fix: make cookie path respect server.base_path (resolve #310)

2023-08-10 21:12:56 +03:00 · 2022-01-17 08:25:29 +01:00 · 2022-01-17 08:25:29 +01:00 · bd2a8c5a7f
commit bd2a8c5a7f
parent 632a3d4a91
5 changed files with 10 additions and 10 deletions
--- a/config/config.go
+++ b/config/config.go
@ -151,12 +151,12 @@ type Config struct {
 	Mail       mailConfig
 }

-func (c *Config) CreateCookie(name, value, path string) *http.Cookie {
-	return c.createCookie(name, value, path, c.Security.CookieMaxAgeSec)
+func (c *Config) CreateCookie(name, value string) *http.Cookie {
+	return c.createCookie(name, value, c.Server.BasePath, c.Security.CookieMaxAgeSec)
 }

-func (c *Config) GetClearCookie(name, path string) *http.Cookie {
-	return c.createCookie(name, "", path, -1)
+func (c *Config) GetClearCookie(name string) *http.Cookie {
+	return c.createCookie(name, "", c.Server.BasePath, -1)
 }

 func (c *Config) createCookie(name, value, path string, maxAge int) *http.Cookie {
--- a/middlewares/authenticate.go
+++ b/middlewares/authenticate.go
@ -72,7 +72,7 @@ func (m *AuthenticateMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Reques
 			w.WriteHeader(http.StatusUnauthorized)
 			w.Write([]byte(conf.ErrUnauthorized))
 		} else {
-			http.SetCookie(w, m.config.GetClearCookie(models.AuthCookieKey, "/"))
+			http.SetCookie(w, m.config.GetClearCookie(models.AuthCookieKey))
 			http.Redirect(w, r, m.redirectTarget, http.StatusFound)
 		}
 		return
--- a/routes/login.go
+++ b/routes/login.go
@ -98,7 +98,7 @@ func (h *LoginHandler) PostLogin(w http.ResponseWriter, r *http.Request) {
 	user.LastLoggedInAt = models.CustomTime(time.Now())
 	h.userSrvc.Update(user)

-	http.SetCookie(w, h.config.CreateCookie(models.AuthCookieKey, encoded, "/"))
+	http.SetCookie(w, h.config.CreateCookie(models.AuthCookieKey, encoded))
 	http.Redirect(w, r, fmt.Sprintf("%s/summary", h.config.Server.BasePath), http.StatusFound)
 }

@ -107,7 +107,7 @@ func (h *LoginHandler) PostLogout(w http.ResponseWriter, r *http.Request) {
 		loadTemplates()
 	}

-	http.SetCookie(w, h.config.GetClearCookie(models.AuthCookieKey, "/"))
+	http.SetCookie(w, h.config.GetClearCookie(models.AuthCookieKey))
 	http.Redirect(w, r, fmt.Sprintf("%s/", h.config.Server.BasePath), http.StatusFound)
 }

--- a/routes/settings.go
+++ b/routes/settings.go
@ -230,7 +230,7 @@ func (h *SettingsHandler) actionChangePassword(w http.ResponseWriter, r *http.Re
 		return http.StatusInternalServerError, "", conf.ErrInternalServerError
 	}

-	http.SetCookie(w, h.config.CreateCookie(models.AuthCookieKey, encoded, "/"))
+	http.SetCookie(w, h.config.CreateCookie(models.AuthCookieKey, encoded))
 	return http.StatusOK, "password was updated successfully", ""
 }

@ -565,7 +565,7 @@ func (h *SettingsHandler) actionDeleteUser(w http.ResponseWriter, r *http.Reques
 		}
 	}(user)

-	http.SetCookie(w, h.config.GetClearCookie(models.AuthCookieKey, "/"))
+	http.SetCookie(w, h.config.GetClearCookie(models.AuthCookieKey))
 	http.Redirect(w, r, fmt.Sprintf("%s/?success=%s", h.config.Server.BasePath, "Your account will be deleted in a few minutes. Sorry to you go."), http.StatusFound)
 	return -1, "", ""
 }
--- a/version.txt
+++ b/version.txt
@ -1 +1 @@
-2.0.1
+2.0.2
 @ -1 +1 @@
 .0.1
 .0.2