Fix cookie/session support in Nano 9 (#245)

glynnbird · robman87 · Robert Michalski · web-flow · commit 9f2ae36a3e4b · 2021-01-06T09:48:22.000Z
* Save authentication cookie after calling nano.auth nano.auth has no effect if session cookie is not saved correctly so it can be reused in next request. * Add closing ) * Comply with coding standard * Comply with coding standard, added missing space after function * Check that cookie is set after calling nano.auth in test case. * Wrap in promise * alternative to pr #242 using toughcookie library for axios Co-authored-by: Robert Michalski <robmi87@gmail.com> Co-authored-by: Robert Michalski <robert@surveylegend.com> Co-authored-by: Glynn Bird <glynnbird@apache.org>
diff --git a/lib/nano.js b/lib/nano.js
@@ -14,6 +14,10 @@ const { URL } = require('url')
 const assert = require('assert')
 const querystring = require('qs')
 const axios = require('axios').default
+const axiosCookieJarSupport = require('axios-cookiejar-support').default
+const tough = require('tough-cookie')
+axiosCookieJarSupport(axios)
+const cookieJar = new tough.CookieJar()
 const stream = require('stream')
 const http = require('http')
 const https = require('https')
@@ -223,7 +227,8 @@ module.exports = exports = function dbScope (cfg) {
     const isJar = opts.jar || cfg.jar
 
     if (isJar) {
-      req.jar = isJar
+      req.jar = cookieJar
+      req.withCredentials = true
     }
 
     // http://wiki.apache.org/couchdb/HTTP_database_API#Naming_and_Addressing
@@ -312,6 +317,7 @@ module.exports = exports = function dbScope (cfg) {
     req.qsStringifyOptions = { arrayFormat: 'repeat' }
 
     log(req)
+    cfg.cookies = cookieJar.getCookiesSync(cfg.url)
 
     // This where the HTTP request is made.
     // Nano used to use the now-deprecated "request" library but now we're going to
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,7 +18,9 @@
   ],
   "dependencies": {
     "axios": "^0.21.0",
-    "qs": "^6.9.4"
+    "axios-cookiejar-support": "^1.0.1",
+    "qs": "^6.9.4",
+    "tough-cookie": "^4.0.0"
   },
   "devDependencies": {
     "@types/node": "^14.14.6",
diff --git a/test/nano.auth.test.js b/test/nano.auth.test.js
@@ -12,7 +12,7 @@
 
 const Nano = require('..')
 const COUCH_URL = 'http://localhost:5984'
-const nano = Nano(COUCH_URL)
+const nano = Nano({ url: COUCH_URL, jar: true })
 const nock = require('nock')
 
 afterEach(() => {
@@ -24,12 +24,19 @@ test('should be able to authenticate - POST /_session - nano.auth', async () =>
   const username = 'u'
   const password = 'p'
   const response = { ok: true, name: 'admin', roles: ['_admin', 'admin'] }
+  const authsession = 'AuthSession=YWRtaW46NUU0MTFBMDE6stHsxYnlDy4mYxwZEcnXHn4fm5w;'
+  const cookie = authsession + ' Version=1; Expires=Mon, 10-Feb-2050 09:03:21 GMT; Max-Age=600; Path=/; HttpOnly'
   const scope = nock(COUCH_URL)
     .post('/_session', 'name=u&password=p', { 'content-type': 'application/x-www-form-urlencoded; charset=utf-8' })
-    .reply(200, response, { 'Set-Cookie': 'AuthSession=YWRtaW46NUU0MTFBMDE6stHsxYnlDy4mYxwZEcnXHn4fm5w; Version=1; Expires=Mon, 10-Feb-2050 09:03:21 GMT; Max-Age=600; Path=/; HttpOnly' })
+    .reply(200, response, { 'Set-Cookie': cookie })
+    .get('/_all_dbs')
+    .reply(200, ['a'])
 
   // test POST /_session
   const p = await nano.auth(username, password)
   expect(p).toStrictEqual(response)
+  await nano.db.list()
+  expect(nano.config.cookies.length).toBe(1)
+  expect(nano.config.cookies[0].toString().startsWith(authsession)).toBe(true)
   expect(scope.isDone()).toBe(true)
 })
