STAC-17136. Added two cookies for backwards compability for the csrf …

…cookie.

src/main/scala/com/stackstate/pac4j/authorizer/CsrfCookieAuthorizer.scala

@@ -14,18 +14,30 @@ object CsrfCookieAuthorizer {
 
   def apply(context: AkkaHttpWebContext, maxAge: Option[FiniteDuration]): AkkaHttpWebContext = {
     val token = UUID.randomUUID.toString
-    val cookie = new Cookie(Pac4jConstants.CSRF_TOKEN, token)
-    cookie.setPath(CookiePath)
 
-    maxAge.map(_.toSeconds.toInt).foreach {
-      cookie.setMaxAge
-    }
+    val cookieWithDomain = createCookie(token, maxAge)
+    cookieWithDomain.setDomain(context.getServerName)
+
+    val cookieWithoutDomain = createCookie(token, maxAge)
 
     context.setRequestAttribute(Pac4jConstants.CSRF_TOKEN, token)
     context.getSessionStore.set(context, Pac4jConstants.CSRF_TOKEN, token)
-    context.addResponseCookie(cookie)
 
+    // previous versions set both cookies. This change is to keep it backwards compatible.
+    context.addResponseCookie(cookieWithDomain)
+    context.addResponseCookie(cookieWithoutDomain)
     context
   }
 
+
+  def createCookie(token: String, maxAge: Option[FiniteDuration]) = {
+    val cookie = new Cookie(Pac4jConstants.CSRF_TOKEN, token)
+    cookie.setPath(CookiePath)
+
+    maxAge.map(_.toSeconds.toInt).foreach {
+      cookie.setMaxAge
+    }
+    cookie
+  }
+
 }

src/test/scala/com/stackstate/pac4j/AkkaHttpSecurityTest.scala

@@ -3,6 +3,7 @@ package com.stackstate.pac4j
 import java.{lang, util}
 import com.github.ghik.silencer.silent
 import akka.http.scaladsl.model._
+import akka.http.scaladsl.model.headers.{HttpCookie, `Set-Cookie`}
 import akka.http.scaladsl.server.Directives._
 import akka.http.scaladsl.server.{AuthorizationFailedRejection, RouteResult}
 import akka.http.scaladsl.server.RouteResult.Complete
@@ -299,7 +300,7 @@ class AkkaHttpSecurityTest extends AnyWordSpecLike with Matchers with ScalatestR
 
     "run the callbackLogic should send back a sessionId if the csrf cookie is true" in {
       val config = new Config()
-      val existingContext = AkkaHttpWebContext(HttpRequest(), Seq.empty, new InMemorySessionStorage(3.minutes), AkkaHttpWebContext.DEFAULT_COOKIE_NAME)
+      val existingContext = AkkaHttpWebContext(HttpRequest(uri = "http://test.com"), Seq.empty, new InMemorySessionStorage(3.minutes), AkkaHttpWebContext.DEFAULT_COOKIE_NAME)
 
       val actionAdapter = new HttpActionAdapter[HttpResponse, AkkaHttpWebContext] {
         override def adapt(code: HttpAction, context: AkkaHttpWebContext): HttpResponse = ???
@@ -319,15 +320,20 @@ class AkkaHttpSecurityTest extends AnyWordSpecLike with Matchers with ScalatestR
       })
 
       val akkaHttpSecurity = new AkkaHttpSecurity(config, new InMemorySessionStorage(3.minutes))
-      Get("/") ~> akkaHttpSecurity
+      Get("http://test.com/") ~> akkaHttpSecurity
         .callback("/blaat", saveInSession = false, multiProfile = false, Some("Yooo"), existingContext = Some(existingContext), setCsrfCookie = true) ~> check {
-        headers.size shouldBe 2
         val localHeaders: Seq[HttpHeader] = headers
         val threeMinutesInSeconds = 180
         // When `addResponseCsrfCookie` is called the method `getOrCreateSessionId` is called which creates a Session
         // when `addResponseSessionCookie` is called there is already a session so a cookie with value is added.
         localHeaders.find(_.value().contains("pac4jCsrfToken")).get.value().contains(s"Max-Age=$threeMinutesInSeconds;") shouldBe true
         localHeaders.find(_.value().contains("AkkaHttpPac4jSession")).get.value().contains(s"Max-Age=$threeMinutesInSeconds;") shouldBe true
+
+        val csrfCookies: Seq[HttpCookie] = localHeaders.collect { case setCookie: `Set-Cookie` if setCookie.cookie.name() == "pac4jCsrfToken" => setCookie.cookie }
+        // Previous version always added the two cookies. Current version doesn't need domain.
+        // We add the two to keep it backwards compatible.
+        csrfCookies.filter(_.domain.nonEmpty).size shouldBe 1
+        csrfCookies.filter(_.domain.isEmpty).size shouldBe 1
       }
     }
   }