fixup! fixup! [#8362] Add secure attr to session cookie
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 86bb0b5..bcf6527 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -261,7 +261,7 @@
self.session.invalidate()
self.session.save()
response.delete_cookie('allura-loggedin')
- response.set_cookie('memorable_forget', '/')
+ response.set_cookie('memorable_forget', '/', secure=request.environ['beaker.session'].secure)
def validate_password(self, user, password):
'''Check that provided password matches actual user password
diff --git a/Allura/allura/public/nf/js/allura-base.js b/Allura/allura/public/nf/js/allura-base.js
index 6a4fd10..a4031d6 100644
--- a/Allura/allura/public/nf/js/allura-base.js
+++ b/Allura/allura/public/nf/js/allura-base.js
@@ -218,7 +218,8 @@
cookie = cookie.replace(new RegExp(note_id + '-([0-9]+)-False'), note_id + '-$1-True');
$.cookie('site-notification', cookie, {
expires: 365,
- path: '/'
+ path: '/',
+ secure: top.location.protocol==='https:' ? true : false
});
e.preventDefault();
return false;
diff --git a/Allura/allura/public/nf/js/maximize-content.js b/Allura/allura/public/nf/js/maximize-content.js
index 7202125..c714057 100644
--- a/Allura/allura/public/nf/js/maximize-content.js
+++ b/Allura/allura/public/nf/js/maximize-content.js
@@ -25,7 +25,7 @@
$('#maximize-content, #restore-content').click(function (e) {
$('body').toggleClass('content-maximized');
var is_visible = $(".content-maximized").is(":visible") ? 'true' : 'false';
- $.cookie('maximizeView', is_visible);
+ $.cookie('maximizeView', is_visible, {secure: true});
e.preventDefault();
return false;
diff --git a/Allura/allura/public/nf/js/memorable.js b/Allura/allura/public/nf/js/memorable.js
index e756cea..7143f35 100644
--- a/Allura/allura/public/nf/js/memorable.js
+++ b/Allura/allura/public/nf/js/memorable.js
@@ -264,7 +264,7 @@
localStorage.removeItem(localStorage.key(i));
}
}
- $.removeCookie('memorable_forget', { path: '/' });
+ $.removeCookie('memorable_forget', { path: '/', secure: true });
}
};
diff --git a/Allura/allura/tests/test_plugin.py b/Allura/allura/tests/test_plugin.py
index e615b74..04cd893 100644
--- a/Allura/allura/tests/test_plugin.py
+++ b/Allura/allura/tests/test_plugin.py
@@ -338,9 +338,11 @@
note.page_tool_type = None
SiteNotification.actives.return_value = [note]
request.cookies = {'site-notification': 'deadbeef-1-false'}
+ request.environ['beaker.session'].secure = False
+
assert_is(ThemeProvider().get_site_notification(), note)
response.set_cookie.assert_called_once_with(
- 'site-notification', 'deadbeef-2-False', max_age=dt.timedelta(days=365))
+ 'site-notification', 'deadbeef-2-False', max_age=dt.timedelta(days=365), secure=False)
@patch('allura.lib.plugin.c', MagicMock())
@patch('allura.model.notification.SiteNotification')
@@ -370,9 +372,11 @@
note.page_tool_type = None
SiteNotification.actives.return_value = [note]
request.cookies = {'site-notification': '0ddba11-1000-true'}
+ request.environ['beaker.session'].secure = False
+
assert_is(ThemeProvider().get_site_notification(), note)
response.set_cookie.assert_called_once_with(
- 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365))
+ 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365), secure=False)
@patch('allura.lib.plugin.c', MagicMock())
@patch('allura.model.notification.SiteNotification')
@@ -387,9 +391,10 @@
note.page_tool_type = None
SiteNotification.actives.return_value = [note]
request.cookies = {}
+ request.environ['beaker.session'].secure = False
assert_is(ThemeProvider().get_site_notification(), note)
response.set_cookie.assert_called_once_with(
- 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365))
+ 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365), secure=False)
@patch('allura.lib.plugin.c', MagicMock())
@patch('allura.model.notification.SiteNotification')
@@ -404,9 +409,11 @@
note.page_tool_type = None
SiteNotification.actives.return_value = [note]
request.cookies = {'site-notification': 'deadbeef-1000-true-bad'}
+ request.environ['beaker.session'].secure = False
+
assert_is(ThemeProvider().get_site_notification(), note)
response.set_cookie.assert_called_once_with(
- 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365))
+ 'site-notification', 'deadbeef-1-False', max_age=dt.timedelta(days=365), secure=False)
@patch('allura.lib.plugin.c')
@patch('allura.model.notification.SiteNotification')
