ws: Clear cookie whenever sending login page

cockpit-project · Aug 16, 2017 · 5354eb2 · 5354eb2
1 parent 7ab4785
commit 5354eb2
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 2 deletions.
diff --git a/src/ws/cockpitauth.c b/src/ws/cockpitauth.c
@@ -1556,3 +1556,17 @@ cockpit_auth_parse_application (const gchar *path,
   g_free (tmp);
   return val;
 }
+
+gchar *
+cockpit_auth_empty_cookie_value (const gchar *path)
+{
+  gchar *application = cockpit_auth_parse_application (path, NULL);
+  gchar *cookie = application_cookie_name (application);
+
+  gchar *cookie_line = g_strdup_printf ("%s=deleted; PATH=/", cookie);
+
+  g_free (application);
+  g_free (cookie);
+
+  return cookie_line;
+}
diff --git a/src/ws/cockpitauth.h b/src/ws/cockpitauth.h
@@ -94,6 +94,8 @@ gchar *         cockpit_auth_steal_authorization      (GHashTable *headers,
                                                        gchar **ret_type,
                                                        gchar **ret_conversation);
 
+gchar *         cockpit_auth_empty_cookie_value       (const gchar *path);
+
 G_END_DECLS
 
 #endif
diff --git a/src/ws/cockpithandlers.c b/src/ws/cockpithandlers.c
@@ -334,6 +334,7 @@ build_environment (GHashTable *os_release)
 static void
 send_login_html (CockpitWebResponse *response,
                  CockpitHandlerData *ws,
+                 const gchar *path,
                  GHashTable *headers)
 {
   static const gchar *marker = "<meta insert_dynamic_content_here>";
@@ -346,6 +347,7 @@ send_login_html (CockpitWebResponse *response,
   GBytes *url_bytes = NULL;
   CockpitWebFilter *filter2 = NULL;
   const gchar *url_root = NULL;
+  gchar *cookie_line = NULL;
   gchar *base;
 
   gchar *language = NULL;
@@ -411,18 +413,22 @@ send_login_html (CockpitWebResponse *response,
   else
     {
       /* The login Content-Security-Policy allows the page to have inline <script> and <style> tags. */
+      cookie_line = cockpit_auth_empty_cookie_value (path);
       cockpit_web_response_headers (response, 200, "OK", -1,
                                     "Content-Type",
                                     "text/html",
                                     "Content-Security-Policy",
                                     "default-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss:",
+                                    "Set-Cookie",
+                                    cookie_line,
                                     NULL);
       if (cockpit_web_response_queue (response, bytes))
         cockpit_web_response_complete (response);
 
       g_bytes_unref (bytes);
     }
 
+  g_free (cookie_line);
   g_strfreev (languages);
 }
 
@@ -536,7 +542,7 @@ handle_resource (CockpitHandlerData *data,
         }
       else if (g_str_has_suffix (path, ".html"))
         {
-          send_login_html (response, data, headers);
+          send_login_html (response, data, path, headers);
         }
       else
         {
@@ -586,7 +592,7 @@ handle_shell (CockpitHandlerData *data,
     }
   else
     {
-      send_login_html (response, data, headers);
+      send_login_html (response, data, path, headers);
     }
 }
 

diff --git a/src/ws/test-handlers.c b/src/ws/test-handlers.c
@@ -520,6 +520,7 @@ static const DefaultFixture fixture_shell_path_login = {
   .org_path = "/path/system/host",
   .auth = NULL,
   .expect = "HTTP/1.1 200*"
+      "Set-Cookie: cockpit=deleted*"
       "<html>*"
       "<base href=\"/path/\">*"
       "login-button*"
@@ -599,6 +600,7 @@ static const DefaultFixture fixture_shell_login = {
   .path = "/system/host",
   .auth = NULL,
   .expect = "HTTP/1.1 200*"
+      "Set-Cookie: cockpit=deleted*"
       "<html>*"
       "<base href=\"/\">*"
       "login-button*"
@@ -652,6 +654,7 @@ static const DefaultFixture fixture_resource_login = {
   .path = "/cockpit/@localhost/yyy/zzz.html",
   .auth = NULL,
   .expect = "HTTP/1.1 200*"
+    "Set-Cookie: cockpit=deleted*"
     "<html>*"
     "login-button*"
 };
@@ -675,6 +678,17 @@ static const DefaultFixture fixture_host_static = {
     "url(\"logo.png\");*"
 };
 
+static const DefaultFixture fixture_host_login = {
+  .path = "/=host/system",
+  .auth = NULL,
+  .config = SRCDIR "/src/ws/mock-config/cockpit/cockpit.conf",
+  .expect = "HTTP/1.1 200*"
+      "Set-Cookie: machine-cockpit+host=deleted*"
+      "<html>*"
+      "<base href=\"/\">*"
+      "login-button*"
+};
+
 static const DefaultFixture fixture_host_static_no_auth = {
   .path = "/cockpit+=host/static/branding.css",
   .expect = "HTTP/1.1 403*",
@@ -879,6 +893,8 @@ main (int argc,
               setup_default, test_default, teardown_default);
   g_test_add ("/handlers/static/host-static", Test, &fixture_host_static,
               setup_default, test_default, teardown_default);
+  g_test_add ("/handlers/static/host-login", Test, &fixture_host_login,
+              setup_default, test_default, teardown_default);
   g_test_add ("/handlers/static/host-static-no-auth", Test, &fixture_host_static_no_auth,
               setup_default, test_default, teardown_default);
   g_test_add ("/handlers/static/application", Test, &fixture_static_application,