Added new login-token cookie format to migrate to .dump.fm cookie domain

author: sostler <sbostler@gmail.com> 2010-04-24 00:25:12 -0400
committer: sostler <sbostler@gmail.com> 2010-04-24 00:25:12 -0400
commit: 21c80596565857c2f31956a7761efb1249dac67e (patch)
tree: a864d72e28f0b3c76590d8be6a31dd362f333507
parent: 542b195ae2bec42ff7dcff58b25d3a8f0bc06a6f (diff)
1 files changed, 28 insertions, 6 deletions
diff --git a/src/site.clj b/src/site.clj
index c06b194..2915d43 100644
--- a/src/site.clj
+++ b/src/site.clj
@@ -280,15 +280,31 @@
   [request]
   (contains? (request :session) :nick))
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Login-token version history
+;
+; v0: Format: nick%expiry%token-hash
+;     Date:   Mists of dump antiquity
+;
+; v1: Format: v1%nick%expiry%token-hash
+;     Date:   2010/04/24
+;     Note:   Contains same information as v0, but created under the
+;             wildcard domain (i.e. ".dump.fm") so that logins work
+;             across all subdomains.
+
 (defn encode-login-token [nick hash expiry]
   (let [token-hash (sha1-hash hash expiry)]
-    (str nick "%" expiry "%" token-hash)))
+    (str "v1%" nick "%" expiry "%" token-hash)))
 
 (defn parse-login-token [token]
-  (let [x (.split token "\\%")]
-    (if (= (alength x) 3)
-      (try [(aget x 0) (Long/parseLong (aget x 1)) (aget x 2)]
-           (catch NumberFormatException _ nil)))))
+  ; Users can have multiple login-cookies across different domains 
+  ; (i.e. "dump.fm" and ".dump.fm")
+  (if (not (string? token))
+    (some identity (map parse-login-token token))
+    (let [x  (.split token "\\%")]
+      (if (and (= (alength x) 4) (= (aget x 0) "v1"))
+        (try [(aget x 1) (Long/parseLong (aget x 2)) (aget x 3)]
+             (catch NumberFormatException _ nil))))))
 
 (defn read-login-token [token]
   (if-let [[nick expiry token-hash]  (parse-login-token token)]
@@ -328,8 +344,14 @@
       (resp-error "BAD_LOGIN"))))
 
 (defn logout [session]
+  (println    (clear-login-token *login-token-key*))
   [(session-dissoc :nick :user_id :is_admin :avatar)
-   (clear-login-token *login-token-key*)
+   (set-cookie :login-token "dummy"
+               :expires "Thu, 01-Jan-1970 00:00:01 GMT"
+               :domain ".dump.fm")
+   (set-cookie :login-token "dummy"
+               :expires "Thu, 01-Jan-1970 00:00:01 GMT"
+               :domain "dump.fm")
    (redirect-to "/")])
 
 ;; Registration
author	sostler <sbostler@gmail.com>	2010-04-24 00:25:12 -0400
committer	sostler <sbostler@gmail.com>	2010-04-24 00:25:12 -0400
commit	21c80596565857c2f31956a7761efb1249dac67e (patch)
tree	a864d72e28f0b3c76590d8be6a31dd362f333507
parent	542b195ae2bec42ff7dcff58b25d3a8f0bc06a6f (diff)