Set default cookie path to application.path

jknack · jknack · commit 291964392e4f · 2016-09-08T09:46:07.000-03:00
* fix jooby-project#466 * fix jooby-project#471
diff --git a/coverage-report/src/test/java/org/jooby/cookies/CookiesFeature.java b/coverage-report/src/test/java/org/jooby/cookies/CookiesFeature.java
@@ -86,7 +86,7 @@ public void clearCookie() throws Exception {
                   .header("Cookie", "X=x; $Path=/clear; $Version=1")
                   .expect(200)
                   .header("Set-Cookie",
-                      "X=;Version=1;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");
+                      "X=;Version=1;Path=/;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");
             });
 
   }
diff --git a/coverage-report/src/test/java/org/jooby/issues/Issue427.java b/coverage-report/src/test/java/org/jooby/issues/Issue427.java
@@ -81,7 +81,7 @@ public void sessionData() throws Exception {
         .get("/427/destroy")
         .expect(200)
         .header("Set-Cookie",
-            "jooby.sid=;Version=1;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");
+            "jooby.sid=;Version=1;Path=/;HttpOnly;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");
   }
 
 }
diff --git a/coverage-report/src/test/java/org/jooby/issues/Issue466.java b/coverage-report/src/test/java/org/jooby/issues/Issue466.java
@@ -0,0 +1,92 @@
+package org.jooby.issues;
+
+import org.jooby.Results;
+import org.jooby.Session;
+import org.jooby.test.ServerFeature;
+import org.junit.Test;
+
+import com.typesafe.config.ConfigFactory;
+import com.typesafe.config.ConfigValueFactory;
+
+public class Issue466 extends ServerFeature {
+
+  {
+
+    use(ConfigFactory.empty().withValue("application.secret",
+        ConfigValueFactory.fromAnyRef("1234Querty")));
+
+    cookieSession()
+        .cookie()
+        .maxAge(86400)
+        .name("user");
+
+    get("/466/home", req -> {
+      Session session = req.session();
+      return session.attributes();
+    });
+
+    get("/466/nosession", req -> {
+      return "OK";
+    });
+
+    get("/466/emptysession", req -> {
+      Session session = req.session();
+      return session.attributes();
+    });
+
+    get("/466/session", req -> {
+      Session session = req.session();
+      session.set("foo", "bar");
+      return session.attributes();
+    });
+
+    get("/466/destroy", req -> {
+      req.session().destroy();
+      return Results.redirect("/466/home");
+    });
+
+  }
+
+  @Test
+  public void shouldDestroyAllSessionData() throws Exception {
+    request()
+        .dontFollowRedirect()
+        .get("/466/session")
+        .expect("{foo=bar}");
+
+    request()
+        .dontFollowRedirect()
+        .get("/466/destroy")
+        .execute()
+        .header("Set-Cookie", "user=;Version=1;Path=/;HttpOnly;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");
+  }
+
+  @Test
+  public void shouldNotCreateSessionCookie() throws Exception {
+    request()
+        .dontFollowRedirect()
+        .get("/466/nosession")
+        .execute()
+        .header("Set-Cookie", (String) null);
+  }
+
+  @Test
+  public void shouldNotCreateEmptySessionCookie() throws Exception {
+    request()
+        .dontFollowRedirect()
+        .get("/466/emptysession")
+        .execute()
+        .header("Set-Cookie", (String) null);
+  }
+
+  @Test
+  public void shouldDestroyAllSessionDataFollowRedirect() throws Exception {
+    request()
+        .get("/466/session")
+        .expect("{foo=bar}");
+
+    request()
+        .get("/466/destroy")
+        .expect("{}");
+  }
+}
diff --git a/jooby/src/main/java/org/jooby/Response.java b/jooby/src/main/java/org/jooby/Response.java
@@ -312,7 +312,7 @@ default void download(final String filename, final File file) throws Throwable {
    * @return This response.
    */
   default Response cookie(final String name, final String value) {
-    return cookie(new Cookie.Definition(name, value).toCookie());
+    return cookie(new Cookie.Definition(name, value));
   }
 
   /**
@@ -321,10 +321,7 @@ default Response cookie(final String name, final String value) {
    * @param cookie A cookie definition.
    * @return This response.
    */
-  default Response cookie(final Cookie.Definition cookie) {
-    requireNonNull(cookie, "A cookie is required.");
-    return cookie(cookie.toCookie());
-  }
+  Response cookie(final Cookie.Definition cookie);
 
   /**
    * Adds the specified cookie to the response.
diff --git a/jooby/src/main/java/org/jooby/internal/CookieSessionManager.java b/jooby/src/main/java/org/jooby/internal/CookieSessionManager.java
@@ -95,7 +95,7 @@ public void requestDone(final Session session) {
 
   @Override
   public Definition cookie() {
-    return cookie;
+    return new Definition(cookie);
   }
 
   private Map<String, String> attributes(final String raw) {
@@ -105,24 +105,25 @@ private Map<String, String> attributes(final String raw) {
 
   private Route.After saveCookie() {
     return (req, rsp, result) -> {
-      Session session = req.session();
-      Optional<String> value = req.cookie(cookie.name().get()).toOptional();
-      Map<String, String> initial = value
-          .map(this::attributes)
-          .orElse(Collections.emptyMap());
-      Map<String, String> attributes = session.attributes();
-      // is dirty?
-      boolean dirty = !initial.equals(attributes);
-      log.debug("session dirty: {}", dirty);
-      if (dirty) {
-        log.debug("saving session cookie");
-        String encoded = Cookie.URL_ENCODER.apply(attributes);
-        String signed = Cookie.Signature.sign(encoded, secret);
-        rsp.cookie(new Cookie.Definition(cookie).value(signed));
-      } else if (timeout > 0) {
-        // touch session
-        value.ifPresent(raw -> rsp.cookie(new Cookie.Definition(cookie).value(raw)));
-      }
+      req.ifSession().ifPresent(session -> {
+        Optional<String> value = req.cookie(cookie.name().get()).toOptional();
+        Map<String, String> initial = value
+            .map(this::attributes)
+            .orElse(Collections.emptyMap());
+        Map<String, String> attributes = session.attributes();
+        // is dirty?
+        boolean dirty = !initial.equals(attributes);
+        log.debug("session dirty: {}", dirty);
+        if (dirty) {
+          log.debug("saving session cookie");
+          String encoded = Cookie.URL_ENCODER.apply(attributes);
+          String signed = Cookie.Signature.sign(encoded, secret);
+          rsp.cookie(new Cookie.Definition(cookie).value(signed));
+        } else if (timeout > 0) {
+          // touch session
+          value.ifPresent(raw -> rsp.cookie(new Cookie.Definition(cookie).value(raw)));
+        }
+      });
       return result;
     };
   }
diff --git a/jooby/src/main/java/org/jooby/internal/RequestImpl.java b/jooby/src/main/java/org/jooby/internal/RequestImpl.java
@@ -422,10 +422,13 @@ public void done() {
   }
 
   private Session setSession(final SessionManager sm, final Response rsp, final Session gsession) {
-    Session rsession = new RequestScopedSession(sm, rsp, gsession,
-        () -> this.reqSession = null);
+    Session rsession = new RequestScopedSession(sm, rsp, gsession, this::destroySession);
     reqSession = Optional.of(rsession);
     return rsession;
   }
 
+  private void destroySession() {
+    this.reqSession = Optional.empty();
+  }
+
 }
diff --git a/jooby/src/main/java/org/jooby/internal/RequestScopedSession.java b/jooby/src/main/java/org/jooby/internal/RequestScopedSession.java
@@ -129,7 +129,7 @@ public void destroy() {
       // clear cookie
       org.jooby.Cookie.Definition cookie = sm.cookie();
       log.debug("  removing cookie: {}", cookie);
-      rsp.clearCookie(cookie.name().get());
+      rsp.cookie(cookie.maxAge(0));
       // destroy session from storage
       sm.destroy(session);
 
diff --git a/jooby/src/main/java/org/jooby/internal/ResponseImpl.java b/jooby/src/main/java/org/jooby/internal/ResponseImpl.java
@@ -37,6 +37,7 @@
 
 import org.jooby.Asset;
 import org.jooby.Cookie;
+import org.jooby.Cookie.Definition;
 import org.jooby.Deferred;
 import org.jooby.MediaType;
 import org.jooby.Mutant;
@@ -141,18 +142,32 @@ public void download(final String filename, final String location) throws Throwa
   }
 
   @Override
-  public Response cookie(final Cookie cookie) {
-    requireNonNull(cookie, "A cookie is required.");
-    cookies.put(cookie.name(), cookie);
-    return this;
+  public Response clearCookie(final String name) {
+    requireNonNull(name, "Cookie's name required.");
+    return cookie(new Cookie.Definition(name).maxAge(0));
   }
 
   @Override
-  public Response clearCookie(final String name) {
-    requireNonNull(name, "A cookie's name is required.");
-    if (cookies.remove(name) == null) {
-      // cookie was set in a previous req, we must send a expire header.
-      cookies.put(name, new Cookie.Definition(name, "").maxAge(0).toCookie());
+  public Response cookie(final Definition cookie) {
+    requireNonNull(cookie, "Cookie required.");
+    // use default path if none-set
+    cookie.path(cookie.path().orElse(Route.normalize(req.contextPath() + "/")));
+    return cookie(cookie.toCookie());
+  }
+
+  @Override
+  public Response cookie(final Cookie cookie) {
+    requireNonNull(cookie, "Cookie required.");
+    String name = cookie.name();
+    // clear cookie?
+    if (cookie.maxAge() == 0) {
+      // clear previously set cookie, otherwise ignore them
+      if (cookies.remove(name) == null) {
+        // cookie was set in a previous req, we must send a expire header.
+        cookies.put(name, cookie);
+      }
+    } else {
+      cookies.put(name, cookie);
     }
     return this;
   }
@@ -370,8 +385,10 @@ public void complete(final Complete handler) {
 
   private void writeCookies() {
     if (cookies.size() > 0) {
-      rsp.header("Set-Cookie",
-          cookies.values().stream().map(Cookie::encode).collect(Collectors.toList()));
+      List<String> setCookie = cookies.values().stream()
+          .map(Cookie::encode)
+          .collect(Collectors.toList());
+      rsp.header("Set-Cookie", setCookie);
       cookies.clear();
     }
   }
diff --git a/jooby/src/main/java/org/jooby/internal/ServerSessionManager.java b/jooby/src/main/java/org/jooby/internal/ServerSessionManager.java
@@ -124,7 +124,7 @@ public void requestDone(final Session session) {
 
   @Override
   public Cookie.Definition cookie() {
-    return template;
+    return new Cookie.Definition(template);
   }
 
   private void createOrUpdate(final SessionImpl session) {
diff --git a/jooby/src/test/java/org/jooby/ResponseTest.java b/jooby/src/test/java/org/jooby/ResponseTest.java
@@ -9,6 +9,7 @@
 import java.util.LinkedList;
 import java.util.Optional;
 
+import org.jooby.Cookie.Definition;
 import org.jooby.Route.After;
 import org.jooby.Route.Complete;
 import org.junit.Test;
@@ -25,6 +26,11 @@ public void download(final String filename, final InputStream stream) throws Exc
     public void download(final String filename, final String location) throws Exception {
     }
 
+    @Override
+    public Response cookie(final Definition cookie) {
+      throw new UnsupportedOperationException();
+    }
+
     @Override
     public Response cookie(final Cookie cookie) {
       throw new UnsupportedOperationException();
@@ -232,31 +238,16 @@ public Response length(final long length) {
 
   @Test
   public void cookieWithNameAndValue() throws Exception {
-    LinkedList<Cookie> dataList = new LinkedList<>();
+    LinkedList<Cookie.Definition> dataList = new LinkedList<>();
     new ResponseMock() {
       @Override
-      public Response cookie(final Cookie cookie) {
+      public Response cookie(final Cookie.Definition cookie) {
         dataList.add(cookie);
         return this;
       }
     }.cookie("name", "value");
 
-    assertEquals("name", dataList.getFirst().name());
-    assertEquals("value", dataList.getFirst().value().get());
-  }
-
-  @Test
-  public void cookieWith() throws Exception {
-    LinkedList<Cookie> dataList = new LinkedList<>();
-    new ResponseMock() {
-      @Override
-      public Response cookie(final Cookie cookie) {
-        dataList.add(cookie);
-        return this;
-      }
-    }.cookie(new Cookie.Definition("name", "value"));
-
-    assertEquals("name", dataList.getFirst().name());
+    assertEquals("name", dataList.getFirst().name().get());
     assertEquals("value", dataList.getFirst().value().get());
   }
 
diff --git a/jooby/src/test/java/org/jooby/internal/CookieSessionManagerTest.java b/jooby/src/test/java/org/jooby/internal/CookieSessionManagerTest.java
@@ -122,7 +122,7 @@ public void saveAfter() throws Exception {
               expect(session.attributes()).andReturn(ImmutableMap.of("foo", "2"));
 
               Request req = unit.get(Request.class);
-              expect(req.session()).andReturn(session);
+              expect(req.ifSession()).andReturn(Optional.of(session));
             })
             .expect(unit -> {
               unit.mockStatic(Cookie.Signature.class);
@@ -143,6 +143,32 @@ public void saveAfter() throws Exception {
             });
   }
 
+  @Test
+  public void ignoreSaveAfterIfNoSession() throws Exception {
+    String secret = "shhh";
+    new MockUnit(Session.Definition.class, ParserExecutor.class, Cookie.Definition.class,
+        Request.class, Response.class, SessionImpl.class)
+            .expect(cookie)
+            .expect(maxAge(-1))
+            .expect(sessionBuilder(Session.COOKIE_SESSION, true, -1))
+            .expect(push)
+            .expect(unit -> {
+              Request req = unit.get(Request.class);
+              expect(req.ifSession()).andReturn(Optional.empty());
+            })
+            .run(unit -> {
+              Session session = new CookieSessionManager(unit.get(ParserExecutor.class),
+                  unit.get(Session.Definition.class), secret)
+                      .create(unit.get(Request.class), unit.get(Response.class));
+              assertEquals(unit.get(SessionImpl.class), session);
+            }, unit -> {
+              After next = unit.captured(Route.After.class).iterator().next();
+              Result ok = next.handle(unit.get(Request.class), unit.get(Response.class),
+                  org.jooby.Results.ok());
+              assertNotNull(ok);
+            });
+  }
+
   @Test
   public void saveAfterTouchSession() throws Exception {
     String secret = "shhh";
@@ -169,7 +195,7 @@ public void saveAfterTouchSession() throws Exception {
               expect(session.attributes()).andReturn(ImmutableMap.of("foo", "1"));
 
               Request req = unit.get(Request.class);
-              expect(req.session()).andReturn(session);
+              expect(req.ifSession()).andReturn(Optional.of(session));
             })
             .expect(unit -> {
               unit.mockStatic(Cookie.Signature.class);

Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ public void clearCookie() throws Exception {`
`86`	`86`	`.header("Cookie", "X=x; $Path=/clear; $Version=1")`
`87`	`87`	`.expect(200)`
`88`	`88`	`.header("Set-Cookie",`
`89`		`- "X=;Version=1;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");`
	`89`	`+ "X=;Version=1;Path=/;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");`
`90`	`90`	`});`
`91`	`91`
`92`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public void sessionData() throws Exception {`
`81`	`81`	`.get("/427/destroy")`
`82`	`82`	`.expect(200)`
`83`	`83`	`.header("Set-Cookie",`
`84`		`- "jooby.sid=;Version=1;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");`
	`84`	`+ "jooby.sid=;Version=1;Path=/;HttpOnly;Max-Age=0;Expires=Thu, 01-Jan-1970 00:00:00 GMT");`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -422,10 +422,13 @@ public void done() {`
`422`	`422`	`}`
`423`	`423`
`424`	`424`	`private Session setSession(final SessionManager sm, final Response rsp, final Session gsession) {`
`425`		`- Session rsession = new RequestScopedSession(sm, rsp, gsession,`
`426`		`- () -> this.reqSession = null);`
	`425`	`+ Session rsession = new RequestScopedSession(sm, rsp, gsession, this::destroySession);`
`427`	`426`	`reqSession = Optional.of(rsession);`
`428`	`427`	`return rsession;`
`429`	`428`	`}`
`430`	`429`
	`430`	`+ private void destroySession() {`
	`431`	`+ this.reqSession = Optional.empty();`
	`432`	`+ }`
	`433`	`+`
`431`	`434`	`}`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ public void requestDone(final Session session) {`
`124`	`124`
`125`	`125`	`@Override`
`126`	`126`	`public Cookie.Definition cookie() {`
`127`		`- return template;`
	`127`	`+ return new Cookie.Definition(template);`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`private void createOrUpdate(final SessionImpl session) {`