SECURITY: Attach DiscourseConnect (SSO) nonce to current session (#12124)

2025-05-25 00:32:52 +08:00 · 2021-02-18 10:35:10 +00:00
parent 2f4630742c
commit 13d2a1f82c
8 changed files with 74 additions and 41 deletions
--- a/spec/support/integration_helpers.rb
+++ b/spec/support/integration_helpers.rb
@ -35,6 +35,15 @@ module IntegrationHelpers
  end

  def read_secure_session
+    id = begin
+      session[:secure_session_id]
+    rescue NoMethodError
+      nil
+    end
+
+    # This route will init the secure_session for us
+    get "/session/hp.json" if id.nil?
+
    SecureSession.new(session[:secure_session_id])
  end
 end