From 4ecc0a25aeb0114dcb1c0c02253c089547e7af92 Mon Sep 17 00:00:00 2001 From: Jeff Wong Date: Fri, 20 Mar 2020 14:37:55 -0700 Subject: [PATCH] Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)" This reverts commit beaeb0c4b2ba0d273d7707d2fbc79feb63083a81. --- .../users/omniauth_callbacks_controller.rb | 5 +--- app/views/layouts/application.html.erb | 4 ++-- spec/requests/application_controller_spec.rb | 8 ------- .../omniauth_callbacks_controller_spec.rb | 24 ------------------- 4 files changed, 3 insertions(+), 38 deletions(-) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 31c14c66ca7..881fb3e9eca 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -74,10 +74,7 @@ class Users::OmniauthCallbacksController < ApplicationController @auth_result.authenticator_name = authenticator.name complete_response_data cookies['_bypass_cache'] = true - cookies[:authentication_data] = { - value: @auth_result.to_client_hash.to_json, - path: Discourse.base_uri - } + cookies[:authentication_data] = @auth_result.to_client_hash.to_json redirect_to @origin end end diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 7fa77c809a9..6c1f3b3074a 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -58,8 +58,8 @@ <%= tag.meta id: 'data-discourse-setup', data: client_side_setup_data %> - <%- if (data = cookies.delete(:authentication_data, path: Discourse.base_uri)) && !current_user %> - + <%- if !current_user && cookies[:authentication_data] %> + <%- end %> diff --git a/spec/requests/application_controller_spec.rb b/spec/requests/application_controller_spec.rb index 2c65450ae6f..4aaf547e33c 100644 --- a/spec/requests/application_controller_spec.rb +++ b/spec/requests/application_controller_spec.rb @@ -84,14 +84,6 @@ RSpec.describe ApplicationController do expect(response).to redirect_to("/login") end end - - it 'contains authentication data when cookies exist' do - COOKIE_DATA = "someauthenticationdata" - cookies['authentication_data'] = COOKIE_DATA - get '/login' - expect(response.status).to eq(200) - expect(response.body).to include("data-authentication-data=\"#{COOKIE_DATA }\"") - end end describe '#redirect_to_second_factor_if_required' do diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb index e604a89aba4..204c3f1572c 100644 --- a/spec/requests/omniauth_callbacks_controller_spec.rb +++ b/spec/requests/omniauth_callbacks_controller_spec.rb @@ -269,30 +269,6 @@ RSpec.describe Users::OmniauthCallbacksController do expect(user.email_confirmed?).to eq(true) end - it 'should return the authenticated response with the correct path for subfolders' do - set_subfolder "/forum" - events = DiscourseEvent.track_events do - get "/auth/google_oauth2/callback.json" - end - - expect(response.headers["Set-Cookie"].match(/^authentication_data=.*; path=\/forum/)).not_to eq(nil) - - expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in) - - expect(response.status).to eq(302) - - data = JSON.parse(response.cookies["authentication_data"]) - - expect(data["authenticated"]).to eq(true) - expect(data["awaiting_activation"]).to eq(false) - expect(data["awaiting_approval"]).to eq(false) - expect(data["not_allowed_from_ip_address"]).to eq(false) - expect(data["admin_not_allowed_from_ip_address"]).to eq(false) - - user.reload - expect(user.email_confirmed?).to eq(true) - end - it "should confirm email even when the tokens are expired" do user.email_tokens.update_all(confirmed: false, expired: true)