def logout(req): log.debug("Input cookies: %s", repr(req.cookies)) cookie = PoorSession(app.secret_key) cookie.destroy() response = RedirectResponse('/') cookie.header(response) return response
def logout(req): req.log_error("Input cookies: %s" % repr(req.cookies), state.LOG_DEBUG) cookie = PoorSession(req) cookie.destroy() cookie.header(req, req.headers_out) req.log_error("Output headers: %s" % req.headers_out, state.LOG_DEBUG) redirect(req, '/')
def test_default(self): session = PoorSession(SECRET_KEY) headers = session.header() assert "Expires" not in headers[0][1] assert "Max-Age" not in headers[0][1] assert "Path" in headers[0][1] assert "Domain" not in headers[0][1]
def test_bad_session(self): cookies = SimpleCookie() cookies["SESSID"] = "\0" session = PoorSession(SECRET_KEY) with raises(SessionError): session.load(cookies)
def login(req): log.debug("Input cookies: %s", repr(req.cookies)) cookie = PoorSession(app.secret_key) cookie.data['login'] = True response = RedirectResponse('/') cookie.header(response) return response
def handler(req): cookie = PoorSession(req) if 'login' not in cookie.data: req.log_error('Login cookie not found.', state.LOG_INFO) redirect(req, '/', text='Login required') return fn(req)
def req_session(): """Instace of Request object with session cookie.""" request = Request() session = PoorSession(request.secret_key) session.data['test'] = True session.write() request.cookies = session.cookie return request
def handler(req): session = PoorSession(app.secret_key) try: session.load(req.cookies) except SessionError: pass if 'login' not in session.data: log.info('Login cookie not found.') redirect( "/", message="Login required", ) return fun(req)
def check_login(req): cookie = PoorSession(req) if 'login' not in cookie.data: raise HTTPException(401) return "login ok"
def test_none(self): session = PoorSession(SECRET_KEY, same_site="None") headers = session.header() assert "; SameSite=None" in headers[0][1]
def test_https(self): session = PoorSession(SECRET_KEY, secure=True) headers = session.header() assert "; Secure" in headers[0][1]
def login(req): cookie = PoorSession(req) cookie.data['login'] = True response = Response(status_code=204) cookie.header(response) return response
def test_httponly(self): session = PoorSession(SECRET_KEY) headers = session.header() assert "; HttpOnly; " in headers[0][1]
def test_http(self): session = PoorSession(SECRET_KEY) headers = session.header() assert "; Secure" not in headers[0][1]
def test_no_path(self): session = PoorSession(SECRET_KEY, path=None) headers = session.header() assert "Path" not in headers[0][1]
def test_domain(self): session = PoorSession(SECRET_KEY, domain="example.org") headers = session.header() assert "; Domain=example.org; " in headers[0][1]
def test_strict(self): session = PoorSession(SECRET_KEY, same_site="Strict") headers = session.header() assert "; SameSite=Strict" in headers[0][1]
def test_max_age(self): session = PoorSession(SECRET_KEY, max_age=10) headers = session.header() assert "; Max-Age=10;" in headers[0][1]
def test_no_secret_key(self): with raises(SessionError): PoorSession(Empty)
def test_bad_session_compatibility(self, req): req.cookies = SimpleCookie() req.cookies["SESSID"] = "\0" with raises(SessionError): PoorSession(req)
def test_compatibility_empty(self, req): session = PoorSession(req) assert session.data == {}
def test_write_load(self, req_session): """Method write was called in fixture req_session.""" session = PoorSession(SECRET_KEY) session.load(req_session.cookies) assert session.data == {'test': True}
def test_compatibility(self, req_session): session = PoorSession(req_session) assert session.data == {'test': True}
def test_destroy(self): session = PoorSession(SECRET_KEY) session.destroy() headers = session.header() assert "; expires=" in headers[0][1]
def test_lax(self): session = PoorSession(SECRET_KEY, same_site="Lax") headers = session.header() assert "; SameSite=Lax" in headers[0][1]
def test_expires(self): session = PoorSession(SECRET_KEY, expires=10) headers = session.header() assert "; expires=" in headers[0][1]
def test_default(self): session = PoorSession(SECRET_KEY) headers = session.header() assert "; SameSite" not in headers[0][1]