def test_secure_cookie():
policy = JWTCookieAuthenticationPolicy("secret", https_only=True)
dummy_request = Request.blank("/")
_, cookie = policy.remember(dummy_request, str(uuid.uuid4())).pop()
assert "; secure;" in cookie
assert "; HttpOnly" in cookie
def test_insecure_cookie(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
token = policy.create_token(principal)
_, cookie = policy.remember(dummy_request, token).pop()
assert "; secure;" not in cookie
assert "; HttpOnly" in cookie
def test_cookie_name(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth")
token = policy.create_token(principal)
_, cookie = policy.remember(dummy_request, token).pop()
name, value = cookie.split("=", 1)
assert name == "auth"
def test_cookie(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret")
cookie = policy.remember(dummy_request, principal).pop()
assert len(cookie) == 2
header, cookie = cookie
assert header == "Set-Cookie"
assert len(cookie) > 0
def test_cookie_max_age(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth", expiration=100)
_, cookie = policy.remember(dummy_request, principal).pop()
_, value = cookie.split("=", 1)
_, meta = value.split(";", 1)
assert "Max-Age=100" in meta
assert "expires" in meta
def test_cookie_decode(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
header, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert claims["sub"] == principal
def test_cookie(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret")
token = policy.create_token(principal)
cookie = policy.remember(dummy_request, token).pop()
assert len(cookie) == 2
header, cookie = cookie
assert header == "Set-Cookie"
assert len(cookie) > 0
def test_cookie_policy_custom_domain_list():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
domains = [request.domain, "other"]
headers = policy.remember(request, "user", domains=domains)
assert len(headers) == 2
_, cookie1 = headers[0]
_, cookie2 = headers[1]
assert f"Domain={request.domain}" in cookie1
assert f"Domain=other" in cookie2
def test_cookie_policy_remember():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
headers = policy.remember(request, "user")
header, cookie = headers[0]
assert header.lower() == "set-cookie"
chunks = cookie.split("; ")
assert chunks[0].startswith(f"{policy.cookie_name}=")
assert "HttpOnly" in chunks
assert "secure" in chunks
def test_invalid_cookie_reissue(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", https_only=False, reissue_time=10)
token = "invalid value"
header, cookie = policy.remember(dummy_request, token).pop()
name, value = cookie.split("=", 1)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert not claims
def test_expired_token(dummy_request, principal, freezer):
policy = JWTCookieAuthenticationPolicy("secret",
cookie_name="auth",
expiration=1)
_, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
freezer.tick(delta=2)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert claims == {}
def test_insecure_cookie(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
_, cookie = policy.remember(dummy_request, principal).pop()
assert "; secure;" not in cookie
assert "; HttpOnly" in cookie
def test_cookie_name(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth")
_, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
assert name == "auth"
