chore(tests): add e2e tests for the new cookies

Author: rubenfonseca

aws_lambda_powertools/shared/cookies.py

@@ -5,6 +5,15 @@
 
 
 class SameSite(Enum):
+    """
+    SameSite allows a server to define a cookie attribute making it impossible for
+    the browser to send this cookie along with cross-site requests. The main
+    goal is to mitigate the risk of cross-origin information leakage, and provide
+    some protection against cross-site request forgery attacks.
+
+    See https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 for details.
+    """
+
     DEFAULT_MODE = ""
     LAX_MODE = "Lax"
     STRICT_MODE = "Strict"
@@ -16,26 +25,58 @@ def _format_date(timestamp: datetime) -> str:
 
 
 class Cookie:
+    """
+    A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
+    HTTP response or the Cookie header of an HTTP request.
+
+    See https://tools.ietf.org/html/rfc6265 for details.
+    """
+
     def __init__(
         self,
         name: str,
         value: str,
-        path: Optional[str] = None,
-        domain: Optional[str] = None,
+        path: str = "",
+        domain: str = "",
+        secure: bool = True,
+        http_only: bool = False,
         expires: Optional[datetime] = None,
         max_age: Optional[int] = None,
-        secure: Optional[bool] = None,
-        http_only: Optional[bool] = None,
         same_site: Optional[SameSite] = None,
         custom_attributes: Optional[List[str]] = None,
     ):
+        """
+
+        Parameters
+        ----------
+        name: str
+            The name of this cookie, for example session_id
+        value: str
+            The cookie value, for instance an uuid
+        path: str
+            The path for which this cookie is valid. Optional
+        domain: str
+            The domain for which this cookie is valid. Optional
+        secure: bool
+            Marks the cookie as secure, only sendable to the server with an encrypted request over the HTTPS protocol
+        http_only: bool
+            Enabling this attribute makes the cookie inaccessible to the JavaScript `Document.cookie` API
+        expires: Optional[datetime]
+            Defines a date where the permanent cookie expires.
+        max_age: Optional[int]
+            Defines the period of time after which the cookie is invalid. Use negative values to force cookie deletion.
+        same_site: Optional[SameSite]
+            Determines if the cookie should be sent to third party websites
+        custom_attributes: Optional[List[str]]
+            List of additional custom attributes to set on the cookie
+        """
         self.name = name
         self.value = value
         self.path = path
         self.domain = domain
+        self.secure = secure
         self.expires = expires
         self.max_age = max_age
-        self.secure = secure
         self.http_only = http_only
         self.same_site = same_site
         self.custom_attributes = custom_attributes
@@ -44,10 +85,10 @@ def __str__(self) -> str:
         payload = StringIO()
         payload.write(f"{self.name}={self.value}")
 
-        if self.path and len(self.path) > 0:
+        if self.path:
             payload.write(f"; Path={self.path}")
 
-        if self.domain and len(self.domain) > 0:
+        if self.domain:
             payload.write(f"; Domain={self.domain}")
 
         if self.expires:
@@ -56,7 +97,8 @@ def __str__(self) -> str:
         if self.max_age:
             if self.max_age > 0:
                 payload.write(f"; MaxAge={self.max_age}")
-            if self.max_age < 0:
+            else:
+                # negative or zero max-age should be set to 0
                 payload.write("; MaxAge=0")
 
         if self.http_only:

tests/e2e/event_handler/handlers/alb_handler.py

@@ -1,20 +1,24 @@
-from typing import Dict
-
 from aws_lambda_powertools.event_handler import ALBResolver, Response, content_types
 
 app = ALBResolver()
 
 
 @app.post("/todos")
 def hello():
-    payload: Dict = app.current_event.json_body
+    payload = app.current_event.json_body
+
+    body = payload.get("body", "Hello World")
+    status_code = payload.get("status_code", 200)
+    headers = payload.get("headers", {})
+    cookies = payload.get("cookies", [])
+    content_type = headers.get("Content-Type", content_types.TEXT_PLAIN)
 
     return Response(
-        status_code=200,
-        content_type=content_types.TEXT_PLAIN,
-        body="Hello world",
-        cookies=payload["cookies"],
-        headers=payload["headers"],
+        status_code=status_code,
+        content_type=content_type,
+        body=body,
+        cookies=cookies,
+        headers=headers,
     )
 
 

tests/e2e/event_handler/handlers/api_gateway_http_handler.py

@@ -3,14 +3,22 @@
 app = APIGatewayHttpResolver()
 
 
-@app.get("/todos")
+@app.post("/todos")
 def hello():
+    payload = app.current_event.json_body
+
+    body = payload.get("body", "Hello World")
+    status_code = payload.get("status_code", 200)
+    headers = payload.get("headers", {})
+    cookies = payload.get("cookies", [])
+    content_type = headers.get("Content-Type", content_types.TEXT_PLAIN)
+
     return Response(
-        status_code=200,
-        content_type=content_types.TEXT_PLAIN,
-        body="Hello world",
-        cookies=["CookieMonster", "MonsterCookie"],
-        headers={"Foo": ["bar", "zbr"]},
+        status_code=status_code,
+        content_type=content_type,
+        body=body,
+        cookies=cookies,
+        headers=headers,
     )
 
 

tests/e2e/event_handler/handlers/api_gateway_rest_handler.py

@@ -3,14 +3,22 @@
 app = APIGatewayRestResolver()
 
 
-@app.get("/todos")
+@app.post("/todos")
 def hello():
+    payload = app.current_event.json_body
+
+    body = payload.get("body", "Hello World")
+    status_code = payload.get("status_code", 200)
+    headers = payload.get("headers", {})
+    cookies = payload.get("cookies", [])
+    content_type = headers.get("Content-Type", content_types.TEXT_PLAIN)
+
     return Response(
-        status_code=200,
-        content_type=content_types.TEXT_PLAIN,
-        body="Hello world",
-        cookies=["CookieMonster", "MonsterCookie"],
-        headers={"Foo": ["bar", "zbr"]},
+        status_code=status_code,
+        content_type=content_type,
+        body=body,
+        cookies=cookies,
+        headers=headers,
     )
 
 

tests/e2e/event_handler/handlers/lambda_function_url_handler.py

@@ -11,10 +11,11 @@ def hello():
     status_code = payload.get("status_code", 200)
     headers = payload.get("headers", {})
     cookies = payload.get("cookies", [])
+    content_type = headers.get("Content-Type", content_types.TEXT_PLAIN)
 
     return Response(
         status_code=status_code,
-        content_type=headers.get("Content-Type", content_types.TEXT_PLAIN),
+        content_type=content_type,
         body=body,
         cookies=cookies,
         headers=headers,

tests/e2e/event_handler/infrastructure.py

@@ -61,7 +61,7 @@ def _create_api_gateway_http(self, function: Function):
         apigw = apigwv2.HttpApi(self.stack, "APIGatewayHTTP", create_default_stage=True)
         apigw.add_routes(
             path="/todos",
-            methods=[apigwv2.HttpMethod.GET],
+            methods=[apigwv2.HttpMethod.POST],
             integration=apigwv2integrations.HttpLambdaIntegration("TodosIntegration", function),
         )
 
@@ -71,7 +71,7 @@ def _create_api_gateway_rest(self, function: Function):
         apigw = apigwv1.RestApi(self.stack, "APIGatewayRest", deploy_options=apigwv1.StageOptions(stage_name="dev"))
 
         todos = apigw.root.add_resource("todos")
-        todos.add_method("GET", apigwv1.LambdaIntegration(function, proxy=True))
+        todos.add_method("POST", apigwv1.LambdaIntegration(function, proxy=True))
 
         CfnOutput(self.stack, "APIGatewayRestUrl", value=apigw.url)