diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb index 15928ec2bad..07cbdf93e0e 100644 --- a/app/controllers/session_controller.rb +++ b/app/controllers/session_controller.rb @@ -370,6 +370,7 @@ class SessionController < ApplicationController return render(json: @second_factor_failure_payload) if !second_factor_auth_result.ok if user.active && user.email_confirmed? + secure_session["oauth"] = false if !SiteSetting.persistent_sessions login(user, second_factor_auth_result) else not_activated(user) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index e6d820cec68..a4f1bd60c69 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -86,7 +86,7 @@ class Users::OmniauthCallbacksController < ApplicationController cookies["_bypass_cache"] = true cookies[:authentication_data] = { value: client_hash.to_json, path: Discourse.base_path("/") } - secure_session["oauth"] = true + secure_session.set("oauth", true, expires: SiteSetting.maximum_session_age.hours) redirect_to @origin end diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb index 08d7a107e1c..2a412225603 100644 --- a/spec/requests/omniauth_callbacks_controller_spec.rb +++ b/spec/requests/omniauth_callbacks_controller_spec.rb @@ -237,6 +237,10 @@ RSpec.describe Users::OmniauthCallbacksController do expect(data["can_edit_username"]).to eq(true) expect(data["destination_url"]).to eq(destination_url) expect(read_secure_session["oauth"]).to eq("true") + expect(Discourse.redis.ttl("#{session[:secure_session_id]}oauth")).to be_between( + SiteSetting.maximum_session_age.hours.seconds - 10, + SiteSetting.maximum_session_age.hours.seconds, + ) end it "should return the right response for staged users" do