improve cookie parsing

allows '/' to be within a cookie name
removes deprecated cookie getter/setter
fixes #1118

3 files changed, 20 insertions, 37 deletions

diff --git a/netlib/http/cookies.py b/netlib/http/cookies.py
index caa84ff7..2d5c18ca 100644
--- a/netlib/http/cookies.py
+++ b/netlib/http/cookies.py
@@ -1,5 +1,6 @@
 from six.moves import http_cookies as Cookie
 import re
+import string
 from email.utils import parsedate_tz, formatdate, mktime_tz
 
 from .. import odict
@@ -27,7 +28,6 @@ variants. Serialization follows RFC6265.
 
 # TODO: Disallow LHS-only Cookie values
 
-
 def _read_until(s, start, term):
     """
         Read until one of the characters in term is reached.
@@ -203,25 +203,26 @@ def refresh_set_cookie_header(c, delta):
     Returns:
         A refreshed Set-Cookie string
     """
-    try:
-        c = Cookie.SimpleCookie(str(c))
-    except Cookie.CookieError:
+
+    name, value, attrs = parse_set_cookie_header(c)
+    if not name or not value:
         raise ValueError("Invalid Cookie")
-    for i in c.values():
-        if "expires" in i:
-            d = parsedate_tz(i["expires"])
-            if d:
-                d = mktime_tz(d) + delta
-                i["expires"] = formatdate(d)
-            else:
-                # This can happen when the expires tag is invalid.
-                # reddit.com sends a an expires tag like this: "Thu, 31 Dec
-                # 2037 23:59:59 GMT", which is valid RFC 1123, but not
-                # strictly correct according to the cookie spec. Browsers
-                # appear to parse this tolerantly - maybe we should too.
-                # For now, we just ignore this.
-                del i["expires"]
-    ret = c.output(header="").strip()
+
+    if "expires" in attrs:
+        e = parsedate_tz(attrs["expires"][0])
+        if e:
+            f = mktime_tz(e) + delta
+            attrs["expires"] = [formatdate(f)]
+        else:
+            # This can happen when the expires tag is invalid.
+            # reddit.com sends a an expires tag like this: "Thu, 31 Dec
+            # 2037 23:59:59 GMT", which is valid RFC 1123, but not
+            # strictly correct according to the cookie spec. Browsers
+            # appear to parse this tolerantly - maybe we should too.
+            # For now, we just ignore this.
+            del attrs["expires"]
+
+    ret = format_set_cookie_header(name, value, attrs)
     if not ret:
         raise ValueError("Invalid Cookie")
     return ret
diff --git a/netlib/http/request.py b/netlib/http/request.py
index 67aa17ce..a42150ff 100644
--- a/netlib/http/request.py
+++ b/netlib/http/request.py
@@ -343,14 +343,6 @@ class Request(Message):
 
     # Legacy
 
-    def get_cookies(self):  # pragma: no cover
-        warnings.warn(".get_cookies is deprecated, use .cookies instead.", DeprecationWarning)
-        return self.cookies
-
-    def set_cookies(self, odict):  # pragma: no cover
-        warnings.warn(".set_cookies is deprecated, use .cookies instead.", DeprecationWarning)
-        self.cookies = odict
-
     def get_query(self):  # pragma: no cover
         warnings.warn(".get_query is deprecated, use .query instead.", DeprecationWarning)
         return self.query or ODict([])
diff --git a/netlib/http/response.py b/netlib/http/response.py
index efd7f60a..2f06149e 100644
--- a/netlib/http/response.py
+++ b/netlib/http/response.py
@@ -127,13 +127,3 @@ class Response(Message):
             c.append(refreshed)
         if c:
             self.headers.set_all("set-cookie", c)
-
-    # Legacy
-
-    def get_cookies(self):  # pragma: no cover
-        warnings.warn(".get_cookies is deprecated, use .cookies instead.", DeprecationWarning)
-        return self.cookies
-
-    def set_cookies(self, odict):  # pragma: no cover
-        warnings.warn(".set_cookies is deprecated, use .cookies instead.", DeprecationWarning)
-        self.cookies = odict