From 40b235e16bab67c512dc85daf6cf4e88798722ae Mon Sep 17 00:00:00 2001
From: Adam Crownoble <adam.crownoble@biola.edu>
Date: Wed, 12 Jun 2013 17:35:23 -0700
Subject: [PATCH] Allow cookie options to be set in config

Cookie options like domain, path, max_age, secure and httponly
can now be set in config.yml
---
 config/config.example.yml      | 9 +++++++++
 lib/casserver/server.rb        | 3 ++-
 spec/casserver_spec.rb         | 1 +
 spec/config/default_config.yml | 3 +++
 4 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/config/config.example.yml b/config/config.example.yml
index f49c5211..a553f5af 100644
--- a/config/config.example.yml
+++ b/config/config.example.yml
@@ -524,6 +524,15 @@ log:
 
 #maximum_session_lifetime: 172800
 
+# Set custom cookie parameters such as max-age or secure
+
+#cookie_options:
+#  domain:
+#  path:
+#  max_age:
+#  expires:
+#  secure:
+#  httponly:
 
 # If you want the usernames entered on the login page to be automatically
 # downcased (converted to lowercase), enable the following option. When this
diff --git a/lib/casserver/server.rb b/lib/casserver/server.rb
index 3b87c012..c289a08b 100644
--- a/lib/casserver/server.rb
+++ b/lib/casserver/server.rb
@@ -459,7 +459,8 @@ def self.init_database!
 
           # 3.6 (ticket-granting cookie)
           tgt = generate_ticket_granting_ticket(@username, extra_attributes)
-          response.set_cookie('tgt', tgt.to_s)
+          cookie_options = (settings.config[:cookie_options] || {}).symbolize_keys
+          response.set_cookie('tgt', cookie_options.merge(:value => tgt.to_s))
 
           $LOG.debug("Ticket granting cookie '#{tgt.inspect}' granted to #{@username.inspect}")
 
diff --git a/spec/casserver_spec.rb b/spec/casserver_spec.rb
index b8860b82..99a69b12 100644
--- a/spec/casserver_spec.rb
+++ b/spec/casserver_spec.rb
@@ -34,6 +34,7 @@
       click_button 'login-submit'
 
       page.should have_content("You have successfully logged in")
+      Capybara.current_session.driver.response.headers['Set-Cookie'].should match 'path=/'
     end
 
     it "fails to log in with invalid password" do
diff --git a/spec/config/default_config.yml b/spec/config/default_config.yml
index 90a83914..db2125c1 100644
--- a/spec/config/default_config.yml
+++ b/spec/config/default_config.yml
@@ -47,6 +47,9 @@ enable_single_sign_out: true
 
 #maximum_session_lifetime: 172800
 
+cookie_options:
+  path: "/"
+
 #downcase_username: true
 
 allowed_service_ips: