ipsilon/util/cookies.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

#!/usr/bin/python
#
# Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING

from ipsilon.util.log import Log
import cherrypy
import uuid


class SecureCookie(Log):

    def __init__(self, name=None, value=None, maxage=None, expires=None):
        if name is None:
            self.name = str(uuid.uuid4())
        else:
            self.name = str(name)
        self.path = None
        self.secure = cherrypy.config.get('tools.sessions.secure', True)
        self.httponly = cherrypy.config.get('tools.sessions.httponly', True)
        self.maxage = maxage
        self.expires = expires
        self.value = value

    def _get_cookie_attr(self, name):
        return getattr(cherrypy.request.cookie[self.name], name, None)

    def _set_cookie_attr(self, name, value):
        if value is not None and value is not False:
            cherrypy.response.cookie[self.name][name] = value

    def receive(self):
        if self.name not in cherrypy.request.cookie:
            return

        self.value = cherrypy.request.cookie[self.name].value
        self.path = self._get_cookie_attr('path')
        self.secure = self._get_cookie_attr('secure')
        self.httponly = self._get_cookie_attr('httponly')
        self.maxage = self._get_cookie_attr('max-age')
        self.expires = self._get_cookie_attr('expires')

    def _store(self):
        if self.value is None:
            raise ValueError('Cookie has no value')
        if self.maxage is None and self.expires is not 0:
            # 5 minutes should be enough ...
            self.maxage = 300
        cherrypy.response.cookie[self.name] = str(self.value)
        if self.path:
            path = self.path
        else:
            path = cherrypy.config.get('base.mount', '/')
        self._set_cookie_attr('path', path)
        self._set_cookie_attr('secure', self.secure)
        self._set_cookie_attr('httponly', self.httponly)
        self._set_cookie_attr('max-age', self.maxage)
        self._set_cookie_attr('expires', self.expires)
        self.debug('Cookie op: %s' % cherrypy.response.cookie[self.name])

    def delete(self):
        self.expires = 0
        self.debug('Deleting cookie %s' % self.name)
        self._store()

    def send(self):
        self.debug('Sending cookie %s' % self.name)
        self._store()