2
0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-28 11:57:37 +00:00

Stop trying to use generic cookie parsing

Trying to do so while guarding against errors and sanitizing input was more code and slower
than targeting the one possible cookie we might care about.

So the code is simpler and
the performance is better, and the effect of stray cookies are mitigated.
This commit is contained in:
Jarrod Johnson 2020-10-29 11:36:26 -04:00
parent bddbc37e8e
commit 95659db00a

View File

@ -65,16 +65,6 @@ opmap = {
}
class RobustCookie(Cookie.SimpleCookie):
# this is very bad form, but BaseCookie has a terrible flaw
def _BaseCookie__set(self, K, rval, cval):
try:
super(RobustCookie, self)._BaseCookie__set(K, rval, cval)
except Cookie.CookieError:
# empty value if SimpleCookie rejects
dict.__setitem__(self, K, Cookie.Morsel())
def group_creation_resources():
yield confluent.messages.Attributes(
kv={'name': None}, desc="Name of the group").html() + '<br>'
@ -284,12 +274,10 @@ def _authorize_request(env, operation):
if element.startswith('/sessions/current/'):
element = None
if 'HTTP_COOKIE' in env:
#attempt to use the cookie. If it matches
cc = RobustCookie()
sanitized = '; '.join([x.strip().replace(' ', '_') for x in env['HTTP_COOKIE'].split(';')])
cc.load(sanitized)
if 'confluentsessionid' in cc:
sessionid = cc['confluentsessionid'].value
cidx = (env['HTTP_COOKIE']).find('confluentsessionid=')
if cidx >= 0:
sessionid = env['HTTP_COOKIE'][cidx+19:cidx+51]
sessid = sessionid
sessid = sessionid
if sessionid in httpsessions:
if _csrf_valid(env, httpsessions[sessionid]):