Test use case for cookie authentication

Author: hernoufM

.gitignore

@@ -4,3 +4,6 @@ _local
 *~
 *.merlin
 *.install
+*.exe
+.ocamlformat
+test/session/*.js

.ocamlformat

@@ -16,3 +16,8 @@ clean:
 doc:
 	@dune build @doc
 	@rsync -ru _build/default/_doc/_html/* docs/
+
+build-tests:
+	@opam install ocurl websocket-lwt-unix js_of_ocaml
+	@dune build test
+	

Makefile

@@ -33,8 +33,13 @@ module TYPES = struct
     (** Associated to user information *)
     type user_info
 
-    (** Web host, that should be used in access control headers. *)
-    val web_host : string 
+    (** Web host, that should be used in access control headers, if specified. If web_host isn't specified,
+        then acces-control header in response will be set to '*' and authentication wwith cookies wouldn't 
+        work.
+        Note : Cookies would be set by browser only if request's flag 'with_credentials' is set to true. 
+        Last one in turn, requires that "Access-control_allow_origin" header by reponse returns something 
+        different from "*". *)
+    val web_host : string option 
 
     (** Json encoding for user's id *)
     val user_id_encoding : user_id Json_encoding.encoding
@@ -374,7 +379,8 @@ module Make(S : SessionArg) = struct
 
     let access_control = 
       [ "access-control-allow-credentials", "true"; 
-        "access-control-allow-origin", S.web_host ]
+        "access-control-allow-origin", 
+          match S.web_host with None -> "*" | Some origin -> origin ]
 
 
     (** Connection service that requires authentication token. For more details, see corresponding 

src/session/ezSession.ml

@@ -0,0 +1,20 @@
+
+CLIENT_BIN_PATH=../../_build/default/test/session/test_cookie_client.bc.js
+SERVER_BIN_PATH=../../_build/default/test/session/test_cookie_server.exe
+
+all: build website api-server
+
+build:
+	dune build --profile release
+
+website: $(CLIENT_BIN_PATH)
+	cp -f $(CLIENT_BIN_PATH) client.js
+
+api-server: $(SERVER_BIN_PATH)
+	cp -f $(SERVER_BIN_PATH) server.exe
+
+run-web: website
+	php -S localhost:8885
+
+run-api: api-server
+	./server.exe

test/session/Makefile

@@ -0,0 +1,19 @@
+(library
+ (name test_session_lib)
+ (modules test_session_lib)
+ (libraries ez_api ez_api.sha2 ez_api.session))
+
+(executable
+ (name test_cookie_client)
+ (modules test_cookie_client)
+ (preprocess (pps js_of_ocaml-ppx))
+ (libraries js_of_ocaml test_session_lib ez_api.session_client ez_api.icoxhr)
+ (modes js)
+ (js_of_ocaml
+  (flags
+   (:standard --no-sourcemap))))
+
+(executable
+ (name test_cookie_server)
+ (modules test_cookie_server)
+ (libraries test_session_lib ez_api.server_session ez_api.server))

test/session/client.js

@@ -0,0 +1,32 @@
+<html>
+
+<head>
+    <title>Test cookie session</title>
+    <script src="client.js" defer></script>
+</head>
+
+<body>
+    <div>
+        <div>
+            <h2>Connection status</h2>
+            <input id="submit-connection" value="Login" type="button">
+            <p id="connection-status"></p>
+        </div>
+        <div>
+            <h2>Api services to check (check console for results)</h2>
+            <h3>Without authentication</h3>
+            <div>
+                <input id="test1" value="Test 1" type="button" />
+                <input id="test1'" value="Test 1'" type="button" />
+                <input id="test2" value="Test 2" type="button" />
+                <input id="test2'" value="Test 2'" type="button" />
+                <input id="test3" value="Test 3" type="button" />
+            </div>
+            <h3>With authentication</h3>
+            <div><input id="test4" value="Test 4" type="button" /></div>
+
+        </div>
+    </div>
+</body>
+
+</html>