django-cookie-consent 0.8.0__py3-none-any.whl → 1.0.0__py3-none-any.whl

cookie_consent/templatetags/cookie_consent_tags.py

@@ -1,16 +1,13 @@
-import warnings
+from collections.abc import Collection
 
 from django import template
-from django.urls import reverse
+from django.http import HttpRequest
 from django.utils.html import json_script
 
 from ..cache import all_cookie_groups as get_all_cookie_groups
-from ..conf import settings
+from ..models import CookieGroup
 from ..util import (
     are_all_cookies_accepted,
-    get_accepted_cookies,
-    get_cookie_dict_from_request,
-    get_cookie_string,
     get_cookie_value_from_request,
     get_not_accepted_or_declined_cookie_groups,
     is_cookie_consent_enabled,
@@ -20,31 +17,39 @@ register = template.Library()
 
 
 @register.filter
-def cookie_group_accepted(request, arg):
+def cookie_group_accepted(request: HttpRequest, group_or_cookie: str) -> bool:
     """
-    Filter returns if cookie group is accepted.
+    Return ``True`` if the cookie group/cookie is accepted.
 
     Examples:
-    ::
+
+    .. code-block:: django
 
         {{ request|cookie_group_accepted:"analytics" }}
         {{ request|cookie_group_accepted:"analytics=*:.google.com" }}
     """
-    value = get_cookie_value_from_request(request, *arg.split("="))
+    value = get_cookie_value_from_request(request, *group_or_cookie.split("="))
     return value is True
 
 
 @register.filter
-def cookie_group_declined(request, arg):
+def cookie_group_declined(request: HttpRequest, group_or_cookie: str) -> bool:
     """
-    Filter returns if cookie group is declined.
+    Return ``True`` if the cookie group/cookie is declined.
+
+    Examples:
+
+    .. code-block:: django
+
+        {{ request|cookie_group_declined:"analytics" }}
+        {{ request|cookie_group_declined:"analytics=*:.google.com" }}
     """
-    value = get_cookie_value_from_request(request, *arg.split("="))
+    value = get_cookie_value_from_request(request, *group_or_cookie.split("="))
     return value is False
 
 
 @register.filter
-def all_cookies_accepted(request):
+def all_cookies_accepted(request: HttpRequest) -> bool:
     """
     Filter returns if all cookies are accepted.
     """
@@ -52,119 +57,23 @@ def all_cookies_accepted(request):
 
 
 @register.simple_tag
-def not_accepted_or_declined_cookie_groups(request):
+def not_accepted_or_declined_cookie_groups(
+    request: HttpRequest,
+) -> Collection[CookieGroup]:
     """
-    Assignement tag returns cookie groups that does not yet given consent
-    or decline.
+    Return the cookie groups for which no explicit accept or decline has been given.
     """
     return get_not_accepted_or_declined_cookie_groups(request)
 
 
 @register.filter
-def cookie_consent_enabled(request):
+def cookie_consent_enabled(request: HttpRequest) -> bool:
     """
-    Filter returns if cookie consent enabled for this request.
+    Indicate whether the cookie-consent app is enabled or not.
     """
     return is_cookie_consent_enabled(request)
 
 
-@register.simple_tag
-def cookie_consent_accept_url(cookie_groups):
-    """
-    Assignement tag returns url for accepting given concept groups.
-    """
-    varnames = ",".join([g.varname for g in cookie_groups])
-    url = reverse("cookie_consent_accept", kwargs={"varname": varnames})
-    return url
-
-
-@register.simple_tag
-def cookie_consent_decline_url(cookie_groups):
-    """
-    Assignement tag returns url for declining given concept groups.
-    """
-    varnames = ",".join([g.varname for g in cookie_groups])
-    url = reverse("cookie_consent_decline", kwargs={"varname": varnames})
-    return url
-
-
-@register.simple_tag
-def get_accept_cookie_groups_cookie_string(request, cookie_groups):  # pragma: no cover
-    """
-    Tag returns accept cookie string suitable to use in javascript.
-    """
-    warnings.warn(
-        "Cookie string template tags for JS are deprecated and will be removed "
-        "in django-cookie-consent 1.0",
-        DeprecationWarning,
-    )
-    cookie_dic = get_cookie_dict_from_request(request)
-    for cookie_group in cookie_groups:
-        cookie_dic[cookie_group.varname] = cookie_group.get_version()
-    return get_cookie_string(cookie_dic)
-
-
-@register.simple_tag
-def get_decline_cookie_groups_cookie_string(request, cookie_groups):
-    """
-    Tag returns decline cookie string suitable to use in javascript.
-    """
-    warnings.warn(
-        "Cookie string template tags for JS are deprecated and will be removed "
-        "in django-cookie-consent 1.0",
-        DeprecationWarning,
-    )
-    cookie_dic = get_cookie_dict_from_request(request)
-    for cookie_group in cookie_groups:
-        cookie_dic[cookie_group.varname] = settings.COOKIE_CONSENT_DECLINE
-    return get_cookie_string(cookie_dic)
-
-
-@register.simple_tag
-def js_type_for_cookie_consent(request, varname, cookie=None):
-    """
-    Tag returns "x/cookie_consent" when processing javascript
-    will create an cookie and consent does not exists yet.
-
-    Example::
-
-      <script type="{% js_type_for_cookie_consent request "social" %}"
-      data-varname="social">
-        alert("Social cookie accepted");
-      </script>
-    """
-    # This approach doesn't work with page caches and/or strict Content-Security-Policies
-    # (unless you use nonces, which again doesn't work with aggressive page caching).
-    warnings.warn(
-        "Template tags for use in/with JS are deprecated and will be removed "
-        "in django-cookie-consent 1.0",
-        DeprecationWarning,
-    )
-    enabled = is_cookie_consent_enabled(request)
-    if not enabled:
-        res = True
-    else:
-        value = get_cookie_value_from_request(request, varname, cookie)
-        if value is None:
-            res = settings.COOKIE_CONSENT_OPT_OUT
-        else:
-            res = value
-    return "text/javascript" if res else "x/cookie_consent"
-
-
-@register.filter
-def accepted_cookies(request):
-    """
-    Filter returns accepted cookies varnames.
-
-    .. code-block:: django
-
-        {{ request|accepted_cookies }}
-
-    """
-    return [c.varname for c in get_accepted_cookies(request)]
-
-
 @register.simple_tag
 def all_cookie_groups(element_id: str):
     """

cookie_consent/urls.py

@@ -1,6 +1,4 @@
-# -*- coding: utf-8 -*-
-from django.urls import path, re_path
-from django.views.decorators.csrf import csrf_exempt
+from django.urls import path
 
 from .views import (
     CookieGroupAcceptView,
@@ -10,28 +8,8 @@ from .views import (
 )
 
 urlpatterns = [
-    path(
-        "accept/",
-        csrf_exempt(CookieGroupAcceptView.as_view()),
-        name="cookie_consent_accept_all",
-    ),
-    # TODO: use form or query string params for this instead?
-    re_path(
-        r"^accept/(?P<varname>.*)/$",
-        csrf_exempt(CookieGroupAcceptView.as_view()),
-        name="cookie_consent_accept",
-    ),
-    # TODO: use form or query string params for this instead?
-    re_path(
-        r"^decline/(?P<varname>.*)/$",
-        csrf_exempt(CookieGroupDeclineView.as_view()),
-        name="cookie_consent_decline",
-    ),
-    path(
-        "decline/",
-        csrf_exempt(CookieGroupDeclineView.as_view()),
-        name="cookie_consent_decline_all",
-    ),
+    path("accept/", CookieGroupAcceptView.as_view(), name="cookie_consent_accept"),
+    path("decline/", CookieGroupDeclineView.as_view(), name="cookie_consent_decline"),
     path("status/", CookieStatusView.as_view(), name="cookie_consent_status"),
     path("", CookieGroupListView.as_view(), name="cookie_consent_cookie_group_list"),
 ]

cookie_consent/util.py

@@ -1,125 +1,125 @@
-# -*- coding: utf-8 -*-
-import datetime
-from typing import Union
+import logging
+from collections.abc import Callable, Collection, Iterator
+
+from django.http import HttpRequest, HttpResponseBase
 
 from .cache import all_cookie_groups, get_cookie, get_cookie_group
 from .conf import settings
-from .models import ACTION_ACCEPTED, ACTION_DECLINED, LogItem
+from .models import Cookie, CookieGroup
+
+logger = logging.getLogger(__name__)
+
+COOKIE_GROUP_SEP = "|"
+KEY_VALUE_SEP = "="
 
 
-def parse_cookie_str(cookie):
-    dic = {}
+def parse_cookie_str(cookie: str) -> dict[str, str]:
     if not cookie:
-        return dic
-    for c in cookie.split("|"):
-        key, value = c.split("=")
-        dic[key] = value
-    return dic
+        return {}
+
+    bits = cookie.split(COOKIE_GROUP_SEP)
+
+    def _gen_pairs() -> Iterator[tuple[str, str]]:
+        for possible_pair in bits:
+            parts = possible_pair.split(KEY_VALUE_SEP)
+            if len(parts) == 2:
+                varname, cookie = parts
+                yield varname, cookie
+            else:
+                logger.debug("cookie_value_discarded", extra={"value": possible_pair})
 
+    return dict(_gen_pairs())
 
-def dict_to_cookie_str(dic):
-    return "|".join(["%s=%s" % (k, v) for k, v in dic.items() if v])
 
+def _contains_invalid_characters(*inputs: str) -> bool:
+    # = and | are special separators. They are unexpected characters in both
+    # keys and values.
+    for separator in (COOKIE_GROUP_SEP, KEY_VALUE_SEP):
+        for value in inputs:
+            if separator in value:
+                logger.debug("skip_separator", extra={"value": value, "sep": separator})
+                return True
+    return False
 
-def get_cookie_dict_from_request(request):
-    cookie_str = request.COOKIES.get(settings.COOKIE_CONSENT_NAME)
+
+def dict_to_cookie_str(dic: dict[str, str]) -> str:
+    """
+    Serialize a dictionary of cookie-group metadata to a string.
+
+    The result is stored in a cookie itself. Note that the dictionary keys are expected
+    to be cookie group ``varname`` fields, which are validated against a slug regex. The
+    values are supposed to be ISO-8601 timestamps.
+
+    Invalid key/value pairs are dropped.
+    """
+
+    def _gen_pairs() -> Iterator[str]:
+        for key, value in dic.items():
+            if _contains_invalid_characters(key, value):
+                continue
+            yield f"{key}={value}"
+
+    return "|".join(_gen_pairs())
+
+
+def get_cookie_dict_from_request(request: HttpRequest) -> dict[str, str]:
+    cookie_str = request.COOKIES.get(settings.COOKIE_CONSENT_NAME, "")
     return parse_cookie_str(cookie_str)
 
 
-def set_cookie_dict_to_response(response, dic):
+def set_cookie_dict_to_response(
+    response: HttpResponseBase, dic: dict[str, str]
+) -> None:
     response.set_cookie(
         settings.COOKIE_CONSENT_NAME,
         dict_to_cookie_str(dic),
         max_age=settings.COOKIE_CONSENT_MAX_AGE,
         domain=settings.COOKIE_CONSENT_DOMAIN,
-        secure=settings.COOKIE_CONSENT_SECURE or None,
-        httponly=settings.COOKIE_CONSENT_HTTPONLY or None,
+        secure=settings.COOKIE_CONSENT_SECURE,
+        httponly=settings.COOKIE_CONSENT_HTTPONLY,
         samesite=settings.COOKIE_CONSENT_SAMESITE,
     )
 
 
-def get_cookie_value_from_request(request, varname, cookie=None):
+def get_cookie_value_from_request(
+    request: HttpRequest, varname: str, cookie: str = ""
+) -> bool | None:
     """
     Returns if cookie group or its specific cookie has been accepted.
 
     Returns True or False when cookie is accepted or declined or None
     if cookie is not set.
     """
-    cookie_dic = get_cookie_dict_from_request(request)
-    if not cookie_dic:
+    if not (cookie_dic := get_cookie_dict_from_request(request)):
         return None
-
-    cookie_group = get_cookie_group(varname=varname)
-    if not cookie_group:
+    if not (cookie_group := get_cookie_group(varname=varname)):
         return None
+
+    _cookie: Cookie | None = None
     if cookie:
         name, domain = cookie.split(":")
-        cookie = get_cookie(cookie_group, name, domain)
-    else:
-        cookie = None
+        _cookie = get_cookie(cookie_group, name, domain)
 
-    version = cookie_dic.get(varname, None)
+    match version := cookie_dic.get(varname, None):
+        case None:
+            return None
+        case str() if version == settings.COOKIE_CONSENT_DECLINE:
+            return False
 
-    if version == settings.COOKIE_CONSENT_DECLINE:
-        return False
-    if version is None:
-        return None
-    if not cookie:
-        v = cookie_group.get_version()
-    else:
-        v = cookie.get_version()
-    if version >= v:
+    reference_version = _cookie.get_version() if _cookie else cookie_group.get_version()
+    if version >= reference_version:
         return True
     return None
 
 
-def get_cookie_groups(varname=None):
+def get_cookie_groups(varname: str = "") -> Collection[CookieGroup]:
     if not varname:
         return all_cookie_groups().values()
     keys = varname.split(",")
     return [g for k, g in all_cookie_groups().items() if k in keys]
 
 
-def accept_cookies(request, response, varname=None):
-    """
-    Accept cookies in Cookie Group specified by ``varname``.
-    """
-    cookie_dic = get_cookie_dict_from_request(request)
-    for cookie_group in get_cookie_groups(varname):
-        cookie_dic[cookie_group.varname] = cookie_group.get_version()
-        if settings.COOKIE_CONSENT_LOG_ENABLED:
-            LogItem.objects.create(
-                action=ACTION_ACCEPTED,
-                cookiegroup=cookie_group,
-                version=cookie_group.get_version(),
-            )
-    set_cookie_dict_to_response(response, cookie_dic)
-
-
-def delete_cookies(response, cookie_group):
-    if cookie_group.is_deletable:
-        for cookie in cookie_group.cookie_set.all():
-            response.delete_cookie(cookie.name, cookie.path, cookie.domain)
-
-
-def decline_cookies(request, response, varname=None):
-    """
-    Decline and delete cookies in CookieGroup specified by ``varname``.
-    """
-    cookie_dic = get_cookie_dict_from_request(request)
-    for cookie_group in get_cookie_groups(varname):
-        cookie_dic[cookie_group.varname] = settings.COOKIE_CONSENT_DECLINE
-        delete_cookies(response, cookie_group)
-        if settings.COOKIE_CONSENT_LOG_ENABLED:
-            LogItem.objects.create(
-                action=ACTION_DECLINED,
-                cookiegroup=cookie_group,
-                version=cookie_group.get_version(),
-            )
-    set_cookie_dict_to_response(response, cookie_dic)
-
-
-def are_all_cookies_accepted(request):
+def are_all_cookies_accepted(request: HttpRequest) -> bool:
     """
     Returns if all cookies are accepted.
     """
@@ -131,7 +131,7 @@ def are_all_cookies_accepted(request):
     )
 
 
-def _get_cookie_groups_by_state(request, state: Union[bool, None]):
+def _get_cookie_groups_by_state(request, state: bool | None) -> Collection[CookieGroup]:
     return [
         cookie_group
         for cookie_group in get_cookie_groups()
@@ -139,64 +139,32 @@ def _get_cookie_groups_by_state(request, state: Union[bool, None]):
     ]
 
 
-def get_not_accepted_or_declined_cookie_groups(request):
+def get_not_accepted_or_declined_cookie_groups(
+    request: HttpRequest,
+) -> Collection[CookieGroup]:
     """
     Returns all cookie groups that are neither accepted or declined.
     """
     return _get_cookie_groups_by_state(request, state=None)
 
 
-def get_accepted_cookie_groups(request):
+def get_accepted_cookie_groups(request: HttpRequest) -> Collection[CookieGroup]:
     """
     Returns all cookie groups that are accepted.
     """
     return _get_cookie_groups_by_state(request, state=True)
 
 
-def get_declined_cookie_groups(request):
+def get_declined_cookie_groups(request: HttpRequest) -> Collection[CookieGroup]:
     """
     Returns all cookie groups that are declined.
     """
     return _get_cookie_groups_by_state(request, state=False)
 
 
-def is_cookie_consent_enabled(request):
+def is_cookie_consent_enabled(request: HttpRequest) -> bool:
     """
     Returns if django-cookie-consent is enabled for given request.
     """
-    enabled = settings.COOKIE_CONSENT_ENABLED
-    if callable(enabled):
-        return enabled(request)
-    else:
-        return enabled
-
-
-def get_cookie_string(cookie_dic):
-    """
-    Returns cookie in format suitable for use in javascript.
-    """
-    expires = datetime.datetime.now() + datetime.timedelta(
-        seconds=settings.COOKIE_CONSENT_MAX_AGE
-    )
-    cookie_str = "%s=%s; expires=%s; path=/" % (
-        settings.COOKIE_CONSENT_NAME,
-        dict_to_cookie_str(cookie_dic),
-        expires.strftime("%a, %d %b %Y %H:%M:%S GMT"),
-    )
-    return cookie_str
-
-
-def get_accepted_cookies(request):
-    """
-    Returns all accepted cookies.
-    """
-    cookie_dic = get_cookie_dict_from_request(request)
-    accepted_cookies = []
-    for cookie_group in all_cookie_groups().values():
-        version = cookie_dic.get(cookie_group.varname, None)
-        if not version or version == settings.COOKIE_CONSENT_DECLINE:
-            continue
-        for cookie in cookie_group.cookie_set.all():
-            if version >= cookie.get_version():
-                accepted_cookies.append(cookie)
-    return accepted_cookies
+    enabled: bool | Callable[[HttpRequest], bool] = settings.COOKIE_CONSENT_ENABLED
+    return enabled(request) if callable(enabled) else enabled

cookie_consent/views.py

@@ -1,16 +1,22 @@
-# -*- coding: utf-8 -*-
+from typing import Literal
+
 from django.contrib.auth.views import RedirectURLMixin
-from django.core.exceptions import SuspiciousOperation
-from django.http import HttpRequest, HttpResponse, HttpResponseRedirect, JsonResponse
+from django.http import (
+    HttpRequest,
+    HttpResponse,
+    HttpResponseBase,
+    HttpResponseRedirect,
+    JsonResponse,
+)
 from django.middleware.csrf import get_token as get_csrf_token
 from django.urls import reverse
-from django.utils.http import url_has_allowed_host_and_scheme
 from django.views.generic import ListView, View
 
+from .conf import settings
+from .forms import ProcessCookiesForm
 from .models import CookieGroup
+from .processor import CookiesProcessor
 from .util import (
-    accept_cookies,
-    decline_cookies,
     get_accepted_cookie_groups,
     get_declined_cookie_groups,
     get_not_accepted_or_declined_cookie_groups,
@@ -36,31 +42,40 @@ class CookieGroupListView(ListView):
 
 
 class CookieGroupBaseProcessView(RedirectURLMixin, View):
-    def get_success_url(self):
-        """
-        If user adds a 'next' as URL parameter or hidden input,
-        redirect to the value of 'next'. Otherwise, redirect to
-        cookie consent group list
-        """
-        redirect_to = self.request.POST.get("next", self.request.GET.get("next"))
-        if redirect_to and not url_has_allowed_host_and_scheme(
-            url=redirect_to,
-            allowed_hosts=self.get_success_url_allowed_hosts(),
-            require_https=self.request.is_secure(),
-        ):
-            raise SuspiciousOperation("Unsafe open redirect suspected.")
-        return redirect_to or reverse("cookie_consent_cookie_group_list")
-
-    def process(self, request, response, varname):  # pragma: no cover
-        raise NotImplementedError()
-
-    def post(self, request, *args, **kwargs):
-        varname = kwargs.get("varname", None)
+    """
+    Process the cookie groups submitted in the POST request (or URL parameters).
+
+    :class:`RedirectURLMixin` takes care of the hardening against open redirects.
+    """
+
+    cookie_process_action: Literal["accept", "decline"]
+    """
+    Processing action to apply, must be set on the subclasses.
+    """
+
+    def get_default_redirect_url(self) -> str:
+        return settings.COOKIE_CONSENT_SUCCESS_URL
+
+    def post(self, request: HttpRequest, *args, **kwargs):
+        form = ProcessCookiesForm(data=request.POST)
+
+        if not form.is_valid():
+            if is_ajax_like(request):
+                return JsonResponse(form.errors.get_json_data())
+            else:
+                return HttpResponse(form.errors.render())
+
+        cookie_groups = form.get_cookie_groups()
+
+        response: HttpResponseBase
         if is_ajax_like(request):
             response = HttpResponse()
         else:
             response = HttpResponseRedirect(self.get_success_url())
-        self.process(request, response, varname)
+
+        processor = CookiesProcessor(request, response)
+        processor.process(cookie_groups, action=self.cookie_process_action)
+
         return response
 
 
@@ -69,8 +84,7 @@ class CookieGroupAcceptView(CookieGroupBaseProcessView):
     View to accept CookieGroup.
     """
 
-    def process(self, request, response, varname):
-        accept_cookies(request, response, varname)
+    cookie_process_action = "accept"
 
 
 class CookieGroupDeclineView(CookieGroupBaseProcessView):
@@ -78,11 +92,7 @@ class CookieGroupDeclineView(CookieGroupBaseProcessView):
     View to decline CookieGroup.
     """
 
-    def process(self, request, response, varname):
-        decline_cookies(request, response, varname)
-
-    def delete(self, request, *args, **kwargs):
-        return self.post(request, *args, **kwargs)
+    cookie_process_action = "decline"
 
 
 class CookieStatusView(View):
@@ -100,14 +110,10 @@ class CookieStatusView(View):
         accepted = get_accepted_cookie_groups(request)
         declined = get_declined_cookie_groups(request)
         not_accepted_or_declined = get_not_accepted_or_declined_cookie_groups(request)
-        # TODO: change this csv URL param into proper POST params
-        varnames = ",".join([group.varname for group in not_accepted_or_declined])
         data = {
             "csrftoken": get_csrf_token(request),
-            "acceptUrl": reverse("cookie_consent_accept", kwargs={"varname": varnames}),
-            "declineUrl": reverse(
-                "cookie_consent_decline", kwargs={"varname": varnames}
-            ),
+            "acceptUrl": reverse("cookie_consent_accept"),
+            "declineUrl": reverse("cookie_consent_decline"),
             "acceptedCookieGroups": [group.varname for group in accepted],
             "declinedCookieGroups": [group.varname for group in declined],
             "notAcceptedOrDeclinedCookieGroups": [