saltstack · dwoz · Dec 28, 2019 · Aug 2, 2019 · Aug 6, 2019 · Dec 27, 2019
@@ -26,6 +26,8 @@ Versions are `MAJOR.PATCH`.
 
 ### Changed
 
+- [#54013](https://github.com/saltstack/salt/pull/54103) - Set `session_id`
+  cookie in the rest_tornado backend.
 - [SEP 14](https://github.com/saltstack/salt-enhancement-proposals/pull/20) - Changed to numeric versions.
 - [SEP 1](https://github.com/saltstack/salt-enhancement-proposals/blob/master/accepted/0001-changelog-format.md), [SEP 14](https://github.com/saltstack/salt-enhancement-proposals/pull/20) - Adopted keepachangelog format.
 

@@ -740,6 +740,7 @@ def post(self):
             self.send_error(401)
             # return since we don't want to execute any more
             return
+        self.set_cookie(AUTH_COOKIE_NAME, token['token'])
 
         # Grab eauth config for the current backend for the current user
         try:

@@ -526,15 +526,17 @@ def test_login(self):
         '''
         Test valid logins
         '''
-
         # Test in form encoded
         response = self.fetch('/login',
                                method='POST',
                                body=urlencode(self.auth_creds),
                                headers={'Content-Type': self.content_type_map['form']})
 
+        cookies = response.headers['Set-Cookie']
         self.assertEqual(response.code, 200)
         response_obj = salt.utils.json.loads(response.body)['return'][0]
+        token = response_obj['token']
+        self.assertIn('session_id={0}'.format(token), cookies)
         self.assertEqual(sorted(response_obj['perms']), sorted(self.opts['external_auth']['auto'][self.auth_creds_dict['username']]))
         self.assertIn('token', response_obj)  # TODO: verify that its valid?
         self.assertEqual(response_obj['user'], self.auth_creds_dict['username'])
@@ -546,8 +548,11 @@ def test_login(self):
                                body=salt.utils.json.dumps(self.auth_creds_dict),
                                headers={'Content-Type': self.content_type_map['json']})
 
+        cookies = response.headers['Set-Cookie']
         self.assertEqual(response.code, 200)
         response_obj = salt.utils.json.loads(response.body)['return'][0]
+        token = response_obj['token']
+        self.assertIn('session_id={0}'.format(token), cookies)
         self.assertEqual(sorted(response_obj['perms']), sorted(self.opts['external_auth']['auto'][self.auth_creds_dict['username']]))
         self.assertIn('token', response_obj)  # TODO: verify that its valid?
         self.assertEqual(response_obj['user'], self.auth_creds_dict['username'])
@@ -559,8 +564,11 @@ def test_login(self):
                                body=salt.utils.yaml.safe_dump(self.auth_creds_dict),
                                headers={'Content-Type': self.content_type_map['yaml']})
 
+        cookies = response.headers['Set-Cookie']
         self.assertEqual(response.code, 200)
         response_obj = salt.utils.json.loads(response.body)['return'][0]
+        token = response_obj['token']
+        self.assertIn('session_id={0}'.format(token), cookies)
         self.assertEqual(sorted(response_obj['perms']), sorted(self.opts['external_auth']['auto'][self.auth_creds_dict['username']]))
         self.assertIn('token', response_obj)  # TODO: verify that its valid?
         self.assertEqual(response_obj['user'], self.auth_creds_dict['username'])