def testCreateCookieHttpOnly(self): d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=True) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual( 'Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; HttpOnly' .format(d.cookieName(), result['cookie']), result['header'])
class CookieMemoryStoreTest(SeecrTestCase): def setUp(self): SeecrTestCase.setUp(self) self.d = CookieMemoryStore(name='name', timeout=0.1) self.d._now = lambda: 123456789.0 def testCookieName(self): name = self.d.cookieName() self.assertTrue(name.startswith('name')) self.assertEquals(name, self.d.cookieName()) self.assertNotEqual(name, CookieMemoryStore(timeout=0.1).cookieName()) def testCreateCookie(self): result = self.d.createCookie('username') self.assertEquals('username', self.d.validateCookie(result['cookie'])['value']) self.assertNotEqual(result, self.d.createCookie('username')) self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT'.format( self.d.cookieName(), result['cookie']), result['header']) sleep(0.06) self.assertEquals('username', self.d.validateCookie(result['cookie'])['value']) sleep(0.06) self.assertEquals('username', self.d.validateCookie(result['cookie'])['value']) sleep(0.12) self.assertEquals(None, self.d.validateCookie(result['cookie'])) def testCreateCookieForAnyObject(self): o = object() result = self.d.createCookie(o) self.assertEquals(o, self.d.validateCookie(result['cookie'])['value']) def testRemoveCookie(self): result = self.d.createCookie('username') self.assertEquals('username', self.d.validateCookie(result['cookie'])['value']) self.d.removeCookie(result['cookie']) self.assertEquals(None, self.d.validateCookie(result['cookie'])) self.d.removeCookie(result['cookie']) def testRemoveCookiesWithObjectFilter(self): c1 = self.d.createCookie({'username': '******'}) c2 = self.d.createCookie(object()) c3 = self.d.createCookie('otheruser') self.d.removeCookies(filter=lambda o:o.get('username') == 'name') self.assertFalse(self.d.validateCookie(c1['cookie'])) self.assertTrue(self.d.validateCookie(c2['cookie'])) self.assertTrue(self.d.validateCookie(c3['cookie']))
def testCreateCookieHttpOnly(self): d = CookieMemoryStore(name='name', timeout=0.1) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; HttpOnly'.format( d.cookieName(), result['cookie']), result['header']) d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=True) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; HttpOnly'.format( d.cookieName(), result['cookie']), result['header']) d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=False) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT'.format( d.cookieName(), result['cookie']), result['header'])
class SessionHandlerTest(SeecrTestCase): def setUp(self): SeecrTestCase.setUp(self) self.handler = SessionHandler() self.cookiestore = CookieMemoryStore(name='session', timeout=10) self.handler.addObserver(self.cookiestore) self.handler._zulutime = lambda: ZuluTime('2015-01-27T13:34:45Z') def testCreateSession(self): called = [] class MyObserver(Observable): def handleRequest(self, *args, **kwargs): session = self.ctx.session called.append({ 'args': args, 'kwargs': kwargs, 'session': session }) yield utils.okHtml yield '<ht' yield 'ml/>' self.handler.addObserver(MyObserver()) result = generatorToString( self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={'a': 'b'})) self.assertEqual(1, len(called)) self.assertEqual({}, called[0]['session']) session = called[0]['kwargs']['session'] self.assertEqual({}, session) self.assertEqual({'a': 'b'}, called[0]['kwargs']['Headers']) self.assertTrue(('127.0.0.1', 12345), called[0]['kwargs']['Client']) header, body = result.split(utils.CRLF * 2, 1) self.assertEqual('<html/>', body) self.assertTrue('Set-Cookie' in header, header) headerParts = header.split(utils.CRLF) self.assertEqual("HTTP/1.0 200 OK", headerParts[0]) sessionCookie = [p for p in headerParts[1:] if 'Set-Cookie' in p][0] self.assertTrue(sessionCookie.startswith('Set-Cookie: session')) def testRetrieveCookie(self): sessions = [] class MyObserver(Observable): def handleRequest(self, *args, **kwargs): session = self.ctx.session sessions.append(session) yield utils.okHtml + '<html/>' self.handler.addObserver(MyObserver()) headers, _ = parseResponse( asBytes( self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={}))) headers = headers['Headers'] self.assertTrue('Set-Cookie' in headers, headers) cookie = findCookies(headers, self.cookiestore.cookieName(), 'Set-Cookie')[0] consume( self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={ 'Cookie': '{0}={1}'.format( self.cookiestore.cookieName(), cookie) })) self.assertEqual(sessions[0], sessions[1]) self.assertEqual(id(sessions[0]), id(sessions[1])) def testInjectAnyCookie(self): sessions = [] class MyObserver(Observable): def handleRequest(self, session=None, *args, **kwargs): sessions.append(session) yield utils.okHtml + '<html/>' self.handler.addObserver(MyObserver()) headers, _ = parseResponse( asBytes( self.handler.handleRequest( RequestURI='/path', Client=('127.0.0.1', 12345), Headers={ 'Cookie': '%s=%s' % (self.cookiestore.cookieName(), 'injected_id') }))) headers = headers["Headers"] self.assertTrue('injected_id' not in ' '.join(headers['Set-Cookie'])) def testPassThroughOfCallables(self): def callableMethod(): pass class MyObserver(Observable): def handleRequest(*args, **kwargs): yield callableMethod yield "HTTP/1.0 200 OK\r\n\r\nBODY" yield callableMethod yield "THE END" self.handler.addObserver(MyObserver()) result = asList(self.handler.handleRequest(Headers={})) self.assertEqual(callableMethod, result[0]) self.assertEqual(b"HTTP/1.0 200 OK\r\n", result[1]) self.assertEqual(b"\r\nBODY", result[3]) self.assertEqual(callableMethod, result[4]) self.assertTrue(result[2].startswith(b'Set-Cookie: session'), result[2]) self.assertEqual("THE END", result[5])
class SessionHandlerTest(SeecrTestCase): def setUp(self): SeecrTestCase.setUp(self) self.handler = SessionHandler() self.cookiestore = CookieMemoryStore(name='session', timeout=10) self.handler.addObserver(self.cookiestore) self.handler._zulutime = lambda: ZuluTime('2015-01-27T13:34:45Z') self.observer = CallTrace('Observer') self.handler.addObserver(self.observer) def testCreateSession(self): called = [] def handleRequest(*args, **kwargs): called.append({'args':args, 'kwargs':kwargs}) yield utils.okHtml yield '<ht' yield 'ml/>' self.observer.handleRequest = handleRequest result = asString(self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={'a':'b'})) self.assertEquals(1, len(called)) session = called[0]['kwargs']['session'] self.assertEqual({}, session) self.assertEquals({'a':'b'}, called[0]['kwargs']['Headers']) self.assertTrue(('127.0.0.1', 12345), called[0]['kwargs']['Client']) header, body = result.split(utils.CRLF*2,1) self.assertEquals('<html/>', body) self.assertTrue('Set-Cookie' in header, header) headerParts = header.split(utils.CRLF) self.assertEquals("HTTP/1.0 200 OK", headerParts[0]) sessionCookie = [p for p in headerParts[1:] if 'Set-Cookie' in p][0] self.assertTrue(sessionCookie.startswith('Set-Cookie: session')) def testRetrieveCookie(self): sessions = [] def handleRequest(session=None, *args, **kwargs): sessions.append(session) yield utils.okHtml + '<html/>' self.observer.handleRequest = handleRequest headers = asString(self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={})).split(CRLF*2,1)[0] headers = parseHeaders(headers) self.assertTrue('Set-Cookie' in headers, headers) cookie = findCookies(headers, self.cookiestore.cookieName(), 'Set-Cookie')[0] consume(self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={'Cookie': '{0}={1}'.format(self.cookiestore.cookieName(), cookie)})) self.assertEquals(sessions[0], sessions[1]) self.assertEquals(id(sessions[0]),id(sessions[1])) def testInjectAnyCookie(self): sessions = [] def handleRequest(session=None, *args, **kwargs): sessions.append(session) yield utils.okHtml + '<html/>' self.observer.handleRequest = handleRequest headers = asString(self.handler.handleRequest(RequestURI='/path', Client=('127.0.0.1', 12345), Headers={'Cookie': '%s=%s' % (self.cookiestore.cookieName(), 'injected_id')})).split(CRLF*2,1)[0] headers = parseHeaders(headers) self.assertTrue('injected_id' not in headers['Set-Cookie']) def testPassThroughOfCallables(self): def callableMethod(): pass def handleRequest(*args, **kwargs): yield callableMethod yield "HTTP/1.0 200 OK\r\n\r\nBODY" yield callableMethod yield "THE END" self.observer.handleRequest = handleRequest result = asList(self.handler.handleRequest(Headers={})) self.assertEquals(callableMethod, result[0]) self.assertEquals("HTTP/1.0 200 OK\r\n", result[1]) self.assertEquals("\r\nBODY", result[3]) self.assertEquals(callableMethod, result[4]) self.assertTrue(result[2].startswith('Set-Cookie: session'), result[2]) self.assertEquals("THE END", result[5])
class CookieMemoryStoreTest(SeecrTestCase): def setUp(self): SeecrTestCase.setUp(self) self.d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=False) self.d._now = lambda: 123456789.0 def testCookieName(self): name = self.d.cookieName() self.assertTrue(name.startswith('name')) self.assertEqual(name, self.d.cookieName()) self.assertNotEqual(name, CookieMemoryStore(timeout=0.1).cookieName()) def testCreateCookie(self): result = self.d.createCookie('username') self.assertEqual('username', self.d.validateCookie(result['cookie'])['value']) self.assertNotEqual(result, self.d.createCookie('username')) self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT'.format( self.d.cookieName(), result['cookie']), result['header']) sleep(0.06) self.assertEqual('username', self.d.validateCookie(result['cookie'])['value']) sleep(0.06) self.assertEqual('username', self.d.validateCookie(result['cookie'])['value']) sleep(0.12) self.assertEqual(None, self.d.validateCookie(result['cookie'])) def testCreateCookieSecure(self): d = CookieMemoryStore(name='name', timeout=0.1, secure=True, httpOnly=False) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; Secure'.format( d.cookieName(), result['cookie']), result['header']) def testCreateCookieHttpOnly(self): d = CookieMemoryStore(name='name', timeout=0.1) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; HttpOnly'.format( d.cookieName(), result['cookie']), result['header']) d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=True) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT; HttpOnly'.format( d.cookieName(), result['cookie']), result['header']) d = CookieMemoryStore(name='name', timeout=0.1, httpOnly=False) d._now = lambda: 123456789.0 result = d.createCookie('username') self.assertEqual('Set-Cookie: {0}={1}; path=/; expires=Thu, 29 Nov 1973 21:33:09 GMT'.format( d.cookieName(), result['cookie']), result['header']) def testCreateCookieForAnyObject(self): o = object() result = self.d.createCookie(o) self.assertEqual(o, self.d.validateCookie(result['cookie'])['value']) def testRemoveCookie(self): result = self.d.createCookie('username') self.assertEqual('username', self.d.validateCookie(result['cookie'])['value']) self.d.removeCookie(result['cookie']) self.assertEqual(None, self.d.validateCookie(result['cookie'])) self.d.removeCookie(result['cookie']) def testRemoveCookiesWithObjectFilter(self): c1 = self.d.createCookie({'username': '******'}) c2 = self.d.createCookie(object()) c3 = self.d.createCookie('otheruser') self.d.removeCookies(filter=lambda o:o.get('username') == 'name') self.assertFalse(self.d.validateCookie(c1['cookie'])) self.assertTrue(self.d.validateCookie(c2['cookie'])) self.assertTrue(self.d.validateCookie(c3['cookie']))