From 378be3f7f806ac74daaa790c0352abe2ebf2b845 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?=
 <juanignaciosl@gmail.com>
Date: Mon, 28 Dec 2015 17:32:37 +0100
Subject: [PATCH] No domain at session storage plus improved ip subdomain (not)
 extraction fixes #6229

---
 config/initializers/carto_db.rb      | 26 +++++++++++++++++++++----
 config/initializers/session_store.rb |  3 ++-
 spec/helpers/carto_db_spec.rb        | 29 ++++++++++++++++++++++++++--
 3 files changed, 51 insertions(+), 7 deletions(-)

diff --git a/config/initializers/carto_db.rb b/config/initializers/carto_db.rb
index 65b676cb97..f7ffa98830 100644
--- a/config/initializers/carto_db.rb
+++ b/config/initializers/carto_db.rb
@@ -1,3 +1,5 @@
+require "resolv"
+
 module CartoDB
 
   begin
@@ -58,7 +60,15 @@ module CartoDB
   # "Smart" subdomain extraction from the request, depending on configuration and /u/xxx url fragment
   def self.extract_subdomain(request)
     user_domain = self.username_from_request(request)
-    user_domain.nil? ? self.subdomain_from_request(request) : user_domain
+    if user_domain.nil?
+      if subdomainless_urls? && is_ip?(request.host)
+        ''
+      else
+        self.subdomain_from_request(request)
+      end
+    else
+      user_domain
+    end
   end
 
   # Raw subdomain extraction from request
@@ -152,10 +162,18 @@ module CartoDB
   def self.domainless_base_url(subdomain, protocol_override=nil)
     protocol = self.protocol(protocol_override)
     port = protocol == 'http' ? self.http_port : self.https_port
-    request_subdomain = self.request_host.sub(self.session_domain, '')
-    request_subdomain += '.' if (request_subdomain.length > 0 && !request_subdomain.end_with?('.'))
+    if is_ip?(self.request_host)
+      "#{protocol}://#{self.request_host}#{port}/user/#{subdomain}"
+    else
+      request_subdomain = self.request_host.sub(self.session_domain, '')
+      request_subdomain += '.' if (request_subdomain.length > 0 && !request_subdomain.end_with?('.'))
+
+      "#{protocol}://#{request_subdomain}#{self.session_domain}#{port}/user/#{subdomain}"
+    end
+  end
 
-    "#{protocol}://#{request_subdomain}#{self.session_domain}#{port}/user/#{subdomain}"
+  def self.is_ip?(string)
+    !!(string =~ Resolv::IPv4::Regex)
   end
 
   def self.username_from_request(request)
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 84cad2eb3c..18fa2c503f 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,4 @@
+domain = CartoDB.subdomainless_urls? ? nil : Cartodb.config[:session_domain]
 CartoDB::Application.config.session_store :cookie_store, key: '_cartodb_session', secure_random: true,
-                                          domain: Cartodb.config[:session_domain], expire_after: 7.days,
+                                          domain: domain, expire_after: 7.days,
                                           httponly: true, secure: !(Rails.env.development? || Rails.env.test?)
diff --git a/spec/helpers/carto_db_spec.rb b/spec/helpers/carto_db_spec.rb
index 324f7cc0af..08fce9ac01 100644
--- a/spec/helpers/carto_db_spec.rb
+++ b/spec/helpers/carto_db_spec.rb
@@ -11,9 +11,22 @@ end
 
 describe 'CartoDB' do
 
-  describe 'extract_subdomain' do
+  describe '#is_ip?' do
+    it 'detects ips' do
+      CartoDB.is_ip?(nil).should == false
+      CartoDB.is_ip?('').should == false
+      CartoDB.is_ip?('.').should == false
+      CartoDB.is_ip?('...').should == false
+      CartoDB.is_ip?(192).should == false
+      CartoDB.is_ip?('a').should == false
+      CartoDB.is_ip?('a.b.c.d').should == false
+      CartoDB.is_ip?('192.168.1.').should == false
+      CartoDB.is_ip?('192.168.1.0').should == true
+    end
+  end
 
-    it 'extracts subdomain' do
+  describe 'extract_subdomain' do
+    it 'extracts subdomain without subdomainless_urls' do
       CartoDB::Cartodb.stubs(:config).returns({ subdomainless_urls: false })
       CartoDB.stubs(:session_domain).returns('.localhost.lan')
       CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: ''})).should == ''
@@ -22,6 +35,18 @@ describe 'CartoDB' do
       CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'otheruser'})).should == 'otheruser'
     end
 
+    it 'extracts subdomain with subdomainless_urls' do
+      CartoDB::Cartodb.stubs(:config).returns({ subdomainless_urls: false })
+      CartoDB.stubs(:session_domain).returns('.localhost.lan')
+
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: ''})).should == ''
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'auser'})).should == 'auser'
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'localhost.lan', params: { user_domain: 'auser'})).should == 'auser'
+      CartoDB.extract_subdomain(OpenStruct.new(host: 'auser.localhost.lan', params: { user_domain: 'otheruser'})).should == 'otheruser'
+
+      CartoDB.extract_subdomain(OpenStruct.new(host: '192.168.1.1', params: { user_domain: ''})).should == ''
+      CartoDB.extract_subdomain(OpenStruct.new(host: '192.168.1.1', params: { user_domain: 'otheruser'})).should == 'otheruser'
+    end
   end
 
 end