#61 cookies

kontron · Nov 23, 2024 · d8edee9 · d8edee9
1 parent 5fbb767
commit d8edee9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 55 deletions.
diff --git a/app/controllers/redmine_oauth_controller.rb b/app/controllers/redmine_oauth_controller.rb
@@ -158,13 +158,12 @@ def oauth_callback
 
     # Try to log in
     set_params
-    set_oauth_login_cookie
     try_to_login email, user_info
+    session[:oauth_login] = true
   rescue StandardError => e
     Rails.logger.error e.message
     flash['error'] = e.message
     cookies.delete :oauth_autologin
-    cookies.delete :oauth_login
     redirect_to signin_path
   end
 
@@ -180,18 +179,6 @@ def set_oauth_autologin_cookie
     cookies[:oauth_autologin] = cookie_options
   end
 
-  def set_oauth_login_cookie
-    cookie_options = {
-      value: '1',
-      expires: 1.year.from_now,
-      path: RedmineApp::Application.config.relative_url_root || '/',
-      same_site: :lax,
-      secure: Setting.protocol == 'https',
-      httponly: true
-    }
-    cookies[:oauth_login] = cookie_options
-  end
-
   private
 
   def set_params
@@ -201,8 +188,6 @@ def set_params
     session.delete :autologin
     params['oauth_autologin'] = session[:oauth_autologin]
     session.delete :oauth_autologin
-    params['oauth_login'] = session[:oauth_autologin]
-    session.delete :oauth_login
   end
 
   def try_to_login(email, info)

diff --git a/lib/redmine_oauth/patches/account_controller_patch.rb b/lib/redmine_oauth/patches/account_controller_patch.rb
@@ -26,17 +26,17 @@ module AccountControllerPatch
       # Overridden methods
 
       def login
-        return super if request.post? || oauth_autologin_cookie.blank?
+        return super if request.post? || cookies[:oauth_autologin].blank?
 
         redirect_to oauth_path(back_url: params[:back_url])
       end
 
       def logout
-        delete_oauth_autologin_cookie
+        cookies.delete :oauth_autologin
         return super if User.current.anonymous? || !request.post? ||
-                        Setting.plugin_redmine_oauth[:oauth_logout].blank? || oauth_login_cookie.blank?
+                        Setting.plugin_redmine_oauth[:oauth_logout].blank? || session[:oauth_login].blank?
 
-        delete_oauth_login_cookie
+        session.delete :oauth_login
         site = Setting.plugin_redmine_oauth[:site]&.chomp('/')
         id = Setting.plugin_redmine_oauth[:client_id]
         url = signout_url
@@ -64,27 +64,6 @@ def logout
         flash['error'] = e.message
         redirect_to signin_path
       end
-
-      ################################################################################################################
-      # New methods
-
-      private
-
-      def delete_oauth_autologin_cookie
-        cookies.delete :oauth_autologin
-      end
-
-      def delete_oauth_login_cookie
-        cookies.delete :oauth_login
-      end
-
-      def oauth_autologin_cookie
-        cookies[:oauth_autologin]
-      end
-
-      def oauth_login_cookie
-        cookies[:oauth_login]
-      end
     end
   end
 end

diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
@@ -37,21 +37,8 @@ def test_login
 
   def test_logout
     post '/login', params: { username: 'jsmith', password: 'jsmith' }
-    Setting.plugin_redmine_oauth[:oauth_logout] = ''
+    Setting.plugin_redmine_oauth[:oauth_logout] = nil
     post '/logout'
     assert_redirected_to home_path
   end
-
-  def test_logout_oauth
-    post '/login', params: { username: 'jsmith', password: 'jsmith' }
-    cookies[:oauth_login] = '1'
-    Setting.plugin_redmine_oauth[:oauth_logout] = '1'
-    site = 'https://login.microsoftonline.com'
-    Setting.plugin_redmine_oauth[:site] = site
-    client_id = 'acgd0c84-8784-4f1e-8052-31iabf4b7o00'
-    Setting.plugin_redmine_oauth[:client_id] = client_id
-    Setting.plugin_redmine_oauth[:oauth_name] = 'Azure AD'
-    post '/logout'
-    assert_redirected_to "#{site}/#{client_id}/oauth2/logout?post_logout_redirect_uri=#{signout_url}"
-  end
 end