Merge pull request #11 from daghan/master

mikeckennedy · web-flow · commit b586375382c9 · 2020-01-07T16:41:01.000-08:00
improving cookie security
diff --git a/app/ch12-forms/final/pypi_org/infrastructure/cookie_auth.py b/app/ch12-forms/final/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch13-validation/final/pypi_org/infrastructure/cookie_auth.py b/app/ch13-validation/final/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch13-validation/starter/pypi_org/infrastructure/cookie_auth.py b/app/ch13-validation/starter/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch14_testing/final/pypi_org/infrastructure/cookie_auth.py b/app/ch14_testing/final/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=True, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch14_testing/starter/pypi_org/infrastructure/cookie_auth.py b/app/ch14_testing/starter/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch15_deploy/final/pypi_org/infrastructure/cookie_auth.py b/app/ch15_deploy/final/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch15_deploy/starter/pypi_org/infrastructure/cookie_auth.py b/app/ch15_deploy/starter/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch16_mongodb/final/pypi_org/infrastructure/cookie_auth.py b/app/ch16_mongodb/final/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
diff --git a/app/ch16_mongodb/starter/pypi_org/infrastructure/cookie_auth.py b/app/ch16_mongodb/starter/pypi_org/infrastructure/cookie_auth.py
@@ -13,7 +13,7 @@
 def set_auth(response: Response, user_id: int):
     hash_val = __hash_text(str(user_id))
     val = "{}:{}".format(user_id, hash_val)
-    response.set_cookie(auth_cookie_name, val)
+    response.set_cookie(auth_cookie_name, val, secure=False, httponly=True, samesite='Lax')
 
 
 def __hash_text(text: str) -> str:
@@ -22,7 +22,7 @@ def __hash_text(text: str) -> str:
 
 
 def __add_cookie_callback(_, response: Response, name: str, value: str):
-    response.set_cookie(name, value, max_age=timedelta(days=30))
+    response.set_cookie(name, value, max_age=timedelta(days=30), secure=False, httponly=True, samesite='Lax')
 
 
 def get_user_id_via_auth_cookie(request: Request) -> Optional[int]:
