def test_insecure_cookie_policy(): policy = JWTCookieAuthenticationPolicy("secret", https_only=False) request = Request.blank("/") headers = policy.forget(request) _, cookie = headers[0] chunks = cookie.split("; ") assert "secure" not in chunks
def test_cookie_policy_max_age(): expiry = timedelta(seconds=10) policy = JWTCookieAuthenticationPolicy("secret", expiration=expiry) request = Request.blank("/") headers = policy.forget(request) _, cookie = headers[0] chunks = cookie.split("; ") assert "Max-Age=10" not in chunks
def test_cookie_policy_forget(): policy = JWTCookieAuthenticationPolicy("secret") request = Request.blank("/") headers = policy.forget(request) header, cookie = headers[0] assert header.lower() == "set-cookie" chunks = cookie.split("; ") cookie_values = [c for c in chunks if "=" in c] assert cookie_values[0].startswith(f"{policy.cookie_name}=") assert "Max-Age=0" in chunks assert hasattr(request, "_jwt_cookie_reissue_revoked")