Cast int cookie dict max_age (#185)

* Cast int cookie dict max_age * chore: increase coverage --------- Co-authored-by: andruten <[email protected]>
jazzband · Oct 21, 2024 · bf8b4f7 · bf8b4f7
1 parent 95f399d
commit bf8b4f7
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 2 deletions.
diff --git a/revproxy/utils.py b/revproxy/utils.py
@@ -246,7 +246,16 @@ def cookie_from_string(cookie_string, strict_cookies=False):
                 elif attr == 'max-age':
                     # The cookie uses 'max-age' but django's
                     # set_cookie uses 'max_age'
-                    cookie_dict['max_age'] = unquote(value)
+                    try:
+                        # Cast to Integer as Django's set_cookie()
+                        # expects max_age as int
+                        cookie_dict['max_age'] = int(unquote(value))
+                    except ValueError:
+                        logger.warning(
+                            'Invalid max_age attribute value in cookie: `%s`',
+                            cookie_string,
+                        )
+                        cookie_dict['max_age'] = None
                 else:
                     cookie_dict[attr] = unquote(value)
             else:

diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -151,7 +151,39 @@ def test_valid_attr_in_cookie_from_string(self):
         self.assertIn('lax', utils.cookie_from_string(cookie)['samesite'])
 
         self.assertIn('max_age', utils.cookie_from_string(cookie))
-        self.assertIn('60', utils.cookie_from_string(cookie)['max_age'])
+        self.assertEqual(60, utils.cookie_from_string(cookie)['max_age'])
+
+        self.assertIn('value', utils.cookie_from_string(cookie))
+        self.assertIn('1266bb13c139cfba3ed1c9c68110bae9',
+                      utils.cookie_from_string(cookie)['value'])
+
+        self.assertIn('key', utils.cookie_from_string(cookie))
+        self.assertIn('_cookie_session',
+                      utils.cookie_from_string(cookie)['key'])
+
+    def test_valid_attr_in_cookie_from_string_none_max_age(self):
+        cookie = "_cookie_session=1266bb13c139cfba3ed1c9c68110bae9;"\
+                 "expires=Thu, 29 Jan 2015 13:51:41 -0000; httponly;"\
+                 "secure;Path=/gitlab;max-age=null;samesite=lax"
+
+        self.assertIn('path', utils.cookie_from_string(cookie))
+        self.assertIn('/', utils.cookie_from_string(cookie)['path'])
+
+        self.assertIn('expires', utils.cookie_from_string(cookie))
+        self.assertIn('Thu, 29 Jan 2015 13:51:41 -0000',
+                      utils.cookie_from_string(cookie)['expires'])
+
+        self.assertIn('httponly', utils.cookie_from_string(cookie))
+        self.assertTrue(utils.cookie_from_string(cookie)['httponly'])
+
+        self.assertIn('secure', utils.cookie_from_string(cookie))
+        self.assertTrue(utils.cookie_from_string(cookie)['secure'])
+
+        self.assertIn('samesite', utils.cookie_from_string(cookie))
+        self.assertIn('lax', utils.cookie_from_string(cookie)['samesite'])
+
+        self.assertIn('max_age', utils.cookie_from_string(cookie))
+        self.assertEqual(None, utils.cookie_from_string(cookie)['max_age'])
 
         self.assertIn('value', utils.cookie_from_string(cookie))
         self.assertIn('1266bb13c139cfba3ed1c9c68110bae9',