diff options
author | Collin Anderson <cmawebsite@gmail.com> | 2016-03-11 21:36:08 -0500 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-03-15 12:24:06 -0400 |
commit | 93a135d111c2569d88d65a3f4ad9e6d9ad291452 (patch) | |
tree | b85448d68a4888d8372c15328fa5f4e30c5ffda2 /tests/httpwrappers | |
parent | e7e5d9b338cabaafc61b7a0c55ff395b533d8c9e (diff) | |
download | django-93a135d111c2569d88d65a3f4ad9e6d9ad291452.tar.gz |
Fixed #26158 -- Rewrote http.parse_cookie() to better match browsers.
Diffstat (limited to 'tests/httpwrappers')
-rw-r--r-- | tests/httpwrappers/tests.py | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py index a3d6691794..e42d4918eb 100644 --- a/tests/httpwrappers/tests.py +++ b/tests/httpwrappers/tests.py @@ -676,6 +676,8 @@ class CookieTests(unittest.TestCase): c2 = SimpleCookie() c2.load(c.output()[12:]) self.assertEqual(c['test'].value, c2['test'].value) + c3 = parse_cookie(c.output()[12:]) + self.assertEqual(c['test'].value, c3['test']) def test_decode_2(self): """ @@ -686,6 +688,8 @@ class CookieTests(unittest.TestCase): c2 = SimpleCookie() c2.load(c.output()[12:]) self.assertEqual(c['test'].value, c2['test'].value) + c3 = parse_cookie(c.output()[12:]) + self.assertEqual(c['test'].value, c3['test']) def test_nonstandard_keys(self): """ @@ -699,6 +703,52 @@ class CookieTests(unittest.TestCase): """ self.assertIn('good_cookie', parse_cookie('a:=b; a:=c; good_cookie=yes').keys()) + def test_python_cookies(self): + """ + Test cases copied from Python's Lib/test/test_http_cookies.py + """ + self.assertEqual(parse_cookie('chips=ahoy; vienna=finger'), {'chips': 'ahoy', 'vienna': 'finger'}) + # Here parse_cookie() differs from Python's cookie parsing in that it + # treats all semicolons as delimiters, even within quotes. + self.assertEqual( + parse_cookie('keebler="E=mc2; L=\\"Loves\\"; fudge=\\012;"'), + {'keebler': '"E=mc2', 'L': '\\"Loves\\"', 'fudge': '\\012', '': '"'} + ) + # Illegal cookies that have an '=' char in an unquoted value. + self.assertEqual(parse_cookie('keebler=E=mc2'), {'keebler': 'E=mc2'}) + # Cookies with ':' character in their name. + self.assertEqual(parse_cookie('key:term=value:term'), {'key:term': 'value:term'}) + # Cookies with '[' and ']'. + self.assertEqual(parse_cookie('a=b; c=[; d=r; f=h'), {'a': 'b', 'c': '[', 'd': 'r', 'f': 'h'}) + + def test_cookie_edgecases(self): + # Cookies that RFC6265 allows. + self.assertEqual(parse_cookie('a=b; Domain=example.com'), {'a': 'b', 'Domain': 'example.com'}) + # parse_cookie() has historically kept only the last cookie with the + # same name. + self.assertEqual(parse_cookie('a=b; h=i; a=c'), {'a': 'c', 'h': 'i'}) + + def test_invalid_cookies(self): + """ + Cookie strings that go against RFC6265 but browsers will send if set + via document.cookie. + """ + # Chunks without an equals sign appear as unnamed values per + # https://bugzilla.mozilla.org/show_bug.cgi?id=169091 + self.assertIn('django_language', parse_cookie('abc=def; unnamed; django_language=en').keys()) + # Even a double quote may be an unamed value. + self.assertEqual(parse_cookie('a=b; "; c=d'), {'a': 'b', '': '"', 'c': 'd'}) + # Spaces in names and values, and an equals sign in values. + self.assertEqual(parse_cookie('a b c=d e = f; gh=i'), {'a b c': 'd e = f', 'gh': 'i'}) + # More characters the spec forbids. + self.assertEqual(parse_cookie('a b,c<>@:/[]?{}=d " =e,f g'), {'a b,c<>@:/[]?{}': 'd " =e,f g'}) + # Unicode characters. The spec only allows ASCII. + self.assertEqual(parse_cookie('saint=André Bessette'), {'saint': force_str('André Bessette')}) + # Browsers don't send extra whitespace or semicolons in Cookie headers, + # but parse_cookie() should parse whitespace the same way + # document.cookie parses whitespace. + self.assertEqual(parse_cookie(' = b ; ; = ; c = ; '), {'': 'b', 'c': ''}) + def test_httponly_after_load(self): """ Test that we can use httponly attribute on cookies that we load |