1"""Tests for http/cookiejar.py.""" 2 3import os 4import re 5import test.support 6from test.support import os_helper 7from test.support import warnings_helper 8import time 9import unittest 10import urllib.request 11import pathlib 12 13from http.cookiejar import (time2isoz, http2time, iso2time, time2netscape, 14 parse_ns_headers, join_header_words, split_header_words, Cookie, 15 CookieJar, DefaultCookiePolicy, LWPCookieJar, MozillaCookieJar, 16 LoadError, lwp_cookie_str, DEFAULT_HTTP_PORT, escape_path, 17 reach, is_HDN, domain_match, user_domain_match, request_path, 18 request_port, request_host) 19 20 21class DateTimeTests(unittest.TestCase): 22 23 def test_time2isoz(self): 24 base = 1019227000 25 day = 24*3600 26 self.assertEqual(time2isoz(base), "2002-04-19 14:36:40Z") 27 self.assertEqual(time2isoz(base+day), "2002-04-20 14:36:40Z") 28 self.assertEqual(time2isoz(base+2*day), "2002-04-21 14:36:40Z") 29 self.assertEqual(time2isoz(base+3*day), "2002-04-22 14:36:40Z") 30 31 az = time2isoz() 32 bz = time2isoz(500000) 33 for text in (az, bz): 34 self.assertRegex(text, r"^\d{4}-\d\d-\d\d \d\d:\d\d:\d\dZ$", 35 "bad time2isoz format: %s %s" % (az, bz)) 36 37 def test_time2netscape(self): 38 base = 1019227000 39 day = 24*3600 40 self.assertEqual(time2netscape(base), "Fri, 19-Apr-2002 14:36:40 GMT") 41 self.assertEqual(time2netscape(base+day), 42 "Sat, 20-Apr-2002 14:36:40 GMT") 43 44 self.assertEqual(time2netscape(base+2*day), 45 "Sun, 21-Apr-2002 14:36:40 GMT") 46 47 self.assertEqual(time2netscape(base+3*day), 48 "Mon, 22-Apr-2002 14:36:40 GMT") 49 50 az = time2netscape() 51 bz = time2netscape(500000) 52 for text in (az, bz): 53 # Format "%s, %02d-%s-%04d %02d:%02d:%02d GMT" 54 self.assertRegex( 55 text, 56 r"[a-zA-Z]{3}, \d{2}-[a-zA-Z]{3}-\d{4} \d{2}:\d{2}:\d{2} GMT$", 57 "bad time2netscape format: %s %s" % (az, bz)) 58 59 def test_http2time(self): 60 def parse_date(text): 61 return time.gmtime(http2time(text))[:6] 62 63 self.assertEqual(parse_date("01 Jan 2001"), (2001, 1, 1, 0, 0, 0.0)) 64 65 # this test will break around year 2070 66 self.assertEqual(parse_date("03-Feb-20"), (2020, 2, 3, 0, 0, 0.0)) 67 68 # this test will break around year 2048 69 self.assertEqual(parse_date("03-Feb-98"), (1998, 2, 3, 0, 0, 0.0)) 70 71 def test_http2time_formats(self): 72 # test http2time for supported dates. Test cases with 2 digit year 73 # will probably break in year 2044. 74 tests = [ 75 'Thu, 03 Feb 1994 00:00:00 GMT', # proposed new HTTP format 76 'Thursday, 03-Feb-94 00:00:00 GMT', # old rfc850 HTTP format 77 'Thursday, 03-Feb-1994 00:00:00 GMT', # broken rfc850 HTTP format 78 79 '03 Feb 1994 00:00:00 GMT', # HTTP format (no weekday) 80 '03-Feb-94 00:00:00 GMT', # old rfc850 (no weekday) 81 '03-Feb-1994 00:00:00 GMT', # broken rfc850 (no weekday) 82 '03-Feb-1994 00:00 GMT', # broken rfc850 (no weekday, no seconds) 83 '03-Feb-1994 00:00', # broken rfc850 (no weekday, no seconds, no tz) 84 '02-Feb-1994 24:00', # broken rfc850 (no weekday, no seconds, 85 # no tz) using hour 24 with yesterday date 86 87 '03-Feb-94', # old rfc850 HTTP format (no weekday, no time) 88 '03-Feb-1994', # broken rfc850 HTTP format (no weekday, no time) 89 '03 Feb 1994', # proposed new HTTP format (no weekday, no time) 90 91 # A few tests with extra space at various places 92 ' 03 Feb 1994 0:00 ', 93 ' 03-Feb-1994 ', 94 ] 95 96 test_t = 760233600 # assume broken POSIX counting of seconds 97 result = time2isoz(test_t) 98 expected = "1994-02-03 00:00:00Z" 99 self.assertEqual(result, expected, 100 "%s => '%s' (%s)" % (test_t, result, expected)) 101 102 for s in tests: 103 self.assertEqual(http2time(s), test_t, s) 104 self.assertEqual(http2time(s.lower()), test_t, s.lower()) 105 self.assertEqual(http2time(s.upper()), test_t, s.upper()) 106 107 def test_http2time_garbage(self): 108 for test in [ 109 '', 110 'Garbage', 111 'Mandag 16. September 1996', 112 '01-00-1980', 113 '01-13-1980', 114 '00-01-1980', 115 '32-01-1980', 116 '01-01-1980 25:00:00', 117 '01-01-1980 00:61:00', 118 '01-01-1980 00:00:62', 119 '08-Oct-3697739', 120 '08-01-3697739', 121 '09 Feb 19942632 22:23:32 GMT', 122 'Wed, 09 Feb 1994834 22:23:32 GMT', 123 ]: 124 self.assertIsNone(http2time(test), 125 "http2time(%s) is not None\n" 126 "http2time(test) %s" % (test, http2time(test))) 127 128 def test_http2time_redos_regression_actually_completes(self): 129 # LOOSE_HTTP_DATE_RE was vulnerable to malicious input which caused catastrophic backtracking (REDoS). 130 # If we regress to cubic complexity, this test will take a very long time to succeed. 131 # If fixed, it should complete within a fraction of a second. 132 http2time("01 Jan 1970{}00:00:00 GMT!".format(" " * 10 ** 5)) 133 http2time("01 Jan 1970 00:00:00{}GMT!".format(" " * 10 ** 5)) 134 135 def test_iso2time(self): 136 def parse_date(text): 137 return time.gmtime(iso2time(text))[:6] 138 139 # ISO 8601 compact format 140 self.assertEqual(parse_date("19940203T141529Z"), 141 (1994, 2, 3, 14, 15, 29)) 142 143 # ISO 8601 with time behind UTC 144 self.assertEqual(parse_date("1994-02-03 07:15:29 -0700"), 145 (1994, 2, 3, 14, 15, 29)) 146 147 # ISO 8601 with time ahead of UTC 148 self.assertEqual(parse_date("1994-02-03 19:45:29 +0530"), 149 (1994, 2, 3, 14, 15, 29)) 150 151 def test_iso2time_formats(self): 152 # test iso2time for supported dates. 153 tests = [ 154 '1994-02-03 00:00:00 -0000', # ISO 8601 format 155 '1994-02-03 00:00:00 +0000', # ISO 8601 format 156 '1994-02-03 00:00:00', # zone is optional 157 '1994-02-03', # only date 158 '1994-02-03T00:00:00', # Use T as separator 159 '19940203', # only date 160 '1994-02-02 24:00:00', # using hour-24 yesterday date 161 '19940203T000000Z', # ISO 8601 compact format 162 163 # A few tests with extra space at various places 164 ' 1994-02-03 ', 165 ' 1994-02-03T00:00:00 ', 166 ] 167 168 test_t = 760233600 # assume broken POSIX counting of seconds 169 for s in tests: 170 self.assertEqual(iso2time(s), test_t, s) 171 self.assertEqual(iso2time(s.lower()), test_t, s.lower()) 172 self.assertEqual(iso2time(s.upper()), test_t, s.upper()) 173 174 def test_iso2time_garbage(self): 175 for test in [ 176 '', 177 'Garbage', 178 'Thursday, 03-Feb-94 00:00:00 GMT', 179 '1980-00-01', 180 '1980-13-01', 181 '1980-01-00', 182 '1980-01-32', 183 '1980-01-01 25:00:00', 184 '1980-01-01 00:61:00', 185 '01-01-1980 00:00:62', 186 '01-01-1980T00:00:62', 187 '19800101T250000Z', 188 ]: 189 self.assertIsNone(iso2time(test), 190 "iso2time(%r)" % test) 191 192 def test_iso2time_performance_regression(self): 193 # If ISO_DATE_RE regresses to quadratic complexity, this test will take a very long time to succeed. 194 # If fixed, it should complete within a fraction of a second. 195 iso2time('1994-02-03{}14:15:29 -0100!'.format(' '*10**6)) 196 iso2time('1994-02-03 14:15:29{}-0100!'.format(' '*10**6)) 197 198 199class HeaderTests(unittest.TestCase): 200 201 def test_parse_ns_headers(self): 202 # quotes should be stripped 203 expected = [[('foo', 'bar'), ('expires', 2209069412), ('version', '0')]] 204 for hdr in [ 205 'foo=bar; expires=01 Jan 2040 22:23:32 GMT', 206 'foo=bar; expires="01 Jan 2040 22:23:32 GMT"', 207 ]: 208 self.assertEqual(parse_ns_headers([hdr]), expected) 209 210 def test_parse_ns_headers_version(self): 211 212 # quotes should be stripped 213 expected = [[('foo', 'bar'), ('version', '1')]] 214 for hdr in [ 215 'foo=bar; version="1"', 216 'foo=bar; Version="1"', 217 ]: 218 self.assertEqual(parse_ns_headers([hdr]), expected) 219 220 def test_parse_ns_headers_special_names(self): 221 # names such as 'expires' are not special in first name=value pair 222 # of Set-Cookie: header 223 # Cookie with name 'expires' 224 hdr = 'expires=01 Jan 2040 22:23:32 GMT' 225 expected = [[("expires", "01 Jan 2040 22:23:32 GMT"), ("version", "0")]] 226 self.assertEqual(parse_ns_headers([hdr]), expected) 227 228 def test_join_header_words(self): 229 joined = join_header_words([[("foo", None), ("bar", "baz")]]) 230 self.assertEqual(joined, "foo; bar=baz") 231 232 self.assertEqual(join_header_words([[]]), "") 233 234 def test_split_header_words(self): 235 tests = [ 236 ("foo", [[("foo", None)]]), 237 ("foo=bar", [[("foo", "bar")]]), 238 (" foo ", [[("foo", None)]]), 239 (" foo= ", [[("foo", "")]]), 240 (" foo=", [[("foo", "")]]), 241 (" foo= ; ", [[("foo", "")]]), 242 (" foo= ; bar= baz ", [[("foo", ""), ("bar", "baz")]]), 243 ("foo=bar bar=baz", [[("foo", "bar"), ("bar", "baz")]]), 244 # doesn't really matter if this next fails, but it works ATM 245 ("foo= bar=baz", [[("foo", "bar=baz")]]), 246 ("foo=bar;bar=baz", [[("foo", "bar"), ("bar", "baz")]]), 247 ('foo bar baz', [[("foo", None), ("bar", None), ("baz", None)]]), 248 ("a, b, c", [[("a", None)], [("b", None)], [("c", None)]]), 249 (r'foo; bar=baz, spam=, foo="\,\;\"", bar= ', 250 [[("foo", None), ("bar", "baz")], 251 [("spam", "")], [("foo", ',;"')], [("bar", "")]]), 252 ] 253 254 for arg, expect in tests: 255 try: 256 result = split_header_words([arg]) 257 except: 258 import traceback, io 259 f = io.StringIO() 260 traceback.print_exc(None, f) 261 result = "(error -- traceback follows)\n\n%s" % f.getvalue() 262 self.assertEqual(result, expect, """ 263When parsing: '%s' 264Expected: '%s' 265Got: '%s' 266""" % (arg, expect, result)) 267 268 def test_roundtrip(self): 269 tests = [ 270 ("foo", "foo"), 271 ("foo=bar", "foo=bar"), 272 (" foo ", "foo"), 273 ("foo=", 'foo=""'), 274 ("foo=bar bar=baz", "foo=bar; bar=baz"), 275 ("foo=bar;bar=baz", "foo=bar; bar=baz"), 276 ('foo bar baz', "foo; bar; baz"), 277 (r'foo="\"" bar="\\"', r'foo="\""; bar="\\"'), 278 ('foo,,,bar', 'foo, bar'), 279 ('foo=bar,bar=baz', 'foo=bar, bar=baz'), 280 281 ('text/html; charset=iso-8859-1', 282 'text/html; charset="iso-8859-1"'), 283 284 ('foo="bar"; port="80,81"; discard, bar=baz', 285 'foo=bar; port="80,81"; discard, bar=baz'), 286 287 (r'Basic realm="\"foo\\\\bar\""', 288 r'Basic; realm="\"foo\\\\bar\""') 289 ] 290 291 for arg, expect in tests: 292 input = split_header_words([arg]) 293 res = join_header_words(input) 294 self.assertEqual(res, expect, """ 295When parsing: '%s' 296Expected: '%s' 297Got: '%s' 298Input was: '%s' 299""" % (arg, expect, res, input)) 300 301 302class FakeResponse: 303 def __init__(self, headers=[], url=None): 304 """ 305 headers: list of RFC822-style 'Key: value' strings 306 """ 307 import email 308 self._headers = email.message_from_string("\n".join(headers)) 309 self._url = url 310 def info(self): return self._headers 311 312def interact_2965(cookiejar, url, *set_cookie_hdrs): 313 return _interact(cookiejar, url, set_cookie_hdrs, "Set-Cookie2") 314 315def interact_netscape(cookiejar, url, *set_cookie_hdrs): 316 return _interact(cookiejar, url, set_cookie_hdrs, "Set-Cookie") 317 318def _interact(cookiejar, url, set_cookie_hdrs, hdr_name): 319 """Perform a single request / response cycle, returning Cookie: header.""" 320 req = urllib.request.Request(url) 321 cookiejar.add_cookie_header(req) 322 cookie_hdr = req.get_header("Cookie", "") 323 headers = [] 324 for hdr in set_cookie_hdrs: 325 headers.append("%s: %s" % (hdr_name, hdr)) 326 res = FakeResponse(headers, url) 327 cookiejar.extract_cookies(res, req) 328 return cookie_hdr 329 330 331class FileCookieJarTests(unittest.TestCase): 332 def test_constructor_with_str(self): 333 filename = os_helper.TESTFN 334 c = LWPCookieJar(filename) 335 self.assertEqual(c.filename, filename) 336 337 def test_constructor_with_path_like(self): 338 filename = pathlib.Path(os_helper.TESTFN) 339 c = LWPCookieJar(filename) 340 self.assertEqual(c.filename, os.fspath(filename)) 341 342 def test_constructor_with_none(self): 343 c = LWPCookieJar(None) 344 self.assertIsNone(c.filename) 345 346 def test_constructor_with_other_types(self): 347 class A: 348 pass 349 350 for type_ in (int, float, A): 351 with self.subTest(filename=type_): 352 with self.assertRaises(TypeError): 353 instance = type_() 354 c = LWPCookieJar(filename=instance) 355 356 def test_lwp_valueless_cookie(self): 357 # cookies with no value should be saved and loaded consistently 358 filename = os_helper.TESTFN 359 c = LWPCookieJar() 360 interact_netscape(c, "http://www.acme.com/", 'boo') 361 self.assertEqual(c._cookies["www.acme.com"]["/"]["boo"].value, None) 362 try: 363 c.save(filename, ignore_discard=True) 364 c = LWPCookieJar() 365 c.load(filename, ignore_discard=True) 366 finally: 367 try: os.unlink(filename) 368 except OSError: pass 369 self.assertEqual(c._cookies["www.acme.com"]["/"]["boo"].value, None) 370 371 def test_bad_magic(self): 372 # OSErrors (eg. file doesn't exist) are allowed to propagate 373 filename = os_helper.TESTFN 374 for cookiejar_class in LWPCookieJar, MozillaCookieJar: 375 c = cookiejar_class() 376 try: 377 c.load(filename="for this test to work, a file with this " 378 "filename should not exist") 379 except OSError as exc: 380 # an OSError subclass (likely FileNotFoundError), but not 381 # LoadError 382 self.assertIsNot(exc.__class__, LoadError) 383 else: 384 self.fail("expected OSError for invalid filename") 385 # Invalid contents of cookies file (eg. bad magic string) 386 # causes a LoadError. 387 try: 388 with open(filename, "w") as f: 389 f.write("oops\n") 390 for cookiejar_class in LWPCookieJar, MozillaCookieJar: 391 c = cookiejar_class() 392 self.assertRaises(LoadError, c.load, filename) 393 finally: 394 try: os.unlink(filename) 395 except OSError: pass 396 397class CookieTests(unittest.TestCase): 398 # XXX 399 # Get rid of string comparisons where not actually testing str / repr. 400 # .clear() etc. 401 # IP addresses like 50 (single number, no dot) and domain-matching 402 # functions (and is_HDN)? See draft RFC 2965 errata. 403 # Strictness switches 404 # is_third_party() 405 # unverifiability / third-party blocking 406 # Netscape cookies work the same as RFC 2965 with regard to port. 407 # Set-Cookie with negative max age. 408 # If turn RFC 2965 handling off, Set-Cookie2 cookies should not clobber 409 # Set-Cookie cookies. 410 # Cookie2 should be sent if *any* cookies are not V1 (ie. V0 OR V2 etc.). 411 # Cookies (V1 and V0) with no expiry date should be set to be discarded. 412 # RFC 2965 Quoting: 413 # Should accept unquoted cookie-attribute values? check errata draft. 414 # Which are required on the way in and out? 415 # Should always return quoted cookie-attribute values? 416 # Proper testing of when RFC 2965 clobbers Netscape (waiting for errata). 417 # Path-match on return (same for V0 and V1). 418 # RFC 2965 acceptance and returning rules 419 # Set-Cookie2 without version attribute is rejected. 420 421 # Netscape peculiarities list from Ronald Tschalar. 422 # The first two still need tests, the rest are covered. 423## - Quoting: only quotes around the expires value are recognized as such 424## (and yes, some folks quote the expires value); quotes around any other 425## value are treated as part of the value. 426## - White space: white space around names and values is ignored 427## - Default path: if no path parameter is given, the path defaults to the 428## path in the request-uri up to, but not including, the last '/'. Note 429## that this is entirely different from what the spec says. 430## - Commas and other delimiters: Netscape just parses until the next ';'. 431## This means it will allow commas etc inside values (and yes, both 432## commas and equals are commonly appear in the cookie value). This also 433## means that if you fold multiple Set-Cookie header fields into one, 434## comma-separated list, it'll be a headache to parse (at least my head 435## starts hurting every time I think of that code). 436## - Expires: You'll get all sorts of date formats in the expires, 437## including empty expires attributes ("expires="). Be as flexible as you 438## can, and certainly don't expect the weekday to be there; if you can't 439## parse it, just ignore it and pretend it's a session cookie. 440## - Domain-matching: Netscape uses the 2-dot rule for _all_ domains, not 441## just the 7 special TLD's listed in their spec. And folks rely on 442## that... 443 444 def test_domain_return_ok(self): 445 # test optimization: .domain_return_ok() should filter out most 446 # domains in the CookieJar before we try to access them (because that 447 # may require disk access -- in particular, with MSIECookieJar) 448 # This is only a rough check for performance reasons, so it's not too 449 # critical as long as it's sufficiently liberal. 450 pol = DefaultCookiePolicy() 451 for url, domain, ok in [ 452 ("http://foo.bar.com/", "blah.com", False), 453 ("http://foo.bar.com/", "rhubarb.blah.com", False), 454 ("http://foo.bar.com/", "rhubarb.foo.bar.com", False), 455 ("http://foo.bar.com/", ".foo.bar.com", True), 456 ("http://foo.bar.com/", "foo.bar.com", True), 457 ("http://foo.bar.com/", ".bar.com", True), 458 ("http://foo.bar.com/", "bar.com", True), 459 ("http://foo.bar.com/", "com", True), 460 ("http://foo.com/", "rhubarb.foo.com", False), 461 ("http://foo.com/", ".foo.com", True), 462 ("http://foo.com/", "foo.com", True), 463 ("http://foo.com/", "com", True), 464 ("http://foo/", "rhubarb.foo", False), 465 ("http://foo/", ".foo", True), 466 ("http://foo/", "foo", True), 467 ("http://foo/", "foo.local", True), 468 ("http://foo/", ".local", True), 469 ("http://barfoo.com", ".foo.com", False), 470 ("http://barfoo.com", "foo.com", False), 471 ]: 472 request = urllib.request.Request(url) 473 r = pol.domain_return_ok(domain, request) 474 if ok: self.assertTrue(r) 475 else: self.assertFalse(r) 476 477 def test_missing_value(self): 478 # missing = sign in Cookie: header is regarded by Mozilla as a missing 479 # name, and by http.cookiejar as a missing value 480 filename = os_helper.TESTFN 481 c = MozillaCookieJar(filename) 482 interact_netscape(c, "http://www.acme.com/", 'eggs') 483 interact_netscape(c, "http://www.acme.com/", '"spam"; path=/foo/') 484 cookie = c._cookies["www.acme.com"]["/"]["eggs"] 485 self.assertIsNone(cookie.value) 486 self.assertEqual(cookie.name, "eggs") 487 cookie = c._cookies["www.acme.com"]['/foo/']['"spam"'] 488 self.assertIsNone(cookie.value) 489 self.assertEqual(cookie.name, '"spam"') 490 self.assertEqual(lwp_cookie_str(cookie), ( 491 r'"spam"; path="/foo/"; domain="www.acme.com"; ' 492 'path_spec; discard; version=0')) 493 old_str = repr(c) 494 c.save(ignore_expires=True, ignore_discard=True) 495 try: 496 c = MozillaCookieJar(filename) 497 c.revert(ignore_expires=True, ignore_discard=True) 498 finally: 499 os.unlink(c.filename) 500 # cookies unchanged apart from lost info re. whether path was specified 501 self.assertEqual( 502 repr(c), 503 re.sub("path_specified=%s" % True, "path_specified=%s" % False, 504 old_str) 505 ) 506 self.assertEqual(interact_netscape(c, "http://www.acme.com/foo/"), 507 '"spam"; eggs') 508 509 def test_rfc2109_handling(self): 510 # RFC 2109 cookies are handled as RFC 2965 or Netscape cookies, 511 # dependent on policy settings 512 for rfc2109_as_netscape, rfc2965, version in [ 513 # default according to rfc2965 if not explicitly specified 514 (None, False, 0), 515 (None, True, 1), 516 # explicit rfc2109_as_netscape 517 (False, False, None), # version None here means no cookie stored 518 (False, True, 1), 519 (True, False, 0), 520 (True, True, 0), 521 ]: 522 policy = DefaultCookiePolicy( 523 rfc2109_as_netscape=rfc2109_as_netscape, 524 rfc2965=rfc2965) 525 c = CookieJar(policy) 526 interact_netscape(c, "http://www.example.com/", "ni=ni; Version=1") 527 try: 528 cookie = c._cookies["www.example.com"]["/"]["ni"] 529 except KeyError: 530 self.assertIsNone(version) # didn't expect a stored cookie 531 else: 532 self.assertEqual(cookie.version, version) 533 # 2965 cookies are unaffected 534 interact_2965(c, "http://www.example.com/", 535 "foo=bar; Version=1") 536 if rfc2965: 537 cookie2965 = c._cookies["www.example.com"]["/"]["foo"] 538 self.assertEqual(cookie2965.version, 1) 539 540 def test_ns_parser(self): 541 c = CookieJar() 542 interact_netscape(c, "http://www.acme.com/", 543 'spam=eggs; DoMain=.acme.com; port; blArgh="feep"') 544 interact_netscape(c, "http://www.acme.com/", 'ni=ni; port=80,8080') 545 interact_netscape(c, "http://www.acme.com:80/", 'nini=ni') 546 interact_netscape(c, "http://www.acme.com:80/", 'foo=bar; expires=') 547 interact_netscape(c, "http://www.acme.com:80/", 'spam=eggs; ' 548 'expires="Foo Bar 25 33:22:11 3022"') 549 interact_netscape(c, 'http://www.acme.com/', 'fortytwo=') 550 interact_netscape(c, 'http://www.acme.com/', '=unladenswallow') 551 interact_netscape(c, 'http://www.acme.com/', 'holyhandgrenade') 552 553 cookie = c._cookies[".acme.com"]["/"]["spam"] 554 self.assertEqual(cookie.domain, ".acme.com") 555 self.assertTrue(cookie.domain_specified) 556 self.assertEqual(cookie.port, DEFAULT_HTTP_PORT) 557 self.assertFalse(cookie.port_specified) 558 # case is preserved 559 self.assertTrue(cookie.has_nonstandard_attr("blArgh")) 560 self.assertFalse(cookie.has_nonstandard_attr("blargh")) 561 562 cookie = c._cookies["www.acme.com"]["/"]["ni"] 563 self.assertEqual(cookie.domain, "www.acme.com") 564 self.assertFalse(cookie.domain_specified) 565 self.assertEqual(cookie.port, "80,8080") 566 self.assertTrue(cookie.port_specified) 567 568 cookie = c._cookies["www.acme.com"]["/"]["nini"] 569 self.assertIsNone(cookie.port) 570 self.assertFalse(cookie.port_specified) 571 572 # invalid expires should not cause cookie to be dropped 573 foo = c._cookies["www.acme.com"]["/"]["foo"] 574 spam = c._cookies["www.acme.com"]["/"]["foo"] 575 self.assertIsNone(foo.expires) 576 self.assertIsNone(spam.expires) 577 578 cookie = c._cookies['www.acme.com']['/']['fortytwo'] 579 self.assertIsNotNone(cookie.value) 580 self.assertEqual(cookie.value, '') 581 582 # there should be a distinction between a present but empty value 583 # (above) and a value that's entirely missing (below) 584 585 cookie = c._cookies['www.acme.com']['/']['holyhandgrenade'] 586 self.assertIsNone(cookie.value) 587 588 def test_ns_parser_special_names(self): 589 # names such as 'expires' are not special in first name=value pair 590 # of Set-Cookie: header 591 c = CookieJar() 592 interact_netscape(c, "http://www.acme.com/", 'expires=eggs') 593 interact_netscape(c, "http://www.acme.com/", 'version=eggs; spam=eggs') 594 595 cookies = c._cookies["www.acme.com"]["/"] 596 self.assertIn('expires', cookies) 597 self.assertIn('version', cookies) 598 599 def test_expires(self): 600 # if expires is in future, keep cookie... 601 c = CookieJar() 602 future = time2netscape(time.time()+3600) 603 604 with warnings_helper.check_no_warnings(self): 605 headers = [f"Set-Cookie: FOO=BAR; path=/; expires={future}"] 606 req = urllib.request.Request("http://www.coyote.com/") 607 res = FakeResponse(headers, "http://www.coyote.com/") 608 cookies = c.make_cookies(res, req) 609 self.assertEqual(len(cookies), 1) 610 self.assertEqual(time2netscape(cookies[0].expires), future) 611 612 interact_netscape(c, "http://www.acme.com/", 'spam="bar"; expires=%s' % 613 future) 614 self.assertEqual(len(c), 1) 615 now = time2netscape(time.time()-1) 616 # ... and if in past or present, discard it 617 interact_netscape(c, "http://www.acme.com/", 'foo="eggs"; expires=%s' % 618 now) 619 h = interact_netscape(c, "http://www.acme.com/") 620 self.assertEqual(len(c), 1) 621 self.assertIn('spam="bar"', h) 622 self.assertNotIn("foo", h) 623 624 # max-age takes precedence over expires, and zero max-age is request to 625 # delete both new cookie and any old matching cookie 626 interact_netscape(c, "http://www.acme.com/", 'eggs="bar"; expires=%s' % 627 future) 628 interact_netscape(c, "http://www.acme.com/", 'bar="bar"; expires=%s' % 629 future) 630 self.assertEqual(len(c), 3) 631 interact_netscape(c, "http://www.acme.com/", 'eggs="bar"; ' 632 'expires=%s; max-age=0' % future) 633 interact_netscape(c, "http://www.acme.com/", 'bar="bar"; ' 634 'max-age=0; expires=%s' % future) 635 h = interact_netscape(c, "http://www.acme.com/") 636 self.assertEqual(len(c), 1) 637 638 # test expiry at end of session for cookies with no expires attribute 639 interact_netscape(c, "http://www.rhubarb.net/", 'whum="fizz"') 640 self.assertEqual(len(c), 2) 641 c.clear_session_cookies() 642 self.assertEqual(len(c), 1) 643 self.assertIn('spam="bar"', h) 644 645 # test if fractional expiry is accepted 646 cookie = Cookie(0, "name", "value", 647 None, False, "www.python.org", 648 True, False, "/", 649 False, False, "1444312383.018307", 650 False, None, None, 651 {}) 652 self.assertEqual(cookie.expires, 1444312383) 653 654 # XXX RFC 2965 expiry rules (some apply to V0 too) 655 656 def test_default_path(self): 657 # RFC 2965 658 pol = DefaultCookiePolicy(rfc2965=True) 659 660 c = CookieJar(pol) 661 interact_2965(c, "http://www.acme.com/", 'spam="bar"; Version="1"') 662 self.assertIn("/", c._cookies["www.acme.com"]) 663 664 c = CookieJar(pol) 665 interact_2965(c, "http://www.acme.com/blah", 'eggs="bar"; Version="1"') 666 self.assertIn("/", c._cookies["www.acme.com"]) 667 668 c = CookieJar(pol) 669 interact_2965(c, "http://www.acme.com/blah/rhubarb", 670 'eggs="bar"; Version="1"') 671 self.assertIn("/blah/", c._cookies["www.acme.com"]) 672 673 c = CookieJar(pol) 674 interact_2965(c, "http://www.acme.com/blah/rhubarb/", 675 'eggs="bar"; Version="1"') 676 self.assertIn("/blah/rhubarb/", c._cookies["www.acme.com"]) 677 678 # Netscape 679 680 c = CookieJar() 681 interact_netscape(c, "http://www.acme.com/", 'spam="bar"') 682 self.assertIn("/", c._cookies["www.acme.com"]) 683 684 c = CookieJar() 685 interact_netscape(c, "http://www.acme.com/blah", 'eggs="bar"') 686 self.assertIn("/", c._cookies["www.acme.com"]) 687 688 c = CookieJar() 689 interact_netscape(c, "http://www.acme.com/blah/rhubarb", 'eggs="bar"') 690 self.assertIn("/blah", c._cookies["www.acme.com"]) 691 692 c = CookieJar() 693 interact_netscape(c, "http://www.acme.com/blah/rhubarb/", 'eggs="bar"') 694 self.assertIn("/blah/rhubarb", c._cookies["www.acme.com"]) 695 696 def test_default_path_with_query(self): 697 cj = CookieJar() 698 uri = "http://example.com/?spam/eggs" 699 value = 'eggs="bar"' 700 interact_netscape(cj, uri, value) 701 # Default path does not include query, so is "/", not "/?spam". 702 self.assertIn("/", cj._cookies["example.com"]) 703 # Cookie is sent back to the same URI. 704 self.assertEqual(interact_netscape(cj, uri), value) 705 706 def test_escape_path(self): 707 cases = [ 708 # quoted safe 709 ("/foo%2f/bar", "/foo%2F/bar"), 710 ("/foo%2F/bar", "/foo%2F/bar"), 711 # quoted % 712 ("/foo%%/bar", "/foo%%/bar"), 713 # quoted unsafe 714 ("/fo%19o/bar", "/fo%19o/bar"), 715 ("/fo%7do/bar", "/fo%7Do/bar"), 716 # unquoted safe 717 ("/foo/bar&", "/foo/bar&"), 718 ("/foo//bar", "/foo//bar"), 719 ("\176/foo/bar", "\176/foo/bar"), 720 # unquoted unsafe 721 ("/foo\031/bar", "/foo%19/bar"), 722 ("/\175foo/bar", "/%7Dfoo/bar"), 723 # unicode, latin-1 range 724 ("/foo/bar\u00fc", "/foo/bar%C3%BC"), # UTF-8 encoded 725 # unicode 726 ("/foo/bar\uabcd", "/foo/bar%EA%AF%8D"), # UTF-8 encoded 727 ] 728 for arg, result in cases: 729 self.assertEqual(escape_path(arg), result) 730 731 def test_request_path(self): 732 # with parameters 733 req = urllib.request.Request( 734 "http://www.example.com/rheum/rhaponticum;" 735 "foo=bar;sing=song?apples=pears&spam=eggs#ni") 736 self.assertEqual(request_path(req), 737 "/rheum/rhaponticum;foo=bar;sing=song") 738 # without parameters 739 req = urllib.request.Request( 740 "http://www.example.com/rheum/rhaponticum?" 741 "apples=pears&spam=eggs#ni") 742 self.assertEqual(request_path(req), "/rheum/rhaponticum") 743 # missing final slash 744 req = urllib.request.Request("http://www.example.com") 745 self.assertEqual(request_path(req), "/") 746 747 def test_path_prefix_match(self): 748 pol = DefaultCookiePolicy() 749 strict_ns_path_pol = DefaultCookiePolicy(strict_ns_set_path=True) 750 751 c = CookieJar(pol) 752 base_url = "http://bar.com" 753 interact_netscape(c, base_url, 'spam=eggs; Path=/foo') 754 cookie = c._cookies['bar.com']['/foo']['spam'] 755 756 for path, ok in [('/foo', True), 757 ('/foo/', True), 758 ('/foo/bar', True), 759 ('/', False), 760 ('/foobad/foo', False)]: 761 url = f'{base_url}{path}' 762 req = urllib.request.Request(url) 763 h = interact_netscape(c, url) 764 if ok: 765 self.assertIn('spam=eggs', h, f"cookie not set for {path}") 766 self.assertTrue(strict_ns_path_pol.set_ok_path(cookie, req)) 767 else: 768 self.assertNotIn('spam=eggs', h, f"cookie set for {path}") 769 self.assertFalse(strict_ns_path_pol.set_ok_path(cookie, req)) 770 771 def test_request_port(self): 772 req = urllib.request.Request("http://www.acme.com:1234/", 773 headers={"Host": "www.acme.com:4321"}) 774 self.assertEqual(request_port(req), "1234") 775 req = urllib.request.Request("http://www.acme.com/", 776 headers={"Host": "www.acme.com:4321"}) 777 self.assertEqual(request_port(req), DEFAULT_HTTP_PORT) 778 779 def test_request_host(self): 780 # this request is illegal (RFC2616, 14.2.3) 781 req = urllib.request.Request("http://1.1.1.1/", 782 headers={"Host": "www.acme.com:80"}) 783 # libwww-perl wants this response, but that seems wrong (RFC 2616, 784 # section 5.2, point 1., and RFC 2965 section 1, paragraph 3) 785 #self.assertEqual(request_host(req), "www.acme.com") 786 self.assertEqual(request_host(req), "1.1.1.1") 787 req = urllib.request.Request("http://www.acme.com/", 788 headers={"Host": "irrelevant.com"}) 789 self.assertEqual(request_host(req), "www.acme.com") 790 # port shouldn't be in request-host 791 req = urllib.request.Request("http://www.acme.com:2345/resource.html", 792 headers={"Host": "www.acme.com:5432"}) 793 self.assertEqual(request_host(req), "www.acme.com") 794 795 def test_is_HDN(self): 796 self.assertTrue(is_HDN("foo.bar.com")) 797 self.assertTrue(is_HDN("1foo2.3bar4.5com")) 798 self.assertFalse(is_HDN("192.168.1.1")) 799 self.assertFalse(is_HDN("")) 800 self.assertFalse(is_HDN(".")) 801 self.assertFalse(is_HDN(".foo.bar.com")) 802 self.assertFalse(is_HDN("..foo")) 803 self.assertFalse(is_HDN("foo.")) 804 805 def test_reach(self): 806 self.assertEqual(reach("www.acme.com"), ".acme.com") 807 self.assertEqual(reach("acme.com"), "acme.com") 808 self.assertEqual(reach("acme.local"), ".local") 809 self.assertEqual(reach(".local"), ".local") 810 self.assertEqual(reach(".com"), ".com") 811 self.assertEqual(reach("."), ".") 812 self.assertEqual(reach(""), "") 813 self.assertEqual(reach("192.168.0.1"), "192.168.0.1") 814 815 def test_domain_match(self): 816 self.assertTrue(domain_match("192.168.1.1", "192.168.1.1")) 817 self.assertFalse(domain_match("192.168.1.1", ".168.1.1")) 818 self.assertTrue(domain_match("x.y.com", "x.Y.com")) 819 self.assertTrue(domain_match("x.y.com", ".Y.com")) 820 self.assertFalse(domain_match("x.y.com", "Y.com")) 821 self.assertTrue(domain_match("a.b.c.com", ".c.com")) 822 self.assertFalse(domain_match(".c.com", "a.b.c.com")) 823 self.assertTrue(domain_match("example.local", ".local")) 824 self.assertFalse(domain_match("blah.blah", "")) 825 self.assertFalse(domain_match("", ".rhubarb.rhubarb")) 826 self.assertTrue(domain_match("", "")) 827 828 self.assertTrue(user_domain_match("acme.com", "acme.com")) 829 self.assertFalse(user_domain_match("acme.com", ".acme.com")) 830 self.assertTrue(user_domain_match("rhubarb.acme.com", ".acme.com")) 831 self.assertTrue(user_domain_match("www.rhubarb.acme.com", ".acme.com")) 832 self.assertTrue(user_domain_match("x.y.com", "x.Y.com")) 833 self.assertTrue(user_domain_match("x.y.com", ".Y.com")) 834 self.assertFalse(user_domain_match("x.y.com", "Y.com")) 835 self.assertTrue(user_domain_match("y.com", "Y.com")) 836 self.assertFalse(user_domain_match(".y.com", "Y.com")) 837 self.assertTrue(user_domain_match(".y.com", ".Y.com")) 838 self.assertTrue(user_domain_match("x.y.com", ".com")) 839 self.assertFalse(user_domain_match("x.y.com", "com")) 840 self.assertFalse(user_domain_match("x.y.com", "m")) 841 self.assertFalse(user_domain_match("x.y.com", ".m")) 842 self.assertFalse(user_domain_match("x.y.com", "")) 843 self.assertFalse(user_domain_match("x.y.com", ".")) 844 self.assertTrue(user_domain_match("192.168.1.1", "192.168.1.1")) 845 # not both HDNs, so must string-compare equal to match 846 self.assertFalse(user_domain_match("192.168.1.1", ".168.1.1")) 847 self.assertFalse(user_domain_match("192.168.1.1", ".")) 848 # empty string is a special case 849 self.assertFalse(user_domain_match("192.168.1.1", "")) 850 851 def test_wrong_domain(self): 852 # Cookies whose effective request-host name does not domain-match the 853 # domain are rejected. 854 855 # XXX far from complete 856 c = CookieJar() 857 interact_2965(c, "http://www.nasty.com/", 858 'foo=bar; domain=friendly.org; Version="1"') 859 self.assertEqual(len(c), 0) 860 861 def test_strict_domain(self): 862 # Cookies whose domain is a country-code tld like .co.uk should 863 # not be set if CookiePolicy.strict_domain is true. 864 cp = DefaultCookiePolicy(strict_domain=True) 865 cj = CookieJar(policy=cp) 866 interact_netscape(cj, "http://example.co.uk/", 'no=problemo') 867 interact_netscape(cj, "http://example.co.uk/", 868 'okey=dokey; Domain=.example.co.uk') 869 self.assertEqual(len(cj), 2) 870 for pseudo_tld in [".co.uk", ".org.za", ".tx.us", ".name.us"]: 871 interact_netscape(cj, "http://example.%s/" % pseudo_tld, 872 'spam=eggs; Domain=.co.uk') 873 self.assertEqual(len(cj), 2) 874 875 def test_two_component_domain_ns(self): 876 # Netscape: .www.bar.com, www.bar.com, .bar.com, bar.com, no domain 877 # should all get accepted, as should .acme.com, acme.com and no domain 878 # for 2-component domains like acme.com. 879 c = CookieJar() 880 881 # two-component V0 domain is OK 882 interact_netscape(c, "http://foo.net/", 'ns=bar') 883 self.assertEqual(len(c), 1) 884 self.assertEqual(c._cookies["foo.net"]["/"]["ns"].value, "bar") 885 self.assertEqual(interact_netscape(c, "http://foo.net/"), "ns=bar") 886 # *will* be returned to any other domain (unlike RFC 2965)... 887 self.assertEqual(interact_netscape(c, "http://www.foo.net/"), 888 "ns=bar") 889 # ...unless requested otherwise 890 pol = DefaultCookiePolicy( 891 strict_ns_domain=DefaultCookiePolicy.DomainStrictNonDomain) 892 c.set_policy(pol) 893 self.assertEqual(interact_netscape(c, "http://www.foo.net/"), "") 894 895 # unlike RFC 2965, even explicit two-component domain is OK, 896 # because .foo.net matches foo.net 897 interact_netscape(c, "http://foo.net/foo/", 898 'spam1=eggs; domain=foo.net') 899 # even if starts with a dot -- in NS rules, .foo.net matches foo.net! 900 interact_netscape(c, "http://foo.net/foo/bar/", 901 'spam2=eggs; domain=.foo.net') 902 self.assertEqual(len(c), 3) 903 self.assertEqual(c._cookies[".foo.net"]["/foo"]["spam1"].value, 904 "eggs") 905 self.assertEqual(c._cookies[".foo.net"]["/foo/bar"]["spam2"].value, 906 "eggs") 907 self.assertEqual(interact_netscape(c, "http://foo.net/foo/bar/"), 908 "spam2=eggs; spam1=eggs; ns=bar") 909 910 # top-level domain is too general 911 interact_netscape(c, "http://foo.net/", 'nini="ni"; domain=.net') 912 self.assertEqual(len(c), 3) 913 914## # Netscape protocol doesn't allow non-special top level domains (such 915## # as co.uk) in the domain attribute unless there are at least three 916## # dots in it. 917 # Oh yes it does! Real implementations don't check this, and real 918 # cookies (of course) rely on that behaviour. 919 interact_netscape(c, "http://foo.co.uk", 'nasty=trick; domain=.co.uk') 920## self.assertEqual(len(c), 2) 921 self.assertEqual(len(c), 4) 922 923 def test_two_component_domain_rfc2965(self): 924 pol = DefaultCookiePolicy(rfc2965=True) 925 c = CookieJar(pol) 926 927 # two-component V1 domain is OK 928 interact_2965(c, "http://foo.net/", 'foo=bar; Version="1"') 929 self.assertEqual(len(c), 1) 930 self.assertEqual(c._cookies["foo.net"]["/"]["foo"].value, "bar") 931 self.assertEqual(interact_2965(c, "http://foo.net/"), 932 "$Version=1; foo=bar") 933 # won't be returned to any other domain (because domain was implied) 934 self.assertEqual(interact_2965(c, "http://www.foo.net/"), "") 935 936 # unless domain is given explicitly, because then it must be 937 # rewritten to start with a dot: foo.net --> .foo.net, which does 938 # not domain-match foo.net 939 interact_2965(c, "http://foo.net/foo", 940 'spam=eggs; domain=foo.net; path=/foo; Version="1"') 941 self.assertEqual(len(c), 1) 942 self.assertEqual(interact_2965(c, "http://foo.net/foo"), 943 "$Version=1; foo=bar") 944 945 # explicit foo.net from three-component domain www.foo.net *does* get 946 # set, because .foo.net domain-matches .foo.net 947 interact_2965(c, "http://www.foo.net/foo/", 948 'spam=eggs; domain=foo.net; Version="1"') 949 self.assertEqual(c._cookies[".foo.net"]["/foo/"]["spam"].value, 950 "eggs") 951 self.assertEqual(len(c), 2) 952 self.assertEqual(interact_2965(c, "http://foo.net/foo/"), 953 "$Version=1; foo=bar") 954 self.assertEqual(interact_2965(c, "http://www.foo.net/foo/"), 955 '$Version=1; spam=eggs; $Domain="foo.net"') 956 957 # top-level domain is too general 958 interact_2965(c, "http://foo.net/", 959 'ni="ni"; domain=".net"; Version="1"') 960 self.assertEqual(len(c), 2) 961 962 # RFC 2965 doesn't require blocking this 963 interact_2965(c, "http://foo.co.uk/", 964 'nasty=trick; domain=.co.uk; Version="1"') 965 self.assertEqual(len(c), 3) 966 967 def test_domain_allow(self): 968 c = CookieJar(policy=DefaultCookiePolicy( 969 blocked_domains=["acme.com"], 970 allowed_domains=["www.acme.com"])) 971 972 req = urllib.request.Request("http://acme.com/") 973 headers = ["Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/"] 974 res = FakeResponse(headers, "http://acme.com/") 975 c.extract_cookies(res, req) 976 self.assertEqual(len(c), 0) 977 978 req = urllib.request.Request("http://www.acme.com/") 979 res = FakeResponse(headers, "http://www.acme.com/") 980 c.extract_cookies(res, req) 981 self.assertEqual(len(c), 1) 982 983 req = urllib.request.Request("http://www.coyote.com/") 984 res = FakeResponse(headers, "http://www.coyote.com/") 985 c.extract_cookies(res, req) 986 self.assertEqual(len(c), 1) 987 988 # set a cookie with non-allowed domain... 989 req = urllib.request.Request("http://www.coyote.com/") 990 res = FakeResponse(headers, "http://www.coyote.com/") 991 cookies = c.make_cookies(res, req) 992 c.set_cookie(cookies[0]) 993 self.assertEqual(len(c), 2) 994 # ... and check is doesn't get returned 995 c.add_cookie_header(req) 996 self.assertFalse(req.has_header("Cookie")) 997 998 def test_domain_block(self): 999 pol = DefaultCookiePolicy( 1000 rfc2965=True, blocked_domains=[".acme.com"]) 1001 c = CookieJar(policy=pol) 1002 headers = ["Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/"] 1003 1004 req = urllib.request.Request("http://www.acme.com/") 1005 res = FakeResponse(headers, "http://www.acme.com/") 1006 c.extract_cookies(res, req) 1007 self.assertEqual(len(c), 0) 1008 1009 p = pol.set_blocked_domains(["acme.com"]) 1010 c.extract_cookies(res, req) 1011 self.assertEqual(len(c), 1) 1012 1013 c.clear() 1014 req = urllib.request.Request("http://www.roadrunner.net/") 1015 res = FakeResponse(headers, "http://www.roadrunner.net/") 1016 c.extract_cookies(res, req) 1017 self.assertEqual(len(c), 1) 1018 req = urllib.request.Request("http://www.roadrunner.net/") 1019 c.add_cookie_header(req) 1020 self.assertTrue(req.has_header("Cookie")) 1021 self.assertTrue(req.has_header("Cookie2")) 1022 1023 c.clear() 1024 pol.set_blocked_domains([".acme.com"]) 1025 c.extract_cookies(res, req) 1026 self.assertEqual(len(c), 1) 1027 1028 # set a cookie with blocked domain... 1029 req = urllib.request.Request("http://www.acme.com/") 1030 res = FakeResponse(headers, "http://www.acme.com/") 1031 cookies = c.make_cookies(res, req) 1032 c.set_cookie(cookies[0]) 1033 self.assertEqual(len(c), 2) 1034 # ... and check is doesn't get returned 1035 c.add_cookie_header(req) 1036 self.assertFalse(req.has_header("Cookie")) 1037 1038 c.clear() 1039 1040 pol.set_blocked_domains([]) 1041 req = urllib.request.Request("http://acme.com/") 1042 res = FakeResponse(headers, "http://acme.com/") 1043 cookies = c.make_cookies(res, req) 1044 c.extract_cookies(res, req) 1045 self.assertEqual(len(c), 1) 1046 1047 req = urllib.request.Request("http://acme.com/") 1048 c.add_cookie_header(req) 1049 self.assertTrue(req.has_header("Cookie")) 1050 1051 req = urllib.request.Request("http://badacme.com/") 1052 c.add_cookie_header(req) 1053 self.assertFalse(pol.return_ok(cookies[0], req)) 1054 self.assertFalse(req.has_header("Cookie")) 1055 1056 p = pol.set_blocked_domains(["acme.com"]) 1057 req = urllib.request.Request("http://acme.com/") 1058 c.add_cookie_header(req) 1059 self.assertFalse(req.has_header("Cookie")) 1060 1061 req = urllib.request.Request("http://badacme.com/") 1062 c.add_cookie_header(req) 1063 self.assertFalse(req.has_header("Cookie")) 1064 1065 def test_secure(self): 1066 for ns in True, False: 1067 for whitespace in " ", "": 1068 c = CookieJar() 1069 if ns: 1070 pol = DefaultCookiePolicy(rfc2965=False) 1071 int = interact_netscape 1072 vs = "" 1073 else: 1074 pol = DefaultCookiePolicy(rfc2965=True) 1075 int = interact_2965 1076 vs = "; Version=1" 1077 c.set_policy(pol) 1078 url = "http://www.acme.com/" 1079 int(c, url, "foo1=bar%s%s" % (vs, whitespace)) 1080 int(c, url, "foo2=bar%s; secure%s" % (vs, whitespace)) 1081 self.assertFalse( 1082 c._cookies["www.acme.com"]["/"]["foo1"].secure, 1083 "non-secure cookie registered secure") 1084 self.assertTrue( 1085 c._cookies["www.acme.com"]["/"]["foo2"].secure, 1086 "secure cookie registered non-secure") 1087 1088 def test_secure_block(self): 1089 pol = DefaultCookiePolicy() 1090 c = CookieJar(policy=pol) 1091 1092 headers = ["Set-Cookie: session=narf; secure; path=/"] 1093 req = urllib.request.Request("https://www.acme.com/") 1094 res = FakeResponse(headers, "https://www.acme.com/") 1095 c.extract_cookies(res, req) 1096 self.assertEqual(len(c), 1) 1097 1098 req = urllib.request.Request("https://www.acme.com/") 1099 c.add_cookie_header(req) 1100 self.assertTrue(req.has_header("Cookie")) 1101 1102 req = urllib.request.Request("http://www.acme.com/") 1103 c.add_cookie_header(req) 1104 self.assertFalse(req.has_header("Cookie")) 1105 1106 # secure websocket protocol 1107 req = urllib.request.Request("wss://www.acme.com/") 1108 c.add_cookie_header(req) 1109 self.assertTrue(req.has_header("Cookie")) 1110 1111 # non-secure websocket protocol 1112 req = urllib.request.Request("ws://www.acme.com/") 1113 c.add_cookie_header(req) 1114 self.assertFalse(req.has_header("Cookie")) 1115 1116 def test_custom_secure_protocols(self): 1117 pol = DefaultCookiePolicy(secure_protocols=["foos"]) 1118 c = CookieJar(policy=pol) 1119 1120 headers = ["Set-Cookie: session=narf; secure; path=/"] 1121 req = urllib.request.Request("https://www.acme.com/") 1122 res = FakeResponse(headers, "https://www.acme.com/") 1123 c.extract_cookies(res, req) 1124 self.assertEqual(len(c), 1) 1125 1126 # test https removed from secure protocol list 1127 req = urllib.request.Request("https://www.acme.com/") 1128 c.add_cookie_header(req) 1129 self.assertFalse(req.has_header("Cookie")) 1130 1131 req = urllib.request.Request("http://www.acme.com/") 1132 c.add_cookie_header(req) 1133 self.assertFalse(req.has_header("Cookie")) 1134 1135 req = urllib.request.Request("foos://www.acme.com/") 1136 c.add_cookie_header(req) 1137 self.assertTrue(req.has_header("Cookie")) 1138 1139 req = urllib.request.Request("foo://www.acme.com/") 1140 c.add_cookie_header(req) 1141 self.assertFalse(req.has_header("Cookie")) 1142 1143 def test_quote_cookie_value(self): 1144 c = CookieJar(policy=DefaultCookiePolicy(rfc2965=True)) 1145 interact_2965(c, "http://www.acme.com/", r'foo=\b"a"r; Version=1') 1146 h = interact_2965(c, "http://www.acme.com/") 1147 self.assertEqual(h, r'$Version=1; foo=\\b\"a\"r') 1148 1149 def test_missing_final_slash(self): 1150 # Missing slash from request URL's abs_path should be assumed present. 1151 url = "http://www.acme.com" 1152 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1153 interact_2965(c, url, "foo=bar; Version=1") 1154 req = urllib.request.Request(url) 1155 self.assertEqual(len(c), 1) 1156 c.add_cookie_header(req) 1157 self.assertTrue(req.has_header("Cookie")) 1158 1159 def test_domain_mirror(self): 1160 pol = DefaultCookiePolicy(rfc2965=True) 1161 1162 c = CookieJar(pol) 1163 url = "http://foo.bar.com/" 1164 interact_2965(c, url, "spam=eggs; Version=1") 1165 h = interact_2965(c, url) 1166 self.assertNotIn("Domain", h, 1167 "absent domain returned with domain present") 1168 1169 c = CookieJar(pol) 1170 url = "http://foo.bar.com/" 1171 interact_2965(c, url, 'spam=eggs; Version=1; Domain=.bar.com') 1172 h = interact_2965(c, url) 1173 self.assertIn('$Domain=".bar.com"', h, "domain not returned") 1174 1175 c = CookieJar(pol) 1176 url = "http://foo.bar.com/" 1177 # note missing initial dot in Domain 1178 interact_2965(c, url, 'spam=eggs; Version=1; Domain=bar.com') 1179 h = interact_2965(c, url) 1180 self.assertIn('$Domain="bar.com"', h, "domain not returned") 1181 1182 def test_path_mirror(self): 1183 pol = DefaultCookiePolicy(rfc2965=True) 1184 1185 c = CookieJar(pol) 1186 url = "http://foo.bar.com/" 1187 interact_2965(c, url, "spam=eggs; Version=1") 1188 h = interact_2965(c, url) 1189 self.assertNotIn("Path", h, "absent path returned with path present") 1190 1191 c = CookieJar(pol) 1192 url = "http://foo.bar.com/" 1193 interact_2965(c, url, 'spam=eggs; Version=1; Path=/') 1194 h = interact_2965(c, url) 1195 self.assertIn('$Path="/"', h, "path not returned") 1196 1197 def test_port_mirror(self): 1198 pol = DefaultCookiePolicy(rfc2965=True) 1199 1200 c = CookieJar(pol) 1201 url = "http://foo.bar.com/" 1202 interact_2965(c, url, "spam=eggs; Version=1") 1203 h = interact_2965(c, url) 1204 self.assertNotIn("Port", h, "absent port returned with port present") 1205 1206 c = CookieJar(pol) 1207 url = "http://foo.bar.com/" 1208 interact_2965(c, url, "spam=eggs; Version=1; Port") 1209 h = interact_2965(c, url) 1210 self.assertRegex(h, r"\$Port([^=]|$)", 1211 "port with no value not returned with no value") 1212 1213 c = CookieJar(pol) 1214 url = "http://foo.bar.com/" 1215 interact_2965(c, url, 'spam=eggs; Version=1; Port="80"') 1216 h = interact_2965(c, url) 1217 self.assertIn('$Port="80"', h, 1218 "port with single value not returned with single value") 1219 1220 c = CookieJar(pol) 1221 url = "http://foo.bar.com/" 1222 interact_2965(c, url, 'spam=eggs; Version=1; Port="80,8080"') 1223 h = interact_2965(c, url) 1224 self.assertIn('$Port="80,8080"', h, 1225 "port with multiple values not returned with multiple " 1226 "values") 1227 1228 def test_no_return_comment(self): 1229 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1230 url = "http://foo.bar.com/" 1231 interact_2965(c, url, 'spam=eggs; Version=1; ' 1232 'Comment="does anybody read these?"; ' 1233 'CommentURL="http://foo.bar.net/comment.html"') 1234 h = interact_2965(c, url) 1235 self.assertNotIn("Comment", h, 1236 "Comment or CommentURL cookie-attributes returned to server") 1237 1238 def test_Cookie_iterator(self): 1239 cs = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1240 # add some random cookies 1241 interact_2965(cs, "http://blah.spam.org/", 'foo=eggs; Version=1; ' 1242 'Comment="does anybody read these?"; ' 1243 'CommentURL="http://foo.bar.net/comment.html"') 1244 interact_netscape(cs, "http://www.acme.com/blah/", "spam=bar; secure") 1245 interact_2965(cs, "http://www.acme.com/blah/", 1246 "foo=bar; secure; Version=1") 1247 interact_2965(cs, "http://www.acme.com/blah/", 1248 "foo=bar; path=/; Version=1") 1249 interact_2965(cs, "http://www.sol.no", 1250 r'bang=wallop; version=1; domain=".sol.no"; ' 1251 r'port="90,100, 80,8080"; ' 1252 r'max-age=100; Comment = "Just kidding! (\"|\\\\) "') 1253 1254 versions = [1, 1, 1, 0, 1] 1255 names = ["bang", "foo", "foo", "spam", "foo"] 1256 domains = [".sol.no", "blah.spam.org", "www.acme.com", 1257 "www.acme.com", "www.acme.com"] 1258 paths = ["/", "/", "/", "/blah", "/blah/"] 1259 1260 for i in range(4): 1261 i = 0 1262 for c in cs: 1263 self.assertIsInstance(c, Cookie) 1264 self.assertEqual(c.version, versions[i]) 1265 self.assertEqual(c.name, names[i]) 1266 self.assertEqual(c.domain, domains[i]) 1267 self.assertEqual(c.path, paths[i]) 1268 i = i + 1 1269 1270 def test_parse_ns_headers(self): 1271 # missing domain value (invalid cookie) 1272 self.assertEqual( 1273 parse_ns_headers(["foo=bar; path=/; domain"]), 1274 [[("foo", "bar"), 1275 ("path", "/"), ("domain", None), ("version", "0")]] 1276 ) 1277 # invalid expires value 1278 self.assertEqual( 1279 parse_ns_headers(["foo=bar; expires=Foo Bar 12 33:22:11 2000"]), 1280 [[("foo", "bar"), ("expires", None), ("version", "0")]] 1281 ) 1282 # missing cookie value (valid cookie) 1283 self.assertEqual( 1284 parse_ns_headers(["foo"]), 1285 [[("foo", None), ("version", "0")]] 1286 ) 1287 # missing cookie values for parsed attributes 1288 self.assertEqual( 1289 parse_ns_headers(['foo=bar; expires']), 1290 [[('foo', 'bar'), ('expires', None), ('version', '0')]]) 1291 self.assertEqual( 1292 parse_ns_headers(['foo=bar; version']), 1293 [[('foo', 'bar'), ('version', None)]]) 1294 # shouldn't add version if header is empty 1295 self.assertEqual(parse_ns_headers([""]), []) 1296 1297 def test_bad_cookie_header(self): 1298 1299 def cookiejar_from_cookie_headers(headers): 1300 c = CookieJar() 1301 req = urllib.request.Request("http://www.example.com/") 1302 r = FakeResponse(headers, "http://www.example.com/") 1303 c.extract_cookies(r, req) 1304 return c 1305 1306 future = time2netscape(time.time()+3600) 1307 1308 # none of these bad headers should cause an exception to be raised 1309 for headers in [ 1310 ["Set-Cookie: "], # actually, nothing wrong with this 1311 ["Set-Cookie2: "], # ditto 1312 # missing domain value 1313 ["Set-Cookie2: a=foo; path=/; Version=1; domain"], 1314 # bad max-age 1315 ["Set-Cookie: b=foo; max-age=oops"], 1316 # bad version 1317 ["Set-Cookie: b=foo; version=spam"], 1318 ["Set-Cookie:; Expires=%s" % future], 1319 ]: 1320 c = cookiejar_from_cookie_headers(headers) 1321 # these bad cookies shouldn't be set 1322 self.assertEqual(len(c), 0) 1323 1324 # cookie with invalid expires is treated as session cookie 1325 headers = ["Set-Cookie: c=foo; expires=Foo Bar 12 33:22:11 2000"] 1326 c = cookiejar_from_cookie_headers(headers) 1327 cookie = c._cookies["www.example.com"]["/"]["c"] 1328 self.assertIsNone(cookie.expires) 1329 1330 1331class LWPCookieTests(unittest.TestCase): 1332 # Tests taken from libwww-perl, with a few modifications and additions. 1333 1334 def test_netscape_example_1(self): 1335 #------------------------------------------------------------------- 1336 # First we check that it works for the original example at 1337 # http://www.netscape.com/newsref/std/cookie_spec.html 1338 1339 # Client requests a document, and receives in the response: 1340 # 1341 # Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/; expires=Wednesday, 09-Nov-99 23:12:40 GMT 1342 # 1343 # When client requests a URL in path "/" on this server, it sends: 1344 # 1345 # Cookie: CUSTOMER=WILE_E_COYOTE 1346 # 1347 # Client requests a document, and receives in the response: 1348 # 1349 # Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/ 1350 # 1351 # When client requests a URL in path "/" on this server, it sends: 1352 # 1353 # Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001 1354 # 1355 # Client receives: 1356 # 1357 # Set-Cookie: SHIPPING=FEDEX; path=/fo 1358 # 1359 # When client requests a URL in path "/" on this server, it sends: 1360 # 1361 # Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001 1362 # 1363 # When client requests a URL in path "/foo" on this server, it sends: 1364 # 1365 # Cookie: CUSTOMER=WILE_E_COYOTE; PART_NUMBER=ROCKET_LAUNCHER_0001; SHIPPING=FEDEX 1366 # 1367 # The last Cookie is buggy, because both specifications say that the 1368 # most specific cookie must be sent first. SHIPPING=FEDEX is the 1369 # most specific and should thus be first. 1370 1371 year_plus_one = time.localtime()[0] + 1 1372 1373 headers = [] 1374 1375 c = CookieJar(DefaultCookiePolicy(rfc2965 = True)) 1376 1377 #req = urllib.request.Request("http://1.1.1.1/", 1378 # headers={"Host": "www.acme.com:80"}) 1379 req = urllib.request.Request("http://www.acme.com:80/", 1380 headers={"Host": "www.acme.com:80"}) 1381 1382 headers.append( 1383 "Set-Cookie: CUSTOMER=WILE_E_COYOTE; path=/ ; " 1384 "expires=Wednesday, 09-Nov-%d 23:12:40 GMT" % year_plus_one) 1385 res = FakeResponse(headers, "http://www.acme.com/") 1386 c.extract_cookies(res, req) 1387 1388 req = urllib.request.Request("http://www.acme.com/") 1389 c.add_cookie_header(req) 1390 1391 self.assertEqual(req.get_header("Cookie"), "CUSTOMER=WILE_E_COYOTE") 1392 self.assertEqual(req.get_header("Cookie2"), '$Version="1"') 1393 1394 headers.append("Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/") 1395 res = FakeResponse(headers, "http://www.acme.com/") 1396 c.extract_cookies(res, req) 1397 1398 req = urllib.request.Request("http://www.acme.com/foo/bar") 1399 c.add_cookie_header(req) 1400 1401 h = req.get_header("Cookie") 1402 self.assertIn("PART_NUMBER=ROCKET_LAUNCHER_0001", h) 1403 self.assertIn("CUSTOMER=WILE_E_COYOTE", h) 1404 1405 headers.append('Set-Cookie: SHIPPING=FEDEX; path=/foo') 1406 res = FakeResponse(headers, "http://www.acme.com") 1407 c.extract_cookies(res, req) 1408 1409 req = urllib.request.Request("http://www.acme.com/") 1410 c.add_cookie_header(req) 1411 1412 h = req.get_header("Cookie") 1413 self.assertIn("PART_NUMBER=ROCKET_LAUNCHER_0001", h) 1414 self.assertIn("CUSTOMER=WILE_E_COYOTE", h) 1415 self.assertNotIn("SHIPPING=FEDEX", h) 1416 1417 req = urllib.request.Request("http://www.acme.com/foo/") 1418 c.add_cookie_header(req) 1419 1420 h = req.get_header("Cookie") 1421 self.assertIn("PART_NUMBER=ROCKET_LAUNCHER_0001", h) 1422 self.assertIn("CUSTOMER=WILE_E_COYOTE", h) 1423 self.assertTrue(h.startswith("SHIPPING=FEDEX;")) 1424 1425 def test_netscape_example_2(self): 1426 # Second Example transaction sequence: 1427 # 1428 # Assume all mappings from above have been cleared. 1429 # 1430 # Client receives: 1431 # 1432 # Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/ 1433 # 1434 # When client requests a URL in path "/" on this server, it sends: 1435 # 1436 # Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001 1437 # 1438 # Client receives: 1439 # 1440 # Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammo 1441 # 1442 # When client requests a URL in path "/ammo" on this server, it sends: 1443 # 1444 # Cookie: PART_NUMBER=RIDING_ROCKET_0023; PART_NUMBER=ROCKET_LAUNCHER_0001 1445 # 1446 # NOTE: There are two name/value pairs named "PART_NUMBER" due to 1447 # the inheritance of the "/" mapping in addition to the "/ammo" mapping. 1448 1449 c = CookieJar() 1450 headers = [] 1451 1452 req = urllib.request.Request("http://www.acme.com/") 1453 headers.append("Set-Cookie: PART_NUMBER=ROCKET_LAUNCHER_0001; path=/") 1454 res = FakeResponse(headers, "http://www.acme.com/") 1455 1456 c.extract_cookies(res, req) 1457 1458 req = urllib.request.Request("http://www.acme.com/") 1459 c.add_cookie_header(req) 1460 1461 self.assertEqual(req.get_header("Cookie"), 1462 "PART_NUMBER=ROCKET_LAUNCHER_0001") 1463 1464 headers.append( 1465 "Set-Cookie: PART_NUMBER=RIDING_ROCKET_0023; path=/ammo") 1466 res = FakeResponse(headers, "http://www.acme.com/") 1467 c.extract_cookies(res, req) 1468 1469 req = urllib.request.Request("http://www.acme.com/ammo") 1470 c.add_cookie_header(req) 1471 1472 self.assertRegex(req.get_header("Cookie"), 1473 r"PART_NUMBER=RIDING_ROCKET_0023;\s*" 1474 "PART_NUMBER=ROCKET_LAUNCHER_0001") 1475 1476 def test_ietf_example_1(self): 1477 #------------------------------------------------------------------- 1478 # Then we test with the examples from draft-ietf-http-state-man-mec-03.txt 1479 # 1480 # 5. EXAMPLES 1481 1482 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1483 1484 # 1485 # 5.1 Example 1 1486 # 1487 # Most detail of request and response headers has been omitted. Assume 1488 # the user agent has no stored cookies. 1489 # 1490 # 1. User Agent -> Server 1491 # 1492 # POST /acme/login HTTP/1.1 1493 # [form data] 1494 # 1495 # User identifies self via a form. 1496 # 1497 # 2. Server -> User Agent 1498 # 1499 # HTTP/1.1 200 OK 1500 # Set-Cookie2: Customer="WILE_E_COYOTE"; Version="1"; Path="/acme" 1501 # 1502 # Cookie reflects user's identity. 1503 1504 cookie = interact_2965( 1505 c, 'http://www.acme.com/acme/login', 1506 'Customer="WILE_E_COYOTE"; Version="1"; Path="/acme"') 1507 self.assertFalse(cookie) 1508 1509 # 1510 # 3. User Agent -> Server 1511 # 1512 # POST /acme/pickitem HTTP/1.1 1513 # Cookie: $Version="1"; Customer="WILE_E_COYOTE"; $Path="/acme" 1514 # [form data] 1515 # 1516 # User selects an item for ``shopping basket.'' 1517 # 1518 # 4. Server -> User Agent 1519 # 1520 # HTTP/1.1 200 OK 1521 # Set-Cookie2: Part_Number="Rocket_Launcher_0001"; Version="1"; 1522 # Path="/acme" 1523 # 1524 # Shopping basket contains an item. 1525 1526 cookie = interact_2965(c, 'http://www.acme.com/acme/pickitem', 1527 'Part_Number="Rocket_Launcher_0001"; ' 1528 'Version="1"; Path="/acme"'); 1529 self.assertRegex(cookie, 1530 r'^\$Version="?1"?; Customer="?WILE_E_COYOTE"?; \$Path="/acme"$') 1531 1532 # 1533 # 5. User Agent -> Server 1534 # 1535 # POST /acme/shipping HTTP/1.1 1536 # Cookie: $Version="1"; 1537 # Customer="WILE_E_COYOTE"; $Path="/acme"; 1538 # Part_Number="Rocket_Launcher_0001"; $Path="/acme" 1539 # [form data] 1540 # 1541 # User selects shipping method from form. 1542 # 1543 # 6. Server -> User Agent 1544 # 1545 # HTTP/1.1 200 OK 1546 # Set-Cookie2: Shipping="FedEx"; Version="1"; Path="/acme" 1547 # 1548 # New cookie reflects shipping method. 1549 1550 cookie = interact_2965(c, "http://www.acme.com/acme/shipping", 1551 'Shipping="FedEx"; Version="1"; Path="/acme"') 1552 1553 self.assertRegex(cookie, r'^\$Version="?1"?;') 1554 self.assertRegex(cookie, r'Part_Number="?Rocket_Launcher_0001"?;' 1555 r'\s*\$Path="\/acme"') 1556 self.assertRegex(cookie, r'Customer="?WILE_E_COYOTE"?;' 1557 r'\s*\$Path="\/acme"') 1558 1559 # 1560 # 7. User Agent -> Server 1561 # 1562 # POST /acme/process HTTP/1.1 1563 # Cookie: $Version="1"; 1564 # Customer="WILE_E_COYOTE"; $Path="/acme"; 1565 # Part_Number="Rocket_Launcher_0001"; $Path="/acme"; 1566 # Shipping="FedEx"; $Path="/acme" 1567 # [form data] 1568 # 1569 # User chooses to process order. 1570 # 1571 # 8. Server -> User Agent 1572 # 1573 # HTTP/1.1 200 OK 1574 # 1575 # Transaction is complete. 1576 1577 cookie = interact_2965(c, "http://www.acme.com/acme/process") 1578 self.assertRegex(cookie, r'Shipping="?FedEx"?;\s*\$Path="\/acme"') 1579 self.assertIn("WILE_E_COYOTE", cookie) 1580 1581 # 1582 # The user agent makes a series of requests on the origin server, after 1583 # each of which it receives a new cookie. All the cookies have the same 1584 # Path attribute and (default) domain. Because the request URLs all have 1585 # /acme as a prefix, and that matches the Path attribute, each request 1586 # contains all the cookies received so far. 1587 1588 def test_ietf_example_2(self): 1589 # 5.2 Example 2 1590 # 1591 # This example illustrates the effect of the Path attribute. All detail 1592 # of request and response headers has been omitted. Assume the user agent 1593 # has no stored cookies. 1594 1595 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1596 1597 # Imagine the user agent has received, in response to earlier requests, 1598 # the response headers 1599 # 1600 # Set-Cookie2: Part_Number="Rocket_Launcher_0001"; Version="1"; 1601 # Path="/acme" 1602 # 1603 # and 1604 # 1605 # Set-Cookie2: Part_Number="Riding_Rocket_0023"; Version="1"; 1606 # Path="/acme/ammo" 1607 1608 interact_2965( 1609 c, "http://www.acme.com/acme/ammo/specific", 1610 'Part_Number="Rocket_Launcher_0001"; Version="1"; Path="/acme"', 1611 'Part_Number="Riding_Rocket_0023"; Version="1"; Path="/acme/ammo"') 1612 1613 # A subsequent request by the user agent to the (same) server for URLs of 1614 # the form /acme/ammo/... would include the following request header: 1615 # 1616 # Cookie: $Version="1"; 1617 # Part_Number="Riding_Rocket_0023"; $Path="/acme/ammo"; 1618 # Part_Number="Rocket_Launcher_0001"; $Path="/acme" 1619 # 1620 # Note that the NAME=VALUE pair for the cookie with the more specific Path 1621 # attribute, /acme/ammo, comes before the one with the less specific Path 1622 # attribute, /acme. Further note that the same cookie name appears more 1623 # than once. 1624 1625 cookie = interact_2965(c, "http://www.acme.com/acme/ammo/...") 1626 self.assertRegex(cookie, r"Riding_Rocket_0023.*Rocket_Launcher_0001") 1627 1628 # A subsequent request by the user agent to the (same) server for a URL of 1629 # the form /acme/parts/ would include the following request header: 1630 # 1631 # Cookie: $Version="1"; Part_Number="Rocket_Launcher_0001"; $Path="/acme" 1632 # 1633 # Here, the second cookie's Path attribute /acme/ammo is not a prefix of 1634 # the request URL, /acme/parts/, so the cookie does not get forwarded to 1635 # the server. 1636 1637 cookie = interact_2965(c, "http://www.acme.com/acme/parts/") 1638 self.assertIn("Rocket_Launcher_0001", cookie) 1639 self.assertNotIn("Riding_Rocket_0023", cookie) 1640 1641 def test_rejection(self): 1642 # Test rejection of Set-Cookie2 responses based on domain, path, port. 1643 pol = DefaultCookiePolicy(rfc2965=True) 1644 1645 c = LWPCookieJar(policy=pol) 1646 1647 max_age = "max-age=3600" 1648 1649 # illegal domain (no embedded dots) 1650 cookie = interact_2965(c, "http://www.acme.com", 1651 'foo=bar; domain=".com"; version=1') 1652 self.assertFalse(c) 1653 1654 # legal domain 1655 cookie = interact_2965(c, "http://www.acme.com", 1656 'ping=pong; domain="acme.com"; version=1') 1657 self.assertEqual(len(c), 1) 1658 1659 # illegal domain (host prefix "www.a" contains a dot) 1660 cookie = interact_2965(c, "http://www.a.acme.com", 1661 'whiz=bang; domain="acme.com"; version=1') 1662 self.assertEqual(len(c), 1) 1663 1664 # legal domain 1665 cookie = interact_2965(c, "http://www.a.acme.com", 1666 'wow=flutter; domain=".a.acme.com"; version=1') 1667 self.assertEqual(len(c), 2) 1668 1669 # can't partially match an IP-address 1670 cookie = interact_2965(c, "http://125.125.125.125", 1671 'zzzz=ping; domain="125.125.125"; version=1') 1672 self.assertEqual(len(c), 2) 1673 1674 # illegal path (must be prefix of request path) 1675 cookie = interact_2965(c, "http://www.sol.no", 1676 'blah=rhubarb; domain=".sol.no"; path="/foo"; ' 1677 'version=1') 1678 self.assertEqual(len(c), 2) 1679 1680 # legal path 1681 cookie = interact_2965(c, "http://www.sol.no/foo/bar", 1682 'bing=bong; domain=".sol.no"; path="/foo"; ' 1683 'version=1') 1684 self.assertEqual(len(c), 3) 1685 1686 # illegal port (request-port not in list) 1687 cookie = interact_2965(c, "http://www.sol.no", 1688 'whiz=ffft; domain=".sol.no"; port="90,100"; ' 1689 'version=1') 1690 self.assertEqual(len(c), 3) 1691 1692 # legal port 1693 cookie = interact_2965( 1694 c, "http://www.sol.no", 1695 r'bang=wallop; version=1; domain=".sol.no"; ' 1696 r'port="90,100, 80,8080"; ' 1697 r'max-age=100; Comment = "Just kidding! (\"|\\\\) "') 1698 self.assertEqual(len(c), 4) 1699 1700 # port attribute without any value (current port) 1701 cookie = interact_2965(c, "http://www.sol.no", 1702 'foo9=bar; version=1; domain=".sol.no"; port; ' 1703 'max-age=100;') 1704 self.assertEqual(len(c), 5) 1705 1706 # encoded path 1707 # LWP has this test, but unescaping allowed path characters seems 1708 # like a bad idea, so I think this should fail: 1709## cookie = interact_2965(c, "http://www.sol.no/foo/", 1710## r'foo8=bar; version=1; path="/%66oo"') 1711 # but this is OK, because '<' is not an allowed HTTP URL path 1712 # character: 1713 cookie = interact_2965(c, "http://www.sol.no/<oo/", 1714 r'foo8=bar; version=1; path="/%3coo"') 1715 self.assertEqual(len(c), 6) 1716 1717 # save and restore 1718 filename = os_helper.TESTFN 1719 1720 try: 1721 c.save(filename, ignore_discard=True) 1722 old = repr(c) 1723 1724 c = LWPCookieJar(policy=pol) 1725 c.load(filename, ignore_discard=True) 1726 finally: 1727 try: os.unlink(filename) 1728 except OSError: pass 1729 1730 self.assertEqual(old, repr(c)) 1731 1732 def test_url_encoding(self): 1733 # Try some URL encodings of the PATHs. 1734 # (the behaviour here has changed from libwww-perl) 1735 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1736 interact_2965(c, "http://www.acme.com/foo%2f%25/" 1737 "%3c%3c%0Anew%C3%A5/%C3%A5", 1738 "foo = bar; version = 1") 1739 1740 cookie = interact_2965( 1741 c, "http://www.acme.com/foo%2f%25/<<%0anew\345/\346\370\345", 1742 'bar=baz; path="/foo/"; version=1'); 1743 version_re = re.compile(r'^\$version=\"?1\"?', re.I) 1744 self.assertIn("foo=bar", cookie) 1745 self.assertRegex(cookie, version_re) 1746 1747 cookie = interact_2965( 1748 c, "http://www.acme.com/foo/%25/<<%0anew\345/\346\370\345") 1749 self.assertFalse(cookie) 1750 1751 # unicode URL doesn't raise exception 1752 cookie = interact_2965(c, "http://www.acme.com/\xfc") 1753 1754 def test_mozilla(self): 1755 # Save / load Mozilla/Netscape cookie file format. 1756 year_plus_one = time.localtime()[0] + 1 1757 1758 filename = os_helper.TESTFN 1759 1760 c = MozillaCookieJar(filename, 1761 policy=DefaultCookiePolicy(rfc2965=True)) 1762 interact_2965(c, "http://www.acme.com/", 1763 "foo1=bar; max-age=100; Version=1") 1764 interact_2965(c, "http://www.acme.com/", 1765 'foo2=bar; port="80"; max-age=100; Discard; Version=1') 1766 interact_2965(c, "http://www.acme.com/", "foo3=bar; secure; Version=1") 1767 1768 expires = "expires=09-Nov-%d 23:12:40 GMT" % (year_plus_one,) 1769 interact_netscape(c, "http://www.foo.com/", 1770 "fooa=bar; %s" % expires) 1771 interact_netscape(c, "http://www.foo.com/", 1772 "foob=bar; Domain=.foo.com; %s" % expires) 1773 interact_netscape(c, "http://www.foo.com/", 1774 "fooc=bar; Domain=www.foo.com; %s" % expires) 1775 1776 for cookie in c: 1777 if cookie.name == "foo1": 1778 cookie.set_nonstandard_attr("HTTPOnly", "") 1779 1780 def save_and_restore(cj, ignore_discard): 1781 try: 1782 cj.save(ignore_discard=ignore_discard) 1783 new_c = MozillaCookieJar(filename, 1784 DefaultCookiePolicy(rfc2965=True)) 1785 new_c.load(ignore_discard=ignore_discard) 1786 finally: 1787 try: os.unlink(filename) 1788 except OSError: pass 1789 return new_c 1790 1791 new_c = save_and_restore(c, True) 1792 self.assertEqual(len(new_c), 6) # none discarded 1793 self.assertIn("name='foo1', value='bar'", repr(new_c)) 1794 self.assertIn("rest={'HTTPOnly': ''}", repr(new_c)) 1795 1796 new_c = save_and_restore(c, False) 1797 self.assertEqual(len(new_c), 4) # 2 of them discarded on save 1798 self.assertIn("name='foo1', value='bar'", repr(new_c)) 1799 1800 def test_netscape_misc(self): 1801 # Some additional Netscape cookies tests. 1802 c = CookieJar() 1803 headers = [] 1804 req = urllib.request.Request("http://foo.bar.acme.com/foo") 1805 1806 # Netscape allows a host part that contains dots 1807 headers.append("Set-Cookie: Customer=WILE_E_COYOTE; domain=.acme.com") 1808 res = FakeResponse(headers, "http://www.acme.com/foo") 1809 c.extract_cookies(res, req) 1810 1811 # and that the domain is the same as the host without adding a leading 1812 # dot to the domain. Should not quote even if strange chars are used 1813 # in the cookie value. 1814 headers.append("Set-Cookie: PART_NUMBER=3,4; domain=foo.bar.acme.com") 1815 res = FakeResponse(headers, "http://www.acme.com/foo") 1816 c.extract_cookies(res, req) 1817 1818 req = urllib.request.Request("http://foo.bar.acme.com/foo") 1819 c.add_cookie_header(req) 1820 self.assertIn("PART_NUMBER=3,4", req.get_header("Cookie")) 1821 self.assertIn("Customer=WILE_E_COYOTE",req.get_header("Cookie")) 1822 1823 def test_intranet_domains_2965(self): 1824 # Test handling of local intranet hostnames without a dot. 1825 c = CookieJar(DefaultCookiePolicy(rfc2965=True)) 1826 interact_2965(c, "http://example/", 1827 "foo1=bar; PORT; Discard; Version=1;") 1828 cookie = interact_2965(c, "http://example/", 1829 'foo2=bar; domain=".local"; Version=1') 1830 self.assertIn("foo1=bar", cookie) 1831 1832 interact_2965(c, "http://example/", 'foo3=bar; Version=1') 1833 cookie = interact_2965(c, "http://example/") 1834 self.assertIn("foo2=bar", cookie) 1835 self.assertEqual(len(c), 3) 1836 1837 def test_intranet_domains_ns(self): 1838 c = CookieJar(DefaultCookiePolicy(rfc2965 = False)) 1839 interact_netscape(c, "http://example/", "foo1=bar") 1840 cookie = interact_netscape(c, "http://example/", 1841 'foo2=bar; domain=.local') 1842 self.assertEqual(len(c), 2) 1843 self.assertIn("foo1=bar", cookie) 1844 1845 cookie = interact_netscape(c, "http://example/") 1846 self.assertIn("foo2=bar", cookie) 1847 self.assertEqual(len(c), 2) 1848 1849 def test_empty_path(self): 1850 # Test for empty path 1851 # Broken web-server ORION/1.3.38 returns to the client response like 1852 # 1853 # Set-Cookie: JSESSIONID=ABCDERANDOM123; Path= 1854 # 1855 # ie. with Path set to nothing. 1856 # In this case, extract_cookies() must set cookie to / (root) 1857 c = CookieJar(DefaultCookiePolicy(rfc2965 = True)) 1858 headers = [] 1859 1860 req = urllib.request.Request("http://www.ants.com/") 1861 headers.append("Set-Cookie: JSESSIONID=ABCDERANDOM123; Path=") 1862 res = FakeResponse(headers, "http://www.ants.com/") 1863 c.extract_cookies(res, req) 1864 1865 req = urllib.request.Request("http://www.ants.com/") 1866 c.add_cookie_header(req) 1867 1868 self.assertEqual(req.get_header("Cookie"), 1869 "JSESSIONID=ABCDERANDOM123") 1870 self.assertEqual(req.get_header("Cookie2"), '$Version="1"') 1871 1872 # missing path in the request URI 1873 req = urllib.request.Request("http://www.ants.com:8080") 1874 c.add_cookie_header(req) 1875 1876 self.assertEqual(req.get_header("Cookie"), 1877 "JSESSIONID=ABCDERANDOM123") 1878 self.assertEqual(req.get_header("Cookie2"), '$Version="1"') 1879 1880 def test_session_cookies(self): 1881 year_plus_one = time.localtime()[0] + 1 1882 1883 # Check session cookies are deleted properly by 1884 # CookieJar.clear_session_cookies method 1885 1886 req = urllib.request.Request('http://www.perlmeister.com/scripts') 1887 headers = [] 1888 headers.append("Set-Cookie: s1=session;Path=/scripts") 1889 headers.append("Set-Cookie: p1=perm; Domain=.perlmeister.com;" 1890 "Path=/;expires=Fri, 02-Feb-%d 23:24:20 GMT" % 1891 year_plus_one) 1892 headers.append("Set-Cookie: p2=perm;Path=/;expires=Fri, " 1893 "02-Feb-%d 23:24:20 GMT" % year_plus_one) 1894 headers.append("Set-Cookie: s2=session;Path=/scripts;" 1895 "Domain=.perlmeister.com") 1896 headers.append('Set-Cookie2: s3=session;Version=1;Discard;Path="/"') 1897 res = FakeResponse(headers, 'http://www.perlmeister.com/scripts') 1898 1899 c = CookieJar() 1900 c.extract_cookies(res, req) 1901 # How many session/permanent cookies do we have? 1902 counter = {"session_after": 0, 1903 "perm_after": 0, 1904 "session_before": 0, 1905 "perm_before": 0} 1906 for cookie in c: 1907 key = "%s_before" % cookie.value 1908 counter[key] = counter[key] + 1 1909 c.clear_session_cookies() 1910 # How many now? 1911 for cookie in c: 1912 key = "%s_after" % cookie.value 1913 counter[key] = counter[key] + 1 1914 1915 # a permanent cookie got lost accidentally 1916 self.assertEqual(counter["perm_after"], counter["perm_before"]) 1917 # a session cookie hasn't been cleared 1918 self.assertEqual(counter["session_after"], 0) 1919 # we didn't have session cookies in the first place 1920 self.assertNotEqual(counter["session_before"], 0) 1921 1922 1923if __name__ == "__main__": 1924 unittest.main() 1925