def setUp(self):
from weblayer.cookie import SignedSecureCookieWrapper
self.request = Mock()
self.response = Mock()
self.settings = {'cookie_secret': ''}
self.cookie_wrapper = SignedSecureCookieWrapper(
self.request, self.response, self.settings)
class TestDeleteCookie(unittest.TestCase):
""" Test the logic of deleting a cookie.
"""
def setUp(self):
from weblayer.cookie import SignedSecureCookieWrapper
self.request = Mock()
self.response = Mock()
self.settings = {'cookie_secret': ''}
self.cookie_wrapper = SignedSecureCookieWrapper(
self.request, self.response, self.settings)
def test_delete(self):
""" Calls `self.context.response.set_cookie` with
`expires=datetime.timedelta(days=-5)`.
"""
self.cookie_wrapper.delete('name')
args = self.response.set_cookie.call_args[0]
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(args[0] == 'name')
self.assertTrue(kwargs['expires'] == timedelta(days=-5))
def test_delete_defaults(self):
""" `path` defaults to '/' and domain defaults to `None`.
"""
self.cookie_wrapper.delete('name')
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['path'] == '/')
self.assertTrue(kwargs['domain'] is None)
self.cookie_wrapper.delete('name', path='/foo', domain='bar')
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['path'] == '/foo')
self.assertTrue(kwargs['domain'] == 'bar')
class TestSetCookie(unittest.TestCase):
""" Test the logic of setting a secure cookie.
"""
def setUp(self):
from weblayer.cookie import SignedSecureCookieWrapper
self.request = Mock()
self.response = Mock()
self.settings = {'cookie_secret': ''}
self.cookie_wrapper = SignedSecureCookieWrapper(
self.request, self.response, self.settings)
def test_name(self):
""" Setting the cookie calls `self.context.response.set_cookie`
with the 'name' as the first argument.
"""
self.cookie_wrapper.set('name', 'value')
args = self.response.set_cookie.call_args[0]
self.assertTrue(args[0] == 'name')
def test_name_is_basestring(self):
""" The cookie name must be a basestring.
"""
errs = (ValueError, TypeError)
self.assertRaises(errs, self.cookie_wrapper.set, 0, 'value')
def test_value(self):
""" Setting the cookie runs the value through
`base64.b64encode` and puts into a '|' delimited string
with timestamp and hmac signature.
"""
self.cookie_wrapper.set('name', 'value', timestamp='1')
kwargs = self.response.set_cookie.call_args[1]
value = 'dmFsdWU=|1|7bcc09ebef2f6c967201709ed3cbeac3e4cb2872'
self.assertTrue(kwargs['value'] == value)
def test_value_is_basestring(self):
""" The cookie value must be a basestring.
"""
errs = (ValueError, TypeError)
self.assertRaises(errs, self.cookie_wrapper.set, 'name', 0)
def test_expires_days(self):
""" `expires_days` gets converted from days into seconds
and passed through as the `max_age`.
"""
self.cookie_wrapper.set('name', 'value', expires_days=5)
kwargs = self.response.set_cookie.call_args[1]
five_days_as_seconds = 5 * 24 * 60 * 60
self.assertTrue(kwargs['max_age'] == five_days_as_seconds)
def test_expires_days_is_none(self):
""" If the `expires_days` keyword argument is `None`,
`max_age` is `None`.
"""
self.cookie_wrapper.set('name', 'value', expires_days=None)
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['max_age'] == None)
def test_expires_days_is_int(self):
""" If the `expires_days` keyword argument isn't `None` it
must be an `int`.
"""
self.cookie_wrapper.set('name', 'value', expires_days=None)
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['max_age'] == None)
self.assertRaises(TypeError,
self.cookie_wrapper.set,
'name',
'value',
expires_days='30')
def test_kwargs(self):
""" Other kwargs are passed through to
`self.context.response.set_cookie`,
"""
self.cookie_wrapper.set('name', 'value', foo='bar')
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['foo'] == 'bar')
class TestGetCookie(unittest.TestCase):
""" Test the logic of getting a secure cookie.
"""
def setUp(self):
from weblayer.cookie import SignedSecureCookieWrapper
self.request = Mock()
self.response = Mock()
self.settings = {'cookie_secret': ''}
self.cookie_wrapper = SignedSecureCookieWrapper(
self.request, self.response, self.settings)
def test_get_name(self):
""" Calling `get('name')` tries to get the value from
`self.context.request.cookies`.
"""
self.request.cookies.get.return_value = None
self.cookie_wrapper.get('name')
self.request.cookies.get.assert_called_with('name', None)
def test_not_present(self):
""" If the cookie doesn't exist, returns `None`.
"""
self.request.cookies.get.return_value = None
self.assertTrue(self.cookie_wrapper.get('name') is None)
def test_split_value(self):
""" If the cookie value doesn't split into three parts,
delimited by '|' returns `None`.
"""
value = Mock()
value.__len__ = Mock()
value.split.return_value = ['a', 'b']
result = self.cookie_wrapper.get('name', value=value)
value.split.assert_called_with("|")
self.assertTrue(result is None)
def test_timestamp_expired(self):
""" If the timestamp is more than 31 days old, returns `None`.
"""
from weblayer.cookie import _generate_cookie_signature
t = time.time()
too_old = str(int(t - 32 * 24 * 60 * 60))
cs = self.settings['cookie_secret']
sig = _generate_cookie_signature(cs, 'name', 'dmFsdWU=', too_old)
value = 'dmFsdWU=|%s|%s' % (too_old, sig)
result = self.cookie_wrapper.get('name', value=value)
self.assertTrue(result is None)
def test_signature_doesnt_match(self):
""" If the signature doesn't match, returns `None`.
"""
t = time.time()
ts = str(int(t))
value = 'dmFsdWU=|%s|%s' % (ts, 'not the right sig')
result = self.cookie_wrapper.get('name', value=value)
self.assertTrue(result is None)
def test_value_is_base64_decodable(self):
""" If the signature matches, the value comes back
run through `base64.b64decode`. If it can't be
decoded, it raises a TypeError.
"""
from weblayer.cookie import _generate_cookie_signature
t = time.time()
ts = str(int(t))
cs = self.settings['cookie_secret']
sig = _generate_cookie_signature(cs, 'name', 'a', ts)
value = 'a|%s|%s' % (ts, sig)
result = self.cookie_wrapper.get('name', value=value)
self.assertTrue(result is None)
def test_get_value(self):
""" If the signature matches, the value comes back
run through `base64.b64decode`.
"""
from weblayer.cookie import _generate_cookie_signature
t = time.time()
ts = str(int(t))
cs = self.settings['cookie_secret']
sig = _generate_cookie_signature(cs, 'name', 'dmFsdWU=', ts)
value = 'dmFsdWU=|%s|%s' % (ts, sig)
result = self.cookie_wrapper.get('name', value=value)
self.assertTrue(result == 'value')
def test_delete(self):
""" Calls `self.context.response.set_cookie` with
`expires=datetime.timedelta(days=-5)`.
"""
self.cookie_wrapper.delete('name')
args = self.response.set_cookie.call_args[0]
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(args[0] == 'name')
self.assertTrue(kwargs['expires'] == timedelta(days=-5))
def test_delete_path_domain_defaults(self):
""" `path` defaults to '/' and domain defaults to `None`.
"""
self.cookie_wrapper.delete('name')
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['path'] == '/')
self.assertTrue(kwargs['domain'] is None)
self.cookie_wrapper.delete('name', path='/foo', domain='bar')
kwargs = self.response.set_cookie.call_args[1]
self.assertTrue(kwargs['path'] == '/foo')
self.assertTrue(kwargs['domain'] == 'bar')
