def check_save_load_encryption_cryptography(session_getter): """Test if the data is actually persistent across requests""" # cryptography only works for py3.3+, so skip for python 3.2 if sys.version_info[0] == 3 and sys.version_info[1] < 3: raise SkipTest("Cryptography not supported on Python 3 lower than 3.3") try: get_crypto_module('cryptography').has_aes except BeakerException: raise SkipTest() session = session_getter( encrypt_key='666a19cf7f61c64c', validate_key='hoobermas', crypto_type='cryptography') session[u_('Suomi')] = u_('Kimi Räikkönen') session[u_('Great Britain')] = u_('Jenson Button') session[u_('Deutchland')] = u_('Sebastian Vettel') session.save() session = session_getter( id=session.id, encrypt_key='666a19cf7f61c64c', validate_key='hoobermas', crypto_type='cryptography') assert u_('Suomi') in session assert u_('Great Britain') in session assert u_('Deutchland') in session assert session[u_('Suomi')] == u_('Kimi Räikkönen') assert session[u_('Great Britain')] == u_('Jenson Button') assert session[u_('Deutchland')] == u_('Sebastian Vettel')
def check_decryption_failure(session_getter): """Test if the data fails without the right keys""" if not get_crypto_module('default').has_aes: raise SkipTest() session = session_getter(encrypt_key='666a19cf7f61c64c', validate_key='hoobermas') session[u_('Suomi')] = u_('Kimi Räikkönen') session[u_('Great Britain')] = u_('Jenson Button') session[u_('Deutchland')] = u_('Sebastian Vettel') session.save() session = session_getter(id=session.id, encrypt_key='asfdasdfadsfsadf', validate_key='hoobermas', invalidate_corrupt=True) assert u_('Suomi') not in session assert u_('Great Britain') not in session
def check_save_load_encryption(session_getter): """Test if the data is actually persistent across requests""" if not get_crypto_module('default').has_aes: raise SkipTest() session = session_getter(encrypt_key='666a19cf7f61c64c', validate_key='hoobermas') session[u_('Suomi')] = u_('Kimi Räikkönen') session[u_('Great Britain')] = u_('Jenson Button') session[u_('Deutchland')] = u_('Sebastian Vettel') session.save() session = session_getter(id=session.id, encrypt_key='666a19cf7f61c64c', validate_key='hoobermas') assert u_('Suomi') in session assert u_('Great Britain') in session assert u_('Deutchland') in session assert session[u_('Suomi')] == u_('Kimi Räikkönen') assert session[u_('Great Britain')] == u_('Jenson Button') assert session[u_('Deutchland')] == u_('Sebastian Vettel')
import os import json import beaker.session import beaker.util from beaker.session import SignedCookie from beaker._compat import b64decode from beaker.middleware import SessionMiddleware from nose import SkipTest try: from webtest import TestApp except ImportError: raise SkipTest("webtest not installed") from beaker import crypto if not crypto.get_crypto_module('default').has_aes: raise SkipTest("No AES library is installed, can't test cookie-only " "Sessions") def simple_app(environ, start_response): session = environ['beaker.session'] if not session.has_key('value'): session['value'] = 0 session['value'] += 1 if not environ['PATH_INFO'].startswith('/nosave'): session.save() start_response('200 OK', [('Content-type', 'text/plain')]) msg = 'The current value is: %d and cookie is %s' % (session['value'], session) return [msg.encode('UTF-8')] def test_increment():
def __init__(self, request, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', encrypt_key=None, validate_key=None, secure=False, httponly=False, data_serializer='pickle', encrypt_nonce_bits=DEFAULT_NONCE_BITS, invalidate_corrupt=False, crypto_type='default', **kwargs): self.crypto_module = get_crypto_module(crypto_type) if not self.crypto_module.has_aes and encrypt_key: raise InvalidCryptoBackendError("No AES library is installed, can't generate " "encrypted cookie-only Session.") self.request = request self.key = key self.timeout = timeout self.save_atime = save_accessed_time self.cookie_expires = cookie_expires self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.request['set_cookie'] = False self.secure = secure self.httponly = httponly self._domain = cookie_domain self._path = cookie_path self.invalidate_corrupt = invalidate_corrupt self._set_serializer(data_serializer) try: cookieheader = request['cookie'] except KeyError: cookieheader = '' if validate_key is None: raise BeakerException("No validate_key specified for Cookie only " "Session.") if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") try: self.cookie = SignedCookie( validate_key, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( validate_key, input=None, ) self['_id'] = _session_id() self.is_new = True # If we have a cookie, load it if self.key in self.cookie and self.cookie[self.key].value is not None: self.is_new = False try: cookie_data = self.cookie[self.key].value if cookie_data is InvalidSignature: raise BeakerException("Invalid signature") self.update(self._decrypt_data(cookie_data)) self._path = self.get('_path', '/') except Exception as e: if self.invalidate_corrupt: util.warn( "Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise if self.timeout is not None: now = time.time() last_accessed_time = self.get('_accessed_time', now) if now - last_accessed_time > self.timeout: self.clear() self.accessed_dict = self.copy() self._create_cookie()
def __init__(self, request, id=None, invalidate_corrupt=False, use_cookies=True, type=None, data_dir=None, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', data_serializer='pickle', secret=None, secure=False, namespace_class=None, httponly=False, encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS, crypto_type='default', **namespace_args): if not type: if data_dir: self.type = 'file' else: self.type = 'memory' else: self.type = type self.namespace_class = namespace_class or clsmap[self.type] self.namespace_args = namespace_args self.request = request self.data_dir = data_dir self.key = key if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") self.timeout = timeout self.save_atime = save_accessed_time self.use_cookies = use_cookies self.cookie_expires = cookie_expires self._set_serializer(data_serializer) # Default cookie domain/path self._domain = cookie_domain self._path = cookie_path self.was_invalidated = False self.secret = secret self.secure = secure self.httponly = httponly self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.crypto_module = get_crypto_module(crypto_type) self.id = id self.accessed_dict = {} self.invalidate_corrupt = invalidate_corrupt if self.use_cookies: cookieheader = request.get('cookie', '') if secret: try: self.cookie = SignedCookie( secret, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( secret, input=None, ) else: self.cookie = SimpleCookie(input=cookieheader) if not self.id and self.key in self.cookie: cookie_data = self.cookie[self.key].value # Should we check invalidate_corrupt here? if cookie_data is InvalidSignature: cookie_data = None self.id = cookie_data self.is_new = self.id is None if self.is_new: self._create_id() self['_accessed_time'] = self['_creation_time'] = time.time() else: try: self.load() except Exception as e: if self.invalidate_corrupt: util.warn( "Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise
def __init__(self, request, id=None, invalidate_corrupt=False, use_cookies=True, type=None, data_dir=None, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', data_serializer='pickle', secret=None, secure=False, namespace_class=None, httponly=False, encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS, crypto_type='default', samesite='Lax', **namespace_args): if not type: if data_dir: self.type = 'file' else: self.type = 'memory' else: self.type = type self.namespace_class = namespace_class or clsmap[self.type] self.namespace_args = namespace_args self.request = request self.data_dir = data_dir self.key = key if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") self.timeout = timeout # If a timeout was provided, forward it to the backend too, so the backend # can automatically expire entries if it's supported. if self.timeout is not None: # The backend expiration should always be a bit longer than the # session expiration itself to prevent the case where the backend data expires while # the session is being read (PR#153). 2 Minutes seems a reasonable time. self.namespace_args['timeout'] = self.timeout + 60 * 2 self.save_atime = save_accessed_time self.use_cookies = use_cookies self.cookie_expires = cookie_expires self._set_serializer(data_serializer) # Default cookie domain/path self._domain = cookie_domain self._path = cookie_path self.was_invalidated = False self.secret = secret self.secure = secure self.httponly = httponly self.samesite = samesite self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.crypto_module = get_crypto_module(crypto_type) self.id = id self.accessed_dict = {} self.invalidate_corrupt = invalidate_corrupt if self.use_cookies: cookieheader = request.get('cookie', '') if secret: try: self.cookie = SignedCookie( secret, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( secret, input=None, ) else: self.cookie = SimpleCookie(input=cookieheader) if not self.id and self.key in self.cookie: cookie_data = self.cookie[self.key].value # Should we check invalidate_corrupt here? if cookie_data is InvalidSignature: cookie_data = None self.id = cookie_data self.is_new = self.id is None if self.is_new: self._create_id() self['_accessed_time'] = self['_creation_time'] = time.time() else: try: self.load() except Exception as e: if self.invalidate_corrupt: util.warn( "Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise
def __init__(self, request, id=None, invalidate_corrupt=False, use_cookies=True, type=None, data_dir=None, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', data_serializer='pickle', secret=None, secure=False, namespace_class=None, httponly=False, encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS, crypto_type='default', **namespace_args): if not type: if data_dir: self.type = 'file' else: self.type = 'memory' else: self.type = type self.namespace_class = namespace_class or clsmap[self.type] self.namespace_args = namespace_args self.request = request self.data_dir = data_dir self.key = key if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") self.timeout = timeout # If a timeout was provided, forward it to the backend too, so the backend # can automatically expire entries if it's supported. if self.timeout is not None: # The backend expiration should always be a bit longer than the # session expiration itself to prevent the case where the backend data expires while # the session is being read (PR#153). 2 Minutes seems a reasonable time. self.namespace_args['timeout'] = self.timeout + 60 * 2 self.save_atime = save_accessed_time self.use_cookies = use_cookies self.cookie_expires = cookie_expires self._set_serializer(data_serializer) # Default cookie domain/path self._domain = cookie_domain self._path = cookie_path self.was_invalidated = False self.secret = secret self.secure = secure self.httponly = httponly self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.crypto_module = get_crypto_module(crypto_type) self.id = id self.accessed_dict = {} self.invalidate_corrupt = invalidate_corrupt if self.use_cookies: cookieheader = request.get('cookie', '') if secret: try: self.cookie = SignedCookie( secret, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( secret, input=None, ) else: self.cookie = SimpleCookie(input=cookieheader) if not self.id and self.key in self.cookie: cookie_data = self.cookie[self.key].value # Should we check invalidate_corrupt here? if cookie_data is InvalidSignature: cookie_data = None self.id = cookie_data self.is_new = self.id is None if self.is_new: self._create_id() self['_accessed_time'] = self['_creation_time'] = time.time() else: try: self.load() except Exception as e: if self.invalidate_corrupt: util.warn("Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise
def __init__(self, request, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', encrypt_key=None, validate_key=None, secure=False, httponly=False, data_serializer='pickle', encrypt_nonce_bits=DEFAULT_NONCE_BITS, invalidate_corrupt=False, crypto_type='default', **kwargs): self.crypto_module = get_crypto_module(crypto_type) if encrypt_key and not self.crypto_module.has_aes: raise InvalidCryptoBackendError( "No AES library is installed, can't generate " "encrypted cookie-only Session.") self.request = request self.key = key self.timeout = timeout self.save_atime = save_accessed_time self.cookie_expires = cookie_expires self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.request['set_cookie'] = False self.secure = secure self.httponly = httponly self._domain = cookie_domain self._path = cookie_path self.invalidate_corrupt = invalidate_corrupt self._set_serializer(data_serializer) try: cookieheader = request['cookie'] except KeyError: cookieheader = '' if validate_key is None: raise BeakerException("No validate_key specified for Cookie only " "Session.") if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") try: self.cookie = SignedCookie( validate_key, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( validate_key, input=None, ) self['_id'] = _session_id() self.is_new = True # If we have a cookie, load it if self.key in self.cookie and self.cookie[self.key].value is not None: self.is_new = False try: cookie_data = self.cookie[self.key].value if cookie_data is InvalidSignature: raise BeakerException("Invalid signature") self.update(self._decrypt_data(cookie_data)) self._path = self.get('_path', '/') except Exception as e: if self.invalidate_corrupt: util.warn("Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise if self.timeout is not None: now = time.time() last_accessed_time = self.get('_accessed_time', now) if now - last_accessed_time > self.timeout: self.clear() self.accessed_dict = self.copy() self._create_cookie()
def __init__(self, request, id=None, invalidate_corrupt=False, use_cookies=True, type=None, data_dir=None, key='beaker.session.id', timeout=None, save_accessed_time=True, cookie_expires=True, cookie_domain=None, cookie_path='/', data_serializer='pickle', secret=None, secure=False, namespace_class=None, httponly=False, encrypt_key=None, validate_key=None, encrypt_nonce_bits=DEFAULT_NONCE_BITS, crypto_type='default', **namespace_args): if not type: if data_dir: self.type = 'file' else: self.type = 'memory' else: self.type = type self.namespace_class = namespace_class or clsmap[self.type] self.namespace_args = namespace_args self.request = request self.data_dir = data_dir self.key = key if timeout and not save_accessed_time: raise BeakerException("timeout requires save_accessed_time") self.timeout = timeout self.save_atime = save_accessed_time self.use_cookies = use_cookies self.cookie_expires = cookie_expires self._set_serializer(data_serializer) # Default cookie domain/path self._domain = cookie_domain self._path = cookie_path self.was_invalidated = False self.secret = secret self.secure = secure self.httponly = httponly self.encrypt_key = encrypt_key self.validate_key = validate_key self.encrypt_nonce_size = get_nonce_size(encrypt_nonce_bits) self.crypto_module = get_crypto_module(crypto_type) self.id = id self.accessed_dict = {} self.invalidate_corrupt = invalidate_corrupt if self.use_cookies: cookieheader = request.get('cookie', '') if secret: try: self.cookie = SignedCookie( secret, input=cookieheader, ) except http_cookies.CookieError: self.cookie = SignedCookie( secret, input=None, ) else: self.cookie = SimpleCookie(input=cookieheader) if not self.id and self.key in self.cookie: cookie_data = self.cookie[self.key].value # Should we check invalidate_corrupt here? if cookie_data is InvalidSignature: cookie_data = None self.id = cookie_data self.is_new = self.id is None if self.is_new: self._create_id() self['_accessed_time'] = self['_creation_time'] = time.time() else: try: self.load() except Exception as e: if self.invalidate_corrupt: util.warn("Invalidating corrupt session %s; " "error was: %s. Set invalidate_corrupt=False " "to propagate this exception." % (self.id, e)) self.invalidate() else: raise
import re import os import beaker.session from beaker.middleware import SessionMiddleware from nose import SkipTest try: from webtest import TestApp except ImportError: raise SkipTest("webtest not installed") from beaker import crypto if not crypto.get_crypto_module('default').has_aes: raise SkipTest("No AES library is installed, can't test cookie-only " "Sessions") def simple_app(environ, start_response): session = environ['beaker.session'] if not session.has_key('value'): session['value'] = 0 session['value'] += 1 domain = environ.get('domain') if domain: session.domain = domain if not environ['PATH_INFO'].startswith('/nosave'): session.save() start_response('200 OK', [('Content-type', 'text/plain')]) msg = 'The current value is: %d and cookie is %s' % (session['value'], session)
import beaker.session import beaker.util from beaker.session import SignedCookie from beaker._compat import b64decode from beaker.middleware import SessionMiddleware from nose import SkipTest try: from webtest import TestApp except ImportError: raise SkipTest("webtest not installed") from beaker import crypto if not crypto.get_crypto_module("default").has_aes: raise SkipTest("No AES library is installed, can't test cookie-only " "Sessions") def simple_app(environ, start_response): session = environ["beaker.session"] if not session.has_key("value"): session["value"] = 0 session["value"] += 1 if not environ["PATH_INFO"].startswith("/nosave"): session.save() start_response("200 OK", [("Content-type", "text/plain")]) msg = "The current value is: %d and cookie is %s" % (session["value"], session) return [msg.encode("UTF-8")]