From 723a95cc7ab4d03777cc141305bd3a090b753303 Mon Sep 17 00:00:00 2001 From: Rima Shah Date: Tue, 9 Apr 2024 10:07:13 -0600 Subject: [PATCH] added jar to save authenticated cookie --- CHANGELOG.md | 1 + traffic_ops/testing/api/v5/session_test.go | 5 +++++ traffic_ops/toclientlib/toclientlib.go | 9 +++++++++ traffic_ops/traffic_ops_golang/login/login.go | 4 ++-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index caded33850..2ce4004fa1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Updated Go version to 1.22.0 ### Fixed +- [#7984](https://github.com/apache/trafficcontrol/pull/7984) *Traffic Ops* Fixed TO Client cert authentication with respect to returning response cookie. - [#7957](https://github.com/apache/trafficcontrol/pull/7957) *Traffic Ops* Fix the incorrect display of delivery services assigned to ORG servers. - [#7917](https://github.com/apache/trafficcontrol/pull/7917) *Traffic Ops* Removed `Alerts` field from struct `ProfileExportResponse`. - [#7918](https://github.com/apache/trafficcontrol/pull/7918) *Traffic Portal* Fixed topology link under DS-Servers tables page diff --git a/traffic_ops/testing/api/v5/session_test.go b/traffic_ops/testing/api/v5/session_test.go index c30658b50a..e874c1cc2f 100644 --- a/traffic_ops/testing/api/v5/session_test.go +++ b/traffic_ops/testing/api/v5/session_test.go @@ -74,5 +74,10 @@ func TestLoginWithCert(t *testing.T) { if session == nil { t.Fatalf("expected a valid session, but got nothing") } + + _, _, err = session.GetAbout(client.RequestOptions{}) + if err != nil { + t.Fatalf("expected no error while using the client cert session to hit an authenticated endpoint, but got %v", err) + } } } diff --git a/traffic_ops/toclientlib/toclientlib.go b/traffic_ops/toclientlib/toclientlib.go index b70e71eed8..5a978e3d96 100644 --- a/traffic_ops/toclientlib/toclientlib.go +++ b/traffic_ops/toclientlib/toclientlib.go @@ -349,6 +349,14 @@ func LoginWithCert( if err != nil { return nil, nil, err } + + jar, err := cookiejar.New(&cookiejar.Options{ + PublicSuffixList: publicsuffix.List, + }) + if err != nil { + return nil, nil, errors.New("creating cookie jar: " + err.Error()) + } + to := NewClient("", "", toURL, userAgent, &http.Client{ Timeout: requestTimeout, Transport: &http.Transport{ @@ -357,6 +365,7 @@ func LoginWithCert( InsecureSkipVerify: insecure, }, }, + Jar: jar, }, apiVersions) reqInf, err := to.login() diff --git a/traffic_ops/traffic_ops_golang/login/login.go b/traffic_ops/traffic_ops_golang/login/login.go index 7e43bfbc5e..5310f9fdf8 100644 --- a/traffic_ops/traffic_ops_golang/login/login.go +++ b/traffic_ops/traffic_ops_golang/login/login.go @@ -108,7 +108,7 @@ Subject: {{.InstanceName}} Password Reset Request` + "\r\n\r" + ` `)) -func clientCertAuthentication(w http.ResponseWriter, r *http.Request, db *sqlx.DB, cfg config.Config, dbCtx context.Context, cancelTx context.CancelFunc, form auth.PasswordForm, authenticated bool) bool { +func clientCertAuthentication(w http.ResponseWriter, r *http.Request, db *sqlx.DB, cfg config.Config, dbCtx context.Context, cancelTx context.CancelFunc, form *auth.PasswordForm, authenticated bool) bool { // No certs provided by the client. Skip to form authentication if r.TLS == nil || len(r.TLS.PeerCertificates) == 0 { return false @@ -171,7 +171,7 @@ func LoginHandler(db *sqlx.DB, cfg config.Config) http.HandlerFunc { // Attempt to perform client certificate authentication. If fails, goto standard form auth. If the // certificate was verified, has a UID, and the UID matches an existing user we consider this to // be a successful login. - authenticated = clientCertAuthentication(w, r, db, cfg, dbCtx, cancelTx, form, authenticated) + authenticated = clientCertAuthentication(w, r, db, cfg, dbCtx, cancelTx, &form, authenticated) // Failed certificate-based auth, perform standard form auth if !authenticated {