URL: https://github.com/freeipa/freeipa/pull/610 Author: stlaz Title: #610: [4.3] Fix cookie with Max-Age processing Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/610/head:pr610 git checkout pr610
From e717a37eb83960e0c2540cc09f21ac18a7011b6f Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Thu, 2 Mar 2017 09:11:34 +0100 Subject: [PATCH 1/2] Fix cookie with Max-Age processing When cookie has Max-Age set it tries to get expiration by adding to a timestamp. Without this patch the timestamp would be set to None and thus the addition of timestamp + max_age fails https://pagure.io/freeipa/issue/6774 --- ipalib/rpc.py | 13 +++++++++---- ipapython/cookie.py | 5 ++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index 207149e..ef3a2a7 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -693,8 +693,11 @@ def store_session_cookie(self, cookie_header): # Search for the session cookie try: - session_cookie = Cookie.get_named_cookie_from_string(cookie_header, - COOKIE_NAME, request_url) + session_cookie = ( + Cookie.get_named_cookie_from_string( + cookie_header, COOKIE_NAME, request_url, + timestamp=datetime.datetime.utcnow()) + ) except Exception as e: root_logger.error("unable to parse cookie header '%s': %s", cookie_header, e) return @@ -788,8 +791,10 @@ def get_session_cookie_from_persistent_storage(self, principal): # Search for the session cookie within the cookie string try: - session_cookie = Cookie.get_named_cookie_from_string(cookie_string, COOKIE_NAME) - except Exception as e: + session_cookie = Cookie.get_named_cookie_from_string( + cookie_string, COOKIE_NAME, + timestamp=datetime.datetime.utcnow()) + except Exception: return None return session_cookie diff --git a/ipapython/cookie.py b/ipapython/cookie.py index d32640a..6f7bc6c 100644 --- a/ipapython/cookie.py +++ b/ipapython/cookie.py @@ -321,7 +321,8 @@ def parse(cls, cookie_string, request_url=None): return cookies @classmethod - def get_named_cookie_from_string(cls, cookie_string, cookie_name, request_url=None): + def get_named_cookie_from_string(cls, cookie_string, cookie_name, + request_url=None, timestamp=None): ''' A cookie string may contain multiple cookies, parse the cookie string and return the last cookie in the string matching the @@ -343,6 +344,8 @@ def get_named_cookie_from_string(cls, cookie_string, cookie_name, request_url=No if cookie.key == cookie_name: target_cookie = cookie + if timestamp is not None: + target_cookie.timestamp = timestamp if request_url is not None: target_cookie.normalize(request_url) return target_cookie From 0612ea603c59c0818c1a32313fd442a6c5c3ce92 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Fri, 17 Mar 2017 08:55:30 +0100 Subject: [PATCH 2/2] Add debug log in case cookie retrieval went wrong https://pagure.io/freeipa/issue/6774 --- ipalib/rpc.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ipalib/rpc.py b/ipalib/rpc.py index ef3a2a7..556e5c2 100644 --- a/ipalib/rpc.py +++ b/ipalib/rpc.py @@ -794,7 +794,10 @@ def get_session_cookie_from_persistent_storage(self, principal): session_cookie = Cookie.get_named_cookie_from_string( cookie_string, COOKIE_NAME, timestamp=datetime.datetime.utcnow()) - except Exception: + except Exception as e: + self.log.debug( + 'Error retrieving cookie from the persistent storage: {err}' + .format(err=e)) return None return session_cookie
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
