2022-03-07 07:24:59 +01:00
|
|
|
from datetime import timedelta
|
|
|
|
|
2011-05-21 14:41:14 +00:00
|
|
|
from django.core import signing
|
|
|
|
from django.http import HttpRequest, HttpResponse
|
2015-04-17 17:38:20 -04:00
|
|
|
from django.test import SimpleTestCase, override_settings
|
2014-11-10 19:33:49 +01:00
|
|
|
from django.test.utils import freeze_time
|
2011-05-21 14:41:14 +00:00
|
|
|
|
2011-10-13 21:34:56 +00:00
|
|
|
|
2015-04-17 17:38:20 -04:00
|
|
|
class SignedCookieTest(SimpleTestCase):
|
2011-05-21 14:41:14 +00:00
|
|
|
def test_can_set_and_read_signed_cookies(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", "hello")
|
|
|
|
self.assertIn("c", response.cookies)
|
|
|
|
self.assertTrue(response.cookies["c"].value.startswith("hello:"))
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["c"] = response.cookies["c"].value
|
|
|
|
value = request.get_signed_cookie("c")
|
2012-06-07 18:08:47 +02:00
|
|
|
self.assertEqual(value, "hello")
|
2011-05-21 14:41:14 +00:00
|
|
|
|
|
|
|
def test_can_use_salt(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("a", "hello", salt="one")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["a"] = response.cookies["a"].value
|
|
|
|
value = request.get_signed_cookie("a", salt="one")
|
2012-06-07 18:08:47 +02:00
|
|
|
self.assertEqual(value, "hello")
|
2016-01-17 14:56:39 +03:30
|
|
|
with self.assertRaises(signing.BadSignature):
|
|
|
|
request.get_signed_cookie("a", salt="two")
|
2011-05-21 14:41:14 +00:00
|
|
|
|
|
|
|
def test_detects_tampering(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", "hello")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["c"] = response.cookies["c"].value[:-2] + "$$"
|
2016-01-17 14:56:39 +03:30
|
|
|
with self.assertRaises(signing.BadSignature):
|
|
|
|
request.get_signed_cookie("c")
|
2011-05-21 14:41:14 +00:00
|
|
|
|
2014-11-03 22:48:03 +00:00
|
|
|
def test_default_argument_suppresses_exceptions(self):
|
2011-05-21 14:41:14 +00:00
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", "hello")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["c"] = response.cookies["c"].value[:-2] + "$$"
|
2016-06-16 11:19:18 -07:00
|
|
|
self.assertIsNone(request.get_signed_cookie("c", default=None))
|
2011-05-21 14:41:14 +00:00
|
|
|
|
|
|
|
def test_max_age_argument(self):
|
2012-06-07 18:08:47 +02:00
|
|
|
value = "hello"
|
2014-11-10 19:33:49 +01:00
|
|
|
with freeze_time(123456789):
|
2011-05-21 14:41:14 +00:00
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", value)
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["c"] = response.cookies["c"].value
|
|
|
|
self.assertEqual(request.get_signed_cookie("c"), value)
|
|
|
|
|
2014-11-10 19:33:49 +01:00
|
|
|
with freeze_time(123456800):
|
2011-05-21 14:41:14 +00:00
|
|
|
self.assertEqual(request.get_signed_cookie("c", max_age=12), value)
|
|
|
|
self.assertEqual(request.get_signed_cookie("c", max_age=11), value)
|
2022-03-07 07:24:59 +01:00
|
|
|
self.assertEqual(
|
|
|
|
request.get_signed_cookie("c", max_age=timedelta(seconds=11)), value
|
|
|
|
)
|
2016-01-17 14:56:39 +03:30
|
|
|
with self.assertRaises(signing.SignatureExpired):
|
|
|
|
request.get_signed_cookie("c", max_age=10)
|
2022-03-07 07:24:59 +01:00
|
|
|
with self.assertRaises(signing.SignatureExpired):
|
|
|
|
request.get_signed_cookie("c", max_age=timedelta(seconds=10))
|
2014-02-16 14:47:51 +01:00
|
|
|
|
2022-03-04 12:57:10 +00:00
|
|
|
def test_set_signed_cookie_max_age_argument(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", "value", max_age=100)
|
|
|
|
self.assertEqual(response.cookies["c"]["max-age"], 100)
|
|
|
|
response.set_signed_cookie("d", "value", max_age=timedelta(hours=2))
|
|
|
|
self.assertEqual(response.cookies["d"]["max-age"], 7200)
|
|
|
|
|
2014-04-08 08:21:20 -07:00
|
|
|
@override_settings(SECRET_KEY=b"\xe7")
|
2014-02-16 14:47:51 +01:00
|
|
|
def test_signed_cookies_with_binary_key(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie("c", "hello")
|
|
|
|
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES["c"] = response.cookies["c"].value
|
|
|
|
self.assertEqual(request.get_signed_cookie("c"), "hello")
|