forest_liana 6.0.2 → 6.0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 36413dbeacb065c65d37e3ac8b051c2f342d03f8deec1ebf8c4caf9b894f8838
|
|
4
|
+
data.tar.gz: d58009364bb2fa0bef186b2afeaee10242e26538926c98ae807286f21623dc79
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f0c61d238def23ff9fb17c5974238ea13a06cde678bec2c1937d590d13fe9a603ec32448c2fb433b0696436b038c21a47041f25491ec9954ff03f90f22bc068
|
|
7
|
+
data.tar.gz: 30dfc0f2f7b564e0581bb85fe0211457bf835ce0125c70de27c12ae5483cb26c40b828fd724ec9315a1b2564f0b6f509b59d56f1f42075029ec7fd1380b36db5
|
|
@@ -61,28 +61,12 @@ module ForestLiana
|
|
|
61
61
|
callback_url,
|
|
62
62
|
params,
|
|
63
63
|
)
|
|
64
|
-
|
|
65
|
-
response.set_cookie(
|
|
66
|
-
'forest_session_token',
|
|
67
|
-
{
|
|
68
|
-
value: token,
|
|
69
|
-
httponly: true,
|
|
70
|
-
secure: true,
|
|
71
|
-
expires: ForestLiana::Token.expiration_in_days,
|
|
72
|
-
same_site: :None,
|
|
73
|
-
path: '/'
|
|
74
|
-
},
|
|
75
|
-
)
|
|
76
64
|
|
|
77
65
|
response_body = {
|
|
66
|
+
token: token,
|
|
78
67
|
tokenData: JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
|
|
79
68
|
}
|
|
80
69
|
|
|
81
|
-
# The token is sent decoded, because we don't want to share the whole, signed token
|
|
82
|
-
# that is used to authenticate people
|
|
83
|
-
# but the token itself contains interesting values, such as its expiration date
|
|
84
|
-
response_body[:token] = token if !ForestLiana.application_url.start_with?('https://')
|
|
85
|
-
|
|
86
70
|
render json: response_body, status: 200
|
|
87
71
|
|
|
88
72
|
rescue => error
|
data/lib/forest_liana/version.rb
CHANGED
|
@@ -60,10 +60,9 @@ describe "Authentications", type: :request do
|
|
|
60
60
|
end
|
|
61
61
|
|
|
62
62
|
it "should return a valid authentication token" do
|
|
63
|
-
|
|
64
|
-
expect(session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=[^;]+; secure; HttpOnly; SameSite=None$/)
|
|
63
|
+
body = JSON.parse(response.body, :symbolize_names => true);
|
|
65
64
|
|
|
66
|
-
token =
|
|
65
|
+
token = body[:token]
|
|
67
66
|
decoded = JWT.decode(token, ForestLiana.auth_secret, true, { algorithm: 'HS256' })[0]
|
|
68
67
|
|
|
69
68
|
expected_token_data = {
|
|
@@ -76,31 +75,18 @@ describe "Authentications", type: :request do
|
|
|
76
75
|
}
|
|
77
76
|
|
|
78
77
|
expect(decoded).to include(expected_token_data)
|
|
79
|
-
expect(
|
|
78
|
+
expect(body).to eq({ token: token, tokenData: decoded.deep_symbolize_keys! })
|
|
80
79
|
expect(response).to have_http_status(200)
|
|
81
80
|
end
|
|
82
81
|
end
|
|
83
82
|
|
|
84
83
|
describe "POST /authentication/logout" do
|
|
85
84
|
before() do
|
|
86
|
-
cookies['forest_session_token'] = {
|
|
87
|
-
value: 'eyJhbGciOiJIUzI1NiJ9.eyJpZCI6NjY2LCJlbWFpbCI6ImFsaWNlQGZvcmVzdGFkbWluLmNvbSIsImZpcnN0X25hbWUiOiJBbGljZSIsImxhc3RfbmFtZSI6IkRvZSIsInRlYW0iOjEsInJlbmRlcmluZ19pZCI6IjQyIiwiZXhwIjoxNjA4MDQ5MTI2fQ.5xaMxjUjE3wKldBsj3wW0BP9GHnnMqQi2Kpde8cIHEw',
|
|
88
|
-
path: '/',
|
|
89
|
-
expires: Time.now.to_i + 14.days,
|
|
90
|
-
secure: true,
|
|
91
|
-
httponly: true
|
|
92
|
-
}
|
|
93
85
|
post ForestLiana::Engine.routes.url_helpers.authentication_logout_path, params: { :renderingId => 42 }, :headers => headers
|
|
94
|
-
cookies.delete('forest_session_token')
|
|
95
86
|
end
|
|
96
87
|
|
|
97
88
|
it "should respond with a 204 code" do
|
|
98
89
|
expect(response).to have_http_status(204)
|
|
99
90
|
end
|
|
100
|
-
|
|
101
|
-
it "should invalidate token from browser" do
|
|
102
|
-
invalidated_session_cookie = response.headers['set-cookie']
|
|
103
|
-
expect(invalidated_session_cookie).to match(/^forest_session_token=[^;]+; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT; secure; HttpOnly; SameSite=None$/)
|
|
104
|
-
end
|
|
105
91
|
end
|
|
106
92
|
end
|