Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9ce2437

Browse files
committed
feat: allow prefixing coder_session_token cookie
1 parentdd2fb89 commit9ce2437

21 files changed

+59
-38
lines changed

‎coderd/apikey.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -418,7 +418,7 @@ func (api *API) createAPIKey(ctx context.Context, params apikey.CreateParams) (*
418418
})
419419

420420
returnapi.DeploymentValues.HTTPCookies.Apply(&http.Cookie{
421-
Name:codersdk.SessionTokenCookie,
421+
Name:codersdk.GetSessionTokenCookie(),
422422
Value:sessionToken,
423423
Path:"/",
424424
HttpOnly:true,

‎coderd/coderd_test.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -373,7 +373,7 @@ func TestCSRFExempt(t *testing.T) {
373373
u:=client.URL.JoinPath(fmt.Sprintf("/@%s/%s.%s/apps/%s",owner.Username,wrk.Workspace.Name,agentSlug,appSlug)).String()
374374
req,err:=http.NewRequestWithContext(ctx,http.MethodPost,u,nil)
375375
req.AddCookie(&http.Cookie{
376-
Name:codersdk.SessionTokenCookie,
376+
Name:codersdk.GetSessionTokenCookie(),
377377
Value:client.SessionToken(),
378378
Path:"/",
379379
Domain:client.URL.String(),

‎coderd/coderdtest/coderdtest.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1333,7 +1333,7 @@ func RequestExternalAuthCallback(t testing.TB, providerID string, client *coders
13331333
Value:state,
13341334
})
13351335
req.AddCookie(&http.Cookie{
1336-
Name:codersdk.SessionTokenCookie,
1336+
Name:codersdk.GetSessionTokenCookie(),
13371337
Value:client.SessionToken(),
13381338
})
13391339
for_,opt:=rangeopts {

‎coderd/coderdtest/oidctest/idp.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -624,7 +624,7 @@ func (f *FakeIDP) LoginWithClient(t testing.TB, client *codersdk.Client, idToken
624624
varuser*codersdk.Client
625625
cookies:=cli.Jar.Cookies(client.URL)
626626
for_,cookie:=rangecookies {
627-
ifcookie.Name==codersdk.SessionTokenCookie {
627+
ifcookie.Name==codersdk.GetSessionTokenCookie() {
628628
user=codersdk.New(client.URL)
629629
user.SetSessionToken(cookie.Value)
630630
}

‎coderd/httpapi/cookie.go‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ func StripCoderCookies(header string) string {
2020
continue
2121
}
2222
name,_,_:=strings.Cut(part,"=")
23-
ifname==codersdk.SessionTokenCookie||
23+
ifname==codersdk.GetSessionTokenCookie()||
2424
name==codersdk.OAuth2StateCookie||
2525
name==codersdk.OAuth2RedirectCookie||
2626
name==codersdk.PathAppSessionTokenCookie||

‎coderd/httpmw/apikey.go‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -159,7 +159,7 @@ func APIKeyFromRequest(ctx context.Context, db database.Store, sessionTokenFunc
159159
iftoken=="" {
160160
returnnil, codersdk.Response{
161161
Message:SignedOutErrorMessage,
162-
Detail:fmt.Sprintf("Cookie %q or query parameter must be provided.",codersdk.SessionTokenCookie),
162+
Detail:fmt.Sprintf("Cookie %q or query parameter must be provided.",codersdk.GetSessionTokenCookie()),
163163
},false
164164
}
165165

@@ -711,12 +711,12 @@ func APITokenFromRequest(r *http.Request) string {
711711
// Prioritize existing Coder custom authentication methods first
712712
// to maintain backward compatibility and existing behavior
713713

714-
cookie,err:=r.Cookie(codersdk.SessionTokenCookie)
714+
cookie,err:=r.Cookie(codersdk.GetSessionTokenCookie())
715715
iferr==nil&&cookie.Value!="" {
716716
returncookie.Value
717717
}
718718

719-
urlValue:=r.URL.Query().Get(codersdk.SessionTokenCookie)
719+
urlValue:=r.URL.Query().Get(codersdk.GetSessionTokenCookie())
720720
ifurlValue!="" {
721721
returnurlValue
722722
}

‎coderd/httpmw/apikey_test.go‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,7 @@ func TestAPIKey(t *testing.T) {
320320
rw=httptest.NewRecorder()
321321
)
322322
r.AddCookie(&http.Cookie{
323-
Name:codersdk.SessionTokenCookie,
323+
Name:codersdk.GetSessionTokenCookie(),
324324
Value:token,
325325
})
326326

@@ -357,7 +357,7 @@ func TestAPIKey(t *testing.T) {
357357
rw=httptest.NewRecorder()
358358
)
359359
q:=r.URL.Query()
360-
q.Add(codersdk.SessionTokenCookie,token)
360+
q.Add(codersdk.GetSessionTokenCookie(),token)
361361
r.URL.RawQuery=q.Encode()
362362

363363
httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{

‎coderd/httpmw/csrf.go‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ func CSRF(cookieCfg codersdk.HTTPCookieConfig) func(next http.Handler) http.Hand
2121
mw:=nosurf.New(next)
2222
mw.SetBaseCookie(*cookieCfg.Apply(&http.Cookie{Path:"/",HttpOnly:true}))
2323
mw.SetFailureHandler(http.HandlerFunc(func(w http.ResponseWriter,r*http.Request) {
24-
sessCookie,err:=r.Cookie(codersdk.SessionTokenCookie)
24+
sessCookie,err:=r.Cookie(codersdk.GetSessionTokenCookie())
2525
iferr==nil&&
2626
r.Header.Get(codersdk.SessionTokenHeader)!=""&&
2727
r.Header.Get(codersdk.SessionTokenHeader)!=sessCookie.Value {
@@ -32,7 +32,7 @@ func CSRF(cookieCfg codersdk.HTTPCookieConfig) func(next http.Handler) http.Hand
3232
fmt.Sprintf("CSRF error encountered. Authentication via %q cookie and %q header detected, but the values do not match. "+
3333
"To resolve this issue ensure the values used in both match, or only use one of the authentication methods. "+
3434
"You can also try clearing your cookies if this error persists.",
35-
codersdk.SessionTokenCookie,codersdk.SessionTokenHeader),
35+
codersdk.GetSessionTokenCookie(),codersdk.SessionTokenHeader),
3636
http.StatusBadRequest)
3737
return
3838
}
@@ -70,7 +70,7 @@ func CSRF(cookieCfg codersdk.HTTPCookieConfig) func(next http.Handler) http.Hand
7070
// CSRF only affects requests that automatically attach credentials via a cookie.
7171
// If no cookie is present, then there is no risk of CSRF.
7272
//nolint:govet
73-
sessCookie,err:=r.Cookie(codersdk.SessionTokenCookie)
73+
sessCookie,err:=r.Cookie(codersdk.GetSessionTokenCookie())
7474
ifxerrors.Is(err,http.ErrNoCookie) {
7575
returntrue
7676
}
@@ -82,7 +82,7 @@ func CSRF(cookieCfg codersdk.HTTPCookieConfig) func(next http.Handler) http.Hand
8282
returntrue
8383
}
8484

85-
iftoken:=r.URL.Query().Get(codersdk.SessionTokenCookie);token==sessCookie.Value {
85+
iftoken:=r.URL.Query().Get(codersdk.GetSessionTokenCookie());token==sessCookie.Value {
8686
// If the auth is set in a url param and matches the cookie, it
8787
// is the same as just using the url param.
8888
returntrue

‎coderd/httpmw/csrf_test.go‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ func TestCSRFExemptList(t *testing.T) {
6363
r,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,c.URL,nil)
6464
require.NoError(t,err)
6565

66-
r.AddCookie(&http.Cookie{Name:codersdk.SessionTokenCookie,Value:"test"})
66+
r.AddCookie(&http.Cookie{Name:codersdk.GetSessionTokenCookie(),Value:"test"})
6767
exempt:=csrfmw.IsExempt(r)
6868
require.Equal(t,c.Exempt,exempt)
6969
})
@@ -96,7 +96,7 @@ func TestCSRFError(t *testing.T) {
9696
req,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,urlPath,nil)
9797
require.NoError(t,err)
9898

99-
req.AddCookie(&http.Cookie{Name:codersdk.SessionTokenCookie,Value:"session_token_value"})
99+
req.AddCookie(&http.Cookie{Name:codersdk.GetSessionTokenCookie(),Value:"session_token_value"})
100100
req.AddCookie(&http.Cookie{Name:nosurf.CookieName,Value:csrfCookieValue})
101101
req.Header.Add(nosurf.HeaderName,csrfHeaderValue)
102102

@@ -113,7 +113,7 @@ func TestCSRFError(t *testing.T) {
113113
req,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,urlPath,nil)
114114
require.NoError(t,err)
115115

116-
req.AddCookie(&http.Cookie{Name:codersdk.SessionTokenCookie,Value:"session_token_value"})
116+
req.AddCookie(&http.Cookie{Name:codersdk.GetSessionTokenCookie(),Value:"session_token_value"})
117117
req.AddCookie(&http.Cookie{Name:nosurf.CookieName,Value:csrfCookieValue})
118118

119119
rec:=httptest.NewRecorder()
@@ -132,7 +132,7 @@ func TestCSRFError(t *testing.T) {
132132
req,err:=http.NewRequestWithContext(context.Background(),http.MethodPost,urlPath,nil)
133133
require.NoError(t,err)
134134

135-
req.AddCookie(&http.Cookie{Name:codersdk.SessionTokenCookie,Value:"session_token_value"})
135+
req.AddCookie(&http.Cookie{Name:codersdk.GetSessionTokenCookie(),Value:"session_token_value"})
136136
req.AddCookie(&http.Cookie{Name:nosurf.CookieName,Value:csrfCookieValue})
137137
req.Header.Add(codersdk.SessionTokenHeader,"mismatched_value")
138138

‎coderd/httpmw/rfc6750_extended_test.go‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -262,7 +262,7 @@ func TestOAuth2BearerTokenPrecedence(t *testing.T) {
262262
req:=httptest.NewRequest("GET","/test",nil)
263263
// Set both cookie and Bearer header - cookie should take precedence
264264
req.AddCookie(&http.Cookie{
265-
Name:codersdk.SessionTokenCookie,
265+
Name:codersdk.GetSessionTokenCookie(),
266266
Value:validToken,
267267
})
268268
req.Header.Set("Authorization","Bearer invalid-token")
@@ -279,7 +279,7 @@ func TestOAuth2BearerTokenPrecedence(t *testing.T) {
279279
// Set both query parameter and Bearer header - query should take precedence
280280
u,_:=url.Parse("/test")
281281
q:=u.Query()
282-
q.Set(codersdk.SessionTokenCookie,validToken)
282+
q.Set(codersdk.GetSessionTokenCookie(),validToken)
283283
u.RawQuery=q.Encode()
284284

285285
req:=httptest.NewRequest("GET",u.String(),nil)
@@ -329,13 +329,13 @@ func TestOAuth2BearerTokenPrecedence(t *testing.T) {
329329
u,_:=url.Parse("/test")
330330
q:=u.Query()
331331
q.Set("access_token",validToken)
332-
q.Set(codersdk.SessionTokenCookie,validToken)
332+
q.Set(codersdk.GetSessionTokenCookie(),validToken)
333333
u.RawQuery=q.Encode()
334334

335335
req:=httptest.NewRequest("GET",u.String(),nil)
336336
req.Header.Set("Authorization","Bearer "+validToken)
337337
req.AddCookie(&http.Cookie{
338-
Name:codersdk.SessionTokenCookie,
338+
Name:codersdk.GetSessionTokenCookie(),
339339
Value:validToken,
340340
})
341341
rec:=httptest.NewRecorder()

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp