Add option to keep additional attributes on cookies

Author: robotdan

src/main/java/io/fusionauth/http/Cookie.java

@@ -17,7 +17,9 @@
 
 import java.time.ZonedDateTime;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Objects;
 
 import io.fusionauth.http.HTTPValues.CookieAttributes;
@@ -39,6 +41,8 @@ public class Cookie implements Buildable<Cookie> {
 
   public static final String SecurePrefix = "; " + CookieAttributes.Secure;
 
+  public Map<String, String> attributes = new HashMap<>(0);
+
   public String domain;
 
   public ZonedDateTime expires;
@@ -269,6 +273,9 @@ public void addAttribute(String name, String value) {
         break;
       case HTTPValues.CookieAttributes.SecureLower:
         secure = true;
+      default:
+        // Attributes should be not be required to have a value
+        attributes.put(name, value == null ? "" : value);
     }
   }
 
@@ -290,6 +297,10 @@ public boolean equals(Object o) {
            Objects.equals(value, cookie.value);
   }
 
+  public String getAttribute(String name) {
+    return attributes.get(name);
+  }
+
   public String getDomain() {
     return domain;
   }
@@ -346,6 +357,10 @@ public void setValue(String value) {
     this.value = value;
   }
 
+  public boolean hasAttribute(String name) {
+    return attributes.containsKey(name);
+  }
+
   @Override
   public int hashCode() {
     return Objects.hash(domain, expires, httpOnly, maxAge, name, path, secure, value);

src/main/java/io/fusionauth/http/io/ChunkedInputStream.java

@@ -103,7 +103,12 @@ private int processChunk(byte[] destination, int offset, int length) throws IOEx
         if (nextState == ChunkedBodyState.Complete) {
           state = nextState;
           bufferIndex++;
-          continue;
+          int leftOver = bufferLength - bufferIndex;
+          if (leftOver > 0) {
+            delegate.push(buffer, bufferIndex, leftOver);
+          }
+
+          return -1;
         }
 
         // Record the size hex digit

src/main/java/io/fusionauth/http/io/PushbackInputStream.java

@@ -73,14 +73,11 @@ public int read(byte[] b, int off, int len) throws IOException {
         this.bufferEndPosition = -1;
       }
 
-      // Ideally we would just continue to read from the delegate if we have not yet filled the buffer.
-      // - However, in non-fixed length request such as a chunked transfer encoding, if the end of the request
-      //   is in the bytes we read from the buffer, and we call read() we will block because no bytes are available.
-      // - So I think we have to return, and allow the caller to decide if they want to read more bytes based upon
-      //   the contents of the bytes we return.
-      // TODO : Daniel : Review the above statement.
-      // ...
-      // TODO : Put back the code...  we want to continue reading past the buffer here.
+      // Note that we must return after reading from the buffer.
+      // - We don't know if we are at the end of the InputStream. Calling read again will block causing us not to be able to
+      //   complete processing of the bytes we just read from the buffer in order to send the HTTP response.
+      //   The end result is the client will block while waiting for us to send a response until we take an exception waiting
+      //   for the read timeout.
       return read;
     }
 

src/main/java/io/fusionauth/http/server/HTTPResponse.java

@@ -281,20 +281,6 @@ public void reset() {
     writer = null;
   }
 
-  /**
-   * Reset the OutputStream.
-   */
-  // TODO : Daniel : Review : This is used by prime-mvc. Is there any other way to handle this?
-  //        Discuss with Brian. I think all prime-mvc needs is for the socket to be reset?
-  public void resetOutputStream() {
-    if (outputStream.isCommitted()) {
-      throw new IllegalStateException("The HTTPResponse can't be reset after it has been committed, meaning at least one byte was written back to the client.");
-    }
-
-    outputStream.reset();
-    writer = null;
-  }
-
   public void sendRedirect(String uri) {
     setHeader(Headers.Location, uri);
     status = Status.MovedTemporarily;

src/main/java/io/fusionauth/http/server/internal/HTTPServerThread.java

@@ -107,12 +107,6 @@ public void run() {
           logger.trace("[{}] Accepted inbound connection. [{}] existing connections.", listenerAddress, clients.size());
         }
 
-        // TODO : Daniel : Review : Why is this number so much higher than the worker count when using persistent connections?
-        //        When using RESTIFY - we kill a lot of connections because read returns -1 while waiting for preamble.
-        //        This causes us to close a lot of workers. When using the JDK REST client this doesn't happen.
-        //        I don't know if this is just working as designed for HTTPURLConnection, or if it is related to
-        //        the read ahead we are doing.
-        //        Show Brian to see if he has any ideas.
         if (instrumenter != null) {
           instrumenter.acceptedConnection();
         }

src/main/java/io/fusionauth/http/util/HTTPTools.java

@@ -29,7 +29,6 @@
 import java.util.Map;
 import java.util.Objects;
 
-import io.fusionauth.http.server.io.ConnectionClosedException;
 import io.fusionauth.http.HTTPMethod;
 import io.fusionauth.http.HTTPValues.ControlBytes;
 import io.fusionauth.http.HTTPValues.HeaderBytes;
@@ -41,6 +40,7 @@
 import io.fusionauth.http.server.HTTPRequest;
 import io.fusionauth.http.server.HTTPResponse;
 import io.fusionauth.http.server.Instrumenter;
+import io.fusionauth.http.server.io.ConnectionClosedException;
 
 public final class HTTPTools {
   private static Logger logger;

src/test/java/io/fusionauth/http/CookieTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2021-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -36,6 +36,9 @@
 import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
 
+/**
+ * @author Brian Pontarelli
+ */
 public class CookieTest extends BaseTest {
   @Test
   public void cookieInjection() throws Exception {
@@ -305,6 +308,41 @@ public void fromResponseHeader() {
     // Borked cookie
     cookie = Cookie.fromResponseHeader("=a");
     assertNull(cookie);
+
+    // additional attributes
+    // - name and value
+    cookie = Cookie.fromResponseHeader("foo=;utm=123");
+    assertEquals(cookie.name, "foo");
+    assertEquals(cookie.getAttribute("utm"), "123");
+
+    // additional attributes
+    // - name, sep but no value
+    cookie = Cookie.fromResponseHeader("foo=;utm=");
+    assertEquals(cookie.name, "foo");
+    assertEquals(cookie.getAttribute("utm"), "");
+
+    // additional attributes
+    // - name only
+    cookie = Cookie.fromResponseHeader("foo=;utm");
+    assertEquals(cookie.name, "foo");
+    assertEquals(cookie.getAttribute("utm"), "");
+
+    // additional attributes
+    // - multiple
+    cookie = Cookie.fromResponseHeader("foo=;foo=bar;bar=baz;bing=boom");
+    assertEquals(cookie.name, "foo");
+    assertEquals(cookie.getAttribute("foo"), "bar");
+    assertEquals(cookie.getAttribute("bar"), "baz");
+    assertEquals(cookie.getAttribute("bing"), "boom");
+
+    // has attribute
+    cookie = Cookie.fromResponseHeader("foo=;foo=bar;bar=baz;bing=boom");
+    assertTrue(cookie.hasAttribute("foo"));
+    assertTrue(cookie.hasAttribute("bar"));
+    assertTrue(cookie.hasAttribute("bing"));
+    assertFalse(cookie.hasAttribute("booya"));
+    assertFalse(cookie.hasAttribute("baz"));
+    assertFalse(cookie.hasAttribute("boom"));
   }
 
   @Test(dataProvider = "schemes")