Changing session cookie name and added a way for clients to know what the name is #11413 (#11679)

* Changing session cookie name and added a way for clients to know what the key name is * Adding session information to docs * Fixing how awxkit gets the session id header
author: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com> 2022-02-27 13:27:25 +0100
committer: GitHub <noreply@github.com> 2022-02-27 13:27:25 +0100
commit: cb57752903bf7f7ceaa296e226a56dbc9cb034e1 (patch)
tree: 020135b07459ce6114932261f97f0db784a19fcf /awxkit
parent: Merge pull request #11808 from john-westcott-iv/fix_minicube (diff)
download: awx-cb57752903bf7f7ceaa296e226a56dbc9cb034e1.tar.xz
awx-cb57752903bf7f7ceaa296e226a56dbc9cb034e1.zip
3 files changed, 20 insertions, 9 deletions
diff --git a/awxkit/awxkit/api/client.py b/awxkit/awxkit/api/client.py
index 1cea4a61c2..04b399e079 100644
--- a/awxkit/awxkit/api/client.py
+++ b/awxkit/awxkit/api/client.py
@@ -33,6 +33,10 @@ class Connection(object):
     def __init__(self, server, verify=False):
         self.server = server
         self.verify = verify
+        # Note: We use the old sessionid here incase someone is trying to connect to an older AWX version
+        # There is a check below so that if AWX returns an X-API-Session-Cookie-Name we will grab it and
+        # connect with the new session cookie name.
+        self.session_cookie_name = 'sessionid'
 
         if not self.verify:
             requests.packages.urllib3.disable_warnings()
@@ -49,8 +53,13 @@ class Connection(object):
             _next = kwargs.get('next')
             if _next:
                 headers = self.session.headers.copy()
-                self.post('/api/login/', headers=headers, data=dict(username=username, password=password, next=_next))
-                self.session_id = self.session.cookies.get('sessionid')
+                response = self.post('/api/login/', headers=headers, data=dict(username=username, password=password, next=_next))
+                # The login causes a redirect so we need to search the history of the request to find the header
+                for historical_response in response.history:
+                    if 'X-API-Session-Cookie-Name' in historical_response.headers:
+                        self.session_cookie_name = historical_response.headers.get('X-API-Session-Cookie-Name')
+
+                self.session_id = self.session.cookies.get(self.session_cookie_name, None)
                 self.uses_session_cookie = True
             else:
                 self.session.auth = (username, password)
@@ -61,7 +70,7 @@ class Connection(object):
 
     def logout(self):
         if self.uses_session_cookie:
-            self.session.cookies.pop('sessionid', None)
+            self.session.cookies.pop(self.session_cookie_name, None)
         else:
             self.session.auth = None
 
diff --git a/awxkit/awxkit/awx/utils.py b/awxkit/awxkit/awx/utils.py
index 6fc3a18480..df61f0b7a0 100644
--- a/awxkit/awxkit/awx/utils.py
+++ b/awxkit/awxkit/awx/utils.py
@@ -95,12 +95,12 @@ def as_user(v, username, password=None):
             # requests doesn't provide interface for retrieving
             # domain segregated cookies other than iterating.
             for cookie in connection.session.cookies:
-                if cookie.name == 'sessionid':
+                if cookie.name == connection.session_cookie_name:
                     session_id = cookie.value
                     domain = cookie.domain
                     break
             if session_id:
-                del connection.session.cookies['sessionid']
+                del connection.session.cookies[connection.session_cookie_name]
             if access_token:
                 kwargs = dict(token=access_token)
             else:
@@ -114,9 +114,9 @@ def as_user(v, username, password=None):
         if config.use_sessions:
             if access_token:
                 connection.session.auth = None
-            del connection.session.cookies['sessionid']
+            del connection.session.cookies[connection.session_cookie_name]
             if session_id:
-                connection.session.cookies.set('sessionid', session_id, domain=domain)
+                connection.session.cookies.set(connection.session_cookie_name, session_id, domain=domain)
         else:
             connection.session.auth = previous_auth
 
diff --git a/awxkit/awxkit/ws.py b/awxkit/awxkit/ws.py
index d56fccf719..b2b51fefba 100644
--- a/awxkit/awxkit/ws.py
+++ b/awxkit/awxkit/ws.py
@@ -51,7 +51,9 @@ class WSClient(object):
 
     # Subscription group types
 
-    def __init__(self, token=None, hostname='', port=443, secure=True, session_id=None, csrftoken=None, add_received_time=False):
+    def __init__(
+        self, token=None, hostname='', port=443, secure=True, session_id=None, csrftoken=None, add_received_time=False, session_cookie_name='awx_sessionid'
+    ):
         # delay this import, because this is an optional dependency
         import websocket
 
@@ -78,7 +80,7 @@ class WSClient(object):
         if self.token is not None:
             auth_cookie = 'token="{0.token}";'.format(self)
         elif self.session_id is not None:
-            auth_cookie = 'sessionid="{0.session_id}"'.format(self)
+            auth_cookie = '{1}="{0.session_id}"'.format(self, session_cookie_name)
             if self.csrftoken:
                 auth_cookie += ';csrftoken={0.csrftoken}'.format(self)
         else:
author	John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com>	2022-02-27 13:27:25 +0100
committer	GitHub <noreply@github.com>	2022-02-27 13:27:25 +0100
commit	cb57752903bf7f7ceaa296e226a56dbc9cb034e1 (patch)
tree	020135b07459ce6114932261f97f0db784a19fcf /awxkit
parent	Merge pull request #11808 from john-westcott-iv/fix_minicube (diff)
download	awx-cb57752903bf7f7ceaa296e226a56dbc9cb034e1.tar.xz awx-cb57752903bf7f7ceaa296e226a56dbc9cb034e1.zip