RubyGems - forest_liana - Versions diffs - 6.0.2 → 6.0.3 - Mend

forest_liana 6.0.2 → 6.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/app/controllers/forest_liana/authentication_controller.rb +1 -17
data/lib/forest_liana/version.rb +1 -1
data/spec/requests/authentications_spec.rb +3 -17
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a5fa2377990f8fa7bbbf8267b3250a6b5f29f44e1b9f37d82f152281851875e
-  data.tar.gz: 9115346647db03749473cf9b7ed6b9fa9c7afa0a678551db264cae781533311c
+  metadata.gz: 36413dbeacb065c65d37e3ac8b051c2f342d03f8deec1ebf8c4caf9b894f8838
+  data.tar.gz: d58009364bb2fa0bef186b2afeaee10242e26538926c98ae807286f21623dc79
 SHA512:
-  metadata.gz: 14a06f171447f52515131ecfbfe308caacea813dad47d67eee45af086b134ac73677580a0e1f5a65bbbfdde1d078410d8cf3e7adb48ed588aab5049ef4fa3e50
-  data.tar.gz: 93469f1d98a053c685f9fde26d106907d4f89e3244d7f46abc99a2a0265b4bf22f63f5b652736658880968ac9d48ef4f5aae0a90c80b9d5ce2c8c03677ec6153
+  metadata.gz: 4f0c61d238def23ff9fb17c5974238ea13a06cde678bec2c1937d590d13fe9a603ec32448c2fb433b0696436b038c21a47041f25491ec9954ff03f90f22bc068
+  data.tar.gz: 30dfc0f2f7b564e0581bb85fe0211457bf835ce0125c70de27c12ae5483cb26c40b828fd724ec9315a1b2564f0b6f509b59d56f1f42075029ec7fd1380b36db5

data/app/controllers/forest_liana/authentication_controller.rb CHANGED Viewed

@@ -61,28 +61,12 @@ module ForestLiana
           callback_url,
           params,
         )
-        response.set_cookie(
-          'forest_session_token',
-          {
-            value: token,
-            httponly: true,
-            secure: true,
-            expires: ForestLiana::Token.expiration_in_days,
-            same_site: :None,
-            path: '/'
-          },
-        )
         response_body = {
+          token: token,
           tokenData: JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
         }
-        # The token is sent decoded, because we don't want to share the whole, signed token
-        # that is used to authenticate people
-        # but the token itself contains interesting values, such as its expiration date
-        response_body[:token] = token if !ForestLiana.application_url.start_with?('https://')
         render json: response_body, status: 200
       rescue => error

data/lib/forest_liana/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "6.0.2"
+  VERSION = "6.0.3"
 end

data/spec/requests/authentications_spec.rb CHANGED Viewed

@@ -60,10 +60,9 @@ describe "Authentications", type: :request do
     end
     it "should return a valid authentication token" do
-      session_cookie = response.headers['set-cookie']
-      expect(session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=[^;]+; secure; HttpOnly; SameSite=None$/)
+      body = JSON.parse(response.body, :symbolize_names => true);
-      token = session_cookie.match(/^forest_session_token=([^;]+);/)[1]
+      token = body[:token]
       decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
       expected_token_data = {
@@ -76,31 +75,18 @@ describe "Authentications", type: :request do
       }
       expect(decoded).to include(expected_token_data)
-      expect(JSON.parse(response.body, :symbolize_names => true)).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
+      expect(body).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
       expect(response).to have_http_status(200)
     end
   end
   describe "POST /authentication/logout" do
     before() do
-      cookies['forest_session_token'] = {
-        value: 'eyJhbGciOiJIUzI1NiJ9.eyJpZCI6NjY2LCJlbWFpbCI6ImFsaWNlQGZvcmVzdGFkbWluLmNvbSIsImZpcnN0X25hbWUiOiJBbGljZSIsImxhc3RfbmFtZSI6IkRvZSIsInRlYW0iOjEsInJlbmRlcmluZ19pZCI6IjQyIiwiZXhwIjoxNjA4MDQ5MTI2fQ.5xaMxjUjE3wKldBsj3wW0BP9GHnnMqQi2Kpde8cIHEw',
-        path: '/',
-        expires: Time.now.to_i + 14.days,
-        secure: true,
-        httponly: true
-      }
       post ForestLiana::Engine.routes.url_helpers.authentication_logout_path, params: { :renderingId => 42 }, :headers => headers
-      cookies.delete('forest_session_token')
     end
     it "should respond with a 204 code" do
       expect(response).to have_http_status(204)
     end
-    it "should invalidate token from browser" do
-      invalidated_session_cookie = response.headers['set-cookie']
-      expect(invalidated_session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; HttpOnly; SameSite=None$/)
-    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_liana
 version: !ruby/object:Gem::Version
-  version: 6.0.2
+  version: 6.0.3
 platform: ruby
 authors:
 - Sandro Munda