def make_cookie(name,
value,
mac_key=None,
path=None,
expires=None,
httponly=True,
domain=None):
"""
Create a cookie string, optionally with a MAC, path and
expires value. If ``expires`` is provided, its value should be
in seconds.
"""
cookie = SimpleCookie()
value = encode_name(value)
if mac_key:
secret_string = sha('%s%s' % (value, mac_key)).hexdigest()
cookie[name] = '%s:%s' % (value, secret_string)
else:
cookie[name] = value
if path:
cookie[name]['path'] = path
if expires:
cookie[name]['max-age'] = expires
if domain:
cookie[name]['domain'] = domain
output = cookie.output(header='').lstrip().rstrip()
if httponly:
output += '; httponly'
return output
def extract(self, environ, start_response):
"""
Extract the cookie, if there, from the headers
and attempt to validate its contents.
"""
try:
user_cookie = environ['HTTP_COOKIE']
LOGGER.debug('simple_cookie looking at cookie string: %s',
user_cookie)
cookie = SimpleCookie()
cookie.load(str(user_cookie))
cookie_value = cookie['tiddlyweb_user'].value
secret = environ['tiddlyweb.config']['secret']
usersign, cookie_secret = cookie_value.rsplit(':', 1)
if cookie_secret == sha('%s%s' % (usersign, secret)).hexdigest():
usersign = unquote(usersign)
user = self.load_user(environ, usersign)
return {"name": user.usersign, "roles": user.list_roles()}
except CookieError as exc:
raise HTTP400('malformed cookie: %s' % exc)
except (KeyError, ValueError):
pass
return False
