Brion VIBBER has submitted this change and it was merged. Change subject: Fix cookie handling to support .wikipedia.org cookies ......................................................................
Fix cookie handling to support .wikipedia.org cookies This makes centralauth work - you can login on any wiki and then just edit on any other wiki. Change-Id: I52a2cd3d8990edfca05376797765e9e3fe058ea0 --- M wikipedia/src/main/java/org/wikipedia/SharedPreferenceCookieManager.java 1 file changed, 30 insertions(+), 14 deletions(-) Approvals: Brion VIBBER: Verified; Looks good to me, approved diff --git a/wikipedia/src/main/java/org/wikipedia/SharedPreferenceCookieManager.java b/wikipedia/src/main/java/org/wikipedia/SharedPreferenceCookieManager.java index f1356ab..1cbfd95 100644 --- a/wikipedia/src/main/java/org/wikipedia/SharedPreferenceCookieManager.java +++ b/wikipedia/src/main/java/org/wikipedia/SharedPreferenceCookieManager.java @@ -34,12 +34,20 @@ } Map<String, List<String>> cookieMap = new HashMap<String, List<String>>(); + ArrayList<String> cookiesList = new ArrayList<String>(); - Map<String, String> cookies = cookieJar.get(uri.getAuthority()); + String domain = uri.getAuthority(); - if (cookies != null) { - cookieMap.put("Cookie", makeCookieList(cookies)); + for (String domainSpec: cookieJar.keySet()) { + // Very weak domain matching. + // Primarily to make sure that cookies set for .wikipedia.org are sent for en.wikipedia.org + // FIXME: Whitelist the domains we accept cookies from/send cookies to. SECURITY!!!1 + if (domain.endsWith(domainSpec)) { + cookiesList.addAll(makeCookieList(cookieJar.get(domainSpec))); + } } + + cookieMap.put("Cookie", cookiesList); return Collections.unmodifiableMap(cookieMap); } @@ -51,33 +59,41 @@ throw new IllegalArgumentException("Argument is null"); } + HashSet<String> domainsModified = new HashSet<String>(); + for (String headerKey : responseHeaders.keySet()) { if (headerKey == null || !headerKey.equalsIgnoreCase("Set-Cookie")) { continue; } - String domain = uri.getAuthority(); - for (String headerValue : responseHeaders.get(headerKey)) { try { List<HttpCookie> cookies = HttpCookie.parse(headerValue); - if (!cookieJar.containsKey(domain)) { - cookieJar.put(domain, new HashMap<String, String>()); - } for (HttpCookie cookie : cookies) { - cookieJar.get(domain).put(cookie.getName(), cookie.getValue()); + // Default to the URI's domain if domain is not explicitly set + String domainSpec = cookie.getDomain() == null ? uri.getAuthority() : cookie.getDomain(); + if (!cookieJar.containsKey(domainSpec)) { + cookieJar.put(domainSpec, new HashMap<String, String>()); + } + cookieJar.get(domainSpec).put(cookie.getName(), cookie.getValue()); + domainsModified.add(domainSpec); } } catch (IllegalArgumentException e) { // invalid set-cookie header string // no-op } } - String prefKey = String.format(WikipediaApp.PREFERENCE_COOKIES_FOR_DOMAINS, domain); - prefs.edit() - .putString(prefKey, makeString(makeCookieList(cookieJar.get(domain)))) - .putString(WikipediaApp.PREFERENCE_COOKIE_DOMAINS, makeString(cookieJar.keySet())) - .commit(); } + + SharedPreferences.Editor editor = prefs.edit(); + editor.putString(WikipediaApp.PREFERENCE_COOKIE_DOMAINS, makeString(cookieJar.keySet())); + + for (String domain : domainsModified) { + String prefKey = String.format(WikipediaApp.PREFERENCE_COOKIES_FOR_DOMAINS, domain); + editor.putString(prefKey, makeString(makeCookieList(cookieJar.get(domain)))); + + } + editor.commit(); } @Override -- To view, visit https://gerrit.wikimedia.org/r/112886 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I52a2cd3d8990edfca05376797765e9e3fe058ea0 Gerrit-PatchSet: 1 Gerrit-Project: apps/android/wikipedia Gerrit-Branch: master Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com> Gerrit-Reviewer: Brion VIBBER <br...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits