Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
cubicweb
cubicweb
Commits
2ab11cffd43b
Commit
84c43f55
authored
Mar 23, 2021
by
Frank Bessou
🍁
Browse files
feat: handle same_site cookies configuration in pyramid.ini
related:
#278
parent
e607a0f76d2b
Pipeline
#45136
passed with stage
in 1 minute and 59 seconds
Changes
3
Pipelines
10
Hide whitespace changes
Inline
Side-by-side
cubicweb/pyramid/auth.py
View file @
2ab11cff
...
...
@@ -150,7 +150,7 @@ class CWAuthTktAuthenticationPolicy(AuthTktAuthenticationPolicy):
unset
=
object
()
kw
=
{}
# load string settings
for
name
in
(
'cookie_name'
,
'path'
,
'domain'
,
'hashalg'
):
for
name
in
(
'cookie_name'
,
'path'
,
'domain'
,
'hashalg'
,
"samesite"
):
value
=
settings
.
get
(
prefix
+
name
,
defaults
.
get
(
name
,
unset
))
if
value
is
not
unset
:
kw
[
name
]
=
value
...
...
cubicweb/pyramid/test/test_login.py
View file @
2ab11cff
...
...
@@ -74,6 +74,27 @@ class LoginTest(PyramidCWTest):
rmtree
(
join
(
self
.
config
.
apphome
,
'i18n'
))
self
.
assertIn
(
u
"
\xc9
chec de l'authentification"
,
res
.
text
)
def
test_same_site_lax_by_default
(
self
):
res
=
self
.
webapp
.
post
(
'/login'
,
{
'__login'
:
self
.
admlogin
,
'__password'
:
self
.
admpassword
})
for
cookie
in
res
.
headers
.
getall
(
"Set-Cookie"
):
self
.
assertIn
(
"SameSite=Lax"
,
cookie
)
self
.
assertTrue
(
len
(
res
.
headers
.
getall
(
"Set-Cookie"
))
>
0
)
class
CookieParametersTC
(
PyramidCWTest
):
settings
=
{
'cubicweb.bwcompat'
:
True
,
'cubicweb.auth.authtkt.session.samesite'
:
"None"
,
}
def
test_same_site_set_from_config
(
self
):
res
=
self
.
webapp
.
post
(
'/login'
,
{
'__login'
:
self
.
admlogin
,
'__password'
:
self
.
admpassword
})
for
cookie
in
res
.
headers
.
getall
(
"Set-Cookie"
):
self
.
assertIn
(
"SameSite=None"
,
cookie
)
self
.
assertTrue
(
len
(
res
.
headers
.
getall
(
"Set-Cookie"
))
>
0
)
if
__name__
==
'__main__'
:
from
unittest
import
main
...
...
doc/book/pyramid/settings.rst
View file @
2ab11cff
...
...
@@ -119,6 +119,11 @@ The Pyramid CubicWeb specific configuration entries are:
('auth_tkt') The cookie name. Must be different from the persistent
authentication cookie name.
.. confval:: cubicweb.auth.authtkt.session.samesite (str)
('auth_tkt') Allows you to declare if your cookie should be restricted
to a first-party or same-site context. See here_ for more information.
.. confval:: cubicweb.auth.authtkt.session.timeout (int)
(1200) Cookie timeout.
...
...
@@ -135,6 +140,13 @@ The Pyramid CubicWeb specific configuration entries are:
('auth_tkt') The cookie name. Must be different from the session
authentication cookie name.
.. confval:: cubicweb.auth.authtkt.persistent.samesite (str)
('auth_tkt') Allows you to declare if your cookie should be restricted
to a first-party or same-site context. See here_ for more information.
.. _here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
.. confval:: cubicweb.auth.authtkt.persistent.max_age (int)
(30 days) Max age in seconds.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment