fix remove refresh token bug + fix sendRefreshTokenToClientAsHeader + add companion for SessionEndpoints

Author: fupelaqu

server/testkit/src/main/scala/akka/http/scaladsl/testkit/PersistenceScalatestRouteTest.scala

@@ -2,7 +2,7 @@ package akka.http.scaladsl.testkit
 
 import akka.actor.ActorSystem
 import akka.http.scaladsl.model.HttpHeader
-import akka.http.scaladsl.model.headers.{Cookie, HttpCookiePair, RawHeader}
+import akka.http.scaladsl.model.headers.{`Set-Cookie`, Cookie, HttpCookiePair, RawHeader}
 import akka.http.scaladsl.server.directives.RouteDirectives
 import akka.http.scaladsl.server.{ExceptionHandler, Route}
 import app.softnetwork.api.server.scalatest.ServerTestKit
@@ -44,6 +44,10 @@ trait PersistenceScalatestRouteTest
 
   lazy val routes: Route = mainRoutes(typedSystem())
 
+  @deprecated(
+    "this method has been replaced by extractHeaders and will be removed",
+    since = "0.3.1.1"
+  )
   def extractCookies(headers: Seq[HttpHeader]): Seq[HttpHeader] = {
     headers
       .filter(header => {
@@ -58,20 +62,48 @@ trait PersistenceScalatestRouteTest
         if (value.isEmpty) {
           Seq.empty
         } else {
-          var ret: Seq[HttpHeader] = Seq(Cookie(name, value))
-          // required for akka-http-session
-          if (name == "XSRF-TOKEN")
-            ret = ret ++ Seq(RawHeader("X-XSRF-TOKEN", value))
-          ret
+          Seq(Cookie(name, value))
         }
       })
   }
 
+  @deprecated("this method has been replaced by findHeader and will be removed", since = "0.3.1.1")
   def findCookie(name: String): HttpHeader => Option[HttpCookiePair] = {
     case Cookie(cookies) => cookies.find(_.name == name)
     case _               => None
   }
 
+  def extractHeaders(headers: Seq[HttpHeader]): Seq[HttpHeader] =
+    headers
+      .flatMap {
+        case header: `Set-Cookie` =>
+          val cookie = header.value().split("=")
+          val name = cookie.head
+          val value = cookie.tail.mkString("=").split(";").head
+          log.info(s"${header.name()}: ${header.value()}")
+          if (value.isEmpty) {
+            Seq.empty
+          } else {
+            Seq(Cookie(name, value))
+          }
+        case header: RawHeader =>
+          val name = header.name
+          val value = header.value
+          log.info(s"$name: $value")
+          if (value.isEmpty) {
+            Seq.empty
+          } else {
+            Seq(RawHeader(name, value))
+          }
+        case _ => Seq.empty
+      }
+
+  def findHeader(name: String): HttpHeader => Option[String] = {
+    case Cookie(cookies)                => cookies.find(_.name == name).map(_.value)
+    case r: RawHeader if r.name == name => Some(r.value)
+    case _                              => None
+  }
+
 }
 
 trait InMemoryPersistenceScalatestRouteTest

session/core/src/main/scala/app/softnetwork/session/persistence/typed/RefreshToken.scala

@@ -68,7 +68,6 @@ trait RefreshTokenBehavior[T <: SessionData]
             RefreshTokenRemoved(cmd.selector)
           )
           .thenRun(_ => RefreshTokenRemoved(cmd.selector) ~> replyTo)
-          .thenStop()
 
       case _: LookupRefreshToken =>
         Effect.none.thenRun(_ =>

session/core/src/main/scala/app/softnetwork/session/service/SessionEndpoints.scala

@@ -4,7 +4,6 @@ import akka.actor.typed.ActorSystem
 import app.softnetwork.session.config.Settings.Session.CookieSecret
 import app.softnetwork.session.handlers.SessionRefreshTokenDao
 import com.softwaremill.session.{
-  CsrfCheck,
   GenericOneOffCookieSessionEndpoints,
   GenericOneOffHeaderSessionEndpoints,
   GenericRefreshableCookieSessionEndpoints,
@@ -21,7 +20,7 @@ import org.softnetwork.session.model.Session
 import scala.concurrent.ExecutionContext
 
 trait SessionEndpoints extends GenericSessionEndpoints[Session] {
-  _: SessionTransportEndpoints[Session] with SessionContinuityEndpoints[Session] with CsrfCheck =>
+  _: SessionTransportEndpoints[Session] with SessionContinuityEndpoints[Session] =>
 
   import Session._
 
@@ -36,28 +35,45 @@ trait SessionEndpoints extends GenericSessionEndpoints[Session] {
     system
   )
 
+  def transport: SessionTransportEndpoints[Session] = this
+
+  def continuity: SessionContinuityEndpoints[Session] = this
 }
 
-trait OneOffCookieSessionEndpoints
+case class OneOffCookieSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints
-    with GenericOneOffCookieSessionEndpoints[Session] {
-  _: CsrfCheck =>
-}
+    with GenericOneOffCookieSessionEndpoints[Session]
 
-trait OneOffHeaderSessionEndpoints
+case class OneOffHeaderSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints
-    with GenericOneOffHeaderSessionEndpoints[Session] {
-  _: CsrfCheck =>
-}
+    with GenericOneOffHeaderSessionEndpoints[Session]
 
-trait RefreshableCookieSessionEndpoints
+case class RefreshableCookieSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints
-    with GenericRefreshableCookieSessionEndpoints[Session] {
-  _: CsrfCheck =>
-}
+    with GenericRefreshableCookieSessionEndpoints[Session]
 
-trait RefreshableHeaderSessionEndpoints
+case class RefreshableHeaderSessionEndpoints(system: ActorSystem[_], checkHeaderAndForm: Boolean)
     extends SessionEndpoints
-    with GenericRefreshableHeaderSessionEndpoints[Session] {
-  _: CsrfCheck =>
+    with GenericRefreshableHeaderSessionEndpoints[Session]
+
+object SessionEndpoints {
+  def oneOffCookie(implicit
+    system: ActorSystem[_],
+    checkHeaderAndForm: Boolean = false
+  ): SessionEndpoints = OneOffCookieSessionEndpoints(system, checkHeaderAndForm)
+
+  def oneOffHeader(implicit
+    system: ActorSystem[_],
+    checkHeaderAndForm: Boolean = false
+  ): SessionEndpoints = OneOffHeaderSessionEndpoints(system, checkHeaderAndForm)
+
+  def refreshableCookie(implicit
+    system: ActorSystem[_],
+    checkHeaderAndForm: Boolean = false
+  ): SessionEndpoints = RefreshableCookieSessionEndpoints(system, checkHeaderAndForm)
+
+  def refreshableHeader(implicit
+    system: ActorSystem[_],
+    checkHeaderAndForm: Boolean = false
+  ): SessionEndpoints = RefreshableHeaderSessionEndpoints(system, checkHeaderAndForm)
 }

session/core/src/main/scala/com/softwaremill/session/CsrfCheck.scala

@@ -9,7 +9,7 @@ import sttp.tapir.{EndpointIO, _}
 
 import scala.concurrent.{ExecutionContext, Future}
 
-trait CsrfEndpoints[T] { _: CsrfCheck =>
+trait CsrfEndpoints[T] extends CsrfCheck {
 
   import com.softwaremill.session.AkkaToTapirImplicits._
 
@@ -125,3 +125,15 @@ trait CsrfEndpoints[T] { _: CsrfCheck =>
       }
 
 }
+
+sealed trait CsrfCheck {
+  def checkHeaderAndForm: Boolean
+}
+
+trait CsrfCheckHeader extends CsrfCheck {
+  val checkHeaderAndForm: Boolean = false
+}
+
+trait CsrfCheckHeaderAndForm extends CsrfCheck {
+  val checkHeaderAndForm: Boolean = true
+}

session/core/src/main/scala/com/softwaremill/session/CsrfEndpoints.scala

@@ -7,7 +7,7 @@ import sttp.tapir.server.PartialServerEndpointWithSecurityOutput
 import scala.concurrent.Future
 
 trait GenericSessionEndpoints[T] extends CsrfEndpoints[T] {
-  _: SessionTransportEndpoints[T] with SessionContinuityEndpoints[T] with CsrfCheck =>
+  _: SessionTransportEndpoints[T] with SessionContinuityEndpoints[T] =>
 
   final def antiCsrfWithRequiredSession: PartialServerEndpointWithSecurityOutput[
     (Seq[Option[String]], Method, Option[String], Option[String]),
@@ -63,40 +63,28 @@ trait GenericSessionEndpoints[T] extends CsrfEndpoints[T] {
 
 }
 
-trait GenericCookieSessionEndpoints[T] extends GenericSessionEndpoints[T] with CookieTransportEndpoints[T] {
-  _: SessionContinuityEndpoints[T] with CsrfCheck =>
-}
-
-trait GenericHeaderSessionEndpoints[T] extends GenericSessionEndpoints[T] with HeaderTransportEndpoints[T] {
-  _: SessionContinuityEndpoints[T] with CsrfCheck =>
-}
-
 trait GenericOneOffCookieSessionEndpoints[T]
-  extends GenericCookieSessionEndpoints[T]
+    extends GenericSessionEndpoints[T]
+    with CookieTransportEndpoints[T]
     with OneOffSessionContinuity[T]
-    with OneOffSessionEndpoints[T] {
-  _: CsrfCheck =>
-}
+    with OneOffSessionEndpoints[T]
 
 trait GenericOneOffHeaderSessionEndpoints[T]
-  extends GenericHeaderSessionEndpoints[T]
+    extends GenericSessionEndpoints[T]
+    with HeaderTransportEndpoints[T]
     with OneOffSessionContinuity[T]
-    with OneOffSessionEndpoints[T] {
-  _: CsrfCheck =>
-}
+    with OneOffSessionEndpoints[T]
 
 trait GenericRefreshableCookieSessionEndpoints[T]
-  extends GenericCookieSessionEndpoints[T]
+    extends GenericSessionEndpoints[T]
+    with CookieTransportEndpoints[T]
     with RefreshableSessionContinuity[T]
     with RefreshableSessionEndpoints[T]
-    with OneOffSessionEndpoints[T] {
-  _: CsrfCheck =>
-}
+    with OneOffSessionEndpoints[T]
 
 trait GenericRefreshableHeaderSessionEndpoints[T]
-  extends GenericHeaderSessionEndpoints[T]
+    extends GenericSessionEndpoints[T]
+    with HeaderTransportEndpoints[T]
     with RefreshableSessionContinuity[T]
     with RefreshableSessionEndpoints[T]
-    with OneOffSessionEndpoints[T] {
-  _: CsrfCheck =>
-}
+    with OneOffSessionEndpoints[T]

session/core/src/main/scala/com/softwaremill/session/GenericSessionEndpoints.scala

@@ -42,7 +42,7 @@ trait RefreshableSessionEndpoints[T] extends Completion {
   }
 
   def sendRefreshTokenToClientAsHeader: EndpointIO.Header[Option[String]] = {
-    header[Option[String]](manager.config.sessionHeaderConfig.sendToClientHeaderName)
+    header[Option[String]](manager.config.refreshTokenHeaderConfig.sendToClientHeaderName)
   }
 
   private[session] def rotateToken(

session/core/src/main/scala/com/softwaremill/session/RefreshableSessionEndpoints.scala

@@ -0,0 +1,13 @@
+package app.softnetwork.session.scalatest
+
+import com.softwaremill.session.CookieConfig
+import org.scalatest.Suite
+
+trait CookieSessionTestKit extends SessionTestKit {
+  _: Suite =>
+
+  def cookieConfig: CookieConfig
+
+  final override val sessionHeaderName: String = cookieConfig.name
+
+}

session/testkit/src/main/scala/app/softnetwork/session/scalatest/CookieSessionTestKit.scala

@@ -0,0 +1,19 @@
+package app.softnetwork.session.scalatest
+
+import akka.http.scaladsl.model.headers.RawHeader
+import com.softwaremill.session.HeaderConfig
+import org.scalatest.Suite
+
+trait HeaderSessionTestKit extends SessionTestKit {
+  _: Suite =>
+
+  def headerConfig: HeaderConfig
+
+  final override val sessionHeaderName: String = headerConfig.sendToClientHeaderName
+
+  final override def mapRawHeader: RawHeader => Option[RawHeader] = raw =>
+    if (raw.name == sessionHeaderName)
+      Some(RawHeader(headerConfig.getFromClientHeaderName, raw.value))
+    else
+      Some(raw)
+}

session/testkit/src/main/scala/app/softnetwork/session/scalatest/HeaderSessionTestKit.scala

@@ -0,0 +1,15 @@
+package app.softnetwork.session.scalatest
+
+import akka.actor.typed.ActorSystem
+import app.softnetwork.session.service.SessionEndpoints
+import com.softwaremill.session.{CookieConfig, CsrfCheck}
+import org.scalatest.Suite
+
+trait OneOffCookieSessionTestKit extends CookieSessionTestKit with OneOffSessionTestKit {
+  _: Suite with CsrfCheck =>
+
+  override def cookieConfig: CookieConfig = sessionManager.config.sessionCookieConfig
+
+  override def sessionEndpoints: ActorSystem[_] => SessionEndpoints = system =>
+    SessionEndpoints.oneOffCookie(system, checkHeaderAndForm)
+}