FIX: Do not error when json-serialized cookies are used (#16522)

We intend to switch to the `:json` serializer, which will stringify all keys. However, we need a clean revert path. This commit ensures that our `_t` cookie handling works with both marshal (the current default) and json (the new default) serialization.
2022-04-20 19:15:40 +01:00 · 2022-04-20 19:15:40 +01:00 · 1551eaab01
parent 692e0140e2
commit 1551eaab01
2 changed files with 19 additions and 1 deletions
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@ -90,7 +90,7 @@ class Auth::DefaultCurrentUserProvider
      request = ActionDispatch::Request.new(env)
      # don't even initialize a cookie jar if we don't have a cookie at all
      if request.cookies[TOKEN_COOKIE].present?
-        request.cookie_jar.encrypted[TOKEN_COOKIE]
+        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
      end
    end
  end
--- a/spec/lib/auth/default_current_user_provider_spec.rb
+++ b/spec/lib/auth/default_current_user_provider_spec.rb
@ -738,4 +738,22 @@ describe Auth::DefaultCurrentUserProvider do
    env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
    expect(provider('/', env).current_user).to eq(nil)
  end
+
+  it "copes with json-serialized auth cookies" do
+    # We're switching to :json during the Rails 7 upgrade, but we want a clean revert path
+    # back to Rails 6 if needed
+
+    @provider = provider('/', { # The upcoming default
+      ActionDispatch::Cookies::COOKIES_SERIALIZER => :json,
+      method: "GET",
+    })
+    @provider.log_on_user(user, {}, @provider.cookie_jar)
+    cookie = @provider.cookie_jar["_t"]
+
+    ip = "10.0.0.1"
+    env = { "HTTP_COOKIE" => "_t=#{cookie}", "REMOTE_ADDR" => ip }
+    provider2 = provider('/', env)
+    expect(provider2.current_user).to eq(user)
+    expect(provider2.cookie_jar.encrypted["_t"].keys).to include("user_id", "token") # (strings)
+  end
 end