fix(cookies): use updated args for werkzeug >3.0

uc-cdis · May 20, 2024 · 5a3c7e5 · 5a3c7e5
1 parent d8ced18
commit 5a3c7e5
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 72 deletions.
diff --git a/fence/resources/user/user_session.py b/fence/resources/user/user_session.py
@@ -190,8 +190,8 @@ def save_session(self, app, session, response):
         token = session.get_updated_token(app)
         if token:
             response.set_cookie(
-                app.config["SESSION_COOKIE_NAME"],
-                token,
+                key=app.config["SESSION_COOKIE_NAME"],
+                value=token,
                 expires=self.get_expiration_time(app, session),
                 httponly=True,
                 domain=domain,
@@ -210,7 +210,7 @@ def save_session(self, app, session, response):
             # okay if user is hitting with just an access_token
             if user_sess_id != "" and not user:
                 response.set_cookie(
-                    config["ACCESS_TOKEN_COOKIE_NAME"],
+                    key=config["ACCESS_TOKEN_COOKIE_NAME"],
                     expires=0,
                     httponly=True,
                     domain=domain,
@@ -221,7 +221,7 @@ def save_session(self, app, session, response):
             # clear access token if not
             elif user_sess_id != "" and user.id != user_sess_id:
                 response.set_cookie(
-                    config["ACCESS_TOKEN_COOKIE_NAME"],
+                    key=config["ACCESS_TOKEN_COOKIE_NAME"],
                     expires=0,
                     httponly=True,
                     domain=domain,
@@ -250,14 +250,14 @@ def save_session(self, app, session, response):
             #       expiration it just won't be stored in the cookie
             #       anymore
             response.set_cookie(
-                app.config["SESSION_COOKIE_NAME"],
+                key=app.config["SESSION_COOKIE_NAME"],
                 expires=0,
                 httponly=True,
                 domain=domain,
                 secure=secure,
             )
             response.set_cookie(
-                config["ACCESS_TOKEN_COOKIE_NAME"],
+                key=config["ACCESS_TOKEN_COOKIE_NAME"],
                 expires=0,
                 httponly=True,
                 domain=domain,
@@ -337,8 +337,8 @@ def _create_access_token_cookie(app, session, response, user):
 
     domain = app.session_interface.get_cookie_domain(app)
     response.set_cookie(
-        config["ACCESS_TOKEN_COOKIE_NAME"],
-        access_token,
+        key=config["ACCESS_TOKEN_COOKIE_NAME"],
+        value=access_token,
         expires=expiration,
         httponly=True,
         domain=domain,

diff --git a/fence/utils.py b/fence/utils.py
@@ -215,7 +215,7 @@ def clear_cookies(response):
     Set all cookies to empty and expired.
     """
     for cookie_name in list(flask.request.cookies.keys()):
-        response.set_cookie(cookie_name, "", expires=0, httponly=True)
+        response.set_cookie(key=cookie_name, value="", expires=0, httponly=True)
 
 
 def get_error_params(error, description):

diff --git a/tests/link/test_link.py b/tests/link/test_link.py
@@ -177,9 +177,9 @@ def test_google_link_auth_return(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -258,9 +258,9 @@ def test_patch_google_link(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -362,9 +362,9 @@ def test_patch_google_link_account_not_in_token(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -418,9 +418,9 @@ def test_patch_google_link_account_doesnt_exist(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -487,9 +487,9 @@ def test_google_link_g_account_exists(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -566,9 +566,9 @@ def test_google_link_g_account_access_extension(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -653,9 +653,9 @@ def test_google_link_g_account_exists_linked_to_different_user(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -721,9 +721,9 @@ def test_google_link_no_proxy_group(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )
@@ -807,9 +807,9 @@ def test_google_link_when_google_mocked(
 
     # manually set cookie for initial session
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )

diff --git a/tests/login/test_google_login.py b/tests/login/test_google_login.py
@@ -27,9 +27,9 @@ def test_google_login_http_headers_are_less_than_4k_for_user_with_many_projects(
         },
     )
     client.set_cookie(
-        "localhost",
-        config["SESSION_COOKIE_NAME"],
-        test_session_jwt,
+        domain="localhost",
+        key=config["SESSION_COOKIE_NAME"],
+        value=test_session_jwt,
         httponly=True,
         samesite="Lax",
     )

diff --git a/tests/session/test_session.py b/tests/session/test_session.py
@@ -59,9 +59,9 @@ def test_valid_session(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -82,9 +82,9 @@ def test_valid_session_modified(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -112,9 +112,9 @@ def test_expired_session_lifetime(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -144,9 +144,9 @@ def test_expired_session_timeout(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -168,9 +168,9 @@ def test_session_cleared(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -190,9 +190,9 @@ def test_invalid_session_cookie(app):
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -234,16 +234,16 @@ def test_valid_session_valid_access_token(
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
         client.set_cookie(
-            "localhost",
-            config["ACCESS_TOKEN_COOKIE_NAME"],
-            test_access_jwt,
+            domain="localhost",
+            key=config["ACCESS_TOKEN_COOKIE_NAME"],
+            value=test_access_jwt,
             httponly=True,
             samesite="Lax",
         )
@@ -287,16 +287,16 @@ def test_valid_session_valid_access_token_diff_user(
     with app.test_client() as client:
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )
         client.set_cookie(
-            "localhost",
-            config["ACCESS_TOKEN_COOKIE_NAME"],
-            test_access_jwt,
+            domain="localhost",
+            key=config["ACCESS_TOKEN_COOKIE_NAME"],
+            value=test_access_jwt,
             httponly=True,
             samesite="Lax",
         )

diff --git a/tests/test_logout.py b/tests/test_logout.py
@@ -78,9 +78,9 @@ def test_logout_fence(app, client, user_with_fence_provider, monkeypatch):
     with mock.patch("fence.allowed_login_redirects", return_value={"some_site.com"}):
         # manually set cookie for initial session
         client.set_cookie(
-            "localhost",
-            config["SESSION_COOKIE_NAME"],
-            test_session_jwt,
+            domain="localhost",
+            key=config["SESSION_COOKIE_NAME"],
+            value=test_session_jwt,
             httponly=True,
             samesite="Lax",
         )