From d2e96b8c23c652f906d392efe597ad85096824af Mon Sep 17 00:00:00 2001
From: Robert Gaggl <robert@nomatic.org>
Date: Thu, 10 Apr 2014 11:13:25 +0200
Subject: [PATCH] made httpserver more configurable:

options passed to Server constructor accept the following new props:
- `sessions` (boolean) enable/disable sessions
- `security` (boolean) enable/disable security
- `cookieName` (string) optional cookie name
- `httpOnlyCookies` (boolean) enable/disable http-only for session cookies
- `secureCookies` (boolean) enable/disable secure flag for session cookies

`sessions` and `security` options were hardcoded before, which made overriding
the handlers of the server's default context (in jetty.xml) impossible.

in addition the object returned by `getContext()` now contains a getter
function for the wrapped ServletContextHandler (used in unit test).
---
 modules/ringo/httpserver.js   | 30 +++++++++++++++++++++++--
 test/ringo/httpserver_test.js | 41 +++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/modules/ringo/httpserver.js b/modules/ringo/httpserver.js
index c94ad4626..a9f5fc60e 100644
--- a/modules/ringo/httpserver.js
+++ b/modules/ringo/httpserver.js
@@ -24,6 +24,11 @@ var options,
  * <li>jettyConfig ('config/jetty.xml')</li>
  * <li>port (8080)</li>
  * <li>host (undefined)</li>
+ * <li>sessions (true)</li>
+ * <li>security (true)</li>
+ * <li>cookieName (null)</li>
+ * <li>httpOnlyCookies (false)</li>
+ * <li>secureCookies (false)</li>
  * </ul>
  *
  * For convenience, the constructor supports the definition of a JSGI application
@@ -69,6 +74,9 @@ function Server(options) {
      * @param {Object} options may have the following properties:
      *   sessions: true to enable sessions for this context, false otherwise
      *   security: true to enable security for this context, false otherwise
+     *   cookieName: optional cookie name
+     *   httpOnlyCookies: true to enable http-only session cookies
+     *   secureCookies: true to enable secure session cookies
      * @see #Context
      * @since: 0.6
      * @returns a Context object
@@ -86,6 +94,15 @@ function Server(options) {
             if (virtualHosts) {
                 cx.setVirtualHosts(Array.isArray(virtualHosts) ? virtualHosts : [String(virtualHosts)]);
             }
+            var sessionHandler = cx.getSessionHandler();
+            if (sessionHandler != null) {
+                var sessionManager = sessionHandler.getSessionManager();
+                sessionManager.setHttpOnly(options.httpOnlyCookies);
+                sessionManager.setSecureCookies(options.secureCookies);
+                if (typeof(options.cookieName) === "string") {
+                    sessionManager.setSessionCookie(options.cookieName);
+                }
+            }
             contextMap[contextKey] = cx;
             if (jetty.isRunning()) {
                 cx.start();
@@ -100,6 +117,12 @@ function Server(options) {
          * @name Context
          */
         return {
+            /**
+             * Returns the wrapped servlet context handler
+             */
+            getHandler: function() {
+                return cx;
+            },
             /**
              * Map this context to a JSGI application.
              * @param {function|object} app a JSGI application, either as a function
@@ -319,8 +342,11 @@ function Server(options) {
 
     // create default context
     defaultContext = this.getContext(options.mountpoint || "/", options.virtualHost, {
-        security: true,
-        sessions: true
+        security: options.security !== false,
+        sessions: options.sessions !== false,
+        cookieName: options.cookieName || null,
+        httpOnlyCookies: options.httpOnlyCookies === true,
+        secureCookies: options.secureCookies === true
     });
 
     // If options defines an application mount it
diff --git a/test/ringo/httpserver_test.js b/test/ringo/httpserver_test.js
index ba241e825..ba30b45cb 100644
--- a/test/ringo/httpserver_test.js
+++ b/test/ringo/httpserver_test.js
@@ -200,6 +200,47 @@ exports.testMultipleHeaders = function () {
     connection.getResponseCode();
 };
 
+exports.testOptions = function() {
+    server.stop();
+    var config = {
+        host: host,
+        port: port,
+        sessions: false,
+        security: false
+    };
+    server = new Server(config);
+    server.start();
+    var cx = server.getDefaultContext();
+    assert.isNull(cx.getHandler().getSessionHandler());
+    assert.isNull(cx.getHandler().getSecurityHandler());
+    server.stop();
+    // enable sessions
+    config.sessions = true;
+    config.security = true;
+    server = new Server(config);
+    server.start();
+    cx = server.getDefaultContext();
+    assert.isNotNull(cx.getHandler().getSecurityHandler());
+    var sessionHandler = cx.getHandler().getSessionHandler();
+    assert.isNotNull(sessionHandler);
+    var sessionManager = sessionHandler.getSessionManager();
+    assert.strictEqual(sessionManager.getSessionCookie(), "JSESSIONID");
+    assert.isFalse(sessionManager.getHttpOnly());
+    assert.isFalse(sessionManager.getSecureCookies());
+    server.stop();
+    // configure session cookies
+    config.cookieName = "ringosession";
+    config.httpOnlyCookies = true;
+    config.secureCookies = true;
+    server = new Server(config);
+    server.start();
+    cx = server.getDefaultContext();
+    sessionManager = cx.getHandler().getSessionHandler().getSessionManager();
+    assert.strictEqual(sessionManager.getSessionCookie(), config.cookieName);
+    assert.isTrue(sessionManager.getHttpOnly());
+    assert.isTrue(sessionManager.getSecureCookies());
+};
+
 // start the test runner if we're called directly from command line
 if (require.main == module.id) {
     var {run} = require("test");