def test_session_is_regularly_refreshed(self):
alice = self.make_participant('alice')
alice.authenticated = True
alice.sign_in(SimpleCookie())
cookies = SimpleCookie()
alice.keep_signed_in(cookies)
assert SESSION not in cookies
cookies = SimpleCookie()
expires = alice.session_expires
alice.set_session_expires(expires - SESSION_REFRESH)
alice.keep_signed_in(cookies)
assert SESSION in cookies
def delete_cookie(environ, name):
kaka = environ.get("HTTP_COOKIE", '')
logger.debug("delete KAKA: %s", kaka)
if kaka:
cookie_obj = SimpleCookie(kaka)
morsel = cookie_obj.get(name, None)
cookie = SimpleCookie()
cookie[name] = ""
cookie[name]['path'] = "/"
logger.debug("Expire: %s", morsel)
cookie[name]["expires"] = _expiration("dawn")
return tuple(cookie.output().split(": ", 1))
return None
def delete_cookie(self, environ):
cookie = environ.get("HTTP_COOKIE", "")
logger.debug("delete cookie: %s", cookie)
if cookie:
_name = self.cookie_name
cookie_obj = SimpleCookie(cookie)
morsel = cookie_obj.get(_name, None)
cookie = SimpleCookie()
cookie[_name] = ""
cookie[_name]["path"] = "/"
logger.debug("Expire: %s", morsel)
cookie[_name]["expires"] = _expiration("now")
return cookie.output().split(": ", 1)
return None
def http_request(self, url, method="GET", **kwargs):
_kwargs = copy.copy(self.request_args)
if kwargs:
_kwargs.update(kwargs)
if self.cookiejar:
_kwargs["cookies"] = self._cookies()
logger.debug("SENT COOKIEs: %s" % (_kwargs["cookies"], ))
try:
r = requests.request(method, url, **_kwargs)
except Exception as err:
logger.error(
"http_request failed: %s, url: %s, htargs: %s, method: %s" %
(err, url, _kwargs, method))
raise
try:
_cookie = r.headers["set-cookie"]
# Telekom fix
# set_cookie = set_cookie.replace(
# "=;Path=/;Expires=Thu, 01-Jan-1970 00:00:01 GMT;HttpOnly,", "")
logger.debug("RECEIVED COOKIEs: %s" % _cookie)
try:
set_cookie(self.cookiejar, SimpleCookie(_cookie))
except CookieError as err:
logger.error(err)
raise NonFatalException(r, "{}".format(err))
except (AttributeError, KeyError) as err:
pass
return r
def build_wsgi_environ(self,
method,
path,
body,
content_type,
cookies=None,
**kw):
# NOTE that in Pando (request.py make_franken_headers) only headers
# beginning with ``HTTP`` are included in the request - and those are
# changed to no longer include ``HTTP``. There are currently 2
# exceptions to this: ``'CONTENT_TYPE'``, ``'CONTENT_LENGTH'`` which
# are explicitly checked for.
if isinstance(cookies, dict) and not isinstance(cookies, SimpleCookie):
cookies, d = SimpleCookie(), cookies
for k, v in d.items():
cookies[str(k)] = str(v)
typecheck(path, (bytes, text_type), method, text_type, content_type,
bytes, body, bytes)
environ = {}
environ[b'CONTENT_TYPE'] = content_type
if cookies is not None:
environ[b'HTTP_COOKIE'] = cookies.output(header='', sep='; ')
environ[b'HTTP_HOST'] = b'localhost'
environ[b'PATH_INFO'] = path.encode(
'ascii') if type(path) != bytes else path
environ[b'REMOTE_ADDR'] = b'0.0.0.0'
environ[b'REQUEST_METHOD'] = method.encode('ascii')
environ[b'SERVER_PROTOCOL'] = b'HTTP/1.1'
environ[b'wsgi.input'] = BytesIO(body)
environ[b'HTTP_CONTENT_LENGTH'] = str(len(body)).encode('ascii')
environ.update((k.encode('ascii'), v) for k, v in kw.items())
return environ
def extract_macaroons(headers):
''' Returns an array of any macaroons found in the given slice of cookies.
@param headers: dict of headers
@return: An array of array of mpy macaroons
'''
mss = []
def add_macaroon(data):
data = utils.b64decode(data)
data_as_objs = json.loads(data.decode('utf-8'))
ms = [utils.macaroon_from_dict(x) for x in data_as_objs]
mss.append(ms)
cookieHeader = headers.get('Cookie')
if cookieHeader is not None:
cs = SimpleCookie()
# The cookie might be a unicode object, so convert it
# to ASCII. This may cause an exception under Python 2.
# TODO is that a problem?
cs.load(str(cookieHeader))
for c in cs:
if c.startswith('macaroon-'):
add_macaroon(cs[c].value)
# Python doesn't make it easy to have multiple values for a
# key, so split the header instead, which is necessary
# for HTTP1.1 compatibility anyway.
macaroonHeader = headers.get('Macaroons')
if macaroonHeader is not None:
for h in macaroonHeader.split(','):
add_macaroon(h)
return mss
def _wrap(response):
cookie = SimpleCookie()
cookie.load(response.headers['Set-Cookie'])
for key, value in cookie.items():
if key == ngw_env.pyramid.options['session.cookie.name']:
return value.value
return None
def _load_session(self, environ):
session = None
try:
# Attempt to load existing cookie from environ
C = SimpleCookie(environ.get('HTTP_COOKIE'))
morsel = C.get(self._cookie_key)
except CookieError:
morsel = None
if morsel is not None:
try:
# Attempt to decrypt and decode
session_data = self._crypto.decrypt(morsel.value.encode('ascii'), ttl=self._session_ttl)
session = self._session_cls(self._serializer.decode(self._compressor[1](session_data)))
except (InvalidToken, SessionSerializerException, zlib.error):
# Start anew
session = self._session_cls()
# And ensure invalid cookie is overwritten
session.save()
if session is None:
session = self._session_cls()
return session
def __init__(self):
"""
Create a new Response defaulting to HTML content and "200 OK" status
"""
self.status = "200 OK"
self.headers = HeaderDict({"content-type": "text/html"})
self.cookies = SimpleCookie()
def set_cookie(name, _, *args):
cookie = SimpleCookie()
cookie[name] = base64.b64encode(":".join(args))
cookie[name]['path'] = "/"
cookie[name]["expires"] = _expiration(5) # 5 minutes from now
logger.debug("Cookie expires: %s", cookie[name]["expires"])
return tuple(cookie.output().split(": ", 1))
def test_log_in_with_old_session(self):
alice = self.make_participant('alice')
self.db.run("UPDATE user_secrets SET mtime = mtime - interval '1 day'")
alice.authenticated = True
cookies = SimpleCookie()
alice.sign_in(cookies)
self.check_with_about_me('alice', cookies)
def __init__(self, d):
"""Takes headers as a dict, list, or bytestring.
"""
if isinstance(d, bytes):
from pando.exceptions import MalformedHeader
def genheaders():
for line in d.splitlines():
if b':' not in line:
# no colon separator in header
raise MalformedHeader(line)
k, v = line.split(b':', 1)
if k != k.strip():
# disallowed leading or trailing whitspace
# (per http://tools.ietf.org/html/rfc7230#section-3.2.4)
raise MalformedHeader(line)
yield k, v.strip()
headers = genheaders()
else:
headers = d
CaseInsensitiveMapping.__init__(self, headers)
# Cookie
# ======
self.cookie = SimpleCookie()
cookie = self.get(b'Cookie', b'')
if PY3 and isinstance(cookie, bytes):
cookie = cookie.decode('ascii', 'replace')
try:
self.cookie.load(cookie)
except CookieError:
pass # XXX really?
def make_cookie(name, load, seed, expire=0, domain="", path="", timestamp=""):
"""
Create and return a cookie
:param name: Cookie name
:param load: Cookie load
:param seed: A seed for the HMAC function
:param expire: Number of minutes before this cookie goes stale
:param domain: The domain of the cookie
:param path: The path specification for the cookie
:return: A tuple to be added to headers
"""
cookie = SimpleCookie()
if not timestamp:
timestamp = str(int(time.mktime(time.gmtime())))
signature = cookie_signature(seed, load, timestamp)
cookie[name] = "|".join([load, timestamp, signature])
if path:
cookie[name]["path"] = path
if domain:
cookie[name]["domain"] = domain
if expire:
cookie[name]["expires"] = _expiration(expire,
"%a, %d-%b-%Y %H:%M:%S GMT")
return tuple(cookie.output().split(": ", 1))
def parse_cookie(name, seed, kaka):
"""Parses and verifies a cookie value
:param seed: A seed used for the HMAC signature
:param kaka: The cookie
:return: A tuple consisting of (payload, timestamp)
"""
if not kaka:
return None
cookie_obj = SimpleCookie(kaka)
morsel = cookie_obj.get(name)
if morsel:
parts = morsel.value.split("|")
if len(parts) != 3:
return None
# verify the cookie signature
sig = cookie_signature(seed, parts[0], parts[1])
if sig != parts[2]:
raise SAMLError("Invalid cookie signature")
try:
return parts[0].strip(), parts[1]
except KeyError:
return None
else:
return None
def visit(url, request):
if request.headers.get('Accept') == 'application/json':
return {'status_code': 200, 'content': {'agent': request.url}}
cs = SimpleCookie()
cookies = request.headers.get('Cookie')
if cookies is not None:
cs.load(str(cookies))
public_key = None
for c in cs:
if c == 'agent-login':
json_cookie = json.loads(
base64.b64decode(cs[c].value).decode('utf-8'))
public_key = bakery.PublicKey.deserialize(
json_cookie.get('public_key'))
ms = httpbakery.extract_macaroons(request.headers)
if len(ms) == 0:
b = bakery.Bakery(key=discharge_key)
m = b.oven.macaroon(
version=bakery.LATEST_VERSION,
expiry=datetime.utcnow() + timedelta(days=1),
caveats=[
bakery.local_third_party_caveat(
public_key,
version=httpbakery.request_version(
request.headers))
],
ops=[bakery.Op(entity='agent', action='login')])
content, headers = httpbakery.discharge_required_response(
m, '/', 'test', 'message')
resp = response(status_code=401,
content=content,
headers=headers)
return request.hooks['response'][0](resp)
return {'status_code': 200, 'content': {'agent-login': True}}
def cookie_parts(name, kaka):
cookie_obj = SimpleCookie(kaka)
morsel = cookie_obj.get(name)
if morsel:
return morsel.value.split("|")
else:
return None
def _prepare_response(self, res_info, url):
res = requests.Response()
res.url = res_info.get('url', url)
res.status_code = res_info.get('status_code', 200)
res.reason_phrase = res_info.get(
'reason_phrase',
REASON_PHRASES.get(res.status_code, 'UNKNOWN STATUS CODE'))
if 'reason' in res_info:
res.reason = res_info['reason']
if 'headers' in res_info:
res.headers.update(res_info['headers'])
if 'Set-Cookie' in res_info[
'headers'] and 'cookies' not in res_info:
cookies = SimpleCookie()
for entry in res_info['headers']['Set-Cookie'].split(','):
cookies.load(str(entry))
res.cookies.update(cookies)
if 'cookies' in res_info:
res.cookies.update(res_info['cookies'])
res.raw = StreamContent(res_info.get('content', ''))
return res
def quiet_rewrite(self, cookie_str, header='Set-Cookie'):
# begin Perma customization
from pywb.rewrite.cookie_rewriter import six
from six.moves.http_cookies import SimpleCookie, CookieError
import logging
# end Perma customization
results = []
cookie_str = self.REMOVE_EXPIRES.sub('', cookie_str)
try:
cookie = SimpleCookie(cookie_str)
except CookieError as e:
# begin Perma customization
logger = logging.getLogger(__name__)
logger.info(e, exc_info=True)
# end Perma customization
return results
for name, morsel in six.iteritems(cookie):
morsel = self.rewrite_cookie(name, morsel)
self._filter_morsel(morsel)
if not self.add_prefix_cookie_for_all_mods(morsel, results, header):
value = morsel.OutputString()
results.append((header, value))
return results
def test_session_is_regularly_refreshed(self):
alice = self.make_participant('alice')
alice.authenticated = True
alice.sign_in(SimpleCookie())
cookies = SimpleCookie()
alice.keep_signed_in(cookies)
assert SESSION not in cookies
cookies = SimpleCookie()
alice.session = self.db.one(
"""
UPDATE user_secrets
SET mtime = mtime - %s
WHERE participant = %s
RETURNING id, secret, mtime
""", (SESSION_REFRESH, alice.id))
alice.keep_signed_in(cookies)
assert SESSION in cookies
def test_log_in_with_old_session(self):
alice = self.make_participant('alice')
alice.update_session('x', utcnow() - timedelta(days=1))
alice.authenticated = True
cookies = SimpleCookie()
alice.sign_in(cookies)
print(cookies)
self.check_with_about_me('alice', cookies)
def test_log_in_switch_user(self):
alice = self.make_participant('alice')
alice.update_password(password)
bob = self.make_participant('bob')
bob.authenticated = True
cookies = SimpleCookie()
bob.sign_in(cookies)
self.log_in_and_check(alice, password, cookies=cookies)
def set_cookie(self, user):
uid = rndstr(32)
self.uid2user[uid] = user
cookie = SimpleCookie()
cookie[self.cookie_name] = uid
cookie[self.cookie_name]["path"] = "/"
cookie[self.cookie_name]["expires"] = _expiration(480)
logger.debug("Cookie expires: %s", cookie[self.cookie_name]["expires"])
return cookie.output().split(": ", 1)
def curl_to_request_kwargs(curl_command, ignore_unknown_options=True):
"""Convert a cURL command syntax to Request kwargs.
:param str curl_command: string containing the curl command
:param bool ignore_unknown_options: If true, only a warning is emitted when
cURL options are unknown. Otherwise raises an error. (default: True)
:return: dictionary of Request kwargs
"""
curl_args = split(curl_command)
if curl_args[0] != 'curl':
raise ValueError('A curl command must start with "curl"')
parsed_args, argv = curl_parser.parse_known_args(curl_args[1:])
if argv:
msg = 'Unrecognized options: {}'.format(', '.join(argv))
if ignore_unknown_options:
warnings.warn(msg)
else:
raise ValueError(msg)
url = parsed_args.url
# curl automatically prepends 'http' if the scheme is missing, but Request
# needs the scheme to work
parsed_url = urlparse(url)
if not parsed_url.scheme:
url = 'http://' + url
result = {'method': parsed_args.method.upper(), 'url': url}
headers = []
cookies = {}
for header in parsed_args.headers or ():
name, val = header.split(':', 1)
name = name.strip()
val = val.strip()
if name.title() == 'Cookie':
for name, morsel in iteritems(SimpleCookie(val)):
cookies[name] = morsel.value
else:
headers.append((name, val))
if parsed_args.auth:
user, password = parsed_args.auth.split(':', 1)
headers.append(('Authorization', basic_auth_header(user, password)))
if headers:
result['headers'] = headers
if cookies:
result['cookies'] = cookies
if parsed_args.data:
result['body'] = parsed_args.data
return result
def _assert_cookies_expired(self, http_headers):
cookies_string = ";".join(
[c[1] for c in http_headers if c[0] == "Set-Cookie"])
all_cookies = SimpleCookie()
all_cookies.load(cookies_string)
now = datetime.datetime.now()
for c in [self.provider.cookie_name, self.provider.session_cookie_name]:
dt = datetime.datetime.strptime(all_cookies[c]["expires"],
"%a, %d-%b-%Y %H:%M:%S GMT")
assert dt < now # make sure the cookies have expired to be cleared
def cookies(self):
cookies = SimpleCookie()
cookie_header = self.environ.get("HTTP_COOKIE")
if cookie_header:
galaxy_cookies = "; ".join(x.strip() for x in cookie_header.split('; ') if x.startswith('galaxy'))
if galaxy_cookies:
try:
cookies.load(galaxy_cookies)
except CookieError:
pass
return cookies
def test_session_cookie_is_secure_if_it_should_be(self):
canonical_scheme = self.client.website.canonical_scheme
self.client.website.canonical_scheme = 'https'
try:
cookies = SimpleCookie()
alice = self.make_participant('alice')
alice.authenticated = True
alice.sign_in(cookies)
assert '; secure' in cookies[SESSION].output().lower()
finally:
self.client.website.canonical_scheme = canonical_scheme
def _process_cookies(self, headers):
"""
Process and store cookies from response headers
:param headers:
:return:
"""
cdata = headers.get("Set-Cookie")
if not cdata:
return
if not self.cookies:
self.cookies = SimpleCookie()
self.cookies.load(cdata)
def fromRawString(raw):
try:
sc = SimpleCookie(raw)
for key, cookie in sc.items():
try:
return Cookie(key, cookie['domain'], cookie['path'], raw,
cookie['expires'], True)
except:
return None
except CookieError as e:
print(e)
return None
def store_cookies(self, response):
headers = filter(lambda h: h[0].lower() == "set-cookie", response.getheaders())
for header in headers:
cookie = SimpleCookie(header[1])
for morsel in cookie.values():
if morsel.key not in self._keys:
self._keys.append(morsel.key)
self._content[morsel.key] = morsel.value
logger.debug("--> Set cookie %s: %s" % (morsel.key, morsel.value))
logger.debug("CookieJar contents: %s\n%s" % (self._keys, self._content))
def _handle_cookies(self, response):
# type: (httplib.HTTPResponse) -> None
"""
Parse cookies from |HTTP| response and store for next request.
:param httplib.HTTPResponse: The |HTTP| response.
"""
# FIXME: this cookie handling doesn't respect path, domain and expiry
cookies = SimpleCookie()
cookies.load(response.getheader('set-cookie', ''))
self.cookies.update(
dict((cookie.key, cookie.value) for cookie in cookies.values()))
