From cd0f74b1e09a50acc073aa57c1345968257a9056 Mon Sep 17 00:00:00 2001
From: R David Murray <rdmurray@bitdance.com>
Date: Sun, 25 Aug 2013 11:09:02 -0400
Subject: #16611: BaseCookie now parses 'secure' and 'httponly' flags.

Previously it generated them if they were given a value, but completely
ignored them if they were present in the string passed in to be parsed.  Now
if the flag appears on a cookie, the corresponding Morsel key will reference a
True value.  Other pre-existing behavior is retained in this maintenance
patch: if the source contains something like 'secure=foo', morsel['secure']
will return 'foo'.  Since such a value doesn't round trip and never did (and
would be a surprising occurrence) a subsequent non-bug-fix patch may change
this behavior.

Inspired by a patch from Julien Phalip, who reviewed this one.
---
 Lib/test/test_http_cookies.py | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

(limited to 'Lib/test')

diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
index e8327e59eb..1cfbe742e4 100644
--- a/Lib/test/test_http_cookies.py
+++ b/Lib/test/test_http_cookies.py
@@ -109,13 +109,51 @@ class CookieTests(unittest.TestCase):
         self.assertEqual(C.output(),
                          'Set-Cookie: Customer="WILE_E_COYOTE"; Max-Age=10')
 
-        # others
+    def test_set_secure_httponly_attrs(self):
         C = cookies.SimpleCookie('Customer="WILE_E_COYOTE"')
         C['Customer']['secure'] = True
         C['Customer']['httponly'] = True
         self.assertEqual(C.output(),
             'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
 
+    def test_secure_httponly_false_if_not_present(self):
+        C = cookies.SimpleCookie()
+        C.load('eggs=scrambled; Path=/bacon')
+        self.assertFalse(C['eggs']['httponly'])
+        self.assertFalse(C['eggs']['secure'])
+
+    def test_secure_httponly_true_if_present(self):
+        # Issue 16611
+        C = cookies.SimpleCookie()
+        C.load('eggs=scrambled; httponly; secure; Path=/bacon')
+        self.assertTrue(C['eggs']['httponly'])
+        self.assertTrue(C['eggs']['secure'])
+
+    def test_secure_httponly_true_if_have_value(self):
+        # This isn't really valid, but demonstrates what the current code
+        # is expected to do in this case.
+        C = cookies.SimpleCookie()
+        C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon')
+        self.assertTrue(C['eggs']['httponly'])
+        self.assertTrue(C['eggs']['secure'])
+        # Here is what it actually does; don't depend on this behavior.  These
+        # checks are testing backward compatibility for issue 16611.
+        self.assertEqual(C['eggs']['httponly'], 'foo')
+        self.assertEqual(C['eggs']['secure'], 'bar')
+
+    def test_bad_attrs(self):
+        # issue 16611: make sure we don't break backward compatibility.
+        C = cookies.SimpleCookie()
+        C.load('cookie=with; invalid; version; second=cookie;')
+        self.assertEqual(C.output(),
+            'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie')
+
+    def test_extra_spaces(self):
+        C = cookies.SimpleCookie()
+        C.load('eggs  =  scrambled  ;  secure  ;  path  =  bar   ; foo=foo   ')
+        self.assertEqual(C.output(),
+            'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
+
     def test_quoted_meta(self):
         # Try cookie with quoted meta-data
         C = cookies.SimpleCookie()
-- 
cgit v1.2.1