Fix login/logout errors caused by unicode cookie names

4632a07c · Will Daly · 0b42c772 · 4632a07c · 4632a07c
Commit 4632a07c authored Jun 29, 2015 by Will Daly
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 3 deletions

common/djangoapps/student/cookies.py
+12 -3

common/djangoapps/student/tests/test_login.py
+15 -0

No files found.
--- a/common/djangoapps/student/cookies.py
+++ b/common/djangoapps/student/cookies.py
@@ -65,7 +65,12 @@ def set_logged_in_cookies(request, response, user):
    # is logged in.  This is just a boolean value, so it's not very useful.
    # In the future, we should be able to replace this with the "user info"
    # cookie set below.
-    response.set_cookie(settings.EDXMKTG_LOGGED_IN_COOKIE_NAME, 'true', secure=None, **cookie_settings)
+    response.set_cookie(
+        settings.EDXMKTG_LOGGED_IN_COOKIE_NAME.encode('utf-8'),
+        'true',
+        secure=None,
+        **cookie_settings
+    )

    # Set a cookie with user info.  This can be used by external sites
    # to customize content based on user information.  Currently,
@@ -107,7 +112,7 @@ def set_logged_in_cookies(request, response, user):
    user_info_cookie_is_secure = request.is_secure()

    response.set_cookie(
-        settings.EDXMKTG_USER_INFO_COOKIE_NAME,
+        settings.EDXMKTG_USER_INFO_COOKIE_NAME.encode('utf-8'),
        json.dumps(user_info),
        secure=user_info_cookie_is_secure,
        **cookie_settings
@@ -128,7 +133,11 @@ def delete_logged_in_cookies(response):

    """
    for cookie_name in [settings.EDXMKTG_LOGGED_IN_COOKIE_NAME, settings.EDXMKTG_USER_INFO_COOKIE_NAME]:
-        response.delete_cookie(cookie_name, path='/', domain=settings.SESSION_COOKIE_DOMAIN)
+        response.delete_cookie(
+            cookie_name.encode('utf-8'),
+            path='/',
+            domain=settings.SESSION_COOKIE_DOMAIN
+        )

    return response


--- a/common/djangoapps/student/tests/test_login.py
+++ b/common/djangoapps/student/tests/test_login.py
@@ -6,6 +6,7 @@ import unittest

 from django.test import TestCase
 from django.test.client import Client
+from django.test.utils import override_settings
 from django.conf import settings
 from django.core.cache import cache
 from django.core.urlresolvers import reverse, NoReverseMatch
@@ -195,6 +196,20 @@ class LoginTest(TestCase):
            cookie = self.client.cookies[cookie_name]
            self.assertIn("01-Jan-1970", cookie.get('expires'))

+    @override_settings(
+        EDXMKTG_LOGGED_IN_COOKIE_NAME=u"unicode-logged-in",
+        EDXMKTG_USER_INFO_COOKIE_NAME=u"unicode-user-info",
+    )
+    def test_unicode_mktg_cookie_names(self):
+        # When logged in cookie names are loaded from JSON files, they may
+        # have type `unicode` instead of `str`, which can cause errors
+        # when calling Django cookie manipulation functions.
+        response, _ = self._login_response('test@edx.org', 'test_password')
+        self._assert_response(response, success=True)
+
+        response = self.client.post(reverse('logout'))
+        self.assertRedirects(response, "/")
+
    @patch.dict("django.conf.settings.FEATURES", {'SQUELCH_PII_IN_LOGS': True})
    def test_logout_logging_no_pii(self):
        response, _ = self._login_response('test@edx.org', 'test_password')