actix / actix-extras
1
use std::{collections::HashMap, iter, rc::Rc};
2

3
use actix::prelude::*;
4
use actix_service::{Service, Transform};
5
use actix_session::{Session, SessionStatus};
6
use actix_web::cookie::{Cookie, CookieJar, Key, SameSite};
7
use actix_web::dev::{ServiceRequest, ServiceResponse};
8
use actix_web::http::header::{self, HeaderValue};
9
use actix_web::{error, Error, HttpMessage};
10
use futures_core::future::LocalBoxFuture;
11
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng};
12
use redis_async::resp::RespValue;
13
use redis_async::resp_array;
14
use time::{self, Duration, OffsetDateTime};
15

16
use crate::redis::{Command, RedisActor};
17

18
/// Use redis as session storage.
19
///
20
/// You need to pass an address of the redis server and random value to the
21
/// constructor of `RedisSession`. This is private key for cookie
22
/// session, When this value is changed, all session data is lost.
23
///
24
/// Constructor panics if key length is less than 32 bytes.
25
pub struct RedisSession(Rc<Inner>);
26

27
impl RedisSession {
28
    /// Create new redis session backend
29
    ///
30
    /// * `addr` - address of the redis server
31 1
    pub fn new<S: Into<String>>(addr: S, key: &[u8]) -> RedisSession {
32 1
        RedisSession(Rc::new(Inner {
33 1
            key: Key::derive_from(key),
34 1
            cache_keygen: Box::new(|key: &str| format!("session:{}", &key)),
35 1
            ttl: "7200".to_owned(),
36 1
            addr: RedisActor::start(addr),
37 1
            name: "actix-session".to_owned(),
38 1
            path: "/".to_owned(),
39 1
            domain: None,
40 0
            secure: false,
41 1
            max_age: Some(Duration::days(7)),
42 0
            same_site: None,
43 0
            http_only: true,
44
        }))
45
    }
46

47
    /// Set time to live in seconds for session value.
48 0
    pub fn ttl(mut self, ttl: u32) -> Self {
49 0
        Rc::get_mut(&mut self.0).unwrap().ttl = format!("{}", ttl);
50 0
        self
51
    }
52

53
    /// Set custom cookie name for session ID.
54 1
    pub fn cookie_name(mut self, name: &str) -> Self {
55 1
        Rc::get_mut(&mut self.0).unwrap().name = name.to_owned();
56 1
        self
57
    }
58

59
    /// Set custom cookie path.
60 0
    pub fn cookie_path(mut self, path: &str) -> Self {
61 0
        Rc::get_mut(&mut self.0).unwrap().path = path.to_owned();
62 0
        self
63
    }
64

65
    /// Set custom cookie domain.
66 0
    pub fn cookie_domain(mut self, domain: &str) -> Self {
67 0
        Rc::get_mut(&mut self.0).unwrap().domain = Some(domain.to_owned());
68 0
        self
69
    }
70

71
    /// Set custom cookie secure.
72
    ///
73
    /// If the `secure` field is set, a cookie will only be transmitted when the
74
    /// connection is secure - i.e. `https`.
75
    ///
76
    /// Default is false.
77 0
    pub fn cookie_secure(mut self, secure: bool) -> Self {
78 0
        Rc::get_mut(&mut self.0).unwrap().secure = secure;
79 0
        self
80
    }
81

82
    /// Set custom cookie max-age.
83
    ///
84
    /// Use `None` for session-only cookies.
85 1
    pub fn cookie_max_age(mut self, max_age: impl Into<Option<Duration>>) -> Self {
86 1
        Rc::get_mut(&mut self.0).unwrap().max_age = max_age.into();
87 1
        self
88
    }
89

90
    /// Set custom cookie `SameSite` attribute.
91
    ///
92
    /// By default, the attribute is omitted.
93 0
    pub fn cookie_same_site(mut self, same_site: SameSite) -> Self {
94 0
        Rc::get_mut(&mut self.0).unwrap().same_site = Some(same_site);
95 0
        self
96
    }
97

98
    /// Set custom cookie `HttpOnly` policy.
99
    ///
100
    /// Default is true.
101 0
    pub fn cookie_http_only(mut self, http_only: bool) -> Self {
102 0
        Rc::get_mut(&mut self.0).unwrap().http_only = http_only;
103 0
        self
104
    }
105

106
    /// Set a custom cache key generation strategy, expecting session key as input.
107 0
    pub fn cache_keygen(mut self, keygen: Box<dyn Fn(&str) -> String>) -> Self {
108 0
        Rc::get_mut(&mut self.0).unwrap().cache_keygen = keygen;
109 0
        self
110
    }
111
}
112

113
impl<S, B> Transform<S, ServiceRequest> for RedisSession
114
where
115
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
116
    S::Future: 'static,
117
    B: 'static,
118
{
119
    type Response = ServiceResponse<B>;
120
    type Error = S::Error;
121
    type Transform = RedisSessionMiddleware<S>;
122
    type InitError = ();
123
    type Future = LocalBoxFuture<'static, Result<Self::Transform, Self::InitError>>;
124

125 1
    fn new_transform(&self, service: S) -> Self::Future {
126 1
        let inner = self.0.clone();
127 1
        Box::pin(async {
128 1
            Ok(RedisSessionMiddleware {
129 1
                service: Rc::new(service),
130 1
                inner,
131
            })
132
        })
133
    }
134
}
135

136
/// Cookie session middleware
137
pub struct RedisSessionMiddleware<S: 'static> {
138
    service: Rc<S>,
139
    inner: Rc<Inner>,
140
}
141

142
impl<S, B> Service<ServiceRequest> for RedisSessionMiddleware<S>
143
where
144
    S: Service<ServiceRequest, Response = ServiceResponse<B>, Error = Error> + 'static,
145
    S::Future: 'static,
146
    B: 'static,
147
{
148
    type Response = ServiceResponse<B>;
149
    type Error = Error;
150
    type Future = LocalBoxFuture<'static, Result<Self::Response, Self::Error>>;
151

152
    actix_service::forward_ready!(service);
153

154 1
    fn call(&self, mut req: ServiceRequest) -> Self::Future {
155 1
        let srv = Rc::clone(&self.service);
156 1
        let inner = Rc::clone(&self.inner);
157

158 1
        Box::pin(async move {
159 1
            let state = inner.load(&req).await?;
160 1
            let value = if let Some((state, value)) = state {
161 1
                Session::set_session(state, &mut req);
162 1
                Some(value)
163
            } else {
164 1
                None
165
            };
166

167 1
            let mut res = srv.call(req).await?;
168

169 1
            match Session::get_changes(&mut res) {
170 1
                (SessionStatus::Unchanged, None) => Ok(res),
171 1
                (SessionStatus::Unchanged, Some(state)) => {
172 1
                    if value.is_none() {
173
                        // implies the session is new
174 1
                        inner.update(res, state, value).await
175
                    } else {
176 1
                        Ok(res)
177
                    }
178
                }
179 1
                (SessionStatus::Changed, Some(state)) => {
180 1
                    inner.update(res, state, value).await
181
                }
182 1
                (SessionStatus::Purged, Some(_)) => {
183 1
                    if let Some(val) = value {
184 1
                        inner.clear_cache(val).await?;
185 1
                        match inner.remove_cookie(&mut res) {
186 1
                            Ok(_) => Ok(res),
187 0
                            Err(_err) => Err(error::ErrorInternalServerError(_err)),
188
                        }
189
                    } else {
190 0
                        Err(error::ErrorInternalServerError("unexpected"))
191
                    }
192
                }
193 1
                (SessionStatus::Renewed, Some(state)) => {
194 1
                    if let Some(val) = value {
195 1
                        inner.clear_cache(val).await?;
196 1
                        inner.update(res, state, None).await
197
                    } else {
198 0
                        inner.update(res, state, None).await
199
                    }
200
                }
201 0
                (_, None) => unreachable!(),
202
            }
203
        })
204
    }
205
}
206

207
struct Inner {
208
    key: Key,
209
    cache_keygen: Box<dyn Fn(&str) -> String>,
210
    ttl: String,
211
    addr: Addr<RedisActor>,
212
    name: String,
213
    path: String,
214
    domain: Option<String>,
215
    secure: bool,
216
    max_age: Option<Duration>,
217
    same_site: Option<SameSite>,
218
    http_only: bool,
219
}
220

221
impl Inner {
222 1
    async fn load(
223
        &self,
224
        req: &ServiceRequest,
225
    ) -> Result<Option<(HashMap<String, String>, String)>, Error> {
226
        // wrapped in block to avoid holding `Ref` (from `req.cookies`) across await point
227 1
        let (value, cache_key) = {
228 1
            let cookies = if let Ok(cookies) = req.cookies() {
229 1
                cookies
230
            } else {
231 0
                return Ok(None);
232
            };
233

234 1
            if let Some(cookie) =
235 0
                cookies.iter().find(|&cookie| cookie.name() == self.name)
236
            {
237 1
                let mut jar = CookieJar::new();
238 1
                jar.add_original(cookie.clone());
239

240 1
                if let Some(cookie) = jar.signed(&self.key).get(&self.name) {
241 1
                    let value = cookie.value().to_owned();
242 1
                    let cache_key = (self.cache_keygen)(&cookie.value());
243 1
                    (value, cache_key)
244
                } else {
245 0
                    return Ok(None);
246
                }
247
            } else {
248 1
                return Ok(None);
249
            }
250
        };
251

252 1
        let val = self
253 0
            .addr
254 1
            .send(Command(resp_array!["GET", cache_key]))
255 0
            .await
256 1
            .map_err(error::ErrorInternalServerError)?
257 1
            .map_err(error::ErrorInternalServerError)?;
258

259 1
        match val {
260 1
            RespValue::Error(err) => {
261 0
                return Err(error::ErrorInternalServerError(err));
262
            }
263 0
            RespValue::SimpleString(s) => {
264 0
                if let Ok(val) = serde_json::from_str(&s) {
265 0
                    return Ok(Some((val, value)));
266
                }
267
            }
268 1
            RespValue::BulkString(s) => {
269 1
                if let Ok(val) = serde_json::from_slice(&s) {
270 1
                    return Ok(Some((val, value)));
271
                }
272
            }
273 0
            _ => {}
274
        }
275

276 1
        Ok(None)
277
    }
278

279 1
    async fn update<B>(
280
        &self,
281
        mut res: ServiceResponse<B>,
282
        state: impl Iterator<Item = (String, String)>,
283
        value: Option<String>,
284
    ) -> Result<ServiceResponse<B>, Error> {
285 1
        let (value, jar) = if let Some(value) = value {
286 1
            (value, None)
287
        } else {
288 1
            let value = iter::repeat(())
289 1
                .map(|()| OsRng.sample(Alphanumeric))
290
                .take(32)
291
                .collect::<Vec<_>>();
292 1
            let value = String::from_utf8(value).unwrap_or_default();
293

294
            // prepare session id cookie
295 1
            let mut cookie = Cookie::new(self.name.clone(), value.clone());
296 1
            cookie.set_path(self.path.clone());
297 1
            cookie.set_secure(self.secure);
298 1
            cookie.set_http_only(self.http_only);
299

300 1
            if let Some(ref domain) = self.domain {
301 0
                cookie.set_domain(domain.clone());
302
            }
303

304 1
            if let Some(max_age) = self.max_age {
305 1
                cookie.set_max_age(max_age);
306
            }
307

308 1
            if let Some(same_site) = self.same_site {
309 0
                cookie.set_same_site(same_site);
310
            }
311

312
            // set cookie
313 1
            let mut jar = CookieJar::new();
314 1
            jar.signed(&self.key).add(cookie);
315

316 1
            (value, Some(jar))
317
        };
318

319 1
        let cache_key = (self.cache_keygen)(&value);
320

321 1
        let state: HashMap<_, _> = state.collect();
322

323 1
        let body = match serde_json::to_string(&state) {
324 1
            Err(e) => return Err(e.into()),
325 1
            Ok(body) => body,
326
        };
327

328 1
        let cmd = Command(resp_array!["SET", cache_key, body, "EX", &self.ttl]);
329

330 1
        self.addr
331 1
            .send(cmd)
332 0
            .await
333 1
            .map_err(error::ErrorInternalServerError)?
334 1
            .map_err(error::ErrorInternalServerError)?;
335

336 1
        if let Some(jar) = jar {
337 1
            for cookie in jar.delta() {
338 1
                let val = HeaderValue::from_str(&cookie.to_string())?;
339 1
                res.headers_mut().append(header::SET_COOKIE, val);
340
            }
341
        }
342

343 1
        Ok(res)
344
    }
345

346
    /// removes cache entry
347 1
    async fn clear_cache(&self, key: String) -> Result<(), Error> {
348 1
        let cache_key = (self.cache_keygen)(&key);
349

350 1
        let res = self
351 0
            .addr
352 1
            .send(Command(resp_array!["DEL", cache_key]))
353 0
            .await
354 1
            .map_err(error::ErrorInternalServerError)?;
355

356 1
        match res {
357
            // redis responds with number of deleted records
358 1
            Ok(RespValue::Integer(x)) if x > 0 => Ok(()),
359 0
            _ => Err(error::ErrorInternalServerError(
360 0
                "failed to remove session from cache",
361
            )),
362
        }
363
    }
364

365
    /// invalidates session cookie
366 1
    fn remove_cookie<B>(&self, res: &mut ServiceResponse<B>) -> Result<(), Error> {
367 1
        let mut cookie = Cookie::named(self.name.clone());
368 1
        cookie.set_value("");
369 1
        cookie.set_max_age(Duration::zero());
370 1
        cookie.set_expires(OffsetDateTime::now_utc() - Duration::days(365));
371

372 1
        let val = HeaderValue::from_str(&cookie.to_string())
373 1
            .map_err(error::ErrorInternalServerError)?;
374 1
        res.headers_mut().append(header::SET_COOKIE, val);
375

376 1
        Ok(())
377
    }
378
}
379

380
#[cfg(test)]
381
mod test {
382
    use super::*;
383
    use actix_session::Session;
384
    use actix_web::{
385
        middleware, test, web,
386
        web::{get, post, resource},
387
        App, HttpResponse, Result,
388
    };
389
    use serde::{Deserialize, Serialize};
390
    use serde_json::json;
391

392
    #[derive(Serialize, Deserialize, Debug, PartialEq)]
393
    pub struct IndexResponse {
394
        user_id: Option<String>,
395
        counter: i32,
396
    }
397

398 1
    async fn index(session: Session) -> Result<HttpResponse> {
399 1
        let user_id: Option<String> = session.get::<String>("user_id").unwrap();
400 1
        let counter: i32 = session
401
            .get::<i32>("counter")
402 1
            .unwrap_or(Some(0))
403
            .unwrap_or(0);
404

405 1
        Ok(HttpResponse::Ok().json(&IndexResponse { user_id, counter }))
406
    }
407

408 1
    async fn do_something(session: Session) -> Result<HttpResponse> {
409 1
        let user_id: Option<String> = session.get::<String>("user_id").unwrap();
410 1
        let counter: i32 = session
411
            .get::<i32>("counter")
412 1
            .unwrap_or(Some(0))
413 1
            .map_or(1, |inner| inner + 1);
414 1
        session.set("counter", counter)?;
415

416 1
        Ok(HttpResponse::Ok().json(&IndexResponse { user_id, counter }))
417
    }
418

419
    #[derive(Deserialize)]
420
    struct Identity {
421
        user_id: String,
422
    }
423

424 1
    async fn login(
425
        user_id: web::Json<Identity>,
426
        session: Session,
427
    ) -> Result<HttpResponse> {
428 1
        let id = user_id.into_inner().user_id;
429 1
        session.set("user_id", &id)?;
430 1
        session.renew();
431

432 1
        let counter: i32 = session
433
            .get::<i32>("counter")
434 1
            .unwrap_or(Some(0))
435
            .unwrap_or(0);
436

437 1
        Ok(HttpResponse::Ok().json(&IndexResponse {
438 1
            user_id: Some(id),
439
            counter,
440
        }))
441
    }
442

443 1
    async fn logout(session: Session) -> Result<HttpResponse> {
444 1
        let id: Option<String> = session.get("user_id")?;
445 1
        if let Some(x) = id {
446 1
            session.purge();
447 1
            Ok(format!("Logged out: {}", x).into())
448
        } else {
449 0
            Ok("Could not log out anonymous user".into())
450
        }
451
    }
452

453 1
    #[actix_rt::test]
454 1
    async fn test_session_workflow() {
455
        // Step 1:  GET index
456
        //   - set-cookie actix-session will be in response (session cookie #1)
457
        //   - response should be: {"counter": 0, "user_id": None}
458
        //   - cookie should have default max-age of 7 days
459
        // Step 2:  GET index, including session cookie #1 in request
460
        //   - set-cookie will *not* be in response
461
        //   - response should be: {"counter": 0, "user_id": None}
462
        // Step 3: POST to do_something, including session cookie #1 in request
463
        //   - adds new session state in redis:  {"counter": 1}
464
        //   - response should be: {"counter": 1, "user_id": None}
465
        // Step 4: POST again to do_something, including session cookie #1 in request
466
        //   - updates session state in redis:  {"counter": 2}
467
        //   - response should be: {"counter": 2, "user_id": None}
468
        // Step 5: POST to login, including session cookie #1 in request
469
        //   - set-cookie actix-session will be in response  (session cookie #2)
470
        //   - updates session state in redis: {"counter": 2, "user_id": "ferris"}
471
        // Step 6: GET index, including session cookie #2 in request
472
        //   - response should be: {"counter": 2, "user_id": "ferris"}
473
        // Step 7: POST again to do_something, including session cookie #2 in request
474
        //   - updates session state in redis: {"counter": 3, "user_id": "ferris"}
475
        //   - response should be: {"counter": 2, "user_id": None}
476
        // Step 8: GET index, including session cookie #1 in request
477
        //   - set-cookie actix-session will be in response (session cookie #3)
478
        //   - response should be: {"counter": 0, "user_id": None}
479
        // Step 9: POST to logout, including session cookie #2
480
        //   - set-cookie actix-session will be in response with session cookie #2
481
        //     invalidation logic
482
        // Step 10: GET index, including session cookie #2 in request
483
        //   - set-cookie actix-session will be in response (session cookie #3)
484
        //   - response should be: {"counter": 0, "user_id": None}
485

486 1
        let srv = test::start(|| {
487 1
            App::new()
488
                .wrap(
489 1
                    RedisSession::new("127.0.0.1:6379", &[0; 32])
490
                        .cookie_name("test-session"),
491
                )
492 1
                .wrap(middleware::Logger::default())
493 1
                .service(resource("/").route(get().to(index)))
494 1
                .service(resource("/do_something").route(post().to(do_something)))
495 1
                .service(resource("/login").route(post().to(login)))
496 1
                .service(resource("/logout").route(post().to(logout)))
497
        });
498

499
        // Step 1:  GET index
500
        //   - set-cookie actix-session will be in response (session cookie #1)
501
        //   - response should be: {"counter": 0, "user_id": None}
502 1
        let req_1a = srv.get("/").send();
503 1
        let mut resp_1 = req_1a.await.unwrap();
504 1
        let cookie_1 = resp_1
505
            .cookies()
506
            .unwrap()
507
            .clone()
508
            .into_iter()
509 1
            .find(|c| c.name() == "test-session")
510
            .unwrap();
511 1
        let result_1 = resp_1.json::<IndexResponse>().await.unwrap();
512 1
        assert_eq!(
513
            result_1,
514
            IndexResponse {
515
                user_id: None,
516
                counter: 0
517
            }
518
        );
519 1
        assert_eq!(cookie_1.max_age(), Some(Duration::days(7)));
520

521
        // Step 2:  GET index, including session cookie #1 in request
522
        //   - set-cookie will *not* be in response
523
        //   - response should be: {"counter": 0, "user_id": None}
524 1
        let req_2 = srv.get("/").cookie(cookie_1.clone()).send();
525 1
        let resp_2 = req_2.await.unwrap();
526 1
        let cookie_2 = resp_2
527
            .cookies()
528
            .unwrap()
529
            .clone()
530
            .into_iter()
531 1
            .find(|c| c.name() == "test-session");
532 1
        assert_eq!(cookie_2, None);
533

534
        // Step 3: POST to do_something, including session cookie #1 in request
535
        //   - adds new session state in redis:  {"counter": 1}
536
        //   - response should be: {"counter": 1, "user_id": None}
537 1
        let req_3 = srv.post("/do_something").cookie(cookie_1.clone()).send();
538 1
        let mut resp_3 = req_3.await.unwrap();
539 1
        let result_3 = resp_3.json::<IndexResponse>().await.unwrap();
540 1
        assert_eq!(
541
            result_3,
542
            IndexResponse {
543
                user_id: None,
544
                counter: 1
545
            }
546
        );
547

548
        // Step 4: POST again to do_something, including session cookie #1 in request
549
        //   - updates session state in redis:  {"counter": 2}
550
        //   - response should be: {"counter": 2, "user_id": None}
551 1
        let req_4 = srv.post("/do_something").cookie(cookie_1.clone()).send();
552 1
        let mut resp_4 = req_4.await.unwrap();
553 1
        let result_4 = resp_4.json::<IndexResponse>().await.unwrap();
554 1
        assert_eq!(
555
            result_4,
556
            IndexResponse {
557
                user_id: None,
558
                counter: 2
559
            }
560
        );
561

562
        // Step 5: POST to login, including session cookie #1 in request
563
        //   - set-cookie actix-session will be in response  (session cookie #2)
564
        //   - updates session state in redis: {"counter": 2, "user_id": "ferris"}
565 1
        let req_5 = srv
566
            .post("/login")
567 1
            .cookie(cookie_1.clone())
568 1
            .send_json(&json!({"user_id": "ferris"}));
569 1
        let mut resp_5 = req_5.await.unwrap();
570 1
        let cookie_2 = resp_5
571
            .cookies()
572
            .unwrap()
573
            .clone()
574
            .into_iter()
575 1
            .find(|c| c.name() == "test-session")
576
            .unwrap();
577 1
        assert_ne!(cookie_1.value(), cookie_2.value());
578

579 1
        let result_5 = resp_5.json::<IndexResponse>().await.unwrap();
580 1
        assert_eq!(
581
            result_5,
582 1
            IndexResponse {
583 1
                user_id: Some("ferris".into()),
584
                counter: 2
585
            }
586
        );
587

588
        // Step 6: GET index, including session cookie #2 in request
589
        //   - response should be: {"counter": 2, "user_id": "ferris"}
590 1
        let req_6 = srv.get("/").cookie(cookie_2.clone()).send();
591 1
        let mut resp_6 = req_6.await.unwrap();
592 1
        let result_6 = resp_6.json::<IndexResponse>().await.unwrap();
593 1
        assert_eq!(
594
            result_6,
595 1
            IndexResponse {
596 1
                user_id: Some("ferris".into()),
597
                counter: 2
598
            }
599
        );
600

601
        // Step 7: POST again to do_something, including session cookie #2 in request
602
        //   - updates session state in redis: {"counter": 3, "user_id": "ferris"}
603
        //   - response should be: {"counter": 2, "user_id": None}
604 1
        let req_7 = srv.post("/do_something").cookie(cookie_2.clone()).send();
605 1
        let mut resp_7 = req_7.await.unwrap();
606 1
        let result_7 = resp_7.json::<IndexResponse>().await.unwrap();
607 1
        assert_eq!(
608
            result_7,
609 1
            IndexResponse {
610 1
                user_id: Some("ferris".into()),
611
                counter: 3
612
            }
613
        );
614

615
        // Step 8: GET index, including session cookie #1 in request
616
        //   - set-cookie actix-session will be in response (session cookie #3)
617
        //   - response should be: {"counter": 0, "user_id": None}
618 1
        let req_8 = srv.get("/").cookie(cookie_1.clone()).send();
619 1
        let mut resp_8 = req_8.await.unwrap();
620 1
        let cookie_3 = resp_8
621
            .cookies()
622
            .unwrap()
623
            .clone()
624
            .into_iter()
625 1
            .find(|c| c.name() == "test-session")
626
            .unwrap();
627 1
        let result_8 = resp_8.json::<IndexResponse>().await.unwrap();
628 1
        assert_eq!(
629
            result_8,
630
            IndexResponse {
631
                user_id: None,
632
                counter: 0
633
            }
634
        );
635 1
        assert_ne!(cookie_3.value(), cookie_2.value());
636

637
        // Step 9: POST to logout, including session cookie #2
638
        //   - set-cookie actix-session will be in response with session cookie #2
639
        //     invalidation logic
640 1
        let req_9 = srv.post("/logout").cookie(cookie_2.clone()).send();
641 1
        let resp_9 = req_9.await.unwrap();
642 1
        let cookie_4 = resp_9
643
            .cookies()
644
            .unwrap()
645
            .clone()
646
            .into_iter()
647 1
            .find(|c| c.name() == "test-session")
648
            .unwrap();
649 1
        assert_ne!(
650 1
            OffsetDateTime::now_utc().year(),
651 1
            cookie_4.expires().map(|t| t.year()).unwrap()
652
        );
653

654
        // Step 10: GET index, including session cookie #2 in request
655
        //   - set-cookie actix-session will be in response (session cookie #3)
656
        //   - response should be: {"counter": 0, "user_id": None}
657 1
        let req_10 = srv.get("/").cookie(cookie_2.clone()).send();
658 1
        let mut resp_10 = req_10.await.unwrap();
659 1
        let result_10 = resp_10.json::<IndexResponse>().await.unwrap();
660 1
        assert_eq!(
661
            result_10,
662
            IndexResponse {
663
                user_id: None,
664
                counter: 0
665
            }
666
        );
667

668 1
        let cookie_5 = resp_10
669
            .cookies()
670
            .unwrap()
671
            .clone()
672
            .into_iter()
673 1
            .find(|c| c.name() == "test-session")
674
            .unwrap();
675 1
        assert_ne!(cookie_5.value(), cookie_2.value());
676
    }
677

678 1
    #[actix_rt::test]
679 1
    async fn test_max_age_session_only() {
680
        //
681
        // Test that removing max_age results in a session-only cookie
682
        //
683 1
        let srv = test::start(|| {
684 1
            App::new()
685
                .wrap(
686 1
                    RedisSession::new("127.0.0.1:6379", &[0; 32])
687
                        .cookie_name("test-session")
688 1
                        .cookie_max_age(None),
689
                )
690 1
                .wrap(middleware::Logger::default())
691 1
                .service(resource("/").route(get().to(index)))
692
        });
693

694 1
        let req = srv.get("/").send();
695 1
        let resp = req.await.unwrap();
696 1
        let cookie = resp
697
            .cookies()
698
            .unwrap()
699
            .clone()
700
            .into_iter()
701 1
            .find(|c| c.name() == "test-session")
702
            .unwrap();
703

704 1
        assert_eq!(cookie.max_age(), None);
705
    }
706
}

Read our documentation on viewing source code .

Loading