mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 11:23:25 +08:00
FIX: Do not error when json-serialized cookies are used (#16522)
We intend to switch to the `:json` serializer, which will stringify all keys. However, we need a clean revert path. This commit ensures that our `_t` cookie handling works with both marshal (the current default) and json (the new default) serialization.
This commit is contained in:
parent
692e0140e2
commit
1551eaab01
|
@ -90,7 +90,7 @@ class Auth::DefaultCurrentUserProvider
|
|||
request = ActionDispatch::Request.new(env)
|
||||
# don't even initialize a cookie jar if we don't have a cookie at all
|
||||
if request.cookies[TOKEN_COOKIE].present?
|
||||
request.cookie_jar.encrypted[TOKEN_COOKIE]
|
||||
request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -738,4 +738,22 @@ describe Auth::DefaultCurrentUserProvider do
|
|||
env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
|
||||
expect(provider('/', env).current_user).to eq(nil)
|
||||
end
|
||||
|
||||
it "copes with json-serialized auth cookies" do
|
||||
# We're switching to :json during the Rails 7 upgrade, but we want a clean revert path
|
||||
# back to Rails 6 if needed
|
||||
|
||||
@provider = provider('/', { # The upcoming default
|
||||
ActionDispatch::Cookies::COOKIES_SERIALIZER => :json,
|
||||
method: "GET",
|
||||
})
|
||||
@provider.log_on_user(user, {}, @provider.cookie_jar)
|
||||
cookie = @provider.cookie_jar["_t"]
|
||||
|
||||
ip = "10.0.0.1"
|
||||
env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
|
||||
provider2 = provider('/', env)
|
||||
expect(provider2.current_user).to eq(user)
|
||||
expect(provider2.cookie_jar.encrypted["_t"].keys).to include("user_id", "token") # (strings)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user