Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(dbauth-mw): Unset cookie instead of clearing #10502

Merged
merged 6 commits into from
Apr 26, 2024

Conversation

dac09
Copy link
Contributor

@dac09 dac09 commented Apr 23, 2024

Updates dbAuth middleware implementation to unset the cookies, instead of clearing them.

This fixes the case where the cookie should be removed when decryption fails.

@dac09 dac09 requested a review from dthyresson April 23, 2024 18:09
@dac09 dac09 added this to the SSR milestone Apr 23, 2024
@dac09 dac09 added the release:fix This PR is a fix label Apr 23, 2024
@dac09 dac09 marked this pull request as ready for review April 24, 2024 04:53
@dac09 dac09 self-assigned this Apr 24, 2024
@dac09
Copy link
Contributor Author

dac09 commented Apr 24, 2024

@dthyresson will leave for you to merge just so you're aware. We were missing part of the test case here, otherwise would've caught it!


// mwResponse gets converted to a response eventually.
const finalResponse = res.toResponse()
expect(finalResponse.headers.getSetCookie()).toEqual([
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
expect(finalResponse.headers.getSetCookie()).toEqual([
// Verify that the cookies were unset
expect(finalResponse.headers.getSetCookie()).toEqual([

// mwResponse gets converted to a response eventually.
const finalResponse = res.toResponse()
expect(finalResponse.headers.getSetCookie()).toEqual([
// Expired cookies here!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Expired cookies here!
// Expired cookies with no values

Comment on lines 526 to 528
// mwResponse gets converted to a response eventually.
const finalResponse = res.toResponse()
expect(finalResponse.headers.getSetCookie()).toEqual([
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest the code comment you had was confusing me more than it was helping me. I suggest just getting rid of it and inlining the res.toResponse() part. I think the code speaks for itself here 🙂

Suggested change
// mwResponse gets converted to a response eventually.
const finalResponse = res.toResponse()
expect(finalResponse.headers.getSetCookie()).toEqual([
expect(res.toResponse().headers.getSetCookie()).toEqual([

Copy link
Contributor

@dthyresson dthyresson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving as is in favor of @Tobbe 's comments

@dac09 dac09 enabled auto-merge (squash) April 25, 2024 08:59
@dac09 dac09 merged commit 5db6c18 into redwoodjs:main Apr 26, 2024
44 of 46 checks passed
dac09 added a commit that referenced this pull request Apr 26, 2024
…g-gen-mw-p2

* 'main' of github.com:redwoodjs/redwood:
  RSC: Add RSC+SSR smoke test to CI (#10477)
  fix(dbauth-mw): Use response passed in to middleware (#10516)
  Add redwood.toml to `yarn rw info` (#10518)
  chore(tests): Fix packages/web tests (#10517)
  fix(dbauth-mw): Unset cookie instead of clearing (#10502)
  chore(deps): Upgrade to React canary 20240424 (#10513)
  chore(deps): Upgrade to React Testing Library 14.3.1 (#10514)
  feat(upgrade): Use GitHub token if available when downloading patches (#10515)
@Josh-Walker-GM Josh-Walker-GM modified the milestones: SSR, v8.0.0 Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
release:fix This PR is a fix
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

4 participants