github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-04 06:56:01 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Improve token rotation and increase logging

Browse Source 
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
This commit is contained in:
Sam
2017-03-07 13:27:34 -05:00
parent 9f8cfee450
commit 99f4d5082b
5 changed files with 25 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -208,15 +208,7 @@ describe Auth::DefaultCurrentUserProvider do
end
it "correctly removes invalid cookies" do
cookies = {"_t" => SecureRandom.hex}
(Auth::DefaultCurrentUserProvider::MAX_COOKIE_MISSES).times do
provider('/').refresh_session(nil, {}, cookies)
end
expect(cookies.key?("_t")).to eq(true)
provider('/').refresh_session(nil, {}, cookies)
expect(cookies.key?("_t")).to eq(false)
end