@GitHK review: session

pcrespov · pcrespov · commit 8be5c432546d · 2024-10-14T10:11:23.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/session/_cookie_storage.py b/services/web/server/src/simcore_service_webserver/session/_cookie_storage.py
@@ -10,6 +10,8 @@
 from aiohttp import web
 from aiohttp_session.cookie_storage import EncryptedCookieStorage
 
+from .errors import SessionValueError
+
 _logger = logging.getLogger(__name__)
 
 
@@ -20,8 +22,13 @@ def _share_cookie_across_all_subdomains(
     Shares cookie across all subdomains, by appending a dot (`.`) in front of the domain name
     overwrite domain from `None` (browser sets `example.com`) to `.example.com`
     """
-    if (host := request.url.host) and host is not None:
-        params["domain"] = f".{host.lstrip('.')}"
+    host = request.url.host
+    if host is None:
+        raise SessionValueError(
+            invalid="host", host=host, request_url=request.url, params=params
+        )
+
+    params["domain"] = f".{host.lstrip('.')}"
 
     return params
 
@@ -47,8 +54,16 @@ def save_cookie(
     ) -> None:
 
         params = self._cookie_params.copy()
-        if request := response._req:  # pylint:disable=protected-access  # noqa: SLF001
-            params = _share_cookie_across_all_subdomains(request, params)
+        request = response._req  # pylint:disable=protected-access  # noqa: SLF001
+        if not request:
+            raise SessionValueError(
+                invalid="request",
+                invalid_request=request,
+                response=response,
+                params=params,
+            )
+
+        params = _share_cookie_across_all_subdomains(request, params)
 
         # --------------------------------------------------------
         # WARNING: the code below is taken and adapted from the superclass
diff --git a/services/web/server/src/simcore_service_webserver/session/errors.py b/services/web/server/src/simcore_service_webserver/session/errors.py
@@ -0,0 +1,5 @@
+from ..errors import WebServerBaseError
+
+
+class SessionValueError(WebServerBaseError, ValueError):
+    msg_template = "Invalid {invalid} in session"
diff --git a/services/web/server/tests/unit/with_dbs/03/test_session.py b/services/web/server/tests/unit/with_dbs/03/test_session.py
@@ -11,12 +11,14 @@
 import pytest
 from aiohttp import web
 from aiohttp.test_utils import TestClient
-from aiohttp_session.cookie_storage import EncryptedCookieStorage
 from cryptography.fernet import Fernet
 from pytest_simcore.helpers.dict_tools import ConfigDict
 from pytest_simcore.helpers.typing_env import EnvVarsDict
 from pytest_simcore.helpers.webserver_login import NewUser
 from simcore_service_webserver.application import create_application
+from simcore_service_webserver.session._cookie_storage import (
+    SharedCookieEncryptedCookieStorage,
+)
 from simcore_service_webserver.session.api import get_session
 from simcore_service_webserver.session.settings import SessionSettings
 
@@ -128,7 +130,7 @@ def test_session_settings(
             == WEBSERVER_SESSION_SECRET_KEY
         )
 
-    _should_not_raise = EncryptedCookieStorage(
+    _should_not_raise = SharedCookieEncryptedCookieStorage(
         # NOTE: we pass here a string!
         secret_key=settings.SESSION_SECRET_KEY.get_secret_value()
     )
