diff --git a/actix-redis/CHANGES.md b/actix-redis/CHANGES.md index a44213503..07fb6dd12 100644 --- a/actix-redis/CHANGES.md +++ b/actix-redis/CHANGES.md @@ -2,6 +2,9 @@ ## Unreleased - 2020-xx-xx * Implement `std::error::Error` for `Error` [#135] +* Allow the removal of Max-Age for session-only cookies. [#161] + +[#161]: https://github.com/actix/actix-extras/pull/161 ## 0.9.1 - 2020-09-12 * Enforce minimum redis-async version of 0.6.3 to workaround breaking patch change. diff --git a/actix-redis/src/session.rs b/actix-redis/src/session.rs index 773a3e491..8253c3f26 100644 --- a/actix-redis/src/session.rs +++ b/actix-redis/src/session.rs @@ -80,8 +80,9 @@ impl RedisSession { } /// Set custom cookie max-age - pub fn cookie_max_age(mut self, max_age: Duration) -> Self { - Rc::get_mut(&mut self.0).unwrap().max_age = Some(max_age); + /// Use `None` for session-only cookies + pub fn cookie_max_age(mut self, max_age: impl Into>) -> Self { + Rc::get_mut(&mut self.0).unwrap().max_age = max_age.into(); self } @@ -450,6 +451,7 @@ mod test { // Step 1: GET index // - set-cookie actix-session will be in response (session cookie #1) // - response should be: {"counter": 0, "user_id": None} + // - cookie should have default max-age of 7 days // Step 2: GET index, including session cookie #1 in request // - set-cookie will *not* be in response // - response should be: {"counter": 0, "user_id": None} @@ -510,6 +512,7 @@ mod test { counter: 0 } ); + assert_eq!(cookie_1.max_age(), Some(Duration::days(7))); // Step 2: GET index, including session cookie #1 in request // - set-cookie will *not* be in response @@ -667,4 +670,33 @@ mod test { .unwrap(); assert_ne!(cookie_5.value(), cookie_2.value()); } + + #[actix_rt::test] + async fn test_max_age_session_only() { + // + // Test that removing max_age results in a session-only cookie + // + let srv = test::start(|| { + App::new() + .wrap( + RedisSession::new("127.0.0.1:6379", &[0; 32]) + .cookie_name("test-session") + .cookie_max_age(None), + ) + .wrap(middleware::Logger::default()) + .service(resource("/").route(get().to(index))) + }); + + let req = srv.get("/").send(); + let resp = req.await.unwrap(); + let cookie = resp + .cookies() + .unwrap() + .clone() + .into_iter() + .find(|c| c.name() == "test-session") + .unwrap(); + + assert_eq!(cookie.max_age(), None); + } } diff --git a/actix-web-httpauth/src/headers/authorization/scheme/basic.rs b/actix-web-httpauth/src/headers/authorization/scheme/basic.rs index 5ee983e2e..9c17d9acf 100644 --- a/actix-web-httpauth/src/headers/authorization/scheme/basic.rs +++ b/actix-web-httpauth/src/headers/authorization/scheme/basic.rs @@ -115,7 +115,7 @@ impl IntoHeaderValue for Basic { let encoded = base64::encode(&credentials); let mut value = BytesMut::with_capacity(6 + encoded.len()); value.put(&b"Basic "[..]); - value.put(&encoded.as_bytes()[..]); + value.put(encoded.as_bytes()); HeaderValue::from_maybe_shared(value.freeze()) }