Skip to content

Commit

Permalink
feat(api): use unique cookie names
Browse files Browse the repository at this point in the history 
Closes: #1889
  • Loading branch information
@gotson
gotson committed Feb 24, 2025
1 parent 66c711e commit e7335fa
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
1 change: 1 addition & 0 deletions komga/src/main/kotlin/org/gotson/komga/infrastructure/security/SecurityConfiguration.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ class SecurityConfiguration(
TokenBasedRememberMeServices(komgaSettingsProvider.rememberMeKey, komgaUserDetailsService).apply {
setTokenValiditySeconds(komgaSettingsProvider.rememberMeDuration.inWholeSeconds.toInt())
setAuthenticationDetailsSource(userAgentWebAuthenticationDetailsSource)
setCookieName("komga-remember-me")
},
)
}
Expand Down
2 changes: 1 addition & 1 deletion .../src/main/kotlin/org/gotson/komga/infrastructure/security/session/SessionConfiguration.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import org.springframework.session.web.http.HttpSessionIdResolver
@Configuration
class SessionConfiguration {
@Bean
fun sessionCookieName() = "SESSION"
fun sessionCookieName() = "KOMGA-SESSION"

@Bean
fun sessionHeaderName() = "X-Auth-Token"
Expand Down
19 changes: 19 additions & 0 deletions komga/src/test/kotlin/org/gotson/komga/interfaces/api/SessionTest.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ class SessionTest(
) {
private lateinit var user: KomgaUser

private val rememberMeCookieName = "komga-remember-me"

@BeforeAll
fun setup() {
user = KomgaUser("[email protected]", "user")
Expand Down Expand Up @@ -56,6 +58,23 @@ class SessionTest(
}
}

@Test
fun `given remember-me parameter when hitting an endpoint then remember-me cookie is returned`() {
mockMvc
.get("/api/v2/users/me") {
with(httpBasic(user.email, user.password))
param("remember-me", "true")
}.andExpect {
header {
string(HttpHeaders.SET_COOKIE, containsString("$rememberMeCookieName="))
}
cookie {
exists(rememberMeCookieName)
httpOnly(rememberMeCookieName, true)
}
}
}

@Test
fun `given valid basic credentials when providing the auth header then session is returned in headers`() {
mockMvc
Expand Down

0 comments on commit e7335fa

Please sign in to comment.