You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ponymail.apache.org by se...@apache.org on 2017/04/12 21:23:59 UTC

incubator-ponymail git commit: Allow insecure cookie (config item intended for local testing only)

Repository: incubator-ponymail
Updated Branches:
  refs/heads/master f7df316e9 -> 438975124


Allow insecure cookie (config item intended for local testing only) 

This updates #355

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/43897512
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/43897512
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/43897512

Branch: refs/heads/master
Commit: 4389751240d3e3ff1af66a239e0fa93be503658a
Parents: f7df316
Author: Sebb <se...@apache.org>
Authored: Wed Apr 12 22:23:55 2017 +0100
Committer: Sebb <se...@apache.org>
Committed: Wed Apr 12 22:23:55 2017 +0100

----------------------------------------------------------------------
 CHANGELOG.md          | 1 +
 site/api/lib/user.lua | 8 +++++++-
 tools/setup.py        | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/43897512/CHANGELOG.md
----------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e4ab96f..39fdda5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -136,6 +136,7 @@
 - useless conditional when fetching id parameter (#353)
 - ES 5.0 no longer supports the write consistency option for index(); archiver fails (#351)
 - Cookie should use httpOnly and Secure (#355)
+- Allow insecure cookie (config item intended for local testing only) (#355)
 - crash in import-mbox when list-id is missing and --lid is not provided (#358)
 - archiver traverses multi-part message parts twice (#359)
 - Add unsubscribe button (#362)

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/43897512/site/api/lib/user.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/user.lua b/site/api/lib/user.lua
index 9140a53..57c65ac 100644
--- a/site/api/lib/user.lua
+++ b/site/api/lib/user.lua
@@ -16,6 +16,12 @@
 ]]--
 
 local elastic = require 'lib/elastic'
+local config = require 'lib/config'
+
+-- allow local override of secure cookie attribute
+-- Note: the config item is named to make it more obvious that enabling it is not recommended
+-- This makes the expression below a bit more complicated
+local SECURE = not(config.allow_insecure_cookie or false)
 
 -- Get user data from DB
 local function getUser(r, override)
@@ -82,7 +88,7 @@ local function updateUser(r, cid, data)
     r:setcookie{
         key = "ponymail",
         value = cookie .. "==" .. (cid),
-        secure = true,
+        secure = SECURE,
         httponly = true,
         path = "/"
     }

http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/43897512/tools/setup.py
----------------------------------------------------------------------
diff --git a/tools/setup.py b/tools/setup.py
index 4798e15..26dc1ed 100755
--- a/tools/setup.py
+++ b/tools/setup.py
@@ -515,6 +515,7 @@ local config = {
 --            env = 'subprocess' -- use environment vars instead of request headers
 --        }
     },
+--  allow_insecure_cookie = true, -- override the default (false) - only use for test installations 
 --  no_association = {}, -- domains that are not allowed for email association
 --  listsDisplay = 'regex', -- if defined, hide list names that don't match the regex
     antispam = true  -- Whether or not to add anti-spam measures aimed at anonymous users.