2019-12-02 17:43:16 +01:00
|
|
|
"""
|
|
|
|
|
Persistent, JSON-serialized sessions.
|
2012-08-18 23:03:31 +02:00
|
|
|
|
|
|
|
|
"""
|
2012-08-17 23:23:02 +02:00
|
|
|
import os
|
2019-09-03 17:14:39 +02:00
|
|
|
import re
|
2020-06-18 23:17:33 +02:00
|
|
|
|
|
|
|
|
from http.cookies import SimpleCookie
|
2022-02-01 10:14:24 +01:00
|
|
|
from http.cookiejar import Cookie
|
2019-08-30 11:32:14 +02:00
|
|
|
from pathlib import Path
|
2022-02-01 10:14:24 +01:00
|
|
|
from typing import Any, Dict, Optional, Union
|
2012-08-18 23:03:31 +02:00
|
|
|
|
2019-08-30 11:32:14 +02:00
|
|
|
from requests.auth import AuthBase
|
2022-02-01 10:14:24 +01:00
|
|
|
from requests.cookies import RequestsCookieJar, remove_cookie_by_name
|
2012-08-17 23:23:02 +02:00
|
|
|
|
2022-02-01 10:14:24 +01:00
|
|
|
from .context import Environment
|
2021-11-25 00:41:37 +01:00
|
|
|
from .cli.dicts import HTTPHeadersDict
|
2021-05-05 14:13:39 +02:00
|
|
|
from .config import BaseConfigDict, DEFAULT_CONFIG_DIR
|
2022-02-01 10:14:24 +01:00
|
|
|
from .utils import url_as_host
|
2021-05-05 14:13:39 +02:00
|
|
|
from .plugins.registry import plugin_manager
|
2012-08-17 23:23:02 +02:00
|
|
|
|
|
|
|
|
|
2012-09-17 02:15:00 +02:00
|
|
|
SESSIONS_DIR_NAME = 'sessions'
|
2019-08-30 11:32:14 +02:00
|
|
|
DEFAULT_SESSIONS_DIR = DEFAULT_CONFIG_DIR / SESSIONS_DIR_NAME
|
2013-05-13 14:47:44 +02:00
|
|
|
VALID_SESSION_NAME_PATTERN = re.compile('^[a-zA-Z0-9_.-]+$')
|
2013-05-13 11:54:49 +02:00
|
|
|
# Request headers starting with these prefixes won't be stored in sessions.
|
|
|
|
|
# They are specific to each request.
|
2019-12-03 19:09:09 +01:00
|
|
|
# <https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Requests>
|
2013-05-13 11:54:49 +02:00
|
|
|
SESSION_IGNORED_HEADER_PREFIXES = ['Content-', 'If-']
|
|
|
|
|
|
2022-02-01 10:14:24 +01:00
|
|
|
# Cookie related options
|
|
|
|
|
KEPT_COOKIE_OPTIONS = ['name', 'expires', 'path', 'value', 'domain', 'secure']
|
|
|
|
|
DEFAULT_COOKIE_PATH = '/'
|
|
|
|
|
|
|
|
|
|
INSECURE_COOKIE_JAR_WARNING = '''\
|
|
|
|
|
Outdated layout detected for the current session. Please consider updating it,
|
|
|
|
|
in order to not get affected by potential security problems.
|
|
|
|
|
|
|
|
|
|
For fixing the current session:
|
|
|
|
|
|
|
|
|
|
With binding all cookies to the current host (secure):
|
|
|
|
|
$ httpie cli sessions upgrade --bind-cookies {hostname} {session_id}
|
|
|
|
|
|
|
|
|
|
Without binding cookies (leaving them as is) (insecure):
|
|
|
|
|
$ httpie cli sessions upgrade {hostname} {session_id}
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
INSECURE_COOKIE_JAR_WARNING_FOR_NAMED_SESSIONS = '''\
|
|
|
|
|
|
|
|
|
|
For fixing all named sessions:
|
|
|
|
|
|
|
|
|
|
With binding all cookies to the current host (secure):
|
|
|
|
|
$ httpie cli sessions upgrade-all --bind-cookies
|
|
|
|
|
|
|
|
|
|
Without binding cookies (leaving them as is) (insecure):
|
|
|
|
|
$ httpie cli sessions upgrade-all
|
|
|
|
|
|
|
|
|
|
See https://pie.co/docs/security for more information.
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def is_anonymous_session(session_name: str) -> bool:
|
|
|
|
|
return os.path.sep in session_name
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def materialize_cookie(cookie: Cookie) -> Dict[str, Any]:
|
|
|
|
|
materialized_cookie = {
|
|
|
|
|
option: getattr(cookie, option)
|
|
|
|
|
for option in KEPT_COOKIE_OPTIONS
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
cookie._rest.get('is_explicit_none')
|
|
|
|
|
and materialized_cookie['domain'] == ''
|
|
|
|
|
):
|
|
|
|
|
materialized_cookie['domain'] = None
|
|
|
|
|
|
|
|
|
|
return materialized_cookie
|
|
|
|
|
|
2013-05-13 11:54:49 +02:00
|
|
|
|
2019-09-03 17:14:39 +02:00
|
|
|
def get_httpie_session(
|
2022-02-01 10:14:24 +01:00
|
|
|
env: Environment,
|
2019-08-30 11:32:14 +02:00
|
|
|
config_dir: Path,
|
2019-09-03 17:14:39 +02:00
|
|
|
session_name: str,
|
|
|
|
|
host: Optional[str],
|
|
|
|
|
url: str,
|
2022-02-01 10:14:24 +01:00
|
|
|
*,
|
|
|
|
|
refactor_mode: bool = False
|
2019-09-03 17:14:39 +02:00
|
|
|
) -> 'Session':
|
2022-02-01 10:14:24 +01:00
|
|
|
bound_hostname = host or url_as_host(url)
|
|
|
|
|
if not bound_hostname:
|
|
|
|
|
# HACK/FIXME: httpie-unixsocket's URLs have no hostname.
|
|
|
|
|
bound_hostname = 'localhost'
|
|
|
|
|
|
|
|
|
|
# host:port => host_port
|
|
|
|
|
hostname = bound_hostname.replace(':', '_')
|
|
|
|
|
if is_anonymous_session(session_name):
|
2013-05-13 14:47:44 +02:00
|
|
|
path = os.path.expanduser(session_name)
|
2022-02-01 10:14:24 +01:00
|
|
|
session_id = path
|
2013-05-13 14:47:44 +02:00
|
|
|
else:
|
2019-08-30 11:32:14 +02:00
|
|
|
path = (
|
2019-09-03 17:14:39 +02:00
|
|
|
config_dir / SESSIONS_DIR_NAME / hostname / f'{session_name}.json'
|
2019-08-30 11:32:14 +02:00
|
|
|
)
|
2022-02-01 10:14:24 +01:00
|
|
|
session_id = session_name
|
|
|
|
|
|
|
|
|
|
session = Session(
|
|
|
|
|
path,
|
|
|
|
|
env=env,
|
|
|
|
|
session_id=session_id,
|
|
|
|
|
bound_host=bound_hostname.split(':')[0],
|
|
|
|
|
refactor_mode=refactor_mode
|
|
|
|
|
)
|
2012-08-19 04:58:14 +02:00
|
|
|
session.load()
|
2019-09-03 17:14:39 +02:00
|
|
|
return session
|
2012-08-17 23:23:02 +02:00
|
|
|
|
|
|
|
|
|
2012-09-17 00:37:36 +02:00
|
|
|
class Session(BaseConfigDict):
|
2021-09-28 12:53:53 +02:00
|
|
|
helpurl = 'https://httpie.io/docs#sessions'
|
2012-12-01 18:16:00 +01:00
|
|
|
about = 'HTTPie session file'
|
|
|
|
|
|
2022-02-01 10:14:24 +01:00
|
|
|
def __init__(
|
|
|
|
|
self,
|
|
|
|
|
path: Union[str, Path],
|
|
|
|
|
env: Environment,
|
|
|
|
|
bound_host: str,
|
|
|
|
|
session_id: str,
|
|
|
|
|
refactor_mode: bool = False,
|
|
|
|
|
):
|
2019-12-02 17:43:16 +01:00
|
|
|
super().__init__(path=Path(path))
|
2012-08-19 04:58:14 +02:00
|
|
|
self['headers'] = {}
|
2022-02-01 10:14:24 +01:00
|
|
|
self['cookies'] = []
|
2012-12-01 18:16:00 +01:00
|
|
|
self['auth'] = {
|
|
|
|
|
'type': None,
|
2012-12-11 12:54:34 +01:00
|
|
|
'username': None,
|
|
|
|
|
'password': None
|
2012-12-01 18:16:00 +01:00
|
|
|
}
|
2022-02-01 10:14:24 +01:00
|
|
|
self.env = env
|
|
|
|
|
self.cookie_jar = RequestsCookieJar()
|
|
|
|
|
self.session_id = session_id
|
|
|
|
|
self.bound_host = bound_host
|
|
|
|
|
self.refactor_mode = refactor_mode
|
|
|
|
|
|
|
|
|
|
def pre_process_data(self, data: Dict[str, Any]) -> Dict[str, Any]:
|
|
|
|
|
cookies = data.get('cookies')
|
|
|
|
|
if isinstance(cookies, dict):
|
|
|
|
|
normalized_cookies = [
|
|
|
|
|
{
|
|
|
|
|
'name': key,
|
|
|
|
|
**value
|
|
|
|
|
}
|
|
|
|
|
for key, value in cookies.items()
|
|
|
|
|
]
|
|
|
|
|
elif isinstance(cookies, list):
|
|
|
|
|
normalized_cookies = cookies
|
|
|
|
|
else:
|
|
|
|
|
normalized_cookies = []
|
|
|
|
|
|
|
|
|
|
should_issue_warning = False
|
|
|
|
|
for cookie in normalized_cookies:
|
|
|
|
|
domain = cookie.get('domain', '')
|
|
|
|
|
if domain == '' and isinstance(cookies, dict):
|
|
|
|
|
should_issue_warning = True
|
|
|
|
|
elif domain is None:
|
|
|
|
|
# domain = None means explicitly lack of cookie, though
|
|
|
|
|
# requests requires domain to be string so we'll cast it
|
|
|
|
|
# manually.
|
|
|
|
|
cookie['domain'] = ''
|
|
|
|
|
cookie['rest'] = {'is_explicit_none': True}
|
|
|
|
|
|
|
|
|
|
self.cookie_jar.set(**cookie)
|
|
|
|
|
|
|
|
|
|
if should_issue_warning and not self.refactor_mode:
|
|
|
|
|
warning = INSECURE_COOKIE_JAR_WARNING.format(hostname=self.bound_host, session_id=self.session_id)
|
|
|
|
|
if not is_anonymous_session(self.session_id):
|
|
|
|
|
warning += INSECURE_COOKIE_JAR_WARNING_FOR_NAMED_SESSIONS
|
|
|
|
|
|
|
|
|
|
self.env.log_error(
|
|
|
|
|
warning,
|
|
|
|
|
level='warning'
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
def post_process_data(self, data: Dict[str, Any]) -> Dict[str, Any]:
|
|
|
|
|
cookies = data.get('cookies')
|
|
|
|
|
# Save in the old-style fashion
|
|
|
|
|
|
|
|
|
|
normalized_cookies = [
|
|
|
|
|
materialize_cookie(cookie)
|
|
|
|
|
for cookie in self.cookie_jar
|
|
|
|
|
]
|
|
|
|
|
if isinstance(cookies, dict):
|
|
|
|
|
data['cookies'] = {
|
|
|
|
|
cookie.pop('name'): cookie
|
|
|
|
|
for cookie in normalized_cookies
|
|
|
|
|
}
|
|
|
|
|
else:
|
|
|
|
|
data['cookies'] = normalized_cookies
|
|
|
|
|
|
|
|
|
|
return data
|
2012-08-17 23:23:02 +02:00
|
|
|
|
2021-11-25 00:41:37 +01:00
|
|
|
def update_headers(self, request_headers: HTTPHeadersDict):
|
2013-05-13 11:54:49 +02:00
|
|
|
"""
|
|
|
|
|
Update the session headers with the request ones while ignoring
|
|
|
|
|
certain name prefixes.
|
|
|
|
|
|
|
|
|
|
"""
|
2019-09-01 21:15:39 +02:00
|
|
|
headers = self.headers
|
2021-08-16 14:50:46 +02:00
|
|
|
for name, value in request_headers.copy().items():
|
2016-02-28 12:14:10 +01:00
|
|
|
if value is None:
|
2019-08-30 11:32:14 +02:00
|
|
|
continue # Ignore explicitly unset headers
|
2016-02-28 12:14:10 +01:00
|
|
|
|
2022-02-01 10:14:24 +01:00
|
|
|
original_value = value
|
2021-01-13 21:45:56 +01:00
|
|
|
if type(value) is not str:
|
2021-08-05 20:58:43 +02:00
|
|
|
value = value.decode()
|
2021-01-13 21:45:56 +01:00
|
|
|
|
2020-06-18 23:17:33 +02:00
|
|
|
if name.lower() == 'user-agent' and value.startswith('HTTPie/'):
|
|
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
if name.lower() == 'cookie':
|
|
|
|
|
for cookie_name, morsel in SimpleCookie(value).items():
|
2022-02-01 10:14:24 +01:00
|
|
|
if not morsel['path']:
|
|
|
|
|
morsel['path'] = DEFAULT_COOKIE_PATH
|
|
|
|
|
self.cookie_jar.set(cookie_name, morsel)
|
|
|
|
|
|
|
|
|
|
all_cookie_headers = request_headers.getall(name)
|
|
|
|
|
if len(all_cookie_headers) > 1:
|
|
|
|
|
all_cookie_headers.remove(original_value)
|
|
|
|
|
else:
|
|
|
|
|
request_headers.popall(name)
|
2013-05-13 11:54:49 +02:00
|
|
|
continue
|
|
|
|
|
|
|
|
|
|
for prefix in SESSION_IGNORED_HEADER_PREFIXES:
|
|
|
|
|
if name.lower().startswith(prefix.lower()):
|
|
|
|
|
break
|
|
|
|
|
else:
|
2019-09-01 21:15:39 +02:00
|
|
|
headers[name] = value
|
|
|
|
|
|
|
|
|
|
self['headers'] = dict(headers)
|
2013-05-13 11:54:49 +02:00
|
|
|
|
|
|
|
|
@property
|
2021-11-25 00:41:37 +01:00
|
|
|
def headers(self) -> HTTPHeadersDict:
|
|
|
|
|
return HTTPHeadersDict(self['headers'])
|
2013-05-13 11:54:49 +02:00
|
|
|
|
2012-08-18 23:03:31 +02:00
|
|
|
@property
|
2019-08-30 11:32:14 +02:00
|
|
|
def cookies(self) -> RequestsCookieJar:
|
2022-02-01 10:14:24 +01:00
|
|
|
self.cookie_jar.clear_expired_cookies()
|
|
|
|
|
return self.cookie_jar
|
2012-08-17 23:23:02 +02:00
|
|
|
|
2012-08-18 23:03:31 +02:00
|
|
|
@cookies.setter
|
2019-08-30 11:32:14 +02:00
|
|
|
def cookies(self, jar: RequestsCookieJar):
|
2022-02-01 10:14:24 +01:00
|
|
|
self.cookie_jar = jar
|
|
|
|
|
|
|
|
|
|
def remove_cookies(self, cookies: Dict[str, str]):
|
|
|
|
|
for cookie in cookies:
|
|
|
|
|
remove_cookie_by_name(
|
|
|
|
|
self.cookie_jar,
|
|
|
|
|
cookie['name'],
|
|
|
|
|
domain=cookie.get('domain', None),
|
|
|
|
|
path=cookie.get('path', None)
|
|
|
|
|
)
|
2012-08-17 23:23:02 +02:00
|
|
|
|
2012-08-18 23:03:31 +02:00
|
|
|
@property
|
2019-08-30 11:32:14 +02:00
|
|
|
def auth(self) -> Optional[AuthBase]:
|
2012-08-18 23:03:31 +02:00
|
|
|
auth = self.get('auth', None)
|
2012-12-01 18:16:00 +01:00
|
|
|
if not auth or not auth['type']:
|
2012-12-11 12:54:34 +01:00
|
|
|
return
|
2016-11-23 22:01:58 +01:00
|
|
|
|
|
|
|
|
plugin = plugin_manager.get_auth_plugin(auth['type'])()
|
|
|
|
|
|
|
|
|
|
credentials = {'username': None, 'password': None}
|
|
|
|
|
try:
|
|
|
|
|
# New style
|
|
|
|
|
plugin.raw_auth = auth['raw_auth']
|
|
|
|
|
except KeyError:
|
|
|
|
|
# Old style
|
|
|
|
|
credentials = {
|
|
|
|
|
'username': auth['username'],
|
|
|
|
|
'password': auth['password'],
|
|
|
|
|
}
|
|
|
|
|
else:
|
|
|
|
|
if plugin.auth_parse:
|
2021-05-05 14:13:39 +02:00
|
|
|
from .cli.argtypes import parse_auth
|
2016-11-23 22:01:58 +01:00
|
|
|
parsed = parse_auth(plugin.raw_auth)
|
|
|
|
|
credentials = {
|
|
|
|
|
'username': parsed.key,
|
|
|
|
|
'password': parsed.value,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return plugin.get_auth(**credentials)
|
2012-08-17 23:23:02 +02:00
|
|
|
|
2012-08-18 23:03:31 +02:00
|
|
|
@auth.setter
|
2019-08-30 11:32:14 +02:00
|
|
|
def auth(self, auth: dict):
|
2019-08-30 09:56:50 +02:00
|
|
|
assert {'type', 'raw_auth'} == auth.keys()
|
2013-09-21 23:46:15 +02:00
|
|
|
self['auth'] = auth
|
