enforce integer for max-age cookie

This commit is contained in:
Raphael Deem
2019-01-03 15:01:54 -08:00
parent 2af229eb1a
commit 7067295e67
2 changed files with 11 additions and 3 deletions

View File

@@ -1,6 +1,7 @@
import re import re
import string import string
DEFAULT_MAX_AGE = 0
# ------------------------------------------------------------ # # ------------------------------------------------------------ #
# SimpleCookie # SimpleCookie
@@ -103,6 +104,9 @@ class Cookie(dict):
if key not in self._keys: if key not in self._keys:
raise KeyError("Unknown cookie property") raise KeyError("Unknown cookie property")
if value is not False: if value is not False:
if key.lower() == "max-age":
if not str(value).isdigit():
value = DEFAULT_MAX_AGE
return super().__setitem__(key, value) return super().__setitem__(key, value)
def encode(self, encoding): def encode(self, encoding):

View File

@@ -2,7 +2,7 @@ from datetime import datetime, timedelta
from http.cookies import SimpleCookie from http.cookies import SimpleCookie
from sanic.response import text from sanic.response import text
import pytest import pytest
from sanic.cookies import Cookie from sanic.cookies import Cookie, DEFAULT_MAX_AGE
# ------------------------------------------------------------ # # ------------------------------------------------------------ #
# GET # GET
@@ -138,7 +138,7 @@ def test_cookie_set_same_key(app):
assert response.cookies["test"].value == "pass" assert response.cookies["test"].value == "pass"
@pytest.mark.parametrize("max_age", ["0", 30, "30"]) @pytest.mark.parametrize("max_age", ["0", 30, "30", "test"])
def test_cookie_max_age(app, max_age): def test_cookie_max_age(app, max_age):
cookies = {"test": "wait"} cookies = {"test": "wait"}
@@ -153,7 +153,11 @@ def test_cookie_max_age(app, max_age):
assert response.status == 200 assert response.status == 200
assert response.cookies["test"].value == "pass" assert response.cookies["test"].value == "pass"
assert response.cookies["test"]["max-age"] == str(max_age)
if str(max_age).isdigit():
assert response.cookies["test"]["max-age"] == str(max_age)
else:
assert response.cookies["test"]["max-age"] == str(DEFAULT_MAX_AGE)
@pytest.mark.parametrize( @pytest.mark.parametrize(