I have a view that sets a cookie using response.set_cookie method. I would like to test if the cookie is being set in a TestCase.
According to docs, the cookie should be accessible in the client object, but client.cookies.items returns an empty list. The cookie is being correctly set in the browser.
Any ideas?
EDIT: adding test case
>>> response = self.client.get(url)
>>> self.client.cookies.items()
[]
The last statement returns an empty list.
You need to use the response's client instance:
response = self.client.get(url)
response.client.cookies.items()
Related
I'm trying to test out Anti Forgery tokens with API calls using VS2019 (C#) and RestSharp. What i'm doing is doing a GET to our login page to get 4 tokens/ cookies, then attaching these to a POST, with the Username and password, to try to log on. The first call succeeds and gives me a HTTP 200 and 4 cookies/ tokens back (ASP.NET_SessionId, XSRF-TOKEN, XSRF-COOKIE and a __RequestVerificationToken - all get attached as cookies (in the cookiecontainer) to the POST API call), the 2nd call however, fails with an HTTP 500 with this message: "Validation of the provided anti-forgery token failed. The cookie "__RequestVerificationToken" and the form field "__RequestVerificationToken" were swapped.". I'm including this token twice in my POST call - once as a cookie and once as part of the request body. Here is my code - can anyone shed any light on how to fix this error?
Thanks,
Jamie.
public void LogIn(string userName, string password)
{
// 1st call to get the cookies and tokens.
CommonProperties.Client = new RestClient { CookieContainer = new CookieContainer() };
CommonProperties.Client.BaseUrl = new Uri($"https://localhost:50000/Account/Login");
var request = new RestRequest(Method.GET);
request.AddParameter("ReturnUrl", "%2F", ParameterType.QueryString);
CommonProperties.Response = CommonProperties.Client.Execute(request);
CommonProperties.Client.BaseUrl = new Uri($"https://localhost:50000/Account/Login");
var requestToken = CommonProperties.Response.Cookies.Single(c => c.Name ==
"__RequestVerificationToken");
// 2nd call to log in.
request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Accept-Encoding", "gzip, deflate, br");
request.AddHeader("Accept", "*/*");
request.AddHeader("Referer", $"https://localhost:50000/Account/Login");
request.AddParameter("undefined", $"__RequestVerificationToken=
{requestToken.Value}&UserName=userName&Password=password_321", ParameterType.RequestBody);
CommonProperties.Response = CommonProperties.Client.Execute(request);
}
I just solved this issue myself, so hopefully this answer helps anyone else who comes looking.
When you originally load the page with the GET it will return the cookie with the name of __RequestVerificationToken PLUS a form field with the same name. That form field will have a different value to the cookie's value, and in your POST you must set the body field for __RequestVerificationToken to have that form field's value, and the value of the cookie with the same name must match the cookie from the GET response.
If you have the same value for both the form field and the cookie, you get that rather misleading error that suggests the values are "swapped". They are not actually swapped, they're just matching, which is incorrect.
I have the following function which makes a get request to a url.
def fetch_data(session = None):
s = session or requests.Session()
url = 'http://www.moldelectrica.md/utils/load4.php'
response = s.get(url)
print response.status_code
data = response.text
return data
I expect to get a string back in the form.
169,26,0,19,36,151,9,647,26,15,0,0,0,0,0,150,7,27,-11,-27,-101,-19,-32,-78,-58,0,962,866,96,0,50.02
But instead I get an empty unicode string. The status code returned is 200.
I've looked at the request headers but nothing in them suggests that any headers will require being set manually. Cookies are used but I think the session object should handle that.
Figured it out. As I said this url provides data for a display so it wouldn't normally be visited directly. Usually it would be requested by the display page and that page would provide a cookie.
So the solution is to make a request to the display url then reuse the session and make another request to the data url.
I'm writing a web crawler in aiohttp and experiencing a problem with cookies. Server I'm trying to crawl requires authentication and in order to fetch pages available to authenticated users I need to set a cookie with brackets in the key itself. This is a problem as aiohttp.ClientSession.cookie_jar.update_cookies either ignores any illegal cookies:
session = ClientSession()
cookie = SimpleCookie("a[b]=1234;")
session.cookie_jar.update_cookies(cookie)
print([f for f in session.cookie_jar]) # empty list, cookie not set
or raises a CookieError:
session = ClientSession()
cookie = SimpleCookie()
cookie["a[b]"] = "1234" # http.cookies.CookieError: Illegal key 'a[b]'
session.cookie_jar.update_cookies(cookie)
print([f for f in session.cookie_jar])
session = ClientSession()
session.cookie_jar.update_cookies([("a[b]", "1234")]) # http.cookies.CookieError: Illegal key 'a[b]'
print([f for f in session.cookie_jar])
It is possible to force setting the cookie by accessing http.cookies.Morsel's protected member _key, i.e.
session = ClientSession()
session.cookie_jar.update_cookies([("__tmp", "1234")])
for cookie in session.cookie_jar:
if cookie.key == "__tmp":
cookie._key = "a[b]"
print([f for f in session.cookie_jar]) # invalid cookie is set correctly
but this only pushes the problem one step back, as any session request e.g. session.get(url)starts raising http.cookies.CookieError.
I cannot get around sending this cookie. Am I stuck using non async libraries like requests or is there a way to ignore this issue?
I found a workaround, and while I dislike using it, it was preferred solution over rewriting entire aiohttp:
import sys
if "http" in sys.modules:
raise ImportError("Crawler must be imported before http module")
import http.cookies
http.cookies._is_legal_key = lambda _: True
aiohttp.CookieJar is modeled to follow corresponding RFC specifications. Why it should process illegal cookie names?
My code:
if not 'last_user_visit' in request.COOKIES:
response.set_cookie('last_user_visit', now)
last_visit = request.COOKIES.get('last_user_visit')
print last_visit
Why last_visit is None in my case?
Because you're setting it on the response, and reading it back from the request. The version in request won't be updated until the response has been sent to the client and the next request has been received.
You have to send response first like Daniel have suggested, you are setting cookie on response and then you have to return it. So that from that time, whenever a request will come it will be holding that cookie and you can access it. you can create function like this:
def cookie_setter(request):
'''Do your function task and create response object
'''
if not 'last_user_visit' in request.COOKIES:
response.set_cookie('last_user_visit', now)
return response
So the only thing I can find is how to set a session during testing. What I want is to check if view set session to a particular value.
This is how I imagine this should be like:
c = Client()
response = c.post('/whatever/')
self.assertEqual('wanted value', response.session['my_value'])
So cookie is available, but not session. This cannot be this hard.
The Client has a session attribute, as shown in the documentation.