def logout(req):
log.debug("Input cookies: %s", repr(req.cookies))
cookie = PoorSession(app.secret_key)
cookie.destroy()
response = RedirectResponse('/')
cookie.header(response)
return response
def logout(req):
req.log_error("Input cookies: %s" % repr(req.cookies), state.LOG_DEBUG)
cookie = PoorSession(req)
cookie.destroy()
cookie.header(req, req.headers_out)
req.log_error("Output headers: %s" % req.headers_out, state.LOG_DEBUG)
redirect(req, '/')
def test_default(self):
session = PoorSession(SECRET_KEY)
headers = session.header()
assert "Expires" not in headers[0][1]
assert "Max-Age" not in headers[0][1]
assert "Path" in headers[0][1]
assert "Domain" not in headers[0][1]
def test_bad_session(self):
cookies = SimpleCookie()
cookies["SESSID"] = "\0"
session = PoorSession(SECRET_KEY)
with raises(SessionError):
session.load(cookies)
def login(req):
log.debug("Input cookies: %s", repr(req.cookies))
cookie = PoorSession(app.secret_key)
cookie.data['login'] = True
response = RedirectResponse('/')
cookie.header(response)
return response
def handler(req):
cookie = PoorSession(req)
if 'login' not in cookie.data:
req.log_error('Login cookie not found.', state.LOG_INFO)
redirect(req, '/', text='Login required')
return fn(req)
def req_session():
"""Instace of Request object with session cookie."""
request = Request()
session = PoorSession(request.secret_key)
session.data['test'] = True
session.write()
request.cookies = session.cookie
return request
def handler(req):
session = PoorSession(app.secret_key)
try:
session.load(req.cookies)
except SessionError:
pass
if 'login' not in session.data:
log.info('Login cookie not found.')
redirect(
"/",
message="Login required",
)
return fun(req)
def check_login(req):
cookie = PoorSession(req)
if 'login' not in cookie.data:
raise HTTPException(401)
return "login ok"
def test_none(self):
session = PoorSession(SECRET_KEY, same_site="None")
headers = session.header()
assert "; SameSite=None" in headers[0][1]
def test_https(self):
session = PoorSession(SECRET_KEY, secure=True)
headers = session.header()
assert "; Secure" in headers[0][1]
def login(req):
cookie = PoorSession(req)
cookie.data['login'] = True
response = Response(status_code=204)
cookie.header(response)
return response
def test_httponly(self):
session = PoorSession(SECRET_KEY)
headers = session.header()
assert "; HttpOnly; " in headers[0][1]
def test_http(self):
session = PoorSession(SECRET_KEY)
headers = session.header()
assert "; Secure" not in headers[0][1]
def test_no_path(self):
session = PoorSession(SECRET_KEY, path=None)
headers = session.header()
assert "Path" not in headers[0][1]
def test_domain(self):
session = PoorSession(SECRET_KEY, domain="example.org")
headers = session.header()
assert "; Domain=example.org; " in headers[0][1]
def test_strict(self):
session = PoorSession(SECRET_KEY, same_site="Strict")
headers = session.header()
assert "; SameSite=Strict" in headers[0][1]
def test_max_age(self):
session = PoorSession(SECRET_KEY, max_age=10)
headers = session.header()
assert "; Max-Age=10;" in headers[0][1]
def test_no_secret_key(self):
with raises(SessionError):
PoorSession(Empty)
def test_bad_session_compatibility(self, req):
req.cookies = SimpleCookie()
req.cookies["SESSID"] = "\0"
with raises(SessionError):
PoorSession(req)
def test_compatibility_empty(self, req):
session = PoorSession(req)
assert session.data == {}
def test_write_load(self, req_session):
"""Method write was called in fixture req_session."""
session = PoorSession(SECRET_KEY)
session.load(req_session.cookies)
assert session.data == {'test': True}
def test_compatibility(self, req_session):
session = PoorSession(req_session)
assert session.data == {'test': True}
def test_destroy(self):
session = PoorSession(SECRET_KEY)
session.destroy()
headers = session.header()
assert "; expires=" in headers[0][1]
def test_lax(self):
session = PoorSession(SECRET_KEY, same_site="Lax")
headers = session.header()
assert "; SameSite=Lax" in headers[0][1]
def test_expires(self):
session = PoorSession(SECRET_KEY, expires=10)
headers = session.header()
assert "; expires=" in headers[0][1]
def test_default(self):
session = PoorSession(SECRET_KEY)
headers = session.header()
assert "; SameSite" not in headers[0][1]
