, params=params)
def __set(self, key, real_value, coded_value):
"""Private method for setting a cookie's value"""
M = self.get(key, Morsel())
M.set(key, real_value, coded_value, LegalChars=_LegalChars + "[]")
dict.__setitem__(self, key, M)
