Пример #1
0
 async def start(self, cookies, cookieopts=None):
     """
     Session start operation. First check among the cookies to find existed sessions;
     if there is not an existed session, create a new one.
     
     :param cookies: cookie header from the client
     
     :param cookieopts: extra options used when creating a new cookie
     
     :return: ``(session_handle, cookies)`` where session_handle is a SessionHandle object,
              and cookies is a list of created Set-Cookie headers (may be empty)
     """
     c = SimpleCookie(cookies)
     sid = c.get(self.cookiename)
     create = True
     if sid is not None:
         sh = await self.get(sid.value)
         if sh is not None:
             return (self.SessionHandle(sh, self.apiroutine), [])
     if create:
         sh = await self.create()
         m = Morsel()
         m.key = self.cookiename
         m.value = sh.id
         m.coded_value = sh.id
         opts = {'path': '/', 'httponly': True}
         if cookieopts:
             opts.update(cookieopts)
             if not cookieopts['httponly']:
                 del cookieopts['httponly']
         m.update(opts)
         return (sh, [m])
Пример #2
0
 def setcookie(self,
               key,
               value,
               max_age=None,
               expires=None,
               path='/',
               domain=None,
               secure=None,
               httponly=False):
     newcookie = Morsel()
     newcookie.key = key
     newcookie.value = value
     newcookie.coded_value = value
     if max_age is not None:
         newcookie['max-age'] = max_age
     if expires is not None:
         newcookie['expires'] = expires
     if path is not None:
         newcookie['path'] = path
     if domain is not None:
         newcookie['domain'] = domain
     if secure:
         newcookie['secure'] = secure
     if httponly:
         newcookie['httponly'] = httponly
     self.sent_cookies = [c for c in self.sent_cookies if c.key != key]
     self.sent_cookies.append(newcookie)
Пример #3
0
 def test_get_user_from_token(self):
     instance = ESAPI.authenticator()
     instance.logout()
     
     account_name = "testUserFromToken"
     password = instance.generate_strong_password()
     user = instance.create_user(account_name, password, password)
     user.enable()
     
     ###
     request = MockHttpRequest()
     response = MockHttpResponse()
     ESAPI.http_utilities().set_current_http(request, response)
     
     m = Morsel()
     m.key = HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME
     m.value = "ridiculous"
     request.cookies[m.key] = m
     # Wrong cookie should fail
     self.assertRaises(AuthenticationException, instance.login, request, response)
     user.logout()
     ###
     
     request = MockHttpRequest()
     response = MockHttpResponse()
     ESAPI.authenticator().current_user = user
     new_token = ESAPI.http_utilities().set_remember_token(
         password, 10000, "test.com", request.path, request, response )
     request.set_cookie( key=HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, value=new_token )
     ESAPI.http_utilities().set_current_http(request, response)
     
     # Logout the current user so we can log them in with the remember cookie
     user2 = instance.login(request, response)
     self.assertEquals(user, user2)
Пример #4
0
 def start(self, cookies, cookieopts=None):
     c = SimpleCookie(cookies)
     sid = c.get(self.cookiename)
     create = True
     if sid is not None:
         for m in self.get(sid.value):
             yield m
         if self.apiroutine.retvalue is not None:
             self.apiroutine.retvalue = (self.SessionHandle(
                 self.apiroutine.retvalue, self.apiroutine), [])
             create = False
     if create:
         for m in self.create():
             yield m
         sh = self.apiroutine.retvalue
         m = Morsel()
         m.key = self.cookiename
         m.value = sh.id
         m.coded_value = sh.id
         opts = {'path': '/', 'httponly': True}
         if cookieopts:
             opts.update(cookieopts)
             if not cookieopts['httponly']:
                 del cookieopts['httponly']
         m.update(opts)
         self.apiroutine.retvalue = (sh, [m])
Пример #5
0
 def start(self, cookies, cookieopts=None):
     c = SimpleCookie(cookies)
     sid = c.get(self.cookiename)
     create = True
     if sid is not None:
         for m in self.get(sid.value):
             yield m
         if self.apiroutine.retvalue is not None:
             self.apiroutine.retvalue = (self.SessionHandle(self.apiroutine.retvalue, self.apiroutine), [])
             create = False
     if create:
         for m in self.create():
             yield m
         sh = self.apiroutine.retvalue
         m = Morsel()
         m.key = self.cookiename
         m.value = sh.id
         m.coded_value = sh.id
         opts = {"path": "/", "httponly": True}
         if cookieopts:
             opts.update(cookieopts)
             if not cookieopts["httponly"]:
                 del cookieopts["httponly"]
         m.update(opts)
         self.apiroutine.retvalue = (sh, [m])
Пример #6
0
 def destroy(self, sessionid):
     for m in callAPI(self.apiroutine, "memorystorage", "delete", {"key": __name__ + "." + sessionid}):
         yield m
     m = Morsel()
     m.key = self.cookiename
     m.value = "deleted"
     m.coded_value = "deleted"
     opts = {"path": "/", "httponly": True, "max-age": 0}
     m.update(opts)
     self.apiroutine.retvalue = [m]
Пример #7
0
 def destroy(self, sessionid):
     for m in callAPI(self.apiroutine, 'memorystorage', 'delete',
                      {'key': __name__ + '.' + sessionid}):
         yield m
     m = Morsel()
     m.key = self.cookiename
     m.value = 'deleted'
     m.coded_value = 'deleted'
     opts = {'path': '/', 'httponly': True, 'max-age': 0}
     m.update(opts)
     self.apiroutine.retvalue = [m]
Пример #8
0
 def test_kill_cookie(self):
     request = MockHttpRequest()
     response = MockHttpResponse()
     
     ESAPI.http_utilities().set_current_http(request, response)
     self.assertTrue(len(response.cookies) == 0)
     
     new_cookies = {}
     m = Morsel()
     m.key = 'test1'
     m.value = '1'
     new_cookies[m.key] = m
     
     m = Morsel()
     m.key = 'test2'
     m.value = '2'
     new_cookies[m.key] = m
     
     request.cookies = new_cookies
     ESAPI.http_utilities().kill_cookie( "test1", request, response )
     self.assertTrue(len(response.cookies) == 1)
Пример #9
0
 def set_cookie(self, **kwargs):
     key = kwargs['key']
     m = Morsel()
     m.key = key
     m.value = kwargs['value']
     m.coded_value = kwargs['value']
     for k, v in kwargs.items():
         try:
             m[k] = v
         except:
             pass
     self.cookies[key] = m
     self.headers['Set-Cookie'] = str(m)
Пример #10
0
 def set_cookie(self, **kwargs):
     key = kwargs['key']
     m = Morsel()
     m.key = key
     m.value = kwargs['value']
     m.coded_value = kwargs['value']
     for k, v in kwargs.items():
         try:
             m[k] = v
         except:
             pass
     self.cookies[key] = m
     self.headers['Set-Cookie'] = str(m)
 def delete_cookie(self, key, path='/', domain=None):
     """
     Deletes a cookie from the client by setting the cookie to an empty
     string, and max_age=0 so it should expire immediately.
     """
     if self.cookies.has_key(key):
         self.cookies[key].value = ''
         self.cookies[key]['max-age'] = 0
     else:
         m = Morsel()
         m.key = key
         m.value = ''
         m.path = path
         m.domain = domain
         m['max-age'] = 0
         self.cookies[key] = m
Пример #12
0
 def delete_cookie(self, key, path='/', domain=None):
     """
     Deletes a cookie from the client by setting the cookie to an empty
     string, and max_age=0 so it should expire immediately.
     """
     if self.cookies.has_key(key):
         self.cookies[key].value = ''
         self.cookies[key]['max-age'] = 0
     else:
         m = Morsel()
         m.key = key
         m.value = ''
         m.path = path
         m.domain = domain
         m['max-age'] = 0
         self.cookies[key] = m
Пример #13
0
 async def destroy(self, sessionid):
     """
     Destroy a session
     
     :param sessionid: session ID
     
     :return: a list of Set-Cookie headers to be sent to the client
     """
     await call_api(self.apiroutine, 'memorystorage', 'delete',
                    {'key': __name__ + '.' + sessionid})
     m = Morsel()
     m.key = self.cookiename
     m.value = 'deleted'
     m.coded_value = 'deleted'
     opts = {'path': '/', 'httponly': True, 'max-age': 0}
     m.update(opts)
     return [m]
Пример #14
0
    def test_morsel_to_cookie(self):
        from time import strftime, localtime
        time_template = "%a, %d-%b-%Y %H:%M:%S GMT"
        m = Morsel()
        m['domain'] = ".yandex"
        m['domain'] = ".yandex.ru"
        m['path'] = "/"
        m['expires'] = "Fri, 27-Aug-2021 17:43:25 GMT"
        m.key = "dj2enbdj3w"
        m.value = "fvjlrwnlkjnf"

        c = morsel_to_cookie(m)
        self.assertEquals(m.key, c.name)
        self.assertEquals(m.value, c.value)
        for x in ('expires', 'path', 'comment', 'domain',
                  'secure', 'version'):
            if x == 'expires':
                self.assertEquals(m[x], strftime(time_template, localtime(getattr(c, x, None))))
            elif x == 'version':
                self.assertTrue(isinstance(getattr(c, x, None), int))
            else:
                self.assertEquals(m[x], getattr(c, x, None))