2000-08-19 12:21:12 -03:00
|
|
|
# Simple test suite for Cookie.py
|
|
|
|
|
2010-03-31 19:01:03 -03:00
|
|
|
from test.test_support import run_unittest, run_doctest, check_warnings
|
2006-10-29 15:51:16 -04:00
|
|
|
import unittest
|
2000-08-19 12:21:12 -03:00
|
|
|
import Cookie
|
2014-11-02 16:35:47 -04:00
|
|
|
import pickle
|
2000-08-19 12:21:12 -03:00
|
|
|
|
2002-12-29 12:45:06 -04:00
|
|
|
|
2006-10-29 15:51:16 -04:00
|
|
|
class CookieTests(unittest.TestCase):
|
|
|
|
# Currently this only tests SimpleCookie
|
|
|
|
def test_basic(self):
|
|
|
|
cases = [
|
|
|
|
{ 'data': 'chips=ahoy; vienna=finger',
|
|
|
|
'dict': {'chips':'ahoy', 'vienna':'finger'},
|
|
|
|
'repr': "<SimpleCookie: chips='ahoy' vienna='finger'>",
|
|
|
|
'output': 'Set-Cookie: chips=ahoy\nSet-Cookie: vienna=finger',
|
|
|
|
},
|
|
|
|
|
|
|
|
{ 'data': 'keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"',
|
|
|
|
'dict': {'keebler' : 'E=mc2; L="Loves"; fudge=\012;'},
|
|
|
|
'repr': '''<SimpleCookie: keebler='E=mc2; L="Loves"; fudge=\\n;'>''',
|
|
|
|
'output': 'Set-Cookie: keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"',
|
|
|
|
},
|
|
|
|
|
|
|
|
# Check illegal cookies that have an '=' char in an unquoted value
|
|
|
|
{ 'data': 'keebler=E=mc2',
|
|
|
|
'dict': {'keebler' : 'E=mc2'},
|
|
|
|
'repr': "<SimpleCookie: keebler='E=mc2'>",
|
|
|
|
'output': 'Set-Cookie: keebler=E=mc2',
|
2015-05-23 12:46:25 -03:00
|
|
|
},
|
|
|
|
|
|
|
|
# issue22931 - Adding '[' and ']' as valid characters in cookie
|
|
|
|
# values as defined in RFC 6265
|
|
|
|
{
|
|
|
|
'data': 'a=b; c=[; d=r; f=h',
|
|
|
|
'dict': {'a':'b', 'c':'[', 'd':'r', 'f':'h'},
|
|
|
|
'repr': "<SimpleCookie: a='b' c='[' d='r' f='h'>",
|
|
|
|
'output': '\n'.join((
|
|
|
|
'Set-Cookie: a=b',
|
|
|
|
'Set-Cookie: c=[',
|
|
|
|
'Set-Cookie: d=r',
|
|
|
|
'Set-Cookie: f=h'
|
|
|
|
))
|
2006-10-29 15:51:16 -04:00
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
for case in cases:
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load(case['data'])
|
|
|
|
self.assertEqual(repr(C), case['repr'])
|
|
|
|
self.assertEqual(C.output(sep='\n'), case['output'])
|
|
|
|
for k, v in sorted(case['dict'].iteritems()):
|
|
|
|
self.assertEqual(C[k].value, v)
|
|
|
|
|
|
|
|
def test_load(self):
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('Customer="WILE_E_COYOTE"; Version=1; Path=/acme')
|
|
|
|
|
|
|
|
self.assertEqual(C['Customer'].value, 'WILE_E_COYOTE')
|
|
|
|
self.assertEqual(C['Customer']['version'], '1')
|
|
|
|
self.assertEqual(C['Customer']['path'], '/acme')
|
|
|
|
|
|
|
|
self.assertEqual(C.output(['path']),
|
|
|
|
'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme')
|
2009-04-02 00:00:34 -03:00
|
|
|
self.assertEqual(C.js_output(), r"""
|
2006-10-29 15:51:16 -04:00
|
|
|
<script type="text/javascript">
|
|
|
|
<!-- begin hiding
|
2009-04-02 00:00:34 -03:00
|
|
|
document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1";
|
2006-10-29 15:51:16 -04:00
|
|
|
// end hiding -->
|
|
|
|
</script>
|
|
|
|
""")
|
2009-04-02 00:00:34 -03:00
|
|
|
self.assertEqual(C.js_output(['path']), r"""
|
2006-10-29 15:51:16 -04:00
|
|
|
<script type="text/javascript">
|
|
|
|
<!-- begin hiding
|
2009-04-02 00:00:34 -03:00
|
|
|
document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme";
|
2006-10-29 15:51:16 -04:00
|
|
|
// end hiding -->
|
|
|
|
</script>
|
|
|
|
""")
|
|
|
|
|
Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line
#1690103: fix initial namespace for code run with trace.main().
........
r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line
#4810: document "--" option separator in timeit help.
........
r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line
#8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
........
r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line
#4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line
#5551: symbolic links never can be mount points. Fixes the fix for #1713.
........
2010-08-01 15:52:52 -03:00
|
|
|
# loading 'expires'
|
|
|
|
C = Cookie.SimpleCookie()
|
2012-05-20 01:02:44 -03:00
|
|
|
C.load('Customer="W"; expires=Wed, 01 Jan 2010 00:00:00 GMT')
|
Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line
#1690103: fix initial namespace for code run with trace.main().
........
r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line
#4810: document "--" option separator in timeit help.
........
r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line
#8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
........
r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line
#4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line
#5551: symbolic links never can be mount points. Fixes the fix for #1713.
........
2010-08-01 15:52:52 -03:00
|
|
|
self.assertEqual(C['Customer']['expires'],
|
2012-05-20 01:02:44 -03:00
|
|
|
'Wed, 01 Jan 2010 00:00:00 GMT')
|
Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line
#1690103: fix initial namespace for code run with trace.main().
........
r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line
#4810: document "--" option separator in timeit help.
........
r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line
#8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
........
r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line
#4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line
#5551: symbolic links never can be mount points. Fixes the fix for #1713.
........
2010-08-01 15:52:52 -03:00
|
|
|
C = Cookie.SimpleCookie()
|
2012-05-20 01:02:44 -03:00
|
|
|
C.load('Customer="W"; expires=Wed, 01 Jan 98 00:00:00 GMT')
|
Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line
#1690103: fix initial namespace for code run with trace.main().
........
r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line
#4810: document "--" option separator in timeit help.
........
r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line
#8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
........
r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line
#4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line
#5551: symbolic links never can be mount points. Fixes the fix for #1713.
........
2010-08-01 15:52:52 -03:00
|
|
|
self.assertEqual(C['Customer']['expires'],
|
2012-05-20 01:02:44 -03:00
|
|
|
'Wed, 01 Jan 98 00:00:00 GMT')
|
Merged revisions 83393,83396,83398,83405,83408 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r83393 | georg.brandl | 2010-08-01 10:35:29 +0200 (So, 01 Aug 2010) | 1 line
#1690103: fix initial namespace for code run with trace.main().
........
r83396 | georg.brandl | 2010-08-01 10:52:32 +0200 (So, 01 Aug 2010) | 1 line
#4810: document "--" option separator in timeit help.
........
r83398 | georg.brandl | 2010-08-01 11:06:34 +0200 (So, 01 Aug 2010) | 1 line
#8826: the "expires" attribute value is a date string with spaces, but apparently not all user-agents put it in quotes. Handle that as a special case.
........
r83405 | georg.brandl | 2010-08-01 16:38:17 +0200 (So, 01 Aug 2010) | 1 line
#4943: do not try to include drive letters (and colons) when looking for a probably module name.
........
r83408 | georg.brandl | 2010-08-01 17:30:56 +0200 (So, 01 Aug 2010) | 1 line
#5551: symbolic links never can be mount points. Fixes the fix for #1713.
........
2010-08-01 15:52:52 -03:00
|
|
|
|
2010-12-28 15:11:03 -04:00
|
|
|
def test_extended_encode(self):
|
|
|
|
# Issue 9824: some browsers don't follow the standard; we now
|
|
|
|
# encode , and ; to keep them from tripping up.
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C['val'] = "some,funky;stuff"
|
|
|
|
self.assertEqual(C.output(['val']),
|
|
|
|
'Set-Cookie: val="some\\054funky\\073stuff"')
|
|
|
|
|
2014-07-02 04:48:27 -03:00
|
|
|
def test_set_secure_httponly_attrs(self):
|
|
|
|
C = Cookie.SimpleCookie('Customer="WILE_E_COYOTE"')
|
|
|
|
C['Customer']['secure'] = True
|
|
|
|
C['Customer']['httponly'] = True
|
|
|
|
self.assertEqual(C.output(),
|
|
|
|
'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
|
|
|
|
|
|
|
|
def test_secure_httponly_false_if_not_present(self):
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('eggs=scrambled; Path=/bacon')
|
|
|
|
self.assertFalse(C['eggs']['httponly'])
|
|
|
|
self.assertFalse(C['eggs']['secure'])
|
|
|
|
|
|
|
|
def test_secure_httponly_true_if_present(self):
|
|
|
|
# Issue 16611
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('eggs=scrambled; httponly; secure; Path=/bacon')
|
|
|
|
self.assertTrue(C['eggs']['httponly'])
|
|
|
|
self.assertTrue(C['eggs']['secure'])
|
|
|
|
|
|
|
|
def test_secure_httponly_true_if_have_value(self):
|
|
|
|
# This isn't really valid, but demonstrates what the current code
|
|
|
|
# is expected to do in this case.
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon')
|
|
|
|
self.assertTrue(C['eggs']['httponly'])
|
|
|
|
self.assertTrue(C['eggs']['secure'])
|
|
|
|
# Here is what it actually does; don't depend on this behavior. These
|
|
|
|
# checks are testing backward compatibility for issue 16611.
|
|
|
|
self.assertEqual(C['eggs']['httponly'], 'foo')
|
|
|
|
self.assertEqual(C['eggs']['secure'], 'bar')
|
|
|
|
|
|
|
|
def test_bad_attrs(self):
|
|
|
|
# Issue 16611: make sure we don't break backward compatibility.
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('cookie=with; invalid; version; second=cookie;')
|
|
|
|
self.assertEqual(C.output(),
|
|
|
|
'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie')
|
|
|
|
|
|
|
|
def test_extra_spaces(self):
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ')
|
|
|
|
self.assertEqual(C.output(),
|
|
|
|
'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
|
|
|
|
|
2006-10-29 15:51:16 -04:00
|
|
|
def test_quoted_meta(self):
|
|
|
|
# Try cookie with quoted meta-data
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load('Customer="WILE_E_COYOTE"; Version="1"; Path="/acme"')
|
|
|
|
self.assertEqual(C['Customer'].value, 'WILE_E_COYOTE')
|
|
|
|
self.assertEqual(C['Customer']['version'], '1')
|
|
|
|
self.assertEqual(C['Customer']['path'], '/acme')
|
|
|
|
|
2014-09-16 19:45:36 -03:00
|
|
|
def test_invalid_cookies(self):
|
|
|
|
# Accepting these could be a security issue
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
for s in (']foo=x', '[foo=x', 'blah]foo=x', 'blah[foo=x'):
|
|
|
|
C.load(s)
|
|
|
|
self.assertEqual(dict(C), {})
|
|
|
|
self.assertEqual(C.output(), '')
|
|
|
|
|
2014-11-02 16:35:47 -04:00
|
|
|
def test_pickle(self):
|
|
|
|
rawdata = 'Customer="WILE_E_COYOTE"; Path=/acme; Version=1'
|
|
|
|
expected_output = 'Set-Cookie: %s' % rawdata
|
|
|
|
|
|
|
|
C = Cookie.SimpleCookie()
|
|
|
|
C.load(rawdata)
|
|
|
|
self.assertEqual(C.output(), expected_output)
|
|
|
|
|
|
|
|
for proto in range(pickle.HIGHEST_PROTOCOL + 1):
|
|
|
|
C1 = pickle.loads(pickle.dumps(C, protocol=proto))
|
|
|
|
self.assertEqual(C1.output(), expected_output)
|
|
|
|
|
2014-09-16 19:45:36 -03:00
|
|
|
|
2006-10-29 15:51:16 -04:00
|
|
|
def test_main():
|
|
|
|
run_unittest(CookieTests)
|
2012-10-16 10:51:46 -03:00
|
|
|
if Cookie.__doc__ is not None:
|
|
|
|
with check_warnings(('.+Cookie class is insecure; do not use it',
|
|
|
|
DeprecationWarning)):
|
|
|
|
run_doctest(Cookie)
|
2006-10-29 15:51:16 -04:00
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
test_main()
|