From a647e73c02e9e36fbbe7da2dd3c1edb98dcf5306 Mon Sep 17 00:00:00 2001
From: fit2bot <68588906+fit2bot@users.noreply.github.com>
Date: Fri, 15 Apr 2022 21:33:15 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E8=AE=BE=E7=BD=AESessionCookieNamePref?=
 =?UTF-8?q?ix=20(#8071)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: 设置SessionCookieNamePrefix

* feat: 设置SessionCookieNamePrefix

Co-authored-by: Jiangjie.Bai <bugatti_it@163.com>
---
 apps/authentication/middleware.py | 14 ++++++++++++++
 apps/jumpserver/conf.py           |  1 +
 apps/jumpserver/settings/base.py  | 16 ++++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/apps/authentication/middleware.py b/apps/authentication/middleware.py
index 9481c3ff6..42bbb27cb 100644
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@@ -1,5 +1,7 @@
 from django.shortcuts import redirect, reverse
+from django.utils.deprecation import MiddlewareMixin
 from django.http import HttpResponse
+from django.conf import settings
 
 
 class MFAMiddleware:
@@ -34,3 +36,15 @@ class MFAMiddleware:
 
         url = reverse('authentication:login-mfa') + '?_=middleware'
         return redirect(url)
+
+
+class SessionCookieMiddleware(MiddlewareMixin):
+
+    @staticmethod
+    def process_response(request, response: HttpResponse):
+        key = settings.SESSION_COOKIE_NAME_PREFIX_KEY
+        value = settings.SESSION_COOKIE_NAME_PREFIX
+        if request.COOKIES.get(key) == value:
+            return response
+        response.set_cookie(key, value)
+        return response
diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py
index 3cc8a067d..28ee9d8e9 100644
--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -157,6 +157,7 @@ class Config(dict):
         'DEFAULT_EXPIRED_YEARS': 70,
         'SESSION_COOKIE_DOMAIN': None,
         'CSRF_COOKIE_DOMAIN': None,
+        'SESSION_COOKIE_NAME_PREFIX': None,
         'SESSION_COOKIE_AGE': 3600 * 24,
         'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
         'LOGIN_URL': reverse_lazy('authentication:login'),
diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py
index b7f48a814..b654a0365 100644
--- a/apps/jumpserver/settings/base.py
+++ b/apps/jumpserver/settings/base.py
@@ -94,10 +94,12 @@ MIDDLEWARE = [
     'authentication.backends.oidc.middleware.OIDCRefreshIDTokenMiddleware',
     'authentication.backends.cas.middleware.CASMiddleware',
     'authentication.middleware.MFAMiddleware',
+    'authentication.middleware.SessionCookieMiddleware',
     'simple_history.middleware.HistoryRequestMiddleware',
 ]
 
 ROOT_URLCONF = 'jumpserver.urls'
+
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
@@ -127,6 +129,20 @@ LOGIN_URL = reverse_lazy('authentication:login')
 
 SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
 CSRF_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN
+
+# 设置 SESSION_COOKIE_NAME_PREFIX_KEY
+# 解决 不同域 session csrf cookie 获取混乱问题
+SESSION_COOKIE_NAME_PREFIX_KEY = 'SESSION_COOKIE_NAME_PREFIX'
+SESSION_COOKIE_NAME_PREFIX = CONFIG.SESSION_COOKIE_NAME_PREFIX
+if SESSION_COOKIE_NAME_PREFIX is not None:
+    pass
+elif SESSION_COOKIE_DOMAIN is not None:
+    SESSION_COOKIE_NAME_PREFIX = SESSION_COOKIE_DOMAIN.split('.')[0]
+else:
+    SESSION_COOKIE_NAME_PREFIX = 'jms_'
+CSRF_COOKIE_NAME = '{}csrftoken'.format(SESSION_COOKIE_NAME_PREFIX)
+SESSION_COOKIE_NAME = '{}sessionid'.format(SESSION_COOKIE_NAME_PREFIX)
+
 SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 # 自定义的配置，SESSION_EXPIRE_AT_BROWSER_CLOSE 始终为 True, 下面这个来控制是否强制关闭后过期 cookie