You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2021/12/09 23:58:35 UTC
[couchdb] branch always-send-all-cookie-attributes-main created (now 6aba65b)
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a change to branch always-send-all-cookie-attributes-main
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
at 6aba65b Always send all cookie attributes
This branch includes the following new commits:
new 6aba65b Always send all cookie attributes
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[couchdb] 01/01: Always send all cookie attributes
Posted by rn...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch always-send-all-cookie-attributes-main
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 6aba65b97f160b60e894b5be6eaf9c2b1148fa13
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Dec 9 19:17:59 2021 +0000
Always send all cookie attributes
---
src/couch/src/couch_httpd_auth.erl | 37 ++++++++++++++++++++++---------------
1 file changed, 22 insertions(+), 15 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index ed6b1e6..363f09f 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -409,9 +409,18 @@ cookie_auth_cookie(Req, User, Secret, TimeStamp) ->
mochiweb_cookies:cookie(
"AuthSession",
couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)),
- [{path, "/"}] ++ cookie_scheme(Req) ++ max_age() ++ cookie_domain() ++ same_site()
+ cookie_attributes(Req)
).
+clear_auth_cookie(Req) ->
+ mochiweb_cookies:cookie(
+ "AuthSession", "", cookie_attributes(Req)
+ ).
+
+cookie_attributes(Req) ->
+ Attributes = [path(), http_only(), max_age(), cookie_scheme(Req), max_age(), cookie_domain(), same_site()],
+ lists:flatten(Attributes).
+
ensure_cookie_auth_secret() ->
case chttpd_util:get_chttpd_auth_config("secret") of
undefined ->
@@ -485,9 +494,7 @@ handle_session_req(#httpd{method = 'POST', mochi_req = MochiReq} = Req, AuthModu
false ->
authentication_warning(Req, UserName),
% clear the session
- Cookie = mochiweb_cookies:cookie(
- "AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)
- ),
+ Cookie = clear_auth_cookie(Req),
{Code, Headers} =
case couch_httpd:qs_value(Req, "fail", nil) of
nil ->
@@ -544,12 +551,7 @@ handle_session_req(#httpd{method = 'GET', user_ctx = UserCtx} = Req, _AuthModule
end;
% logout by deleting the session
handle_session_req(#httpd{method = 'DELETE'} = Req, _AuthModule) ->
- Cookie = mochiweb_cookies:cookie(
- "AuthSession",
- "",
- [{path, "/"}] ++
- cookie_domain() ++ cookie_scheme(Req) ++ same_site()
- ),
+ Cookie = clear_auth_cookie(Req),
{Code, Headers} =
case couch_httpd:qs_value(Req, "next", nil) of
nil ->
@@ -616,12 +618,17 @@ make_cookie_time() ->
{NowMS, NowS, _} = os:timestamp(),
NowMS * 1000000 + NowS.
+path() ->
+ {path, "/"}.
+
+http_only() ->
+ {http_only, true}.
+
cookie_scheme(#httpd{mochi_req = MochiReq}) ->
- [{http_only, true}] ++
- case MochiReq:get(scheme) of
- http -> [];
- https -> [{secure, true}]
- end.
+ case MochiReq:get(scheme) of
+ http -> [];
+ https -> [{secure, true}]
+ end.
max_age() ->
case