From 5a3c7e501ae79add1f2b81f6d7e1570f667c1416 Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 20 May 2024 14:52:19 -0500 Subject: [PATCH] fix(cookies): use updated args for werkzeug >3.0 --- fence/resources/user/user_session.py | 16 ++++---- fence/utils.py | 2 +- tests/link/test_link.py | 54 ++++++++++++------------- tests/login/test_google_login.py | 6 +-- tests/session/test_session.py | 60 ++++++++++++++-------------- tests/test_logout.py | 6 +-- 6 files changed, 72 insertions(+), 72 deletions(-) diff --git a/fence/resources/user/user_session.py b/fence/resources/user/user_session.py index 326c84860..fc061a74c 100644 --- a/fence/resources/user/user_session.py +++ b/fence/resources/user/user_session.py @@ -190,8 +190,8 @@ def save_session(self, app, session, response): token = session.get_updated_token(app) if token: response.set_cookie( - app.config["SESSION_COOKIE_NAME"], - token, + key=app.config["SESSION_COOKIE_NAME"], + value=token, expires=self.get_expiration_time(app, session), httponly=True, domain=domain, @@ -210,7 +210,7 @@ def save_session(self, app, session, response): # okay if user is hitting with just an access_token if user_sess_id != "" and not user: response.set_cookie( - config["ACCESS_TOKEN_COOKIE_NAME"], + key=config["ACCESS_TOKEN_COOKIE_NAME"], expires=0, httponly=True, domain=domain, @@ -221,7 +221,7 @@ def save_session(self, app, session, response): # clear access token if not elif user_sess_id != "" and user.id != user_sess_id: response.set_cookie( - config["ACCESS_TOKEN_COOKIE_NAME"], + key=config["ACCESS_TOKEN_COOKIE_NAME"], expires=0, httponly=True, domain=domain, @@ -250,14 +250,14 @@ def save_session(self, app, session, response): # expiration it just won't be stored in the cookie # anymore response.set_cookie( - app.config["SESSION_COOKIE_NAME"], + key=app.config["SESSION_COOKIE_NAME"], expires=0, httponly=True, domain=domain, secure=secure, ) response.set_cookie( - config["ACCESS_TOKEN_COOKIE_NAME"], + key=config["ACCESS_TOKEN_COOKIE_NAME"], expires=0, httponly=True, domain=domain, @@ -337,8 +337,8 @@ def _create_access_token_cookie(app, session, response, user): domain = app.session_interface.get_cookie_domain(app) response.set_cookie( - config["ACCESS_TOKEN_COOKIE_NAME"], - access_token, + key=config["ACCESS_TOKEN_COOKIE_NAME"], + value=access_token, expires=expiration, httponly=True, domain=domain, diff --git a/fence/utils.py b/fence/utils.py index f0ae9a9d9..7024e87e3 100644 --- a/fence/utils.py +++ b/fence/utils.py @@ -215,7 +215,7 @@ def clear_cookies(response): Set all cookies to empty and expired. """ for cookie_name in list(flask.request.cookies.keys()): - response.set_cookie(cookie_name, "", expires=0, httponly=True) + response.set_cookie(key=cookie_name, value="", expires=0, httponly=True) def get_error_params(error, description): diff --git a/tests/link/test_link.py b/tests/link/test_link.py index 57e8bafbc..36e53b9ea 100644 --- a/tests/link/test_link.py +++ b/tests/link/test_link.py @@ -177,9 +177,9 @@ def test_google_link_auth_return( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -258,9 +258,9 @@ def test_patch_google_link( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -362,9 +362,9 @@ def test_patch_google_link_account_not_in_token( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -418,9 +418,9 @@ def test_patch_google_link_account_doesnt_exist( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -487,9 +487,9 @@ def test_google_link_g_account_exists( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -566,9 +566,9 @@ def test_google_link_g_account_access_extension( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -653,9 +653,9 @@ def test_google_link_g_account_exists_linked_to_different_user( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -721,9 +721,9 @@ def test_google_link_no_proxy_group( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -807,9 +807,9 @@ def test_google_link_when_google_mocked( # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) diff --git a/tests/login/test_google_login.py b/tests/login/test_google_login.py index 17d4bb8bd..dfe6ecab5 100644 --- a/tests/login/test_google_login.py +++ b/tests/login/test_google_login.py @@ -27,9 +27,9 @@ def test_google_login_http_headers_are_less_than_4k_for_user_with_many_projects( }, ) client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) diff --git a/tests/session/test_session.py b/tests/session/test_session.py index 387dd7e98..9da02f6c1 100644 --- a/tests/session/test_session.py +++ b/tests/session/test_session.py @@ -59,9 +59,9 @@ def test_valid_session(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -82,9 +82,9 @@ def test_valid_session_modified(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -112,9 +112,9 @@ def test_expired_session_lifetime(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -144,9 +144,9 @@ def test_expired_session_timeout(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -168,9 +168,9 @@ def test_session_cleared(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -190,9 +190,9 @@ def test_invalid_session_cookie(app): with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) @@ -234,16 +234,16 @@ def test_valid_session_valid_access_token( with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) client.set_cookie( - "localhost", - config["ACCESS_TOKEN_COOKIE_NAME"], - test_access_jwt, + domain="localhost", + key=config["ACCESS_TOKEN_COOKIE_NAME"], + value=test_access_jwt, httponly=True, samesite="Lax", ) @@ -287,16 +287,16 @@ def test_valid_session_valid_access_token_diff_user( with app.test_client() as client: # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", ) client.set_cookie( - "localhost", - config["ACCESS_TOKEN_COOKIE_NAME"], - test_access_jwt, + domain="localhost", + key=config["ACCESS_TOKEN_COOKIE_NAME"], + value=test_access_jwt, httponly=True, samesite="Lax", ) diff --git a/tests/test_logout.py b/tests/test_logout.py index 49df98c6a..363d9a2f4 100644 --- a/tests/test_logout.py +++ b/tests/test_logout.py @@ -78,9 +78,9 @@ def test_logout_fence(app, client, user_with_fence_provider, monkeypatch): with mock.patch("fence.allowed_login_redirects", return_value={"some_site.com"}): # manually set cookie for initial session client.set_cookie( - "localhost", - config["SESSION_COOKIE_NAME"], - test_session_jwt, + domain="localhost", + key=config["SESSION_COOKIE_NAME"], + value=test_session_jwt, httponly=True, samesite="Lax", )