github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Improve token rotation and increase logging

Browse Source 
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
This commit is contained in:
Sam
2017-03-07 13:27:34 -05:00
parent 9f8cfee450
commit 99f4d5082b
5 changed files with 25 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
spec/models/user_auth_token_spec.rb
View File

@ -227,13 +227,19 @@ describe UserAuthToken do
).count).to eq(1)
fake_token = SecureRandom.hex
UserAuthToken.lookup(fake_token, seen: true, user_agent: "bob", client_ip: "127.0.0.1")
UserAuthToken.lookup(fake_token,
seen: true,
user_agent: "bob",
client_ip: "127.0.0.1",
path: "/path"
)
expect(UserAuthTokenLog.where(
action: "miss token",
auth_token: UserAuthToken.hash_token(fake_token),
user_agent: "bob",
client_ip: "127.0.0.1"
client_ip: "127.0.0.1",
path: "/path"
).count).to eq(1)