]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec6ea38)
SONAR-7713 SONAR-7733 Context path of cookies is now always "/"
authorJulien Lancelot <julien.lancelot@sonarsource.com>
Fri, 17 Jun 2016 11:30:13 +0000 (13:30 +0200)
committerJulien Lancelot <julien.lancelot@sonarsource.com>
Fri, 17 Jun 2016 11:30:13 +0000 (13:30 +0200)
 It's useless to set the context path of cookies to the web context.
 Moreover, settings the web context in cookie's path will prevent rails to remove the cookie as it's only using '/'

server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java patch | blob | history
server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java patch | blob | history
server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java patch | blob | history
server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java patch | blob | history

diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
index 03643101f19deac532d8b95aafbbb803253f2e58..01c2adc46b088e8e24f8d463c38e19609126f5ee 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtCsrfVerifier.java
@@ -105,7 +105,7 @@ public class JwtCsrfVerifier {
 
   private Cookie createCookie(@Nullable String csrfState, int timeoutInSeconds){
     Cookie cookie = new Cookie(CSRF_STATE_COOKIE, csrfState);
-    cookie.setPath(server.getContextPath() + "/");
+    cookie.setPath("/");
     cookie.setSecure(server.isSecured());
     cookie.setHttpOnly(false);
     cookie.setMaxAge(timeoutInSeconds);
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
index 12e61f09321c037835d9cf7dbafd46008fada0c4..4f77ffe8c07c76500721ff50234664b6723749cb 100644 (file)
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/JwtHttpHandler.java
@@ -150,7 +150,7 @@ public class JwtHttpHandler {
 
   private Cookie createCookie(String name, @Nullable String value, int expirationInSeconds) {
     Cookie cookie = new Cookie(name, value);
-    cookie.setPath(server.getContextPath() + "/");
+    cookie.setPath("/");
     cookie.setSecure(server.isSecured());
     cookie.setHttpOnly(true);
     cookie.setMaxAge(expirationInSeconds);
diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
index 7cc73d57e67055f054c472d0ae6f4934f4f59c32..ab15b2d4027dfe1f2c11422885d521ae74ba051c 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtCsrfVerifierTest.java
@@ -54,7 +54,6 @@ public class JwtCsrfVerifierTest {
 
   @Before
   public void setUp() throws Exception {
-    when(server.getContextPath()).thenReturn("");
     when(request.getContextPath()).thenReturn("");
   }
 
diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java
index 8ec20f37ebff9834681a3e523497d973632af9f0..4523c24bf93360b9db0d9ad486f4e57b0482ebff 100644 (file)
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/JwtHttpHandlerTest.java
@@ -99,7 +99,6 @@ public class JwtHttpHandlerTest {
   public void setUp() throws Exception {
     when(system2.now()).thenReturn(NOW);
     when(server.isSecured()).thenReturn(true);
-    when(server.getContextPath()).thenReturn("");
     when(request.getSession()).thenReturn(httpSession);
     when(jwtSerializer.encode(any(JwtSerializer.JwtSession.class))).thenReturn(JWT_TOKEN);
     when(jwtCsrfVerifier.generateState(eq(response), anyInt())).thenReturn(CSRF_STATE);
Continuous Inspection: https://github.com/SonarSource/sonarqube