connexion
connexion copied to clipboard
spec-first
Cookie parsing failed.
Description
There is a bug in python3, SimpleCookie parser does not work correctly... When at lease one cookie value is a json string, all cookies are lost...
Please read this bug to understand the issue in python itself : https://bugs.python.org/issue41695
Could we change the parser connexion is using to do this ?
Affected code in master (in connexion/security/security_handler_factory.py):
@staticmethod
def get_cookie_value(cookies, name):
'''
Called inside security wrapper functions
Returns cookie value by its name. None if no such value.
:param cookies: str: cookies raw data
:param name: str: cookies key
'''
cookie_parser = http.cookies.SimpleCookie()
cookie_parser.load(str(cookies))
try:
return cookie_parser[name].value
except KeyError:
return None
Expected behaviour
Being able to use my cookie value for authentication.
Actual behaviour
When one value is json, all cookies are lost...
Steps to reproduce
>>> from http import cookies
>>> cookie_parser = cookies.SimpleCookie()
>>> cookie_parser.load('CookieScriptConsent={"action":"accept"}; __stripe_mid=plip; __stripe_sid=plop; _ga=tada; _gcl_au=pouet; _hjid=hello; authn_token=mylogin; rememberMe=true')
>>> cookie_parser.keys()
dict_keys([])
>>> cookie_parser = cookies.SimpleCookie()
>>> cookie_parser.load('__stripe_mid=plip; __stripe_sid=plop; _ga=tada; _gcl_au=pouet; _hjid=hello; authn_token=mylogin; rememberMe=true')
>>> cookie_parser.keys()
dict_keys(['__stripe_mid', '__stripe_sid', '_ga', '_gcl_au', '_hjid', 'authn_token', 'rememberMe'])
Additional info:
Output of the commands:
python 3.8.5, do not know for any other versions. We are using connexion 2.6.0 but the code of get_cookie_value did not change.
Please find what Django's dev team have done about this problem :
https://code.djangoproject.com/ticket/26158 The fix (workaround) : https://github.com/django/django/commit/93a135d111c2569d88d65a3f4ad9e6d9ad291452
I think we could do the exact same thing.