| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 1 | # Simple test suite for Cookie.py |
| 2 | |
| Florent Xicluna | 6257a7b | 2010-03-31 22:01:03 +0000 | [diff] [blame] | 3 | from test.test_support import run_unittest, run_doctest, check_warnings |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 4 | import unittest |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 5 | import Cookie |
| Serhiy Storchaka | 186c5f0 | 2014-11-02 22:35:47 +0200 | [diff] [blame] | 6 | import pickle |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 7 | |
| Andrew M. Kuchling | 4464432 | 2002-12-29 16:45:06 +0000 | [diff] [blame] | 8 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 9 | class CookieTests(unittest.TestCase): |
| 10 | # Currently this only tests SimpleCookie |
| 11 | def test_basic(self): |
| 12 | cases = [ |
| 13 | { 'data': 'chips=ahoy; vienna=finger', |
| 14 | 'dict': {'chips':'ahoy', 'vienna':'finger'}, |
| 15 | 'repr': "<SimpleCookie: chips='ahoy' vienna='finger'>", |
| 16 | 'output': 'Set-Cookie: chips=ahoy\nSet-Cookie: vienna=finger', |
| 17 | }, |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 18 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 19 | { 'data': 'keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"', |
| 20 | 'dict': {'keebler' : 'E=mc2; L="Loves"; fudge=\012;'}, |
| 21 | 'repr': '''<SimpleCookie: keebler='E=mc2; L="Loves"; fudge=\\n;'>''', |
| 22 | 'output': 'Set-Cookie: keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"', |
| 23 | }, |
| Andrew M. Kuchling | 8b94b1c | 2001-02-21 01:17:54 +0000 | [diff] [blame] | 24 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 25 | # Check illegal cookies that have an '=' char in an unquoted value |
| 26 | { 'data': 'keebler=E=mc2', |
| 27 | 'dict': {'keebler' : 'E=mc2'}, |
| 28 | 'repr': "<SimpleCookie: keebler='E=mc2'>", |
| 29 | 'output': 'Set-Cookie: keebler=E=mc2', |
| 30 | } |
| 31 | ] |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 32 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 33 | for case in cases: |
| 34 | C = Cookie.SimpleCookie() |
| 35 | C.load(case['data']) |
| 36 | self.assertEqual(repr(C), case['repr']) |
| 37 | self.assertEqual(C.output(sep='\n'), case['output']) |
| 38 | for k, v in sorted(case['dict'].iteritems()): |
| 39 | self.assertEqual(C[k].value, v) |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 40 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 41 | def test_load(self): |
| 42 | C = Cookie.SimpleCookie() |
| 43 | C.load('Customer="WILE_E_COYOTE"; Version=1; Path=/acme') |
| Andrew M. Kuchling | cdec8c7 | 2000-08-19 15:21:12 +0000 | [diff] [blame] | 44 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 45 | self.assertEqual(C['Customer'].value, 'WILE_E_COYOTE') |
| 46 | self.assertEqual(C['Customer']['version'], '1') |
| 47 | self.assertEqual(C['Customer']['path'], '/acme') |
| Moshe Zadka | 514a102 | 2000-08-19 15:57:33 +0000 | [diff] [blame] | 48 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 49 | self.assertEqual(C.output(['path']), |
| 50 | 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme') |
| Senthil Kumaran | c730a6a | 2009-04-02 03:00:34 +0000 | [diff] [blame] | 51 | self.assertEqual(C.js_output(), r""" |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 52 | <script type="text/javascript"> |
| 53 | <!-- begin hiding |
| Senthil Kumaran | c730a6a | 2009-04-02 03:00:34 +0000 | [diff] [blame] | 54 | document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1"; |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 55 | // end hiding --> |
| 56 | </script> |
| 57 | """) |
| Senthil Kumaran | c730a6a | 2009-04-02 03:00:34 +0000 | [diff] [blame] | 58 | self.assertEqual(C.js_output(['path']), r""" |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 59 | <script type="text/javascript"> |
| 60 | <!-- begin hiding |
| Senthil Kumaran | c730a6a | 2009-04-02 03:00:34 +0000 | [diff] [blame] | 61 | document.cookie = "Customer=\"WILE_E_COYOTE\"; Path=/acme"; |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 62 | // end hiding --> |
| 63 | </script> |
| 64 | """) |
| Moshe Zadka | 514a102 | 2000-08-19 15:57:33 +0000 | [diff] [blame] | 65 | |
| Georg Brandl | 78e6957 | 2010-08-01 18:52:52 +0000 | [diff] [blame] | 66 | # loading 'expires' |
| 67 | C = Cookie.SimpleCookie() |
| Senthil Kumaran | f439a36 | 2012-05-20 12:02:44 +0800 | [diff] [blame] | 68 | C.load('Customer="W"; expires=Wed, 01 Jan 2010 00:00:00 GMT') |
| Georg Brandl | 78e6957 | 2010-08-01 18:52:52 +0000 | [diff] [blame] | 69 | self.assertEqual(C['Customer']['expires'], |
| Senthil Kumaran | f439a36 | 2012-05-20 12:02:44 +0800 | [diff] [blame] | 70 | 'Wed, 01 Jan 2010 00:00:00 GMT') |
| Georg Brandl | 78e6957 | 2010-08-01 18:52:52 +0000 | [diff] [blame] | 71 | C = Cookie.SimpleCookie() |
| Senthil Kumaran | f439a36 | 2012-05-20 12:02:44 +0800 | [diff] [blame] | 72 | C.load('Customer="W"; expires=Wed, 01 Jan 98 00:00:00 GMT') |
| Georg Brandl | 78e6957 | 2010-08-01 18:52:52 +0000 | [diff] [blame] | 73 | self.assertEqual(C['Customer']['expires'], |
| Senthil Kumaran | f439a36 | 2012-05-20 12:02:44 +0800 | [diff] [blame] | 74 | 'Wed, 01 Jan 98 00:00:00 GMT') |
| Georg Brandl | 78e6957 | 2010-08-01 18:52:52 +0000 | [diff] [blame] | 75 | |
| R. David Murray | 08fc701 | 2010-12-28 19:11:03 +0000 | [diff] [blame] | 76 | def test_extended_encode(self): |
| 77 | # Issue 9824: some browsers don't follow the standard; we now |
| 78 | # encode , and ; to keep them from tripping up. |
| 79 | C = Cookie.SimpleCookie() |
| 80 | C['val'] = "some,funky;stuff" |
| 81 | self.assertEqual(C.output(['val']), |
| 82 | 'Set-Cookie: val="some\\054funky\\073stuff"') |
| 83 | |
| Berker Peksag | cf0a706 | 2014-07-02 10:48:27 +0300 | [diff] [blame] | 84 | def test_set_secure_httponly_attrs(self): |
| 85 | C = Cookie.SimpleCookie('Customer="WILE_E_COYOTE"') |
| 86 | C['Customer']['secure'] = True |
| 87 | C['Customer']['httponly'] = True |
| 88 | self.assertEqual(C.output(), |
| 89 | 'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure') |
| 90 | |
| 91 | def test_secure_httponly_false_if_not_present(self): |
| 92 | C = Cookie.SimpleCookie() |
| 93 | C.load('eggs=scrambled; Path=/bacon') |
| 94 | self.assertFalse(C['eggs']['httponly']) |
| 95 | self.assertFalse(C['eggs']['secure']) |
| 96 | |
| 97 | def test_secure_httponly_true_if_present(self): |
| 98 | # Issue 16611 |
| 99 | C = Cookie.SimpleCookie() |
| 100 | C.load('eggs=scrambled; httponly; secure; Path=/bacon') |
| 101 | self.assertTrue(C['eggs']['httponly']) |
| 102 | self.assertTrue(C['eggs']['secure']) |
| 103 | |
| 104 | def test_secure_httponly_true_if_have_value(self): |
| 105 | # This isn't really valid, but demonstrates what the current code |
| 106 | # is expected to do in this case. |
| 107 | C = Cookie.SimpleCookie() |
| 108 | C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon') |
| 109 | self.assertTrue(C['eggs']['httponly']) |
| 110 | self.assertTrue(C['eggs']['secure']) |
| 111 | # Here is what it actually does; don't depend on this behavior. These |
| 112 | # checks are testing backward compatibility for issue 16611. |
| 113 | self.assertEqual(C['eggs']['httponly'], 'foo') |
| 114 | self.assertEqual(C['eggs']['secure'], 'bar') |
| 115 | |
| 116 | def test_bad_attrs(self): |
| 117 | # Issue 16611: make sure we don't break backward compatibility. |
| 118 | C = Cookie.SimpleCookie() |
| 119 | C.load('cookie=with; invalid; version; second=cookie;') |
| 120 | self.assertEqual(C.output(), |
| 121 | 'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie') |
| 122 | |
| 123 | def test_extra_spaces(self): |
| 124 | C = Cookie.SimpleCookie() |
| 125 | C.load('eggs = scrambled ; secure ; path = bar ; foo=foo ') |
| 126 | self.assertEqual(C.output(), |
| 127 | 'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo') |
| 128 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 129 | def test_quoted_meta(self): |
| 130 | # Try cookie with quoted meta-data |
| 131 | C = Cookie.SimpleCookie() |
| 132 | C.load('Customer="WILE_E_COYOTE"; Version="1"; Path="/acme"') |
| 133 | self.assertEqual(C['Customer'].value, 'WILE_E_COYOTE') |
| 134 | self.assertEqual(C['Customer']['version'], '1') |
| 135 | self.assertEqual(C['Customer']['path'], '/acme') |
| Tim Peters | eb26f95 | 2001-04-06 21:20:58 +0000 | [diff] [blame] | 136 | |
| Guido van Rossum | c9cdd0c | 2014-09-16 15:45:36 -0700 | [diff] [blame] | 137 | def test_invalid_cookies(self): |
| 138 | # Accepting these could be a security issue |
| 139 | C = Cookie.SimpleCookie() |
| 140 | for s in (']foo=x', '[foo=x', 'blah]foo=x', 'blah[foo=x'): |
| 141 | C.load(s) |
| 142 | self.assertEqual(dict(C), {}) |
| 143 | self.assertEqual(C.output(), '') |
| 144 | |
| Serhiy Storchaka | 186c5f0 | 2014-11-02 22:35:47 +0200 | [diff] [blame] | 145 | def test_pickle(self): |
| 146 | rawdata = 'Customer="WILE_E_COYOTE"; Path=/acme; Version=1' |
| 147 | expected_output = 'Set-Cookie: %s' % rawdata |
| 148 | |
| 149 | C = Cookie.SimpleCookie() |
| 150 | C.load(rawdata) |
| 151 | self.assertEqual(C.output(), expected_output) |
| 152 | |
| 153 | for proto in range(pickle.HIGHEST_PROTOCOL + 1): |
| 154 | C1 = pickle.loads(pickle.dumps(C, protocol=proto)) |
| 155 | self.assertEqual(C1.output(), expected_output) |
| 156 | |
| Guido van Rossum | c9cdd0c | 2014-09-16 15:45:36 -0700 | [diff] [blame] | 157 | |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 158 | def test_main(): |
| 159 | run_unittest(CookieTests) |
| Benjamin Peterson | bf67ba8 | 2012-10-16 09:51:46 -0400 | [diff] [blame] | 160 | if Cookie.__doc__ is not None: |
| 161 | with check_warnings(('.+Cookie class is insecure; do not use it', |
| 162 | DeprecationWarning)): |
| 163 | run_doctest(Cookie) |
| Georg Brandl | a962eb3 | 2006-10-29 19:51:16 +0000 | [diff] [blame] | 164 | |
| 165 | if __name__ == '__main__': |
| 166 | test_main() |