1. from datetime import timedelta

  2. 

  3. from django.core import signing

  4. from django.http import HttpRequest, HttpResponse

  5. from django.test import SimpleTestCase, override_settings

  6. from django.test.utils import freeze_time

  7. 

  8. 

  9. class SignedCookieTest(SimpleTestCase):

  10.     def test_can_set_and_read_signed_cookies(self):

  11.         response = HttpResponse()

  12.         response.set_signed_cookie("c", "hello")

  13.         self.assertIn("c", response.cookies)

  14.         self.assertTrue(response.cookies["c"].value.startswith("hello:"))

  15.         request = HttpRequest()

  16.         request.COOKIES["c"] = response.cookies["c"].value

  17.         value = request.get_signed_cookie("c")

  18.         self.assertEqual(value, "hello")

  19. 

  20.     def test_can_use_salt(self):

  21.         response = HttpResponse()

  22.         response.set_signed_cookie("a", "hello", salt="one")

  23.         request = HttpRequest()

  24.         request.COOKIES["a"] = response.cookies["a"].value

  25.         value = request.get_signed_cookie("a", salt="one")

  26.         self.assertEqual(value, "hello")

  27.         with self.assertRaises(signing.BadSignature):

  28.             request.get_signed_cookie("a", salt="two")

  29. 

  30.     def test_detects_tampering(self):

  31.         response = HttpResponse()

  32.         response.set_signed_cookie("c", "hello")

  33.         request = HttpRequest()

  34.         request.COOKIES["c"] = response.cookies["c"].value[:-2] + "$$"

  35.         with self.assertRaises(signing.BadSignature):

  36.             request.get_signed_cookie("c")

  37. 

  38.     def test_default_argument_suppresses_exceptions(self):

  39.         response = HttpResponse()

  40.         response.set_signed_cookie("c", "hello")

  41.         request = HttpRequest()

  42.         request.COOKIES["c"] = response.cookies["c"].value[:-2] + "$$"

  43.         self.assertIsNone(request.get_signed_cookie("c", default=None))

  44. 

  45.     def test_max_age_argument(self):

  46.         value = "hello"

  47.         with freeze_time(123456789):

  48.             response = HttpResponse()

  49.             response.set_signed_cookie("c", value)

  50.             request = HttpRequest()

  51.             request.COOKIES["c"] = response.cookies["c"].value

  52.             self.assertEqual(request.get_signed_cookie("c"), value)

  53. 

  54.         with freeze_time(123456800):

  55.             self.assertEqual(request.get_signed_cookie("c", max_age=12), value)

  56.             self.assertEqual(request.get_signed_cookie("c", max_age=11), value)

  57.             self.assertEqual(

  58.                 request.get_signed_cookie("c", max_age=timedelta(seconds=11)), value

  59.             )

  60.             with self.assertRaises(signing.SignatureExpired):

  61.                 request.get_signed_cookie("c", max_age=10)

  62.             with self.assertRaises(signing.SignatureExpired):

  63.                 request.get_signed_cookie("c", max_age=timedelta(seconds=10))

  64. 

  65.     def test_set_signed_cookie_max_age_argument(self):

  66.         response = HttpResponse()

  67.         response.set_signed_cookie("c", "value", max_age=100)

  68.         self.assertEqual(response.cookies["c"]["max-age"], 100)

  69.         response.set_signed_cookie("d", "value", max_age=timedelta(hours=2))

  70.         self.assertEqual(response.cookies["d"]["max-age"], 7200)

  71. 

  72.     @override_settings(SECRET_KEY=b"\xe7")

  73.     def test_signed_cookies_with_binary_key(self):

  74.         response = HttpResponse()

  75.         response.set_signed_cookie("c", "hello")

  76. 

  77.         request = HttpRequest()

  78.         request.COOKIES["c"] = response.cookies["c"].value

  79.         self.assertEqual(request.get_signed_cookie("c"), "hello")
About Sign Up Leave Feedback Contact