2011-05-21 22:41:14 +08:00
|
|
|
from django.core import signing
|
|
|
|
from django.http import HttpRequest, HttpResponse
|
2015-04-18 05:38:20 +08:00
|
|
|
from django.test import SimpleTestCase, override_settings
|
2014-11-11 02:33:49 +08:00
|
|
|
from django.test.utils import freeze_time
|
2011-05-21 22:41:14 +08:00
|
|
|
|
2011-10-14 05:34:56 +08:00
|
|
|
|
2015-04-18 05:38:20 +08:00
|
|
|
class SignedCookieTest(SimpleTestCase):
|
2011-05-21 22:41:14 +08:00
|
|
|
|
|
|
|
def test_can_set_and_read_signed_cookies(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('c', 'hello')
|
|
|
|
self.assertIn('c', response.cookies)
|
|
|
|
self.assertTrue(response.cookies['c'].value.startswith('hello:'))
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['c'] = response.cookies['c'].value
|
|
|
|
value = request.get_signed_cookie('c')
|
2012-06-08 00:08:47 +08:00
|
|
|
self.assertEqual(value, 'hello')
|
2011-05-21 22:41:14 +08:00
|
|
|
|
|
|
|
def test_can_use_salt(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('a', 'hello', salt='one')
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['a'] = response.cookies['a'].value
|
|
|
|
value = request.get_signed_cookie('a', salt='one')
|
2012-06-08 00:08:47 +08:00
|
|
|
self.assertEqual(value, 'hello')
|
2016-01-17 19:26:39 +08:00
|
|
|
with self.assertRaises(signing.BadSignature):
|
|
|
|
request.get_signed_cookie('a', salt='two')
|
2011-05-21 22:41:14 +08:00
|
|
|
|
|
|
|
def test_detects_tampering(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('c', 'hello')
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['c'] = response.cookies['c'].value[:-2] + '$$'
|
2016-01-17 19:26:39 +08:00
|
|
|
with self.assertRaises(signing.BadSignature):
|
|
|
|
request.get_signed_cookie('c')
|
2011-05-21 22:41:14 +08:00
|
|
|
|
2014-11-04 06:48:03 +08:00
|
|
|
def test_default_argument_suppresses_exceptions(self):
|
2011-05-21 22:41:14 +08:00
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('c', 'hello')
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['c'] = response.cookies['c'].value[:-2] + '$$'
|
2016-06-17 02:19:18 +08:00
|
|
|
self.assertIsNone(request.get_signed_cookie('c', default=None))
|
2011-05-21 22:41:14 +08:00
|
|
|
|
|
|
|
def test_max_age_argument(self):
|
2012-06-08 00:08:47 +08:00
|
|
|
value = 'hello'
|
2014-11-11 02:33:49 +08:00
|
|
|
with freeze_time(123456789):
|
2011-05-21 22:41:14 +08:00
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('c', value)
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['c'] = response.cookies['c'].value
|
|
|
|
self.assertEqual(request.get_signed_cookie('c'), value)
|
|
|
|
|
2014-11-11 02:33:49 +08:00
|
|
|
with freeze_time(123456800):
|
2011-05-21 22:41:14 +08:00
|
|
|
self.assertEqual(request.get_signed_cookie('c', max_age=12), value)
|
|
|
|
self.assertEqual(request.get_signed_cookie('c', max_age=11), value)
|
2016-01-17 19:26:39 +08:00
|
|
|
with self.assertRaises(signing.SignatureExpired):
|
|
|
|
request.get_signed_cookie('c', max_age=10)
|
2014-02-16 21:47:51 +08:00
|
|
|
|
2014-04-08 23:21:20 +08:00
|
|
|
@override_settings(SECRET_KEY=b'\xe7')
|
2014-02-16 21:47:51 +08:00
|
|
|
def test_signed_cookies_with_binary_key(self):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.set_signed_cookie('c', 'hello')
|
|
|
|
|
|
|
|
request = HttpRequest()
|
|
|
|
request.COOKIES['c'] = response.cookies['c'].value
|
|
|
|
self.assertEqual(request.get_signed_cookie('c'), 'hello')
|