You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2020/04/02 17:39:42 UTC
[couchdb] 02/04: Merge pull request #2657 from apache/cookie-domain-delete

This is an automated email from the ASF dual-hosted git repository.

rnewson pushed a commit to branch 3.x-backports-from-master
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit b6349aad301074a40fea60d93a6e3fbe5f1e6873
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Mar 12 11:21:27 2020 +0000

    Merge pull request #2657 from apache/cookie-domain-delete
    
    Set cookie domain when DELETE'ing
---
 src/couch/src/couch_httpd_auth.erl                   |  3 ++-
 src/couch/test/eunit/couchdb_cookie_domain_tests.erl | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 5e44503..43ecda9 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -365,7 +365,8 @@ handle_session_req(#httpd{method='GET', user_ctx=UserCtx}=Req, _AuthModule) ->
     end;
 % logout by deleting the session
 handle_session_req(#httpd{method='DELETE'}=Req, _AuthModule) ->
-    Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
+    Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++
+        cookie_domain() ++ cookie_scheme(Req)),
     {Code, Headers} = case couch_httpd:qs_value(Req, "next", nil) of
         nil ->
             {200, [Cookie]};
diff --git a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
index e66ab31..c46352f 100755
--- a/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
+++ b/src/couch/test/eunit/couchdb_cookie_domain_tests.erl
@@ -43,7 +43,8 @@ cookie_test_() ->
             fun({ok, Url, ContentType, Payload, _}) ->
                 [
                     should_set_cookie_domain(Url, ContentType, Payload),
-                    should_not_set_cookie_domain(Url, ContentType, Payload)
+                    should_not_set_cookie_domain(Url, ContentType, Payload),
+                    should_delete_cookie_domain(Url, ContentType, Payload)
                 ]
             end
         }
@@ -67,3 +68,13 @@ should_not_set_cookie_domain(Url, ContentType, Payload) ->
         Cookie = proplists:get_value("Set-Cookie", Headers),
         ?assertEqual(0, string:str(Cookie, "; Domain="))
     end).
+
+should_delete_cookie_domain(Url, ContentType, Payload) ->
+    ?_test(begin
+        ok = config:set("couch_httpd_auth", "cookie_domain",
+            "example.com", false),
+        {ok, Code, Headers, _} = test_request:delete(Url, ContentType, Payload),
+        ?assertEqual(200, Code),
+        Cookie = proplists:get_value("Set-Cookie", Headers),
+        ?assert(string:str(Cookie, "; Domain=example.com") > 0)
+    end).