URL: https://github.com/freeipa/freeipa/pull/610
Author: stlaz
 Title: #610: [4.3] Fix cookie with Max-Age processing
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/610/head:pr610
git checkout pr610
From e717a37eb83960e0c2540cc09f21ac18a7011b6f Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Thu, 2 Mar 2017 09:11:34 +0100
Subject: [PATCH 1/2] Fix cookie with Max-Age processing

When cookie has Max-Age set it tries to get expiration by adding
to a timestamp. Without this patch the timestamp would be set to
None and thus the addition of timestamp + max_age fails

https://pagure.io/freeipa/issue/6774
---
 ipalib/rpc.py       | 13 +++++++++----
 ipapython/cookie.py |  5 ++++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index 207149e..ef3a2a7 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -693,8 +693,11 @@ def store_session_cookie(self, cookie_header):
 
         # Search for the session cookie
         try:
-            session_cookie = Cookie.get_named_cookie_from_string(cookie_header,
-                                                                 COOKIE_NAME, request_url)
+            session_cookie = (
+                    Cookie.get_named_cookie_from_string(
+                        cookie_header, COOKIE_NAME, request_url,
+                        timestamp=datetime.datetime.utcnow())
+            )
         except Exception as e:
             root_logger.error("unable to parse cookie header '%s': %s", cookie_header, e)
             return
@@ -788,8 +791,10 @@ def get_session_cookie_from_persistent_storage(self, principal):
 
         # Search for the session cookie within the cookie string
         try:
-            session_cookie = Cookie.get_named_cookie_from_string(cookie_string, COOKIE_NAME)
-        except Exception as e:
+            session_cookie = Cookie.get_named_cookie_from_string(
+                cookie_string, COOKIE_NAME,
+                timestamp=datetime.datetime.utcnow())
+        except Exception:
             return None
 
         return session_cookie
diff --git a/ipapython/cookie.py b/ipapython/cookie.py
index d32640a..6f7bc6c 100644
--- a/ipapython/cookie.py
+++ b/ipapython/cookie.py
@@ -321,7 +321,8 @@ def parse(cls, cookie_string, request_url=None):
         return cookies
 
     @classmethod
-    def get_named_cookie_from_string(cls, cookie_string, cookie_name, request_url=None):
+    def get_named_cookie_from_string(cls, cookie_string, cookie_name,
+                                     request_url=None, timestamp=None):
         '''
         A cookie string may contain multiple cookies, parse the cookie
         string and return the last cookie in the string matching the
@@ -343,6 +344,8 @@ def get_named_cookie_from_string(cls, cookie_string, cookie_name, request_url=No
             if cookie.key == cookie_name:
                 target_cookie = cookie
 
+        if timestamp is not None:
+            target_cookie.timestamp = timestamp
         if request_url is not None:
             target_cookie.normalize(request_url)
         return target_cookie

From 0612ea603c59c0818c1a32313fd442a6c5c3ce92 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Fri, 17 Mar 2017 08:55:30 +0100
Subject: [PATCH 2/2] Add debug log in case cookie retrieval went wrong

https://pagure.io/freeipa/issue/6774
---
 ipalib/rpc.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipalib/rpc.py b/ipalib/rpc.py
index ef3a2a7..556e5c2 100644
--- a/ipalib/rpc.py
+++ b/ipalib/rpc.py
@@ -794,7 +794,10 @@ def get_session_cookie_from_persistent_storage(self, principal):
             session_cookie = Cookie.get_named_cookie_from_string(
                 cookie_string, COOKIE_NAME,
                 timestamp=datetime.datetime.utcnow())
-        except Exception:
+        except Exception as e:
+            self.log.debug(
+                'Error retrieving cookie from the persistent storage: {err}'
+                .format(err=e))
             return None
 
         return session_cookie
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to