Merge "Add ability to set authentication cookie's domain"

2016-02-24 13:27:43 +00:00 · 2016-02-24 13:27:43 +00:00 · 45d44e9b41
commit 45d44e9b41
parent 9cc6f03a53 26873c0e8d
3 changed files with 21 additions and 2 deletions
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt
@ -383,6 +383,12 @@ Sets "path" attribute of the authentication cookie.
 +
 If not set, HTTP request's path is used.

+[[auth.cookieDomain]]auth.cookieDomain::
+
+Sets "domain" attribute of the authentication cookie.
+
+If not set, HTTP request's domain is used.
+
 [[auth.cookieSecure]]auth.cookieSecure::
 +
 Sets "secure" flag of the authentication cookie.  If true, cookies
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/CacheBasedWebSession.java
@ -17,6 +17,7 @@ package com.google.gerrit.httpd;
 import static java.util.concurrent.TimeUnit.HOURS;

 import com.google.gerrit.common.data.HostPageData;
+import com.google.common.base.Strings;
 import com.google.gerrit.httpd.WebSessionManager.Key;
 import com.google.gerrit.httpd.WebSessionManager.Val;
 import com.google.gerrit.reviewdb.client.Account;
@ -202,9 +203,9 @@ public abstract class CacheBasedWebSession implements WebSession {
    }

    String path = authConfig.getCookiePath();
-    if (path == null || path.isEmpty()) {
+    if (Strings.isNullOrEmpty(path)) {
      path = request.getContextPath();
-      if (path == null || path.isEmpty()) {
+      if (Strings.isNullOrEmpty(path)) {
        path = "/";
      }
    }
@ -214,6 +215,12 @@ public abstract class CacheBasedWebSession implements WebSession {
    }

    outCookie = new Cookie(ACCOUNT_COOKIE, token);
+
+    String domain = authConfig.getCookieDomain();
+    if (!Strings.isNullOrEmpty(domain)) {
+      outCookie.setDomain(domain);
+    }
+
    outCookie.setSecure(isSecure(request));
    outCookie.setPath(path);
    outCookie.setMaxAge(ageSeconds);
--- a/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/AuthConfig.java
@ -58,6 +58,7 @@ public class AuthConfig {
  private final List<OpenIdProviderPattern> trustedOpenIDs;
  private final List<OpenIdProviderPattern> allowedOpenIDs;
  private final String cookiePath;
+  private final String cookieDomain;
  private final boolean cookieSecure;
  private final SignedToken emailReg;
  private final boolean allowRegisterNewEmail;
@ -84,6 +85,7 @@ public class AuthConfig {
    trustedOpenIDs = toPatterns(cfg, "trustedOpenID");
    allowedOpenIDs = toPatterns(cfg, "allowedOpenID");
    cookiePath = cfg.getString("auth", null, "cookiepath");
+    cookieDomain = cfg.getString("auth", null, "cookiedomain");
    cookieSecure = cfg.getBoolean("auth", "cookiesecure", false);
    trustContainerAuth = cfg.getBoolean("auth", "trustContainerAuth", false);
    enableRunAs = cfg.getBoolean("auth", null, "enableRunAs", true);
@ -179,6 +181,10 @@ public class AuthConfig {
    return cookiePath;
  }

+  public String getCookieDomain() {
+    return cookieDomain;
+  }
+
  public boolean getCookieSecure() {
    return cookieSecure;
  }