github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 06:41:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Revert "DEV: Migrate existing cookies to Rails 7 format"

Browse Source 
This reverts commit 66e8fe9cc63b86ce83b380a2c9563723affefffa as it
unexpectedly caused some users to be logged out. We are investigating
the problem.
This commit is contained in:
Loïc Guitaut
2023-01-12 12:01:20 +01:00
committed by Loïc Guitaut
parent 66e8fe9cc6
commit 4093fc6074
4 changed files with 4 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
spec/integration/multisite_cookies_spec.rb
View File

@ -1,11 +1,9 @@
# frozen_string_literal: true
RSpec.describe "multisite", type: %i[multisite request] do
let!(:first_host) { get "http://test.localhost/session/csrf.json" }
it "works" do
get "http://test.localhost/session/csrf.json"
expect(response).to have_http_status :ok
expect(response.status).to eq(200)
cookie = CGI.escape(response.cookies["_forum_session"])
id1 = session["session_id"]
@ -13,7 +11,7 @@ RSpec.describe "multisite", type: %i[multisite request] do
headers: {
"Cookie" => "_forum_session=#{cookie};",
}
expect(response).to have_http_status :ok
expect(response.status).to eq(200)
id2 = session["session_id"]
expect(id1).to eq(id2)
@ -22,31 +20,10 @@ RSpec.describe "multisite", type: %i[multisite request] do
headers: {
"Cookie" => "_forum_session=#{cookie};",
}
expect(response).to have_http_status :ok
expect(response.status).to eq(200)
id3 = session["session_id"]
# Session cookie was rejected and rotated
expect(id2).not_to eq(id3)
end
describe "Cookies rotator" do
let!(:rotations) { request.cookies_rotations }
let(:second_host) { get "http://test2.localhost/session/csrf.json" }
let(:global_rotations) { Rails.application.config.action_dispatch.cookies_rotations }
it "adds different rotations for different hosts" do
first_host
expect(request.cookies_rotations).to have_attributes signed: rotations.signed,
encrypted: rotations.encrypted
second_host
expect(request.cookies_rotations).not_to have_attributes signed: rotations.signed,
encrypted: rotations.encrypted
end
it "doesn't change global rotations" do
second_host
expect(global_rotations).to have_attributes signed: [], encrypted: []
end
end
end