Make session cookie name customizable. (#256)

This option is optional and set to authelia_session by default.
2018-08-19 13:07:00 +02:00 · 2018-08-19 13:07:00 +02:00 · 0dd9a5f815
parent 2b1807d32b
commit 0dd9a5f815
7 changed files with 20 additions and 5 deletions
--- a/config.template.yml
+++ b/config.template.yml
@ -173,6 +173,9 @@ access_control:
 # 
 # The session cookies identify the user once logged in.
 session:
+  # The name of the session cookie. (default: authelia_session).
+  name: authelia_session
+
  # The secret to encrypt the session cookie.
  secret: unsecure_session_secret
  
--- a/server/src/lib/configuration/SessionConfigurationBuilder.spec.ts
+++ b/server/src/lib/configuration/SessionConfigurationBuilder.spec.ts
@ -39,6 +39,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
      },
      port: 8080,
      session: {
+        name: "authelia_session",
        domain: "example.com",
        expiration: 3600,
        secret: "secret"
@ -73,6 +74,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
    const options = SessionConfigurationBuilder.build(configuration, deps);

    const expectedOptions = {
+      name: "authelia_session",
      secret: "secret",
      resave: false,
      saveUninitialized: true,
@ -118,6 +120,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
      },
      port: 8080,
      session: {
+        name: "authelia_session",
        domain: "example.com",
        expiration: 3600,
        secret: "secret",
@ -165,6 +168,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
      secret: "secret",
      resave: false,
      saveUninitialized: true,
+      name: "authelia_session",
      cookie: {
        secure: true,
        httpOnly: true,
--- a/server/src/lib/configuration/SessionConfigurationBuilder.ts
+++ b/server/src/lib/configuration/SessionConfigurationBuilder.ts
@ -7,6 +7,7 @@ export class SessionConfigurationBuilder {

  static build(configuration: Configuration, deps: GlobalDependencies): ExpressSession.SessionOptions {
    const sessionOptions: ExpressSession.SessionOptions = {
+      name: configuration.session.name,
      secret: configuration.session.secret,
      resave: false,
      saveUninitialized: true,
--- a/server/src/lib/configuration/schema/SessionConfiguration.spec.ts
+++ b/server/src/lib/configuration/schema/SessionConfiguration.spec.ts
@ -9,6 +9,7 @@ describe("configuration/schema/SessionConfiguration", function() {
    };
    const newConfiguration = complete(configuration);

+    Assert.equal(newConfiguration.name, 'authelia_session');
    Assert.equal(newConfiguration.expiration, 3600000);
    Assert.equal(newConfiguration.inactivity, undefined);
  });
--- a/server/src/lib/configuration/schema/SessionConfiguration.ts
+++ b/server/src/lib/configuration/schema/SessionConfiguration.ts
@ -4,6 +4,7 @@ export interface SessionRedisOptions {
 }

 export interface SessionConfiguration {
+  name?: string;
  domain: string;
  secret: string;
  expiration?: number;
@ -14,6 +15,10 @@ export interface SessionConfiguration {
 export function complete(configuration: SessionConfiguration): SessionConfiguration {
  const newConfiguration: SessionConfiguration = (configuration) ? JSON.parse(JSON.stringify(configuration)) : {};

+  if (!newConfiguration.name) {
+    newConfiguration.name = "authelia_session";
+  }
+
  if (!newConfiguration.expiration) {
    newConfiguration.expiration = 3600000; // 1 hour
  }
--- a/test/features/forward-headers.feature
+++ b/test/features/forward-headers.feature
@ -1,4 +1,4 @@
-Feature: User and groups headers are correctly forwarded to backend
+Feature: Headers are correctly forwarded to backend
  @need-authenticated-user-john
  Scenario: Custom-Forwarded-User and Custom-Forwarded-Groups are correctly forwarded to protected backend
    When I visit "https://public.example.com:8080/headers"
--- a/test/features/step_definitions/forward-headers.ts
+++ b/test/features/step_definitions/forward-headers.ts
@ -2,7 +2,8 @@ import {Then} from "cucumber";
 import seleniumWebdriver = require("selenium-webdriver");
 import CustomWorld = require("../support/world");
 import Util = require("util");
-import BluebirdPromise = require("bluebird");
+import Bluebird = require("bluebird");
+import Request = require("request-promise");

 Then("I see header {string} set to {string}",
  { timeout: 5000 },
@ -11,8 +12,8 @@ Then("I see header {string} set to {string}",
      .then(function (txt: string) {
        const expectedLine = Util.format("\"%s\": \"%s\"", expectedHeaderName, expectedValue);
        if (txt.indexOf(expectedLine) > 0)
-          return BluebirdPromise.resolve();
+          return Bluebird.resolve();
        else
-          return BluebirdPromise.reject(new Error(Util.format("No such header or with unexpected value.")));
+          return Bluebird.reject(new Error(Util.format("No such header or with unexpected value.")));
      });
-  })
+  })