From 612e1cbbf4f50b180eb4998cd69f8ecaa1a445c2 Mon Sep 17 00:00:00 2001 From: Kieren Eaton <499977+circulon@users.noreply.github.com> Date: Mon, 12 Aug 2024 19:12:30 +0800 Subject: [PATCH 1/2] Added opt-out for cookie encryption --- src/masonite/cookies/Cookie.py | 2 ++ src/masonite/middleware/route/EncryptCookies.py | 6 ++++++ tests/core/middleware/test_encrypt_cookies.py | 13 +++++++++++++ 3 files changed, 21 insertions(+) diff --git a/src/masonite/cookies/Cookie.py b/src/masonite/cookies/Cookie.py index 4ba03b611..4290558cd 100644 --- a/src/masonite/cookies/Cookie.py +++ b/src/masonite/cookies/Cookie.py @@ -9,6 +9,7 @@ def __init__( timezone=None, secure=False, samesite="Strict", + encrypt=True, ): self.name = name self.value = value @@ -18,6 +19,7 @@ def __init__( self.timezone = timezone self.samesite = samesite self.path = path + self.encrypt = encrypt def render(self): response = f"{self.name}={self.value};" diff --git a/src/masonite/middleware/route/EncryptCookies.py b/src/masonite/middleware/route/EncryptCookies.py index 6995d31e7..8234e50eb 100644 --- a/src/masonite/middleware/route/EncryptCookies.py +++ b/src/masonite/middleware/route/EncryptCookies.py @@ -4,6 +4,9 @@ class EncryptCookies: def before(self, request, response): for _, cookie in request.cookie_jar.all().items(): + if not cookie.encrypt: + continue + try: cookie.value = request.app.make("sign").unsign(cookie.value) except InvalidToken: @@ -13,6 +16,9 @@ def before(self, request, response): def after(self, request, response): for _, cookie in response.cookie_jar.all().items(): + if not cookie.encrypt: + continue + try: cookie.value = request.app.make("sign").sign(cookie.value) except InvalidToken: diff --git a/tests/core/middleware/test_encrypt_cookies.py b/tests/core/middleware/test_encrypt_cookies.py index 2f9014e4b..5ceb2c817 100644 --- a/tests/core/middleware/test_encrypt_cookies.py +++ b/tests/core/middleware/test_encrypt_cookies.py @@ -15,3 +15,16 @@ def test_encrypts_cookies(self): response.cookie("test", "value") EncryptCookies().after(request, response) self.assertNotEqual(response.cookie("test"), "value") + +def test_encrypt_cookies_opt_out(self): + request = self.make_request( + {"HTTP_COOKIE": f"test_key=test value"} + ) + + response = self.make_response() + EncryptCookies().before(request, None) + self.assertEqual(request.cookie("test_key", encrypt=False), "test value") + + response.cookie("test", "value") + EncryptCookies().after(request, response) + self.assertNotEqual(response.cookie("test_key", encrypt=False), "test value") From 3ad49731466ddd85338362fb783ddf8b97e22994 Mon Sep 17 00:00:00 2001 From: Kieren Eaton <499977+circulon@users.noreply.github.com> Date: Mon, 12 Aug 2024 19:19:48 +0800 Subject: [PATCH 2/2] Fixed test not in class --- tests/core/middleware/test_encrypt_cookies.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/core/middleware/test_encrypt_cookies.py b/tests/core/middleware/test_encrypt_cookies.py index 5ceb2c817..909ac14d0 100644 --- a/tests/core/middleware/test_encrypt_cookies.py +++ b/tests/core/middleware/test_encrypt_cookies.py @@ -16,7 +16,7 @@ def test_encrypts_cookies(self): EncryptCookies().after(request, response) self.assertNotEqual(response.cookie("test"), "value") -def test_encrypt_cookies_opt_out(self): + def test_encrypt_cookies_opt_out(self): request = self.make_request( {"HTTP_COOKIE": f"test_key=test value"} )