[knox] branch master updated: KNOX-2479 - Fix an issue where Knox munges set-cookie header (#391)

more Tue, 08 Dec 2020 12:31:35 -0800

This is an automated email from the ASF dual-hosted git repository.

more pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git



The following commit(s) were added to refs/heads/master by this push:
     new d361481  KNOX-2479 - Fix an issue where Knox munges set-cookie header 
(#391)
d361481 is described below

commit d361481c3fca9754a82f9c780d654f1be772fd4f
Author: Sandeep Moré <[email protected]>
AuthorDate: Tue Dec 8 15:31:19 2020 -0500

    KNOX-2479 - Fix an issue where Knox munges set-cookie header (#391)
---
 .../knox/gateway/dispatch/DefaultDispatch.java     |  9 +++++++-
 .../gateway/dispatch/ConfigurableDispatchTest.java | 26 +++++++++++++++++++++-
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git 
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
 
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
index 27fe42b..4afb61e 100644
--- 
a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
+++ 
b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
@@ -382,7 +382,14 @@ public class DefaultDispatch extends 
AbstractGatewayDispatch {
           return ""; // we should exclude all -> there should not be any value 
added with this header
         } else {
           final String separator = 
SET_COOKIE.equalsIgnoreCase(headerNameToCheck) ? "; " : " ";
-          Set<String> headerValuesToCheck = new 
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split("\\s+")));
+          Set<String> headerValuesToCheck;
+          if(headerToCheck.getName().equalsIgnoreCase(SET_COOKIE)) {
+              headerValuesToCheck = new 
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split(";")));
+              /* trim */
+              headerValuesToCheck = 
headerValuesToCheck.stream().map(String::trim).collect(Collectors.toSet());
+          } else {
+              headerValuesToCheck = new 
HashSet<>(Arrays.asList(headerToCheck.getValue().trim().split("\\s+")));
+          }
           headerValuesToCheck = headerValuesToCheck.stream().map(h -> 
h.replaceAll(separator.trim(), "")).collect(Collectors.toSet());
           headerValuesToCheck.removeIf(h -> 
excludedHeaderValues.stream().anyMatch(e -> h.contains(e)));
           return headerValuesToCheck.isEmpty() ? "" : String.join(separator, 
headerValuesToCheck);
diff --git 
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/ConfigurableDispatchTest.java
 
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/ConfigurableDispatchTest.java
index 1f59869..7c341a6 100644
--- 
a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/ConfigurableDispatchTest.java
+++ 
b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/ConfigurableDispatchTest.java
@@ -325,9 +325,33 @@ public class ConfigurableDispatchTest {
     dispatch.copyResponseHeaderFields(outboundResponse, inboundResponse);
 
     assertThat(outboundResponse.getHeaderNames().size(), is(1));
-    assertThat(outboundResponse.getHeader(SET_COOKIE), is("Secure; Path=/; 
RANGERADMINSESSIONID=5C0C1805BD3B43BA8E9FC04A63586505; HttpOnly"));
+    assertThat(outboundResponse.getHeader(SET_COOKIE), is("Secure; Path=/; 
HttpOnly; RANGERADMINSESSIONID=5C0C1805BD3B43BA8E9FC04A63586505"));
   }
 
+    /**
+     * Test a case where SET-COOKIE header does not use spaces
+     * @throws Exception
+     */
+    @Test
+    public void testAllowSetCookieHeaderNoSpaces() throws Exception {
+        final Header[] headers = new Header[] {
+                new BasicHeader(SET_COOKIE, 
"SESSION=e69d3d08-7452-45cb-90bb-9cdde3fa1342;Path=/;HttpOnly")};
+        final HttpResponse inboundResponse = 
EasyMock.createNiceMock(HttpResponse.class);
+        
EasyMock.expect(inboundResponse.getAllHeaders()).andReturn(headers).anyTimes();
+        EasyMock.replay(inboundResponse);
+
+        final ConfigurableDispatch dispatch = new ConfigurableDispatch();
+
+        final String setCookieExludeHeaders = "WWW-AUTHENTICATE";
+        dispatch.setResponseExcludeHeaders(setCookieExludeHeaders);
+
+        final HttpServletResponse outboundResponse = new 
MockHttpServletResponse();
+        dispatch.copyResponseHeaderFields(outboundResponse, inboundResponse);
+
+        assertThat(outboundResponse.getHeaderNames().size(), is(1));
+        assertThat(outboundResponse.getHeader(SET_COOKIE), 
is("SESSION=e69d3d08-7452-45cb-90bb-9cdde3fa1342; Path=/; HttpOnly"));
+    }
+
   /**
    * Case where auth cookie can be configured to pass through
    *

[knox] branch master updated: KNOX-2479 - Fix an issue where Knox munges set-cookie header (#391)

Reply via email to