fix: Add session lookup fallback for soap header auth

dougm · dougm · commit 64dd41d1ce94 · 2025-01-07T13:50:32.000-08:00
In 1918984 / PR #3636 we deferred the http.CookieJar lookup until request time. Fallback to using Path="/" if initial lookup fails. Signed-off-by: Doug MacEachern <dougm@broadcom.com>
diff --git a/vim25/soap/client.go b/vim25/soap/client.go
@@ -214,16 +214,31 @@ func (c *Client) NewServiceClient(path string, namespace string) *Client {
 	return c.newServiceClientWithTransport(path, namespace, c.t)
 }
 
-// SessionCookie returns a SessionCookie with value of the vmware_soap_session http.Cookie.
-func (c *Client) SessionCookie() *HeaderElement {
-	for _, cookie := range c.Jar.Cookies(c.URL()) {
+func sessionCookie(jar http.CookieJar, u *url.URL) *HeaderElement {
+	for _, cookie := range jar.Cookies(u) {
 		if cookie.Name == SessionCookieName {
 			return &HeaderElement{Value: cookie.Value}
 		}
 	}
 	return nil
 }
 
+// SessionCookie returns a SessionCookie with value of the vmware_soap_session http.Cookie.
+func (c *Client) SessionCookie() *HeaderElement {
+	u := c.URL()
+
+	if cookie := sessionCookie(c.Jar, u); cookie != nil {
+		return cookie
+	}
+
+	// Default "/sdk" Path would match above,
+	// but saw a case of Path == "sdk", where above returns nil.
+	// The jar entry Path is normally "/", so fallback to that.
+	u.Path = "/"
+
+	return sessionCookie(c.Jar, u)
+}
+
 func (c *Client) newServiceClientWithTransport(path string, namespace string, t *http.Transport) *Client {
 	vc := c.URL()
 	u, err := url.Parse(path)
diff --git a/vim25/soap/client_test.go b/vim25/soap/client_test.go
@@ -229,3 +229,29 @@ func TestParseURL(t *testing.T) {
 		})
 	}
 }
+
+func TestSessionCookie(t *testing.T) {
+	u := &url.URL{
+		Scheme: "http",
+		Host:   "localhost:1080",
+		Path:   "sdk", // see comment in Client.SessionCookie
+	}
+
+	c := NewClient(u, true)
+
+	cookie := &http.Cookie{
+		Name:     SessionCookieName,
+		Value:    "ANY",
+		Path:     "/",
+		Domain:   "localhost",
+		HttpOnly: true,
+		Secure:   false,
+	}
+
+	c.Jar.SetCookies(u, []*http.Cookie{cookie})
+
+	val := c.SessionCookie()
+	if val == nil {
+		t.Fatal("no session cookie")
+	}
+}
