{ "info": { "author": "Kyle Lawlor", "author_email": "klawlor419@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6" ], "description": "flask-cookie-decode\n###################\n\n.. image:: https://travis-ci.com/wgwz/flask-cookie-decode.svg?branch=master\n :target: https://travis-ci.com/wgwz/flask-cookie-decode\n\n.. contents::\n\n.. section-numbering::\n\nPurpose\n=======\n\nAdds a ``cookie`` command to the built-in Flask CLI which will provide various\ntools for debugging the secure session cookie that Flask uses by default.\n\nCurrent available commands\n--------------------------\n\n1. `flask cookie decode`: decodes and verifies the signature of the session cookie\n\nBackground\n==========\n\nBy default the Flask session uses a signed cookie to store its data. The Flask\napplication signs the cookie using its ``SECRET_KEY``. This provides the Flask\napplication a way to detect any tampering to the session data. If the application\nis indeed using a secret key and secure hashing algorithm, the session signature\nwill be unique to application. \n\nFor more on the topic of the Flask session see these references:\n\n* `How Secure Is The Flask User Session?`_\n* `Quickstart for Flask Sessions`_\n* `API Docs for Flask Sessions`_\n\n.. _`How Secure Is The Flask User Session?`: https://blog.miguelgrinberg.com/post/how-secure-is-the-flask-user-session\n.. _`Quickstart for Flask Sessions`: http://flask.pocoo.org/docs/1.0/quickstart/#sessions\n.. _`API Docs for Flask Sessions`: http://flask.pocoo.org/docs/1.0/api/#sessions\n\nDisclaimer: Keep your SECRET_KEY, secret!\n-----------------------------------------\n\nIf you expose this key your application becomes vulnerable to session replay\nattacks. `Here is an example`_ where an application exposed the ``SECRET_KEY``\nduring 404 errors. The example also illustrates how session replay works.\n\nBy default Flask does not expose the ``SECRET_KEY`` anywhere. It is up to you\nthe developer to keep it that way!\n\n.. _`Here is an example`: https://terryvogelsang.tech/MITRECTF2018-my-flask-app/\n\nUsage\n=====\n\nInstallation\n------------\n\n.. code-block:: bash\n\n $ pip install flask-cookie-decode\n\nExtracting the cookie using browser tools\n-----------------------------------------\n\n.. image:: https://raw.githubusercontent.com/wgwz/flask-cookie-decode/master/docs/cookie.png\n :alt: Finding the cookie in browser tools\n :width: 100%\n :align: center\n\nExample Flask app\n-----------------\n\nSee `examples/app.py `_:\n\n.. code-block:: python \n\n from flask import Flask, jsonify, session, request\n from flask_cookie_decode import CookieDecode\n\n app = Flask(__name__)\n app.config.update({'SECRET_KEY': 'jlghasdghasdhgahsdg'})\n cookie = CookieDecode()\n cookie.init_app(app)\n\n @app.route('/')\n def index():\n a = request.args.get('a')\n session['a'] = a\n return jsonify(dict(session))\n\nExamples using the CLI:\n-----------------------\n\n1. A cookie with a valid signature:\n\n.. code-block:: bash\n\n $ export FLASK_APP=app.py\n $ flask cookie decode eyJhIjoiYXNkYXNkamtqYXNkIn0.XCkk1Q.tTPu2Zhvn9KxgkP35ERAgyd8MzA\n TrustedCookie(contents={'a': 'asdasdjkjasd'}, expiration='2019-01-30T20:04:37')\n\n2. A cookie with an invalid signature:\n\n.. code-block:: bash\n\n $ export FLASK_APP=app.py\n $ flask cookie decode eyJhIjoiYXNkYXNkamtqYXNkIn0.XCkk1Q.tTPu2Zhvn9KxgkP35ERAgyd8MzA\n UntrustedCookie(contents={'a': 'asdasdjkjasd'}, expiration='2019-01-30T20:04:37')\n\n3. An expired cookie:\n\n.. code-block:: bash\n\n $ export FLASK_APP=app.py\n $ flask cookie decode eyJhIjoiYXNkYXNkamtqYXNkIn0.XCkk1Q.tTPu2Zhvn9KxgkP35ERAgyd8MzA\n ExpiredCookie(contents={'a': 'asdasdjkjasd'}, expiration='2019-01-30T20:04:37')\n\nDocumentation\n=============\n\n`Docs `_\n\nLicense\n=======\n\n`MIT `_.\n\n\n=======\nHistory\n=======\n\n.. towncrier release notes start\n\nFlask_Cookie_Decode 0.3.0 (2019-01-05)\n======================================\n\nBugfixes\n--------\n\n- In all previous releases the CLI with the ``--timestamp`` CLI flag was actually\n returning the timestamp when the cookie was signed. *Not* the timestamp when the\n cookie expires, as it should have been doing. \n\n In all previous releases there was no error handling for expired cookies. This\n release now returns a ``ExpiredCookie`` when it is detected. (#1)\n\n\nImproved Documentation\n----------------------\n\n- Updates the documentation to include some more details about the way the \n Flask session works, and things you should be looking out for from a security\n perspective. The documentation also reflects the latest in terms of the way\n the CLI works. (#1)\n\n\n0.1.0 (2018-12-29)\n==================\n\n* First release on PyPI.\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/wgwz/flask-cookie-decode", "keywords": "flask_cookie_decode", "license": "MIT license", "maintainer": "", "maintainer_email": "", "name": "flask-cookie-decode", "package_url": "https://pypi.org/project/flask-cookie-decode/", "platform": "", "project_url": "https://pypi.org/project/flask-cookie-decode/", "project_urls": { "Homepage": "https://github.com/wgwz/flask-cookie-decode" }, "release_url": "https://pypi.org/project/flask-cookie-decode/0.3.0/", "requires_dist": [ "Flask (>=0.11)" ], "requires_python": "", "summary": "Tools for debugging and working with the built-in Flask session cookie", "version": "0.3.0" }, "last_serial": 4666197, "releases": { "0.1.4": [ { "comment_text": "", "digests": { "md5": "8dbac7e9e95aa4c10f490dc18fcb2d51", "sha256": "9caf7a0aef2414decbc724e5fa00bf7628eb31a2933869f2ce160727463e579e" }, "downloads": -1, "filename": "flask_cookie_decode-0.1.4-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "8dbac7e9e95aa4c10f490dc18fcb2d51", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5129, "upload_time": "2018-12-31T18:56:23", "url": "https://files.pythonhosted.org/packages/7b/b6/860a2d1aa77956311627ed2b901eb66a4f963116585614bb22b6fc9ebc48/flask_cookie_decode-0.1.4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "588460a4520b4aef82929fb19ca98e1b", "sha256": "afa81b23ec99eb362838cc221c717af4e6a386d6f97242161b9b6df0136c86a8" }, "downloads": -1, "filename": "flask_cookie_decode-0.1.4.tar.gz", "has_sig": false, "md5_digest": "588460a4520b4aef82929fb19ca98e1b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 108519, "upload_time": "2018-12-31T18:56:26", "url": "https://files.pythonhosted.org/packages/da/d0/c3a3d31c1fbfa48a91964e1a1542f91fb0e0c6531a999f267de4d2e9f254/flask_cookie_decode-0.1.4.tar.gz" } ], "0.1.5": [ { "comment_text": "", "digests": { "md5": "cd98a4b85912a3beee8484c7f1f79c28", "sha256": "78075910d5e816441ae71b83614b20c24380ae830799e572b6194fdb9b739780" }, "downloads": -1, "filename": "flask_cookie_decode-0.1.5-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "cd98a4b85912a3beee8484c7f1f79c28", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5128, "upload_time": "2018-12-31T20:00:08", "url": "https://files.pythonhosted.org/packages/bb/c9/88f70a54c62c5614631b6b77749a501b1181cb9668eb8f0e24e2cc87efed/flask_cookie_decode-0.1.5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8e0e03c22f26c77ad45fc32e07d16a06", "sha256": "c7edac4c2c9d4659fed2a3a5c5124ea9d4c9790b17809a621cba3f551e676bd1" }, "downloads": -1, "filename": "flask_cookie_decode-0.1.5.tar.gz", "has_sig": false, "md5_digest": "8e0e03c22f26c77ad45fc32e07d16a06", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 106584, "upload_time": "2018-12-31T20:00:09", "url": "https://files.pythonhosted.org/packages/61/2a/5435dbdbd75016eee6ea6767109738e245345e382ea662d51d6e689a96d2/flask_cookie_decode-0.1.5.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "5fa27e931fd3d76b18982006a989d349", "sha256": "cfe87afadc80a0befe2ecb3219d2e8dd2aa5d6f4ca373395cd8f28e9b3daa63c" }, "downloads": -1, "filename": "flask_cookie_decode-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "5fa27e931fd3d76b18982006a989d349", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5250, "upload_time": "2018-12-31T21:48:01", "url": "https://files.pythonhosted.org/packages/a4/6b/46e8c91ff12b03948ccd69f699716ad5fdd52832ec10d9e26cf30ad1185a/flask_cookie_decode-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "16b8b3d274ffabdc9382efe7a9bc3a5b", "sha256": "ef4b506d7493f39616f93166817d022918955646d821f7889d52510e9e01911f" }, "downloads": -1, "filename": "flask_cookie_decode-0.2.0.tar.gz", "has_sig": false, "md5_digest": "16b8b3d274ffabdc9382efe7a9bc3a5b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 106776, "upload_time": "2018-12-31T21:48:02", "url": "https://files.pythonhosted.org/packages/2c/88/57ebca7f6ddbef24acf8952897f6b3e3952b7ab0e0abad5bb625767d89b0/flask_cookie_decode-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "aa5d9647b410715281d83be626d09eb2", "sha256": "a90f5e9b5d706577fbe0157fa4b4c8b6873294555982e9ed3d21f2e3d02be85e" }, "downloads": -1, "filename": "flask_cookie_decode-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "aa5d9647b410715281d83be626d09eb2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 6431, "upload_time": "2019-01-06T18:24:12", "url": "https://files.pythonhosted.org/packages/05/18/cd65cda43d17f04a71a7d4ec19082fba359a1859ff1df91d9df50024ca9e/flask_cookie_decode-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e71e5f7a270addc3beb64b9ae131d031", "sha256": "33247386c597e88403ed7d7d838650aa4f1094e85c4a2bed4629ef67af71e922" }, "downloads": -1, "filename": "flask_cookie_decode-0.3.0.tar.gz", "has_sig": false, "md5_digest": "e71e5f7a270addc3beb64b9ae131d031", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 108571, "upload_time": "2019-01-06T18:24:13", "url": "https://files.pythonhosted.org/packages/79/0b/bae9c5fce74ce633f5b625ccaab95c473b4766ea2d228777ed6468ebf390/flask_cookie_decode-0.3.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "aa5d9647b410715281d83be626d09eb2", "sha256": "a90f5e9b5d706577fbe0157fa4b4c8b6873294555982e9ed3d21f2e3d02be85e" }, "downloads": -1, "filename": "flask_cookie_decode-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "aa5d9647b410715281d83be626d09eb2", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 6431, "upload_time": "2019-01-06T18:24:12", "url": "https://files.pythonhosted.org/packages/05/18/cd65cda43d17f04a71a7d4ec19082fba359a1859ff1df91d9df50024ca9e/flask_cookie_decode-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e71e5f7a270addc3beb64b9ae131d031", "sha256": "33247386c597e88403ed7d7d838650aa4f1094e85c4a2bed4629ef67af71e922" }, "downloads": -1, "filename": "flask_cookie_decode-0.3.0.tar.gz", "has_sig": false, "md5_digest": "e71e5f7a270addc3beb64b9ae131d031", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 108571, "upload_time": "2019-01-06T18:24:13", "url": "https://files.pythonhosted.org/packages/79/0b/bae9c5fce74ce633f5b625ccaab95c473b4766ea2d228777ed6468ebf390/flask_cookie_decode-0.3.0.tar.gz" } ] }