From 6f49a9466aaadfad0073c571e023436a9f96bc73 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@sonarsource.com>
Date: Tue, 14 Jun 2016 11:27:10 +0200
Subject: SONAR-7713 Use JWT session

---
 .../src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb   | 2 ++
 server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb | 2 +-
 server/sonar-web/src/main/webapp/WEB-INF/web.xml                     | 5 +++++
 3 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'server/sonar-web/src/main/webapp')

diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
index 6916ab175c6..6aa2110123a 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
@@ -45,6 +45,7 @@ class SessionsController < ApplicationController
           self.current_user.remember_me
           cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at, :http_only => true }
         end
+        set_user_session
         redirect_back_or_default(home_url)
       else
         render_unauthenticated
@@ -60,6 +61,7 @@ class SessionsController < ApplicationController
       self.current_user.forget_me
     end
     cookies.delete :auth_token
+    cookies.delete 'JWT-SESSION'
     flash[:notice]=message('session.flash_notice.logged_out')
     redirect_to(home_path)
     reset_session
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
index ad49b055c13..3a911f78f74 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/lib/authenticated_system.rb
@@ -8,7 +8,7 @@ module AuthenticatedSystem
   # Accesses the current user from the session.
   # Future calls avoid the database because nil is not equal to false.
   def current_user
-    @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+    @current_user ||= (login_from_session || login_from_basic_auth) unless @current_user == false
   end
 
   # Store the given user id in the session.
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/web.xml b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
index 504ee37e03c..d4402205359 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/web.xml
+++ b/server/sonar-web/src/main/webapp/WEB-INF/web.xml
@@ -42,6 +42,11 @@
       <param-name>addsHtmlToPathInfo</param-name>
       <param-value>false</param-value>
     </init-param>
+    <!--Do not reset unhandled response in order to be able to add cookie in java servlet -->
+    <init-param>
+      <param-name>resetUnhandledResponse</param-name>
+      <param-value>false</param-value>
+    </init-param>
   </filter>
   <filter>
     <filter-name>SecurityFilter</filter-name>
-- 
cgit v1.2.3