diff --git a/actix-session/CHANGES.md b/actix-session/CHANGES.md index 10aea870..92748505 100644 --- a/actix-session/CHANGES.md +++ b/actix-session/CHANGES.md @@ -1,5 +1,12 @@ # Changes +## [0.2.0] - 2019-07-03 +* Enhanced ``actix-session`` to facilitate state changes. Use ``Session.renew()`` + at successful login to cycle a session (new key/cookie but keeps state). + Use ``Session.purge()`` at logout to invalid a session cookie (and remove + from redis cache, if applicable). + + ## [0.1.1] - 2019-06-03 * Fix optional cookie session support diff --git a/actix-session/Cargo.toml b/actix-session/Cargo.toml index 4c1d6657..d973661e 100644 --- a/actix-session/Cargo.toml +++ b/actix-session/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "actix-session" -version = "0.1.1" +version = "0.2.0" authors = ["Nikolay Kim "] description = "Session for actix web framework." readme = "README.md" diff --git a/actix-session/src/cookie.rs b/actix-session/src/cookie.rs index ac08d114..45f24817 100644 --- a/actix-session/src/cookie.rs +++ b/actix-session/src/cookie.rs @@ -28,7 +28,7 @@ use futures::future::{ok, Future, FutureResult}; use futures::Poll; use serde_json::error::Error as JsonError; -use crate::Session; +use crate::{Session, SessionStatus}; /// Errors that can occur during handling cookie session #[derive(Debug, From, Display)] @@ -119,7 +119,21 @@ impl CookieSessionInner { Ok(()) } - fn load(&self, req: &ServiceRequest) -> HashMap { + /// invalidates session cookie + fn remove_cookie(&self, res: &mut ServiceResponse) + -> Result<(), Error> { + let mut cookie = Cookie::named(self.name.clone()); + cookie.set_value(""); + cookie.set_max_age(time::Duration::seconds(0)); + cookie.set_expires(time::now() - time::Duration::days(365)); + + let val = HeaderValue::from_str(&cookie.to_string())?; + res.headers_mut().append(SET_COOKIE, val); + + Ok(()) + } + + fn load(&self, req: &ServiceRequest) -> (bool, HashMap) { if let Ok(cookies) = req.cookies() { for cookie in cookies.iter() { if cookie.name() == self.name { @@ -134,13 +148,13 @@ impl CookieSessionInner { }; if let Some(cookie) = cookie_opt { if let Ok(val) = serde_json::from_str(cookie.value()) { - return val; + return (false, val); } } } } } - HashMap::new() + (true, HashMap::new()) } } @@ -302,16 +316,34 @@ where self.service.poll_ready() } + /// On first request, a new session cookie is returned in response, regardless + /// of whether any session state is set. With subsequent requests, if the + /// session state changes, then set-cookie is returned in response. As + /// a user logs out, call session.purge() to set SessionStatus accordingly + /// and this will trigger removal of the session cookie in the response. fn call(&mut self, mut req: ServiceRequest) -> Self::Future { let inner = self.inner.clone(); - let state = self.inner.load(&req); + let (is_new, state) = self.inner.load(&req); Session::set_session(state.into_iter(), &mut req); Box::new(self.service.call(req).map(move |mut res| { - if let Some(state) = Session::get_changes(&mut res) { - res.checked_expr(|res| inner.set_cookie(res, state)) - } else { - res + match Session::get_changes(&mut res) { + (SessionStatus::Changed, Some(state)) + | (SessionStatus::Renewed, Some(state)) => + res.checked_expr(|res| inner.set_cookie(res, state)), + (SessionStatus::Unchanged, _) => + // set a new session cookie upon first request (new client) + if is_new { + let state: HashMap = HashMap::new(); + res.checked_expr(|res| inner.set_cookie(res, state.into_iter())) + } else { + res + }, + (SessionStatus::Purged, _) => { + inner.remove_cookie(&mut res); + res + }, + _ => res } })) } diff --git a/actix-session/src/lib.rs b/actix-session/src/lib.rs index fb316f39..aaf0ab02 100644 --- a/actix-session/src/lib.rs +++ b/actix-session/src/lib.rs @@ -98,10 +98,23 @@ impl UserSession for ServiceRequest { } } +#[derive(PartialEq, Clone, Debug)] +pub enum SessionStatus { + Changed, + Purged, + Renewed, + Unchanged +} +impl Default for SessionStatus { + fn default() -> SessionStatus { + SessionStatus::Unchanged + } +} + #[derive(Default)] struct SessionInner { state: HashMap, - changed: bool, + pub status: SessionStatus, } impl Session { @@ -117,25 +130,46 @@ impl Session { /// Set a `value` from the session. pub fn set(&self, key: &str, value: T) -> Result<(), Error> { let mut inner = self.0.borrow_mut(); - inner.changed = true; - inner - .state - .insert(key.to_owned(), serde_json::to_string(&value)?); + if inner.status != SessionStatus::Purged { + inner.status = SessionStatus::Changed; + inner + .state + .insert(key.to_owned(), serde_json::to_string(&value)?); + } Ok(()) } /// Remove value from the session. pub fn remove(&self, key: &str) { let mut inner = self.0.borrow_mut(); - inner.changed = true; - inner.state.remove(key); + if inner.status != SessionStatus::Purged { + inner.status = SessionStatus::Changed; + inner.state.remove(key); + } } /// Clear the session. pub fn clear(&self) { let mut inner = self.0.borrow_mut(); - inner.changed = true; - inner.state.clear() + if inner.status != SessionStatus::Purged { + inner.status = SessionStatus::Changed; + inner.state.clear() + } + } + + /// Removes session, both client and server side. + pub fn purge(&self) { + let mut inner = self.0.borrow_mut(); + inner.status = SessionStatus::Purged; + inner.state.clear(); + } + + /// Renews the session key, assigning existing session state to new key. + pub fn renew(&self) { + let mut inner = self.0.borrow_mut(); + if inner.status != SessionStatus::Purged { + inner.status = SessionStatus::Renewed; + } } pub fn set_session( @@ -149,7 +183,7 @@ impl Session { pub fn get_changes( res: &mut ServiceResponse, - ) -> Option> { + ) -> (SessionStatus, Option>) { if let Some(s_impl) = res .request() .extensions() @@ -157,9 +191,9 @@ impl Session { { let state = std::mem::replace(&mut s_impl.borrow_mut().state, HashMap::new()); - Some(state.into_iter()) + (s_impl.borrow().status.clone(), Some(state.into_iter())) } else { - None + (SessionStatus::Unchanged, None) } } @@ -224,7 +258,8 @@ mod tests { session.remove("key"); let mut res = req.into_response(HttpResponse::Ok().finish()); - let changes: Vec<_> = Session::get_changes(&mut res).unwrap().collect(); + let (_status, state) = Session::get_changes(&mut res); + let changes: Vec<_> = state.unwrap().collect(); assert_eq!(changes, [("key2".to_string(), "\"value2\"".to_string())]); } @@ -241,4 +276,23 @@ mod tests { let res = session.get::("key").unwrap(); assert_eq!(res, Some("value".to_string())); } + + #[test] + fn purge_session() { + let mut req = test::TestRequest::default().to_srv_request(); + let session = Session::get_session(&mut *req.extensions_mut()); + assert_eq!(session.0.borrow().status, SessionStatus::Unchanged); + session.purge(); + assert_eq!(session.0.borrow().status, SessionStatus::Purged); + } + + + #[test] + fn renew_session() { + let mut req = test::TestRequest::default().to_srv_request(); + let session = Session::get_session(&mut *req.extensions_mut()); + assert_eq!(session.0.borrow().status, SessionStatus::Unchanged); + session.renew(); + assert_eq!(session.0.borrow().status, SessionStatus::Renewed); + } }