Skip to content

Commit

Permalink
chore(session) 2.1.1 (#11)
Browse files Browse the repository at this point in the history 
* fix(session) do not try to use body if it cannot be read on logout
* chore(session) 2.1.1
  • Loading branch information
@bungle
bungle authored Jul 8, 2019
1 parent 43832df commit 87b3c76
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 84 deletions.
4 changes: 2 additions & 2 deletions kong-plugin-session-2.1.0-1.rockspec → kong-plugin-session-2.1.1-1.rockspec
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package = "kong-plugin-session"

version = "2.1.0-1"
version = "2.1.1-1"

supported_platforms = {"linux", "macosx"}

source = {
url = "git://github.com/Kong/kong-plugin-session",
tag = "2.1.0"
tag = "2.1.1"
}

description = {
Expand Down
2 changes: 1 addition & 1 deletion kong/plugins/session/handler.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ local kong = kong

local KongSessionHandler = {
PRIORITY = 1900,
VERSION = "2.1.0",
VERSION = "2.1.1",
}


Expand Down
42 changes: 17 additions & 25 deletions kong/plugins/session/session.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,48 +83,40 @@ end
--- Determine is incoming request is trying to logout
-- @return boolean should logout of the session?
function _M.logout(conf)
local logout = false

local logout_methods = conf.logout_methods
if logout_methods then
local request_method = kong.request.get_method()
local logout
for _, logout_method in ipairs(logout_methods) do
if logout_method == request_method then
logout = true
break
end
end

if logout then
logout = false

local logout_query_arg = conf.logout_query_arg
if logout_query_arg then
if kong.request.get_query_arg(logout_query_arg) then
logout = true
end
end
if not logout then
return false
end

if logout then
local logout_query_arg = conf.logout_query_arg
if logout_query_arg then
if kong.request.get_query_arg(logout_query_arg) then
kong.log.debug("logout by query argument")
return true
end
end

else
local logout_post_arg = conf.logout_post_arg
if logout_post_arg then
local post_args = kong.request.get_body()
if post_args[logout_post_arg] then
logout = true
end

if logout then
kong.log.debug("logout by post argument")
end
end
local logout_post_arg = conf.logout_post_arg
if logout_post_arg then
local post_args = kong.request.get_body()
if post_args and post_args[logout_post_arg] then
kong.log.debug("logout by post argument")
return true
end
end
end

return logout
return false
end


Expand Down
86 changes: 30 additions & 56 deletions spec/03-session_spec.lua
View file
Original file line number Diff line number Diff line change
@@ -1,106 +1,80 @@
local helpers = require "spec.helpers"
local session = require "kong.plugins.session.session"
local phases = require "kong.pdk.private.phases"
local function mock(method)
_G.kong = {
request = {
get_method = function() return method end,
get_query_arg = function() return true end,
get_body = function() return { session_logout = true } end,
},
log = {
debug = function() end
}
}

describe("Plugin: Session - session.lua", function()
local old_ngx
return require "kong.plugins.session.session"
end

describe("Plugin: Session - session.lua", function()
local old_kong
before_each(function()
kong.ctx.core.phase = phases.phases.request

old_ngx = {
get_phase = function()end,
req = {
read_body = function()end
},
log = function() end,
DEBUG = 1
}
_G.ngx = old_ngx
old_kong = _G.kong
end)

after_each(function()
_G.ngx = old_ngx
_G.kong = old_kong
package.loaded["kong.plugins.session.session"] = nil
end)


it("logs out with GET request", function()
kong.request.get_query = function() return {["session_logout"] = true} end
kong.request.get_method = function() return "GET" end

local session = mock("GET")
local conf = {
logout_methods = {"GET", "POST"},
logout_methods = { "GET", "POST" },
logout_query_arg = "session_logout"
}

assert.truthy(session.logout(conf))
end)

it("logs out with POST request with body", function()
ngx.req.get_post_args = function()
return {["session_logout"] = true}
end
ngx.req.read_body = function() end
kong.request.get_method = function() return "POST" end

local session = mock("POST")
local conf = {
logout_methods = {"POST"},
logout_methods = { "POST" },
logout_post_arg = "session_logout"
}

assert.truthy(session.logout(conf))
end)

it("logs out with DELETE request with body", function()
ngx.req.get_post_args = function()
return {["session_logout"] = true}
end
ngx.req.read_body = function() end
kong.request.get_method = function() return "DELETE" end

local session = mock("DELETE")
local conf = {
logout_methods = {"DELETE"},
logout_methods = { "DELETE" },
logout_post_arg = "session_logout"
}

assert.truthy(session.logout(conf))
end)

it("logs out with DELETE request with query params", function()
kong.request.get_query = function() return {["session_logout"] = true} end
kong.request.get_method = function() return "DELETE" end

local session = mock("DELETE")
local conf = {
logout_methods = {"DELETE"},
logout_methods = { "DELETE" },
logout_query_arg = "session_logout"
}

assert.truthy(session.logout(conf))
end)

it("does not logout with GET requests when method is not allowed", function()
kong.request.get_query = function() return {["session_logout"] = true} end
kong.request.get_method = function() return "GET" end

local session = mock("GET")
local conf = {
logout_methods = {"DELETE"},
logout_methods = { "DELETE" },
logout_query_arg = "session_logout"
}

assert.falsy(session.logout(conf))
end)

it("does not logout with POST requests when method is not allowed", function()
ngx.req.get_post_args = function()
return {["session_logout"] = true}
end
kong.request.get_method = function() return "POST" end

local session = mock("POST")
local conf = {
logout_methods = {"DELETE"},
logout_methods = { "DELETE" },
logout_post_arg = "session_logout"
}

assert.falsy(session.logout(conf))
end)
end)

0 comments on commit 87b3c76

Please sign in to comment.