github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 14:12:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: increase secure session for OAuth expiration time (#27674)

Browse Source 
By default, secure sessions expire after 1 hour.
For OAuth authentication it should expire at the same time when the authentication cookie expires - `SiteSetting.maximum_session_age.hours`.

It is possible that the forum will not have persistent sessions, based on `persistent_sessions` site setting. In that case, with next username and password authentication we need to reset information about OAuth.

Bug introduced in this PR - https://github.com/discourse/discourse/pull/27547
This commit is contained in:
Krzysztof Kotlarek
2024-07-02 11:43:59 +10:00
committed by GitHub
parent 592b5ceed1
commit a1d2c46d28
3 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/session_controller.rb
View File

@ -370,6 +370,7 @@ class SessionController < ApplicationController
return render(json: @second_factor_failure_payload) if !second_factor_auth_result.ok
if user.active && user.email_confirmed?
secure_session["oauth"] = false if !SiteSetting.persistent_sessions
login(user, second_factor_auth_result)
else
not_activated(user)