actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2024-11-30 18:34:36 +01:00
Code Issues Releases Wiki Activity

allow session-only cookies (#161)

Browse Source 
Co-authored-by: Rob Ede <robjtede@icloud.com>
This commit is contained in:
Juan J. Jimenez-Anca 2021-03-06 19:26:06 +00:00 committed by GitHub
parent ba248a681b
commit 8d635f71fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
actix-redis/CHANGES.md
View File

@ -2,6 +2,9 @@
## Unreleased - 2020-xx-xx ## Unreleased - 2020-xx-xx
* Implement `std::error::Error` for `Error` [#135] * Implement `std::error::Error` for `Error` [#135]
* Allow the removal of Max-Age for session-only cookies. [#161]
[#161]: https://github.com/actix/actix-extras/pull/161
## 0.9.1 - 2020-09-12 ## 0.9.1 - 2020-09-12
* Enforce minimum redis-async version of 0.6.3 to workaround breaking patch change. * Enforce minimum redis-async version of 0.6.3 to workaround breaking patch change.

36
actix-redis/src/session.rs
View File

@ -80,8 +80,9 @@ impl RedisSession {
} }
/// Set custom cookie max-age /// Set custom cookie max-age
pub fn cookie_max_age(mut self, max_age: Duration) -> Self { /// Use `None` for session-only cookies
Rc::get_mut(&mut self.0).unwrap().max_age = Some(max_age); pub fn cookie_max_age(mut self, max_age: impl Into<Option<Duration>>) -> Self {
Rc::get_mut(&mut self.0).unwrap().max_age = max_age.into();
self self
} }
@ -450,6 +451,7 @@ mod test {
// Step 1: GET index // Step 1: GET index
// - set-cookie actix-session will be in response (session cookie #1) // - set-cookie actix-session will be in response (session cookie #1)
// - response should be: {"counter": 0, "user_id": None} // - response should be: {"counter": 0, "user_id": None}
// - cookie should have default max-age of 7 days
// Step 2: GET index, including session cookie #1 in request // Step 2: GET index, including session cookie #1 in request
// - set-cookie will *not* be in response // - set-cookie will *not* be in response
// - response should be: {"counter": 0, "user_id": None} // - response should be: {"counter": 0, "user_id": None}
@ -510,6 +512,7 @@ mod test {
counter: 0 counter: 0
} }
); );
assert_eq!(cookie_1.max_age(), Some(Duration::days(7)));
// Step 2: GET index, including session cookie #1 in request // Step 2: GET index, including session cookie #1 in request
// - set-cookie will *not* be in response // - set-cookie will *not* be in response
@ -667,4 +670,33 @@ mod test {
.unwrap(); .unwrap();
assert_ne!(cookie_5.value(), cookie_2.value()); assert_ne!(cookie_5.value(), cookie_2.value());
} }
#[actix_rt::test]
async fn test_max_age_session_only() {
//
// Test that removing max_age results in a session-only cookie
//
let srv = test::start(|| {
App::new()
.wrap(
RedisSession::new("127.0.0.1:6379", &[0; 32])
.cookie_name("test-session")
.cookie_max_age(None),
)
.wrap(middleware::Logger::default())
.service(resource("/").route(get().to(index)))
});
let req = srv.get("/").send();
let resp = req.await.unwrap();
let cookie = resp
.cookies()
.unwrap()
.clone()
.into_iter()
.find(|c| c.name() == "test-session")
.unwrap();
assert_eq!(cookie.max_age(), None);
}
} }

2
actix-web-httpauth/src/headers/authorization/scheme/basic.rs
View File

@ -115,7 +115,7 @@ impl IntoHeaderValue for Basic {
let encoded = base64::encode(&credentials); let encoded = base64::encode(&credentials);
let mut value = BytesMut::with_capacity(6 + encoded.len()); let mut value = BytesMut::with_capacity(6 + encoded.len());
value.put(&b"Basic "[..]); value.put(&b"Basic "[..]);
value.put(&encoded.as_bytes()[..]); value.put(encoded.as_bytes());
HeaderValue::from_maybe_shared(value.freeze()) HeaderValue::from_maybe_shared(value.freeze())
} }