Revert "FIX: correctly remove authentication_data cookie on oauth login flow (#9238) (#9251)"

This reverts commit beaeb0c4b2.
2020-03-20 14:37:55 -07:00 · 2020-03-20 14:37:55 -07:00 · 4ecc0a25ae
parent beaeb0c4b2
commit 4ecc0a25ae
4 changed files with 3 additions and 38 deletions
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@ -74,10 +74,7 @@ class Users::OmniauthCallbacksController < ApplicationController
      @auth_result.authenticator_name = authenticator.name
      complete_response_data
      cookies['_bypass_cache'] = true
-      cookies[:authentication_data] = {
-        value: @auth_result.to_client_hash.to_json,
-        path: Discourse.base_uri
-      }
+      cookies[:authentication_data] = @auth_result.to_client_hash.to_json
      redirect_to @origin
    end
  end
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@ -58,8 +58,8 @@

    <%= tag.meta id: 'data-discourse-setup', data: client_side_setup_data %>

-    <%- if (data = cookies.delete(:authentication_data, path: Discourse.base_uri)) && !current_user  %>
-      <meta id="data-authentication" data-authentication-data="<%= data %>">
+    <%- if !current_user && cookies[:authentication_data] %>
+      <meta id="data-authentication" data-authentication-data="<%= cookies.delete(:authentication_data) %>">
    <%- end %>
  </head>

--- a/spec/requests/application_controller_spec.rb
+++ b/spec/requests/application_controller_spec.rb
@ -84,14 +84,6 @@ RSpec.describe ApplicationController do
        expect(response).to redirect_to("/login")
      end
    end
-
-    it 'contains authentication data when cookies exist' do
-      COOKIE_DATA = "someauthenticationdata"
-      cookies['authentication_data'] = COOKIE_DATA
-      get '/login'
-      expect(response.status).to eq(200)
-      expect(response.body).to include("data-authentication-data=\"#{COOKIE_DATA }\"")
-    end
  end

  describe '#redirect_to_second_factor_if_required' do
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@ -269,30 +269,6 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(user.email_confirmed?).to eq(true)
      end

-      it 'should return the authenticated response with the correct path for subfolders' do
-        set_subfolder "/forum"
-        events = DiscourseEvent.track_events do
-          get "/auth/google_oauth2/callback.json"
-        end
-
-        expect(response.headers["Set-Cookie"].match(/^authentication_data=.*; path=\/forum/)).not_to eq(nil)
-
-        expect(events.map { |event| event[:event_name] }).to include(:user_logged_in, :user_first_logged_in)
-
-        expect(response.status).to eq(302)
-
-        data = JSON.parse(response.cookies["authentication_data"])
-
-        expect(data["authenticated"]).to eq(true)
-        expect(data["awaiting_activation"]).to eq(false)
-        expect(data["awaiting_approval"]).to eq(false)
-        expect(data["not_allowed_from_ip_address"]).to eq(false)
-        expect(data["admin_not_allowed_from_ip_address"]).to eq(false)
-
-        user.reload
-        expect(user.email_confirmed?).to eq(true)
-      end
-
      it "should confirm email even when the tokens are expired" do
        user.email_tokens.update_all(confirmed: false, expired: true)