def test_python_cookies(self): """ Test cases copied from Python's Lib/test/test_http_cookies.py """ self.assertEqual( parse_cookie("chips=ahoy; vienna=finger"), { "chips": "ahoy", "vienna": "finger" }, ) # Here parse_cookie() differs from Python's cookie parsing in that it # treats all semicolons as delimiters, even within quotes. self.assertEqual( parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), { "keebler": '"E=mc2', "L": '\\"Loves\\"', "fudge": "\\012", "": '"' }, ) # Illegal cookies that have an '=' char in an unquoted value. self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"}) # Cookies with ':' character in their name. self.assertEqual(parse_cookie("key:term=value:term"), {"key:term": "value:term"}) # Cookies with '[' and ']'. self.assertEqual(parse_cookie("a=b; c=[; d=r; f=h"), { "a": "b", "c": "[", "d": "r", "f": "h" })
def test_python_cookies(self): """ Test cases copied from Python's Lib/test/test_http_cookies.py """ self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), { 'chips': 'ahoy', 'vienna': 'finger' }) # Here parse_cookie() differs from Python's cookie parsing in that it # treats all semicolons as delimiters, even within quotes. self.assertEqual( parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), { 'keebler': '"E=mc2', 'L': '\\"Loves\\"', 'fudge': '\\012', '': '"' }) # Illegal cookies that have an '=' char in an unquoted value. self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'}) # Cookies with ':' character in their name. self.assertEqual(parse_cookie('key:term=value:term'), {'key:term': 'value:term'}) # Cookies with '[' and ']'. self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), { 'a': 'b', 'c': '[', 'd': 'r', 'f': 'h' })
def test_cookie_edgecases(self): # Cookies that RFC6265 allows. self.assertEqual(parse_cookie('a=b; Domain=example.com'), {'a': 'b', 'Domain': 'example.com'}) # parse_cookie() has historically kept only the last cookie with the # same name. self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
def test_cookie_edgecases(self): # Cookies that RFC6265 allows. self.assertEqual( parse_cookie("a=b; Domain=example.com"), {"a": "b", "Domain": "example.com"} ) # parse_cookie() has historically kept only the last cookie with the # same name. self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
def test_cookie_edgecases(self): # Cookies that RFC6265 allows. self.assertEqual(parse_cookie('a=b; Domain=example.com'), { 'a': 'b', 'Domain': 'example.com' }) # parse_cookie() has historically kept only the last cookie with the # same name. self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'})
def test_cookie_edgecases(self): # Cookies that RFC6265 allows. self.assertEqual(parse_cookie("a=b; Domain=example.com"), { "a": "b", "Domain": "example.com" }) # parse_cookie() has historically kept only the last cookie with the # same name. self.assertEqual(parse_cookie("a=b; h=i; a=c"), {"a": "c", "h": "i"})
async def test_logout(jp_serverapp, login, http_server_client, jp_base_url): jp_serverapp.identity_provider.cookie_name = "test-cookie" expected = jp_base_url resp = await login(next=jp_base_url) cookie_header = resp.headers["Set-Cookie"] cookies = parse_cookie(cookie_header) assert cookies.get("test-cookie") resp = await http_server_client.fetch(jp_base_url + "logout", headers={"Cookie": cookie_header}) assert resp.code == 200 cookie_header = resp.headers["Set-Cookie"] cookies = parse_cookie(cookie_header) assert cookies.get("test-cookie") == "" assert "Successfully logged out" in resp.body.decode("utf8")
def assert_session_in_response(self, response, sid=None): self.assertTrue("Set-Cookie" in response.headers) cookie = parse_cookie(response.headers["Set-Cookie"]) self.assertTrue(app_session.PCSD_SESSION, cookie) if sid: self.assertEqual(cookie[app_session.PCSD_SESSION], sid) return cookie[app_session.PCSD_SESSION]
async def _login(jp_serverapp, http_server_client, jp_base_url, next): # first: request login page with no creds login_url = url_path_join(jp_base_url, "login") first = await http_server_client.fetch(login_url) cookie_header = first.headers["Set-Cookie"] cookies = parse_cookie(cookie_header) # second, submit login form with credentials try: resp = await http_server_client.fetch( url_concat(login_url, {"next": next}), method="POST", body=urlencode({ "password": jp_serverapp.token, "_xsrf": cookies.get("_xsrf", ""), }), headers={"Cookie": cookie_header}, follow_redirects=False, ) except HTTPClientError as e: if e.code != 302: raise return e.response.headers["Location"] else: assert resp.code == 302, "Should have returned a redirect!"
def test_python_cookies(self): """ Test cases copied from Python's Lib/test/test_http_cookies.py """ self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {'chips': 'ahoy', 'vienna': 'finger'}) # Here parse_cookie() differs from Python's cookie parsing in that it # treats all semicolons as delimiters, even within quotes. self.assertEqual( parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), {'keebler': '"E=mc2', 'L': '\\"Loves\\"', 'fudge': '\\012', '': '"'} ) # Illegal cookies that have an '=' char in an unquoted value. self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'}) # Cookies with ':' character in their name. self.assertEqual(parse_cookie('key:term=value:term'), {'key:term': 'value:term'}) # Cookies with '[' and ']'. self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {'a': 'b', 'c': '[', 'd': 'r', 'f': 'h'})
def cookies(self): """Get cookies as dict""" cookies = {} for new_cookie in self.response.headers.get_list('Set-Cookie'): for n, v in parse_cookie(new_cookie).items(): cookies[n] = v return cookies
def setCookie(self, response): #get the cookies cookies = response.headers['set-cookie'].split(",") parsed = [httputil.parse_cookie(c) for c in cookies] #get the user cookie userCookie = next((c for c in parsed if "user" in c.keys()), None) #get the role cookie roleCookie = next((c for c in parsed if "role" in c.keys()), None) self.cookie = "user="******";role=" + roleCookie['role']
def decode_cookie(response, name, max_age): cookies = response.headers.get_list('Set-Cookie') for cookie in cookies: parsed = parse_cookie(cookie) if name not in parsed: continue result = decode_signed_value(secret_conf.cookie_secret, name, parsed[name], max_age) return result return None
def test_invalid_cookies(self): """ Cookie strings that go against RFC6265 but browsers will send if set via document.cookie. """ # Chunks without an equals sign appear as unnamed values per # https://bugzilla.mozilla.org/show_bug.cgi?id=169091 self.assertIn( "django_language", parse_cookie("abc=def; unnamed; django_language=en").keys(), ) # Even a double quote may be an unamed value. self.assertEqual(parse_cookie('a=b; "; c=d'), {"a": "b", "": '"', "c": "d"}) # Spaces in names and values, and an equals sign in values. self.assertEqual( parse_cookie("a b c=d e = f; gh=i"), {"a b c": "d e = f", "gh": "i"} ) # More characters the spec forbids. self.assertEqual( parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {"a b,c<>@:/[]?{}": 'd " =e,f g'}, ) # Unicode characters. The spec only allows ASCII. self.assertEqual( parse_cookie("saint=André Bessette"), {"saint": native_str("André Bessette")}, ) # Browsers don't send extra whitespace or semicolons in Cookie headers, # but parse_cookie() should parse whitespace the same way # document.cookie parses whitespace. self.assertEqual( parse_cookie(" = b ; ; = ; c = ; "), {"": "b", "c": ""} )
def test_invalid_cookies(self): """ Cookie strings that go against RFC6265 but browsers will send if set via document.cookie. """ # Chunks without an equals sign appear as unnamed values per # https://bugzilla.mozilla.org/show_bug.cgi?id=169091 self.assertIn( 'django_language', parse_cookie('abc=def; unnamed; django_language=en').keys()) # Even a double quote may be an unamed value. self.assertEqual(parse_cookie('a=b; "; c=d'), { 'a': 'b', '': '"', 'c': 'd' }) # Spaces in names and values, and an equals sign in values. self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), { 'a b c': 'd e = f', 'gh': 'i' }) # More characters the spec forbids. self.assertEqual(parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {'a b,c<>@:/[]?{}': 'd " =e,f g'}) # Unicode characters. The spec only allows ASCII. self.assertEqual(parse_cookie('saint=André Bessette'), {'saint': native_str('André Bessette')}) # Browsers don't send extra whitespace or semicolons in Cookie headers, # but parse_cookie() should parse whitespace the same way # document.cookie parses whitespace. self.assertEqual(parse_cookie(' = b ; ; = ; c = ; '), { '': 'b', 'c': '' })
async def fetch(self, request: HTTPRequest, proxy=None, use_proxy_for_request=True, **kwargs): ok_statuses = set([200] + kwargs.get('ok_statuses', [])) logging.debug(f"Sending {request.method} : {request.url}") if kwargs.get('cookies'): cookies = ';'.join([ f'{i[0]}={i[1]}' for i in { **parse_cookie(request.headers.get('Cookie', '')), **kwargs.get('cookies') }.items() ]) request.headers['Cookie'] = cookies is_proxying = self.enable_proxy and use_proxy_for_request curr_proxy = None try: if is_proxying: while not self.proxy_manager.has_proxies(): await asyncio.sleep(1) self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy( ) curr_proxy: Proxy = self.proxy_manager.current_proxy if not proxy else proxy request.proxy_host = curr_proxy.ip request.proxy_port = curr_proxy.port if curr_proxy.username: request.proxy_username = curr_proxy.username if curr_proxy.password: request.proxy_password = curr_proxy.password request.connect_timeout = kwargs.get('connect_timeout', 10) request.request_timeout = kwargs.get('request_timeout', 60) if is_proxying and curr_proxy: logging.debug(f"using proxy: {curr_proxy.ip}") res = await self._client.fetch(request, raise_error=False) if res.code not in ok_statuses: # not self.shuffle_proxy_for_each_request and self.proxy_manager.shuffle_proxy() logging.error(f"BadResponseCodeException: {res.code}") raise BadResponseCodeException(res.code) if is_proxying: self.proxy_manager.promote_proxy(curr_proxy) return self.enhance_response(res) except CancelledError: pass except Exception as e: if kwargs.get('error_handler'): kwargs.get('error_handler')(e, self.proxy_manager, curr_proxy) if is_proxying: await self.proxy_manager.punish_proxy(curr_proxy, e) raise e
def test_python_cookies(self): """ Test cases copied from Python's Lib/test/test_http_cookies.py """ self.assertEqual( parse_cookie("chips=ahoy; vienna=finger"), {"chips": "ahoy", "vienna": "finger"}, ) # Here parse_cookie() differs from Python's cookie parsing in that it # treats all semicolons as delimiters, even within quotes. self.assertEqual( parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), {"keebler": '"E=mc2', "L": '\\"Loves\\"', "fudge": "\\012", "": '"'}, ) # Illegal cookies that have an '=' char in an unquoted value. self.assertEqual(parse_cookie("keebler=E=mc2"), {"keebler": "E=mc2"}) # Cookies with ':' character in their name. self.assertEqual( parse_cookie("key:term=value:term"), {"key:term": "value:term"} ) # Cookies with '[' and ']'. self.assertEqual( parse_cookie("a=b; c=[; d=r; f=h"), {"a": "b", "c": "[", "d": "r", "f": "h"} )
def _get_xsrf_cookie(self): """Parses the headers and extracts the _xsrf cookie value if it exists.""" # Why not use Tornado's existing get_cookie method? # When the "jupyter_http_over_ws_auth_url" query param is set, handlers make # a proxied request and set the XSRF cookie based on the result. The # get_cookie method uses the headers processed as part of the initial # request and is thus insufficient. for cookie_header in self.request.headers.get_list('Cookie'): try: cookie_vals = httputil.parse_cookie(cookie_header) if '_xsrf' in cookie_vals: return cookie_vals['_xsrf'] except Exception: # pylint:disable=broad-except # Malformed cookie header, return empty. pass return None
def create( cls, request: Union[HTTPRequest, HTTPServerRequest]) -> OpenAPIRequest: """Creates an OpenAPI request from Tornado request objects. Supports both :class:`tornado.httpclient.HTTPRequest` and :class:`tornado.httputil.HTTPServerRequest` objects. """ if isinstance(request, HTTPRequest): if request.url: path, _, querystring = request.url.partition("?") query_arguments: ImmutableMultiDict[str, str] = ImmutableMultiDict( parse_qsl(querystring)) else: path = "" query_arguments = ImmutableMultiDict() else: path, _, _ = request.full_url().partition("?") if path == "://": path = "" query_arguments = ImmutableMultiDict( itertools.chain( *[[(k, v.decode("utf-8")) for v in vs] for k, vs in request.query_arguments.items()])) return OpenAPIRequest( full_url_pattern=path, method=request.method.lower() if request.method else "get", parameters=RequestParameters( query=query_arguments, header=Headers(request.headers.get_all()), cookie=parse_cookie(request.headers.get("Cookie", "")), ), body=request.body if request.body else b"", mimetype=parse_mimetype( request.headers.get("Content-Type", "application/x-www-form-urlencoded")), )
async def _login( jp_serverapp, http_server_client, jp_base_url, login_headers, next="/", password=None, new_password=None, ): # first: request login page with no creds login_url = url_path_join(jp_base_url, "login") first = await http_server_client.fetch(login_url) cookie_header = first.headers["Set-Cookie"] cookies = parse_cookie(cookie_header) form = {"_xsrf": cookies.get("_xsrf")} if password is None: password = jp_serverapp.identity_provider.token if password: form["password"] = password if new_password: form["new_password"] = new_password # second, submit login form with credentials try: resp = await http_server_client.fetch( url_concat(login_url, {"next": next}), method="POST", body=urlencode(form), headers={"Cookie": cookie_header}, follow_redirects=False, ) except HTTPClientError as e: if e.code != 302: raise assert e.response is not None resp = e.response else: assert resp.code == 302, "Should have returned a redirect!" return resp
def test_invalid_cookies(self): """ Cookie strings that go against RFC6265 but browsers will send if set via document.cookie. """ # Chunks without an equals sign appear as unnamed values per # https://bugzilla.mozilla.org/show_bug.cgi?id=169091 self.assertIn('django_language', parse_cookie('abc=def; unnamed; django_language=en').keys()) # Even a double quote may be an unamed value. self.assertEqual(parse_cookie('a=b; "; c=d'), {'a': 'b', '': '"', 'c': 'd'}) # Spaces in names and values, and an equals sign in values. self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {'a b c': 'd e = f', 'gh': 'i'}) # More characters the spec forbids. self.assertEqual(parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {'a b,c<>@:/[]?{}': 'd " =e,f g'}) # Unicode characters. The spec only allows ASCII. self.assertEqual(parse_cookie('saint=André Bessette'), {'saint': native_str('André Bessette')}) # Browsers don't send extra whitespace or semicolons in Cookie headers, # but parse_cookie() should parse whitespace the same way # document.cookie parses whitespace. self.assertEqual(parse_cookie(' = b ; ; = ; c = ; '), {'': 'b', 'c': ''})
def test_invalid_cookies(self): """ Cookie strings that go against RFC6265 but browsers will send if set via document.cookie. """ # Chunks without an equals sign appear as unnamed values per # https://bugzilla.mozilla.org/show_bug.cgi?id=169091 self.assertIn( "django_language", parse_cookie("abc=def; unnamed; django_language=en").keys(), ) # Even a double quote may be an unamed value. self.assertEqual(parse_cookie('a=b; "; c=d'), { "a": "b", "": '"', "c": "d" }) # Spaces in names and values, and an equals sign in values. self.assertEqual(parse_cookie("a b c=d e = f; gh=i"), { "a b c": "d e = f", "gh": "i" }) # More characters the spec forbids. self.assertEqual( parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {"a b,c<>@:/[]?{}": 'd " =e,f g'}, ) # Unicode characters. The spec only allows ASCII. self.assertEqual( parse_cookie("saint=André Bessette"), {"saint": native_str("André Bessette")}, ) # Browsers don't send extra whitespace or semicolons in Cookie headers, # but parse_cookie() should parse whitespace the same way # document.cookie parses whitespace. self.assertEqual(parse_cookie(" = b ; ; = ; c = ; "), { "": "b", "c": "" })
def _load_cookies_fr_resp(self, resp): """Load cookies from response""" for new_cookie in resp.cookies: for n, v in parse_cookie(new_cookie).items(): self._cookies_dict[n] = v
def sid_from_body(self, response): self.assertIn("Set-Cookie", response.headers) cookie = parse_cookie(response.headers["Set-Cookie"]) self.assertIn(app_session.PCSD_SESSION, cookie) return cookie[app_session.PCSD_SESSION]