Skip to content
This repository was archived by the owner on Jun 23, 2023. It is now read-only.

Commit 7305aa2

Browse files
peppelinuxpeppelinux
committed
Cookies improvements
* BREAKAGE: Cookies flags in cookie_handler.make_cookie_content now are lowercased by default, they doesn't being correctly loaded by flask and django .set_cookie * chore: flask_op views _add_cookie generalization * feat: additional cookie_handler parameter called `flags` to configure whatever cookie flag we desire * feat: Cookie default flags SameSite, HttpOnly and Secure set to True by default
1 parent 8b6b755 commit 7305aa2

5 files changed

Lines changed: 45 additions & 16 deletions

File tree

example/flask_op/views.py

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,10 +28,9 @@
2828

2929

3030
def _add_cookie(resp, cookie_spec):
31-
kwargs = {'value': cookie_spec["value"]}
32-
for param in ['expires', 'max-age']:
33-
if param in cookie_spec:
34-
kwargs[param] = cookie_spec[param]
31+
kwargs = {k:v
32+
for k,v in cookie_spec.items()
33+
if k not in ('name',)}
3534
kwargs["path"] = "/"
3635
resp.set_cookie(cookie_spec["name"], **kwargs)
3736

src/oidcop/cookie_handler.py

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ def __init__(
3737
keys: Optional[dict] = None,
3838
sign_alg: [str] = "SHA256",
3939
name: Optional[dict] = None,
40+
**kwargs
4041
):
4142

4243
if keys:
@@ -77,6 +78,15 @@ def __init__(
7778
else:
7879
self.name = name
7980

81+
self.flags = kwargs.get(
82+
'flags',
83+
{
84+
"samesite": "None",
85+
"httponly": True,
86+
"secure": True,
87+
}
88+
)
89+
8090
def _sign_enc_payload(self, payload: str, timestamp: Optional[Union[int, str]] = 0):
8191
"""
8292
Creates signed and/or encrypted information.
@@ -211,9 +221,12 @@ def make_cookie_content(
211221
content = {"name": name, "value": _cookie_value}
212222

213223
if max_age == -1:
214-
content["Expires"] = "Thu, 01 Jan 1970 00:00:00 GMT;"
224+
content["expires"] = "Thu, 01 Jan 1970 00:00:00 GMT;"
215225
elif max_age:
216-
content["Max-Age"] = epoch_in_a_while(seconds=max_age)
226+
content["max-age"] = epoch_in_a_while(seconds=max_age)
227+
228+
for k,v in self.flags.items():
229+
content[k] = v
217230

218231
return content
219232

src/oidcop/endpoint_context.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,9 +232,10 @@ def __init__(
232232
self.claims_interface = None
233233

234234
def new_cookie(self, name: str, max_age: Optional[int] = 0, **kwargs):
235-
return self.cookie_handler.make_cookie_content(
235+
cookie_cont = self.cookie_handler.make_cookie_content(
236236
name=name, value=json.dumps(kwargs), max_age=max_age
237237
)
238+
return cookie_cont
238239

239240
def set_scopes_handler(self):
240241
_spec = self.conf.get("scopes_handler")

tests/test_09_cookie_handler.py

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,15 +25,19 @@ def test_init(self):
2525
def test_make_cookie_content(self):
2626
_cookie_info = self.cookie_handler.make_cookie_content("oidcop", "value", "sso")
2727
assert _cookie_info
28-
assert set(_cookie_info.keys()) == {"name", "value"}
28+
assert set(_cookie_info.keys()) == {
29+
"name", "value", "samesite", "httponly", "secure"
30+
}
2931
assert len(_cookie_info["value"].split("|")) == 3
3032

3133
def test_make_cookie_content_max_age(self):
3234
_cookie_info = self.cookie_handler.make_cookie_content(
3335
"oidcop", "value", "sso", max_age=3600
3436
)
3537
assert _cookie_info
36-
assert set(_cookie_info.keys()) == {"name", "value", "Max-Age"}
38+
assert set(_cookie_info.keys()) == {
39+
'name', 'value', 'max-age', 'samesite', 'httponly', 'secure'
40+
}
3741
assert len(_cookie_info["value"].split("|")) == 3
3842

3943
def test_read_cookie_info(self):
@@ -72,15 +76,19 @@ def make_cookie_handler(self):
7276
def test_make_cookie_content(self):
7377
_cookie_info = self.cookie_handler.make_cookie_content("oidcop", "value", "sso")
7478
assert _cookie_info
75-
assert set(_cookie_info.keys()) == {"name", "value"}
79+
assert set(_cookie_info.keys()) == {
80+
'name', 'value', 'samesite', 'httponly', 'secure'
81+
}
7682
assert len(_cookie_info["value"].split("|")) == 4
7783

7884
def test_make_cookie_content_max_age(self):
7985
_cookie_info = self.cookie_handler.make_cookie_content(
8086
"oidcop", "value", "sso", max_age=3600
8187
)
8288
assert _cookie_info
83-
assert set(_cookie_info.keys()) == {"name", "value", "Max-Age"}
89+
assert set(_cookie_info.keys()) == {
90+
'name', 'value', 'max-age', 'samesite', 'httponly', 'secure'
91+
}
8492
assert len(_cookie_info["value"].split("|")) == 4
8593

8694
def test_read_cookie_info(self):
@@ -118,15 +126,19 @@ def make_cookie_content_handler(self):
118126
def test_make_cookie_content(self):
119127
_cookie_info = self.cookie_handler.make_cookie_content("oidcop", "value", "sso")
120128
assert _cookie_info
121-
assert set(_cookie_info.keys()) == {"name", "value"}
129+
assert set(_cookie_info.keys()) == {
130+
'name', 'value', 'samesite', 'httponly', 'secure'
131+
}
122132
assert len(_cookie_info["value"].split("|")) == 4
123133

124134
def test_make_cookie_content_max_age(self):
125135
_cookie_info = self.cookie_handler.make_cookie_content(
126136
"oidcop", "value", "sso", max_age=3600
127137
)
128138
assert _cookie_info
129-
assert set(_cookie_info.keys()) == {"name", "value", "Max-Age"}
139+
assert set(_cookie_info.keys()) == {
140+
'name', 'value', 'max-age', 'samesite', 'httponly', 'secure'
141+
}
130142
assert len(_cookie_info["value"].split("|")) == 4
131143

132144
def test_read_cookie_info(self):
@@ -168,15 +180,19 @@ def make_cookie_handler(self):
168180
def test_make_cookie_content(self):
169181
_cookie_info = self.cookie_handler.make_cookie_content("oidcop", "value", "sso")
170182
assert _cookie_info
171-
assert set(_cookie_info.keys()) == {"name", "value"}
183+
assert set(_cookie_info.keys()) == {
184+
'name', 'value', 'samesite', 'httponly', 'secure'
185+
}
172186
assert len(_cookie_info["value"].split("|")) == 4
173187

174188
def test_make_cookie_content_max_age(self):
175189
_cookie_info = self.cookie_handler.make_cookie_content(
176190
"oidcop", "value", "sso", max_age=3600
177191
)
178192
assert _cookie_info
179-
assert set(_cookie_info.keys()) == {"name", "value", "Max-Age"}
193+
assert set(_cookie_info.keys()) == {
194+
'name', 'value', 'max-age', 'samesite', 'httponly', 'secure'
195+
}
180196
assert len(_cookie_info["value"].split("|")) == 4
181197

182198
def test_read_cookie_info(self):

tests/test_30_oidc_end_session.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -605,7 +605,7 @@ def test_kill_cookies(self):
605605
assert set(_names) == {"oidc_op_sman", "oidc_op"}
606606
_values = [ci["value"] for ci in _info]
607607
assert set(_values) == {"", ""}
608-
_exps = [ci["Expires"] for ci in _info]
608+
_exps = [ci["expires"] for ci in _info]
609609
assert set(_exps) == {
610610
"Thu, 01 Jan 1970 00:00:00 GMT;",
611611
"Thu, 01 Jan 1970 00:00:00 GMT;",

0 commit comments

Comments
 (0)