Fix handling of expired cookies so they are not stored in CookieJar

[alandtse]

What do these changes do?

Properly schedule expiration date for cookies that are provided to the CookieJar with a date in the past which will result in such cookies being immediately expired by _do_expiration(). Currently, the expiration date is set to the timestamp() (i.e., unix timestamp) which will make almost all values far in the future since it's compared to the event_loop.time() which increments from the start of the loop.

Marked WIP because this fix breaks the tests in tests/test_cookiejar.py for test_constructor and TestCookieJarSafe.test_expires. I believe there are incorrect assumptions about behavior but I wanted to verify the test assumptions before making changes to the test suite. Mainly, should expired cookies be stored in the CookieJar and just never sent in requests? Or should they automatically be deleted?
The current test suite assumes expired cookies will not be deleted automatically.

I can complete the PR and the remaining steps once I understand the architecture.

Are there changes in behavior for the user?

CookieJar will automatically reject expired cookies and not store in the CookieJar

Related issue number

#4063

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[mjpieters]

There are client functional tests in test_client_functional.py, including

aiohttp/tests/test_client_functional.py

Lines 1959 to 1983 in dc39183

	async def test_set_cookies(aiohttp_client) -> None:
	async def handler(request):
	ret = web.Response()
	ret.set_cookie('c1', 'cookie1')
	ret.set_cookie('c2', 'cookie2')
	ret.headers.add('Set-Cookie',
	'ISAWPLB{A7F52349-3531-4DA9-8776-F74BC6F4F1BB}='
	'{925EC0B8-CB17-4BEB-8A35-1033813B0523}; '
	'HttpOnly; Path=/')
	return ret
	app = web.Application()
	app.router.add_get('/', handler)
	client = await aiohttp_client(app)
	with mock.patch('aiohttp.client_reqrep.client_logger') as m_log:
	resp = await client.get('/')
	assert 200 == resp.status
	cookie_names = {c.key for c in client.session.cookie_jar}
	assert cookie_names == {'c1', 'c2'}
	resp.close()
	m_log.warning.assert_called_with('Can not load response cookies: %s',
	mock.ANY)

I'd copy that test as test_set_cookies_expired and verify that expired cookies are handled correctly.

[alandtse]

Can I get this reviewed please? Looking at the failed tests it's either related to 3.5 syntax which I believe you are deprecating or components I didn't touch. aiohttp\tests\test_worker.py

Please note I added one dev dependency for freezegun because mocking datetime is a pain because it's a builtin.

[codecov-io]

Codecov Report

Merging #4066 into master will decrease coverage by 0.04%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #4066      +/-   ##
==========================================
- Coverage   97.77%   97.73%   -0.05%     
==========================================
  Files          43       43              
  Lines        8763     8771       +8     
  Branches     1374     1374              
==========================================
+ Hits         8568     8572       +4     
- Misses         82       85       +3     
- Partials      113      114       +1

Impacted Files	Coverage Δ
aiohttp/cookiejar.py	100% <100%> (ø)	⬆️
aiohttp/helpers.py	97.56% <100%> (+0.01%)	⬆️
aiohttp/web_fileresponse.py	96.59% <0%> (-1.14%)	⬇️
aiohttp/connector.py	96.93% <0%> (-0.33%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6cb18a2...f784d63. Read the comment docs.

[mjpieters]

Thanks for making the requested changes!

Codecov shows coverage drops slightly because the max_age OverflowError exception handling isn’t covered by tests, see https://codecov.io/gh/aio-libs/aiohttp/compare/6cb18a2a904e0bc50ecb6e1a4f1745f4f5009fec...e76316626350a527349cce3721e12a7f628b6873/src/aiohttp/connector.py. @asvetlov, how much do we need to care about that here? I guess it should be easy enough to add a cookie test with a huge max_age value; 252e9 or more should suffice:

>>> from datetime import datetime, timezone
>>> int((datetime.max.replace(tzinfo=timezone.utc) - datetime.now(timezone.utc)).total_seconds())
251833046966

(And 316e9 will cause an overflow with any datetime from datetime.min onwards)

[alandtse]

Decided to just add the test for max-age overflow since it wasn't hard.

[alandtse]

I honestly don't know why the Travis build failed.

Edit: Nevermind, figured it out.

[mjpieters]

Looks great to me; @asvetlov, @webknjaz, any remarks?

[asvetlov]

LGTM
The fix worth backporting to 3.x release line