Skip to content

Commit

Permalink
Do not filter cookies if unsafe flag provided (#1005)
Browse files Browse the repository at this point in the history 
* Add test for unsafe cookies jar

* Remove code duplication and make base class for testing CookieJar
  • Loading branch information
@bmwant @asvetlov
bmwant authored and asvetlov committed Jul 26, 2016
1 parent b637251 commit 7dad207
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 22 deletions.
2 changes: 1 addition & 1 deletion aiohttp/helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -701,7 +701,7 @@ def filter_cookies(self, request_url):

hostname = url_parsed.hostname or ""

if is_ip_address(hostname):
if not self._unsafe and is_ip_address(hostname):
continue

if name in self._host_only_cookies:
Expand Down
84 changes: 63 additions & 21 deletions tests/test_helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,10 +273,41 @@ def test_is_ip_address():
assert not helpers.is_ip_address("1200::AB00:1234::2552:7777:1313")


class TestCookieJar(unittest.TestCase):
class TestCookieJarBase(unittest.TestCase):

def setUp(self):
self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(None)

# N.B. those need to be overriden in child test cases
self.jar = helpers.CookieJar(loop=self.loop)
# Cookies to send from client to server as "Cookie" header
self.cookies_to_send = http.cookies.SimpleCookie()
# Cookies received from the server as "Set-Cookie" header
self.cookies_to_receive = http.cookies.SimpleCookie()

def tearDown(self):
self.loop.close()

def request_reply_with_same_url(self, url):
self.jar.update_cookies(self.cookies_to_send)
cookies_sent = self.jar.filter_cookies(url)

self.jar.cookies.clear()

self.jar.update_cookies(self.cookies_to_receive, url)
cookies_received = self.jar.cookies.copy()

self.jar.cookies.clear()

return cookies_sent, cookies_received


class TestCookieJarSafe(TestCookieJarBase):

def setUp(self):
super().setUp()

self.cookies_to_send = http.cookies.SimpleCookie(
"shared-cookie=first; "
"domain-cookie=second; Domain=example.com; "
Expand All @@ -300,7 +331,6 @@ def setUp(self):
" Expires=string;"
)

# Cookies received from the server as "Set-Cookie" header
self.cookies_to_receive = http.cookies.SimpleCookie(
"unconstrained-cookie=first; Path=/; "
"domain-cookie=second; Domain=example.com; Path=/; "
Expand All @@ -313,27 +343,8 @@ def setUp(self):
"wrong-path-cookie=nineth; Domain=pathtest.com; Path=somepath;"
)

self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(None)

self.jar = helpers.CookieJar(loop=self.loop)

def tearDown(self):
self.loop.close()

def request_reply_with_same_url(self, url):
self.jar.update_cookies(self.cookies_to_send)
cookies_sent = self.jar.filter_cookies(url)

self.jar.cookies.clear()

self.jar.update_cookies(self.cookies_to_receive, url)
cookies_received = self.jar.cookies.copy()

self.jar.cookies.clear()

return cookies_sent, cookies_received

def timed_request(
self, url, update_time, send_time):
time_func = "time.monotonic"
Expand Down Expand Up @@ -676,3 +687,34 @@ def test_date_parsing(self):

# Invalid time
self.assertEqual(parse_func("Tue, 1 Jan 1970 77:88:99 GMT"), None)


class TestCookieJarUnsafe(TestCookieJarBase):

def setUp(self):
super().setUp()
self.cookies_to_send = http.cookies.SimpleCookie(
"shared-cookie=first; "
"ip-cookie=second; Domain=127.0.0.1;"
)

self.cookies_to_receive = http.cookies.SimpleCookie(
"shared-cookie=first; "
"ip-cookie=second; Domain=127.0.0.1;"
)

self.jar = helpers.CookieJar(loop=self.loop, unsafe=True)

def test_preserving_ip_domain_cookies(self):
cookies_sent, cookies_received = (
self.request_reply_with_same_url("http://127.0.0.1/"))

self.assertEqual(set(cookies_sent.keys()), {
"shared-cookie",
"ip-cookie",
})

self.assertEqual(set(cookies_received.keys()), {
"shared-cookie",
"ip-cookie",
})

0 comments on commit 7dad207

Please sign in to comment.