From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <pdm-devel-bounces@lists.proxmox.com> Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id E86251FF168 for <inbox@lore.proxmox.com>; Tue, 4 Mar 2025 15:43:16 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9403D21B0; Tue, 4 Mar 2025 15:43:11 +0100 (CET) From: Shannon Sterz <s.sterz@proxmox.com> To: pdm-devel@lists.proxmox.com Date: Tue, 4 Mar 2025 15:42:41 +0100 Message-Id: <20250304144247.231089-16-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250304144247.231089-1-s.sterz@proxmox.com> References: <20250304144247.231089-1-s.sterz@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.013 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pdm-devel] [PATCH proxmox v5 15/21] login: add functions to specify full cookie names X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion <pdm-devel.lists.proxmox.com> List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pdm-devel>, <mailto:pdm-devel-request@lists.proxmox.com?subject=unsubscribe> List-Archive: <http://lists.proxmox.com/pipermail/pdm-devel/> List-Post: <mailto:pdm-devel@lists.proxmox.com> List-Help: <mailto:pdm-devel-request@lists.proxmox.com?subject=help> List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel>, <mailto:pdm-devel-request@lists.proxmox.com?subject=subscribe> Reply-To: Proxmox Datacenter Manager development discussion <pdm-devel@lists.proxmox.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" <pdm-devel-bounces@lists.proxmox.com> previously the name in which the ticket was send was derived by the product abbreviation in the ticket itself. the assumption was that authentication cookies would always have a name like this: `<PRODUCT_ABBREVIATION>AuthCookie`. this commit adds helpers that allow specifying the cookie's name by users of this crate. Signed-off-by: Shannon Sterz <s.sterz@proxmox.com> --- proxmox-login/src/ticket.rs | 47 ++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/proxmox-login/src/ticket.rs b/proxmox-login/src/ticket.rs index dc70f913..4b28f26e 100644 --- a/proxmox-login/src/ticket.rs +++ b/proxmox-login/src/ticket.rs @@ -104,6 +104,10 @@ impl Ticket { pub fn cookie(&self) -> String { format!("{}AuthCookie={}", self.product(), self.data) } + + pub fn cookie_with_name(&self, name: &str) -> String { + format!("{name}={}", self.data) + } } /// Whether a ticket should be refreshed or is already invalid and needs to be completely renewed. @@ -239,19 +243,50 @@ impl Authentication { self.ticket.cookie() } + /// Get the ticket cookie in the form `<name>Ticket`. + pub fn cookie_with_name(&self, name: &str) -> String { + self.ticket.cookie_with_name(name) + } + #[cfg(feature = "http")] /// Add authentication headers to a request. /// /// This is equivalent to doing: /// ```ignore - /// request - /// .header(http::header::COOKIE, auth.cookie()) - /// .header(proxmox_login::CSRF_HEADER_NAME, &auth.csrfprevention_token) + /// let request = if self.ticket.is_info_only() { + /// request + /// } else { + /// request.header(http::header::COOKIE, self.cookie()) + /// }; + /// request.header(crate::CSRF_HEADER_NAME, &self.csrfprevention_token) /// ``` pub fn set_auth_headers(&self, request: http::request::Builder) -> http::request::Builder { - request - .header(http::header::COOKIE, self.cookie()) - .header(crate::CSRF_HEADER_NAME, &self.csrfprevention_token) + let request = if self.ticket.is_info_only() { + // don't set the cookie header if we don't have access to a full ticket + request + } else { + request.header(http::header::COOKIE, self.cookie()) + }; + + request.header(crate::CSRF_HEADER_NAME, &self.csrfprevention_token) + } + + #[cfg(feature = "http")] + /// Add authentication headers to a request and specify the name of the cookie in which the + /// ticket is set. + pub fn set_auth_headers_with_cookie_name( + &self, + request: http::request::Builder, + name: &str, + ) -> http::request::Builder { + let request = if self.ticket.is_info_only() { + // don't set the cookie header if we don't have access to a full ticket + request + } else { + request.header(http::header::COOKIE, self.cookie_with_name(name)) + }; + + request.header(crate::CSRF_HEADER_NAME, &self.csrfprevention_token) } } -- 2.39.5 _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel