Exemple #1
0
def make_cookie(name, value, mac_key=None, path=None,
        expires=None, httponly=True, domain=None):
    """
    Create a cookie string, optionally with a MAC, path and
    expires value. If ``expires`` is provided, its value should be
    in seconds.
    """
    cookie = SimpleCookie()

    # XXX: backwards to 2.x?
    #value = value.encode('utf-8')

    if mac_key:
        secret_string = sha('%s%s' % (value, mac_key)).hexdigest()
        cookie[name] = '%s:%s' % (value, secret_string)
    else:
        cookie[name] = value

    if path:
        cookie[name]['path'] = path

    if expires:
        cookie[name]['max-age'] = expires

    if domain:
        cookie[name]['domain'] = domain

    output = cookie.output(header='').lstrip().rstrip()
    if httponly:
        output += '; httponly'
    return output
Exemple #2
0
def make_cookie(name, value, mac_key=None, path=None, expires=None, httponly=True, domain=None):
    """
    Create a cookie string, optionally with a MAC, path and
    expires value. If ``expires`` is provided, its value should be
    in seconds.
    """
    cookie = SimpleCookie()

    value = encode_name(value)

    if mac_key:
        secret_string = sha("%s%s" % (value, mac_key)).hexdigest()
        cookie[name] = "%s:%s" % (value, secret_string)
    else:
        cookie[name] = value

    if path:
        cookie[name]["path"] = path

    if expires:
        cookie[name]["max-age"] = expires

    if domain:
        cookie[name]["domain"] = domain

    output = cookie.output(header="").lstrip().rstrip()
    if httponly:
        output += "; httponly"
    return output
Exemple #3
0
def make_cookie(name,
                value,
                mac_key=None,
                path=None,
                expires=None,
                httponly=True,
                domain=None):
    """
    Create a cookie string, optionally with a MAC, path and
    expires value. If ``expires`` is provided, its value should be
    in seconds.
    """
    cookie = SimpleCookie()

    value = encode_name(value)

    if mac_key:
        secret_string = sha('%s%s' % (value, mac_key)).hexdigest()
        cookie[name] = '%s:%s' % (value, secret_string)
    else:
        cookie[name] = value

    if path:
        cookie[name]['path'] = path

    if expires:
        cookie[name]['max-age'] = expires

    if domain:
        cookie[name]['domain'] = domain

    output = cookie.output(header='').lstrip().rstrip()
    if httponly:
        output += '; httponly'
    return output
Exemple #4
0
    def extract(self, environ, start_response):
        """
        Extract the cookie, if there, from the headers
        and attempt to validate its contents.
        """
        try:
            user_cookie = environ['HTTP_COOKIE']
            LOGGER.debug('simple_cookie looking at cookie string: %s',
                    user_cookie)
            cookie = SimpleCookie()
            cookie.load(str(user_cookie))
            cookie_value = cookie['tiddlyweb_user'].value
            secret = environ['tiddlyweb.config']['secret']
            usersign, cookie_secret = cookie_value.rsplit(':', 1)

            if cookie_secret == sha('%s%s' % (usersign, secret)).hexdigest():
                user = self.load_user(environ, usersign)
                return {"name": user.usersign, "roles": user.list_roles()}
        except CookieError as exc:
            raise HTTP400('malformed cookie: %s' % exc)
        except (KeyError, ValueError):
            pass
        return False
Exemple #5
0
    def extract(self, environ, start_response):
        """
        Extract the cookie, if there, from the headers
        and attempt to validate its contents.
        """
        try:
            user_cookie = environ['HTTP_COOKIE']
            LOGGER.debug('simple_cookie looking at cookie string: %s',
                         user_cookie)
            cookie = SimpleCookie()
            cookie.load(str(user_cookie))
            cookie_value = cookie['tiddlyweb_user'].value
            secret = environ['tiddlyweb.config']['secret']
            usersign, cookie_secret = cookie_value.rsplit(':', 1)

            if cookie_secret == sha('%s%s' % (usersign, secret)).hexdigest():
                usersign = unquote(usersign)
                user = self.load_user(environ, usersign)
                return {"name": user.usersign, "roles": user.list_roles()}
        except CookieError as exc:
            raise HTTP400('malformed cookie: %s' % exc)
        except (KeyError, ValueError):
            pass
        return False