fix cookie expiration

2014-07-22 16:59:06 +02:00 · 2014-07-22 16:59:06 +02:00 · ff272f60ce
commit ff272f60ce
parent 0365b7057a
2 changed files with 21 additions and 8 deletions
--- a/isso/tests/views/test_api.py
+++ b/isso/tests/views/test_api.py
@ -57,6 +57,7 @@ class TestComments(unittest.TestCase):
    def setUp(self):
        conf = config.load(os.path.join(dist.location, "isso", "defaults.ini"))
        conf.set("general", "dbpath", "sqlite:///:memory:")
+        conf.set("general", "max-age", "900")
        conf.set("guard", "enabled", "off")
        conf.set("hash", "algorithm", "none")

@ -173,3 +174,12 @@ class TestComments(unittest.TestCase):
                                         content_type=form).status_code, 403)
        # just for the record
        self.assertEqual(self.post('/id/1/dislike', content_type=js).status_code, 200)
+
+    def testCookieExpiration(self):
+
+        rv = self.post('/new?uri=%2Fpath%2F', data=json.dumps({"text": "Hello, World!"}))
+        headers = rv.headers
+
+        for key in ("Set-Cookie", "X-Set-Cookie"):
+            self.assertTrue(headers.has_key(key))
+            self.assertIn("max-age=900", headers.get(key).lower())
--- a/isso/views/api.py
+++ b/isso/views/api.py
@ -3,7 +3,8 @@
 from __future__ import unicode_literals

 import cgi
-import functools
+
+from functools import partial

 from itsdangerous import SignatureExpired, BadSignature

@ -72,7 +73,7 @@ class API(object):
        self.moderated = conf.getboolean("moderation", "enabled")

        self.sign = signer.dumps
-        self.load = functools.partial(signer.loads, max_age=self.max_age)
+        self.load = partial(signer.loads, max_age=self.max_age)

    def serialize(self, comment, markup=True):
        _id = str(comment.id)
@ -133,14 +134,14 @@ class API(object):

        # TODO queue new thread, send notification

-        _id = str(comment.id)
+        cookie = partial(dump_cookie, max_age=self.max_age)
        signature = self.sign([comment.id, sha1(comment.text)])

        resp = JSON(
            self.serialize(comment),
            202 if comment.moderated == 2 else 201)
-        resp.headers.add("Set-Cookie", dump_cookie(_id, signature))
-        resp.headers.add("X-Set-Cookie", dump_cookie("isso-" + _id, signature))
+        resp.headers.add("Set-Cookie", cookie(str(comment.id), signature))
+        resp.headers.add("X-Set-Cookie", cookie("isso-%i" % comment.id, signature))
        return resp

    def view(self, environ, request, id):
@ -185,14 +186,16 @@ class API(object):
            comment = self.comments.edit(id, data)

        _id = str(comment.id)
+
+        cookie = partial(dump_cookie, max_age=self.max_age)
        signature = self.sign([comment.id, sha1(comment.text)])

        self.cache.delete("text", _id)
        self.cache.delete("hash", _id)

        resp = JSON(self.serialize(comment), 200)
-        resp.headers.add("Set-Cookie", dump_cookie(_id, signature))
-        resp.headers.add("X-Set-Cookie", dump_cookie("isso-" + _id, signature))
+        resp.headers.add("Set-Cookie", cookie(_id, signature))
+        resp.headers.add("X-Set-Cookie", cookie("isso-" + _id, signature))
        return resp

    @xhr
@ -221,7 +224,7 @@ class API(object):
        with self.db.transaction:
            comment = self.comments.delete(id)

-        cookie = functools.partial(dump_cookie, expires=0, max_age=0)
+        cookie = partial(dump_cookie, expires=0, max_age=0)

        resp = JSON(self.serialize(comment) if comment else None, 200)
        resp.headers.add("Set-Cookie", cookie(_id))