Esempio n. 1
0
 def test_python_cookies(self):
     """
     Test cases copied from Python's Lib/test/test_http_cookies.py
     """
     self.assertEqual(
         parse_cookie("chips=ahoy; vienna=finger"),
         {
             "chips": "ahoy",
             "vienna": "finger"
         },
     )
     # Here parse_cookie() differs from Python's cookie parsing in that it
     # treats all semicolons as delimiters, even within quotes.
     self.assertEqual(
         parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
         {
             "keebler": '"E=mc2',
             "L": '\\"Loves\\"',
             "fudge": "\\012",
             "": '"'
         },
     )
     # Illegal cookies that have an '=' char in an unquoted value.
     self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"})
     # Cookies with ':' character in their name.
     self.assertEqual(parse_cookie("key:term=value:term"),
                      {"key:term": "value:term"})
     # Cookies with '[' and ']'.
     self.assertEqual(parse_cookie("a=b; c=[; d=r; f=h"), {
         "a": "b",
         "c": "[",
         "d": "r",
         "f": "h"
     })
Esempio n. 2
0
 def test_python_cookies(self):
     """
     Test cases copied from Python's Lib/test/test_http_cookies.py
     """
     self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {
         'chips': 'ahoy',
         'vienna': 'finger'
     })
     # Here parse_cookie() differs from Python's cookie parsing in that it
     # treats all semicolons as delimiters, even within quotes.
     self.assertEqual(
         parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), {
             'keebler': '"E=mc2',
             'L': '\\"Loves\\"',
             'fudge': '\\012',
             '': '"'
         })
     # Illegal cookies that have an '=' char in an unquoted value.
     self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'})
     # Cookies with ':' character in their name.
     self.assertEqual(parse_cookie('key:term=value:term'),
                      {'key:term': 'value:term'})
     # Cookies with '[' and ']'.
     self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {
         'a': 'b',
         'c': '[',
         'd': 'r',
         'f': 'h'
     })
Esempio n. 3
0
 def test_cookie_edgecases(self):
     # Cookies that RFC6265 allows.
     self.assertEqual(parse_cookie('a=b; Domain=example.com'),
                      {'a': 'b', 'Domain': 'example.com'})
     # parse_cookie() has historically kept only the last cookie with the
     # same name.
     self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
Esempio n. 4
0
 def test_cookie_edgecases(self):
     # Cookies that RFC6265 allows.
     self.assertEqual(
         parse_cookie("a=b; Domain=example.com"), {"a": "b", "Domain": "example.com"}
     )
     # parse_cookie() has historically kept only the last cookie with the
     # same name.
     self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
Esempio n. 5
0
 def test_cookie_edgecases(self):
     # Cookies that RFC6265 allows.
     self.assertEqual(parse_cookie('a=b; Domain=example.com'), {
         'a': 'b',
         'Domain': 'example.com'
     })
     # parse_cookie() has historically kept only the last cookie with the
     # same name.
     self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
Esempio n. 6
0
 def test_cookie_edgecases(self):
     # Cookies that RFC6265 allows.
     self.assertEqual(parse_cookie("a=b; Domain=example.com"), {
         "a": "b",
         "Domain": "example.com"
     })
     # parse_cookie() has historically kept only the last cookie with the
     # same name.
     self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
Esempio n. 7
0
async def test_logout(jp_serverapp, login, http_server_client, jp_base_url):
    jp_serverapp.identity_provider.cookie_name = "test-cookie"
    expected = jp_base_url
    resp = await login(next=jp_base_url)
    cookie_header = resp.headers["Set-Cookie"]
    cookies = parse_cookie(cookie_header)
    assert cookies.get("test-cookie")

    resp = await http_server_client.fetch(jp_base_url + "logout",
                                          headers={"Cookie": cookie_header})
    assert resp.code == 200
    cookie_header = resp.headers["Set-Cookie"]
    cookies = parse_cookie(cookie_header)
    assert cookies.get("test-cookie") == ""
    assert "Successfully logged out" in resp.body.decode("utf8")
Esempio n. 8
0
 def assert_session_in_response(self, response, sid=None):
     self.assertTrue("Set-Cookie" in response.headers)
     cookie = parse_cookie(response.headers["Set-Cookie"])
     self.assertTrue(app_session.PCSD_SESSION, cookie)
     if sid:
         self.assertEqual(cookie[app_session.PCSD_SESSION], sid)
     return cookie[app_session.PCSD_SESSION]
Esempio n. 9
0
async def _login(jp_serverapp, http_server_client, jp_base_url, next):
    # first: request login page with no creds
    login_url = url_path_join(jp_base_url, "login")
    first = await http_server_client.fetch(login_url)
    cookie_header = first.headers["Set-Cookie"]
    cookies = parse_cookie(cookie_header)

    # second, submit login form with credentials
    try:
        resp = await http_server_client.fetch(
            url_concat(login_url, {"next": next}),
            method="POST",
            body=urlencode({
                "password": jp_serverapp.token,
                "_xsrf": cookies.get("_xsrf", ""),
            }),
            headers={"Cookie": cookie_header},
            follow_redirects=False,
        )
    except HTTPClientError as e:
        if e.code != 302:
            raise
        return e.response.headers["Location"]
    else:
        assert resp.code == 302, "Should have returned a redirect!"
Esempio n. 10
0
 def test_python_cookies(self):
     """
     Test cases copied from Python's Lib/test/test_http_cookies.py
     """
     self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {'chips': 'ahoy', 'vienna': 'finger'})
     # Here parse_cookie() differs from Python's cookie parsing in that it
     # treats all semicolons as delimiters, even within quotes.
     self.assertEqual(
         parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
         {'keebler': '"E=mc2', 'L': '\\"Loves\\"', 'fudge': '\\012', '': '"'}
     )
     # Illegal cookies that have an '=' char in an unquoted value.
     self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'})
     # Cookies with ':' character in their name.
     self.assertEqual(parse_cookie('key:term=value:term'), {'key:term': 'value:term'})
     # Cookies with '[' and ']'.
     self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {'a': 'b', 'c': '[', 'd': 'r', 'f': 'h'})
Esempio n. 11
0
    def cookies(self):
        """Get cookies as dict"""
        cookies = {}
        for new_cookie in self.response.headers.get_list('Set-Cookie'):
            for n, v in parse_cookie(new_cookie).items():
                cookies[n] = v

        return cookies
Esempio n. 12
0
 def setCookie(self, response):
     #get the cookies
     cookies = response.headers['set-cookie'].split(",")
     parsed = [httputil.parse_cookie(c) for c in cookies]
     #get the user cookie
     userCookie = next((c for c in parsed if "user" in c.keys()), None)
     #get the role cookie
     roleCookie = next((c for c in parsed if "role" in c.keys()), None)
     self.cookie = "user="******";role=" + roleCookie['role']
Esempio n. 13
0
def decode_cookie(response, name, max_age):
    cookies = response.headers.get_list('Set-Cookie')
    for cookie in cookies:
        parsed = parse_cookie(cookie)
        if name not in parsed:
            continue
        result = decode_signed_value(secret_conf.cookie_secret, name,
                                     parsed[name], max_age)
        return result
    return None
Esempio n. 14
0
 def test_invalid_cookies(self):
     """
     Cookie strings that go against RFC6265 but browsers will send if set
     via document.cookie.
     """
     # Chunks without an equals sign appear as unnamed values per
     # https://bugzilla.mozilla.org/show_bug.cgi?id=169091
     self.assertIn(
         "django_language",
         parse_cookie("abc=def; unnamed; django_language=en").keys(),
     )
     # Even a double quote may be an unamed value.
     self.assertEqual(parse_cookie('a=b; "; c=d'), {"a": "b", "": '"', "c": "d"})
     # Spaces in names and values, and an equals sign in values.
     self.assertEqual(
         parse_cookie("a b c=d e = f; gh=i"), {"a b c": "d e = f", "gh": "i"}
     )
     # More characters the spec forbids.
     self.assertEqual(
         parse_cookie('a   b,c<>@:/[]?{}=d  "  =e,f g'),
         {"a   b,c<>@:/[]?{}": 'd  "  =e,f g'},
     )
     # Unicode characters. The spec only allows ASCII.
     self.assertEqual(
         parse_cookie("saint=André Bessette"),
         {"saint": native_str("André Bessette")},
     )
     # Browsers don't send extra whitespace or semicolons in Cookie headers,
     # but parse_cookie() should parse whitespace the same way
     # document.cookie parses whitespace.
     self.assertEqual(
         parse_cookie("  =  b  ;  ;  =  ;   c  =  ;  "), {"": "b", "c": ""}
     )
Esempio n. 15
0
 def test_invalid_cookies(self):
     """
     Cookie strings that go against RFC6265 but browsers will send if set
     via document.cookie.
     """
     # Chunks without an equals sign appear as unnamed values per
     # https://bugzilla.mozilla.org/show_bug.cgi?id=169091
     self.assertIn(
         'django_language',
         parse_cookie('abc=def; unnamed; django_language=en').keys())
     # Even a double quote may be an unamed value.
     self.assertEqual(parse_cookie('a=b; "; c=d'), {
         'a': 'b',
         '': '"',
         'c': 'd'
     })
     # Spaces in names and values, and an equals sign in values.
     self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {
         'a b c': 'd e = f',
         'gh': 'i'
     })
     # More characters the spec forbids.
     self.assertEqual(parse_cookie('a   b,c<>@:/[]?{}=d  "  =e,f g'),
                      {'a   b,c<>@:/[]?{}': 'd  "  =e,f g'})
     # Unicode characters. The spec only allows ASCII.
     self.assertEqual(parse_cookie('saint=André Bessette'),
                      {'saint': native_str('André Bessette')})
     # Browsers don't send extra whitespace or semicolons in Cookie headers,
     # but parse_cookie() should parse whitespace the same way
     # document.cookie parses whitespace.
     self.assertEqual(parse_cookie('  =  b  ;  ;  =  ;   c  =  ;  '), {
         '': 'b',
         'c': ''
     })
Esempio n. 16
0
    async def fetch(self,
                    request: HTTPRequest,
                    proxy=None,
                    use_proxy_for_request=True,
                    **kwargs):
        ok_statuses = set([200] + kwargs.get('ok_statuses', []))
        logging.debug(f"Sending {request.method} : {request.url}")
        if kwargs.get('cookies'):
            cookies = ';'.join([
                f'{i[0]}={i[1]}' for i in {
                    **parse_cookie(request.headers.get('Cookie', '')),
                    **kwargs.get('cookies')
                }.items()
            ])
            request.headers['Cookie'] = cookies
        is_proxying = self.enable_proxy and use_proxy_for_request
        curr_proxy = None
        try:
            if is_proxying:
                while not self.proxy_manager.has_proxies():
                    await asyncio.sleep(1)
                self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy(
                )
                curr_proxy: Proxy = self.proxy_manager.current_proxy if not proxy else proxy
                request.proxy_host = curr_proxy.ip
                request.proxy_port = curr_proxy.port
                if curr_proxy.username:
                    request.proxy_username = curr_proxy.username
                if curr_proxy.password:
                    request.proxy_password = curr_proxy.password

            request.connect_timeout = kwargs.get('connect_timeout', 10)
            request.request_timeout = kwargs.get('request_timeout', 60)
            if is_proxying and curr_proxy:
                logging.debug(f"using proxy: {curr_proxy.ip}")

            res = await self._client.fetch(request, raise_error=False)
            if res.code not in ok_statuses:
                # not self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy()
                logging.error(f"BadResponseCodeException: {res.code}")
                raise BadResponseCodeException(res.code)
            if is_proxying:
                self.proxy_manager.promote_proxy(curr_proxy)
            return self.enhance_response(res)
        except CancelledError:
            pass
        except Exception as e:
            if kwargs.get('error_handler'):
                kwargs.get('error_handler')(e, self.proxy_manager, curr_proxy)
            if is_proxying:
                await self.proxy_manager.punish_proxy(curr_proxy, e)
            raise e
Esempio n. 17
0
 def test_python_cookies(self):
     """
     Test cases copied from Python's Lib/test/test_http_cookies.py
     """
     self.assertEqual(
         parse_cookie("chips=ahoy; vienna=finger"),
         {"chips": "ahoy", "vienna": "finger"},
     )
     # Here parse_cookie() differs from Python's cookie parsing in that it
     # treats all semicolons as delimiters, even within quotes.
     self.assertEqual(
         parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'),
         {"keebler": '"E=mc2', "L": '\\"Loves\\"', "fudge": "\\012", "": '"'},
     )
     # Illegal cookies that have an '=' char in an unquoted value.
     self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"})
     # Cookies with ':' character in their name.
     self.assertEqual(
         parse_cookie("key:term=value:term"), {"key:term": "value:term"}
     )
     # Cookies with '[' and ']'.
     self.assertEqual(
         parse_cookie("a=b; c=[; d=r; f=h"), {"a": "b", "c": "[", "d": "r", "f": "h"}
     )
Esempio n. 18
0
    def _get_xsrf_cookie(self):
        """Parses the headers and extracts the _xsrf cookie value if it exists."""
        # Why not use Tornado's existing get_cookie method?
        # When the "jupyter_http_over_ws_auth_url" query param is set, handlers make
        # a proxied request and set the XSRF cookie based on the result. The
        # get_cookie method uses the headers processed as part of the initial
        # request and is thus insufficient.
        for cookie_header in self.request.headers.get_list('Cookie'):
            try:
                cookie_vals = httputil.parse_cookie(cookie_header)
                if '_xsrf' in cookie_vals:
                    return cookie_vals['_xsrf']
            except Exception:  # pylint:disable=broad-except
                # Malformed cookie header, return empty.
                pass

        return None
Esempio n. 19
0
    def create(
            cls, request: Union[HTTPRequest,
                                HTTPServerRequest]) -> OpenAPIRequest:
        """Creates an OpenAPI request from Tornado request objects.

        Supports both :class:`tornado.httpclient.HTTPRequest` and
        :class:`tornado.httputil.HTTPServerRequest` objects.

        """
        if isinstance(request, HTTPRequest):
            if request.url:
                path, _, querystring = request.url.partition("?")
                query_arguments: ImmutableMultiDict[str,
                                                    str] = ImmutableMultiDict(
                                                        parse_qsl(querystring))
            else:
                path = ""
                query_arguments = ImmutableMultiDict()
        else:
            path, _, _ = request.full_url().partition("?")
            if path == "://":
                path = ""
            query_arguments = ImmutableMultiDict(
                itertools.chain(
                    *[[(k, v.decode("utf-8")) for v in vs]
                      for k, vs in request.query_arguments.items()]))
        return OpenAPIRequest(
            full_url_pattern=path,
            method=request.method.lower() if request.method else "get",
            parameters=RequestParameters(
                query=query_arguments,
                header=Headers(request.headers.get_all()),
                cookie=parse_cookie(request.headers.get("Cookie", "")),
            ),
            body=request.body if request.body else b"",
            mimetype=parse_mimetype(
                request.headers.get("Content-Type",
                                    "application/x-www-form-urlencoded")),
        )
Esempio n. 20
0
async def _login(
    jp_serverapp,
    http_server_client,
    jp_base_url,
    login_headers,
    next="/",
    password=None,
    new_password=None,
):
    # first: request login page with no creds
    login_url = url_path_join(jp_base_url, "login")
    first = await http_server_client.fetch(login_url)
    cookie_header = first.headers["Set-Cookie"]
    cookies = parse_cookie(cookie_header)
    form = {"_xsrf": cookies.get("_xsrf")}
    if password is None:
        password = jp_serverapp.identity_provider.token
    if password:
        form["password"] = password
    if new_password:
        form["new_password"] = new_password

    # second, submit login form with credentials
    try:
        resp = await http_server_client.fetch(
            url_concat(login_url, {"next": next}),
            method="POST",
            body=urlencode(form),
            headers={"Cookie": cookie_header},
            follow_redirects=False,
        )
    except HTTPClientError as e:
        if e.code != 302:
            raise
        assert e.response is not None
        resp = e.response
    else:
        assert resp.code == 302, "Should have returned a redirect!"
    return resp
Esempio n. 21
0
 def test_invalid_cookies(self):
     """
     Cookie strings that go against RFC6265 but browsers will send if set
     via document.cookie.
     """
     # Chunks without an equals sign appear as unnamed values per
     # https://bugzilla.mozilla.org/show_bug.cgi?id=169091
     self.assertIn('django_language', parse_cookie('abc=def; unnamed; django_language=en').keys())
     # Even a double quote may be an unamed value.
     self.assertEqual(parse_cookie('a=b; "; c=d'), {'a': 'b', '': '"', 'c': 'd'})
     # Spaces in names and values, and an equals sign in values.
     self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {'a b c': 'd e = f', 'gh': 'i'})
     # More characters the spec forbids.
     self.assertEqual(parse_cookie('a   b,c<>@:/[]?{}=d  "  =e,f g'), {'a   b,c<>@:/[]?{}': 'd  "  =e,f g'})
     # Unicode characters. The spec only allows ASCII.
     self.assertEqual(parse_cookie('saint=André Bessette'), {'saint': native_str('André Bessette')})
     # Browsers don't send extra whitespace or semicolons in Cookie headers,
     # but parse_cookie() should parse whitespace the same way
     # document.cookie parses whitespace.
     self.assertEqual(parse_cookie('  =  b  ;  ;  =  ;   c  =  ;  '), {'': 'b', 'c': ''})
Esempio n. 22
0
 def test_invalid_cookies(self):
     """
     Cookie strings that go against RFC6265 but browsers will send if set
     via document.cookie.
     """
     # Chunks without an equals sign appear as unnamed values per
     # https://bugzilla.mozilla.org/show_bug.cgi?id=169091
     self.assertIn(
         "django_language",
         parse_cookie("abc=def; unnamed; django_language=en").keys(),
     )
     # Even a double quote may be an unamed value.
     self.assertEqual(parse_cookie('a=b; "; c=d'), {
         "a": "b",
         "": '"',
         "c": "d"
     })
     # Spaces in names and values, and an equals sign in values.
     self.assertEqual(parse_cookie("a b c=d e = f; gh=i"), {
         "a b c": "d e = f",
         "gh": "i"
     })
     # More characters the spec forbids.
     self.assertEqual(
         parse_cookie('a   b,c<>@:/[]?{}=d  "  =e,f g'),
         {"a   b,c<>@:/[]?{}": 'd  "  =e,f g'},
     )
     # Unicode characters. The spec only allows ASCII.
     self.assertEqual(
         parse_cookie("saint=André Bessette"),
         {"saint": native_str("André Bessette")},
     )
     # Browsers don't send extra whitespace or semicolons in Cookie headers,
     # but parse_cookie() should parse whitespace the same way
     # document.cookie parses whitespace.
     self.assertEqual(parse_cookie("  =  b  ;  ;  =  ;   c  =  ;  "), {
         "": "b",
         "c": ""
     })
Esempio n. 23
0
 def _load_cookies_fr_resp(self, resp):
     """Load cookies from response"""
     for new_cookie in resp.cookies:
         for n, v in parse_cookie(new_cookie).items():
             self._cookies_dict[n] = v
Esempio n. 24
0
 def sid_from_body(self, response):
     self.assertIn("Set-Cookie", response.headers)
     cookie = parse_cookie(response.headers["Set-Cookie"])
     self.assertIn(app_session.PCSD_SESSION, cookie)
     return cookie[app_session.PCSD_SESSION]