darkkirb/harness-drone
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ability to set cookie secure flag, closes #2671

Browse source
This commit is contained in:
Brad Rydzewski 2019-04-19 12:32:35 -07:00
parent 7ee969e589
commit 16707c4bdb
6 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -16,10 +16,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- endpoint to purge repository from database, by [@bradrydzewski](https://github.com/bradrydzewski).
- support for per-organization secrets, by [@bradrydzewski](https://github.com/bradrydzewski).
- include system metadata in global webhooks, by [@bradrydzewski](https://github.com/bradrydzewski).
- ability to customize cookie secure flag, by [@bradrydzewski](https://github.com/bradrydzewski).
- update drone-yaml from version 1.0.6 to 1.0.8.
- update drone-runtime from version 1.0.4 to 1.0.6.
- update go-scm from version 1.0.3 to 1.0.4.
### Fixed
- fixed error in mysql table creation syntax, from [@xuyang2](https://github.com/xuyang2). [#2677](https://github.com/drone/drone/pull/2677).
## [1.0.1] - 2019-04-10
### Added

1
cmd/drone-server/config/config.go
View file

@ -256,6 +256,7 @@ type (
Session struct {
Timeout time.Duration `envconfig:"DRONE_COOKIE_TIMEOUT" default:"720h"`
Secret string `envconfig:"DRONE_COOKIE_SECRET"`
Secure bool `envconfig:"DRONE_COOKIE_SECURE"`
}
// Status provides status configurations.

3
cmd/drone-server/inject_service.go
View file

@ -95,7 +95,8 @@ func provideNetrcService(client *scm.Client, renewer core.Renewer, config config
func provideSession(store core.UserStore, config config.Config) core.Session {
return session.New(store, session.NewConfig(
config.Session.Secret,
config.Session.Timeout),
config.Session.Timeout,
config.Session.Secure),
)
}

4
session/config.go
View file

@ -18,13 +18,15 @@ import "time"
// Config provides the session configuration.
type Config struct {
Secure bool
Secret string
Timeout time.Duration
}
// NewConfig returns a new session configuration.
func NewConfig(secret string, timeout time.Duration) Config {
func NewConfig(secret string, timeout time.Duration, secure bool) Config {
return Config{
Secure: secure,
Secret: secret,
Timeout: timeout,
}

3
session/session.go
View file

@ -28,6 +28,7 @@ import (
func New(users core.UserStore, config Config) core.Session {
return &session{
secret: []byte(config.Secret),
secure: config.Secure,
timeout: config.Timeout,
users: users,
}
@ -36,6 +37,7 @@ func New(users core.UserStore, config Config) core.Session {
type session struct {
users core.UserStore
secret []byte
secure bool
timeout time.Duration
administrator string // administrator account
@ -49,6 +51,7 @@ func (s *session) Create(w http.ResponseWriter, user *core.User) error {
Path: "/",
MaxAge: 2147483647,
HttpOnly: true,
Secure: s.secure,
Value: authcookie.NewSinceNow(
user.Login,
s.timeout,

16
session/session_test.go
View file

@ -36,7 +36,7 @@ func TestGet_Token_QueryParam(t *testing.T) {
users := mock.NewMockUserStore(controller)
users.EXPECT().FindToken(gomock.Any(), mockUser.Hash).Return(mockUser, nil)
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour, false))
r := httptest.NewRequest("GET", "/?access_token=ulSxuA0FKjNiOFIchk18NNvC6ygSxdtKjiOAS", nil)
user, _ := session.Get(r)
if user != mockUser {
@ -58,7 +58,7 @@ func TestGet_Token_Header(t *testing.T) {
users := mock.NewMockUserStore(controller)
users.EXPECT().FindToken(gomock.Any(), mockUser.Hash).Return(mockUser, nil)
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour, false))
r := httptest.NewRequest("GET", "/", nil)
r.Header.Set("Authorization", "Bearer ulSxuA0FKjNiOFIchk18NNvC6ygSxdtKjiOAS")
user, _ := session.Get(r)
@ -69,7 +69,7 @@ func TestGet_Token_Header(t *testing.T) {
func TestGet_Token_NoSession(t *testing.T) {
r := httptest.NewRequest("GET", "/", nil)
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour, false))
user, _ := session.Get(r)
if user != nil {
t.Errorf("Expect empty session")
@ -84,7 +84,7 @@ func TestGet_Token_UserNotFound(t *testing.T) {
users.EXPECT().FindToken(gomock.Any(), gomock.Any()).Return(nil, sql.ErrNoRows)
r := httptest.NewRequest("GET", "/?access_token=ulSxuA0FKjNiOFIchk18NNvC6ygSxdtKjiOAS", nil)
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(users, NewConfig("correct-horse-battery-staple", time.Hour, false))
user, _ := session.Get(r)
if user != nil {
t.Errorf("Expect empty session")
@ -111,7 +111,7 @@ func TestGet_Cookie(t *testing.T) {
Name: "_session_",
Value: s,
})
session := New(users, Config{secret, time.Hour})
session := New(users, Config{false, secret, time.Hour})
user, err := session.Get(r)
if err != nil {
t.Error(err)
@ -124,7 +124,7 @@ func TestGet_Cookie(t *testing.T) {
func TestGet_Cookie_NoCookie(t *testing.T) {
r := httptest.NewRequest("GET", "/", nil)
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour, false))
user, _ := session.Get(r)
if user != nil {
t.Errorf("Expect nil user when no cookie")
@ -140,7 +140,7 @@ func TestGet_Cookie_Expired(t *testing.T) {
Value: s,
})
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour))
session := New(nil, NewConfig("correct-horse-battery-staple", time.Hour, false))
user, _ := session.Get(r)
if user != nil {
t.Errorf("Expect nil user when no cookie")
@ -162,7 +162,7 @@ func TestGet_Cookie_UserNotFound(t *testing.T) {
Value: s,
})
session := New(users, Config{secret, time.Hour})
session := New(users, Config{false, secret, time.Hour})
user, _ := session.Get(r)
if user != nil {
t.Errorf("Expect empty session")