async def start(self, cookies, cookieopts=None):
"""
Session start operation. First check among the cookies to find existed sessions;
if there is not an existed session, create a new one.
:param cookies: cookie header from the client
:param cookieopts: extra options used when creating a new cookie
:return: ``(session_handle, cookies)`` where session_handle is a SessionHandle object,
and cookies is a list of created Set-Cookie headers (may be empty)
"""
c = SimpleCookie(cookies)
sid = c.get(self.cookiename)
create = True
if sid is not None:
sh = await self.get(sid.value)
if sh is not None:
return (self.SessionHandle(sh, self.apiroutine), [])
if create:
sh = await self.create()
m = Morsel()
m.key = self.cookiename
m.value = sh.id
m.coded_value = sh.id
opts = {'path': '/', 'httponly': True}
if cookieopts:
opts.update(cookieopts)
if not cookieopts['httponly']:
del cookieopts['httponly']
m.update(opts)
return (sh, [m])
def setcookie(self,
key,
value,
max_age=None,
expires=None,
path='/',
domain=None,
secure=None,
httponly=False):
newcookie = Morsel()
newcookie.key = key
newcookie.value = value
newcookie.coded_value = value
if max_age is not None:
newcookie['max-age'] = max_age
if expires is not None:
newcookie['expires'] = expires
if path is not None:
newcookie['path'] = path
if domain is not None:
newcookie['domain'] = domain
if secure:
newcookie['secure'] = secure
if httponly:
newcookie['httponly'] = httponly
self.sent_cookies = [c for c in self.sent_cookies if c.key != key]
self.sent_cookies.append(newcookie)
def test_get_user_from_token(self):
instance = ESAPI.authenticator()
instance.logout()
account_name = "testUserFromToken"
password = instance.generate_strong_password()
user = instance.create_user(account_name, password, password)
user.enable()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
m = Morsel()
m.key = HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME
m.value = "ridiculous"
request.cookies[m.key] = m
# Wrong cookie should fail
self.assertRaises(AuthenticationException, instance.login, request, response)
user.logout()
###
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.authenticator().current_user = user
new_token = ESAPI.http_utilities().set_remember_token(
password, 10000, "test.com", request.path, request, response )
request.set_cookie( key=HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, value=new_token )
ESAPI.http_utilities().set_current_http(request, response)
# Logout the current user so we can log them in with the remember cookie
user2 = instance.login(request, response)
self.assertEquals(user, user2)
def start(self, cookies, cookieopts=None):
c = SimpleCookie(cookies)
sid = c.get(self.cookiename)
create = True
if sid is not None:
for m in self.get(sid.value):
yield m
if self.apiroutine.retvalue is not None:
self.apiroutine.retvalue = (self.SessionHandle(
self.apiroutine.retvalue, self.apiroutine), [])
create = False
if create:
for m in self.create():
yield m
sh = self.apiroutine.retvalue
m = Morsel()
m.key = self.cookiename
m.value = sh.id
m.coded_value = sh.id
opts = {'path': '/', 'httponly': True}
if cookieopts:
opts.update(cookieopts)
if not cookieopts['httponly']:
del cookieopts['httponly']
m.update(opts)
self.apiroutine.retvalue = (sh, [m])
def start(self, cookies, cookieopts=None):
c = SimpleCookie(cookies)
sid = c.get(self.cookiename)
create = True
if sid is not None:
for m in self.get(sid.value):
yield m
if self.apiroutine.retvalue is not None:
self.apiroutine.retvalue = (self.SessionHandle(self.apiroutine.retvalue, self.apiroutine), [])
create = False
if create:
for m in self.create():
yield m
sh = self.apiroutine.retvalue
m = Morsel()
m.key = self.cookiename
m.value = sh.id
m.coded_value = sh.id
opts = {"path": "/", "httponly": True}
if cookieopts:
opts.update(cookieopts)
if not cookieopts["httponly"]:
del cookieopts["httponly"]
m.update(opts)
self.apiroutine.retvalue = (sh, [m])
def destroy(self, sessionid):
for m in callAPI(self.apiroutine, "memorystorage", "delete", {"key": __name__ + "." + sessionid}):
yield m
m = Morsel()
m.key = self.cookiename
m.value = "deleted"
m.coded_value = "deleted"
opts = {"path": "/", "httponly": True, "max-age": 0}
m.update(opts)
self.apiroutine.retvalue = [m]
def destroy(self, sessionid):
for m in callAPI(self.apiroutine, 'memorystorage', 'delete',
{'key': __name__ + '.' + sessionid}):
yield m
m = Morsel()
m.key = self.cookiename
m.value = 'deleted'
m.coded_value = 'deleted'
opts = {'path': '/', 'httponly': True, 'max-age': 0}
m.update(opts)
self.apiroutine.retvalue = [m]
def test_kill_cookie(self):
request = MockHttpRequest()
response = MockHttpResponse()
ESAPI.http_utilities().set_current_http(request, response)
self.assertTrue(len(response.cookies) == 0)
new_cookies = {}
m = Morsel()
m.key = 'test1'
m.value = '1'
new_cookies[m.key] = m
m = Morsel()
m.key = 'test2'
m.value = '2'
new_cookies[m.key] = m
request.cookies = new_cookies
ESAPI.http_utilities().kill_cookie( "test1", request, response )
self.assertTrue(len(response.cookies) == 1)
def set_cookie(self, **kwargs):
key = kwargs['key']
m = Morsel()
m.key = key
m.value = kwargs['value']
m.coded_value = kwargs['value']
for k, v in kwargs.items():
try:
m[k] = v
except:
pass
self.cookies[key] = m
self.headers['Set-Cookie'] = str(m)
def set_cookie(self, **kwargs):
key = kwargs['key']
m = Morsel()
m.key = key
m.value = kwargs['value']
m.coded_value = kwargs['value']
for k, v in kwargs.items():
try:
m[k] = v
except:
pass
self.cookies[key] = m
self.headers['Set-Cookie'] = str(m)
def delete_cookie(self, key, path='/', domain=None):
"""
Deletes a cookie from the client by setting the cookie to an empty
string, and max_age=0 so it should expire immediately.
"""
if self.cookies.has_key(key):
self.cookies[key].value = ''
self.cookies[key]['max-age'] = 0
else:
m = Morsel()
m.key = key
m.value = ''
m.path = path
m.domain = domain
m['max-age'] = 0
self.cookies[key] = m
def delete_cookie(self, key, path='/', domain=None):
"""
Deletes a cookie from the client by setting the cookie to an empty
string, and max_age=0 so it should expire immediately.
"""
if self.cookies.has_key(key):
self.cookies[key].value = ''
self.cookies[key]['max-age'] = 0
else:
m = Morsel()
m.key = key
m.value = ''
m.path = path
m.domain = domain
m['max-age'] = 0
self.cookies[key] = m
async def destroy(self, sessionid):
"""
Destroy a session
:param sessionid: session ID
:return: a list of Set-Cookie headers to be sent to the client
"""
await call_api(self.apiroutine, 'memorystorage', 'delete',
{'key': __name__ + '.' + sessionid})
m = Morsel()
m.key = self.cookiename
m.value = 'deleted'
m.coded_value = 'deleted'
opts = {'path': '/', 'httponly': True, 'max-age': 0}
m.update(opts)
return [m]
def test_morsel_to_cookie(self):
from time import strftime, localtime
time_template = "%a, %d-%b-%Y %H:%M:%S GMT"
m = Morsel()
m['domain'] = ".yandex"
m['domain'] = ".yandex.ru"
m['path'] = "/"
m['expires'] = "Fri, 27-Aug-2021 17:43:25 GMT"
m.key = "dj2enbdj3w"
m.value = "fvjlrwnlkjnf"
c = morsel_to_cookie(m)
self.assertEquals(m.key, c.name)
self.assertEquals(m.value, c.value)
for x in ('expires', 'path', 'comment', 'domain',
'secure', 'version'):
if x == 'expires':
self.assertEquals(m[x], strftime(time_template, localtime(getattr(c, x, None))))
elif x == 'version':
self.assertTrue(isinstance(getattr(c, x, None), int))
else:
self.assertEquals(m[x], getattr(c, x, None))
