Appropriately set the cookie path. Fixes #3197

2018-03-19 17:09:19 +00:00 · 2018-03-19 17:09:19 +00:00 · 534f1f35fe
parent 2abff8f5d4
commit 534f1f35fe
7 changed files with 46 additions and 4 deletions
--- a/web/config.py
+++ b/web/config.py
@ -252,6 +252,7 @@ SESSION_DB_PATH = os.path.join(DATA_DIR, 'sessions')

 SESSION_COOKIE_NAME = 'pga4_session'

+SESSION_COOKIE_DOMAIN = DEFAULT_SERVER
 ##########################################################################
 # Mail server settings
 ##########################################################################
@ -356,6 +357,12 @@ ON_DEMAND_RECORD_COUNT = 1000
 ##########################################################################
 SHOW_GRAVATAR_IMAGE = True

+##########################################################################
+# Set cookie path
+##########################################################################
+COOKIE_DEFAULT_PATH = '/'
+COOKIE_DEFAULT_DOMAIN = DEFAULT_SERVER
+
 ##########################################################################
 # Local config settings
 ##########################################################################
--- a/web/pgAdmin4.py
+++ b/web/pgAdmin4.py
@ -148,6 +148,7 @@ if __name__ == '__main__':
    # Reference:
    # https://github.com/pallets/werkzeug/issues/220#issuecomment-11176538
    try:
+
        app.run(
            host=config.DEFAULT_SERVER,
            port=server_port,
@ -157,5 +158,8 @@ if __name__ == '__main__':
            ),
            threaded=config.THREADED_MODE
        )
+        from pgadmin.utils.paths import get_cookie_path
+
+        config.COOKIE_DEFAULT_PATH = get_cookie_path()
    except IOError:
        app.logger.error("Error starting the app server: %s", sys.exc_info())
--- a/web/pgadmin/init.py
+++ b/web/pgadmin/init.py
@ -345,7 +345,8 @@ def create_app(app_name=None):
    app.config.update(dict({
        'CSRF_SESSION_KEY': config.CSRF_SESSION_KEY,
        'SECRET_KEY': config.SECRET_KEY,
-        'SECURITY_PASSWORD_SALT': config.SECURITY_PASSWORD_SALT
+        'SECURITY_PASSWORD_SALT': config.SECURITY_PASSWORD_SALT,
+        'SESSION_COOKIE_DOMAIN': config.SESSION_COOKIE_DOMAIN
    }))

    security.init_app(app, user_datastore)
@ -576,7 +577,12 @@ def create_app(app_name=None):
    @app.after_request
    def after_request(response):
        if 'key' in request.args:
-            response.set_cookie('PGADMIN_KEY', value=request.args['key'])
+            domain = dict()
+            if config.COOKIE_DEFAULT_DOMAIN != 'localhost':
+                domain['domain'] = config.COOKIE_DEFAULT_DOMAIN
+            response.set_cookie('PGADMIN_KEY', value=request.args['key'],
+                                path=config.COOKIE_DEFAULT_PATH,
+                                **domain)

        return response

--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -798,7 +798,13 @@ def index():
    if user_languages:
        language = user_languages.get() or 'en'

-    response.set_cookie("PGADMIN_LANGUAGE", language)
+    domain = dict()
+    if config.COOKIE_DEFAULT_DOMAIN != 'localhost':
+        domain['domain'] = config.COOKIE_DEFAULT_DOMAIN
+
+    response.set_cookie("PGADMIN_LANGUAGE", value=language,
+                        path=config.COOKIE_DEFAULT_PATH,
+                        **domain)

    return response

--- a/web/pgadmin/preferences/init.py
+++ b/web/pgadmin/preferences/init.py
@ -12,6 +12,7 @@ Implements the routes for creating Preferences/Options Dialog on the client
 side and for getting/setting preferences.
 """

+import config
 import simplejson as json
 from flask import render_template, url_for, Response, request, session
 from flask_babel import gettext
@ -198,7 +199,13 @@ def save(pid):
    if user_languages:
        language = user_languages.get() or language

+    domain = dict()
+    if config.COOKIE_DEFAULT_DOMAIN != 'localhost':
+        domain['domain'] = config.COOKIE_DEFAULT_DOMAIN
+
    setattr(session, 'PGADMIN_LANGUAGE', language)
-    response.set_cookie("PGADMIN_LANGUAGE", language)
+    response.set_cookie("PGADMIN_LANGUAGE", value=language,
+                        path=config.COOKIE_DEFAULT_PATH,
+                        **domain)

    return response
--- a/web/pgadmin/utils/paths.py
+++ b/web/pgadmin/utils/paths.py
@ -11,6 +11,7 @@

 import os

+from flask import url_for
 from flask_security import current_user, login_required


@ -75,3 +76,13 @@ def init_app(app):
            'The user does not have permission to read and write to the '
            'specified storage directory.'
        )
+
+
+def get_cookie_path():
+    cookie_root_path = '/'
+    pgadmin_root_path = url_for('browser.index')
+    if pgadmin_root_path != '/browser/':
+        cookie_root_path = pgadmin_root_path.replace(
+            '/browser/', ''
+        )
+    return cookie_root_path
--- a/web/regression/runtests.py
+++ b/web/regression/runtests.py
@ -107,6 +107,7 @@ config.CONSOLE_LOG_LEVEL = WARNING
 app = create_app()
 app.config['WTF_CSRF_ENABLED'] = False
 app.PGADMIN_KEY = ''
+app.config.update({'SESSION_COOKIE_DOMAIN': None})
 test_client = app.test_client()
 driver = None
 app_starter = None