def unset_cookie(self, key):
""" Unset a cookie with the given name (remove from the response).
If there are multiple cookies (e.g., two cookies with the same name and
different paths or domains), all such cookies will be deleted.
Args:
key: string that is the cookie's name (mandatory)
Side effects:
delete from self.response.headers all cookies with that name
Raises:
KeyError if the response had no such cookies (or, none at all)
"""
existing = self.response.headers.getall('Set-Cookie')
if not existing: raise KeyError("No cookies at all had been set")
# remove all set-cookie headers, then put back those (if any) that
# should not be removed
del self.response.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
header = cookies.output(header='').lstrip()
if header:
self.response.headers.add_header('Set-Cookie', header)
if not found: raise KeyError("No cookie had been set with name %r" % key)
def unset_cookie(self, key):
"""
Unset a cookie with the given name (remove it from the
response). If there are multiple cookies (e.g., two cookies
with the same name and different paths or domains), all such
cookies will be deleted.
"""
existing = self.response.headers.get_all('Set-Cookie')
if not existing:
raise KeyError(
"No cookies at all have been set")
del self.response.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
header = cookies.output(header='').lstrip()
if header:
self.response.headers.add('Set-Cookie', header)
if not found:
raise KeyError(
"No cookie has been set with the name %r" % key)
def load(self, rawdata):
self.bad_cookies = []
self._BaseCookie__set = self._loose_set
BaseCookie.load(self, rawdata)
self._BaseCookie__set = self._strict_set
for key in self.bad_cookies:
del self[key]
def unset_cookie(self, key, strict=True):
"""
Unset a cookie with the given name (remove it from the
response). If there are multiple cookies (e.g., two cookies
with the same name and different paths or domains), all such
cookies will be deleted.
"""
existing = self.headers.getall('Set-Cookie')
if not existing:
if not strict:
return
raise KeyError("No cookies at all have been set")
del self.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
self._add_cookie(cookies)
else:
# this branching is required because Cookie.Morsel.output()
# strips quotes from expires= parameter, so better use
# it as is, if it hasn't changed
self._add_cookie(header)
if strict and not found:
raise KeyError("No cookie has been set with the name %r" % key)
def unset_cookie(self, key):
"""
Unset a cookie with the given name (remove it from the
response). If there are multiple cookies (e.g., two cookies
with the same name and different paths or domains), all such
cookies will be deleted.
"""
existing = self.response.headers.get_all('Set-Cookie')
if not existing:
raise KeyError(
"No cookies at all have been set")
del self.response.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
header = cookies.output(header='').lstrip()
if header:
self.response.headers.add('Set-Cookie', header)
if not found:
raise KeyError(
"No cookie has been set with the name %r" % key)
def unset_cookie(self, key, strict=True):
"""
Unset a cookie with the given name (remove it from the
response). If there are multiple cookies (e.g., two cookies
with the same name and different paths or domains), all such
cookies will be deleted.
"""
existing = self.headers.getall('Set-Cookie')
if not existing:
if not strict:
return
raise KeyError("No cookies at all have been set")
del self.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
self._add_cookie(cookies)
else:
# this branching is required because Cookie.Morsel.output()
# strips quotes from expires= parameter, so better use
# it as is, if it hasn't changed
self._add_cookie(header)
if strict and not found:
raise KeyError(
"No cookie has been set with the name %r" % key)
def parse_cookies(response):
"""
Return a ``Cookie.BaseCookie`` object populated from cookies parsed from
the response object
"""
base_cookie = BaseCookie()
for item in response.headers.get_all('Set-Cookie'):
base_cookie.load(item)
return base_cookie
def _parse_cookies(self, environ):
source = environ.get('HTTP_COOKIE', '')
vars = {}
if source:
cookies = BaseCookie()
cookies.load(source)
for name in cookies:
value = cookies[name].value
unquote_match = _QUOTES_RE.match(value)
if unquote_match is not None:
value = unquote_match.group(1)
vars[name] = value
return vars
def _parse_cookies(self, environ) :
_QUOTES_RE = re.compile('"(.*)"')
source=environ.get('HTTP_COOKIE', '')
vars = {}
if source:
cookies = BaseCookie()
cookies.load(source)
for name in cookies:
value = cookies[name].value
unquote_match = _QUOTES_RE.match(value)
if unquote_match is not None:
value = unquote_match.group(1)
vars[name] = value
return vars
def _get_cookies(environ):
"""
Return a *plain* dictionary of cookies as found in the request.
"""
source = environ.get('HTTP_COOKIE', '')
if 'webob._parsed_cookies' in environ:
vars_, var_source = environ['webob._parsed_cookies']
if var_source == source:
return vars_
vars_ = {}
if source:
cookies = BaseCookie()
cookies.load(source)
for name in cookies:
vars_[name] = cookies[name].value
environ['webob._parsed_cookies'] = (vars_, source)
return vars_
def str_cookies(self):
"""
Return a *plain* dictionary of cookies as found in the request.
"""
env = self.environ
source = env.get('HTTP_COOKIE', '')
if 'webob._parsed_cookies' in env:
vars, var_source = env['webob._parsed_cookies']
if var_source == source:
return vars
vars = {}
if source:
cookies = BaseCookie()
cookies.load(source)
for name in cookies:
value = cookies[name].value
unquote_match = QUOTES_RE.match(value)
if unquote_match is not None:
value = unquote_match.group(1)
vars[name] = value
env['webob._parsed_cookies'] = (vars, source)
return vars
def unset_cookie(self, key):
existing = self.headers.get_all('Set-Cookie')
if not existing:
raise KeyError('No cookies have been set')
del self.headers['Set-Cookie']
found = False
for header in existing:
cookies = BaseCookie()
cookies.load(header)
if key in cookies:
found = True
del cookies[key]
header = cookies.output(header='').lstrip()
if header:
if header.endswith(';'):
header = header[:-1]
self.headers.add_header('Set-Cookie', header)
if not found:
raise KeyError('No cookie has been set with the name %r' % key)
def wsgi_app(self, environ, start_response):
ctx = self.request_context(environ)
ctx.push()
req = ctx.request
charset = req.charset
session = ctx.session
inner_ctx = ctx
should_proxy = self.get_logged_in(session)
environ['flask_protector_app.verify_login'] = partial(self.verify_login, session=session)
environ['flask_protector_app.set_logged_in'] = partial(self.set_logged_in, session)
environ['flask_protector_app.get_logged_in'] = partial(self.get_logged_in, session)
environ['flask_protector_app.get_logged_in_as'] = partial(self.get_logged_in_as, session)
new_environ = environ.copy()
if should_proxy:
if 'HTTP_COOKIE' in new_environ:
# Scrub the environment of any trace of the protector's cookie,
# because otherwise the inner app will see it and probably try
# to send Set-Cookie headers to refresh the session, effectively undoing
# any changes the protector wants to make to it.
parsed_cookie = BaseCookie()
parsed_cookie.load(environ['HTTP_COOKIE']) # TODO encoding?
del parsed_cookie[self.session_cookie_name]
stringified_cookie = str(parsed_cookie).partition('Set-Cookie: ')[2]
if stringified_cookie:
new_environ['HTTP_COOKIE'] = stringified_cookie
else:
del new_environ['HTTP_COOKIE']
inner_ctx = type(ctx)(
self.wrapped_app,
environ=new_environ,
request=self.wrapped_app.request_class(new_environ)
)
error = None
try:
response = None
try:
if should_proxy:
inner_ctx.push()
if not should_proxy:
response = self.full_dispatch_request()
except Exception as e:
error = e
response = self.handle_exception(e)
except:
error = sys.exc_info()[1]
raise
if response is not None:
return response(new_environ, start_response)
finally:
if self.should_ignore_error(error):
error = None
if should_proxy:
result = self.wrapped_app.wsgi_app(new_environ, start_response)
inner_ctx.auto_pop(error)
return result
ctx.auto_pop(error)
def extract_session(self, response):
if "Set-Cookie" in response.headers:
from Cookie import BaseCookie
cookie = BaseCookie()
cookie.load(response.headers["Set-Cookie"])
self.session = cookie["session"]
