Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238)"

This reverts commit a1f9b1a7fc. This might have caused a problem with social logins. We are confirming via this revert and will follow up.
2020-03-20 15:24:45 -04:00 · 2020-03-20 15:24:45 -04:00 · 0d3386d255
parent 07813c4a91
commit 0d3386d255
3 changed files with 3 additions and 30 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -74,10 +74,7 @@ class Users::OmniauthCallbacksController < ApplicationController
      @auth_result.authenticator_name = authenticator.name
      complete_response_data
      cookies['_bypass_cache'] = true
-      cookies[:authentication_data] = {
-        value: @auth_result.to_client_hash.to_json,
-        path: Discourse.base_uri
-      }
+      cookies[:authentication_data] = @auth_result.to_client_hash.to_json
      redirect_to @origin
    end
  end
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -58,8 +58,8 @@

    <%= tag.meta id: 'data-discourse-setup', data: client_side_setup_data %>

-    <%- if data = cookies.delete(:authentication_data, path: Discourse.base_uri) && !current_user  %>
-      <meta id="data-authentication" data-authentication-data="<%= data %>">
+    <%- if !current_user && cookies[:authentication_data] %>
+      <meta id="data-authentication" data-authentication-data="<%= cookies.delete(:authentication_data) %>">
    <%- end %>
  </head>

--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@ -269,30 +269,6 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(user.email_confirmed?).to eq(true)
      end

-      it 'should return the authenticated response with the correct path for subfolders' do
-        set_subfolder "/forum"
-        events = DiscourseEvent.track_events do
-          get "/auth/google_oauth2/callback.json"
-        end
-
-        expect(response.headers["Set-Cookie"].match(/^authentication_data=.*; path=\/forum/)).not_to eq(nil)
-
-        expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
-
-        expect(response.status).to eq(302)
-
-        data = JSON.parse(response.cookies["authentication_data"])
-
-        expect(data["authenticated"]).to eq(true)
-        expect(data["awaiting_activation"]).to eq(false)
-        expect(data["awaiting_approval"]).to eq(false)
-        expect(data["not_allowed_from_ip_address"]).to eq(false)
-        expect(data["admin_not_allowed_from_ip_address"]).to eq(false)
-
-        user.reload
-        expect(user.email_confirmed?).to eq(true)
-      end
-
      it "should confirm email even when the tokens are expired" do
        user.email_tokens.update_all(confirmed: false, expired: true)