You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/04/02 17:39:42 UTC
[couchdb] 02/04: Merge pull request #2657 from
apache/cookie-domain-delete
This is an automated email from the ASF dual-hosted git repository.
rnewson pushed a commit to branch 3.x-backports-from-master
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit b6349aad301074a40fea60d93a6e3fbe5f1e6873
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Mar 12 11:21:27 2020 +0000
Merge pull request #2657 from apache/cookie-domain-delete
Set cookie domain when DELETE'ing
---
src/couch/src/couch_httpd_auth.erl | 3 ++-
src/couch/test/eunit/couchdb_cookie_domain_tests.erl | 13 ++++++++++++-
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 5e44503..43ecda9 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -365,7 +365,8 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req, _AuthModule) ->
end;
% logout by deleting the session
handle_session_req(#httpd{method='DELETE'}=Req, _AuthModule) ->
- Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
+ Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++
+ cookie_domain() ++ cookie_scheme(Req)),
{Code, Headers} = case couch_httpd:qs_value(Req, "next", nil) of
nil ->
{200, [Cookie]};
diff --git a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
index e66ab31..c46352f 100755
--- a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
+++ b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
@@ -43,7 +43,8 @@ cookie_test_() ->
fun({ok, Url, ContentType, Payload, _}) ->
[
should_set_cookie_domain(Url, ContentType, Payload),
- should_not_set_cookie_domain(Url, ContentType, Payload)
+ should_not_set_cookie_domain(Url, ContentType, Payload),
+ should_delete_cookie_domain(Url, ContentType, Payload)
]
end
}
@@ -67,3 +68,13 @@ should_not_set_cookie_domain(Url, ContentType, Payload) ->
Cookie = proplists:get_value("Set-Cookie", Headers),
?assertEqual(0, string:str(Cookie, "; Domain="))
end).
+
+should_delete_cookie_domain(Url, ContentType, Payload) ->
+ ?_test(begin
+ ok = config:set("couch_httpd_auth", "cookie_domain",
+ "example.com", false),
+ {ok, Code, Headers, _} = test_request:delete(Url, ContentType, Payload),
+ ?assertEqual(200, Code),
+ Cookie = proplists:get_value("Set-Cookie", Headers),
+ ?assert(string:str(Cookie, "; Domain=example.com") > 0)
+ end).