No domain at session storage plus improved ip subdomain (not) extraction fixes #6229

config/initializers/carto_db.rb

@@ -1,3 +1,5 @@
+require "resolv"
+
 module CartoDB
 
   begin
@@ -58,7 +60,15 @@ module CartoDB
   # "Smart" subdomain extraction from the request, depending on configuration and /u/xxx url fragment
   def self.extract_subdomain(request)
     user_domain = self.username_from_request(request)
-    user_domain.nil? ? self.subdomain_from_request(request) : user_domain
+    if user_domain.nil?
+      if subdomainless_urls? && is_ip?(request.host)
+        ''
+      else
+        self.subdomain_from_request(request)
+      end
+    else
+      user_domain
+    end
   end
 
   # Raw subdomain extraction from request
@@ -152,10 +162,18 @@ module CartoDB
   def self.domainless_base_url(subdomain, protocol_override=nil)
     protocol = self.protocol(protocol_override)
     port = protocol == 'http' ? self.http_port : self.https_port
-    request_subdomain = self.request_host.sub(self.session_domain, '')
-    request_subdomain += '.' if (request_subdomain.length > 0 && !request_subdomain.end_with?('.'))
+    if is_ip?(self.request_host)
+      "#{protocol}://#{self.request_host}#{port}/user/#{subdomain}"
+    else
+      request_subdomain = self.request_host.sub(self.session_domain, '')
+      request_subdomain += '.' if (request_subdomain.length > 0 && !request_subdomain.end_with?('.'))
+
+      "#{protocol}://#{request_subdomain}#{self.session_domain}#{port}/user/#{subdomain}"
+    end
+  end
 
-    "#{protocol}://#{request_subdomain}#{self.session_domain}#{port}/user/#{subdomain}"
+  def self.is_ip?(string)
+    !!(string =~ Resolv::IPv4::Regex)
   end
 
   def self.username_from_request(request)

config/initializers/session_store.rb

@@ -1,3 +1,4 @@
+domain = CartoDB.subdomainless_urls? ? nil : Cartodb.config[:session_domain]
 CartoDB::Application.config.session_store :cookie_store, key: '_cartodb_session', secure_random: true,
-                                          domain: Cartodb.config[:session_domain], expire_after: 7.days,
+                                          domain: domain, expire_after: 7.days,
                                           httponly: true, secure: !(Rails.env.development? || Rails.env.test?)

spec/helpers/carto_db_spec.rb

@@ -11,9 +11,22 @@ end
 
 describe 'CartoDB' do
 
-  describe 'extract_subdomain' do
+  describe '#is_ip?' do
+    it 'detects ips' do
+      CartoDB.is_ip?(nil).should == false
+      CartoDB.is_ip?('').should == false
+      CartoDB.is_ip?('.').should == false
+      CartoDB.is_ip?('...').should == false
+      CartoDB.is_ip?(192).should == false
+      CartoDB.is_ip?('a').should == false
+      CartoDB.is_ip?('a.b.c.d').should == false
+      CartoDB.is_ip?('192.168.1.').should == false
+      CartoDB.is_ip?('192.168.1.0').should == true
+    end
+  end
 
-    it 'extracts subdomain' do
+  describe 'extract_subdomain' do
+    it 'extracts subdomain without subdomainless_urls' do
       CartoDB::Cartodb.stubs(:config).returns({ subdomainless_urls: false })
       CartoDB.stubs(:session_domain).returns('.localhost.lan')
       CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: ''})).should == ''
@@ -22,6 +35,18 @@ describe 'CartoDB' do
       CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'otheruser'})).should == 'otheruser'
     end
 
+    it 'extracts subdomain with subdomainless_urls' do
+      CartoDB::Cartodb.stubs(:config).returns({ subdomainless_urls: false })
+      CartoDB.stubs(:session_domain).returns('.localhost.lan')
+
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: ''})).should == ''
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'auser'})).should == 'auser'
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: 'auser'})).should == 'auser'
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'otheruser'})).should == 'otheruser'
+
+      CartoDB.extract_subdomain(OpenStruct.new(host: '192.168.1.1', params: { user_domain: ''})).should == ''
+      CartoDB.extract_subdomain(OpenStruct.new(host: '192.168.1.1', params: { user_domain: 'otheruser'})).should == 'otheruser'
+    end
   end
 
 end